From e34396fd0eaf0ba36ed536992f71f2be6448552c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kerma=20G=C3=A9rald?= Date: Thu, 11 Mar 2021 14:15:40 +0100 Subject: [PATCH] fail2ban: initial package of fail2ban version 0.11.2 python3-pyinotify: initial package version 0.9.6 of pyinotify for python3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kerma GĂ©rald --- lang/python/python3-pyinotify/Makefile | 40 ++++++++++++++ net/fail2ban/Makefile | 76 ++++++++++++++++++++++++++ net/fail2ban/files/db.conf | 2 + net/fail2ban/files/fail2ban.config | 2 + net/fail2ban/files/fail2ban.defaults | 13 +++++ net/fail2ban/files/fail2ban.init | 57 +++++++++++++++++++ net/fail2ban/files/firewall.fail2ban | 3 + net/fail2ban/files/uci.conf | 2 + 8 files changed, 195 insertions(+) create mode 100644 lang/python/python3-pyinotify/Makefile create mode 100644 net/fail2ban/Makefile create mode 100644 net/fail2ban/files/db.conf create mode 100644 net/fail2ban/files/fail2ban.config create mode 100644 net/fail2ban/files/fail2ban.defaults create mode 100755 net/fail2ban/files/fail2ban.init create mode 100644 net/fail2ban/files/firewall.fail2ban create mode 100644 net/fail2ban/files/uci.conf diff --git a/lang/python/python3-pyinotify/Makefile b/lang/python/python3-pyinotify/Makefile new file mode 100644 index 0000000000..ea64bd719c --- /dev/null +++ b/lang/python/python3-pyinotify/Makefile @@ -0,0 +1,40 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=python3-pyinotify +PKG_VERSION:=0.9.6 +PKG_RELEASE:=1 + +PYPI_NAME:=pyinotify +PKG_HASH:=9c998a5d7606ca835065cdabc013ae6c66eb9ea76a00a1e3bc6e0cfe2b4f71f4 + +PKG_MAINTAINER:=Gerald Kerma +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=COPYING + +include ../pypi.mk +include $(INCLUDE_DIR)/package.mk +include ../python3-package.mk + +define Package/python3-pyinotify + SUBMENU:=Python + SECTION:=lang + CATEGORY:=Languages + TITLE:=Linux filesystem events monitoring + URL:=https://github.com/seb-m/pyinotify + DEPENDS:= +python3-light \ + +python3-ctypes \ + +python3-logging +endef + +define Package/python3-pyinotify/description + Pyinotify is a Python module for monitoring filesystems changes. +endef + +$(eval $(call Py3Package,python3-pyinotify)) +$(eval $(call BuildPackage,python3-pyinotify)) +$(eval $(call BuildPackage,python3-pyinotify-src)) diff --git a/net/fail2ban/Makefile b/net/fail2ban/Makefile new file mode 100644 index 0000000000..19f8768a18 --- /dev/null +++ b/net/fail2ban/Makefile @@ -0,0 +1,76 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=fail2ban +PKG_VERSION:=0.11.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/fail2ban/fail2ban/tar.gz/$(PKG_VERSION)? +PKG_HASH:=383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0 + +PKG_MAINTAINER:=Gerald Kerma +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python3-package.mk + +define Package/fail2ban + SECTION:=net + CATEGORY:=Network + TITLE:=ban hosts that cause multiple authentication errors + URL:=https://www.fail2ban.org/ + DEPENDS:= \ + +iptables \ + +python3-light \ + +python3-ctypes \ + +python3-distutils \ + +python3-email \ + +python3-logging \ + +python3-sqlite3 \ + +python3-urllib \ + +python3-pkg-resources +endef + +define Package/fail2ban/description + Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. +endef + +define Package/fail2ban/conffiles +/etc/fail2ban/ +/etc/config/fail2ban +endef + +define Py3Package/fail2ban/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-server $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-client $(1)/usr/bin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-regex $(1)/usr/bin/ + $(LN) /usr/bin/python3 $(1)/usr/bin/fail2ban-python + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/fail2ban.config $(1)/etc/config/fail2ban + $(INSTALL_BIN) ./files/firewall.fail2ban $(1)/etc/firewall.fail2ban + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/fail2ban.init $(1)/etc/init.d/fail2ban + + $(INSTALL_DIR) $(1)/etc/fail2ban/ + $(CP) $(PKG_BUILD_DIR)/config/* $(1)/etc/fail2ban/ + + $(INSTALL_DIR) $(1)/etc/fail2ban/fail2ban.d + $(INSTALL_DATA) ./files/db.conf $(1)/etc/fail2ban/fail2ban.d/db.conf + $(INSTALL_DATA) ./files/uci.conf $(1)/etc/fail2ban/fail2ban.d/uci.conf + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/fail2ban.defaults $(1)/etc/uci-defaults/99_fail2ban +endef + +$(eval $(call Py3Package,fail2ban)) +$(eval $(call BuildPackage,fail2ban)) +$(eval $(call BuildPackage,fail2ban-src)) diff --git a/net/fail2ban/files/db.conf b/net/fail2ban/files/db.conf new file mode 100644 index 0000000000..2a2c64c960 --- /dev/null +++ b/net/fail2ban/files/db.conf @@ -0,0 +1,2 @@ +[DEFAULT] +dbpurgeage = 10d diff --git a/net/fail2ban/files/fail2ban.config b/net/fail2ban/files/fail2ban.config new file mode 100644 index 0000000000..f6a773c3c4 --- /dev/null +++ b/net/fail2ban/files/fail2ban.config @@ -0,0 +1,2 @@ +config fail2ban 'fail2ban' + option dbfile '/var/lib/fail2ban/fail2ban.sqlite3' diff --git a/net/fail2ban/files/fail2ban.defaults b/net/fail2ban/files/fail2ban.defaults new file mode 100644 index 0000000000..f2c094dd76 --- /dev/null +++ b/net/fail2ban/files/fail2ban.defaults @@ -0,0 +1,13 @@ +#!/bin/sh + +# unfortunately, UCI doesn't provide a nice way to add an anonymous section only if it doesn't already exist +if ! uci show firewall | grep -q firewall.fail2ban; then + name="$(uci add firewall include)" + uci set "firewall.${name}.path=/etc/firewall.fail2ban" + uci set "firewall.${name}.enabled=1" + uci set "firewall.${name}.reload=1" + echo -e "Adding the following UCI config:\n $(uci changes)" + uci commit +fi + +exit 0 diff --git a/net/fail2ban/files/fail2ban.init b/net/fail2ban/files/fail2ban.init new file mode 100755 index 0000000000..ad82026e45 --- /dev/null +++ b/net/fail2ban/files/fail2ban.init @@ -0,0 +1,57 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2020 Martin Pecka, 3-clause BSD license (see LICENSE file) + +START=95 + +USE_PROCD=1 + +RUNDIR=/var/run/fail2ban +CONFDIR=/etc/fail2ban +RUNCONFDIR=/var/etc/fail2ban +RUNCONF="${RUNCONFDIR}/fail2ban.conf" + +service_triggers() { + procd_add_reload_trigger fail2ban +} + +init_config() { + mkdir -m 0755 -p "${RUNCONFDIR}" + + rm -f "${RUNCONF}" + + config_load fail2ban + config_get dbfile fail2ban dbfile /var/lib/fail2ban/fail2ban.sqlite3 + + echo "[Definition]" > "${RUNCONF}" + echo -n "dbfile = " >> "${RUNCONF}" + echo $dbfile >> "${RUNCONF}" +} + +start_service() { + init_config + + mkdir -m 0755 -p "${RUNDIR}" + + procd_open_instance + + procd_set_param file ${CONFDIR}/action.d/*.conf + procd_set_param file ${CONFDIR}/action.d/*.local + procd_set_param file ${CONFDIR}/filter.d/*.conf + procd_set_param file ${CONFDIR}/filter.d/*.local + procd_set_param file ${CONFDIR}/jail.d/*.conf + procd_set_param file ${CONFDIR}/jail.d/*.local + procd_set_param file ${CONFDIR}/fail2ban.d/*.conf + procd_set_param file ${CONFDIR}/fail2ban.d/*.local + procd_set_param file ${CONFDIR}/*.conf + procd_set_param file ${CONFDIR}/*.local + + procd_set_param command /usr/bin/fail2ban-server -xf -p "${RUNDIR}/fail2ban.pid" -s "${RUNDIR}/fail2ban.sock" start + procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} + procd_close_instance +} + +reload_service() +{ + stop + start +} diff --git a/net/fail2ban/files/firewall.fail2ban b/net/fail2ban/files/firewall.fail2ban new file mode 100644 index 0000000000..99507dab1c --- /dev/null +++ b/net/fail2ban/files/firewall.fail2ban @@ -0,0 +1,3 @@ +#!/bin/sh +/etc/init.d/fail2ban restart +exit 0 diff --git a/net/fail2ban/files/uci.conf b/net/fail2ban/files/uci.conf new file mode 100644 index 0000000000..ddf2034e20 --- /dev/null +++ b/net/fail2ban/files/uci.conf @@ -0,0 +1,2 @@ +[INCLUDES] +after = /var/etc/fail2ban/fail2ban.conf