network/fail2ban: Updated for version 0.8.4

This commit is contained in:
Nishant Limbachia 2010-05-13 00:36:23 +02:00 committed by David Somero
parent d8af4d8eef
commit be48e85838
8 changed files with 113 additions and 89 deletions

View file

@ -3,4 +3,8 @@ too many password failures. It updates firewall rules to reject the
IP address. These rules can be defined by the user. Fail2Ban can read
multiple log files such as sshd, Apache web server, postfix and others.
See README.SLACKWARE for configuration and upgrade help.
fail2ban has following dependencies which are offical Slackware packages:
1. Python >= 2.3 Required
2. gamin >= 0.0.21 Optional
Also see README.SBo for configuration and upgrade help.

View file

@ -0,0 +1,39 @@
Once you install the package, you can start using fail2ban by:
1. chmod +x /etc/rc.d/rc.fail2ban
2. /etc/rc.d/rc.fail2ban start
Additionally, you can add the following to rc.local for automatic startup
if [ -x /etc/rc.d/rc.fail2ban ]; then
/etc/rc.d/rc.fail2ban start
fi
and add the following to rc.local_shutdown to stop fail2ban at shutdown
if [ -x /etc/rc.d/rc.fail2ban ]; then
/etc/rc.d/rc.fail2ban stop
fi
The package contains logrotate script copied from fail2ban manual,
and modified to reflect Slackware packaging. You can find
the original script at:
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
UPGRADING:
Please make sure you have all your modifications done to .local files instead of
.conf files.
Making modifications to .local files is the recommended practice as per the
software manual. Each .conf file is overridden by equivalent .local file.
Please refer Configuration section in fail2ban manual.
Changelog:
08/03/2008
upgraded to fail2ban version 0.8.3, added restart option to rc script
12/28/2008
fixed a typo in rc.fail2ban that prevented showing usage info when run without options
09/08/2009
added some notes and simplified rc script. updated to version 0.8.4. Modified build script
to account for users who keeps their config options in .conf files. Now the script
moves the .conf files to .new which will prevent the overwrite of existing .conf files.

View file

@ -1,41 +0,0 @@
README.SLACKWARE for fail2ban
==============================================================================
Once you install the package, you can start using fail2ban by:
/etc/rc.d/rc.fail2ban start
Additionally, you can add the following to rc.local for automatic startup:
if [ -x /etc/rc.d/rc.fail2ban ]; then
/etc/rc.d/rc.fail2ban start
fi
and add the following to rc.local_shutdown to stop fail2ban at shutdown:
if [ -x /etc/rc.d/rc.fail2ban ]; then
/etc/rc.d/rc.fail2ban stop
fi
The package contains logrotate script copied from fail2ban manual and
modified to reflect Slackware packaging. You can find the original script at:
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
==============================================================================
UPGRADING:
Please make sure you have all your modifications done to .local files instead of
.conf files. Upgrade **WILL OVERWRITE** files in place.
Making modifications to .local files is the recommended practice as per the
software manual. Each .conf file is overridden by equivalent .local file.
Please refer Configuration section in fail2ban manual.
==============================================================================
Changelog:
08/03/2008
upgraded to fail2ban version 0.8.3, added restart option to rc script
12/28/2008
fixed a typo in rc.fail2ban that prevented showing usage info when run without options

View file

@ -20,4 +20,11 @@ fi
config etc/rc.d/rc.fail2ban.new
config etc/logrotate.d/fail2ban.new
config etc/fail2ban/fail2ban.conf.new
config etc/fail2ban/jail.conf.new
for conf_file in etc/fail2ban/action.d/*.new; do
config $conf_file
done
for conf_file in etc/fail2ban/filter.d/*.new; do
config $conf_file
done

View file

@ -3,15 +3,15 @@
# Slackware Package Build Script for fail2ban
# Home Page http://www.fail2ban.org/wiki/index.php/Main_Page
# Copyright (c) 2008-2009, Nishant Limbachia (nishant@mnspace.net)
# Copyright (c) 2008-2009, Nishant Limbachia, Hoffman Est, IL, USA (nishant@mnspace.net)
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of script must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
@ -25,9 +25,9 @@
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=fail2ban
VERSION=0.8.3
ARCH=${ARCH:-noarch}
BUILD=${BUILD:-2}
VERSION=0.8.4
ARCH=${ARCH:-i486}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
TMP=${TMP:-/tmp/SBo}
@ -35,12 +35,14 @@ PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
CWD=$(pwd)
# exit on most errors
set -e
# clean up from previous builds
rm -fr $PKG $TMP/$PRGNAM-$VERSION
mkdir -p $PKG $TMP $OUTPUT
cd $TMP
tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2
tar xvf $CWD/$PRGNAM-$VERSION.tar.?z*
cd $TMP/$PRGNAM-$VERSION
chown -R root.root .
find . \
@ -51,31 +53,40 @@ find . \
python setup.py install --root=$PKG
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a \
COPYING ChangeLog PKG-INFO README TODO \
$PKG/usr/doc/$PRGNAM-$VERSION
install -m 0644 $CWD/README.SLACKWARE $CWD/$PRGNAM.SlackBuild \
$PKG/usr/doc/$PRGNAM-$VERSION
# installing man pages
mkdir -p $PKG/usr/man/man1
install -m 0644 man/*.1 $PKG/usr/man/man1
install -m 0644 man/fail2ban-client.1 man/fail2ban-regex.1 \
man/fail2ban-server.1 $PKG/usr/man/man1
install -D -m 0755 $CWD/rc.fail2ban $PKG/etc/rc.d/rc.fail2ban.new
install -D -m 0644 $CWD/fail2ban.logrotate $PKG/etc/logrotate.d/fail2ban.new
# Make directory for socket and pid file
mkdir -p $PKG/var/run/fail2ban
( cd $PKG/usr/man || exit 1
# move config files to .new
( cd $PKG/etc/fail2ban
for file in $(find . -type f); do
mv $file "$file.new"
done
)
# compress man pages
( cd $PKG/usr/man
find . -type f -exec gzip -9 {} \;
for i in $(find . -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
)
# install startup script
install -D -m 0644 $CWD/rc.fail2ban $PKG/etc/rc.d/rc.fail2ban.new
# install logrotate script
install -D -m 0644 $CWD/fail2ban.logrotate $PKG/etc/logrotate.d/fail2ban.new
# make directory for socket and pid file
mkdir -p $PKG/var/run/fail2ban
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a COPYING ChangeLog PKG-INFO README TODO $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
# building package
mkdir -p $PKG/install
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

View file

@ -1,8 +1,10 @@
PRGNAM="fail2ban"
VERSION="0.8.3"
VERSION="0.8.4"
HOMEPAGE="http://www.fail2ban.org/wiki/index.php/Main_Page"
DOWNLOAD="http://downloads.sourceforge.net/fail2ban/fail2ban-0.8.3.tar.bz2"
MD5SUM="b438d7e2ce77a469fb0cca2a5cc0b81c"
DOWNLOAD="http://downloads.sourceforge.net/fail2ban/fail2ban-0.8.4.tar.bz2"
MD5SUM="df94335a5d12b4750869e5fe350073fa"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="Nishant Limbachia"
EMAIL="nishant@mnspace.net"
APPROVED="rworkman"
APPROVED="dsomero"

View file

@ -1,20 +1,22 @@
#!/bin/sh
#
# Copyright (c) 2008-2009, Nishant Limbachia, Hoffman Est, IL, USA (nishant@mnspace.net)
# /etc/rc.d/rc.fail2ban
#
# start/stop/reload/status/ping fail2ban server.
# start|stop|restart|reload|status|ping fail2ban server
#
# To start fail2ban automatically at boot, make this
# file executable: chmod 755 /etc/rc.d/rc.fail2ban
# you must also add this file to rc.local in the
# appropriate order.
# To start fail2ban automatically at boot, make this file executable:
# chmod 755 /etc/rc.d/rc.fail2ban
# you must also add this file to rc.local for fail2ban to start during boot.
SOCKET="/var/run/fail2ban/fail2ban.socket"
### default socket file is /var/run/fail2ban/fail2ban.sock which can be
### changed via the config file: /etc/fail2ban/fail2ban.conf
fail2ban_start() {
if [ -x /etc/rc.d/rc.fail2ban ]; then
echo "Starting fail2ban: "
/usr/bin/fail2ban-client -x -s ${SOCKET} start
### using -x option to remove any stale socket file.
/usr/bin/fail2ban-client -x start
else
echo "rc.fail2ban is not executable or you don't have enough permissions"
exit 1
@ -23,22 +25,22 @@ fail2ban_start() {
fail2ban_stop() {
echo "Stopping fail2ban"
/usr/bin/fail2ban-client -x -s ${SOCKET} stop
/usr/bin/fail2ban-client stop
}
fail2ban_reload() {
echo "Reloading fail2ban"
/usr/bin/fail2ban-client -x -s ${SOCKET} reload
/usr/bin/fail2ban-client reload
}
fail2ban_status() {
echo "Status: fail2ban"
/usr/bin/fail2ban-client -s ${SOCKET} status
/usr/bin/fail2ban-client status
}
fail2ban_ping() {
echo "Pinging fail2ban"
/usr/bin/fail2ban-client -s ${SOCKET} ping
/usr/bin/fail2ban-client ping
}
case "$1" in
@ -50,7 +52,7 @@ case "$1" in
;;
'restart')
fail2ban_stop
sleep 2
sleep 5
fail2ban_start
;;
'reload')

View file

@ -5,7 +5,7 @@
# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler----------------------------------------------------|
|-----handy-ruler--------------------------------------------------|
fail2ban: Fail2Ban (bans IP that makes too many password failures)
fail2ban:
fail2ban: Fail2Ban scans log files like /var/log/pwdfail and bans IP