wok annotate fail2ban/receipt @ rev 16334

ARM: add idesk
author Christophe Lincoln <pankso@slitaz.org>
date Fri Apr 11 10:57:36 2014 +0200 (2014-04-11)
parents 673aaa72135b
children 0cdb4f15eec5
rev   line source
pascal@1809 1 # SliTaz package receipt.
pascal@1809 2
pascal@1809 3 PACKAGE="fail2ban"
pascal@15903 4 VERSION="0.8.12"
pascal@1809 5 CATEGORY="network"
pascal@11341 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
pascal@1809 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@15002 8 LICENSE="GPL2"
pascal@15799 9 TARBALL="$PACKAGE-$VERSION.tar.gz"
pascal@1809 10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
pascal@15799 11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
jozee@4936 12 TAGS="monitor network"
pascal@11341 13 CONFIG_FILES="/etc/fail2ban"
pascal@1809 14
pascal@13206 15 DEPENDS="iptables"
pascal@13206 16 BUILD_DEPENDS="python wget"
pascal@13206 17
pascal@1809 18 # Rules to configure and make the package.
pascal@1809 19 compile_rules()
pascal@1809 20 {
pascal@1809 21 cd $src
pascal@11341 22 python setup.py install --root=$DESTDIR
pascal@1809 23 }
pascal@1809 24
pascal@1809 25 # Rules to gen a SliTaz package suitable for Tazpkg.
pascal@1809 26 genpkg_rules()
pascal@1809 27 {
slaxemulator@13197 28 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
slaxemulator@13197 29 cp -a $install/* $fs
slaxemulator@13259 30 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > $fs/etc/fail2ban/filter.d/common.conf
slaxemulator@11345 31 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
pascal@11341 32 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
pascal@11341 33 cat >> $fs/etc/fail2ban/jail.conf <<EOT
pascal@13258 34 [apache-noscript]
pascal@13258 35
pascal@13258 36 enabled = false
pascal@13258 37 port = http,https
pascal@13258 38 filter = apache-noscript
pascal@13258 39 action = iptables-allports[name=APACHE-NOSCRIPT]
pascal@13258 40 logpath = /var/log/apache/*errors
pascal@13258 41 maxretry = 2
pascal@13258 42
pascal@13258 43 [apache-proxy]
pascal@13258 44
pascal@13258 45 enabled = false
pascal@13258 46 port = http,https
pascal@13258 47 filter = apache-proxy
pascal@13258 48 action = iptables-allports[name=APACHE-PROXY]
pascal@13258 49 logpath = /var/log/apache/*access
pascal@13258 50 bantime = 172800
pascal@13258 51 maxretry = 2
pascal@13258 52
pascal@13257 53 [lighttpd-fastcgi]
pascal@13257 54
pascal@13257 55 enabled = false
pascal@13257 56 port = http,https
pascal@13257 57 filter = lighttpd-fastcgi
pascal@13258 58 action = iptables-allports[name=LIGHTTPD-FASTCGI]
pascal@13257 59 logpath = /var/log/lighttpd/*error*.log
pascal@13257 60 maxretry = 2
pascal@13257 61
pascal@11341 62 [ssh-ddos]
pascal@11341 63
pascal@11341 64 enabled = true
pascal@11341 65 port = ssh,sftp
pascal@11341 66 filter = sshd-ddos
pascal@11341 67 action = iptables-allports[name=SSHDDOS]
pascal@11341 68 logpath = /var/log/messages
pascal@11341 69 maxretry = 2
pascal@11341 70
pascal@13225 71 [fail2ban]
pascal@13225 72 enabled = true
pascal@13225 73 filter = fail2ban
pascal@13225 74 action = iptables-allports[name=FAIL2BAN]
pascal@13225 75 logpath = /var/log/fail2ban.log
pascal@13225 76 maxretry = 5
pascal@13225 77 findtime = 604800
pascal@13225 78 bantime = 604800
pascal@11341 79 EOT
pascal@11341 80 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
pascal@11341 81 cat > $fs/etc/logrotate.d/fail2ban <<EOT
pascal@11341 82 /var/log/fail2ban.log {
pascal@11341 83 weekly
pascal@11341 84 rotate 10
pascal@11341 85 compress
pascal@11341 86 postrotate
pascal@11341 87 /etc/init.d/fail2ban reload >/dev/null || true
pascal@11341 88 endscript
pascal@1809 89 }
pascal@11341 90 EOT
pascal@11341 91 }