wok-backports rev 34
Add: fail2ban. Update to 0.9.0'
| author | Eric Joseph-Alexandre <erjo@slitaz.org> |
|---|---|
| date | Mon Jun 02 01:04:27 2014 +0200 (2014-06-02) |
| parents | e3d54049dca5 |
| children | 7d36f68ad9b3 |
| files | fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/apache-noscript.conf fail2ban/stuff/etc/fail2ban/filter.d/apache-proxy.conf fail2ban/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf fail2ban/stuff/etc/init.d/fail2ban |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/fail2ban/receipt Mon Jun 02 01:04:27 2014 +0200 1.3 @@ -0,0 +1,103 @@ 1.4 +# SliTaz package receipt. 1.5 + 1.6 +PACKAGE="fail2ban" 1.7 +VERSION="0.9.0" 1.8 +CATEGORY="network" 1.9 +SHORT_DESC="Scans log files to bans IP that makes too many password failures." 1.10 +MAINTAINER="pascal.bellard@slitaz.org" 1.11 +LICENSE="GPL2" 1.12 +TARBALL="$PACKAGE-$VERSION.tar.gz" 1.13 +WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" 1.14 +WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION" 1.15 +TAGS="monitor network" 1.16 +CONFIG_FILES="/etc/fail2ban" 1.17 + 1.18 +DEPENDS="iptables" 1.19 +BUILD_DEPENDS="python wget" 1.20 + 1.21 +# Rules to configure and make the package. 1.22 +compile_rules() 1.23 +{ 1.24 + cd $src 1.25 + python setup.py install --root=$DESTDIR 1.26 +} 1.27 + 1.28 +# Rules to gen a SliTaz package suitable for Tazpkg. 1.29 +genpkg_rules() 1.30 +{ 1.31 + mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 1.32 + cp -a $install/* $fs 1.33 + sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf 1.34 + sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ 1.35 + -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 1.36 + 1.37 + cp -a $stuff/etc/fail2ban/ $fs/etc/ 1.38 + cp -a $stuff/etc/init.d $fs/etc/ 1.39 + 1.40 + cat >> $fs/etc/fail2ban/jail.conf <<EOT 1.41 +[apache-noscript] 1.42 + 1.43 +enabled = false 1.44 +port = http,https 1.45 +filter = apache-noscript 1.46 +action = iptables-allports[name=APACHE-NOSCRIPT] 1.47 +logpath = /var/log/apache/*errors 1.48 +maxretry = 2 1.49 + 1.50 +[apache-proxy] 1.51 + 1.52 +enabled = false 1.53 +port = http,https 1.54 +filter = apache-proxy 1.55 +action = iptables-allports[name=APACHE-PROXY] 1.56 +logpath = /var/log/apache/*access 1.57 +bantime = 172800 1.58 +maxretry = 2 1.59 + 1.60 +[apache-w00tw00t] 1.61 +enabled = false 1.62 +filter = apache-w00tw00t 1.63 +action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] 1.64 + logpath = /var/log/apache/*access 1.65 + maxretry = 1 1.66 + bantime = 172800 1.67 + 1.68 +[lighttpd-fastcgi] 1.69 + 1.70 +enabled = false 1.71 +port = http,https 1.72 +filter = lighttpd-fastcgi 1.73 +action = iptables-allports[name=LIGHTTPD-FASTCGI] 1.74 +logpath = /var/log/lighttpd/*error*.log 1.75 +maxretry = 2 1.76 + 1.77 +[ssh-ddos] 1.78 + 1.79 +enabled = true 1.80 +port = ssh,sftp 1.81 +filter = sshd-ddos 1.82 +action = iptables-allports[name=SSHDDOS] 1.83 +logpath = /var/log/messages 1.84 +maxretry = 2 1.85 + 1.86 +[fail2ban] 1.87 +enabled = true 1.88 +filter = fail2ban 1.89 +action = iptables-allports[name=FAIL2BAN] 1.90 +logpath = /var/log/fail2ban.log 1.91 +maxretry = 5 1.92 +findtime = 604800 1.93 +bantime = 604800 1.94 +EOT 1.95 + #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 1.96 + cat > $fs/etc/logrotate.d/fail2ban <<EOT 1.97 +/var/log/fail2ban.log { 1.98 + weekly 1.99 + rotate 10 1.100 + compress 1.101 + postrotate 1.102 + /etc/init.d/fail2ban reload >/dev/null || true 1.103 + endscript 1.104 +} 1.105 +EOT 1.106 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-noscript.conf Mon Jun 02 01:04:27 2014 +0200 2.3 @@ -0,0 +1,24 @@ 2.4 +# Fail2Ban configuration file 2.5 +# 2.6 +# Author: Cyril Jaquier 2.7 +# 2.8 +# $Revision: 658 $ 2.9 +# 2.10 + 2.11 +[Definition] 2.12 + 2.13 +# Option: failregex 2.14 +# Notes.: regex to match the password failure messages in the logfile. The 2.15 +# host must be matched by a group named "host". The tag "<HOST>" can 2.16 +# be used for standard IP/hostname matching and is only an alias for 2.17 +# (?:::f{4,6}:)?(?P<host>\S+) 2.18 +# Values: TEXT 2.19 +# 2.20 +failregex = [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl) 2.21 + [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): [^.]*$ 2.22 + 2.23 +# Option: ignoreregex 2.24 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 2.25 +# Values: TEXT 2.26 +# 2.27 +ignoreregex =
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-proxy.conf Mon Jun 02 01:04:27 2014 +0200 3.3 @@ -0,0 +1,21 @@ 3.4 +# Fail2Ban configuration file 3.5 +# 3.6 +# Author: James Roe 3.7 +# 3.8 + 3.9 +[Definition] 3.10 + 3.11 +# Option: failregex 3.12 +# Notes.: regex to match the password failure messages in the logfile. The 3.13 +# host must be matched by a group named "host". The tag "<HOST>" can 3.14 +# be used for standard IP/hostname matching and is only an alias for 3.15 +# (?:::f{4,6}:)?(?P<host>\S+) 3.16 +# Values: TEXT 3.17 +# 3.18 +failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>) 3.19 + 3.20 +# Option: ignoreregex 3.21 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 3.22 +# Values: TEXT 3.23 +# 3.24 +ignoreregex =
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf Mon Jun 02 01:04:27 2014 +0200 4.3 @@ -0,0 +1,5 @@ 4.4 +[Definition] 4.5 + 4.6 +failregex = ^<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".* 4.7 + 4.8 +ignoreregex =
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/fail2ban.conf Mon Jun 02 01:04:27 2014 +0200 5.3 @@ -0,0 +1,28 @@ 5.4 +# Fail2Ban configuration file 5.5 +# 5.6 +# Author: Tom Hendrikx 5.7 +# 5.8 +# $Revision: 663 $ 5.9 +# 5.10 + 5.11 +[Definition] 5.12 + 5.13 +# Option: failregex 5.14 +# Notes.: regex to match the password failures messages in the logfile. The 5.15 +# host must be matched by a group named "host". The tag "<HOST>" can 5.16 +# be used for standard IP/hostname matching and is only an alias for 5.17 +# (?:::f{4,6}:)?(?P<host>\S+) 5.18 +# Values: TEXT 5.19 +# 5.20 + 5.21 +# Count all bans in the logfile 5.22 +failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST> 5.23 + 5.24 +# Option: ignoreregex 5.25 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 5.26 +# Values: TEXT 5.27 +# 5.28 +# Ignore our own bans, to keep our counts exact. 5.29 +# In your config, name your jail 'fail2ban', or change this line! 5.30 +ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST> 5.31 +
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf Mon Jun 02 01:04:27 2014 +0200 6.3 @@ -0,0 +1,18 @@ 6.4 +# Fail2Ban configuration file 6.5 +# 6.6 +# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> 6.7 +# 6.8 + 6.9 +[Definition] 6.10 + 6.11 +# Option: failregex 6.12 +# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module 6.13 +# Values: TEXT 6.14 +# 6.15 +failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\' 6.16 + 6.17 +# Option: ignoreregex 6.18 +# Notes.: regex to ignore. If this regex matches, the line is ignored. 6.19 +# Values: TEXT 6.20 +# 6.21 +ignoreregex =
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/fail2ban/stuff/etc/init.d/fail2ban Mon Jun 02 01:04:27 2014 +0200 7.3 @@ -0,0 +1,60 @@ 7.4 +#!/bin/sh 7.5 +# /etc/init.d/fail2ban: Start, stop and restart Apache web server on SliTaz, 7.6 +# at boot time or with the command line. Daemons options are configured 7.7 +# with /etc/daemons.conf 7.8 +# 7.9 +. /etc/init.d/rc.functions 7.10 +. /etc/daemons.conf 7.11 + 7.12 +NAME=Fail2ban 7.13 +DESC="Fail2ban Server" 7.14 +DAEMON=/usr/bin/fail2ban-client 7.15 +OPTIONS= 7.16 +PIDFILE=/var/run/fail2ban/fail2ban.pid 7.17 +SOCKET=/var/run/fail2ban/fail2ban.sock 7.18 + 7.19 +case "$1" in 7.20 + start) 7.21 + if active_pidfile $PIDFILE fail2ban-server ; then 7.22 + echo "$NAME already running." 7.23 + exit 1 7.24 + fi 7.25 + echo -n "Starting $DESC: $NAME... " 7.26 + rm -f $SOCKET 7.27 + $DAEMON start > /dev/null 7.28 + status 7.29 + ;; 7.30 + stop) 7.31 + echo -n "Stopping $DESC: $NAME... " 7.32 + $DAEMON stop 7.33 + rm -f $PIDFILE 7.34 + status 7.35 + ;; 7.36 + reload) 7.37 + if ! active_pidfile $PIDFILE fail2ban-server ; then 7.38 + echo "$NAME is not running." 7.39 + exit 1 7.40 + fi 7.41 + echo -n "Stopping $DESC: $NAME... " 7.42 + $DAEMON stop 7.43 + status 7.44 + ;; 7.45 + restart) 7.46 + if ! active_pidfile $PIDFILE fail2ban-server ; then 7.47 + echo "$NAME is not running." 7.48 + exit 1 7.49 + fi 7.50 + echo -n "Restarting $DESC: $NAME... " 7.51 + $0 stop 7.52 + $0 start 7.53 + status 7.54 + ;; 7.55 + *) 7.56 + echo "" 7.57 + echo -e "\033[1mUsage:\033[0m /etc/init.d/`basename $0` [start|stop|reload|restart]" 7.58 + echo "" 7.59 + exit 1 7.60 + ;; 7.61 +esac 7.62 + 7.63 +exit 0