meta-security: move perl and python recipes to dynamic layers structure

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2022-05-03 14:31:21 -0700
committer: Armin Kuster <akuster808@gmail.com> 2022-05-14 10:51:32 -0700
commit: a764533c20c9cedf0834138076d38d329982e1af (patch)
tree: 4cedb5cc647faeef6636ad0319b495cf89d8a2ea /dynamic-layers/meta-python/recipes-security/fail2ban
parent: 20c13f6335165d693f7f3270c829b3069dbbad66 (diff)
download: meta-security-a764533c20c9cedf0834138076d38d329982e1af.tar.gz
4 files changed, 189 insertions, 0 deletions
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
new file mode 100644
index 0000000..7f0812c
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
@@ -0,0 +1,28 @@
+From fe3436d65518099d35c643848cba50253abc249c Mon Sep 17 00:00:00 2001
+From: Lei Maohui <leimaohui@cn.fujitsu.com>
+Date: Thu, 9 May 2019 14:44:51 +0900
+Subject: [PATCH] To fix build error of xrange.
+NameError: name 'xrange' is not defined
+Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
+---
+ fail2ban/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/fail2ban/__init__.py b/fail2ban/__init__.py
+index fa6dcf7..61789a4 100644
+--- a/fail2ban/__init__.py
+++ b/fail2ban/__init__.py
+@@ -82,7 +82,7 @@ strptime("2012", "%Y")
+ 
+ # short names for pure numeric log-level ("Level 25" could be truncated by short formats):
+ def _init():
+-       for i in xrange(50):
+       for i in range(50):
+                if logging.getLevelName(i).startswith('Level'):
+                        logging.addLevelName(i, '#%02d-Lev.' % i)
+ _init()
+-- 
+2.7.4
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
new file mode 100644
index 0000000..586b3da
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
@@ -0,0 +1,98 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: fail2ban
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start: $time $network $syslog iptables firehol shorewall ferm
+# Should-Stop: $network $syslog iptables firehol shorewall ferm
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start/Stop fail2ban
+# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors
+### END INIT INFO
+# Source function library.
+. /etc/init.d/functions
+# Check that the config file exists
+[ -f /etc/fail2ban/fail2ban.conf ] || exit 0
+check_privsep_dir() {                                                              
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/fail2ban ]; then            
+        mkdir /var/run/fail2ban                    
+        chmod 0755 /var/run/fail2ban
+    fi                                         
+}         
+FAIL2BAN="/usr/bin/fail2ban-client"
+prog=fail2ban-server
+lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
+socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
+pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
+RETVAL=0
+start() {
+    echo -n $"Starting fail2ban: "
+    check_privsep_dir
+    ${FAIL2BAN} -x start > /dev/null
+    RETVAL=$?
+    if [ $RETVAL = 0 ]; then
+        touch ${lockfile}
+        success
+    else
+        failure
+    fi
+    echo
+    return $RETVAL
+}
+stop() {
+    echo -n $"Stopping fail2ban: "
+    ${FAIL2BAN} stop > /dev/null
+    RETVAL=$?
+    if [ $RETVAL = 0 ]; then
+        rm -f ${lockfile} ${pidfile}
+        success
+    else
+        failure
+    fi
+    echo
+    return $RETVAL
+}
+reload() {
+    echo "Reloading fail2ban: "
+    ${FAIL2BAN} reload
+    RETVAL=$?
+    echo
+    return $RETVAL
+}
+# See how we were called.
+case "$1" in
+    start)
+        status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    reload)
+        reload
+        ;;
+    restart)
+        stop
+        start
+        ;;
+    status)
+        status -p ${pidfile} ${prog}
+        RETVAL=$?
+        [ $RETVAL = 0 ] && ${FAIL2BAN} status
+        ;;
+    *)
+        echo $"Usage: fail2ban {start|stop|restart|reload|status}"
+        RETVAL=2
+esac
+exit $RETVAL
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
new file mode 100644
index 0000000..64d07d5
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
@@ -0,0 +1,3 @@
+#!/bin/sh
+##PYTHON## bin/fail2ban-testcases
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
new file mode 100644
index 0000000..96e17b7
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -0,0 +1,60 @@
+SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
+DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
+many failed login attempts. It does this by updating system firewall rules to reject new \
+connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
+out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
+and is easy to configure to read any log file you choose, for any error you choose."
+HOMEPAGE = "http://www.fail2ban.org"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
+DEPENDS = "python3-native"
+SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
+        file://initd \
+        file://run-ptest \
+"
+inherit update-rc.d ptest setuptools3_legacy
+S = "${WORKDIR}/git"
+do_compile () {
+    cd ${S}
+    #remove symlink to python3
+    # otherwise 2to3 is run against it
+    rm -f bin/fail2ban-python
+    ./fail2ban-2to3
+}
+do_install:append () {
+    rm  -f ${D}/${bindir}/fail2ban-python
+    install -d ${D}/${sysconfdir}/fail2ban
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+    chown -R root:root ${D}/${bindir}
+    rm -rf ${D}/run
+}
+do_install_ptest:append () {
+    install -d ${D}${PTEST_PATH}
+    install -d ${D}${PTEST_PATH}/bin
+    sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+    install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
+    rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
+}
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "fail2ban-server"
+INITSCRIPT_PARAMS = "defaults 25"
+INSANE_SKIP:${PN}:append = "already-stripped"
+RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify"
+RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
+RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"
author	Armin Kuster <akuster808@gmail.com>	2022-05-03 14:31:21 -0700
committer	Armin Kuster <akuster808@gmail.com>	2022-05-14 10:51:32 -0700
commit	a764533c20c9cedf0834138076d38d329982e1af (patch)
tree	4cedb5cc647faeef6636ad0319b495cf89d8a2ea /dynamic-layers/meta-python/recipes-security/fail2ban
parent	20c13f6335165d693f7f3270c829b3069dbbad66 (diff)
download	meta-security-a764533c20c9cedf0834138076d38d329982e1af.tar.gz

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch new file mode 100644 index 0000000..7f0812c --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch
@@ -0,0 +1,28 @@
	1	From fe3436d65518099d35c643848cba50253abc249c Mon Sep 17 00:00:00 2001
	2	From: Lei Maohui <leimaohui@cn.fujitsu.com>
	3	Date: Thu, 9 May 2019 14:44:51 +0900
	4	Subject: [PATCH] To fix build error of xrange.
	5
	6	NameError: name 'xrange' is not defined
	7
	8	Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
	9	---
	10	fail2ban/__init__.py \| 2 +-
	11	1 file changed, 1 insertion(+), 1 deletion(-)
	12
	13	diff --git a/fail2ban/__init__.py b/fail2ban/__init__.py
	14	index fa6dcf7..61789a4 100644
	15	--- a/fail2ban/__init__.py
	16	+++ b/fail2ban/__init__.py
	17	@@ -82,7 +82,7 @@ strptime("2012", "%Y")
	18
	19	# short names for pure numeric log-level ("Level 25" could be truncated by short formats):
	20	def _init():
	21	- for i in xrange(50):
	22	+ for i in range(50):
	23	if logging.getLevelName(i).startswith('Level'):
	24	logging.addLevelName(i, '#%02d-Lev.' % i)
	25	_init()
	26	--
	27	2.7.4
	28


diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd new file mode 100644 index 0000000..586b3da --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/initd
@@ -0,0 +1,98 @@
	1	#!/bin/sh
	2	### BEGIN INIT INFO
	3	# Provides: fail2ban
	4	# Required-Start: $local_fs $remote_fs
	5	# Required-Stop: $local_fs $remote_fs
	6	# Should-Start: $time $network $syslog iptables firehol shorewall ferm
	7	# Should-Stop: $network $syslog iptables firehol shorewall ferm
	8	# Default-Start: 2 3 4 5
	9	# Default-Stop: 0 1 6
	10	# Short-Description: Start/Stop fail2ban
	11	# Description: Start/Stop fail2ban, a daemon to ban hosts that cause multiple authentication errors
	12	### END INIT INFO
	13
	14	# Source function library.
	15	. /etc/init.d/functions
	16
	17	# Check that the config file exists
	18	[ -f /etc/fail2ban/fail2ban.conf ] \|\| exit 0
	19
	20	check_privsep_dir() {
	21	# Create the PrivSep empty dir if necessary
	22	if [ ! -d /var/run/fail2ban ]; then
	23	mkdir /var/run/fail2ban
	24	chmod 0755 /var/run/fail2ban
	25	fi
	26	}
	27
	28	FAIL2BAN="/usr/bin/fail2ban-client"
	29	prog=fail2ban-server
	30	lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
	31	socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
	32	pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
	33	RETVAL=0
	34
	35	start() {
	36	echo -n $"Starting fail2ban: "
	37	check_privsep_dir
	38	${FAIL2BAN} -x start > /dev/null
	39	RETVAL=$?
	40	if [ $RETVAL = 0 ]; then
	41	touch ${lockfile}
	42	success
	43	else
	44	failure
	45	fi
	46	echo
	47	return $RETVAL
	48	}
	49
	50	stop() {
	51	echo -n $"Stopping fail2ban: "
	52	${FAIL2BAN} stop > /dev/null
	53	RETVAL=$?
	54	if [ $RETVAL = 0 ]; then
	55	rm -f ${lockfile} ${pidfile}
	56	success
	57	else
	58	failure
	59	fi
	60	echo
	61	return $RETVAL
	62	}
	63
	64	reload() {
	65	echo "Reloading fail2ban: "
	66	${FAIL2BAN} reload
	67	RETVAL=$?
	68	echo
	69	return $RETVAL
	70	}
	71
	72	# See how we were called.
	73	case "$1" in
	74	start)
	75	status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
	76	start
	77	;;
	78	stop)
	79	stop
	80	;;
	81	reload)
	82	reload
	83	;;
	84	restart)
	85	stop
	86	start
	87	;;
	88	status)
	89	status -p ${pidfile} ${prog}
	90	RETVAL=$?
	91	[ $RETVAL = 0 ] && ${FAIL2BAN} status
	92	;;
	93	*)
	94	echo $"Usage: fail2ban {start\|stop\|restart\|reload\|status}"
	95	RETVAL=2
	96	esac
	97
	98	exit $RETVAL


diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest new file mode 100644 index 0000000..64d07d5 --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/run-ptest
@@ -0,0 +1,3 @@
	1	#!/bin/sh
	2
	3	##PYTHON## bin/fail2ban-testcases


diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb new file mode 100644 index 0000000..96e17b7 --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -0,0 +1,60 @@
	1	SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
	2	DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
	3	many failed login attempts. It does this by updating system firewall rules to reject new \
	4	connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
	5	out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
	6	and is easy to configure to read any log file you choose, for any error you choose."
	7	HOMEPAGE = "http://www.fail2ban.org"
	8
	9	LICENSE = "GPL-2.0-only"
	10	LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
	11
	12	DEPENDS = "python3-native"
	13
	14	SRCREV ="4fe4ac8dde6ba14841da598ec37f8c6911fe0f64"
	15	SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
	16	file://initd \
	17	file://run-ptest \
	18	"
	19
	20	inherit update-rc.d ptest setuptools3_legacy
	21
	22	S = "${WORKDIR}/git"
	23
	24	do_compile () {
	25	cd ${S}
	26
	27	#remove symlink to python3
	28	# otherwise 2to3 is run against it
	29	rm -f bin/fail2ban-python
	30
	31	./fail2ban-2to3
	32	}
	33
	34	do_install:append () {
	35	rm -f ${D}/${bindir}/fail2ban-python
	36	install -d ${D}/${sysconfdir}/fail2ban
	37	install -d ${D}/${sysconfdir}/init.d
	38	install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
	39	chown -R root:root ${D}/${bindir}
	40	rm -rf ${D}/run
	41	}
	42
	43	do_install_ptest:append () {
	44	install -d ${D}${PTEST_PATH}
	45	install -d ${D}${PTEST_PATH}/bin
	46	sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
	47	install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
	48	rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
	49	}
	50
	51
	52	INITSCRIPT_PACKAGES = "${PN}"
	53	INITSCRIPT_NAME = "fail2ban-server"
	54	INITSCRIPT_PARAMS = "defaults 25"
	55
	56	INSANE_SKIP:${PN}:append = "already-stripped"
	57
	58	RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify"
	59	RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json"
	60	RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"