wok-current annotate fail2ban/receipt @ rev 17555
Add whowatch
author | Paul Issott <paul@slitaz.org> |
---|---|
date | Sun Feb 01 08:50:04 2015 +0000 (2015-02-01) |
parents | d0d74920c618 |
children | 16df76e1fc6a |
rev | line source |
---|---|
pascal@1809 | 1 # SliTaz package receipt. |
pascal@1809 | 2 |
pascal@1809 | 3 PACKAGE="fail2ban" |
erjo@16729 | 4 VERSION="0.9.0" |
pascal@1809 | 5 CATEGORY="network" |
pascal@11341 | 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures." |
pascal@1809 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
pascal@15002 | 8 LICENSE="GPL2" |
pascal@15799 | 9 TARBALL="$PACKAGE-$VERSION.tar.gz" |
pascal@1809 | 10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" |
pascal@15799 | 11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION" |
jozee@4936 | 12 TAGS="monitor network" |
pascal@11341 | 13 CONFIG_FILES="/etc/fail2ban" |
pascal@1809 | 14 |
pascal@13206 | 15 DEPENDS="iptables" |
pascal@13206 | 16 BUILD_DEPENDS="python wget" |
pascal@13206 | 17 |
pascal@1809 | 18 # Rules to configure and make the package. |
pascal@1809 | 19 compile_rules() |
pascal@1809 | 20 { |
pascal@1809 | 21 cd $src |
pascal@11341 | 22 python setup.py install --root=$DESTDIR |
pascal@1809 | 23 } |
pascal@1809 | 24 |
pascal@1809 | 25 # Rules to gen a SliTaz package suitable for Tazpkg. |
pascal@1809 | 26 genpkg_rules() |
pascal@1809 | 27 { |
slaxemulator@13197 | 28 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d |
slaxemulator@13197 | 29 cp -a $install/* $fs |
erjo@16729 | 30 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf |
slaxemulator@11345 | 31 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ |
pascal@11341 | 32 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf |
erjo@16729 | 33 |
erjo@16729 | 34 cp -a $stuff/etc/fail2ban/ $fs/etc/ |
erjo@16729 | 35 cp -a $stuff/etc/init.d $fs/etc/ |
erjo@16729 | 36 |
pascal@11341 | 37 cat >> $fs/etc/fail2ban/jail.conf <<EOT |
pascal@13258 | 38 [apache-noscript] |
pascal@13258 | 39 |
pascal@13258 | 40 enabled = false |
pascal@13258 | 41 port = http,https |
pascal@13258 | 42 filter = apache-noscript |
pascal@13258 | 43 action = iptables-allports[name=APACHE-NOSCRIPT] |
pascal@13258 | 44 logpath = /var/log/apache/*errors |
pascal@13258 | 45 maxretry = 2 |
pascal@13258 | 46 |
pascal@13258 | 47 [apache-proxy] |
pascal@13258 | 48 |
pascal@13258 | 49 enabled = false |
pascal@13258 | 50 port = http,https |
pascal@13258 | 51 filter = apache-proxy |
pascal@13258 | 52 action = iptables-allports[name=APACHE-PROXY] |
pascal@13258 | 53 logpath = /var/log/apache/*access |
pascal@13258 | 54 bantime = 172800 |
pascal@13258 | 55 maxretry = 2 |
pascal@13258 | 56 |
erjo@16729 | 57 [apache-w00tw00t] |
erjo@16729 | 58 enabled = false |
erjo@16729 | 59 filter = apache-w00tw00t |
erjo@16729 | 60 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] |
erjo@16729 | 61 logpath = /var/log/apache/*access |
erjo@16729 | 62 maxretry = 1 |
erjo@16729 | 63 bantime = 172800 |
erjo@16729 | 64 |
pascal@13257 | 65 [lighttpd-fastcgi] |
pascal@13257 | 66 |
pascal@13257 | 67 enabled = false |
pascal@13257 | 68 port = http,https |
pascal@13257 | 69 filter = lighttpd-fastcgi |
pascal@13258 | 70 action = iptables-allports[name=LIGHTTPD-FASTCGI] |
pascal@13257 | 71 logpath = /var/log/lighttpd/*error*.log |
pascal@13257 | 72 maxretry = 2 |
pascal@13257 | 73 |
pascal@11341 | 74 [ssh-ddos] |
pascal@11341 | 75 |
pascal@11341 | 76 enabled = true |
pascal@11341 | 77 port = ssh,sftp |
pascal@11341 | 78 filter = sshd-ddos |
pascal@11341 | 79 action = iptables-allports[name=SSHDDOS] |
pascal@11341 | 80 logpath = /var/log/messages |
pascal@11341 | 81 maxretry = 2 |
pascal@11341 | 82 |
pascal@13225 | 83 [fail2ban] |
pascal@13225 | 84 enabled = true |
pascal@13225 | 85 filter = fail2ban |
pascal@13225 | 86 action = iptables-allports[name=FAIL2BAN] |
pascal@13225 | 87 logpath = /var/log/fail2ban.log |
pascal@13225 | 88 maxretry = 5 |
pascal@13225 | 89 findtime = 604800 |
pascal@13225 | 90 bantime = 604800 |
pascal@11341 | 91 EOT |
erjo@16729 | 92 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban |
pascal@11341 | 93 cat > $fs/etc/logrotate.d/fail2ban <<EOT |
pascal@11341 | 94 /var/log/fail2ban.log { |
pascal@11341 | 95 weekly |
pascal@11341 | 96 rotate 10 |
pascal@11341 | 97 compress |
pascal@11341 | 98 postrotate |
pascal@11341 | 99 /etc/init.d/fail2ban reload >/dev/null || true |
pascal@11341 | 100 endscript |
pascal@1809 | 101 } |
pascal@11341 | 102 EOT |
pascal@11341 | 103 } |