wok-current view fail2ban/receipt @ rev 14660
linux-libre-sound: non-free firmware...
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Wed Jun 05 22:39:50 2013 +0200 (2013-06-05) |
parents | 6be450c86868 |
children | 7896f0694ef6 |
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.8.7.1"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 TARBALL="${PACKAGE}_${VERSION}.orig.tar.gz"
9 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
10 WGET_URL="https://github.com/downloads/$PACKAGE/$PACKAGE/$TARBALL"
11 TAGS="monitor network"
12 CONFIG_FILES="/etc/fail2ban"
14 DEPENDS="iptables"
15 BUILD_DEPENDS="python wget"
17 # Rules to configure and make the package.
18 compile_rules()
19 {
20 cd $src
21 python setup.py install --root=$DESTDIR
22 }
24 # Rules to gen a SliTaz package suitable for Tazpkg.
25 genpkg_rules()
26 {
27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
28 cp -a $install/* $fs
29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > $fs/etc/fail2ban/filter.d/common.conf
30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
32 cat >> $fs/etc/fail2ban/jail.conf <<EOT
33 [apache-noscript]
35 enabled = false
36 port = http,https
37 filter = apache-noscript
38 action = iptables-allports[name=APACHE-NOSCRIPT]
39 logpath = /var/log/apache/*errors
40 maxretry = 2
42 [apache-proxy]
44 enabled = false
45 port = http,https
46 filter = apache-proxy
47 action = iptables-allports[name=APACHE-PROXY]
48 logpath = /var/log/apache/*access
49 bantime = 172800
50 maxretry = 2
52 [lighttpd-fastcgi]
54 enabled = false
55 port = http,https
56 filter = lighttpd-fastcgi
57 action = iptables-allports[name=LIGHTTPD-FASTCGI]
58 logpath = /var/log/lighttpd/*error*.log
59 maxretry = 2
61 [ssh-ddos]
63 enabled = true
64 port = ssh,sftp
65 filter = sshd-ddos
66 action = iptables-allports[name=SSHDDOS]
67 logpath = /var/log/messages
68 maxretry = 2
70 [fail2ban]
71 enabled = true
72 filter = fail2ban
73 action = iptables-allports[name=FAIL2BAN]
74 logpath = /var/log/fail2ban.log
75 maxretry = 5
76 findtime = 604800
77 bantime = 604800
78 EOT
79 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
80 cat > $fs/etc/logrotate.d/fail2ban <<EOT
81 /var/log/fail2ban.log {
82 weekly
83 rotate 10
84 compress
85 postrotate
86 /etc/init.d/fail2ban reload >/dev/null || true
87 endscript
88 }
89 EOT
90 }