Fixed minor bastille-firewall imap problem.

5 files changed, 172 insertions, 10 deletions

diff --git a/app-admin/bastille/ChangeLog b/app-admin/bastille/ChangeLog
index b8e72193a406..2036889b73fc 100644
--- a/app-admin/bastille/ChangeLog
+++ b/app-admin/bastille/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for app-admin/bastille
 # Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/ChangeLog,v 1.5 2004/01/14 02:18:45 battousai Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/ChangeLog,v 1.6 2004/03/21 02:10:48 battousai Exp $
+
+  22 Mar 2004; Bryan Stine <battousai@gentoo.org> bastille-2.1.1-r1.ebuild,
+  bastille-2.1.1-r2.ebuild, files/bastille-firewall-imap.patch:
+  Bumped 2.1.1-r1 to stable. Added a patch to replace all 'imap' service
+  references to 'imap2' for compatibility with /etc/services.
 
 *bastille-2.1.1-r2 (13 Jan 2004)
 
diff --git a/app-admin/bastille/Manifest b/app-admin/bastille/Manifest
index e4f7655de8ce..86c93ed6f4aa 100644
--- a/app-admin/bastille/Manifest
+++ b/app-admin/bastille/Manifest
@@ -1,7 +1,8 @@
+MD5 174e20c1fc981fd2823120783a84a17e bastille-2.1.1-r2.ebuild 2634
+MD5 fcbe108e83546940be4258812ed8ec6c bastille-2.1.1-r1.ebuild 2510
+MD5 c571f81d78a571836d74b64cc8b0afe5 ChangeLog 2091
+MD5 6866ae7fe991fa80eed96fc6c6fbb339 metadata.xml 353
 MD5 5952693da32f1292a5b6013e8e755799 files/digest-bastille-2.1.1-r1 146
 MD5 5952693da32f1292a5b6013e8e755799 files/digest-bastille-2.1.1-r2 146
 MD5 d67fde88483e98fc3147028dda5c01ef files/bastille-2.1.1-firewall.init 1348
-MD5 98f1e09262e8eeb95d0ad5935594e156 bastille-2.1.1-r2.ebuild 2578
-MD5 c3f34342c4f67e69781a35a45e6df074 bastille-2.1.1-r1.ebuild 2458
-MD5 8091a5c2c067eab6f62ed6f88ef0276a ChangeLog 1815
-MD5 6866ae7fe991fa80eed96fc6c6fbb339 metadata.xml 353
+MD5 674111485907adeed35fee21192e18f8 files/bastille-firewall-imap.patch 8660
diff --git a/app-admin/bastille/bastille-2.1.1-r1.ebuild b/app-admin/bastille/bastille-2.1.1-r1.ebuild
index adfd8d2ff7fc..a210674174ed 100644
--- a/app-admin/bastille/bastille-2.1.1-r1.ebuild
+++ b/app-admin/bastille/bastille-2.1.1-r1.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-2.1.1-r1.ebuild,v 1.3 2004/01/14 02:18:45 battousai Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-2.1.1-r1.ebuild,v 1.4 2004/03/21 02:10:48 battousai Exp $
 
-inherit perl-module
+inherit perl-module eutils
 
 IUSE="X"
 
@@ -17,7 +17,7 @@ SRC_URI="mirror://sourceforge/${PN}-linux/${MY_P}.tar.bz2
 
 SLOT="0"
 LICENSE="GPL-2"
-KEYWORDS="~x86 ~ppc ~sparc ~alpha"
+KEYWORDS="x86 ppc sparc alpha"
 
 RDEPEND="net-firewall/iptables
 	app-admin/logrotate
@@ -28,6 +28,7 @@ RDEPEND="net-firewall/iptables
 src_unpack() {
 	unpack ${A}
 	epatch ${WORKDIR}/${P}-gentoo-${PATCHVER}.patch
+	epatch ${FILESDIR}/bastille-firewall-imap.patch
 }
 
 src_compile() {
diff --git a/app-admin/bastille/bastille-2.1.1-r2.ebuild b/app-admin/bastille/bastille-2.1.1-r2.ebuild
index 88c0623421e2..4f79b50987a3 100644
--- a/app-admin/bastille/bastille-2.1.1-r2.ebuild
+++ b/app-admin/bastille/bastille-2.1.1-r2.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-2.1.1-r2.ebuild,v 1.1 2004/01/14 02:18:45 battousai Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/bastille/bastille-2.1.1-r2.ebuild,v 1.2 2004/03/21 02:10:48 battousai Exp $
 
-inherit perl-module
+inherit perl-module eutils
 
 IUSE="X"
 
@@ -28,6 +28,7 @@ RDEPEND="net-firewall/iptables
 src_unpack() {
 	unpack ${A}
 	epatch ${WORKDIR}/${P}-gentoo-${PATCHVER}.patch
+	epatch ${FILESDIR}/bastille-firewall-imap.patch
 }
 
 src_compile() {
diff --git a/app-admin/bastille/files/bastille-firewall-imap.patch b/app-admin/bastille/files/bastille-firewall-imap.patch
new file mode 100644
index 000000000000..ebde15524341
--- /dev/null
+++ b/app-admin/bastille/files/bastille-firewall-imap.patch
@@ -0,0 +1,154 @@
+diff -urN Bastille-orig/Bastille/Firewall.pm Bastille/Bastille/Firewall.pm
+--- Bastille-orig/Bastille/Firewall.pm	2004-03-22 18:45:36.376652656 -0500
++++ Bastille/Bastille/Firewall.pm	2004-03-22 18:47:57.909136448 -0500
+@@ -71,7 +71,7 @@
+ 
+ 	{
+ 	'varname' => "TCP_AUDIT_SERVICES",
+-	'default' => "telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh",
++	'default' => "telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh",
+ 	'stanza' => "2",
+ 	'configname' => 'ip_s_tcpaudit',
+ 	},
+diff -urN Bastille-orig/Questions.txt Bastille/Questions.txt
+--- Bastille-orig/Questions.txt	2004-03-22 18:45:36.367654024 -0500
++++ Bastille/Questions.txt	2004-03-22 18:46:13.815961016 -0500
+@@ -1584,7 +1584,7 @@
+ some standalone services like OpenSSH, and --unless otherwise configured--
+ services running under Red Hat's xinetd super-server, you can configure
+ restrictions based on network address in /etc/hosts.allow. The services
+-using inetd or xinetd typically include telnet, ftp, pop, imap, finger,
++using inetd or xinetd typically include telnet, ftp, pop, imap2, finger,
+ and a number of other services.
+ 
+ If you would like, Bastille can configure a default policy for all inetd,
+@@ -4119,11 +4119,11 @@
+ interfaces (only the \"public\" interfaces) to these ports and/or services. This is
+ useful to spot possible probes or attacks. The default setting records connection
+ attempts to several services, although you may not have them installed or enabled. "
+-QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login
++QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login
+ linuxconf ssh]"
+ REQUIRE_DISTRO: LINUX DB SE TB GE
+ SKIP_CHILD: ip_s_udpaudit
+-DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh
++DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh
+ CONFIRM_TEXT: " \nY"
+ YN_TOGGLE: 0
+ YES_EXP:
+@@ -4237,8 +4237,8 @@
+ 
+ For instance, a corporate firewall/mailserver might have \"smtp\" enabled
+ on the public side to accept outside mail, and for \"internal\" interfaces it might
+-allow both \"smtp\" and \"imap\" so local users can both send and get mail; in that
+-case you would set this value to \"smtp imap\". This does not affect IP Masquerading's
++allow both \"smtp\" and \"imap2\" so local users can both send and get mail; in that
++case you would set this value to \"smtp imap2\". This does not affect IP Masquerading's
+ ability to let masq'ed users access any services on outside/Internet hosts. "
+ QUESTION: "TCP service names or port numbers to allow on private interfaces: [ ]"
+ REQUIRE_DISTRO: LINUX DB SE TB GE
+@@ -4651,11 +4651,11 @@
+ interfaces (only the \"public\" interfaces) to these ports and/or services. This is
+ useful to spot possible probes or attacks. The default setting records connection
+ attempts to several services, although you may not have them installed or enabled. "
+-QUESTION: "TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login
++QUESTION: "TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login
+ linuxconf ssh]"
+ REQUIRE_DISTRO: LINUX DB SE TB GE
+ SKIP_CHILD: ip_b_udpaudit
+-DEFAULT_ANSWER: telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh
++DEFAULT_ANSWER: telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh
+ CONFIRM_TEXT: " \nY"
+ YN_TOGGLE: 0
+ YES_EXP:
+diff -urN Bastille-orig/Server-modify-by-Spong Bastille/Server-modify-by-Spong
+--- Bastille-orig/Server-modify-by-Spong	2004-03-22 18:45:36.363654632 -0500
++++ Bastille/Server-modify-by-Spong	2004-03-22 18:46:31.595258152 -0500
+@@ -10,8 +10,8 @@
+ IPChains.ip_b_trustiface="lo"
+ # Q: Public interfaces: [eth+ ppp+ slip+]
+ IPChains.ip_b_publiciface="eth+ ppp+ slip+"
+-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
+-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
++# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
++IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
+ # Q: UDP services to audit: [31337]
+ IPChains.ip_b_udpaudit="31337"
+ # Q: TCP service names or port numbers to allow on public interfaces: [ ]
+diff -urN Bastille-orig/ServerModerate.config Bastille/ServerModerate.config
+--- Bastille-orig/ServerModerate.config	2004-03-22 18:45:36.361654936 -0500
++++ Bastille/ServerModerate.config	2004-03-22 18:46:41.919688600 -0500
+@@ -10,8 +10,8 @@
+ IPChains.ip_b_trustiface="lo"
+ # Q: Public interfaces: [eth+ ppp+ slip+]
+ IPChains.ip_b_publiciface="eth+ ppp+ slip+"
+-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
+-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
++# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
++IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
+ # Q: UDP services to audit: [31337]
+ IPChains.ip_b_udpaudit="31337"
+ # Q: TCP service names or port numbers to allow on public interfaces: [ ]
+diff -urN Bastille-orig/ServerParanoia.config Bastille/ServerParanoia.config
+--- Bastille-orig/ServerParanoia.config	2004-03-22 18:45:36.379652200 -0500
++++ Bastille/ServerParanoia.config	2004-03-22 18:46:50.680356776 -0500
+@@ -10,8 +10,8 @@
+ IPChains.ip_b_trustiface="lo"
+ # Q: Public interfaces: [eth+ ppp+ slip+]
+ IPChains.ip_b_publiciface="eth+ ppp+ slip+"
+-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
+-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
++# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
++IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
+ # Q: UDP services to audit: [31337]
+ IPChains.ip_b_udpaudit="31337"
+ # Q: TCP service names or port numbers to allow on public interfaces: [ ]
+diff -urN Bastille-orig/WorkstationModerate.config Bastille/WorkstationModerate.config
+--- Bastille-orig/WorkstationModerate.config	2004-03-22 18:45:36.359655240 -0500
++++ Bastille/WorkstationModerate.config	2004-03-22 18:46:59.968944696 -0500
+@@ -10,8 +10,8 @@
+ IPChains.ip_b_trustiface="lo"
+ # Q: Public interfaces: [eth+ ppp+ slip+]
+ IPChains.ip_b_publiciface="eth+ ppp+ slip+"
+-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
+-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
++# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
++IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
+ # Q: UDP services to audit: [31337]
+ IPChains.ip_b_udpaudit="31337"
+ # Q: TCP service names or port numbers to allow on public interfaces: [ ]
+diff -urN Bastille-orig/WorkstationParanoia.config Bastille/WorkstationParanoia.config
+--- Bastille-orig/WorkstationParanoia.config	2004-03-22 18:45:36.379652200 -0500
++++ Bastille/WorkstationParanoia.config	2004-03-22 18:47:08.842595696 -0500
+@@ -10,8 +10,8 @@
+ IPChains.ip_b_trustiface="lo"
+ # Q: Public interfaces: [eth+ ppp+ slip+]
+ IPChains.ip_b_publiciface="eth+ ppp+ slip+"
+-# Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]
+-IPChains.ip_b_tcpaudit="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh"
++# Q: TCP services to audit: [telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh]
++IPChains.ip_b_tcpaudit="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh"
+ # Q: UDP services to audit: [31337]
+ IPChains.ip_b_udpaudit="31337"
+ # Q: TCP service names or port numbers to allow on public interfaces: [ ]
+diff -urN Bastille-orig/bastille-firewall.cfg Bastille/bastille-firewall.cfg
+--- Bastille-orig/bastille-firewall.cfg	2004-03-22 18:45:36.378652352 -0500
++++ Bastille/bastille-firewall.cfg	2004-03-22 18:47:24.028287120 -0500
+@@ -84,7 +84,7 @@
+ #
+ #	Also see item 12, LOG_FAILURES
+ #
+-#TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" 
++#TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" 
+ # anyone probing for BackOrifice?
+ #UDP_AUDIT_SERVICES="31337"
+ # how about ICMP?
+@@ -102,7 +102,7 @@
+ # Please make sure variable assignments are on single lines; do NOT
+ # use the "\" continuation character (so Bastille can change the
+ # values if it is run more than once)
+-TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" 
++TCP_AUDIT_SERVICES="telnet ftp imap2 pop3 finger sunrpc exec login linuxconf ssh" 
+ UDP_AUDIT_SERVICES="31337"
+ ICMP_AUDIT_TYPES=""
+