wok view fail2ban/receipt @ rev 25037

Up glza (0.11.4)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sat May 21 21:38:29 2022 +0000 (23 months ago)
parents 5ea0ce1cecc0
children 20ad21d5532c
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban"
4 VERSION="0.11.2"
5 CATEGORY="network"
6 TAGS="monitor network"
7 SHORT_DESC="Scans log files to ban IPs that make too many password failures."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page"
11
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz"
14
15 DEPENDS="iptables python"
16 BUILD_DEPENDS="python"
17
18 CONFIG_FILES="/etc/fail2ban"
19
20 current_version()
21 {
22 wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \
23 sed '/archive.*tar/!d;s|.*/\(.*\).tar.*|\1|;q'
24 }
25
26 # Rules to configure and make the package.
27 compile_rules()
28 {
29 python setup.py install --root=$DESTDIR
30 }
31
32 # Rules to gen a SliTaz package suitable for Tazpkg.
33 genpkg_rules()
34 {
35 mkdir -p $fs/etc/logrotate.d
36 mkdir -p $fs/etc/init.d
37
38 cp -a $install/* $fs
39 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
40 -e '/ssh-iptables/{nn;s/false/true/}' \
41 $fs/etc/fail2ban/jail.conf
42
43 cp -a $stuff/etc/fail2ban $fs/etc
44 cp -a $stuff/etc/init.d $fs/etc
45
46 cat >> $fs/etc/fail2ban/jail.conf <<EOT
47 [apache-noscript]
48
49 enabled = false
50 port = http,https
51 filter = apache-noscript
52 action = iptables-allports[name=APACHE-NOSCRIPT]
53 logpath = /var/log/apache/*errors
54 maxretry = 2
55
56 [apache-proxy]
57
58 enabled = false
59 port = http,https
60 filter = apache-proxy
61 action = iptables-allports[name=APACHE-PROXY]
62 logpath = /var/log/apache/*access
63 bantime = 172800
64 maxretry = 2
65
66 [apache-w00tw00t]
67 enabled = false
68 filter = apache-w00tw00t
69 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
70 logpath = /var/log/apache/*access
71 maxretry = 1
72 bantime = 172800
73
74 [lighttpd-fastcgi]
75
76 enabled = false
77 port = http,https
78 filter = lighttpd-fastcgi
79 action = iptables-allports[name=LIGHTTPD-FASTCGI]
80 logpath = /var/log/lighttpd/*error*.log
81 maxretry = 2
82
83 [ssh-ddos]
84
85 enabled = true
86 port = ssh,sftp
87 filter = sshd-ddos
88 action = iptables-allports[name=SSHDDOS]
89 logpath = /var/log/messages
90 maxretry = 2
91
92 [fail2ban]
93 enabled = true
94 filter = fail2ban
95 action = iptables-allports[name=FAIL2BAN]
96 logpath = /var/log/fail2ban.log
97 maxretry = 5
98 findtime = 604800
99 bantime = 604800
100 EOT
101 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
102 cat > $fs/etc/logrotate.d/fail2ban <<EOT
103 /var/log/fail2ban.log {
104 weekly
105 rotate 10
106 compress
107 postrotate
108 /etc/init.d/fail2ban reload >/dev/null || true
109 endscript
110 }
111 EOT
112 }