wok view fail2ban/receipt @ rev 24356
backintime: modified WGET_URL
author | Hans-G?nter Theisgen |
---|---|
date | Thu Feb 03 15:43:51 2022 +0100 (2022-02-03) |
parents | f5ce1a9c6ca5 |
children | 528420e28cb9 |
line source
1 # SliTaz package receipt.
3 PACKAGE="fail2ban"
4 VERSION="0.10.4"
5 CATEGORY="network"
6 TAGS="monitor network"
7 SHORT_DESC="Scans log files to ban IPs that make too many password failures."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="GPL2"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
12 TARBALL="$PACKAGE-$VERSION.tar.gz"
13 WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz"
15 DEPENDS="iptables"
16 BUILD_DEPENDS="python"
17 CONFIG_FILES="/etc/fail2ban"
19 current_version()
20 {
21 wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \
22 sed '/archive.*tar/!d;s|.*/\(.*\).tar.*|\1|;q'
23 }
25 # Rules to configure and make the package.
26 compile_rules()
27 {
28 python setup.py install --root=$DESTDIR
29 }
31 # Rules to gen a SliTaz package suitable for Tazpkg.
32 genpkg_rules()
33 {
34 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
35 cp -a $install/* $fs
36 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
37 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
39 cp -a $stuff/etc/fail2ban/ $fs/etc/
40 cp -a $stuff/etc/init.d $fs/etc/
42 cat >> $fs/etc/fail2ban/jail.conf <<EOT
43 [apache-noscript]
45 enabled = false
46 port = http,https
47 filter = apache-noscript
48 action = iptables-allports[name=APACHE-NOSCRIPT]
49 logpath = /var/log/apache/*errors
50 maxretry = 2
52 [apache-proxy]
54 enabled = false
55 port = http,https
56 filter = apache-proxy
57 action = iptables-allports[name=APACHE-PROXY]
58 logpath = /var/log/apache/*access
59 bantime = 172800
60 maxretry = 2
62 [apache-w00tw00t]
63 enabled = false
64 filter = apache-w00tw00t
65 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
66 logpath = /var/log/apache/*access
67 maxretry = 1
68 bantime = 172800
70 [lighttpd-fastcgi]
72 enabled = false
73 port = http,https
74 filter = lighttpd-fastcgi
75 action = iptables-allports[name=LIGHTTPD-FASTCGI]
76 logpath = /var/log/lighttpd/*error*.log
77 maxretry = 2
79 [ssh-ddos]
81 enabled = true
82 port = ssh,sftp
83 filter = sshd-ddos
84 action = iptables-allports[name=SSHDDOS]
85 logpath = /var/log/messages
86 maxretry = 2
88 [fail2ban]
89 enabled = true
90 filter = fail2ban
91 action = iptables-allports[name=FAIL2BAN]
92 logpath = /var/log/fail2ban.log
93 maxretry = 5
94 findtime = 604800
95 bantime = 604800
96 EOT
97 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
98 cat > $fs/etc/logrotate.d/fail2ban <<EOT
99 /var/log/fail2ban.log {
100 weekly
101 rotate 10
102 compress
103 postrotate
104 /etc/init.d/fail2ban reload >/dev/null || true
105 endscript
106 }
107 EOT
108 }