From be48e858385bef134f4bcb7a55d1325f4b16f5e2 Mon Sep 17 00:00:00 2001 From: Nishant Limbachia Date: Thu, 13 May 2010 00:36:23 +0200 Subject: [PATCH] network/fail2ban: Updated for version 0.8.4 --- network/fail2ban/README | 6 ++- network/fail2ban/README.SBo | 39 ++++++++++++++++ network/fail2ban/README.SLACKWARE | 41 ----------------- network/fail2ban/doinst.sh | 9 +++- network/fail2ban/fail2ban.SlackBuild | 69 ++++++++++++++++------------ network/fail2ban/fail2ban.info | 10 ++-- network/fail2ban/rc.fail2ban | 26 ++++++----- network/fail2ban/slack-desc | 2 +- 8 files changed, 113 insertions(+), 89 deletions(-) create mode 100644 network/fail2ban/README.SBo delete mode 100644 network/fail2ban/README.SLACKWARE diff --git a/network/fail2ban/README b/network/fail2ban/README index 96b33a1a9c..5993d3c304 100644 --- a/network/fail2ban/README +++ b/network/fail2ban/README @@ -3,4 +3,8 @@ too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd, Apache web server, postfix and others. -See README.SLACKWARE for configuration and upgrade help. +fail2ban has following dependencies which are offical Slackware packages: +1. Python >= 2.3 Required +2. gamin >= 0.0.21 Optional + +Also see README.SBo for configuration and upgrade help. diff --git a/network/fail2ban/README.SBo b/network/fail2ban/README.SBo new file mode 100644 index 0000000000..7d659bc603 --- /dev/null +++ b/network/fail2ban/README.SBo @@ -0,0 +1,39 @@ +Once you install the package, you can start using fail2ban by: +1. chmod +x /etc/rc.d/rc.fail2ban +2. /etc/rc.d/rc.fail2ban start + +Additionally, you can add the following to rc.local for automatic startup +if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban start +fi + +and add the following to rc.local_shutdown to stop fail2ban at shutdown +if [ -x /etc/rc.d/rc.fail2ban ]; then + /etc/rc.d/rc.fail2ban stop +fi + +The package contains logrotate script copied from fail2ban manual, +and modified to reflect Slackware packaging. You can find +the original script at: + +http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 + +UPGRADING: + +Please make sure you have all your modifications done to .local files instead of +.conf files. + +Making modifications to .local files is the recommended practice as per the +software manual. Each .conf file is overridden by equivalent .local file. +Please refer Configuration section in fail2ban manual. + +Changelog: + +08/03/2008 +upgraded to fail2ban version 0.8.3, added restart option to rc script +12/28/2008 +fixed a typo in rc.fail2ban that prevented showing usage info when run without options +09/08/2009 +added some notes and simplified rc script. updated to version 0.8.4. Modified build script +to account for users who keeps their config options in .conf files. Now the script +moves the .conf files to .new which will prevent the overwrite of existing .conf files. \ No newline at end of file diff --git a/network/fail2ban/README.SLACKWARE b/network/fail2ban/README.SLACKWARE deleted file mode 100644 index 6fb9307a16..0000000000 --- a/network/fail2ban/README.SLACKWARE +++ /dev/null @@ -1,41 +0,0 @@ -README.SLACKWARE for fail2ban - -============================================================================== - -Once you install the package, you can start using fail2ban by: - /etc/rc.d/rc.fail2ban start - -Additionally, you can add the following to rc.local for automatic startup: -if [ -x /etc/rc.d/rc.fail2ban ]; then - /etc/rc.d/rc.fail2ban start -fi - -and add the following to rc.local_shutdown to stop fail2ban at shutdown: -if [ -x /etc/rc.d/rc.fail2ban ]; then - /etc/rc.d/rc.fail2ban stop -fi - -The package contains logrotate script copied from fail2ban manual and -modified to reflect Slackware packaging. You can find the original script at: - http://www.fail2ban.org/wiki/index.php/MANUAL_0_8 - -============================================================================== - -UPGRADING: - -Please make sure you have all your modifications done to .local files instead of -.conf files. Upgrade **WILL OVERWRITE** files in place. - -Making modifications to .local files is the recommended practice as per the -software manual. Each .conf file is overridden by equivalent .local file. -Please refer Configuration section in fail2ban manual. - -============================================================================== - -Changelog: - -08/03/2008 - upgraded to fail2ban version 0.8.3, added restart option to rc script - -12/28/2008 - fixed a typo in rc.fail2ban that prevented showing usage info when run without options diff --git a/network/fail2ban/doinst.sh b/network/fail2ban/doinst.sh index f1a42cb78e..5570dfaa27 100644 --- a/network/fail2ban/doinst.sh +++ b/network/fail2ban/doinst.sh @@ -20,4 +20,11 @@ fi config etc/rc.d/rc.fail2ban.new config etc/logrotate.d/fail2ban.new - +config etc/fail2ban/fail2ban.conf.new +config etc/fail2ban/jail.conf.new +for conf_file in etc/fail2ban/action.d/*.new; do + config $conf_file +done +for conf_file in etc/fail2ban/filter.d/*.new; do + config $conf_file +done diff --git a/network/fail2ban/fail2ban.SlackBuild b/network/fail2ban/fail2ban.SlackBuild index d95b11cd2a..2bc98313ab 100644 --- a/network/fail2ban/fail2ban.SlackBuild +++ b/network/fail2ban/fail2ban.SlackBuild @@ -3,15 +3,15 @@ # Slackware Package Build Script for fail2ban # Home Page http://www.fail2ban.org/wiki/index.php/Main_Page -# Copyright (c) 2008-2009, Nishant Limbachia (nishant@mnspace.net) +# Copyright (c) 2008-2009, Nishant Limbachia, Hoffman Est, IL, USA (nishant@mnspace.net) # All rights reserved. -# + # Redistribution and use of this script, with or without modification, is # permitted provided that the following conditions are met: -# + # 1. Redistributions of script must retain the above copyright notice, # this list of conditions and the following disclaimer. -# + # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR @@ -25,9 +25,9 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=fail2ban -VERSION=0.8.3 -ARCH=${ARCH:-noarch} -BUILD=${BUILD:-2} +VERSION=0.8.4 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} TMP=${TMP:-/tmp/SBo} @@ -35,47 +35,58 @@ PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} CWD=$(pwd) +# exit on most errors set -e +# clean up from previous builds rm -fr $PKG $TMP/$PRGNAM-$VERSION mkdir -p $PKG $TMP $OUTPUT cd $TMP -tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 +tar xvf $CWD/$PRGNAM-$VERSION.tar.?z* cd $TMP/$PRGNAM-$VERSION chown -R root.root . find . \ - \( -perm 777 -o -perm 775 -o -perm 771 -o -perm 711 -o -perm 555 -o -perm 551 -o -perm 511 \) \ - -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 660 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \; +\( -perm 777 -o -perm 775 -o -perm 771 -o -perm 711 -o -perm 555 -o -perm 551 -o -perm 511 \) \ +-exec chmod 755 {} \; -o \ +\( -perm 666 -o -perm 664 -o -perm 660 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ +-exec chmod 644 {} \; python setup.py install --root=$PKG -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a \ - COPYING ChangeLog PKG-INFO README TODO \ - $PKG/usr/doc/$PRGNAM-$VERSION -install -m 0644 $CWD/README.SLACKWARE $CWD/$PRGNAM.SlackBuild \ - $PKG/usr/doc/$PRGNAM-$VERSION - +# installing man pages mkdir -p $PKG/usr/man/man1 -install -m 0644 man/*.1 $PKG/usr/man/man1 +install -m 0644 man/fail2ban-client.1 man/fail2ban-regex.1 \ +man/fail2ban-server.1 $PKG/usr/man/man1 -install -D -m 0755 $CWD/rc.fail2ban $PKG/etc/rc.d/rc.fail2ban.new -install -D -m 0644 $CWD/fail2ban.logrotate $PKG/etc/logrotate.d/fail2ban.new - -# Make directory for socket and pid file -mkdir -p $PKG/var/run/fail2ban - -( cd $PKG/usr/man || exit 1 +# move config files to .new +( cd $PKG/etc/fail2ban + for file in $(find . -type f); do + mv $file "$file.new" + done +) +# compress man pages +( cd $PKG/usr/man find . -type f -exec gzip -9 {} \; for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done ) +# install startup script +install -D -m 0644 $CWD/rc.fail2ban $PKG/etc/rc.d/rc.fail2ban.new + +# install logrotate script +install -D -m 0644 $CWD/fail2ban.logrotate $PKG/etc/logrotate.d/fail2ban.new + +# make directory for socket and pid file +mkdir -p $PKG/var/run/fail2ban + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a COPYING ChangeLog PKG-INFO README TODO $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +# building package mkdir -p $PKG/install cat $CWD/doinst.sh > $PKG/install/doinst.sh cat $CWD/slack-desc > $PKG/install/slack-desc cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz - +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/fail2ban/fail2ban.info b/network/fail2ban/fail2ban.info index b8e8eaa126..613a063f2b 100644 --- a/network/fail2ban/fail2ban.info +++ b/network/fail2ban/fail2ban.info @@ -1,8 +1,10 @@ PRGNAM="fail2ban" -VERSION="0.8.3" +VERSION="0.8.4" HOMEPAGE="http://www.fail2ban.org/wiki/index.php/Main_Page" -DOWNLOAD="http://downloads.sourceforge.net/fail2ban/fail2ban-0.8.3.tar.bz2" -MD5SUM="b438d7e2ce77a469fb0cca2a5cc0b81c" +DOWNLOAD="http://downloads.sourceforge.net/fail2ban/fail2ban-0.8.4.tar.bz2" +MD5SUM="df94335a5d12b4750869e5fe350073fa" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" MAINTAINER="Nishant Limbachia" EMAIL="nishant@mnspace.net" -APPROVED="rworkman" +APPROVED="dsomero" diff --git a/network/fail2ban/rc.fail2ban b/network/fail2ban/rc.fail2ban index bc3021e56e..86c6b7de52 100644 --- a/network/fail2ban/rc.fail2ban +++ b/network/fail2ban/rc.fail2ban @@ -1,20 +1,22 @@ #!/bin/sh # +# Copyright (c) 2008-2009, Nishant Limbachia, Hoffman Est, IL, USA (nishant@mnspace.net) # /etc/rc.d/rc.fail2ban # -# start/stop/reload/status/ping fail2ban server. +# start|stop|restart|reload|status|ping fail2ban server # -# To start fail2ban automatically at boot, make this -# file executable: chmod 755 /etc/rc.d/rc.fail2ban -# you must also add this file to rc.local in the -# appropriate order. +# To start fail2ban automatically at boot, make this file executable: +# chmod 755 /etc/rc.d/rc.fail2ban +# you must also add this file to rc.local for fail2ban to start during boot. -SOCKET="/var/run/fail2ban/fail2ban.socket" +### default socket file is /var/run/fail2ban/fail2ban.sock which can be +### changed via the config file: /etc/fail2ban/fail2ban.conf fail2ban_start() { if [ -x /etc/rc.d/rc.fail2ban ]; then echo "Starting fail2ban: " - /usr/bin/fail2ban-client -x -s ${SOCKET} start + ### using -x option to remove any stale socket file. + /usr/bin/fail2ban-client -x start else echo "rc.fail2ban is not executable or you don't have enough permissions" exit 1 @@ -23,22 +25,22 @@ fail2ban_start() { fail2ban_stop() { echo "Stopping fail2ban" - /usr/bin/fail2ban-client -x -s ${SOCKET} stop + /usr/bin/fail2ban-client stop } fail2ban_reload() { echo "Reloading fail2ban" - /usr/bin/fail2ban-client -x -s ${SOCKET} reload + /usr/bin/fail2ban-client reload } fail2ban_status() { echo "Status: fail2ban" - /usr/bin/fail2ban-client -s ${SOCKET} status + /usr/bin/fail2ban-client status } fail2ban_ping() { echo "Pinging fail2ban" - /usr/bin/fail2ban-client -s ${SOCKET} ping + /usr/bin/fail2ban-client ping } case "$1" in @@ -50,7 +52,7 @@ case "$1" in ;; 'restart') fail2ban_stop - sleep 2 + sleep 5 fail2ban_start ;; 'reload') diff --git a/network/fail2ban/slack-desc b/network/fail2ban/slack-desc index 872f9903e6..7f4b389386 100644 --- a/network/fail2ban/slack-desc +++ b/network/fail2ban/slack-desc @@ -5,7 +5,7 @@ # make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. - |-----handy-ruler----------------------------------------------------| + |-----handy-ruler--------------------------------------------------| fail2ban: Fail2Ban (bans IP that makes too many password failures) fail2ban: fail2ban: Fail2Ban scans log files like /var/log/pwdfail and bans IP