1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
require 'formula'
class Fail2ban < Formula
homepage 'http://www.fail2ban.org/'
url 'http://cloud.github.com/downloads/fail2ban/fail2ban/fail2ban_0.8.7.1.orig.tar.gz'
sha1 'ec1a7ea1360056d5095bb9de733c1e388bd22373'
def install
inreplace 'setup.py' do |s|
s.gsub! /\/etc/, etc
s.gsub! /\/var/, var
end
# Replace hardcoded paths
inreplace 'fail2ban-client', '/usr/share/fail2ban', libexec
inreplace 'fail2ban-server', '/usr/share/fail2ban', libexec
inreplace 'fail2ban-regex', '/usr/share/fail2ban', libexec
inreplace 'fail2ban-client', '/etc', etc
inreplace 'fail2ban-server', '/etc', etc
inreplace 'fail2ban-regex', '/etc', etc
inreplace 'fail2ban-server', '/var', var
inreplace 'config/fail2ban.conf', '/var/run', (var + 'run')
system "python", "setup.py", "install",
"--prefix=#{prefix}",
"--install-lib=#{libexec}",
"--install-data=#{libexec}",
"--install-scripts=#{bin}"
plist_path.write startup_plist
plist_path.chmod 0644
end
def startup_plist
<<-EOF.undent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>#{plist_name}</string>
<key>ProgramArguments</key>
<array>
<string>#{HOMEBREW_PREFIX}/bin/fail2ban-client</string>
<string>start</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
end
def caveats
<<-EOS.undent
Before using Fail2Ban for the first time you should edit jail
configuration and enable the jails that you want to use, for instance
ssh-ipfw. Also make sure that they point to the correct configuration
path. I.e. on Mountain Lion the sshd logfile should point to
/var/log/system.log.
* #{etc}/fail2ban/jail.conf
The Fail2Ban wiki has two pages with instructions for MacOS X Server that
describes how to set up the Jails for the standard MacOS X Server
services for the respective releases.
10.4: http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4)
10.5: http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.5)
A launchctl plist has been created that will start Fail2Ban at bootup. It
must be run by a user that is allowed to manipulate the enabled rules,
i.e. ipfw.
To install it execute the following commands:
sudo cp #{plist_path} /Library/LaunchDaemons/
sudo launchctl load /Library/LaunchDaemons/#{plist_name}
EOS
end
end
|
