wok-6.x view fail2ban/receipt @ rev 25122
Up apache (2.4.54)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Tue Jun 28 08:48:09 2022 +0000 (2022-06-28) |
parents | 5ea0ce1cecc0 |
children |
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.11.2"
5 CATEGORY="network"
6 TAGS="monitor network"
7 SHORT_DESC="Scans log files to ban IPs that make too many password failures."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page"
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz"
15 DEPENDS="iptables python"
16 BUILD_DEPENDS="python"
18 CONFIG_FILES="/etc/fail2ban"
20 current_version()
21 {
22 wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \
23 sed '/archive.*tar/!d;s|.*/\(.*\).tar.*|\1|;q'
24 }
26 # Rules to configure and make the package.
27 compile_rules()
28 {
29 python setup.py install --root=$DESTDIR
30 }
32 # Rules to gen a SliTaz package suitable for Tazpkg.
33 genpkg_rules()
34 {
35 mkdir -p $fs/etc/logrotate.d
36 mkdir -p $fs/etc/init.d
38 cp -a $install/* $fs
39 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
40 -e '/ssh-iptables/{nn;s/false/true/}' \
41 $fs/etc/fail2ban/jail.conf
43 cp -a $stuff/etc/fail2ban $fs/etc
44 cp -a $stuff/etc/init.d $fs/etc
46 cat >> $fs/etc/fail2ban/jail.conf <<EOT
47 [apache-noscript]
49 enabled = false
50 port = http,https
51 filter = apache-noscript
52 action = iptables-allports[name=APACHE-NOSCRIPT]
53 logpath = /var/log/apache/*errors
54 maxretry = 2
56 [apache-proxy]
58 enabled = false
59 port = http,https
60 filter = apache-proxy
61 action = iptables-allports[name=APACHE-PROXY]
62 logpath = /var/log/apache/*access
63 bantime = 172800
64 maxretry = 2
66 [apache-w00tw00t]
67 enabled = false
68 filter = apache-w00tw00t
69 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
70 logpath = /var/log/apache/*access
71 maxretry = 1
72 bantime = 172800
74 [lighttpd-fastcgi]
76 enabled = false
77 port = http,https
78 filter = lighttpd-fastcgi
79 action = iptables-allports[name=LIGHTTPD-FASTCGI]
80 logpath = /var/log/lighttpd/*error*.log
81 maxretry = 2
83 [ssh-ddos]
85 enabled = true
86 port = ssh,sftp
87 filter = sshd-ddos
88 action = iptables-allports[name=SSHDDOS]
89 logpath = /var/log/messages
90 maxretry = 2
92 [fail2ban]
93 enabled = true
94 filter = fail2ban
95 action = iptables-allports[name=FAIL2BAN]
96 logpath = /var/log/fail2ban.log
97 maxretry = 5
98 findtime = 604800
99 bantime = 604800
100 EOT
101 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
102 cat > $fs/etc/logrotate.d/fail2ban <<EOT
103 /var/log/fail2ban.log {
104 weekly
105 rotate 10
106 compress
107 postrotate
108 /etc/init.d/fail2ban reload >/dev/null || true
109 endscript
110 }
111 EOT
112 }