wok annotate fail2ban/receipt @ rev 13257
fail2ban: add filter.d/lighttpd-fastcgi.conf
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Fri Aug 17 12:21:42 2012 +0200 (2012-08-17) |
| parents | 19fbe1c329d0 |
| children | 6be450c86868 |
| rev | line source |
|---|---|
| pascal@1809 | 1 # SliTaz package receipt. |
| pascal@1809 | 2 |
| pascal@1809 | 3 PACKAGE="fail2ban" |
| slaxemulator@13197 | 4 VERSION="0.8.7.1" |
| pascal@1809 | 5 CATEGORY="network" |
| pascal@11341 | 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures." |
| pascal@1809 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
| slaxemulator@13197 | 8 TARBALL="${PACKAGE}_${VERSION}.orig.tar.gz" |
| pascal@1809 | 9 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page" |
| slaxemulator@13197 | 10 WGET_URL="https://github.com/downloads/$PACKAGE/$PACKAGE/$TARBALL" |
| jozee@4936 | 11 TAGS="monitor network" |
| pascal@11341 | 12 CONFIG_FILES="/etc/fail2ban" |
| pascal@1809 | 13 |
| pascal@13206 | 14 DEPENDS="iptables" |
| pascal@13206 | 15 BUILD_DEPENDS="python wget" |
| pascal@13206 | 16 |
| pascal@1809 | 17 # Rules to configure and make the package. |
| pascal@1809 | 18 compile_rules() |
| pascal@1809 | 19 { |
| pascal@1809 | 20 cd $src |
| pascal@11341 | 21 python setup.py install --root=$DESTDIR |
| pascal@1809 | 22 } |
| pascal@1809 | 23 |
| pascal@1809 | 24 # Rules to gen a SliTaz package suitable for Tazpkg. |
| pascal@1809 | 25 genpkg_rules() |
| pascal@1809 | 26 { |
| slaxemulator@13197 | 27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d |
| slaxemulator@13197 | 28 cp -a $install/* $fs |
| pascal@13225 | 29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > /etc/fail2ban/filter.d/common.conf |
| slaxemulator@11345 | 30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ |
| pascal@11341 | 31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf |
| pascal@11341 | 32 cat >> $fs/etc/fail2ban/jail.conf <<EOT |
| pascal@13257 | 33 [lighttpd-fastcgi] |
| pascal@13257 | 34 |
| pascal@13257 | 35 enabled = false |
| pascal@13257 | 36 port = http,https |
| pascal@13257 | 37 filter = lighttpd-fastcgi |
| pascal@13257 | 38 logpath = /var/log/lighttpd/*error*.log |
| pascal@13257 | 39 maxretry = 2 |
| pascal@13257 | 40 |
| pascal@11341 | 41 [ssh-ddos] |
| pascal@11341 | 42 |
| pascal@11341 | 43 enabled = true |
| pascal@11341 | 44 port = ssh,sftp |
| pascal@11341 | 45 filter = sshd-ddos |
| pascal@11341 | 46 action = iptables-allports[name=SSHDDOS] |
| pascal@11341 | 47 logpath = /var/log/messages |
| pascal@11341 | 48 maxretry = 2 |
| pascal@11341 | 49 |
| pascal@13225 | 50 [fail2ban] |
| pascal@13225 | 51 enabled = true |
| pascal@13225 | 52 filter = fail2ban |
| pascal@13225 | 53 action = iptables-allports[name=FAIL2BAN] |
| pascal@13225 | 54 logpath = /var/log/fail2ban.log |
| pascal@13225 | 55 maxretry = 5 |
| pascal@13225 | 56 findtime = 604800 |
| pascal@13225 | 57 bantime = 604800 |
| pascal@11341 | 58 EOT |
| pascal@11341 | 59 ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban |
| pascal@11341 | 60 cat > $fs/etc/logrotate.d/fail2ban <<EOT |
| pascal@11341 | 61 /var/log/fail2ban.log { |
| pascal@11341 | 62 weekly |
| pascal@11341 | 63 rotate 10 |
| pascal@11341 | 64 compress |
| pascal@11341 | 65 postrotate |
| pascal@11341 | 66 /etc/init.d/fail2ban reload >/dev/null || true |
| pascal@11341 | 67 endscript |
| pascal@1809 | 68 } |
| pascal@11341 | 69 EOT |
| pascal@11341 | 70 } |