package/fail2ban: new package

Fail2ban scans log files (e.g. /var/log/apache/error_log)
and bans IPs that show malicious behaviours.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[Thomas: simplify $(SED) expression by using comma as a separator
instead of slash.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Angelo Compagnucci 2018-11-25 00:24:22 +01:00 committed by Thomas Petazzoni
parent e94280e5a5
commit 3311064278
6 changed files with 70 additions and 0 deletions

View File

@ -146,6 +146,7 @@ F: package/libunwind/
N: Angelo Compagnucci <angelo.compagnucci@gmail.com>
F: package/corkscrew/
F: package/fail2ban/
F: package/i2c-tools/
F: package/mender/
F: package/mono/

View File

@ -1832,6 +1832,7 @@ menu "Networking applications"
source "package/ejabberd/Config.in"
source "package/ethtool/Config.in"
source "package/faifa/Config.in"
source "package/fail2ban/Config.in"
source "package/fastd/Config.in"
source "package/fcgiwrap/Config.in"
source "package/flannel/Config.in"

View File

@ -0,0 +1,15 @@
config BR2_PACKAGE_FAIL2BAN
bool "fail2ban"
depends on BR2_PACKAGE_PYTHON
help
Fail2ban scans log files (e.g. /var/log/apache/error_log) and
bans IPs that show the malicious signs -- too many password
failures, seeking for exploits, etc. Out of the box Fail2Ban
comes with filters for various services (apache, courier,
ssh, etc).
Fail2Ban is able to reduce the rate of incorrect
authentications attempts however it cannot eliminate the risk
that weak authentication presents.
https://www.fail2ban.org

View File

@ -0,0 +1,23 @@
#!/bin/sh
case "$1" in
start)
printf "Starting fail2ban: "
start-stop-daemon -S -q -m -p /var/run/fail2ban.pid \
-b -x fail2ban-server -- -xf start
[ $? = 0 ] && echo "OK" || echo "FAIL"
;;
stop)
printf "Stopping fail2ban: "
start-stop-daemon -K -q -p /var/run/fail2ban.pid
[ $? = 0 ] && echo "OK" || echo "FAIL"
;;
restart)
"$0" stop
sleep 1
"$0" start
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac

View File

@ -0,0 +1,3 @@
# sha256 locally computed
sha256 d6ca1bbc7e7944f7acb2ba7c1065953cd9837680bc4d175f30ed155c6a372449 fail2ban-0.10.4.tar.gz
sha256 a75fec0260742fe6275d63ff6a5d97b924b28766558306b3fa4069763096929b COPYING

View File

@ -0,0 +1,27 @@
################################################################################
#
# fail2ban
#
################################################################################
FAIL2BAN_VERSION = 0.10.4
FAIL2BAN_SITE = $(call github,fail2ban,fail2ban,$(FAIL2BAN_VERSION))
FAIL2BAN_LICENSE = GPL-2.0+
FAIL2BAN_LICENSE_FILES = COPYING
FAIL2BAN_SETUP_TYPE = distutils
define FAIL2BAN_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/fail2ban/S60fail2ban \
$(TARGET_DIR)/etc/init.d/S60fail2ban
endef
define FAIL2BAN_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 0644 $(@D)/files/fail2ban.service.in \
$(TARGET_DIR)/usr/lib/systemd/system/fail2ban.service
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
ln -fs ../../../../usr/lib//systemd/system/fail2ban.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/fail2ban.service
$(SED) 's,@BINDIR@,/usr/bin,g' $(TARGET_DIR)/usr/lib/systemd/system/fail2ban.service
endef
$(eval $(python-package))