wok annotate fail2ban/receipt @ rev 25810
Up rsync (3.4.0) fixes CVE-2024-12084 & CVE-2024-12085
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Jan 15 12:30:53 2025 +0000 (2 days ago) |
| parents | 528420e28cb9 |
| children |
| rev | line source |
|---|---|
| pascal@1809 | 1 # SliTaz package receipt. |
| pascal@1809 | 2 |
| pascal@1809 | 3 PACKAGE="fail2ban" |
| Hans-G?nter@24536 | 4 VERSION="0.11.2" |
| pascal@1809 | 5 CATEGORY="network" |
| Hans-G?nter@20908 | 6 TAGS="monitor network" |
| Hans-G?nter@20908 | 7 SHORT_DESC="Scans log files to ban IPs that make too many password failures." |
| pascal@1809 | 8 MAINTAINER="pascal.bellard@slitaz.org" |
| pascal@15002 | 9 LICENSE="GPL2" |
| Hans-G?nter@24536 | 10 WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page" |
| Hans-G?nter@20908 | 11 |
| pascal@15799 | 12 TARBALL="$PACKAGE-$VERSION.tar.gz" |
| Hans-G?nter@20908 | 13 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz" |
| pascal@1809 | 14 |
| Hans-G?nter@24536 | 15 DEPENDS="iptables python" |
| Hans-G?nter@20908 | 16 BUILD_DEPENDS="python" |
| Hans-G?nter@24536 | 17 |
| Hans-G?nter@20908 | 18 CONFIG_FILES="/etc/fail2ban" |
| pascal@13206 | 19 |
| pascal@25599 | 20 # What is the latest version available today? |
| pascal@24055 | 21 current_version() |
| pascal@24055 | 22 { |
| pascal@24055 | 23 wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \ |
| pascal@25599 | 24 sed '/tag\//!d;s|.*tag/v*||;s|".*||;q' |
| pascal@24055 | 25 } |
| pascal@24055 | 26 |
| pascal@1809 | 27 # Rules to configure and make the package. |
| pascal@1809 | 28 compile_rules() |
| pascal@1809 | 29 { |
| pascal@11341 | 30 python setup.py install --root=$DESTDIR |
| pascal@1809 | 31 } |
| pascal@1809 | 32 |
| pascal@1809 | 33 # Rules to gen a SliTaz package suitable for Tazpkg. |
| pascal@1809 | 34 genpkg_rules() |
| pascal@1809 | 35 { |
| Hans-G?nter@24536 | 36 mkdir -p $fs/etc/logrotate.d |
| Hans-G?nter@24536 | 37 mkdir -p $fs/etc/init.d |
| al@18077 | 38 |
| Hans-G?nter@24536 | 39 cp -a $install/* $fs |
| Hans-G?nter@24536 | 40 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ |
| Hans-G?nter@24536 | 41 -e '/ssh-iptables/{nn;s/false/true/}' \ |
| Hans-G?nter@24536 | 42 $fs/etc/fail2ban/jail.conf |
| Hans-G?nter@24536 | 43 |
| Hans-G?nter@24536 | 44 cp -a $stuff/etc/fail2ban $fs/etc |
| Hans-G?nter@24536 | 45 cp -a $stuff/etc/init.d $fs/etc |
| al@18077 | 46 |
| pascal@11341 | 47 cat >> $fs/etc/fail2ban/jail.conf <<EOT |
| pascal@13258 | 48 [apache-noscript] |
| pascal@13258 | 49 |
| pascal@13258 | 50 enabled = false |
| pascal@13258 | 51 port = http,https |
| pascal@13258 | 52 filter = apache-noscript |
| pascal@13258 | 53 action = iptables-allports[name=APACHE-NOSCRIPT] |
| pascal@13258 | 54 logpath = /var/log/apache/*errors |
| pascal@13258 | 55 maxretry = 2 |
| pascal@13258 | 56 |
| pascal@13258 | 57 [apache-proxy] |
| pascal@13258 | 58 |
| pascal@13258 | 59 enabled = false |
| pascal@13258 | 60 port = http,https |
| pascal@13258 | 61 filter = apache-proxy |
| pascal@13258 | 62 action = iptables-allports[name=APACHE-PROXY] |
| pascal@13258 | 63 logpath = /var/log/apache/*access |
| pascal@13258 | 64 bantime = 172800 |
| pascal@13258 | 65 maxretry = 2 |
| pascal@13258 | 66 |
| al@18077 | 67 [apache-w00tw00t] |
| erjo@16729 | 68 enabled = false |
| al@18077 | 69 filter = apache-w00tw00t |
| al@18077 | 70 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] |
| al@18077 | 71 logpath = /var/log/apache/*access |
| al@18077 | 72 maxretry = 1 |
| al@18077 | 73 bantime = 172800 |
| erjo@16729 | 74 |
| pascal@13257 | 75 [lighttpd-fastcgi] |
| pascal@13257 | 76 |
| pascal@13257 | 77 enabled = false |
| pascal@13257 | 78 port = http,https |
| pascal@13257 | 79 filter = lighttpd-fastcgi |
| pascal@13258 | 80 action = iptables-allports[name=LIGHTTPD-FASTCGI] |
| pascal@13257 | 81 logpath = /var/log/lighttpd/*error*.log |
| pascal@13257 | 82 maxretry = 2 |
| pascal@13257 | 83 |
| pascal@11341 | 84 [ssh-ddos] |
| pascal@11341 | 85 |
| pascal@11341 | 86 enabled = true |
| pascal@11341 | 87 port = ssh,sftp |
| pascal@11341 | 88 filter = sshd-ddos |
| pascal@11341 | 89 action = iptables-allports[name=SSHDDOS] |
| pascal@11341 | 90 logpath = /var/log/messages |
| pascal@11341 | 91 maxretry = 2 |
| pascal@11341 | 92 |
| pascal@13225 | 93 [fail2ban] |
| pascal@13225 | 94 enabled = true |
| pascal@13225 | 95 filter = fail2ban |
| pascal@13225 | 96 action = iptables-allports[name=FAIL2BAN] |
| pascal@13225 | 97 logpath = /var/log/fail2ban.log |
| pascal@13225 | 98 maxretry = 5 |
| pascal@13225 | 99 findtime = 604800 |
| pascal@13225 | 100 bantime = 604800 |
| pascal@11341 | 101 EOT |
| erjo@16729 | 102 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban |
| pascal@11341 | 103 cat > $fs/etc/logrotate.d/fail2ban <<EOT |
| pascal@11341 | 104 /var/log/fail2ban.log { |
| pascal@11341 | 105 weekly |
| pascal@11341 | 106 rotate 10 |
| pascal@11341 | 107 compress |
| pascal@11341 | 108 postrotate |
| pascal@11341 | 109 /etc/init.d/fail2ban reload >/dev/null || true |
| pascal@11341 | 110 endscript |
| pascal@1809 | 111 } |
| pascal@11341 | 112 EOT |
| pascal@11341 | 113 } |