wok-next view fail2ban/receipt @ rev 20747
system-tools-backends: provide dev package; liboobs: use that package
author | Aleksej Bobylev <al.bobylev@gmail.com> |
---|---|
date | Wed May 30 16:54:11 2018 +0300 (2018-05-30) |
parents | 16df76e1fc6a |
children | d5aab818505e |
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.9.0"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="GPL2"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
12 TAGS="monitor network"
13 CONFIG_FILES="/etc/fail2ban"
15 DEPENDS="iptables"
16 BUILD_DEPENDS="python"
18 # Rules to configure and make the package.
19 compile_rules()
20 {
21 python setup.py install --root=$DESTDIR
22 }
24 # Rules to gen a SliTaz package suitable for Tazpkg.
25 genpkg_rules()
26 {
27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
28 cp -a $install/* $fs
29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf
30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
33 cp -a $stuff/etc/fail2ban/ $fs/etc/
34 cp -a $stuff/etc/init.d $fs/etc/
36 cat >> $fs/etc/fail2ban/jail.conf <<EOT
37 [apache-noscript]
39 enabled = false
40 port = http,https
41 filter = apache-noscript
42 action = iptables-allports[name=APACHE-NOSCRIPT]
43 logpath = /var/log/apache/*errors
44 maxretry = 2
46 [apache-proxy]
48 enabled = false
49 port = http,https
50 filter = apache-proxy
51 action = iptables-allports[name=APACHE-PROXY]
52 logpath = /var/log/apache/*access
53 bantime = 172800
54 maxretry = 2
56 [apache-w00tw00t]
57 enabled = false
58 filter = apache-w00tw00t
59 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
60 logpath = /var/log/apache/*access
61 maxretry = 1
62 bantime = 172800
64 [lighttpd-fastcgi]
66 enabled = false
67 port = http,https
68 filter = lighttpd-fastcgi
69 action = iptables-allports[name=LIGHTTPD-FASTCGI]
70 logpath = /var/log/lighttpd/*error*.log
71 maxretry = 2
73 [ssh-ddos]
75 enabled = true
76 port = ssh,sftp
77 filter = sshd-ddos
78 action = iptables-allports[name=SSHDDOS]
79 logpath = /var/log/messages
80 maxretry = 2
82 [fail2ban]
83 enabled = true
84 filter = fail2ban
85 action = iptables-allports[name=FAIL2BAN]
86 logpath = /var/log/fail2ban.log
87 maxretry = 5
88 findtime = 604800
89 bantime = 604800
90 EOT
91 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
92 cat > $fs/etc/logrotate.d/fail2ban <<EOT
93 /var/log/fail2ban.log {
94 weekly
95 rotate 10
96 compress
97 postrotate
98 /etc/init.d/fail2ban reload >/dev/null || true
99 endscript
100 }
101 EOT
102 }