1 |
fail2ban is not on the Portage tree, you need to install it manually or via |
2 |
a ebuild on a overlay, this was discussed in another thread in this mailing |
3 |
list. |
4 |
|
5 |
As per another discussion in this list, what you have to do is: |
6 |
|
7 |
- create a local overlay: /usr/local/portage and then net-firewall/fail2ban |
8 |
- declare this overlay in you make.conf |
9 |
- copy fail2ban-0.5.4.ebuild (see below) into |
10 |
/usr/local/portage/net-firewall/fail2ban/ |
11 |
- create an new directory under fail2ban called 'files' |
12 |
- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory |
13 |
- run "ebuild fail2ban-0.5.4.ebuild digest" |
14 |
|
15 |
And then simply emerge fail2ban. |
16 |
|
17 |
Here is the ebuild: |
18 |
----------------------------- |
19 |
# Distributed under the terms of the GNU General Public License v2 |
20 |
|
21 |
DESCRIPTION="Bans IP that make too many password failures" |
22 |
HOMEPAGE="http://sourceforge.net/projects/fail2ban" |
23 |
SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2<mirror://sourceforge/fail2ban/$%7BP%7D.tar.bz2> |
24 |
" |
25 |
LICENSE="GPL-2" |
26 |
SLOT="0" |
27 |
KEYWORDS="~x86 ~amd64" |
28 |
IUSE="" |
29 |
DEPEND=">=dev-lang/python-2.3" |
30 |
|
31 |
src_install() { |
32 |
# Use python setup |
33 |
python setup.py install --root=${D} || die |
34 |
|
35 |
# Use fail2ban.conf.default as default config file |
36 |
insinto /etc |
37 |
newins config/fail2ban.conf.default fail2ban.conf |
38 |
# Install initd scripts |
39 |
exeinto /etc/init.d |
40 |
newexe config/gentoo-initd fail2ban |
41 |
insinto /etc/conf.d |
42 |
newins config/gentoo-confd fail2ban |
43 |
# Doc |
44 |
doman man/*.[0-9] |
45 |
dodoc CHANGELOG README TODO |
46 |
} |
47 |
|
48 |
pkg_postinst() { |
49 |
# The user must edit the config file |
50 |
echo "" |
51 |
einfo "Please edit /etc/fail2ban.conf with parameters" |
52 |
einfo "which correspond to your system." |
53 |
echo "" |
54 |
} |
55 |
|
56 |
|
57 |
On 10/11/05, woody < cyril@×××××××.org> wrote: |
58 |
> |
59 |
> Jochen Maes wrote: |
60 |
> > -----BEGIN PGP SIGNED MESSAGE----- |
61 |
> > Hash: SHA1 |
62 |
> > |
63 |
> > Hey all, |
64 |
> > |
65 |
> > |
66 |
> > ok one off my servers i keep on getting one iprange that tries to |
67 |
> > login through ssh (200-300) attemps with other usernames. |
68 |
> > This is probably a script that's being ran all the time, but the isp |
69 |
> > doesn't mind, i allready sent my logs and my complaints and i don't |
70 |
> > get any response. |
71 |
> > Is there something like hackerwatch that i can send those logs to |
72 |
> > (preferrably automatically) when happening? |
73 |
> > I've blocked the range now so isn't a problem but hate it that the isp |
74 |
> > doesn nothing against it. |
75 |
> |
76 |
> have a look to fail2ban.. |
77 |
> |
78 |
> diabolo prod # emerge -s fail2ban |
79 |
> Searching... |
80 |
> [ Results for search key : fail2ban ] |
81 |
> [ Applications found : 1 ] |
82 |
> |
83 |
> * net-firewall/fail2ban |
84 |
> Latest version available: 0.5.4 |
85 |
> Latest version installed: 0.5.4 |
86 |
> Size of downloaded files: 18 kB |
87 |
> Homepage: http://sourceforge.net/projects/fail2ban |
88 |
> Description: Bans IP that make too many password failures |
89 |
> License: GPL-2 |
90 |
> |
91 |
> > |
92 |
> > greetings, |
93 |
> > |
94 |
> > SeJo |
95 |
> > |
96 |
> > - -- |
97 |
> > "Defer no time, delays have dangerous ends" |
98 |
> > |
99 |
> > Jochen Maes Gentoo Linux |
100 |
> > Gentoo Belgium |
101 |
> > http://sejo.be |
102 |
> > http://gentoo.be |
103 |
> > http://gentoo.org |
104 |
> > -----BEGIN PGP SIGNATURE----- |
105 |
> > Version: GnuPG v1.4.2 (GNU/Linux) |
106 |
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
107 |
> > |
108 |
> > iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe |
109 |
> > ZPNqAHab5fXLdx11vdod5rc= |
110 |
> > =35Kg |
111 |
> > -----END PGP SIGNATURE----- |
112 |
> > |
113 |
> |
114 |
> -- |
115 |
> gentoo-security@g.o mailing list |
116 |
> |
117 |
> |