# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
PortGroup github 1.0
PortGroup python 1.0
github.setup fail2ban fail2ban 0.9.4
# Change github.tarball_from to 'releases' or 'archive' next update
github.tarball_from tarball
categories security python
license GPL-2+
maintainers nomaintainer
platforms {darwin any}
supported_archs noarch
description Fail2ban protects computer against brute-force attacks
long_description Fail2ban scans log files (e.g. /var/log/apache/error_log) and \
bans IPs that show the malicious signs -- too many password failures, \
seeking for exploits, etc. Generally Fail2Ban then used to update \
firewall rules to reject the IP addresses for a specified amount \
of time, although any arbitrary other action (e.g. sending an email, \
or ejecting CD-ROM tray) could also be configured. Out of the box \
Fail2Ban comes with filters for various services (apache, curier, ssh, etc).
homepage https://www.fail2ban.org/
distname ${version}
checksums rmd160 05ae35c2dc03f04e474985b394193b92029f8ca9 \
sha256 9a4a6402f8e6bda15ef8b5a848ce8d91d80735356b52dfac0d7612cdd2fbcaf3
python.default_version 27
set f2bconfdir ${prefix}/etc/${name}
set f2bbindir ${prefix}/bin
set f2brundir ${prefix}/var/run/${name}
set f2bsock ${f2brundir}/${name}.sock
set f2bpid ${f2brundir}/${name}.pid
patchfiles patch-setup.py.diff \
patch-fail2ban-client-configreader.py.diff \
patch-fail2ban-tests-misctestcase.py.diff \
patch-fail2ban-tests-utils.py.diff \
patch-config-fail2ban.conf.diff \
patch-config-jail.conf.diff \
patch-config-paths-common.conf.diff \
patch-config-paths-osx.conf.diff \
patch-config-action.d-osx-afctl.conf.diff \
patch-bin-fail2ban-client.diff \
patch-bin-fail2ban-server.diff \
patch-fail2ban-server-filterpoll.py.diff
post-patch {
reinplace "s|@@PREFIX@@|${prefix}|g" ${worksrcpath}/setup.py \
${worksrcpath}/fail2ban/client/configreader.py \
${worksrcpath}/fail2ban/tests/misctestcase.py \
${worksrcpath}/fail2ban/tests/utils.py \
${worksrcpath}/config/fail2ban.conf \
${worksrcpath}/config/paths-common.conf \
${worksrcpath}/bin/fail2ban-client \
${worksrcpath}/bin/fail2ban-server
}
startupitem.create yes
startupitem.start "export LANG=en_GB.UTF-8; if \[ -r ${f2bsock} -a ! -r ${f2bpid} \]; then rm ${f2bsock}; fi; ${f2bbindir}/${name}-client start"
startupitem.stop "${f2bbindir}/${name}-client stop"
destroot.keepdirs ${destroot}${f2brundir}
post-destroot {
# Adding dedicated OSX pf-icefloor action file
xinstall -m 644 ${filespath}/pf-icefloor.conf ${destroot}${f2bconfdir}/action.d/
# Adding a suffix to config files
set cfgfiles [concat [glob ${destroot}${f2bconfdir}/*.conf] [glob ${destroot}${f2bconfdir}/action.d/*.conf] [glob ${destroot}${f2bconfdir}/filter.d/*.conf]]
foreach cfgfile ${cfgfiles} {
move ${cfgfile} ${cfgfile}.${version}
}
}
post-activate {
# If not already present we put default config files
set cfgfiles [concat [glob ${f2bconfdir}/*.conf.${version}] [glob ${f2bconfdir}/action.d/*.conf.${version}] [glob ${f2bconfdir}/filter.d/*.conf.${version}]]
foreach cfgfile ${cfgfiles} {
regsub "\.${version}" ${cfgfile} {} origcfgfile
if {![file exists ${origcfgfile}]} {
file copy ${cfgfile} ${origcfgfile}
}
}
}
notes "
Next step is to configure fail2ban.
Start to read:
${f2bconfdir}/fail2ban.conf
${f2bconfdir}/jail.conf
and create your own fail2ban.local and jail.local
Start/stop fail2ban with: sudo port \[un\]load fail2ban
More info at ${homepage}
"
livecheck.type regexm
livecheck.url ${homepage}wiki/index.php/Downloads
livecheck.regex <i>stable</i>.*?>${name}-(\[0-9.\]+)<