As per another discussion in this list, what you have to do is:
- create a local overlay: /usr/local/portage and then net-firewall/fail2ban
- declare this overlay in you make.conf
- copy fail2ban-0.5.4.ebuild (see below) into /usr/local/portage/net-firewall/fail2ban/
- create an new directory under fail2ban called 'files'
- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory
- run "ebuild fail2ban-0.5.4.ebuild digest"
And then simply emerge fail2ban.
Here is the ebuild:
-----------------------------
# Distributed under the terms of the GNU General Public License v2
DESCRIPTION="Bans IP that make too many password failures"
HOMEPAGE="http://sourceforge.net/projects/fail2ban"
SRC_URI=" mirror://sourceforge/fail2ban/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~amd64"
IUSE=""
DEPEND=">=dev-lang/python-2.3"
src_install() {
# Use python setup
python setup.py install --root=${D} || die
# Use fail2ban.conf.default as default config file
insinto /etc
newins config/fail2ban.conf.default fail2ban.conf
# Install initd scripts
exeinto /etc/init.d
newexe config/gentoo-initd fail2ban
insinto /etc/conf.d
newins config/gentoo-confd fail2ban
# Doc
doman man/*.[0-9]
dodoc CHANGELOG README TODO
}
pkg_postinst() {
# The user must edit the config file
echo ""
einfo "Please edit /etc/fail2ban.conf with parameters"
einfo "which correspond to your system."
echo ""
}
- copy fail2ban-0.5.4.tar.bz2 from sourceforge into this new directory
- run "ebuild fail2ban-0.5.4.ebuild digest"
And then simply emerge fail2ban.
Here is the ebuild:
-----------------------------
# Distributed under the terms of the GNU General Public License v2
DESCRIPTION="Bans IP that make too many password failures"
HOMEPAGE="http://sourceforge.net/projects/fail2ban"
SRC_URI=" mirror://sourceforge/fail2ban/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~x86 ~amd64"
IUSE=""
DEPEND=">=dev-lang/python-2.3"
src_install() {
# Use python setup
python setup.py install --root=${D} || die
# Use fail2ban.conf.default as default config file
insinto /etc
newins config/fail2ban.conf.default fail2ban.conf
# Install initd scripts
exeinto /etc/init.d
newexe config/gentoo-initd fail2ban
insinto /etc/conf.d
newins config/gentoo-confd fail2ban
# Doc
doman man/*.[0-9]
dodoc CHANGELOG README TODO
}
pkg_postinst() {
# The user must edit the config file
echo ""
einfo "Please edit /etc/fail2ban.conf with parameters"
einfo "which correspond to your system."
echo ""
}
On 10/11/05, woody <
[EMAIL PROTECTED]> wrote:
Jochen Maes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey all,
>
>
> ok one off my servers i keep on getting one iprange that tries to
> login through ssh (200-300) attemps with other usernames.
> This is probably a script that's being ran all the time, but the isp
> doesn't mind, i allready sent my logs and my complaints and i don't
> get any response.
> Is there something like hackerwatch that i can send those logs to
> (preferrably automatically) when happening?
> I've blocked the range now so isn't a problem but hate it that the isp
> doesn nothing against it.
have a look to fail2ban..
diabolo prod # emerge -s fail2ban
Searching...
[ Results for search key : fail2ban ]
[ Applications found : 1 ]
* net-firewall/fail2ban
Latest version available: 0.5.4
Latest version installed: 0.5.4
Size of downloaded files: 18 kB
Homepage: http://sourceforge.net/projects/fail2ban
Description: Bans IP that make too many password failures
License: GPL-2
>
> greetings,
>
> SeJo
>
> - --
> "Defer no time, delays have dangerous ends"
>
> Jochen Maes Gentoo Linux
> Gentoo Belgium
> http://sejo.be
> http://gentoo.be
> http://gentoo.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
> ZPNqAHab5fXLdx11vdod5rc=
> =35Kg
> -----END PGP SIGNATURE-----
>
--
[email protected] mailing list
