diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index f292316824ee..77cada9444c0 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,84 +1,84 @@ PORTNAME= fail2ban DISTVERSION= 1.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= cy@FreeBSD.org COMMENT= Scans log files and bans IP that makes too many password failures WWW= https://www.fail2ban.org/wiki/index.php/Main_Page LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} USES= cpe python:3.6+ shebangfix USE_GITHUB= yes USE_PYTHON= autoplist distutils PYDISTUTILS_BUILDARGS+= --without-tests PYDISTUTILS_INSTALLARGS+= --install-data=${ETCDIR} USE_RC_SUBR= fail2ban SHEBANG_FILES= config/filter.d/ignorecommands/apache-fakegooglebot SHEBANG_LANG= fail2ban-python NO_ARCH= yes SUB_LIST+= PYTHON_CMD=${PYTHON_CMD} PORTDOCS= DEVELOP README.md OPTIONS_DEFINE= DOCS INOTIFY OPTIONS_DEFAULT= INOTIFY INOTIFY_DESC= Support for (lib)inotify to monitor filesystem changes INOTIFY_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyinotify>=0.8.3:devel/py-pyinotify@${PY_FLAVOR} FILES= ${WRKSRC}/bin/fail2ban-client \ ${WRKSRC}/fail2ban/client/configreader.py \ ${WRKSRC}/fail2ban/client/fail2bancmdline.py \ ${WRKSRC}/fail2ban/client/fail2banregex.py \ ${WRKSRC}/man/fail2ban-client.1 \ ${WRKSRC}/man/fail2ban-client.h2m ${WRKSRC}/setup.py MAN_FILES= ${WRKSRC}/man/fail2ban-client.1 \ ${WRKSRC}/man/fail2ban-client.h2m \ ${WRKSRC}/man/fail2ban-regex.1 ${WRKSRC}/man/fail2ban-server.1 \ ${WRKSRC}/man/fail2ban.1 FAIL2BAN_DBDIR= /var/db/${PORTNAME} PY2TO3_CMD= ${LOCALBASE}/bin/2to3-${PYTHON_VER} PY2TO3_ARG= --no-diffs --write --nobackups --fix=all post-patch: @${REINPLACE_CMD} -e 's,/etc/fail2ban,${ETCDIR},g' ${FILES} @${REINPLACE_CMD} -e 's,paths-debian.conf,paths-freebsd.conf,g' \ ${WRKSRC}/config/jail.conf @${REINPLACE_CMD} -e 's,/var/lib/fail2ban/,${FAIL2BAN_DBDIR}/,g' \ ${WRKSRC}/config/fail2ban.conf @${REINPLACE_CMD} -e 's,jail.conf(5),fail2ban-jail.conf(5),g' \ ${MAN_FILES} @${REINPLACE_CMD} -e 's, sed , ${SED} ,g' \ ${WRKSRC}/config/action.d/hostsdeny.conf # XXX Ideally this should be in do-build but it only works in # XXX post-patch (cd ${WRKSRC}/ && ${PY2TO3_CMD} ${PY2TO3_ARG} bin/* fail2ban) post-install: @${MKDIR} ${STAGEDIR}${FAIL2BAN_DBDIR} ${STAGEDIR}/var/run/fail2ban .for file in fail2ban-client fail2ban-regex fail2ban-server fail2ban ${INSTALL_MAN} ${WRKSRC}/man/${file}.1 ${STAGEDIR}${MANPREFIX}/man/man1 .endfor ${INSTALL_MAN} ${WRKSRC}/man/jail.conf.5 ${STAGEDIR}${MANPREFIX}/man/man5/fail2ban-jail.conf.5 post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) do-test: @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test .include diff --git a/security/py-fail2ban/files/patch-config_action.d_ippool.conf b/security/py-fail2ban/files/patch-config_action.d_ippool.conf new file mode 100644 index 000000000000..74857fd6caac --- /dev/null +++ b/security/py-fail2ban/files/patch-config_action.d_ippool.conf @@ -0,0 +1,58 @@ +--- config/action.d/ippool.conf.orig 2022-10-04 07:49:51.467484000 -0700 ++++ config/action.d/ippool.conf 2022-10-04 07:49:54.523077000 -0700 +@@ -0,0 +1,55 @@ ++# Fail2Ban configuration file ++# ++# FreeBSD ipfilter (ippool command) ban/unban ++# ++# Author: Cy Schubert ++# ++# ++ ++[Definition] ++ ++# Option: actionstart ++# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). ++# Values: CMD ++# ++# enable IPF if not already enabled and initialize fail2ban pool ++actionstart = /sbin/ipf -E ++ /sbin/ippool -A -t tree -m fail2ban ++ echo block in log quick from pool/fail2ban to any | /sbin/ipf -f - ++ ++# Option: actionstop ++# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) ++# Values: CMD ++# ++# don't disable IPF with "/sbin/ipf -D", there may be other filters in use ++actionstop = echo block in log quick from pool/fail2ban to any | /sbin/ipf -r -f - ++ /sbin/ippool -R -t tree -m fail2ban ++ ++ ++# Option: actioncheck ++# Notes.: command executed once before each actionban command ++# Values: CMD ++# ++actioncheck = ++ ++ ++# Option: actionban ++# Notes.: command executed when banning an IP. Take care that the ++# command is executed with Fail2Ban user rights. ++# Tags: See jail.conf(5) man page ++# Values: CMD ++# ++actionban = ippool -a -t tree -m fail2ban /32 ++ ++ ++# Option: actionunban ++# Notes.: command executed when unbanning an IP. Take care that the ++# command is executed with Fail2Ban user rights. ++# Tags: See jail.conf(5) man page ++# Values: CMD ++# ++# note -r option used to remove matching rule ++# actionunban = ippool -r -t tree -m fail2ban /32 ++ ++[Init] ++