mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-12 03:10:13 +00:00
Code Issues Projects Releases Wiki Activity
Files
cbbfb854a479a46904447b716a1c29183cbfa3b0
meta-security/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
Rasmus Villemoes cbbfb854a4 fail2ban: update to 1.1.0+ 
Current 1.0.2 version does not work with scarthgap or later releases,
as the asynchat module has been removed (as scheduled) from python's
stdlib as of v3.12.

fail2ban 1.1.0 also does not work out-of-the-box, as the distutils
module which the pyinotify and systemd backends depend has also been
removed.

So update the recipe to point at commit ac62658c10f4, which fixes
those two backends to no longer depend on distutils.

Upstream's out-of-the-box ban action now uses the 'nft'
command. People can still override and customize that in
jail.conf/jail.local, but to make the recipe useful without
customizing things back to use iptables, change the dependency
iptables->nftables.

Since 1.1.0, fail2ban has been python3-only, so the recipe becomes
somewhat simpler since the whole do_compile preparation step can be
removed.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
(update PV)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2025-11-24 19:04:14 +02:00

67 lines
2.3 KiB
BlitzBasic
Raw Blame History

SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
many failed login attempts. It does this by updating system firewall rules to reject new \
connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
and is easy to configure to read any log file you choose, for any error you choose."
HOMEPAGE = "http://www.fail2ban.org"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
DEPENDS = "python3-native"
SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
file://initd \
file://run-ptest \
"
PV = "1.1.0+git${SRCPV}"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
inherit update-rc.d ptest setuptools3_legacy
inherit systemd
SYSTEMD_SERVICE:${PN} = "fail2ban.service"
S = "${WORKDIR}/git"
do_install:append () {
rm -f ${D}/${bindir}/fail2ban-python
install -d ${D}/${sysconfdir}/fail2ban
install -d ${D}/${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
install -d ${D}${systemd_system_unitdir}
install -m 0644 ${B}/fail2ban.service ${D}${systemd_system_unitdir}
fi
chown -R root:root ${D}/${bindir}
rm -rf ${D}/run
}
do_install_ptest:append () {
install -d ${D}${PTEST_PATH}
install -d ${D}${PTEST_PATH}/bin
sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest
install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
}
INITSCRIPT_PACKAGES = "${PN}"
INITSCRIPT_NAME = "fail2ban-server"
INITSCRIPT_PARAMS = "defaults 25"
INSANE_SKIP:${PN}:append = "already-stripped"
RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} nftables python3-core python3-pyinotify"
RDEPENDS:${PN} += "python3-sqlite3"
RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}"
Reference in New Issue View Git Blame Copy Permalink