4087190c65
Fail2Ban is a log scanner that looks for suspicious activity and then bans the attackers IP. Similar to DenyHosts but supports any service, not just SSH, and uses firewall rules (IPFW on OSX) rather than hosts.deny. Closes Homebrew/homebrew#14819. Signed-off-by: Adam Vandenberg <flangy@gmail.com>
83 lines
2.7 KiB
Ruby
83 lines
2.7 KiB
Ruby
require 'formula'
|
|
|
|
class Fail2ban < Formula
|
|
homepage 'http://www.fail2ban.org/'
|
|
url 'http://cloud.github.com/downloads/fail2ban/fail2ban/fail2ban_0.8.7.1.orig.tar.gz'
|
|
sha1 'ec1a7ea1360056d5095bb9de733c1e388bd22373'
|
|
|
|
def install
|
|
inreplace 'setup.py' do |s|
|
|
s.gsub! /\/etc/, etc
|
|
s.gsub! /\/var/, var
|
|
end
|
|
|
|
# Replace hardcoded paths
|
|
inreplace 'fail2ban-client', '/usr/share/fail2ban', libexec
|
|
inreplace 'fail2ban-server', '/usr/share/fail2ban', libexec
|
|
inreplace 'fail2ban-regex', '/usr/share/fail2ban', libexec
|
|
|
|
inreplace 'fail2ban-client', '/etc', etc
|
|
inreplace 'fail2ban-server', '/etc', etc
|
|
inreplace 'fail2ban-regex', '/etc', etc
|
|
|
|
inreplace 'fail2ban-server', '/var', var
|
|
inreplace 'config/fail2ban.conf', '/var/run', (var + 'run')
|
|
|
|
system "python", "setup.py", "install",
|
|
"--prefix=#{prefix}",
|
|
"--install-lib=#{libexec}",
|
|
"--install-data=#{libexec}",
|
|
"--install-scripts=#{bin}"
|
|
|
|
plist_path.write startup_plist
|
|
plist_path.chmod 0644
|
|
end
|
|
|
|
def startup_plist
|
|
<<-EOF.undent
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Label</key>
|
|
<string>#{plist_name}</string>
|
|
<key>ProgramArguments</key>
|
|
<array>
|
|
<string>#{HOMEBREW_PREFIX}/bin/fail2ban-client</string>
|
|
<string>start</string>
|
|
</array>
|
|
<key>RunAtLoad</key>
|
|
<true/>
|
|
</dict>
|
|
</plist>
|
|
EOF
|
|
end
|
|
|
|
def caveats
|
|
<<-EOS.undent
|
|
Before using Fail2Ban for the first time you should edit jail
|
|
configuration and enable the jails that you want to use, for instance
|
|
ssh-ipfw. Also make sure that they point to the correct configuration
|
|
path. I.e. on Mountain Lion the sshd logfile should point to
|
|
/var/log/system.log.
|
|
|
|
* #{etc}/fail2ban/jail.conf
|
|
|
|
The Fail2Ban wiki has two pages with instructions for MacOS X Server that
|
|
describes how to set up the Jails for the standard MacOS X Server
|
|
services for the respective releases.
|
|
|
|
10.4: http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4)
|
|
10.5: http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.5)
|
|
|
|
A launchctl plist has been created that will start Fail2Ban at bootup. It
|
|
must be run by a user that is allowed to manipulate the enabled rules,
|
|
i.e. ipfw.
|
|
To install it execute the following commands:
|
|
|
|
sudo cp #{plist_path} /Library/LaunchDaemons/
|
|
sudo launchctl load /Library/LaunchDaemons/#{plist_name}
|
|
|
|
EOS
|
|
end
|
|
end
|