wok annotate fail2ban/receipt @ rev 13226
Move from undigest: airstrike
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Tue Aug 14 13:38:50 2012 +0200 (2012-08-14) |
| parents | 1716dac173ae |
| children | 585734d0d3e1 |
| rev | line source |
|---|---|
| pascal@1809 | 1 # SliTaz package receipt. |
| pascal@1809 | 2 |
| pascal@1809 | 3 PACKAGE="fail2ban" |
| slaxemulator@13197 | 4 VERSION="0.8.7.1" |
| pascal@1809 | 5 CATEGORY="network" |
| pascal@11341 | 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures." |
| pascal@1809 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
| slaxemulator@13197 | 8 TARBALL="${PACKAGE}_${VERSION}.orig.tar.gz" |
| pascal@1809 | 9 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" |
| slaxemulator@13197 | 10 WGET_URL="https://github.com/downloads/$PACKAGE/$PACKAGE/$TARBALL" |
| jozee@4936 | 11 TAGS="monitor network" |
| pascal@11341 | 12 CONFIG_FILES="/etc/fail2ban" |
| pascal@1809 | 13 |
| pascal@13206 | 14 DEPENDS="iptables" |
| pascal@13206 | 15 BUILD_DEPENDS="python wget" |
| pascal@13206 | 16 |
| pascal@1809 | 17 # Rules to configure and make the package. |
| pascal@1809 | 18 compile_rules() |
| pascal@1809 | 19 { |
| pascal@1809 | 20 cd $src |
| pascal@11341 | 21 python setup.py install --root=$DESTDIR |
| pascal@1809 | 22 } |
| pascal@1809 | 23 |
| pascal@1809 | 24 # Rules to gen a SliTaz package suitable for Tazpkg. |
| pascal@1809 | 25 genpkg_rules() |
| pascal@1809 | 26 { |
| slaxemulator@13197 | 27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d |
| slaxemulator@13197 | 28 cp -a $install/* $fs |
| pascal@13225 | 29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > /etc/fail2ban/filter.d/common.conf |
| slaxemulator@11345 | 30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ |
| pascal@11341 | 31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf |
| pascal@11341 | 32 cat >> $fs/etc/fail2ban/jail.conf <<EOT |
| pascal@11341 | 33 [ssh-ddos] |
| pascal@11341 | 34 |
| pascal@11341 | 35 enabled = true |
| pascal@11341 | 36 port = ssh,sftp |
| pascal@11341 | 37 filter = sshd-ddos |
| pascal@11341 | 38 action = iptables-allports[name=SSHDDOS] |
| pascal@11341 | 39 logpath = /var/log/messages |
| pascal@11341 | 40 maxretry = 2 |
| pascal@11341 | 41 |
| pascal@13225 | 42 [fail2ban] |
| pascal@13225 | 43 enabled = true |
| pascal@13225 | 44 filter = fail2ban |
| pascal@13225 | 45 action = iptables-allports[name=FAIL2BAN] |
| pascal@13225 | 46 logpath = /var/log/fail2ban.log |
| pascal@13225 | 47 maxretry = 5 |
| pascal@13225 | 48 findtime = 604800 |
| pascal@13225 | 49 bantime = 604800 |
| pascal@11341 | 50 EOT |
| pascal@11341 | 51 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban |
| pascal@11341 | 52 cat > $fs/etc/logrotate.d/fail2ban <<EOT |
| pascal@11341 | 53 /var/log/fail2ban.log { |
| pascal@11341 | 54 weekly |
| pascal@11341 | 55 rotate 10 |
| pascal@11341 | 56 compress |
| pascal@11341 | 57 postrotate |
| pascal@11341 | 58 /etc/init.d/fail2ban reload >/dev/null || true |
| pascal@11341 | 59 endscript |
| pascal@1809 | 60 } |
| pascal@11341 | 61 EOT |
| pascal@11341 | 62 } |