wok view fail2ban/receipt @ rev 20408

dropbear/sshx: localhost may be undef
author Pascal Bellard <pascal.bellard@slitaz.org>
date Tue Jul 31 10:05:34 2018 +0200 (2018-07-31)
parents a37c7611aef1
children f5ce1a9c6ca5
line source
1 # SliTaz package receipt.
2
3 PACKAGE="fail2ban"
4 VERSION="0.10.0"
5 CATEGORY="network"
6 SHORT_DESC="Scans log files to bans IP that makes too many password failures."
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="GPL2"
9 TARBALL="$PACKAGE-$VERSION.tar.gz"
10 WEB_SITE="http://www.fail2ban.org/wiki/index.php/Main_Page"
11 WGET_URL="https://github.com/fail2ban/fail2ban/archive/$VERSION.tar.gz"
12 TAGS="monitor network"
13 CONFIG_FILES="/etc/fail2ban"
14
15 DEPENDS="iptables"
16 BUILD_DEPENDS="python wget"
17
18 # Rules to configure and make the package.
19 compile_rules()
20 {
21 python setup.py install --root=$DESTDIR
22 }
23
24 # Rules to gen a SliTaz package suitable for Tazpkg.
25 genpkg_rules()
26 {
27 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d
28 cp -a $install/* $fs
29 sed -i -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
30 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf
31
32 cp -a $stuff/etc/fail2ban/ $fs/etc/
33 cp -a $stuff/etc/init.d $fs/etc/
34
35 cat >> $fs/etc/fail2ban/jail.conf <<EOT
36 [apache-noscript]
37
38 enabled = false
39 port = http,https
40 filter = apache-noscript
41 action = iptables-allports[name=APACHE-NOSCRIPT]
42 logpath = /var/log/apache/*errors
43 maxretry = 2
44
45 [apache-proxy]
46
47 enabled = false
48 port = http,https
49 filter = apache-proxy
50 action = iptables-allports[name=APACHE-PROXY]
51 logpath = /var/log/apache/*access
52 bantime = 172800
53 maxretry = 2
54
55 [apache-w00tw00t]
56 enabled = false
57 filter = apache-w00tw00t
58 action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
59 logpath = /var/log/apache/*access
60 maxretry = 1
61 bantime = 172800
62
63 [lighttpd-fastcgi]
64
65 enabled = false
66 port = http,https
67 filter = lighttpd-fastcgi
68 action = iptables-allports[name=LIGHTTPD-FASTCGI]
69 logpath = /var/log/lighttpd/*error*.log
70 maxretry = 2
71
72 [ssh-ddos]
73
74 enabled = true
75 port = ssh,sftp
76 filter = sshd-ddos
77 action = iptables-allports[name=SSHDDOS]
78 logpath = /var/log/messages
79 maxretry = 2
80
81 [fail2ban]
82 enabled = true
83 filter = fail2ban
84 action = iptables-allports[name=FAIL2BAN]
85 logpath = /var/log/fail2ban.log
86 maxretry = 5
87 findtime = 604800
88 bantime = 604800
89 EOT
90 #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
91 cat > $fs/etc/logrotate.d/fail2ban <<EOT
92 /var/log/fail2ban.log {
93 weekly
94 rotate 10
95 compress
96 postrotate
97 /etc/init.d/fail2ban reload >/dev/null || true
98 endscript
99 }
100 EOT
101 }