wok-next annotate fail2ban/receipt @ rev 21115

Update gtk3
author Aleksej Bobylev <al.bobylev@gmail.com>
date Sat Jan 12 17:51:19 2019 +0200 (2019-01-12)
parents d5aab818505e
children 12592b053707
rev   line source
pascal@1809 1 # SliTaz package receipt.
pascal@1809 2
pascal@1809 3 PACKAGE="fail2ban"
erjo@16729 4 VERSION="0.9.0"
pascal@1809 5 CATEGORY="network"
al@21020 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures"
pascal@1809 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@15002 8 LICENSE="GPL2"
pascal@15799 9 TARBALL="$PACKAGE-$VERSION.tar.gz"
pascal@1809 10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
pascal@15799 11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
jozee@4936 12 TAGS="monitor network"
pascal@11341 13 CONFIG_FILES="/etc/fail2ban"
pascal@1809 14
al@21094 15 COOKOPTS="force-arch" # different .egg-info (file/dir) ?
al@21094 16
pascal@13206 17 DEPENDS="iptables"
al@20513 18 BUILD_DEPENDS="python"
pascal@13206 19
al@21020 20 compile_rules() {
al@21020 21 python -B setup.py install --root=$install
pascal@1809 22 }
pascal@1809 23
al@21020 24 genpkg_rules() {
slaxemulator@13197 25 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
slaxemulator@13197 26 cp -a $install/* $fs
erjo@16729 27 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf
slaxemulator@11345 28 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
pascal@11341 29 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
al@18077 30
erjo@16729 31 cp -a $stuff/etc/fail2ban/ $fs/etc/
erjo@16729 32 cp -a $stuff/etc/init.d $fs/etc/
al@18077 33
pascal@11341 34 cat >> $fs/etc/fail2ban/jail.conf <<EOT
pascal@13258 35 [apache-noscript]
pascal@13258 36 enabled = false
pascal@13258 37 port = http,https
pascal@13258 38 filter = apache-noscript
pascal@13258 39 action = iptables-allports[name=APACHE-NOSCRIPT]
pascal@13258 40 logpath = /var/log/apache/*errors
pascal@13258 41 maxretry = 2
pascal@13258 42
pascal@13258 43 [apache-proxy]
pascal@13258 44 enabled = false
pascal@13258 45 port = http,https
pascal@13258 46 filter = apache-proxy
pascal@13258 47 action = iptables-allports[name=APACHE-PROXY]
pascal@13258 48 logpath = /var/log/apache/*access
pascal@13258 49 bantime = 172800
pascal@13258 50 maxretry = 2
pascal@13258 51
al@18077 52 [apache-w00tw00t]
al@21020 53 enabled = false
al@21020 54 filter = apache-w00tw00t
al@21020 55 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
al@21020 56 logpath = /var/log/apache/*access
al@21020 57 maxretry = 1
al@21020 58 bantime = 172800
erjo@16729 59
pascal@13257 60 [lighttpd-fastcgi]
pascal@13257 61 enabled = false
pascal@13257 62 port = http,https
pascal@13257 63 filter = lighttpd-fastcgi
pascal@13258 64 action = iptables-allports[name=LIGHTTPD-FASTCGI]
pascal@13257 65 logpath = /var/log/lighttpd/*error*.log
pascal@13257 66 maxretry = 2
pascal@13257 67
pascal@11341 68 [ssh-ddos]
pascal@11341 69 enabled = true
pascal@11341 70 port = ssh,sftp
pascal@11341 71 filter = sshd-ddos
pascal@11341 72 action = iptables-allports[name=SSHDDOS]
pascal@11341 73 logpath = /var/log/messages
pascal@11341 74 maxretry = 2
pascal@11341 75
pascal@13225 76 [fail2ban]
pascal@13225 77 enabled = true
pascal@13225 78 filter = fail2ban
pascal@13225 79 action = iptables-allports[name=FAIL2BAN]
pascal@13225 80 logpath = /var/log/fail2ban.log
pascal@13225 81 maxretry = 5
pascal@13225 82 findtime = 604800
pascal@13225 83 bantime = 604800
pascal@11341 84 EOT
erjo@16729 85 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
pascal@11341 86 cat > $fs/etc/logrotate.d/fail2ban <<EOT
pascal@11341 87 /var/log/fail2ban.log {
pascal@11341 88 weekly
pascal@11341 89 rotate 10
pascal@11341 90 compress
pascal@11341 91 postrotate
pascal@11341 92 /etc/init.d/fail2ban reload >/dev/null || true
pascal@11341 93 endscript
pascal@1809 94 }
pascal@11341 95 EOT
pascal@11341 96 }