debian/0000755000000000000000000000000012224217177007173 5ustar debian/source/0000755000000000000000000000000011762733031010471 5ustar debian/source/format0000644000000000000000000000001411762733031011677 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000026411762733031010224 0ustar # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 # https://github.com/jtniehof/pam_shield/tags .*/tarball/(\d[\d\.]+) debian/libpam-shield.lintian-overrides0000644000000000000000000000036511762733031015267 0ustar #Configuration documentation packaged by upstream in INSTALL, referred to #in other documentation (bug #517050), so should be included. libpam-shield binary: package-contains-upstream-install-documentation usr/share/doc/libpam-shield/INSTALL.gz debian/patches/0000755000000000000000000000000012224216761010620 5ustar debian/patches/series0000644000000000000000000000006112224216702012025 0ustar dont-specify-automake-and-autoconf-version.patch debian/patches/dont-specify-automake-and-autoconf-version.patch0000644000000000000000000000063412224216761022113 0ustar Description: not specify automake/conf version Bug-Debian: http://bugs.debian.org/579514 Origin: vendor Forwarded: no Last-Update: 2013-10-06 --- pam-shield-0.9.6.orig/autogen.sh +++ pam-shield-0.9.6/autogen.sh @@ -1,6 +1,6 @@ #!/bin/sh -export AUTOMAKE=/usr/bin/automake-1.11 -export ACLOCAL=/usr/bin/aclocal-1.11 +export AUTOMAKE=/usr/bin/automake +export ACLOCAL=/usr/bin/aclocal exec autoreconf -fi; debian/copyright0000644000000000000000000000263011762733031011125 0ustar This package was debianized by Mateusz Kaduk on Sun, 02 Dec 2007 16:42:55 +0100. The current Debian maintainer is Jonathan Niehof It was downloaded from and is currently available from Upstream Author: Walter de Jong Copyright 2007 Walter de Jong License: This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. The Debian packaging is copyright 2007, Mateusz Kaduk and copyright 2010, Jonathan Niehof , and is licensed under the GPL, see above. debian/libpam-shield.dirs0000644000000000000000000000010511762733031012562 0ustar etc/cron.daily etc/security lib/security usr/sbin var/lib/pam_shield debian/compat0000644000000000000000000000000211762733031010367 0ustar 8 debian/libpam-shield.manpages0000644000000000000000000000016111762733031013416 0ustar man/shield.conf.5 man/shield-purge.8 man/shield-trigger.8 man/shield-trigger-iptables.8 man/shield-trigger-ufw.8 debian/postinst0000644000000000000000000000112711762733031011000 0ustar #!/bin/sh # postinst script for pam-shield set -e dpkg-maintscript-helper mv_conffile \ /etc/cron.daily/pam_shield.cron /etc/cron.daily/pam_shield 0.9.2-3.3 -- "$@" pam-auth-update --package case "$1" in configure) if [ ! -d /var/lib/pam_shield ]; then mkdir /var/lib/pam_shield fi touch /var/lib/pam_shield/db ;; abort-upgrade|abort-remove|abort-deconfigure) if [ -d /var/lib/pam_shield ]; then rm -fr /var/lib/pam_shield fi ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/rules0000755000000000000000000000547611762733031010265 0ustar #!/usr/bin/make -f # -*- makefile -*- # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) # shared library versions, option 1 version=0.9.6 major=0 # option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so #version=`ls src/.libs/lib*.so.* | \ # awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'` #major=`ls src/.libs/lib*.so.* | \ # awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'` config.status: dh_clean Makefile sh ./autogen.sh dh_testdir # Add here commands to configure the package. ifneq "$(wildcard /usr/share/misc/config.sub)" "" cp -f /usr/share/misc/config.sub config.sub endif ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif sh ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CPPFLAGS="$(shell dpkg-buildflags --get CPPFLAGS)" CFLAGS="$(shell dpkg-buildflags --get CFLAGS)" LDFLAGS="$(shell dpkg-buildflags --get LDFLAGS) -Wl,-z,defs" --with-slibdir=/lib/ --sysconfdir=/etc/ --localstatedir=/var/ build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: config.status dh_testdir # Add here commands to compile the package. $(MAKE) touch $@ _clean: dh_testdir dh_testroot # Add here commands to clean up after the build process. - $(MAKE) distclean dh_clean clean: _clean rm -fr build-stamp config.h config.status missing \ Makefile stamp* .depend .deps/ .pc/ ltmain.sh libtool \ depcomp install-sh - rm -fr $(CURDIR)/debian/libpam-shield install: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/tmp $(MAKE) DESTDIR=$(CURDIR)/debian/libpam-shield install # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installman dh_lintian dh_link dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/prerm0000644000000000000000000000023411762733031010240 0ustar #!/bin/sh # prerm script for pam-shield # set -e if [ "$1" = remove ]; then pam-auth-update --package --remove pam_shield fi #DEBHELPER# exit 0 debian/README.Debian0000644000000000000000000000127111762733031011233 0ustar pam-shield for Debian --------------------- Configuring pam_shield ---------------------- 1) Edit the config file /etc/security/shield.conf and create an 'allow' line for trusted hosts. Change trigger_cmd if desired. 2) Check the configuration in /etc/pam.d/common-auth. The default configuration will lock out repeated attempts by IP, but will not block login on the basis of missing DNS or missing reverse DNS. 3) Simulate attack on Your host and check out ip route show or iptables -L depending on Your trigger script defined in shield.conf -- Mateusz Kaduk Mon, 03 Dec 2007 21:31:45 +0100 -- Jonathan Niehof Sat, 02 Jun 2012 12:48:05 -0600debian/docs0000644000000000000000000000004111762733031010037 0ustar Changelog CREDITS README INSTALL debian/changelog0000644000000000000000000000640712224217177011054 0ustar pam-shield (0.9.6-1.1) unstable; urgency=low * Non-maintainer upload. * Upload to unstable (probably last upload just avoids freeze) * debian/patches - add dont-specify-automake-and-autoconf-version.patch (Closes: #713181) -- Hideki Yamane Sun, 06 Oct 2013 17:23:17 +0900 pam-shield (0.9.6-1) experimental; urgency=low * New maintainer. (Closes: #572656). * Switch to dpkg-source 3.0 (quilt) format. * Bump Standards Version to 3.9.3.0. (No changes needed). * Update to debhelper 8. -dh_clean now handles *-stamp (7) -new dh_prep. (7) -no debhelper 8 specific changes * New homepage; updated watchfile. * Lintian fixups: -Add misc:Depends to control (debhelper-but-no-misc-depends) -Add override for INSTALL (package-contains-upstream-install-documentation) -Add DEP-3 headers to patches (quilt-patch-missing-description) * Rename cron job so run-parts will actually run it. * Support pam-auth-update. (Closes: #579514) * New upstream release: -Add manpage for shield.conf (Closes: #488847). -Ensure cron job does not return 0 (Closes: #563065). -Add --force option to shield-purge (Closes: #457642). -Wait for database if it isn't writable (Closes: #488841). -Modify shield-purge to work without arguments. -Fix a memory leak in shield-purge. -Fix shield-purge to traverse entire database. -Treat missing DNS parameters properly -Fix race condition (blocking same IP multiple times) -Continue on errors from read_config -Use IP blackhole routing to block -Optional ufw-based blocking -- Jonathan Niehof Sun, 03 Jun 2012 13:08:23 -0600 pam-shield (0.9.2-3.3) stable; urgency=high * Non-maintainer upload. * Fix CVE-2012-2350: block IPs when allow_missing_dns is no (Closes: #658830). -- Jonathan Niehof Sun, 26 Feb 2012 09:55:31 -0700 pam-shield (0.9.2-3.2) unstable; urgency=low * Non-maintainer upload. * Update build-deps and patch to use automake-1.11. (Closes: #543024). * Install INSTALL file. (Closes: #517050). * Add install-sh to clean target in rules. * Remove paths from commands in maintainer scripts. * Add README.source for quilt patch system. * Add Homepage field. * Bump Standards Version to 3.8.3. (No changes needed). -- Barry deFreese Fri, 09 Oct 2009 09:04:02 -0400 pam-shield (0.9.2-3.1) unstable; urgency=low * Non-maintainer upload. * Check for executable in cron file (Closes: #461574) -- Filippo Giunchedi Thu, 01 May 2008 17:53:43 +0200 pam-shield (0.9.2-3) unstable; urgency=low * Checked against new debian-policy and changed to 3.7.3 * Fixed differnce between documentation and installed files (Closes: #456759) * Fixed suboptimal description wording (Closes: #456814) * Fixed typo in the short description (Closes: #457043) -- Mateusz Kaduk Wed, 19 Dec 2007 16:28:24 +0100 pam-shield (0.9.2-2) unstable; urgency=low * Added checking rhost for null pointer, as it caused segmentation fault. -- Mateusz Kaduk Wed, 05 Dec 2007 21:05:32 +0100 pam-shield (0.9.2-1) unstable; urgency=low * Initial release -- Mateusz Kaduk Sun, 02 Dec 2007 16:42:55 +0100 debian/preinst0000644000000000000000000000027311762733031010602 0ustar #!/bin/sh # preinst script for pam-shield set -e dpkg-maintscript-helper mv_conffile \ /etc/cron.daily/pam_shield.cron /etc/cron.daily/pam_shield 0.9.2-3.3 -- "$@" #DEBHELPER# exit 0 debian/postrm0000644000000000000000000000072211762733031010441 0ustar #!/bin/sh # postrm script for pam-shield # set -e dpkg-maintscript-helper mv_conffile \ /etc/cron.daily/pam_shield.cron /etc/cron.daily/pam_shield 0.9.2-3.3 -- "$@" case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) if [ -d /var/lib/pam_shield ]; then rm -fr /var/lib/pam_shield fi ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/control0000644000000000000000000000125511762733031010577 0ustar Source: pam-shield Section: admin Priority: optional Maintainer: Jonathan Niehof Build-Depends: debhelper (>= 8), libgdbm-dev, libpam0g-dev, autoconf, automake (>= 1.11), libtool Standards-Version: 3.9.3.0 Homepage: http://github.com/jtniehof/pam_shield Package: libpam-shield Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: dpkg (>= 1.15.7.2) Suggests: iproute, iptables, ufw Description: locks out remote attackers trying password guessing In certain situations it is not possible to use host based authentication and here pam-shield comes in use. . It locks out brute-force password crackers using null-route or iptables rules.