# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1505504892 -7200
# Node ID a37c7611aef1f2cbec1c9b41a83d43714bf83863
# Parent  4b3b1a6d8ca5c75d3cdc041ac29555c908e2e76c
Add fail2ban-ipv6

diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/receipt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/receipt	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,116 @@
+# SliTaz package receipt.
+
+PACKAGE="fail2ban-ipv6"
+SOURCE="fail2ban"
+VERSION="0.9.0"
+CATEGORY="network"
+SHORT_DESC="Scans log files to bans IPv4 & IPv6 that makes too many password failures."
+MAINTAINER="pascal.bellard@slitaz.org"
+LICENSE="GPL2"
+TARBALL="$SOURCE-$VERSION.tar.gz"
+EXTRA_SOURCE_FILES="fail2ban-ipv6.tar.xz"
+WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
+WEB_SITE2="https://blog.tetsumaki.net/articles/2014/03/ajout-du-support-ipv6-sur-fail2ban.html"
+WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
+PATCH="https://data.tetsumaki.net/divers/fail2ban-ipv6.tar.xz"
+PROVIDE="fail2ban"
+TAGS="monitor network"
+CONFIG_FILES="/etc/fail2ban"
+
+DEPENDS="iptables"
+BUILD_DEPENDS="python wget"
+
+# Rules to configure and make the package.
+compile_rules()
+{
+	[ -s $SOURCES_REPOSITORY/$(basename $PATCH) ] ||
+		wget --no-check-certificate -P $SOURCES_REPOSITORY $PATCH
+	tar xf $SOURCES_REPOSITORY/$(basename $PATCH)
+	for i in fail2ban-ipv6/*.patch ; do
+		patch -p0 < $i
+	done
+	python setup.py install --root=$DESTDIR
+}
+
+# Rules to gen a SliTaz package suitable for Tazpkg.
+genpkg_rules()
+{
+	mkdir -p $fs/etc/logrotate.d $fs/etc/init.d $fs/usr/bin
+	cp -a $install/* $fs
+	cp -a $src/fail2ban-ipv6/*.sh $fs/usr/bin
+	cp -a $src/fail2ban-ipv6/*.conf $fs/etc/fail2ban/action.d
+	sed -i 's/^.DEFAULT*/&\njailaction = iptable46-multiport/' $fs/etc/fail2ban/jail.conf
+	sed -i 's/= \\s\*/= \\s*\\S+\\s\*/'  $fs/etc/fail2ban/filter.d/common.conf
+	sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
+		-e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
+
+	cp -a $stuff/etc/fail2ban/  $fs/etc/
+	cp -a $stuff/etc/init.d  $fs/etc/
+
+	cat >> $fs/etc/fail2ban/jail.conf <<EOT
+[apache-noscript]
+
+enabled  = false
+port     = http,https
+filter   = apache-noscript
+action   = iptables-allports[name=APACHE-NOSCRIPT]
+logpath  = /var/log/apache/*errors
+maxretry = 2
+
+[apache-proxy]
+
+enabled  = false
+port     = http,https
+filter   = apache-proxy
+action   = iptables-allports[name=APACHE-PROXY]
+logpath  = /var/log/apache/*access
+bantime  = 172800
+maxretry = 2
+
+[apache-w00tw00t]
+enabled = false
+filter = apache-w00tw00t
+action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
+        logpath = /var/log/apache/*access
+        maxretry = 1
+        bantime  = 172800
+
+[lighttpd-fastcgi]
+
+enabled  = false
+port     = http,https
+filter   = lighttpd-fastcgi
+action   = iptables-allports[name=LIGHTTPD-FASTCGI]
+logpath  = /var/log/lighttpd/*error*.log
+maxretry = 2
+
+[ssh-ddos]
+
+enabled  = true
+port     = ssh,sftp
+filter   = sshd-ddos
+action   = iptables-allports[name=SSHDDOS]
+logpath  = /var/log/messages
+maxretry = 2
+
+[fail2ban]
+enabled  = true
+filter   = fail2ban
+action   = iptables-allports[name=FAIL2BAN]
+logpath  = /var/log/fail2ban.log
+maxretry = 5
+findtime = 604800
+bantime  = 604800
+EOT
+	#ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
+	cat > $fs/etc/logrotate.d/fail2ban <<EOT
+/var/log/fail2ban.log {
+	weekly
+	rotate 10
+	compress
+	postrotate
+	/etc/init.d/fail2ban reload >/dev/null || true
+	endscript
+}
+EOT
+}
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,24 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 658 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl)
+            [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): [^.]*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: James Roe
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>)
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,5 @@
+[Definition]
+
+failregex = ^<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".*
+
+ignoreregex =
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,28 @@
+# Fail2Ban configuration file
+#
+# Author: Tom Hendrikx
+#
+# $Revision: 663 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+
+# Count all bans in the logfile
+failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+# Ignore our own bans, to keep our counts exact.
+# In your config, name your jail 'fail2ban', or change this line!
+ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST>
+
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+#
+# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match ALERTS as notified by lighttpd's FastCGI Module
+# Values:  TEXT
+#
+failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\'
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban-ipv6/stuff/etc/init.d/fail2ban
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/fail2ban-ipv6/stuff/etc/init.d/fail2ban	Fri Sep 15 21:48:12 2017 +0200
@@ -0,0 +1,59 @@
+#!/bin/sh
+# /etc/init.d/fail2ban: Start, stop and restart Apache web server on SliTaz,
+# at boot time or with the command line. Daemons options are configured
+# with /etc/daemons.conf
+#
+. /etc/init.d/rc.functions
+. /etc/daemons.conf
+
+NAME=Fail2ban
+DESC="$(_ '%s server' Fail2ban)"
+DAEMON=/usr/bin/fail2ban-client
+OPTIONS=
+PIDFILE=/var/run/fail2ban/fail2ban.pid
+SOCKET=/var/run/fail2ban/fail2ban.sock
+
+case "$1" in
+  start)
+    if active_pidfile $PIDFILE fail2ban-server ; then
+      _ '%s is already running.' $NAME
+      exit 1
+    fi
+    action 'Starting %s: %s...' "$DESC" $NAME
+    rm -f $SOCKET
+    $DAEMON start >/dev/null
+    status
+    ;;
+  stop)
+    action 'Stopping %s: %s...' "$DESC" $NAME
+    $DAEMON stop
+    rm -f $PIDFILE
+    status
+    ;;
+  reload)
+    if ! active_pidfile $PIDFILE fail2ban-server  ; then
+      _ '%s is not running.' $NAME
+      exit 1
+    fi
+    action 'Stopping %s: %s...' "$DESC" $NAME
+    $DAEMON stop
+    status
+    ;;
+  restart)
+    if ! active_pidfile $PIDFILE fail2ban-server ; then
+      _ '%s is not running.' $NAME
+      exit 1
+    fi
+    action 'Restarting %s: %s...' "$DESC" $NAME
+    $0 stop
+    $0 start
+    status
+    ;;
+  *)
+    emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart|reload]"
+    newline
+    exit 1
+    ;;
+esac
+
+exit 0
diff -r 4b3b1a6d8ca5 -r a37c7611aef1 fail2ban/receipt
--- a/fail2ban/receipt	Tue Sep 12 02:02:47 2017 +0300
+++ b/fail2ban/receipt	Fri Sep 15 21:48:12 2017 +0200
@@ -26,8 +26,8 @@
 {
 	mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
 	cp -a $install/* $fs
-	sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/'  $fs/etc/fail2ban/filter.d/common.conf
-	sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
+	sed -i 's/= \\s\*/= \\s*\\S+\\s\*/'  $fs/etc/fail2ban/filter.d/common.conf
+	sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
 		-e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
 
 	cp -a $stuff/etc/fail2ban/  $fs/etc/