wok-next view fail2ban/receipt @ rev 21094

Apply "force-arch" for selected dev packages
author Aleksej Bobylev <al.bobylev@gmail.com>
date Mon Dec 31 17:23:40 2018 +0200 (2018-12-31)
parents d5aab818505e
children 12592b053707
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban"
4 VERSION="0.9.0"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures"
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="GPL2"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
12 TAGS="monitor network"
13 CONFIG_FILES="/etc/fail2ban"
14
15 COOKOPTS="force-arch" # different .egg-info (file/dir) ?
16
17 DEPENDS="iptables"
18 BUILD_DEPENDS="python"
19
20 compile_rules() {
21 python -B setup.py install --root=$install
22 }
23
24 genpkg_rules() {
25 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
26 cp -a $install/* $fs
27 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf
28 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
29 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
30
31 cp -a $stuff/etc/fail2ban/ $fs/etc/
32 cp -a $stuff/etc/init.d $fs/etc/
33
34 cat >> $fs/etc/fail2ban/jail.conf <<EOT
35 [apache-noscript]
36 enabled = false
37 port = http,https
38 filter = apache-noscript
39 action = iptables-allports[name=APACHE-NOSCRIPT]
40 logpath = /var/log/apache/*errors
41 maxretry = 2
42
43 [apache-proxy]
44 enabled = false
45 port = http,https
46 filter = apache-proxy
47 action = iptables-allports[name=APACHE-PROXY]
48 logpath = /var/log/apache/*access
49 bantime = 172800
50 maxretry = 2
51
52 [apache-w00tw00t]
53 enabled = false
54 filter = apache-w00tw00t
55 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
56 logpath = /var/log/apache/*access
57 maxretry = 1
58 bantime = 172800
59
60 [lighttpd-fastcgi]
61 enabled = false
62 port = http,https
63 filter = lighttpd-fastcgi
64 action = iptables-allports[name=LIGHTTPD-FASTCGI]
65 logpath = /var/log/lighttpd/*error*.log
66 maxretry = 2
67
68 [ssh-ddos]
69 enabled = true
70 port = ssh,sftp
71 filter = sshd-ddos
72 action = iptables-allports[name=SSHDDOS]
73 logpath = /var/log/messages
74 maxretry = 2
75
76 [fail2ban]
77 enabled = true
78 filter = fail2ban
79 action = iptables-allports[name=FAIL2BAN]
80 logpath = /var/log/fail2ban.log
81 maxretry = 5
82 findtime = 604800
83 bantime = 604800
84 EOT
85 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
86 cat > $fs/etc/logrotate.d/fail2ban <<EOT
87 /var/log/fail2ban.log {
88 weekly
89 rotate 10
90 compress
91 postrotate
92 /etc/init.d/fail2ban reload >/dev/null || true
93 endscript
94 }
95 EOT
96 }