wok view fail2ban/receipt @ rev 25682

Up libqcow (20240308)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sun Mar 24 18:25:46 2024 +0000 (2 months ago)
parents 528420e28cb9
children
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban"
4 VERSION="0.11.2"
5 CATEGORY="network"
6 TAGS="monitor network"
7 SHORT_DESC="Scans log files to ban IPs that make too many password failures."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page"
11
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz"
14
15 DEPENDS="iptables python"
16 BUILD_DEPENDS="python"
17
18 CONFIG_FILES="/etc/fail2ban"
19
20 # What is the latest version available today?
21 current_version()
22 {
23 wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \
24 sed '/tag\//!d;s|.*tag/v*||;s|".*||;q'
25 }
26
27 # Rules to configure and make the package.
28 compile_rules()
29 {
30 python setup.py install --root=$DESTDIR
31 }
32
33 # Rules to gen a SliTaz package suitable for Tazpkg.
34 genpkg_rules()
35 {
36 mkdir -p $fs/etc/logrotate.d
37 mkdir -p $fs/etc/init.d
38
39 cp -a $install/* $fs
40 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
41 -e '/ssh-iptables/{nn;s/false/true/}' \
42 $fs/etc/fail2ban/jail.conf
43
44 cp -a $stuff/etc/fail2ban $fs/etc
45 cp -a $stuff/etc/init.d $fs/etc
46
47 cat >> $fs/etc/fail2ban/jail.conf <<EOT
48 [apache-noscript]
49
50 enabled = false
51 port = http,https
52 filter = apache-noscript
53 action = iptables-allports[name=APACHE-NOSCRIPT]
54 logpath = /var/log/apache/*errors
55 maxretry = 2
56
57 [apache-proxy]
58
59 enabled = false
60 port = http,https
61 filter = apache-proxy
62 action = iptables-allports[name=APACHE-PROXY]
63 logpath = /var/log/apache/*access
64 bantime = 172800
65 maxretry = 2
66
67 [apache-w00tw00t]
68 enabled = false
69 filter = apache-w00tw00t
70 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
71 logpath = /var/log/apache/*access
72 maxretry = 1
73 bantime = 172800
74
75 [lighttpd-fastcgi]
76
77 enabled = false
78 port = http,https
79 filter = lighttpd-fastcgi
80 action = iptables-allports[name=LIGHTTPD-FASTCGI]
81 logpath = /var/log/lighttpd/*error*.log
82 maxretry = 2
83
84 [ssh-ddos]
85
86 enabled = true
87 port = ssh,sftp
88 filter = sshd-ddos
89 action = iptables-allports[name=SSHDDOS]
90 logpath = /var/log/messages
91 maxretry = 2
92
93 [fail2ban]
94 enabled = true
95 filter = fail2ban
96 action = iptables-allports[name=FAIL2BAN]
97 logpath = /var/log/fail2ban.log
98 maxretry = 5
99 findtime = 604800
100 bantime = 604800
101 EOT
102 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
103 cat > $fs/etc/logrotate.d/fail2ban <<EOT
104 /var/log/fail2ban.log {
105 weekly
106 rotate 10
107 compress
108 postrotate
109 /etc/init.d/fail2ban reload >/dev/null || true
110 endscript
111 }
112 EOT
113 }