debian/0000755000000000000000000000000012235047031007163 5ustar debian/README.Debian0000644000000000000000000000223212151610002011212 0ustar Installation on a Debian system =============================== Default configuration file is /etc/security/pam_abl.conf See the pam_abl.conf(5) man page for the the syntax. See pam_abl(1) manual page for information about the management tool. PAM configuration for sshd =============================== To setup pam_abl for sshd add the following line to the pam configuration /etc/pam.d/sshd add just after the pam_env entry: auth required pam_abl.so config=/etc/security/pam_abl.conf Example: /etc/pam.d/sshd with enabled libpam-abl -------------------------------------- auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale auth required pam_abl.so config=/etc/security/pam_abl.conf @include common-auth account required pam_nologin.so @include common-account @include common-session session optional pam_motd.so # [1] session optional pam_mail.so standard noenv # [1] session required pam_limits.so @include common-password -------------------------------------- see also examples/system-auth. -- Alexandre Mestiashvili Fri, 17 May 2013 debian/source/0000755000000000000000000000000012151610002010452 5ustar debian/source/format0000644000000000000000000000001412151610002011660 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000220512151610002011104 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: pam-abl Source: http://pam-abl.deksai.com/ Files: * Copyright: Copyright (C) 2005 Andy Armstrong andy@hexten.net Copyright (C) 2009 Chris Tasma pam-abl@deksai.com License: GPL-2.0+ Files: debian/* Copyright: 2011 Alexandre Mestiashvili License: GPL-2.0+ License: GPL-2.0+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". debian/libpam-abl.dirs0000644000000000000000000000001412151610002012030 0ustar var/lib/abl debian/changelog0000644000000000000000000000630412235047031011040 0ustar libpam-abl (0.5.1~git8f1be9-2build1) trusty; urgency=low * No change rebuild against db 5.3. -- Dmitrijs Ledkovs Sat, 02 Nov 2013 00:58:01 +0000 libpam-abl (0.5.1~git8f1be9-2) unstable; urgency=low * d/patches/hurd.patch: fix build error on hurd arch -- Alexandre Mestiashvili Thu, 30 May 2013 10:33:15 +0200 libpam-abl (0.5.1~git8f1be9-1) unstable; urgency=low * debian/watch fixed regexp for suffix * Imported Upstream version 0.5.1~git8f1be9 * d/rules: DEB_HOST_MULTIARCH * d/patches/multiarch.patch: imports DEB_HOST_MULTIARCH from d/rules * d/control: Pre-Depends: ${misc:Pre-Depends}, source: debhelper >= 9, Standards-Version: 3.9.4 * d/patches/series: removed patches applied by the upstream * d/changelog: new upstrem release Closes: #685172, Closes: #704497 -- Alexandre Mestiashvili Wed, 15 May 2013 11:08:19 +0200 libpam-abl (0.5.0-1) UNRELEASED; urgency=low * debian/rules added hardening flags * updated watch file to track both bz2 an gz archives. * Imported Upstream version 0.5.0 * debian/rules -hardening flags -call man pages generation using supplied script debian/control -added dependencies asciidoc, cmake -removed autotools-dev * patch to fix names (use underscore) and location for shared lib * install manpages with dh_installman * removed old patches fix_{conf,man} because the source is heavily rewritten * debian/control added dep xmlto - used for man page generation * debian/doc README only -- Alexandre Mestiashvili Wed, 15 May 2013 11:08:19 +0200 libpam-abl (0.4.3.1-1) UNRELEASED; urgency=low * Imported Upstream version 0.4.3.1 -- Alexandre Mestiashvili Sat, 18 Aug 2012 10:26:22 +0200 libpam-abl (0.4.3-1) unstable; urgency=low * Imported Upstream version 0.4.3 * added home_db configuration option -- Alexandre Mestiashvili Thu, 22 Mar 2012 17:36:52 +0100 libpam-abl (0.4.3~testing.4-1) unstable; urgency=low * Imported Upstream version 0.4.3~testing.4 -- Alexandre Mestiashvili Thu, 22 Mar 2012 17:36:46 +0100 libpam-abl (0.4.3~testing.1-1) unstable; urgency=low * Imported Upstream version 0.4.3~testing.1 * Removed patches applied by the upstream * debian/watch added uversionmangle * debian/control changed description to a better one * debian/README.Debian updated -- Alexandre Mestiashvili Thu, 15 Mar 2012 15:34:34 +0100 libpam-abl (0.4.2-2) unstable; urgency=low * Added fix_typedef.patch which fixes wrong type definition . -- Alexandre Mestiashvili Fri, 06 Jan 2012 14:59:12 +0100 libpam-abl (0.4.2-1) unstable; urgency=low * New upstream release 0.4.2 * Added patch to fix command line tool compilation with libdb version < 5.0 * debian/control added DM-Upload-Allowed -- Alexandre Mestiashvili Fri, 06 Jan 2012 14:58:23 +0100 libpam-abl (0.4.1-1) unstable; urgency=low * Initial release (Closes: #356733) -- Alexandre Mestiashvili Thu, 12 May 2011 10:14:22 +0200 debian/libpam-abl.manpages0000644000000000000000000000005712151610002012671 0ustar doc/pam_abl.1 doc/pam_abl.8 doc/pam_abl.conf.5 debian/control0000644000000000000000000000164312235047031010572 0ustar Source: libpam-abl Section: admin Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Alexandre Mestiashvili Build-Depends: debhelper (>= 9), libdb-dev, libpam-dev, asciidoc, xmlto, cmake Standards-Version: 3.9.4 Homepage: http://pam-abl.sourceforge.net/ Vcs-Git: git://anonscm.debian.org/collab-maint/libpam-abl.git Vcs-Browser: http://anonscm.debian.org/?p=collab-maint/libpam-abl.git DM-Upload-Allowed: yes Package: libpam-abl Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: blocks hosts which are attempting a brute force attack a PAM module that provides auto blacklisting of hosts and users responsible for repeated failed authentication attempts. Generally configured so that blacklisted users still see normal login prompts but are guaranteed to fail to authenticate. debian/rules0000755000000000000000000000053512151610002010235 0ustar #!/usr/bin/make -f # -*- makefile -*- #export DH_VERBOSE=1 DPKG_EXPORT_BUILDFLAGS = 1 -include /usr/share/dpkg/buildflags.mk CFLAGS += $(CPPFLAGS) CXXFLAGS += $(CPPFLAGS) export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) %: dh $@ override_dh_auto_install: #generate man pages: cd doc/;./generate.sh dh_auto_install debian/watch0000644000000000000000000000016112151610002010201 0ustar version=3 opts=filenamemangle=s/(.*)/lib$1/,uversionmangle=s/-/~/\ http://sf.net/pam-abl/pam-abl-(.*)\.tar\..* debian/libpam-abl.install0000644000000000000000000000004112151610002012535 0ustar conf/pam_abl.conf /etc/security/ debian/patches/0000755000000000000000000000000012151610002010601 5ustar debian/patches/hurd.patch0000644000000000000000000000375612151610002012577 0ustar Description: fix for hurd architcture, see the patch for the verbose description. Origin: commit: 3b9570424bcb30a13d414a1a1cc1d866d870eacf Date: 2013-05-30 --- libpam-abl.orig/test.c +++ libpam-abl/test.c @@ -31,16 +31,40 @@ void removeDir(const char *dirname) { DIR *dir; + size_t dirNameSize = strlen(dirname); struct dirent *entry; - char path[PATH_MAX]; - dir = opendir(dirname); if (dir == NULL) return; + //According to POSIX.1-2001 a buffer of size PATH_MAX suffices, + //but PATH_MAX need not be a defined constant + //Asking pathconf(3) does not really help, since, on the one hand + //POSIX warns that the result of pathconf(3) may be huge and unsuitable + //for mallocing memory, and on the other hand pathconf(3) may return -1 + //to signify that PATH_MAX is not bounded. + //as a last resort, just alloc some memory + size_t pathSize = 512; + char *path = malloc(sizeof(char)*pathSize); + if (path == NULL) { + closedir(dir); + return; + } + while ((entry = readdir(dir)) != NULL) { if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, "..")) { - snprintf(path, (size_t) PATH_MAX, "%s/%s", dirname, entry->d_name); + // + 2, the '/' and a \0 char + size_t neededSize = dirNameSize + strlen(entry->d_name) + 2; + if (neededSize > pathSize) { + //allocate a little more, it will hopefullly catch future reallocs + pathSize = neededSize + 512; + path = realloc(path, pathSize); + if (path == NULL) { + closedir(dir); + return; + } + } + snprintf(path, pathSize, "%s/%s", dirname, entry->d_name); if (entry->d_type == DT_DIR) { removeDir(path); } else { @@ -50,6 +74,7 @@ void removeDir(const char *dirname) { } closedir(dir); rmdir(dirname); + free(path); return; } debian/patches/fix_conf.patch0000644000000000000000000000152012151610002013413 0ustar Description: fix the config file to use FHS (var/lib/abl) added db_home variable Author: Alexandre Mestiashvili Last-Update: 2012-03-16 --- pam-abl4deb.orig/conf/pam_abl.conf +++ pam-abl4deb/conf/pam_abl.conf @@ -1,10 +1,11 @@ # /etc/security/pam_abl.conf # debug -host_db=/var/db/abl/hosts.db +db_home=/var/lib/abl/ +host_db=/var/lib/abl/hosts.db host_purge=2d -host_rule=*:10/1h,30/1d -host_blk_cmd=iptables -I INPUT -s %h -j DROP -user_db=/var/db/abl/users.db +host_rule=*:3/1h,30/1d +#host_blk_cmd=iptables -I INPUT -s %h -j DROP +user_db=/var/lib/abl/users.db user_purge=2d -user_rule=!root:10/1h,30/1d -user_clr_cmd=echo This is a pointless command! user: %u host: %h service: %s >/dev/null +user_rule=!root:3/1h,30/1d +#user_clr_cmd=echo This is a pointless command! user: %u host: %h service: %s >/dev/null debian/patches/fix_man.patch0000644000000000000000000000322312151610002013243 0ustar Description: removing missing macros definition and typo. Author: Alexandre Mestiashvili Last-Update:2012-01-01 --- libpam-abl-0.4.1.orig/doc/pam_abl.1 +++ libpam-abl-0.4.1/doc/pam_abl.1 @@ -44,11 +44,10 @@ .fi .in \\n[an-margin]u .ti 0 -.HTML-TAG ".NH \\n[an-level]" .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 -\." make the size of the head bigger +.\" make the size of the head bigger .ps +3 .ft B .ne (2v + 1u) @@ -82,7 +81,7 @@ .nr an-no-space-flag 1 .nr an-break-flag 1 .ps \\n[PS-SS]u -\." make the size of the head bigger +.\" make the size of the head bigger .ps +2 .ft B .ne (2v + 1u) --- libpam-abl-0.4.1.orig/doc/pam_abl.8 +++ libpam-abl-0.4.1/doc/pam_abl.8 @@ -44,11 +44,10 @@ .fi .in \\n[an-margin]u .ti 0 -.HTML-TAG ".NH \\n[an-level]" .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 -\." make the size of the head bigger +.\" make the size of the head bigger .ps +3 .ft B .ne (2v + 1u) @@ -82,7 +81,7 @@ .nr an-no-space-flag 1 .nr an-break-flag 1 .ps \\n[PS-SS]u -\." make the size of the head bigger +.\" make the size of the head bigger .ps +2 .ft B .ne (2v + 1u) --- libpam-abl-0.4.1.orig/doc/pam_abl.conf.5 +++ libpam-abl-0.4.1/doc/pam_abl.conf.5 @@ -44,11 +44,10 @@ .fi .in \\n[an-margin]u .ti 0 -.HTML-TAG ".NH \\n[an-level]" .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 -\." make the size of the head bigger +.\" make the size of the head bigger .ps +3 .ft B .ne (2v + 1u) @@ -82,7 +81,7 @@ .nr an-no-space-flag 1 .nr an-break-flag 1 .ps \\n[PS-SS]u -\." make the size of the head bigger +.\" make the size of the head bigger .ps +2 .ft B .ne (2v + 1u) debian/patches/multiarch.patch0000644000000000000000000000055212151610002013614 0ustar Description: multiarch support Author: Alex Mestiashvili --- libpam-abl.orig/CMakeLists.txt +++ libpam-abl/CMakeLists.txt @@ -73,4 +73,4 @@ INSTALL(TARGETS pam-abl_bin RUNTIME DESTINATION bin ) -INSTALL(TARGETS pam-abl_lib DESTINATION lib/security) +INSTALL(TARGETS pam-abl_lib DESTINATION /lib/$ENV{DEB_HOST_MULTIARCH}/security) debian/patches/name_and_path_corrections.patch0000644000000000000000000000217512151610002017017 0ustar Description: use pam_abl and pam_abl.so instead of pam-abl* pam_abl.so should be located in /lib/security Author: Alex Mestiashvili Date: 2012-09-03 --- libpam-abl.orig/CMakeLists.txt +++ libpam-abl/CMakeLists.txt @@ -56,7 +56,7 @@ set(CMAKE_SHARED_LIBRARY_PREFIX "") add_executable(pam-abl_bin ${PAM_ABL_COMMON_SRC} ${PAM_ABL_TOOLS_SRC}) -set_target_properties(pam-abl_bin PROPERTIES OUTPUT_NAME pam-abl) +set_target_properties(pam-abl_bin PROPERTIES OUTPUT_NAME pam_abl) set_target_properties(pam-abl_bin PROPERTIES COMPILE_DEFINITIONS "TOOLS") target_link_libraries(pam-abl_bin ${DB_LIBRARY} ) @@ -65,10 +65,10 @@ target_link_libraries(pam-abl_test ${DB_LIBRARY} ) add_library(pam-abl_lib SHARED ${PAM_ABL_COMMON_SRC} ${PAM_ABL_LIB_SRC}) -set_target_properties(pam-abl_lib PROPERTIES OUTPUT_NAME pam-abl) +set_target_properties(pam-abl_lib PROPERTIES OUTPUT_NAME pam_abl) target_link_libraries(pam-abl_lib ${DB_LIBRARY} ${PAM_LIBRARY}) INSTALL(TARGETS pam-abl_bin RUNTIME DESTINATION bin ) -INSTALL(TARGETS pam-abl_lib DESTINATION lib/security) +INSTALL(TARGETS pam-abl_lib DESTINATION /lib/security) debian/patches/series0000644000000000000000000000003312151610002012012 0ustar hurd.patch multiarch.patch debian/docs0000644000000000000000000000000712151610002010022 0ustar README debian/compat0000644000000000000000000000000212151610002010350 0ustar 7