Squashed 'import-layers/meta-security/' content from commit 4d139b9
Subtree from git://git.yoctoproject.org/meta-security
Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/import-layers/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb b/import-layers/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb
new file mode 100644
index 0000000..7e2deba
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/fail2ban/fail2ban_0.10.2.bb
@@ -0,0 +1,41 @@
+SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
+DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
+many failed login attempts. It does this by updating system firewall rules to reject new \
+connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
+out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
+and is easy to configure to read any log file you choose, for any error you choose."
+HOMEPAGE = "http://www.fail2ban.org"
+
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
+
+SRCREV ="a45488465e0dd547eb8479c0fa9fd577c1837213"
+SRC_URI = " \
+ git://github.com/fail2ban/fail2ban.git;branch=0.10 \
+ file://initd \
+ file://fail2ban_setup.py \
+"
+
+inherit update-rc.d setuptools
+
+S = "${WORKDIR}/git"
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "fail2ban-server"
+INITSCRIPT_PARAMS = "defaults 25"
+
+do_compile_prepend () {
+ cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+}
+
+do_install_append () {
+ install -d ${D}/${sysconfdir}/fail2ban
+ install -d ${D}/${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+}
+
+FILES_${PN} += "/run"
+
+INSANE_SKIP_${PN}_append = "already-stripped"
+
+RDEPENDS_${PN} = "sysklogd iptables sqlite3 python python-pyinotify"
diff --git a/import-layers/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py b/import-layers/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py
new file mode 100755
index 0000000..a5d4ed6
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/fail2ban/files/fail2ban_setup.py
@@ -0,0 +1,175 @@
+#!/usr/bin/env python
+# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
+# vi: set ft=python sts=4 ts=4 sw=4 noet :
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors"
+__license__ = "GPL"
+
+import platform
+
+try:
+ import setuptools
+ from setuptools import setup
+ from setuptools.command.install import install
+ from setuptools.command.install_scripts import install_scripts
+except ImportError:
+ setuptools = None
+ from distutils.core import setup
+
+# all versions
+from distutils.command.build_py import build_py
+from distutils.command.build_scripts import build_scripts
+if setuptools is None:
+ from distutils.command.install import install
+ from distutils.command.install_scripts import install_scripts
+try:
+ # python 3.x
+ from distutils.command.build_py import build_py_2to3
+ from distutils.command.build_scripts import build_scripts_2to3
+ _2to3 = True
+except ImportError:
+ # python 2.x
+ _2to3 = False
+
+import os
+from os.path import isfile, join, isdir, realpath
+import sys
+import warnings
+from glob import glob
+
+from fail2ban.setup import updatePyExec
+
+if setuptools and "test" in sys.argv:
+ import logging
+ logSys = logging.getLogger("fail2ban")
+ hdlr = logging.StreamHandler(sys.stdout)
+ fmt = logging.Formatter("%(asctime)-15s %(message)s")
+ hdlr.setFormatter(fmt)
+ logSys.addHandler(hdlr)
+ if set(["-q", "--quiet"]) & set(sys.argv):
+ logSys.setLevel(logging.CRITICAL)
+ warnings.simplefilter("ignore")
+ sys.warnoptions.append("ignore")
+ elif set(["-v", "--verbose"]) & set(sys.argv):
+ logSys.setLevel(logging.DEBUG)
+ else:
+ logSys.setLevel(logging.INFO)
+elif "test" in sys.argv:
+ print("python distribute required to execute fail2ban tests")
+ print("")
+
+longdesc = '''
+Fail2Ban scans log files like /var/log/pwdfail or
+/var/log/apache/error_log and bans IP that makes
+too many password failures. It updates firewall rules
+to reject the IP address or executes user defined
+commands.'''
+
+if setuptools:
+ setup_extra = {
+ 'test_suite': "fail2ban.tests.utils.gatherTests",
+ 'use_2to3': True,
+ }
+else:
+ setup_extra = {}
+
+data_files_extra = []
+
+# Installing documentation files only under Linux or other GNU/ systems
+# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding
+# installation there (see e.g. #1233)
+platform_system = platform.system().lower()
+doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt']
+if platform_system in ('solaris', 'sunos'):
+ doc_files.append('README.Solaris')
+if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'):
+ data_files_extra.append(
+ ('/usr/share/doc/fail2ban', doc_files)
+ )
+
+# Get version number, avoiding importing fail2ban.
+# This is due to tests not functioning for python3 as 2to3 takes place later
+exec(open(join("fail2ban", "version.py")).read())
+
+setup(
+ name = "fail2ban",
+ version = version,
+ description = "Ban IPs that make too many password failures",
+ long_description = longdesc,
+ author = "Cyril Jaquier & Fail2Ban Contributors",
+ author_email = "cyril.jaquier@fail2ban.org",
+ url = "http://www.fail2ban.org",
+ license = "GPL",
+ platforms = "Posix",
+ cmdclass = {
+ 'build_py': build_py, 'build_scripts': build_scripts,
+ },
+ scripts = [
+ 'bin/fail2ban-client',
+ 'bin/fail2ban-server',
+ 'bin/fail2ban-regex',
+ 'bin/fail2ban-testcases',
+ # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
+ ],
+ packages = [
+ 'fail2ban',
+ 'fail2ban.client',
+ 'fail2ban.server',
+ 'fail2ban.tests',
+ 'fail2ban.tests.action_d',
+ ],
+ package_data = {
+ 'fail2ban.tests':
+ [ join(w[0], f).replace("fail2ban/tests/", "", 1)
+ for w in os.walk('fail2ban/tests/files')
+ for f in w[2]] +
+ [ join(w[0], f).replace("fail2ban/tests/", "", 1)
+ for w in os.walk('fail2ban/tests/config')
+ for f in w[2]] +
+ [ join(w[0], f).replace("fail2ban/tests/", "", 1)
+ for w in os.walk('fail2ban/tests/action_d')
+ for f in w[2]]
+ },
+ data_files = [
+ ('/etc/fail2ban',
+ glob("config/*.conf")
+ ),
+ ('/etc/fail2ban/filter.d',
+ glob("config/filter.d/*.conf")
+ ),
+ ('/etc/fail2ban/filter.d/ignorecommands',
+ [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)]
+ ),
+ ('/etc/fail2ban/action.d',
+ glob("config/action.d/*.conf") +
+ glob("config/action.d/*.py")
+ ),
+ ('/etc/fail2ban/fail2ban.d',
+ ''
+ ),
+ ('/etc/fail2ban/jail.d',
+ ''
+ ),
+ ('/var/lib/fail2ban',
+ ''
+ ),
+ ] + data_files_extra,
+ **setup_extra
+)
diff --git a/import-layers/meta-security/recipes-security/fail2ban/files/initd b/import-layers/meta-security/recipes-security/fail2ban/files/initd
new file mode 100644
index 0000000..4f4b394
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/fail2ban/files/initd
@@ -0,0 +1,98 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: fail2ban
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start: $time $network $syslog iptables firehol shorewall ferm
+# Should-Stop: $network $syslog iptables firehol shorewall ferm
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/Stop fail2ban
+# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors
+### END INIT INFO
+
+# Source function library.
+. /etc/init.d/functions
+
+# Check that the config file exists
+[ -f /etc/fail2ban/fail2ban.conf ] || exit 0
+
+check_privsep_dir() {
+ # Create the PrivSep empty dir if necessary
+ if [ ! -d /var/run/fail2ban ]; then
+ mkdir /var/run/fail2ban
+ chmod 0755 /var/run/fail2ban
+ fi
+}
+
+FAIL2BAN="/usr/bin/fail2ban-client"
+prog=fail2ban-server
+lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
+socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
+pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
+RETVAL=0
+
+start() {
+ echo -n $"Starting fail2ban: "
+ check_privsep_dir
+ ${FAIL2BAN} -x start > /dev/null
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ touch ${lockfile}
+ echo_success
+ else
+ echo_failure
+ fi
+ echo
+ return $RETVAL
+}
+
+stop() {
+ echo -n $"Stopping fail2ban: "
+ ${FAIL2BAN} stop > /dev/null
+ RETVAL=$?
+ if [ $RETVAL = 0 ]; then
+ rm -f ${lockfile} ${pidfile}
+ echo_success
+ else
+ echo_failure
+ fi
+ echo
+ return $RETVAL
+}
+
+reload() {
+ echo "Reloading fail2ban: "
+ ${FAIL2BAN} reload
+ RETVAL=$?
+ echo
+ return $RETVAL
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ reload)
+ reload
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ status)
+ status -p ${pidfile} ${prog}
+ RETVAL=$?
+ [ $RETVAL = 0 ] && ${FAIL2BAN} status
+ ;;
+ *)
+ echo $"Usage: fail2ban {start|stop|restart|reload|status}"
+ RETVAL=2
+esac
+
+exit $RETVAL