wok-current view fail2ban-ipv6/receipt @ rev 20059

Add fail2ban-ipv6
author Pascal Bellard <pascal.bellard@slitaz.org>
date Fri Sep 15 21:48:12 2017 +0200 (2017-09-15)
parents
children
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban-ipv6"
4 SOURCE="fail2ban"
5 VERSION="0.9.0"
6 CATEGORY="network"
7 SHORT_DESC="Scans log files to bans IPv4 & IPv6 that makes too many password failures."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 TARBALL="$SOURCE-$VERSION.tar.gz"
11 EXTRA_SOURCE_FILES="fail2ban-ipv6.tar.xz"
12 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
13 WEB_SITE2="https://blog.tetsumaki.net/articles/2014/03/ajout-du-support-ipv6-sur-fail2ban.html"
14 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
15 PATCH="https://data.tetsumaki.net/divers/fail2ban-ipv6.tar.xz"
16 PROVIDE="fail2ban"
17 TAGS="monitor network"
18 CONFIG_FILES="/etc/fail2ban"
19
20 DEPENDS="iptables"
21 BUILD_DEPENDS="python wget"
22
23 # Rules to configure and make the package.
24 compile_rules()
25 {
26 [ -s $SOURCES_REPOSITORY/$(basename $PATCH) ] ||
27 wget --no-check-certificate -P $SOURCES_REPOSITORY $PATCH
28 tar xf $SOURCES_REPOSITORY/$(basename $PATCH)
29 for i in fail2ban-ipv6/*.patch ; do
30 patch -p0 < $i
31 done
32 python setup.py install --root=$DESTDIR
33 }
34
35 # Rules to gen a SliTaz package suitable for Tazpkg.
36 genpkg_rules()
37 {
38 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d $fs/usr/bin
39 cp -a $install/* $fs
40 cp -a $src/fail2ban-ipv6/*.sh $fs/usr/bin
41 cp -a $src/fail2ban-ipv6/*.conf $fs/etc/fail2ban/action.d
42 sed -i 's/^.DEFAULT*/&\njailaction = iptable46-multiport/' $fs/etc/fail2ban/jail.conf
43 sed -i 's/= \\s\*/= \\s*\\S+\\s\*/' $fs/etc/fail2ban/filter.d/common.conf
44 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
45 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
46
47 cp -a $stuff/etc/fail2ban/ $fs/etc/
48 cp -a $stuff/etc/init.d $fs/etc/
49
50 cat >> $fs/etc/fail2ban/jail.conf <<EOT
51 [apache-noscript]
52
53 enabled = false
54 port = http,https
55 filter = apache-noscript
56 action = iptables-allports[name=APACHE-NOSCRIPT]
57 logpath = /var/log/apache/*errors
58 maxretry = 2
59
60 [apache-proxy]
61
62 enabled = false
63 port = http,https
64 filter = apache-proxy
65 action = iptables-allports[name=APACHE-PROXY]
66 logpath = /var/log/apache/*access
67 bantime = 172800
68 maxretry = 2
69
70 [apache-w00tw00t]
71 enabled = false
72 filter = apache-w00tw00t
73 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
74 logpath = /var/log/apache/*access
75 maxretry = 1
76 bantime = 172800
77
78 [lighttpd-fastcgi]
79
80 enabled = false
81 port = http,https
82 filter = lighttpd-fastcgi
83 action = iptables-allports[name=LIGHTTPD-FASTCGI]
84 logpath = /var/log/lighttpd/*error*.log
85 maxretry = 2
86
87 [ssh-ddos]
88
89 enabled = true
90 port = ssh,sftp
91 filter = sshd-ddos
92 action = iptables-allports[name=SSHDDOS]
93 logpath = /var/log/messages
94 maxretry = 2
95
96 [fail2ban]
97 enabled = true
98 filter = fail2ban
99 action = iptables-allports[name=FAIL2BAN]
100 logpath = /var/log/fail2ban.log
101 maxretry = 5
102 findtime = 604800
103 bantime = 604800
104 EOT
105 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
106 cat > $fs/etc/logrotate.d/fail2ban <<EOT
107 /var/log/fail2ban.log {
108 weekly
109 rotate 10
110 compress
111 postrotate
112 /etc/init.d/fail2ban reload >/dev/null || true
113 endscript
114 }
115 EOT
116 }