Date: Tue, 31 Jan 2012 11:30:19 GMT From: Matthias Fechner <idefix@fechner.net> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/164659: fail2ban overwrite config files Message-ID: <201201311130.q0VBUJZZ093356@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/164659; it has been noted by GNATS. From: Matthias Fechner <idefix@fechner.net> To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Cc: Subject: Re: ports/164659: fail2ban overwrite config files Date: Tue, 31 Jan 2012 12:27:58 +0100 This is a multi-part message in MIME format. --------------020808050508030908080707 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit what do you think about the attached patch? That should make clear how to configure and prevent the overwrite of the config file with an update. Bye Matthias --------------020808050508030908080707 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="fail2ban.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="fail2ban.patch" diff -urN py-fail2ban.old/Makefile py-fail2ban/Makefile --- py-fail2ban.old/Makefile 2012-01-31 12:19:28.247134384 +0100 +++ py-fail2ban/Makefile 2012-01-31 12:13:04.901139503 +0100 @@ -23,6 +23,7 @@ USE_PYDISTUTILS= yes USE_RC_SUBR= fail2ban +SUB_FILES= pkg-message SUB_LIST+= PYTHON_CMD=${PYTHON_CMD} PYDISTUTILS_INSTALLARGS+= --install-purelib=${PYTHON_SITELIBDIR} \ @@ -38,4 +39,7 @@ post-patch: @${ECHO_CMD} ${FILES} | ${XARGS} ${REINPLACE_CMD} -e 's,/etc/fail2ban,${ETCDIR},g' +post-install: + @${CAT} ${PKGMESSAGE} + .include <bsd.port.mk> diff -urN py-fail2ban.old/files/pkg-message.in py-fail2ban/files/pkg-message.in --- py-fail2ban.old/files/pkg-message.in 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/pkg-message.in 2012-01-31 12:18:31.331132519 +0100 @@ -0,0 +1,19 @@ + +To complete the configuration: + +1. Copy the standard config file to a local one: + cp %%ETCDIR%%/jail.conf %%ETCDIR%%/jail.local + +2. Add new jails in the jail.local, e.g. for ssh: +[ssh-pf] +enabled = true +filter = bsd-sshd +action = pf[name=SSH, port=ssh, protocol=tcp] +logpath = /var/log/auth.log + +3. Enable fail2ban + Edit /etc/rc.conf to enable it. + +4. Start it + Use the start script in /usr/local/etc/rc.d/fail2ban start + --------------020808050508030908080707--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201311130.q0VBUJZZ093356>