wok-next view fail2ban/receipt @ rev 21727

created recipe for vbindiff
author Hans-G?nter Theisgen
date Sat Nov 21 14:32:44 2020 +0100 (2020-11-21)
parents e19ff076dc63
children
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban"
4 VERSION="0.11.1"
5 CATEGORY="network"
6 TAGS="monitor network"
7 SHORT_DESC="Scans log files to ban IP that makes too many password failures"
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
14 CONFIG_FILES="/etc/fail2ban"
15
16 COOKOPTS="force-arch" # different .egg-info (file/dir) ?
17
18 DEPENDS="iptables"
19 BUILD_DEPENDS="python"
20
21 compile_rules()
22 {
23 python -B setup.py install --root=$install
24 }
25
26 genpkg_rules()
27 {
28 mkdir -p $fs/etc/logrotate.d
29 mkdir -p $fs/etc/init.d
30
31 cp -a $install/* $fs
32 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' \
33 $fs/etc/fail2ban/filter.d/common.conf
34 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
35 -e '/ssh-iptables/{nn;s/false/true/}' \
36 $fs/etc/fail2ban/jail.conf
37
38 cp -a $stuff/etc/fail2ban $fs/etc
39 cp -a $stuff/etc/init.d $fs/etc
40
41 cat >> $fs/etc/fail2ban/jail.conf <<EOT
42 [apache-noscript]
43 enabled = false
44 port = http,https
45 filter = apache-noscript
46 action = iptables-allports[name=APACHE-NOSCRIPT]
47 logpath = /var/log/apache/*errors
48 maxretry = 2
49
50 [apache-proxy]
51 enabled = false
52 port = http,https
53 filter = apache-proxy
54 action = iptables-allports[name=APACHE-PROXY]
55 logpath = /var/log/apache/*access
56 bantime = 172800
57 maxretry = 2
58
59 [apache-w00tw00t]
60 enabled = false
61 filter = apache-w00tw00t
62 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
63 logpath = /var/log/apache/*access
64 maxretry = 1
65 bantime = 172800
66
67 [lighttpd-fastcgi]
68 enabled = false
69 port = http,https
70 filter = lighttpd-fastcgi
71 action = iptables-allports[name=LIGHTTPD-FASTCGI]
72 logpath = /var/log/lighttpd/*error*.log
73 maxretry = 2
74
75 [ssh-ddos]
76 enabled = true
77 port = ssh,sftp
78 filter = sshd-ddos
79 action = iptables-allports[name=SSHDDOS]
80 logpath = /var/log/messages
81 maxretry = 2
82
83 [fail2ban]
84 enabled = true
85 filter = fail2ban
86 action = iptables-allports[name=FAIL2BAN]
87 logpath = /var/log/fail2ban.log
88 maxretry = 5
89 findtime = 604800
90 bantime = 604800
91 EOT
92 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
93 cat > $fs/etc/logrotate.d/fail2ban <<EOT
94 /var/log/fail2ban.log {
95 weekly
96 rotate 10
97 compress
98 postrotate
99 /etc/init.d/fail2ban reload >/dev/null || true
100 endscript
101 }
102 EOT
103 }