kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/fail2ban/Makefile

125 lines
8.1 KiB
Makefile
Raw Normal View History

fail2ban: fix build on linux and others having an empty SUBST_SED returns usage and a non-zero exit value and the build doesn't continue.
2017-03-16 22:08:35 +01:00
# $NetBSD: Makefile,v 1.7 2017/03/16 21:08:35 maya Exp $
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
#
Updated security/fail2ban to 0.9.6. Upstream changelog : * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]`
2017-02-02 19:35:56 +01:00
DISTNAME= fail2ban-0.9.6
Updated to 0.9.3. Some of the upstream changes for 0.9.2 : - various typo in config files - filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues - some fixes for EL7 New features : - New filters: - postfix-rbl - apache-fakegooglebot.conf - nginx-botsearch - drupal-auth - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports - action.d/sendmail-geoip-lines.conf - action.d/nsupdate to update DNSBL - New status argument for fail2ban-client Some of the upstream changes for 0.9.3 : - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust <grepopts> to augment the behavior. - New Features: * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication
2015-11-27 16:41:47 +01:00
#PKGREVISION= 2
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
CATEGORIES= security
MASTER_SITES= -https://github.com/fail2ban/fail2ban/archive/${PKGVERSION_NOREV}${EXTRACT_SUFX}
EXTRACT_SUFX= .zip
Updated security/fail2ban to 0.9.5. Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved jails, actions and filter. Details are here : - https://github.com/fail2ban/fail2ban/releases/tag/0.9.4 - https://github.com/fail2ban/fail2ban/releases/tag/0.9.5 Pkgsrc changes are : - added man pages (fail2ban-testcases.1 fail2ban.1) - added and reorderd filters, actions, and documentation files - minor edits to please pkglint
2016-12-04 22:02:55 +01:00
MAINTAINER= nils@NetBSD.org
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
HOMEPAGE= http://www.fail2ban.org/
COMMENT= Scans log files and bans IP that makes too many password failures
LICENSE= gnu-gpl-v2
DEPENDS+= ${PYPKGPREFIX}-sqlite3-[0-9]*:../../databases/py-sqlite3
Demote docs tools to BUILD_DEPENDS. sphinx and numpy-doc are not needed at runtime.
2015-04-14 23:09:48 +02:00
BUILD_DEPENDS+= ${PYPKGPREFIX}-sphinx>=1.2.3nb1:../../textproc/py-sphinx
BUILD_DEPENDS+= ${PYPKGPREFIX}-numpydoc-[0-9]*:../../textproc/py-numpydoc
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
USE_TOOLS+= make:build
Updated security/fail2ban to 0.9.5. Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved jails, actions and filter. Details are here : - https://github.com/fail2ban/fail2ban/releases/tag/0.9.4 - https://github.com/fail2ban/fail2ban/releases/tag/0.9.5 Pkgsrc changes are : - added man pages (fail2ban-testcases.1 fail2ban.1) - added and reorderd filters, actions, and documentation files - minor edits to please pkglint
2016-12-04 22:02:55 +01:00
USE_LANGUAGES= # none
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
EGDIR= ${PREFIX}/share/examples/fail2ban
PKG_SYSCONFSUBDIR= fail2ban
DOCDIR= ${PREFIX}/share/doc/fail2ban
OWN_DIRS= ${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/action.d/ ${PKG_SYSCONFDIR}/filter.d/ \
${VARBASE}/run/fail2ban ${VARBASE}/db/fail2ban
Updated to 0.9.3. Some of the upstream changes for 0.9.2 : - various typo in config files - filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues - some fixes for EL7 New features : - New filters: - postfix-rbl - apache-fakegooglebot.conf - nginx-botsearch - drupal-auth - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports - action.d/sendmail-geoip-lines.conf - action.d/nsupdate to update DNSBL - New status argument for fail2ban-client Some of the upstream changes for 0.9.3 : - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust <grepopts> to augment the behavior. - New Features: * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication
2015-11-27 16:41:47 +01:00
INSTALLATION_DIRS+= ${PKGMANDIR}/man1/ ${PKGMANDIR}/man5/ ${EGDIR} ${EGDIR}/action.d/ ${EGDIR}/filter.d/ ${EGDIR}/filter.d/ignorecommands/ \
${PKG_SYSCONFDIR} ${PKG_SYSCONFDIR}/action.d/ ${PKG_SYSCONFDIR}/filter.d/ ${PKG_SYSCONFDIR}/filter.d/ignorecommands/
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
.for config in fail2ban.conf jail.conf paths-common.conf paths-debian.conf paths-fedora.conf paths-freebsd.conf paths-osx.conf paths-netbsd.conf paths-pkgsrc.conf
CONF_FILES+= ${EGDIR}/${config} ${PKG_SYSCONFDIR}/${config}
.endfor
Updated security/fail2ban to 0.9.6. Upstream changelog : * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]`
2017-02-02 19:35:56 +01:00
.for action in apf.conf badips.conf badips.py blocklist_de.conf bsd-ipfw.conf cloudflare.conf complain.conf dshield.conf dummy.conf firewallcmd-allports.conf firewallcmd-ipset.conf firewallcmd-multiport.conf firewallcmd-new.conf firewallcmd-rich-logging.conf firewallcmd-rich-rules.conf hostsdeny.conf ipfilter.conf ipfw.conf iptables-allports.conf iptables-common.conf iptables-ipset-proto4.conf iptables-ipset-proto6-allports.conf iptables-ipset-proto6.conf iptables-multiport-log.conf iptables-multiport.conf iptables-new.conf iptables-xt_recent-echo.conf iptables.conf mail-buffered.conf mail-whois-common.conf mail-whois-lines.conf mail-whois.conf mail.conf mynetwatchman.conf nftables-allports.conf nftables-common.conf nftables-multiport.conf npf.conf nsupdate.conf osx-afctl.conf osx-ipfw.conf pf.conf route.conf sendmail-buffered.conf sendmail-common.conf sendmail-geoip-lines.conf sendmail-whois-ipjailmatches.conf sendmail-whois-ipmatches.conf sendmail-whois-lines.conf sendmail-whois-matches.conf sendmail-whois.conf sendmail.conf shorewall-ipset-proto6.conf shorewall.conf smtp.py symbiosis-blacklist-allports.conf ufw.conf xarf-login-attack.conf
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
CONF_FILES+= ${EGDIR}/action.d/${action} ${PKG_SYSCONFDIR}/action.d/${action}
.endfor
Updated security/fail2ban to 0.9.6. Upstream changelog : * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]`
2017-02-02 19:35:56 +01:00
.for filter in 3proxy.conf apache-auth.conf apache-badbots.conf apache-botsearch.conf apache-common.conf apache-fakegooglebot.conf apache-modsecurity.conf apache-nohome.conf apache-noscript.conf apache-overflows.conf apache-pass.conf apache-shellshock.conf assp.conf asterisk.conf botsearch-common.conf common.conf counter-strike.conf courier-auth.conf courier-smtp.conf cyrus-imap.conf directadmin.conf dovecot.conf dropbear.conf drupal-auth.conf ejabberd-auth.conf exim-common.conf exim-spam.conf exim.conf freeswitch.conf froxlor-auth.conf groupoffice.conf gssftpd.conf guacamole.conf haproxy-http-auth.conf horde.conf kerio.conf lighttpd-auth.conf mongodb-auth.conf monit.conf murmur.conf mysqld-auth.conf nagios.conf named-refused.conf nginx-botsearch.conf nginx-http-auth.conf nginx-limit-req.conf nsd.conf openhab.conf openwebmail.conf oracleims.conf pam-generic.conf perdition.conf php-url-fopen.conf portsentry.conf postfix-rbl.conf postfix-sasl.conf postfix.conf proftpd.conf pure-ftpd.conf qmail.conf recidive.conf roundcube-auth.conf screensharingd.conf selinux-common.conf selinux-ssh.conf sendmail-auth.conf sendmail-reject.conf sieve.conf slapd.conf sogo-auth.conf solid-pop3d.conf squid.conf squirrelmail.conf sshd-ddos.conf sshd.conf stunnel.conf suhosin.conf tine20.conf uwimap-auth.conf vsftpd.conf webmin-auth.conf wuftpd.conf xinetd-fail.conf
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
CONF_FILES+= ${EGDIR}/filter.d/${filter} ${PKG_SYSCONFDIR}/filter.d/${filter}
.endfor
Updated to 0.9.3. Some of the upstream changes for 0.9.2 : - various typo in config files - filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues - some fixes for EL7 New features : - New filters: - postfix-rbl - apache-fakegooglebot.conf - nginx-botsearch - drupal-auth - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports - action.d/sendmail-geoip-lines.conf - action.d/nsupdate to update DNSBL - New status argument for fail2ban-client Some of the upstream changes for 0.9.3 : - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust <grepopts> to augment the behavior. - New Features: * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication
2015-11-27 16:41:47 +01:00
CONF_FILES+= ${EGDIR}/filter.d/ignorecommands/apache-fakegooglebot ${PKG_SYSCONFDIR}/filter.d/ignorecommands/apache-fakegooglebot
Updated security/fail2ban to 0.9.5. Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved jails, actions and filter. Details are here : - https://github.com/fail2ban/fail2ban/releases/tag/0.9.4 - https://github.com/fail2ban/fail2ban/releases/tag/0.9.5 Pkgsrc changes are : - added man pages (fail2ban-testcases.1 fail2ban.1) - added and reorderd filters, actions, and documentation files - minor edits to please pkglint
2016-12-04 22:02:55 +01:00
TXTDOCFILES+= develop.txt fail2ban.client.actionreader.txt fail2ban.client.beautifier.txt fail2ban.client.configparserinc.txt fail2ban.client.configreader.txt fail2ban.client.configurator.txt fail2ban.client.csocket.txt fail2ban.client.fail2banreader.txt fail2ban.client.filterreader.txt fail2ban.client.jailreader.txt fail2ban.client.jailsreader.txt fail2ban.client.txt fail2ban.exceptions.txt fail2ban.helpers.txt fail2ban.protocol.txt fail2ban.server.action.txt fail2ban.server.actions.txt fail2ban.server.asyncserver.txt fail2ban.server.banmanager.txt fail2ban.server.database.txt fail2ban.server.datedetector.txt fail2ban.server.datetemplate.txt fail2ban.server.faildata.txt fail2ban.server.failmanager.txt fail2ban.server.failregex.txt fail2ban.server.filter.txt fail2ban.server.filtergamin.txt fail2ban.server.filterpoll.txt fail2ban.server.filterpyinotify.txt fail2ban.server.filtersystemd.txt fail2ban.server.jail.txt fail2ban.server.jails.txt fail2ban.server.jailthread.txt fail2ban.server.mytime.txt fail2ban.server.server.txt fail2ban.server.strptime.txt fail2ban.server.ticket.txt fail2ban.server.transmitter.txt fail2ban.server.txt fail2ban.txt fail2ban.version.txt filters.txt index.txt release.txt
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
AUTO_MKDIRS= yes
Updated security/fail2ban to 0.9.5. Changelog from 0.9.3 and 0.9.4 is quite long. Expect new and improved jails, actions and filter. Details are here : - https://github.com/fail2ban/fail2ban/releases/tag/0.9.4 - https://github.com/fail2ban/fail2ban/releases/tag/0.9.5 Pkgsrc changes are : - added man pages (fail2ban-testcases.1 fail2ban.1) - added and reorderd filters, actions, and documentation files - minor edits to please pkglint
2016-12-04 22:02:55 +01:00
MANPAGES1= fail2ban-client.1 fail2ban-regex.1 fail2ban-server.1 fail2ban-testcases.1 fail2ban.1
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
MANPAGES5= jail.conf.5
FILES_SUBST+= PYTHON_INTERP=${PYTHONBIN:Q}
BUILD_DEFS+= PYTHON_INTERP
BUILD_DEFS+= VARBASE
RCD_SCRIPTS= fail2ban
SUBST_CLASSES+= paths
SUBST_STAGE.paths= pre-configure
SUBST_MESSAGE.paths= Substituting paths variables.
SUBST_VARS.paths+= VARBASE
SUBST_FILES.paths= ${WRKSRC}/bin/fail2ban-client
SUBST_FILES.paths+= ${WRKSRC}/fail2ban/client/configreader.py
SUBST_FILES.paths+= ${WRKSRC}/fail2ban/tests/utils.py
SUBST_FILES.paths+= ${WRKSRC}/man/fail2ban-client.1
SUBST_FILES.paths+= ${WRKSRC}/man/fail2ban-client.h2m
SUBST_FILES.paths+= ${WRKSRC}/setup.py
SUBST_FILES.paths+= ${WRKSRC}/config/fail2ban.conf
SUBST_FILES.paths+= ${WRKSRC}/config/jail.conf
SUBST_FILES.paths+= ${WRKSRC}/config/paths-pkgsrc.conf
SUBST_SED.paths= -e 's,/etc,${PREFIX}/etc,g'
SUBST_SED.paths+= -e 's,/var/lib,${VARBASE}/db,g'
SUBST_SED.paths+= -e 's,/var,${VARBASE},g'
SUBST_SED.paths+= -e 's,/usr/share,${PREFIX}/share,g'
SUBST_SED.paths+= -e 's,/usr/share,${PREFIX}/share,g'
SUBST_SED.paths+= -e 's,paths-debian.conf,paths-pkgsrc.conf,g'
SUBST_CLASSES+= install
SUBST_STAGE.install= pre-install
SUBST_MESSAGE.install= correcting installation path
SUBST_FILES.install= ${WRKSRC}/setup.py
SUBST_SED.install= -e 's,${PREFIX}/etc/fail2ban,${EGDIR},g'
.include "../../mk/bsd.prefs.mk"
SUBST_CLASSES+= ostype
SUBST_STAGE.ostype= post-configure
SUBST_MESSAGE.ostype= Adjusting OS type
SUBST_FILES.ostype= ${WRKSRC}/config/paths-pkgsrc.conf
.if ${OPSYS} == "NetBSD"
SUBST_SED.ostype= -e "s,\#before = paths-distro.conf,before = paths-netbsd.conf,g"
.elif ${OPSYS} == "Darwin"
SUBST_SED.ostype= -e "s,\#before = paths-distro.conf,before = paths-osx.conf,g"
.elif ${OPSYS} == "DragonFly" || ${OPSYS} == "FreeBSD"
SUBST_SED.ostype= -e "s,\#before = paths-distro.conf,before = paths-freebsd.conf,g"
fail2ban: fix build on linux and others having an empty SUBST_SED returns usage and a non-zero exit value and the build doesn't continue.
2017-03-16 22:08:35 +01:00
.else
SUBST_SED.ostype= -e 's,this cant be empty,,g'
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
.endif
post-extract:
${CP} ${FILESDIR}/paths-netbsd.conf ${WRKSRC}/config/paths-netbsd.conf
${CP} ${FILESDIR}/paths-pkgsrc.conf ${WRKSRC}/config/paths-pkgsrc.conf
post-build:
Corrected a build problem with py-sphinx-1.2.3nb1 because sphinx-build has been replaced with sphinx-build${PYVERSSUFFIX} (therefore it depends on at least this version). Corrected maintainer's email address.
2015-03-11 21:45:52 +01:00
cd ${WRKSRC}/doc/ && make SPHINXBUILD=${PREFIX}/bin/sphinx-build${PYVERSSUFFIX} text
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
post-install:
.for manfile1 in ${MANPAGES1}
${INSTALL_MAN} ${WRKSRC}/man/${manfile1} ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/
.endfor
.for manfile5 in ${MANPAGES5}
${INSTALL_MAN} ${WRKSRC}/man/${manfile5} ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/
.endfor
Updated security/fail2ban to 0.9.6. Upstream changelog : * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]`
2017-02-02 19:35:56 +01:00
.for txt1 in ${TXTDOCFILES}
${INSTALL_DATA} ${WRKSRC}/doc/build/text/${txt1} ${DESTDIR}${DOCDIR}/
.endfor
.for txt2 in DEVELOP FILTERS README.Solaris README.md doc/run-rootless.txt
${INSTALL_DATA} ${WRKSRC}/${txt2} ${DESTDIR}${DOCDIR}/
Initial import of security/fail2ban, version 0.9.1, into the NetBSD Packages Collection. Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. Theses rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones.
2015-02-09 11:05:25 +01:00
.endfor
.include "options.mk"
.include "../../lang/python/distutils.mk"
.include "../../mk/bsd.pkg.mk"
Reference in a new issue Copy permalink