wok rev 16729
Up: fail2ban (0.9.0). Add W00t00 filter and improve init script
| author | Eric Joseph-Alexandre <erjo@slitaz.org> |
|---|---|
| date | Tue Jun 03 00:36:34 2014 +0200 (2014-06-03) |
| parents | 0878663ea676 |
| children | 82d9aa0126d9 |
| files | fail2ban/receipt fail2ban/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf fail2ban/stuff/etc/init.d/fail2ban |
line diff
1.1 --- a/fail2ban/receipt Tue Jun 03 00:33:06 2014 +0200 1.2 +++ b/fail2ban/receipt Tue Jun 03 00:36:34 2014 +0200 1.3 @@ -1,7 +1,7 @@ 1.4 # SliTaz package receipt. 1.5 1.6 PACKAGE="fail2ban" 1.7 -VERSION="0.8.12" 1.8 +VERSION="0.9.0" 1.9 CATEGORY="network" 1.10 SHORT_DESC="Scans log files to bans IP that makes too many password failures." 1.11 MAINTAINER="pascal.bellard@slitaz.org" 1.12 @@ -27,9 +27,13 @@ 1.13 { 1.14 mkdir -p $fs/etc/logrotate.d $fs/etc/init.d 1.15 cp -a $install/* $fs 1.16 - sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' > $fs/etc/fail2ban/filter.d/common.conf 1.17 + sed -i 's/= \\s\*(/= \\s*\\S+\\s\*(/' $fs/etc/fail2ban/filter.d/common.conf 1.18 sed -i -e 's|127.0.0.1|& 192.168.0.0/16|;s|sshd.log|messages|' \ 1.19 -e '/ssh-iptables/{nn;s/false/true/}' $fs/etc/fail2ban/jail.conf 1.20 + 1.21 + cp -a $stuff/etc/fail2ban/ $fs/etc/ 1.22 + cp -a $stuff/etc/init.d $fs/etc/ 1.23 + 1.24 cat >> $fs/etc/fail2ban/jail.conf <<EOT 1.25 [apache-noscript] 1.26 1.27 @@ -50,6 +54,14 @@ 1.28 bantime = 172800 1.29 maxretry = 2 1.30 1.31 +[apache-w00tw00t] 1.32 +enabled = false 1.33 +filter = apache-w00tw00t 1.34 +action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp] 1.35 + logpath = /var/log/apache/*access 1.36 + maxretry = 1 1.37 + bantime = 172800 1.38 + 1.39 [lighttpd-fastcgi] 1.40 1.41 enabled = false 1.42 @@ -77,7 +89,7 @@ 1.43 findtime = 604800 1.44 bantime = 604800 1.45 EOT 1.46 - ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 1.47 + #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban 1.48 cat > $fs/etc/logrotate.d/fail2ban <<EOT 1.49 /var/log/fail2ban.log { 1.50 weekly
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/fail2ban/stuff/etc/fail2ban/filter.d/apache-w00tw00t.conf Tue Jun 03 00:36:34 2014 +0200 2.3 @@ -0,0 +1,5 @@ 2.4 +[Definition] 2.5 + 2.6 +failregex = ^<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".* 2.7 + 2.8 +ignoreregex =
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/fail2ban/stuff/etc/init.d/fail2ban Tue Jun 03 00:36:34 2014 +0200 3.3 @@ -0,0 +1,60 @@ 3.4 +#!/bin/sh 3.5 +# /etc/init.d/fail2ban: Start, stop and restart Apache web server on SliTaz, 3.6 +# at boot time or with the command line. Daemons options are configured 3.7 +# with /etc/daemons.conf 3.8 +# 3.9 +. /etc/init.d/rc.functions 3.10 +. /etc/daemons.conf 3.11 + 3.12 +NAME=Fail2ban 3.13 +DESC="Fail2ban Server" 3.14 +DAEMON=/usr/bin/fail2ban-client 3.15 +OPTIONS= 3.16 +PIDFILE=/var/run/fail2ban/fail2ban.pid 3.17 +SOCKET=/var/run/fail2ban/fail2ban.sock 3.18 + 3.19 +case "$1" in 3.20 + start) 3.21 + if active_pidfile $PIDFILE fail2ban-server ; then 3.22 + echo "$NAME already running." 3.23 + exit 1 3.24 + fi 3.25 + echo -n "Starting $DESC: $NAME... " 3.26 + rm -f $SOCKET 3.27 + $DAEMON start > /dev/null 3.28 + status 3.29 + ;; 3.30 + stop) 3.31 + echo -n "Stopping $DESC: $NAME... " 3.32 + $DAEMON stop 3.33 + rm -f $PIDFILE 3.34 + status 3.35 + ;; 3.36 + reload) 3.37 + if ! active_pidfile $PIDFILE fail2ban-server ; then 3.38 + echo "$NAME is not running." 3.39 + exit 1 3.40 + fi 3.41 + echo -n "Stopping $DESC: $NAME... " 3.42 + $DAEMON stop 3.43 + status 3.44 + ;; 3.45 + restart) 3.46 + if ! active_pidfile $PIDFILE fail2ban-server ; then 3.47 + echo "$NAME is not running." 3.48 + exit 1 3.49 + fi 3.50 + echo -n "Restarting $DESC: $NAME... " 3.51 + $0 stop 3.52 + $0 start 3.53 + status 3.54 + ;; 3.55 + *) 3.56 + echo "" 3.57 + echo -e "\033[1mUsage:\033[0m /etc/init.d/`basename $0` [start|stop|reload|restart]" 3.58 + echo "" 3.59 + exit 1 3.60 + ;; 3.61 +esac 3.62 + 3.63 +exit 0