[pam_shield/f15/master] initial package release
Carl Thompson
redragon at fedoraproject.org
Wed Mar 30 04:49:01 UTC 2011
commit dc35ebd09102545d4627b82ed6b913453333c87b
Author: Carl Thompson <fedora at red-dragon.com>
Date: Tue Mar 29 23:48:53 2011 -0500
initial package release
.gitignore | 4 ++
pam_shield.spec | 97 +++++++++++++++++++++++++++++++++++++++++++
shield_purge_segfault.patch | 10 ++++
sources | 4 ++
4 files changed, 115 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..6e316fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/pam_shield-0.9.5.tar.gz
+/shield-purge.8.gz
+/shield-trigger-iptables.8.gz
+/shield-trigger.8.gz
diff --git a/pam_shield.spec b/pam_shield.spec
new file mode 100644
index 0000000..5a23e0c
--- /dev/null
+++ b/pam_shield.spec
@@ -0,0 +1,97 @@
+Name: pam_shield
+Version: 0.9.5
+Release: 2%{?dist}
+Summary: Pam Shield - A pam module to counter brute force attacks
+
+Group: System Environment/Libraries
+License: GPLv2
+URL: http://www.heiho.net/pam_shield/index.html
+Source0: http://www.heiho.net/pam_shield/pam_shield-0.9.5.tar.gz
+Source1: shield-trigger.8.gz
+Source2: shield-purge.8.gz
+Source3: shield-trigger-iptables.8.gz
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires: pam-devel, gdbm-devel
+Patch0: shield_purge_segfault.patch
+
+%description
+This is a pam module that supports brute force blocking against pam
+authentication mechanisms.
+
+%prep
+%setup -q -n pam_shield-%{version}
+%patch0 -p0 -b .shield_purge_segfault
+#disable debug by default
+sed -i -e 's/debug on/debug off/' shield.conf
+#change to block all users for failed attempts
+sed -i -e 's/block unknown-users/block all-users/' shield.conf
+#reduce connections before block from 10 to 3
+sed -i -e 's/max_conns 10/max_conns 3/' shield.conf
+#reduce retention time from 1 week to 1 hour
+sed -i -e 's/retention 1w/retention 1h/' shield.conf
+#change the default behavior from shield-trigger to shield-trigger-iptables
+#this uses iptables instead of route to block brute force attack
+sed -i -e 's/shield\-trigger/shield-trigger-iptables/' shield.conf
+
+%build
+make %{?_smp_mflags}
+
+%check
+
+%install
+rm -rf %{buildroot}
+mkdir -p -m 755 %{buildroot}%{_sysconfdir}/security
+mkdir -p -m 755 %{buildroot}%{_sysconfdir}/cron.daily
+mkdir -p -m 755 %{buildroot}%{_sbindir}
+mkdir -p -m 755 %{buildroot}/%{_lib}/security
+mkdir -p -m 755 %{buildroot}%{_defaultdocdir}/pam_shield-%{version}
+mkdir -p -m 755 %{buildroot}%{_mandir}/man8
+install -s -m 644 pam_shield.so %{buildroot}/%{_lib}/security/
+install -m 755 -T pam_shield.cron %{buildroot}%{_sysconfdir}/cron.daily/pam_shield
+install -m 755 shield-trigger %{buildroot}%{_sbindir}/
+install -m 755 shield-trigger-iptables %{buildroot}%{_sbindir}/
+install -s -m 755 shield-purge %{buildroot}%{_sbindir}/
+install -m 644 shield.conf %{buildroot}%{_sysconfdir}/security/
+mkdir -p -m 700 %{buildroot}/var/lib/pam_shield
+mkdir -p -m 755 %{buildroot}%{_defaultdocdir}/pam_shield-%{version}
+install -m 644 INSTALL %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
+install -m 644 README %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
+install -m 644 GPL %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/LICENSE
+install -m 644 CREDITS %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
+install -m 644 Changelog %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
+install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
+install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
+install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(644,root,root)
+/%{_lib}/security/pam_shield.so
+%doc %{_defaultdocdir}/pam_shield-%{version}/INSTALL
+%doc %{_defaultdocdir}/pam_shield-%{version}/README
+%doc %{_defaultdocdir}/pam_shield-%{version}/LICENSE
+%doc %{_defaultdocdir}/pam_shield-%{version}/CREDITS
+%doc %{_defaultdocdir}/pam_shield-%{version}/Changelog
+%doc %{_mandir}/man8/shield-trigger.8.gz
+%doc %{_mandir}/man8/shield-purge.8.gz
+%doc %{_mandir}/man8/shield-trigger-iptables.8.gz
+%config(noreplace) %{_sysconfdir}/security/shield.conf
+%defattr(755,root,root)
+%dir /var/lib/pam_shield
+%dir %{_defaultdocdir}/pam_shield-%{version}/
+%{_sysconfdir}/cron.daily/pam_shield
+%{_sbindir}/shield-trigger
+%{_sbindir}/shield-purge
+%{_sbindir}/shield-trigger-iptables
+
+%changelog
+* Mon Mar 28 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-2
+- included shield-trigger-iptables
+- changed default blocking method from route to iptables
+- modified default retention policy from 1 week to 1 hour
+- added man page for shield-trigger-iptables
+- fixed typos in man page for shield-purge
+* Sat Mar 26 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-1
+- Initial package
diff --git a/shield_purge_segfault.patch b/shield_purge_segfault.patch
new file mode 100644
index 0000000..9e762a9
--- /dev/null
+++ b/shield_purge_segfault.patch
@@ -0,0 +1,10 @@
+--- shield_purge.c 2011-03-26 23:00:30.664610809 -0500
++++ shield_purge.c 2011-03-26 23:39:42.983519849 -0500
+@@ -74,6 +74,7 @@
+ { "dry-run", 0, NULL, 'n' },
+ { "list", 0, NULL, 'l' },
+ { "force", 0, NULL, 'f' },
++ { 0, 0, NULL, 0 },
+ };
+
+ while((opt = getopt_long(argc, argv, "hdc:nlf", long_options, NULL)) != -1) {
diff --git a/sources b/sources
index e69de29..655d331 100644
--- a/sources
+++ b/sources
@@ -0,0 +1,4 @@
+cbfcd96fad38943ed78fd4d37307aba2 pam_shield-0.9.5.tar.gz
+88ba04e0a41db33d386b723358cc76b0 shield-purge.8.gz
+798818abd2b963c6c2dc6259cba4c661 shield-trigger-iptables.8.gz
+df589554cb2a80dca43793e127090a0b shield-trigger.8.gz
More information about the scm-commits
mailing list