mirror of
https://github.com/SlackBuildsOrg/slackbuilds
synced 2024-09-30 05:39:56 +02:00
network/fail2ban: Added to 12.0 repository
This commit is contained in:
parent
4476709274
commit
ef122d70da
8 changed files with 249 additions and 0 deletions
10
network/fail2ban/README
Normal file
10
network/fail2ban/README
Normal file
|
@ -0,0 +1,10 @@
|
|||
Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes
|
||||
too many password failures. It updates firewall rules to reject the
|
||||
IP address. These rules can be defined by the user. Fail2Ban can read
|
||||
multiple log files such as sshd, Apache web server, postfix and others.
|
||||
|
||||
fail2ban has following dependencies which are offical Slackware packages:
|
||||
1. Python >= 2.3 Required
|
||||
2. gamin >= 0.0.21 Optional
|
||||
|
||||
Also see README.SBo for configuration and upgrade help.
|
36
network/fail2ban/README.SBo
Normal file
36
network/fail2ban/README.SBo
Normal file
|
@ -0,0 +1,36 @@
|
|||
Once you install the package, you can start using fail2ban by:
|
||||
1. mv /etc/rc.d/rc.fail2ban.new /etc/rc.d/rc.fail2ban
|
||||
2. chmod +x /etc/rc.d/rc.fail2ban
|
||||
3. /etc/rc.d/rc.fail2ban start
|
||||
|
||||
Additionally, you can add the following to rc.local for automatic startup
|
||||
if [ -x /etc/rc.d/rc.fail2ban ]; then
|
||||
/etc/rc.d/rc.fail2ban start
|
||||
fi
|
||||
|
||||
and add the following to rc.local_shutdown for to stop at shutdown
|
||||
if [ -x /etc/rc.d/rc.fail2ban ]; then
|
||||
/etc/rc.d/rc.fail2ban stop
|
||||
fi
|
||||
|
||||
The package contains logrotate script copied from fail2ban manual,
|
||||
and modified to reflect Slackware packaging. You can find
|
||||
the original script at:
|
||||
|
||||
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
|
||||
|
||||
UPGRADING:
|
||||
|
||||
Please make sure you have all your modifications to the default .conf files
|
||||
in .local files. Upgrade **WILL OVERWRITE** files in place.
|
||||
Making modifications to .local files is the recommended practice as per the
|
||||
software manual. Each .conf file can be overridden by equivalent .local file.
|
||||
Please refer Configuration section in fail2ban manual.
|
||||
|
||||
Changelog:
|
||||
|
||||
- Simplified rc script removing unnecessary startup options which have now
|
||||
become standard.
|
||||
- minor fix in slackbuild.
|
||||
- doinst.sh now makes /var/run/fail2ban to house pid and socket files.
|
||||
|
22
network/fail2ban/doinst.sh
Normal file
22
network/fail2ban/doinst.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
config() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
# If there's no config file by that name, mv it over:
|
||||
if [ ! -r $OLD ]; then
|
||||
mv $NEW $OLD
|
||||
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||
# toss the redundant copy
|
||||
rm $NEW
|
||||
fi
|
||||
# Otherwise, we leave the .new copy for the admin to consider...
|
||||
}
|
||||
|
||||
# Keep same perms on rc.fail2ban.new:
|
||||
if [ -e etc/rc.d/rc.fail2ban ]; then
|
||||
cp -a etc/rc.d/rc.fail2ban etc/rc.d/rc.fail2ban.new.incoming
|
||||
cat etc/rc.d/rc.fail2ban.new > etc/rc.d/rc.fail2ban.new.incoming
|
||||
mv etc/rc.d/rc.fail2ban.new.incoming etc/rc.d/rc.fail2ban.new
|
||||
fi
|
||||
|
||||
config etc/rc.d/rc.fail2ban.new
|
||||
config etc/logrotate.d/fail2ban.new
|
80
network/fail2ban/fail2ban.SlackBuild
Normal file
80
network/fail2ban/fail2ban.SlackBuild
Normal file
|
@ -0,0 +1,80 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Slackware Package Build Script for fail2ban
|
||||
|
||||
# Copyright (c) 2007, Nishant Limbachia (nishant@mnspace.net)
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use of this script, with or without modification, is
|
||||
# permitted provided that the following conditions are met:
|
||||
#
|
||||
# 1. Redistributions of script must retain the above copyright notice,
|
||||
# this list of conditions and the following disclaimer.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
PRGNAM=fail2ban
|
||||
VERSION=0.8.2
|
||||
ARCH=${ARCH:-noarch}
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
set -e # Exit on most errors
|
||||
|
||||
rm -fr $PKG $TMP/$PRGNAM-$VERSION
|
||||
mkdir -p $PKG $TMP $OUTPUT
|
||||
cd $TMP
|
||||
tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2
|
||||
cd $TMP/$PRGNAM-$VERSION
|
||||
chown -R root.root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 771 -o -perm 711 -o -perm 555 -o -perm 551 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 660 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
python setup.py install --root=$PKG
|
||||
|
||||
install -D -m 0644 $CWD/README.SBo $PKG/usr/doc/$PRGNAM-$VERSION/README.SBo
|
||||
cp -a COPYING ChangeLog PKG-INFO README TODO $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
|
||||
# Installing man pages
|
||||
mkdir -p $PKG/usr/man/man1
|
||||
install -m 0644 man/*.1 $PKG/usr/man/man1
|
||||
|
||||
# Find and compress man pages
|
||||
( cd $PKG/usr/man
|
||||
find . -type f -exec gzip -9 {} \;
|
||||
for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
|
||||
)
|
||||
|
||||
# Install startup script
|
||||
install -D -m 0644 $CWD/rc.fail2ban $PKG/etc/rc.d/rc.fail2ban.new
|
||||
|
||||
# Install logrotate script
|
||||
install -D -m 0644 $CWD/fail2ban.logrotate $PKG/etc/logrotate.d/fail2ban.new
|
||||
|
||||
# Make directory for socket and pid file
|
||||
mkdir -p $PKG/var/run/fail2ban
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
|
8
network/fail2ban/fail2ban.info
Normal file
8
network/fail2ban/fail2ban.info
Normal file
|
@ -0,0 +1,8 @@
|
|||
PRGNAM="fail2ban"
|
||||
VERSION="0.8.2"
|
||||
HOMEPAGE="http://www.fail2ban.org/wiki/index.php/Main_Page"
|
||||
DOWNLOAD="http://downloads.sourceforge.net/fail2ban/fail2ban-0.8.2.tar.bz2"
|
||||
MD5SUM="48c82a8b79cf6275d557571003eddbb1"
|
||||
MAINTAINER="Nishant Limbachia"
|
||||
EMAIL="nishant@mnspace.net"
|
||||
APPROVED="David Somero"
|
10
network/fail2ban/fail2ban.logrotate
Normal file
10
network/fail2ban/fail2ban.logrotate
Normal file
|
@ -0,0 +1,10 @@
|
|||
/var/log/fail2ban.log {
|
||||
weekly
|
||||
rotate 4
|
||||
missingok
|
||||
nocompress
|
||||
postrotate
|
||||
/etc/rc.d/rc.fail2ban reload 1> /dev/null || true
|
||||
endscript
|
||||
}
|
||||
|
64
network/fail2ban/rc.fail2ban
Normal file
64
network/fail2ban/rc.fail2ban
Normal file
|
@ -0,0 +1,64 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# /etc/rc.d/rc.fail2ban
|
||||
#
|
||||
# start/stop/reload/status/ping fail2ban server.
|
||||
#
|
||||
# To start fail2ban automatically at boot, make this
|
||||
# file executable: chmod 755 /etc/rc.d/rc.fail2ban
|
||||
# you must also add this file to rc.local in the appropriate
|
||||
# order
|
||||
#
|
||||
|
||||
fail2ban_start() {
|
||||
if [ -x /etc/rc.d/rc.fail2ban ]; then
|
||||
echo "Starting fail2ban: "
|
||||
/usr/bin/fail2ban-client start
|
||||
else
|
||||
echo "rc.fail2ban is not executable or you don't have enough permissions"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
fail2ban_stop() {
|
||||
echo "Stopping fail2ban"
|
||||
/usr/bin/fail2ban-client stop
|
||||
}
|
||||
|
||||
fail2ban_reload() {
|
||||
echo "Reloading fail2ban"
|
||||
/usr/bin/fail2ban-client reload
|
||||
}
|
||||
|
||||
fail2ban_status() {
|
||||
echo "Status: fail2ban"
|
||||
/usr/bin/fail2ban-client status
|
||||
}
|
||||
|
||||
fail2ban_ping() {
|
||||
echo "Pinging fail2ban"
|
||||
/usr/bin/fail2ban-client ping
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
'start')
|
||||
fail2ban_start
|
||||
;;
|
||||
'stop')
|
||||
fail2ban_stop
|
||||
;;
|
||||
'reload')
|
||||
fail2ban_reload
|
||||
;;
|
||||
'status')
|
||||
fail2ban_status
|
||||
;;
|
||||
'ping')
|
||||
fail2ban_ping
|
||||
;;
|
||||
'*')
|
||||
echo "USAGE: $0 start|stop|reload|status|ping"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
19
network/fail2ban/slack-desc
Normal file
19
network/fail2ban/slack-desc
Normal file
|
@ -0,0 +1,19 @@
|
|||
# HOW TO EDIT THIS FILE:
|
||||
# The "handy ruler" below makes it easier to edit a package description. Line
|
||||
# up the first '|' above the ':' following the base package name, and the '|'
|
||||
# on the right side marks the last column you can put a character in. You must
|
||||
# make exactly 11 lines for the formatting to be correct. It's also
|
||||
# customary to leave one space after the ':'.
|
||||
|
||||
|-----handy-ruler------------------------------------------------------|
|
||||
fail2ban: Fail2Ban (Fialed login attempt scanner)
|
||||
fail2ban:
|
||||
fail2ban: Fail2Ban scans log files and bans IP addresses that make
|
||||
fail2ban: too many password failures by modifying firewall rules.
|
||||
fail2ban: Fail2Ban can read multiple log files such as sshd, apache,
|
||||
fail2ban: postfix, and others.
|
||||
fail2ban:
|
||||
fail2ban: Home Page: http://www.fail2ban.org/wiki/index.php/Main_Page
|
||||
fail2ban:
|
||||
fail2ban:
|
||||
fail2ban:
|
Loading…
Reference in a new issue