wok-current annotate fail2ban/receipt @ rev 14659

linux64-btrfs: fix genpkg_rules
author Pascal Bellard <pascal.bellard@slitaz.org>
date Wed Jun 05 21:35:12 2013 +0200 (2013-06-05)
parents 6be450c86868
children 7896f0694ef6
rev   line source
pascal@1809 1 # SliTaz package receipt.
pascal@1809 2
pascal@1809 3 PACKAGE="fail2ban"
slaxemulator@13197 4 VERSION="0.8.7.1"
pascal@1809 5 CATEGORY="network"
pascal@11341 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
pascal@1809 7 MAINTAINER="pascal.bellard@slitaz.org"
slaxemulator@13197 8 TARBALL="${PACKAGE}_${VERSION}.orig.tar.gz"
pascal@1809 9 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
slaxemulator@13197 10 WGET_URL="https://github.com/downloads/$PACKAGE/$PACKAGE/$TARBALL"
jozee@4936 11 TAGS="monitor network"
pascal@11341 12 CONFIG_FILES="/etc/fail2ban"
pascal@1809 13
pascal@13206 14 DEPENDS="iptables"
pascal@13206 15 BUILD_DEPENDS="python wget"
pascal@13206 16
pascal@1809 17 # Rules to configure and make the package.
pascal@1809 18 compile_rules()
pascal@1809 19 {
pascal@1809 20 cd $src
pascal@11341 21 python setup.py install --root=$DESTDIR
pascal@1809 22 }
pascal@1809 23
pascal@1809 24 # Rules to gen a SliTaz package suitable for Tazpkg.
pascal@1809 25 genpkg_rules()
pascal@1809 26 {
slaxemulator@13197 27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
slaxemulator@13197 28 cp -a $install/* $fs
slaxemulator@13259 29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > $fs/etc/fail2ban/filter.d/common.conf
slaxemulator@11345 30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
pascal@11341 31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
pascal@11341 32 cat >> $fs/etc/fail2ban/jail.conf <<EOT
pascal@13258 33 [apache-noscript]
pascal@13258 34
pascal@13258 35 enabled = false
pascal@13258 36 port = http,https
pascal@13258 37 filter = apache-noscript
pascal@13258 38 action = iptables-allports[name=APACHE-NOSCRIPT]
pascal@13258 39 logpath = /var/log/apache/*errors
pascal@13258 40 maxretry = 2
pascal@13258 41
pascal@13258 42 [apache-proxy]
pascal@13258 43
pascal@13258 44 enabled = false
pascal@13258 45 port = http,https
pascal@13258 46 filter = apache-proxy
pascal@13258 47 action = iptables-allports[name=APACHE-PROXY]
pascal@13258 48 logpath = /var/log/apache/*access
pascal@13258 49 bantime = 172800
pascal@13258 50 maxretry = 2
pascal@13258 51
pascal@13257 52 [lighttpd-fastcgi]
pascal@13257 53
pascal@13257 54 enabled = false
pascal@13257 55 port = http,https
pascal@13257 56 filter = lighttpd-fastcgi
pascal@13258 57 action = iptables-allports[name=LIGHTTPD-FASTCGI]
pascal@13257 58 logpath = /var/log/lighttpd/*error*.log
pascal@13257 59 maxretry = 2
pascal@13257 60
pascal@11341 61 [ssh-ddos]
pascal@11341 62
pascal@11341 63 enabled = true
pascal@11341 64 port = ssh,sftp
pascal@11341 65 filter = sshd-ddos
pascal@11341 66 action = iptables-allports[name=SSHDDOS]
pascal@11341 67 logpath = /var/log/messages
pascal@11341 68 maxretry = 2
pascal@11341 69
pascal@13225 70 [fail2ban]
pascal@13225 71 enabled = true
pascal@13225 72 filter = fail2ban
pascal@13225 73 action = iptables-allports[name=FAIL2BAN]
pascal@13225 74 logpath = /var/log/fail2ban.log
pascal@13225 75 maxretry = 5
pascal@13225 76 findtime = 604800
pascal@13225 77 bantime = 604800
pascal@11341 78 EOT
pascal@11341 79 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
pascal@11341 80 cat > $fs/etc/logrotate.d/fail2ban <<EOT
pascal@11341 81 /var/log/fail2ban.log {
pascal@11341 82 weekly
pascal@11341 83 rotate 10
pascal@11341 84 compress
pascal@11341 85 postrotate
pascal@11341 86 /etc/init.d/fail2ban reload >/dev/null || true
pascal@11341 87 endscript
pascal@1809 88 }
pascal@11341 89 EOT
pascal@11341 90 }