wok-current rev 24536
updated fail2ban (0.10.4 -> 0.11.2)
author | Hans-G?nter Theisgen |
---|---|
date | Wed Feb 23 13:43:14 2022 +0100 (2022-02-23) |
parents | 7c0170dd3ecc |
children | 79a5bd723741 |
files | fail2ban/description.txt fail2ban/receipt |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/fail2ban/description.txt Wed Feb 23 13:43:14 2022 +0100 1.3 @@ -0,0 +1,15 @@ 1.4 +Fail2ban scans log files (e.g. /var/log/apache/error_log) and 1.5 +bans IPs that show the malicious signs -- too many password 1.6 +failures, seeking for exploits, etc. 1.7 +Generally Fail2Ban is then used to update firewall rules to 1.8 +reject the IP addresses for a specified amount of time, 1.9 +although any arbitrary other action (e.g. sending an email) 1.10 +could also be configured. 1.11 +Out of the box Fail2Ban comes with filters for various services 1.12 +(apache, courier, ssh, etc). 1.13 + 1.14 +Fail2Ban is able to reduce the rate of incorrect authentications 1.15 +attempts however it cannot eliminate the risk that weak 1.16 +authentication presents. 1.17 +Configure services to use only two factor or public/private 1.18 +authentication mechanisms if you really want to protect services.
2.1 --- a/fail2ban/receipt Wed Feb 23 11:49:52 2022 +0000 2.2 +++ b/fail2ban/receipt Wed Feb 23 13:43:14 2022 +0100 2.3 @@ -1,19 +1,20 @@ 2.4 # SliTaz package receipt. 2.5 2.6 PACKAGE="fail2ban" 2.7 -VERSION="0.10.4" 2.8 +VERSION="0.11.2" 2.9 CATEGORY="network" 2.10 TAGS="monitor network" 2.11 SHORT_DESC="Scans log files to ban IPs that make too many password failures." 2.12 MAINTAINER="pascal.bellard@slitaz.org" 2.13 LICENSE="GPL2" 2.14 -WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" 2.15 +WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page" 2.16 2.17 TARBALL="$PACKAGE-$VERSION.tar.gz" 2.18 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz" 2.19 2.20 -DEPENDS="iptables" 2.21 +DEPENDS="iptables python" 2.22 BUILD_DEPENDS="python" 2.23 + 2.24 CONFIG_FILES="/etc/fail2ban" 2.25 2.26 current_version() 2.27 @@ -31,13 +32,16 @@ 2.28 # Rules to gen a SliTaz package suitable for Tazpkg. 2.29 genpkg_rules() 2.30 { 2.31 - mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 2.32 - cp -a $install/* $fs 2.33 - sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 2.34 - -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 2.35 + mkdir -p $fs/etc/logrotate.d 2.36 + mkdir -p $fs/etc/init.d 2.37 2.38 - cp -a $stuff/etc/fail2ban/ $fs/etc/ 2.39 - cp -a $stuff/etc/init.d $fs/etc/ 2.40 + cp -a $install/* $fs 2.41 + sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 2.42 + -e '/ssh-iptables/{nn;s/false/true/}' \ 2.43 + $fs/etc/fail2ban/jail.conf 2.44 + 2.45 + cp -a $stuff/etc/fail2ban $fs/etc 2.46 + cp -a $stuff/etc/init.d $fs/etc 2.47 2.48 cat >> $fs/etc/fail2ban/jail.conf <<EOT 2.49 [apache-noscript]