From a2ec4fc27530c3401d4c2ebeb9395e9830c1655c Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes Date: Mon, 8 Jul 2024 15:11:38 +0200 Subject: fail2ban: update to 1.1.0+ Current 1.0.2 version does not work with scarthgap or later releases, as the asynchat module has been removed (as scheduled) from python's stdlib as of v3.12. fail2ban 1.1.0 also does not work out-of-the-box, as the distutils module which the pyinotify and systemd backends depend has also been removed. So update the recipe to point at commit ac62658c10f4, which fixes those two backends to no longer depend on distutils. Upstream's out-of-the-box ban action now uses the 'nft' command. People can still override and customize that in jail.conf/jail.local, but to make the recipe useful without customizing things back to use iptables, change the dependency iptables->nftables. Since 1.1.0, fail2ban has been python3-only, so the recipe becomes somewhat simpler since the whole do_compile preparation step can be removed. Signed-off-by: Rasmus Villemoes Signed-off-by: Armin Kuster --- .../fail2ban/python3-fail2ban_1.0.2.bb | 74 ---------------------- .../fail2ban/python3-fail2ban_git.bb | 66 +++++++++++++++++++ 2 files changed, 66 insertions(+), 74 deletions(-) delete mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb create mode 100644 dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb (limited to 'dynamic-layers/meta-python') diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb deleted file mode 100644 index e284d82..0000000 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ /dev/null @@ -1,74 +0,0 @@ -SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." -DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ -many failed login attempts. It does this by updating system firewall rules to reject new \ -connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ -out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ -and is easy to configure to read any log file you choose, for any error you choose." -HOMEPAGE = "http://www.fail2ban.org" - -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" - -DEPENDS = "python3-native" - -SRCREV = "e1d3006b0330e9777705a7baafe3989d442ed120" -SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ - file://initd \ - file://run-ptest \ - " - -UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" - -inherit update-rc.d ptest setuptools3_legacy -inherit systemd - -SYSTEMD_SERVICE:${PN} = "fail2ban.service" - -S = "${UNPACKDIR}/git" - -do_compile () { - cd ${S} - - #remove symlink to python3 - # otherwise 2to3 is run against it - rm -f bin/fail2ban-python - - ./fail2ban-2to3 -} - -do_install:append () { - rm -f ${D}/${bindir}/fail2ban-python - install -d ${D}/${sysconfdir}/fail2ban - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${UNPACKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${B}/fail2ban.service ${D}${systemd_system_unitdir} - fi - - chown -R root:root ${D}/${bindir} - rm -rf ${D}/run -} - -do_install_ptest:append () { - install -d ${D}${PTEST_PATH} - install -d ${D}${PTEST_PATH}/bin - sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest - install -D ${S}/bin/* ${D}${PTEST_PATH}/bin - rm -f ${D}${PTEST_PATH}/bin/fail2ban-python -} - - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "fail2ban-server" -INITSCRIPT_PARAMS = "defaults 25" - -INSANE_SKIP:${PN}:append = "already-stripped" - -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables python3-core python3-pyinotify" -RDEPENDS:${PN} += "python3-sqlite3" -RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" -RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" - -RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}" diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb new file mode 100644 index 0000000..52d35f8 --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb @@ -0,0 +1,66 @@ +SUMMARY = "Daemon to ban hosts that cause multiple authentication errors." +DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \ +many failed login attempts. It does this by updating system firewall rules to reject new \ +connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \ +out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \ +and is easy to configure to read any log file you choose, for any error you choose." +HOMEPAGE = "http://www.fail2ban.org" + +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" + +DEPENDS = "python3-native" + +SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78" +SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ + file://initd \ + file://run-ptest \ + " + +PV = "1.1.0+git" + +UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" + +inherit update-rc.d ptest setuptools3_legacy +inherit systemd + +SYSTEMD_SERVICE:${PN} = "fail2ban.service" + +S = "${UNPACKDIR}/git" + +do_install:append () { + rm -f ${D}/${bindir}/fail2ban-python + install -d ${D}/${sysconfdir}/fail2ban + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${UNPACKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${B}/fail2ban.service ${D}${systemd_system_unitdir} + fi + + chown -R root:root ${D}/${bindir} + rm -rf ${D}/run +} + +do_install_ptest:append () { + install -d ${D}${PTEST_PATH} + install -d ${D}${PTEST_PATH}/bin + sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest + install -D ${S}/bin/* ${D}${PTEST_PATH}/bin + rm -f ${D}${PTEST_PATH}/bin/fail2ban-python +} + + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "fail2ban-server" +INITSCRIPT_PARAMS = "defaults 25" + +INSANE_SKIP:${PN}:append = "already-stripped" + +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables python3-core python3-pyinotify" +RDEPENDS:${PN} += "python3-sqlite3" +RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" +RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" + +RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}" -- cgit v1.2.3-54-g00ecf