wok rev 20060
Up fail2ban (0.10.0), remove fail2ban-ipv6
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Sep 16 18:27:52 2017 +0200 (2017-09-16) |
parents | a37c7611aef1 |
children | 6a8b83dd1456 |
files | fail2ban-ipv6/receipt fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf fail2ban-ipv6/stuff/etc/init.d/fail2ban fail2ban/receipt |
line diff
1.1 --- a/fail2ban-ipv6/receipt Fri Sep 15 21:48:12 2017 +0200 1.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 1.3 @@ -1,116 +0,0 @@ 1.4 -# SliTaz package receipt. 1.5 - 1.6 -PACKAGE="fail2ban-ipv6" 1.7 -SOURCE="fail2ban" 1.8 -VERSION="0.9.0" 1.9 -CATEGORY="network" 1.10 -SHORT_DESC="Scans log files to bans IPv4 & IPv6 that makes too many password failures." 1.11 -MAINTAINER="pascal.bellard@slitaz.org" 1.12 -LICENSE="GPL2" 1.13 -TARBALL="$SOURCE-$VERSION.tar.gz" 1.14 -EXTRA_SOURCE_FILES="fail2ban-ipv6.tar.xz" 1.15 -WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" 1.16 -WEB_SITE2="https://blog.tetsumaki.net/articles/2014/03/ajout-du-support-ipv6-sur-fail2ban.html" 1.17 -WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION" 1.18 -PATCH="https://data.tetsumaki.net/divers/fail2ban-ipv6.tar.xz" 1.19 -PROVIDE="fail2ban" 1.20 -TAGS="monitor network" 1.21 -CONFIG_FILES="/etc/fail2ban" 1.22 - 1.23 -DEPENDS="iptables" 1.24 -BUILD_DEPENDS="python wget" 1.25 - 1.26 -# Rules to configure and make the package. 1.27 -compile_rules() 1.28 -{ 1.29 - [ -s $SOURCES_REPOSITORY/$(basename $PATCH) ] || 1.30 - wget --no-check-certificate -P $SOURCES_REPOSITORY $PATCH 1.31 - tar xf $SOURCES_REPOSITORY/$(basename $PATCH) 1.32 - for i in fail2ban-ipv6/*.patch ; do 1.33 - patch -p0 < $i 1.34 - done 1.35 - python setup.py install --root=$DESTDIR 1.36 -} 1.37 - 1.38 -# Rules to gen a SliTaz package suitable for Tazpkg. 1.39 -genpkg_rules() 1.40 -{ 1.41 - mkdir -p $fs/etc/logrotate.d $fs/etc/init.d $fs/usr/bin 1.42 - cp -a $install/* $fs 1.43 - cp -a $src/fail2ban-ipv6/*.sh $fs/usr/bin 1.44 - cp -a $src/fail2ban-ipv6/*.conf $fs/etc/fail2ban/action.d 1.45 - sed -i 's/^.DEFAULT*/&\njailaction = iptable46-multiport/' $fs/etc/fail2ban/jail.conf 1.46 - sed -i 's/= \\s\*/= \\s*\\S+\\s\*/' $fs/etc/fail2ban/filter.d/common.conf 1.47 - sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 1.48 - -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 1.49 - 1.50 - cp -a $stuff/etc/fail2ban/ $fs/etc/ 1.51 - cp -a $stuff/etc/init.d $fs/etc/ 1.52 - 1.53 - cat >> $fs/etc/fail2ban/jail.conf <<EOT 1.54 -[apache-noscript] 1.55 - 1.56 -enabled = false 1.57 -port = http,https 1.58 -filter = apache-noscript 1.59 -action = iptables-allports[name=APACHE-NOSCRIPT] 1.60 -logpath = /var/log/apache/*errors 1.61 -maxretry = 2 1.62 - 1.63 -[apache-proxy] 1.64 - 1.65 -enabled = false 1.66 -port = http,https 1.67 -filter = apache-proxy 1.68 -action = iptables-allports[name=APACHE-PROXY] 1.69 -logpath = /var/log/apache/*access 1.70 -bantime = 172800 1.71 -maxretry = 2 1.72 - 1.73 -[apache-w00tw00t] 1.74 -enabled = false 1.75 -filter = apache-w00tw00t 1.76 -action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] 1.77 - logpath = /var/log/apache/*access 1.78 - maxretry = 1 1.79 - bantime = 172800 1.80 - 1.81 -[lighttpd-fastcgi] 1.82 - 1.83 -enabled = false 1.84 -port = http,https 1.85 -filter = lighttpd-fastcgi 1.86 -action = iptables-allports[name=LIGHTTPD-FASTCGI] 1.87 -logpath = /var/log/lighttpd/*error*.log 1.88 -maxretry = 2 1.89 - 1.90 -[ssh-ddos] 1.91 - 1.92 -enabled = true 1.93 -port = ssh,sftp 1.94 -filter = sshd-ddos 1.95 -action = iptables-allports[name=SSHDDOS] 1.96 -logpath = /var/log/messages 1.97 -maxretry = 2 1.98 - 1.99 -[fail2ban] 1.100 -enabled = true 1.101 -filter = fail2ban 1.102 -action = iptables-allports[name=FAIL2BAN] 1.103 -logpath = /var/log/fail2ban.log 1.104 -maxretry = 5 1.105 -findtime = 604800 1.106 -bantime = 604800 1.107 -EOT 1.108 - #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 1.109 - cat > $fs/etc/logrotate.d/fail2ban <<EOT 1.110 -/var/log/fail2ban.log { 1.111 - weekly 1.112 - rotate 10 1.113 - compress 1.114 - postrotate 1.115 - /etc/init.d/fail2ban reload >/dev/null || true 1.116 - endscript 1.117 -} 1.118 -EOT 1.119 -}
2.1 --- a/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-noscript.conf Fri Sep 15 21:48:12 2017 +0200 2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 2.3 @@ -1,24 +0,0 @@ 2.4 -# Fail2Ban configuration file 2.5 -# 2.6 -# Author: Cyril Jaquier 2.7 -# 2.8 -# $Revision: 658 $ 2.9 -# 2.10 - 2.11 -[Definition] 2.12 - 2.13 -# Option: failregex 2.14 -# Notes.: regex to match the password failure messages in the logfile. The 2.15 -# host must be matched by a group named "host". The tag "<HOST>" can 2.16 -# be used for standard IP/hostname matching and is only an alias for 2.17 -# (?:::f{4,6}:)?(?P<host>\S+) 2.18 -# Values: TEXT 2.19 -# 2.20 -failregex = [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): .*(\.php|\.asp|\.exe|\.pl) 2.21 - [[]client <HOST>[]] (File does not exist|script .* not found or unable to stat): [^.]*$ 2.22 - 2.23 -# Option: ignoreregex 2.24 -# Notes.: regex to ignore. If this regex matches, the line is ignored. 2.25 -# Values: TEXT 2.26 -# 2.27 -ignoreregex =
3.1 --- a/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-proxy.conf Fri Sep 15 21:48:12 2017 +0200 3.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 3.3 @@ -1,21 +0,0 @@ 3.4 -# Fail2Ban configuration file 3.5 -# 3.6 -# Author: James Roe 3.7 -# 3.8 - 3.9 -[Definition] 3.10 - 3.11 -# Option: failregex 3.12 -# Notes.: regex to match the password failure messages in the logfile. The 3.13 -# host must be matched by a group named "host". The tag "<HOST>" can 3.14 -# be used for standard IP/hostname matching and is only an alias for 3.15 -# (?:::f{4,6}:)?(?P<host>\S+) 3.16 -# Values: TEXT 3.17 -# 3.18 -failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.* HTTP/1\.[0-9]|-)")<HOST>) 3.19 - 3.20 -# Option: ignoreregex 3.21 -# Notes.: regex to ignore. If this regex matches, the line is ignored. 3.22 -# Values: TEXT 3.23 -# 3.24 -ignoreregex =
4.1 --- a/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf Fri Sep 15 21:48:12 2017 +0200 4.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 4.3 @@ -1,5 +0,0 @@ 4.4 -[Definition] 4.5 - 4.6 -failregex = ^<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".* 4.7 - 4.8 -ignoreregex =
5.1 --- a/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/fail2ban.conf Fri Sep 15 21:48:12 2017 +0200 5.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 5.3 @@ -1,28 +0,0 @@ 5.4 -# Fail2Ban configuration file 5.5 -# 5.6 -# Author: Tom Hendrikx 5.7 -# 5.8 -# $Revision: 663 $ 5.9 -# 5.10 - 5.11 -[Definition] 5.12 - 5.13 -# Option: failregex 5.14 -# Notes.: regex to match the password failures messages in the logfile. The 5.15 -# host must be matched by a group named "host". The tag "<HOST>" can 5.16 -# be used for standard IP/hostname matching and is only an alias for 5.17 -# (?:::f{4,6}:)?(?P<host>\S+) 5.18 -# Values: TEXT 5.19 -# 5.20 - 5.21 -# Count all bans in the logfile 5.22 -failregex = fail2ban.actions: WARNING \[(.*)\] Ban <HOST> 5.23 - 5.24 -# Option: ignoreregex 5.25 -# Notes.: regex to ignore. If this regex matches, the line is ignored. 5.26 -# Values: TEXT 5.27 -# 5.28 -# Ignore our own bans, to keep our counts exact. 5.29 -# In your config, name your jail 'fail2ban', or change this line! 5.30 -ignoreregex = fail2ban.actions: WARNING \[fail2ban\] Ban <HOST> 5.31 -
6.1 --- a/fail2ban-ipv6/stuff/etc/fail2ban/filter.d/lighttpd-fastcgi.conf Fri Sep 15 21:48:12 2017 +0200 6.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 6.3 @@ -1,18 +0,0 @@ 6.4 -# Fail2Ban configuration file 6.5 -# 6.6 -# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> 6.7 -# 6.8 - 6.9 -[Definition] 6.10 - 6.11 -# Option: failregex 6.12 -# Notes.: regex to match ALERTS as notified by lighttpd's FastCGI Module 6.13 -# Values: TEXT 6.14 -# 6.15 -failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\' 6.16 - 6.17 -# Option: ignoreregex 6.18 -# Notes.: regex to ignore. If this regex matches, the line is ignored. 6.19 -# Values: TEXT 6.20 -# 6.21 -ignoreregex =
7.1 --- a/fail2ban-ipv6/stuff/etc/init.d/fail2ban Fri Sep 15 21:48:12 2017 +0200 7.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 7.3 @@ -1,59 +0,0 @@ 7.4 -#!/bin/sh 7.5 -# /etc/init.d/fail2ban: Start, stop and restart Apache web server on SliTaz, 7.6 -# at boot time or with the command line. Daemons options are configured 7.7 -# with /etc/daemons.conf 7.8 -# 7.9 -. /etc/init.d/rc.functions 7.10 -. /etc/daemons.conf 7.11 - 7.12 -NAME=Fail2ban 7.13 -DESC="$(_ '%s server' Fail2ban)" 7.14 -DAEMON=/usr/bin/fail2ban-client 7.15 -OPTIONS= 7.16 -PIDFILE=/var/run/fail2ban/fail2ban.pid 7.17 -SOCKET=/var/run/fail2ban/fail2ban.sock 7.18 - 7.19 -case "$1" in 7.20 - start) 7.21 - if active_pidfile $PIDFILE fail2ban-server ; then 7.22 - _ '%s is already running.' $NAME 7.23 - exit 1 7.24 - fi 7.25 - action 'Starting %s: %s...' "$DESC" $NAME 7.26 - rm -f $SOCKET 7.27 - $DAEMON start >/dev/null 7.28 - status 7.29 - ;; 7.30 - stop) 7.31 - action 'Stopping %s: %s...' "$DESC" $NAME 7.32 - $DAEMON stop 7.33 - rm -f $PIDFILE 7.34 - status 7.35 - ;; 7.36 - reload) 7.37 - if ! active_pidfile $PIDFILE fail2ban-server ; then 7.38 - _ '%s is not running.' $NAME 7.39 - exit 1 7.40 - fi 7.41 - action 'Stopping %s: %s...' "$DESC" $NAME 7.42 - $DAEMON stop 7.43 - status 7.44 - ;; 7.45 - restart) 7.46 - if ! active_pidfile $PIDFILE fail2ban-server ; then 7.47 - _ '%s is not running.' $NAME 7.48 - exit 1 7.49 - fi 7.50 - action 'Restarting %s: %s...' "$DESC" $NAME 7.51 - $0 stop 7.52 - $0 start 7.53 - status 7.54 - ;; 7.55 - *) 7.56 - emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart|reload]" 7.57 - newline 7.58 - exit 1 7.59 - ;; 7.60 -esac 7.61 - 7.62 -exit 0
8.1 --- a/fail2ban/receipt Fri Sep 15 21:48:12 2017 +0200 8.2 +++ b/fail2ban/receipt Sat Sep 16 18:27:52 2017 +0200 8.3 @@ -1,14 +1,14 @@ 8.4 # SliTaz package receipt. 8.5 8.6 PACKAGE="fail2ban" 8.7 -VERSION="0.9.0" 8.8 +VERSION="0.10.0" 8.9 CATEGORY="network" 8.10 SHORT_DESC="Scans log files to bans IP that makes too many password failures." 8.11 MAINTAINER="pascal.bellard@slitaz.org" 8.12 LICENSE="GPL2" 8.13 TARBALL="$PACKAGE-$VERSION.tar.gz" 8.14 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" 8.15 -WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION" 8.16 +WGET_URL="https://github.com/fail2ban/fail2ban/archive/$VERSION.tar.gz" 8.17 TAGS="monitor network" 8.18 CONFIG_FILES="/etc/fail2ban" 8.19 8.20 @@ -26,7 +26,6 @@ 8.21 { 8.22 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 8.23 cp -a $install/* $fs 8.24 - sed -i 's/= \\s\*/= \\s*\\S+\\s\*/' $fs/etc/fail2ban/filter.d/common.conf 8.25 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \ 8.26 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 8.27