wok view fail2ban/receipt @ rev 17061
syslinux/c32box: x86_64 auto select (again)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Thu Aug 21 15:05:24 2014 +0200 (2014-08-21) |
parents | d0d74920c618 |
children | 16df76e1fc6a |
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.9.0"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="GPL2"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
12 TAGS="monitor network"
13 CONFIG_FILES="/etc/fail2ban"
15 DEPENDS="iptables"
16 BUILD_DEPENDS="python wget"
18 # Rules to configure and make the package.
19 compile_rules()
20 {
21 cd $src
22 python setup.py install --root=$DESTDIR
23 }
25 # Rules to gen a SliTaz package suitable for Tazpkg.
26 genpkg_rules()
27 {
28 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
29 cp -a $install/* $fs
30 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf
31 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
32 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
34 cp -a $stuff/etc/fail2ban/ $fs/etc/
35 cp -a $stuff/etc/init.d $fs/etc/
37 cat >> $fs/etc/fail2ban/jail.conf <<EOT
38 [apache-noscript]
40 enabled = false
41 port = http,https
42 filter = apache-noscript
43 action = iptables-allports[name=APACHE-NOSCRIPT]
44 logpath = /var/log/apache/*errors
45 maxretry = 2
47 [apache-proxy]
49 enabled = false
50 port = http,https
51 filter = apache-proxy
52 action = iptables-allports[name=APACHE-PROXY]
53 logpath = /var/log/apache/*access
54 bantime = 172800
55 maxretry = 2
57 [apache-w00tw00t]
58 enabled = false
59 filter = apache-w00tw00t
60 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
61 logpath = /var/log/apache/*access
62 maxretry = 1
63 bantime = 172800
65 [lighttpd-fastcgi]
67 enabled = false
68 port = http,https
69 filter = lighttpd-fastcgi
70 action = iptables-allports[name=LIGHTTPD-FASTCGI]
71 logpath = /var/log/lighttpd/*error*.log
72 maxretry = 2
74 [ssh-ddos]
76 enabled = true
77 port = ssh,sftp
78 filter = sshd-ddos
79 action = iptables-allports[name=SSHDDOS]
80 logpath = /var/log/messages
81 maxretry = 2
83 [fail2ban]
84 enabled = true
85 filter = fail2ban
86 action = iptables-allports[name=FAIL2BAN]
87 logpath = /var/log/fail2ban.log
88 maxretry = 5
89 findtime = 604800
90 bantime = 604800
91 EOT
92 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
93 cat > $fs/etc/logrotate.d/fail2ban <<EOT
94 /var/log/fail2ban.log {
95 weekly
96 rotate 10
97 compress
98 postrotate
99 /etc/init.d/fail2ban reload >/dev/null || true
100 endscript
101 }
102 EOT
103 }