[pam_shield] added patch file
Carl Thompson
redragon at fedoraproject.org
Sun May 1 00:29:04 UTC 2011
commit e3c9a9cbf03bf69fac5b6307b193e4972d01882e
Author: Carl Thompson <fedora at red-dragon.com>
Date: Sat Apr 30 19:28:49 2011 -0500
added patch file
shield-trigger-iptables.patch | 38 ++++++++++++++++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
---
diff --git a/shield-trigger-iptables.patch b/shield-trigger-iptables.patch
new file mode 100644
index 0000000..2d10da3
--- /dev/null
+++ b/shield-trigger-iptables.patch
@@ -0,0 +1,38 @@
+--- shield-trigger-iptables 2011-01-12 13:59:18.000000000 -0600
++++ shield-trigger-iptables 2011-04-30 18:31:36.373742766 -0500
+@@ -32,6 +32,25 @@
+ IPT=ip6tables
+ fi
+
++# switch -A for iptables to -I
++ if [ "$1" == "-A" ]
++ then
++ TASK="-I"
++ else
++ TASK="-D"
++ fi
++
++# check to see if pam_shield chain exists and create if necessary
++ if [ "$TASK" == "-I" ]
++ then
++ CHAIN_TEST=`$IPT -L pam_shield 2>/dev/null`
++ if [ -z "$CHAIN_TEST" ]
++ then
++ "$IPT" -N pam_shield
++ "$IPT" -I pam_shield -j DROP
++ fi
++ fi
++
+ #
+ # CUSTOMIZE THIS RULE
+ #
+@@ -43,7 +62,8 @@
+ # * put in the correct port number (22 is ssh)
+ # * add additional rules for additional services as needed
+ #
+- "$IPT" "$1" INPUT -i eth0 -p tcp -s "$2" --destination-port 22 -j pam_shield
++
++ "$IPT" "$TASK" INPUT -i eth0 -p tcp -s "$2" -j pam_shield
+
+ # mail -s "[security] pam_shield blocked $2" root <<EOF
+ #Another monkey kept off our backs ...
More information about the scm-commits
mailing list