SliTaz Packages

Community Doc Forum Pro Shop Bugs Hg
.

Receipt for package "fail2ban"

# SliTaz package receipt.

PACKAGE="fail2ban"
VERSION="0.11.2"
CATEGORY="network"
TAGS="monitor network"
SHORT_DESC="Scans log files to ban IPs that make too many password failures."
MAINTAINER="pascal.bellard@slitaz.org"
LICENSE="GPL2"
WEB_SITE="https://www.fail2ban.org/wiki/index.php/Main_Page"

TARBALL="$PACKAGE-$VERSION.tar.gz"
WGET_URL="https://github.com/$PACKAGE/$PACKAGE/archive/$VERSION.tar.gz"

DEPENDS="iptables python"
BUILD_DEPENDS="python"

CONFIG_FILES="/etc/fail2ban"

current_version()
{
    wget -O - ${WGET_URL%/arch*}/releases 2>/dev/null | \
    sed '/archive.*tar/!d;s|.*/\(.*\).tar.*|\1|;q'
}

# Rules to configure and make the package.
compile_rules()
{
    python setup.py install --root=$DESTDIR
}

# Rules to gen a SliTaz package suitable for Tazpkg.
genpkg_rules()
{
    mkdir -p $fs/etc/logrotate.d
    mkdir -p $fs/etc/init.d

    cp -a $install/*    $fs
    sed -i    -e 's|127.0.0.1.*|& 192.168.0.0/16|;s|sshd.log|messages|' \
        -e '/ssh-iptables/{nn;s/false/true/}' \
        $fs/etc/fail2ban/jail.conf

    cp -a $stuff/etc/fail2ban    $fs/etc
    cp -a $stuff/etc/init.d        $fs/etc

    cat >> $fs/etc/fail2ban/jail.conf <<EOT
[apache-noscript]

enabled  = false
port     = http,https
filter   = apache-noscript
action   = iptables-allports[name=APACHE-NOSCRIPT]
logpath  = /var/log/apache/*errors
maxretry = 2

[apache-proxy]

enabled  = false
port     = http,https
filter   = apache-proxy
action   = iptables-allports[name=APACHE-PROXY]
logpath  = /var/log/apache/*access
bantime  = 172800
maxretry = 2

[apache-w00tw00t]
enabled = false
filter = apache-w00tw00t
action = iptables[name=Apache-w00tw00t,port=80,protocol=tcp]
        logpath = /var/log/apache/*access
        maxretry = 1
        bantime  = 172800

[lighttpd-fastcgi]

enabled  = false
port     = http,https
filter   = lighttpd-fastcgi
action   = iptables-allports[name=LIGHTTPD-FASTCGI]
logpath  = /var/log/lighttpd/*error*.log
maxretry = 2

[ssh-ddos]

enabled  = true
port     = ssh,sftp
filter   = sshd-ddos
action   = iptables-allports[name=SSHDDOS]
logpath  = /var/log/messages
maxretry = 2

[fail2ban]
enabled  = true
filter   = fail2ban
action   = iptables-allports[name=FAIL2BAN]
logpath  = /var/log/fail2ban.log
maxretry = 5
findtime = 604800
bantime  = 604800
EOT
    #ln -s /usr/bin/fail2ban-client $fs/etc/init.d/fail2ban
    cat > $fs/etc/logrotate.d/fail2ban <<EOT
/var/log/fail2ban.log {
    weekly
    rotate 10
    compress
    postrotate
    /etc/init.d/fail2ban reload >/dev/null || true
    endscript
}
EOT
}
6025 packages and 203154 files in current database (Thu Apr 25 06:17:47 2024)