wok annotate fail2ban/receipt @ rev 18180

busybox: add /bin/ip
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sun Jul 05 16:27:51 2015 +0200 (2015-07-05)
parents 0cdb4f15eec5
children a37c7611aef1
rev   line source
pascal@1809 1 # SliTaz package receipt.
pascal@1809 2
pascal@1809 3 PACKAGE="fail2ban"
erjo@16729 4 VERSION="0.9.0"
pascal@1809 5 CATEGORY="network"
pascal@11341 6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
pascal@1809 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@15002 8 LICENSE="GPL2"
pascal@15799 9 TARBALL="$PACKAGE-$VERSION.tar.gz"
pascal@1809 10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
pascal@15799 11 WGET_URL="https://codeload.github.com/$PACKAGE/$PACKAGE/tar.gz/$VERSION"
jozee@4936 12 TAGS="monitor network"
pascal@11341 13 CONFIG_FILES="/etc/fail2ban"
pascal@1809 14
pascal@13206 15 DEPENDS="iptables"
pascal@13206 16 BUILD_DEPENDS="python wget"
pascal@13206 17
pascal@1809 18 # Rules to configure and make the package.
pascal@1809 19 compile_rules()
pascal@1809 20 {
pascal@11341 21 python setup.py install --root=$DESTDIR
pascal@1809 22 }
pascal@1809 23
pascal@1809 24 # Rules to gen a SliTaz package suitable for Tazpkg.
pascal@1809 25 genpkg_rules()
pascal@1809 26 {
slaxemulator@13197 27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
slaxemulator@13197 28 cp -a $install/* $fs
erjo@16729 29 sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf
slaxemulator@11345 30 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \
pascal@11341 31 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
al@18077 32
erjo@16729 33 cp -a $stuff/etc/fail2ban/ $fs/etc/
erjo@16729 34 cp -a $stuff/etc/init.d $fs/etc/
al@18077 35
pascal@11341 36 cat >> $fs/etc/fail2ban/jail.conf <<EOT
pascal@13258 37 [apache-noscript]
pascal@13258 38
pascal@13258 39 enabled = false
pascal@13258 40 port = http,https
pascal@13258 41 filter = apache-noscript
pascal@13258 42 action = iptables-allports[name=APACHE-NOSCRIPT]
pascal@13258 43 logpath = /var/log/apache/*errors
pascal@13258 44 maxretry = 2
pascal@13258 45
pascal@13258 46 [apache-proxy]
pascal@13258 47
pascal@13258 48 enabled = false
pascal@13258 49 port = http,https
pascal@13258 50 filter = apache-proxy
pascal@13258 51 action = iptables-allports[name=APACHE-PROXY]
pascal@13258 52 logpath = /var/log/apache/*access
pascal@13258 53 bantime = 172800
pascal@13258 54 maxretry = 2
pascal@13258 55
al@18077 56 [apache-w00tw00t]
erjo@16729 57 enabled = false
al@18077 58 filter = apache-w00tw00t
al@18077 59 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
al@18077 60 logpath = /var/log/apache/*access
al@18077 61 maxretry = 1
al@18077 62 bantime = 172800
erjo@16729 63
pascal@13257 64 [lighttpd-fastcgi]
pascal@13257 65
pascal@13257 66 enabled = false
pascal@13257 67 port = http,https
pascal@13257 68 filter = lighttpd-fastcgi
pascal@13258 69 action = iptables-allports[name=LIGHTTPD-FASTCGI]
pascal@13257 70 logpath = /var/log/lighttpd/*error*.log
pascal@13257 71 maxretry = 2
pascal@13257 72
pascal@11341 73 [ssh-ddos]
pascal@11341 74
pascal@11341 75 enabled = true
pascal@11341 76 port = ssh,sftp
pascal@11341 77 filter = sshd-ddos
pascal@11341 78 action = iptables-allports[name=SSHDDOS]
pascal@11341 79 logpath = /var/log/messages
pascal@11341 80 maxretry = 2
pascal@11341 81
pascal@13225 82 [fail2ban]
pascal@13225 83 enabled = true
pascal@13225 84 filter = fail2ban
pascal@13225 85 action = iptables-allports[name=FAIL2BAN]
pascal@13225 86 logpath = /var/log/fail2ban.log
pascal@13225 87 maxretry = 5
pascal@13225 88 findtime = 604800
pascal@13225 89 bantime = 604800
pascal@11341 90 EOT
erjo@16729 91 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
pascal@11341 92 cat > $fs/etc/logrotate.d/fail2ban <<EOT
pascal@11341 93 /var/log/fail2ban.log {
pascal@11341 94 weekly
pascal@11341 95 rotate 10
pascal@11341 96 compress
pascal@11341 97 postrotate
pascal@11341 98 /etc/init.d/fail2ban reload >/dev/null || true
pascal@11341 99 endscript
pascal@1809 100 }
pascal@11341 101 EOT
pascal@11341 102 }