wok view fail2ban/receipt @ rev 16019

Up: cookutils (3.3) Support for armv6hf and better croos tools
author Christophe Lincoln <pankso@slitaz.org>
date Wed Mar 05 23:34:15 2014 +0100 (2014-03-05)
parents 673aaa72135b
children 0cdb4f15eec5
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.8.12"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="GPL2"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
12 TAGS="monitor network"
13 CONFIG_FILES="/etc/fail2ban"
15 DEPENDS="iptables"
16 BUILD_DEPENDS="python wget"
18 # Rules to configure and make the package.
19 compile_rules()
20 {
21 cd $src
22 python setup.py install --root=$DESTDIR
23 }
25 # Rules to gen a SliTaz package suitable for Tazpkg.
26 genpkg_rules()
27 {
28 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
29 cp -a $install/* $fs
30 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > $fs/etc/fail2ban/filter.d/common.conf
31 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
32 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
33 cat >> $fs/etc/fail2ban/jail.conf <<EOT
34 [apache-noscript]
36 enabled = false
37 port = http,https
38 filter = apache-noscript
39 action = iptables-allports[name=APACHE-NOSCRIPT]
40 logpath = /var/log/apache/*errors
41 maxretry = 2
43 [apache-proxy]
45 enabled = false
46 port = http,https
47 filter = apache-proxy
48 action = iptables-allports[name=APACHE-PROXY]
49 logpath = /var/log/apache/*access
50 bantime = 172800
51 maxretry = 2
53 [lighttpd-fastcgi]
55 enabled = false
56 port = http,https
57 filter = lighttpd-fastcgi
58 action = iptables-allports[name=LIGHTTPD-FASTCGI]
59 logpath = /var/log/lighttpd/*error*.log
60 maxretry = 2
62 [ssh-ddos]
64 enabled = true
65 port = ssh,sftp
66 filter = sshd-ddos
67 action = iptables-allports[name=SSHDDOS]
68 logpath = /var/log/messages
69 maxretry = 2
71 [fail2ban]
72 enabled = true
73 filter = fail2ban
74 action = iptables-allports[name=FAIL2BAN]
75 logpath = /var/log/fail2ban.log
76 maxretry = 5
77 findtime = 604800
78 bantime = 604800
79 EOT
80 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
81 cat > $fs/etc/logrotate.d/fail2ban <<EOT
82 /var/log/fail2ban.log {
83 weekly
84 rotate 10
85 compress
86 postrotate
87 /etc/init.d/fail2ban reload >/dev/null || true
88 endscript
89 }
90 EOT
91 }