fail2ban for SmartOS patch

0.8.12_smartos.patch

diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf
index 61420e3..091c92d 100644
--- a/config/action.d/ipfilter.conf
+++ b/config/action.d/ipfilter.conf
@@ -13,14 +13,14 @@
 # Values:  CMD
 #
 # enable IPF if not already enabled
-actionstart = /sbin/ipf -E
+actionstart = /usr/sbin/ipf -E
 
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-# don't disable IPF with "/sbin/ipf -D", there may be other filters in use
+# don't disable IPF with "/usr/sbin/ipf -D", there may be other filters in use
 actionstop = 
 
 
@@ -37,7 +37,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -f -
+actionban = echo block <blocktype> in quick from <ip>/32 | /usr/sbin/ipf -f -
 
 
 # Option:  actionunban
@@ -47,7 +47,7 @@ actionban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -f -
 # Values:  CMD
 #
 # note -r option used to remove matching rule
-actionunban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -r -f -
+actionunban = echo block <blocktype> in quick from <ip>/32 | /usr/sbin/ipf -r -f -
 
 [Init]
 
diff --git a/fail2ban-client b/fail2ban-client
index 0f863ab..9b69834 100755
--- a/fail2ban-client
+++ b/fail2ban-client
@@ -30,7 +30,7 @@ import getopt, time, shlex, socket
 try:
 	from common.version import version
 except ImportError, e:
-	sys.path.insert(1, "/usr/share/fail2ban")
+	sys.path.insert(1, "/usr/local/share/fail2ban")
 	from common.version import version
 
 # Now we can import the rest of modules
diff --git a/fail2ban-server b/fail2ban-server
index 404a1ce..5cc5bfd 100755
--- a/fail2ban-server
+++ b/fail2ban-server
@@ -29,7 +29,7 @@ import getopt, sys, logging, os
 try:
 	from common.version import version
 except ImportError, e:
-	sys.path.insert(1, "/usr/share/fail2ban")
+	sys.path.insert(1, "/usr/local/share/fail2ban")
 	from common.version import version
 
 from server.server import Server
diff --git a/files/solaris-fail2ban.xml b/files/solaris-fail2ban.xml
index c6ff015..e279b5e 100644
--- a/files/solaris-fail2ban.xml
+++ b/files/solaris-fail2ban.xml
@@ -33,7 +33,7 @@
 	<exec_method
 		type='method'
 		name='start'
-		exec='/lib/svc/method/svc-fail2ban start'
+		exec='/var/svc/method/svc-fail2ban start'
 		timeout_seconds='-1'>
 		<method_context>
 			<method_credential user='root' group='root' />
@@ -43,21 +43,21 @@
 	<exec_method
 		type='method'
 		name='stop'
-		exec='/lib/svc/method/svc-fail2ban stop'
+		exec='/var/svc/method/svc-fail2ban stop'
 		timeout_seconds='-1'>
 	</exec_method>
 
         <exec_method
                 type='method'
                 name='reload'
-                exec='/lib/svc/method/svc-fail2ban reload'
+                exec='/var/svc/method/svc-fail2ban reload'
                 timeout_seconds='-1'>
         </exec_method>
 
        <exec_method
                 type='method'
                 name='refresh'
-                exec='/lib/svc/method/svc-fail2ban refresh'
+                exec='/var/svc/method/svc-fail2ban refresh'
                 timeout_seconds='-1'>
         </exec_method>
 
@@ -65,7 +65,7 @@
 	<exec_method
 		type='method'
 		name='restart'
-		exec='/lib/svc/method/svc-fail2ban restart'
+		exec='/var/svc/method/svc-fail2ban restart'
 		timeout_seconds='-1'>
 	</exec_method>
 
diff --git a/files/solaris-svc-fail2ban b/files/solaris-svc-fail2ban
index e397474..716c760 100755
--- a/files/solaris-svc-fail2ban
+++ b/files/solaris-svc-fail2ban
@@ -15,7 +15,7 @@ if [ -n "$2" ] && [ -f "$F2B_CONF" ]; then
   F2B_CONF="$2"
 fi
 
-ENV="/usr/bin/env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin:/opt/sfw/bin:/usr/sfw/bin"
+ENV="/usr/bin/env -i LANG=C PATH=/opt/local/bin:/usr/bin:/bin:/opt/sfw/bin:/usr/sfw/bin"
 
 # get socket/pid conf and check dir exists
 # sock and pid default dirs are currently the same
@@ -39,24 +39,24 @@ case $1 in
 		fi
 		[ -f /etc/fail2ban.conf ] || touch /etc/fail2ban.conf
 		echo "Starting fail2ban-server with $F2B_CONF"
-		eval $ENV /usr/local/bin/fail2ban-client start &
+		eval $ENV /opt/local/bin/fail2ban-client start &
 	;;
 	stop)
 		echo "Stopping fail2ban-server with $F2B_CONF"
-		eval $ENV /usr/local/bin/fail2ban-client stop &
+		eval $ENV /opt/local/bin/fail2ban-client stop &
 	;;
 	reload | refresh )
 		echo "Reloading fail2ban-server with $F2B_CONF"
-		eval $ENV /usr/local/bin/fail2ban-client reload &
+		eval $ENV /opt/local/bin/fail2ban-client reload &
 	;;
 	restart | force-reload)
 		echo "Forcing reload of fail2ban-server with $F2B_CONF"
-		eval $ENV /usr/local/bin/fail2ban-client stop &
+		eval $ENV /opt/local/bin/fail2ban-client stop &
 		sleep 2
-		eval $ENV /usr/local/bin/fail2ban-client start &
+		eval $ENV /opt/local/bin/fail2ban-client start &
 	;;
 	status)
-		/usr/local/bin/fail2ban-client status &
+		/opt/local/bin/fail2ban-client status &
 	;;
 	*)
 		echo "Usage: /lib/svc/method/svc-fail2ban start|stop|status|refresh|restart|reload|force-reload" >&2
diff --git a/setup.cfg b/setup.cfg
index 02cd5d5..d8b83f2 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
 [install]
-install-purelib=/usr/share/fail2ban
+install-purelib=/usr/local/share/fail2ban
 
 [sdist]
 formats=bztar
diff --git a/setup.py b/setup.py
index ccead3e..bb4d53e 100755
--- a/setup.py
+++ b/setup.py
@@ -75,7 +75,7 @@ setup(
 						('/var/run/fail2ban',
 							''
 						),
-						('/usr/share/doc/fail2ban',
+						('/usr/local/share/doc/fail2ban',
 							['README.md', 'DEVELOP', 'doc/run-rootless.txt']
 						)
 					]
@@ -89,11 +89,11 @@ elements =	{
 					[
 						"fail2ban.conf"
 					],
-				"/usr/bin/":
+				"/usr/local/bin/":
 					[
 						"fail2ban.py"
 					], 
-				"/usr/lib/fail2ban/":
+				"/usr/local/lib/fail2ban/":
 					[
 						"version.py",
 						"protocol.py"
@@ -116,11 +116,11 @@ if obsoleteFiles:
 		print "\t" + f
 	print
 
-if isdir("/usr/lib/fail2ban"):
+if isdir("/usr/local/lib/fail2ban"):
 	print
-	print "Fail2ban is not installed under /usr/lib anymore. The new " \
-		  "location is under /usr/share. Please remove the directory " \
-		  "/usr/lib/fail2ban and everything under this directory."
+	print "Fail2ban is not installed under /usr/local/lib anymore. The new " \
+		  "location is under /usr/local/share. Please remove the directory " \
+		  "/usr/local/lib/fail2ban and everything under this directory."
 	print
 
 # Update config file

README.smartos.md

How to Install for smartos

Recommend

TCP Wrapper should be enable.

# turn on if disable.
inetadm -M tcp_wrappers=true

Apply patch

using git apply

git checkout 0.8.12
git apply 0.8.12_smartos.patch

using gpatch

# gpatch -p1 < 0.8.12_smartos.patch 
patching file fail2ban-client
patching file fail2ban-server
patching file files/solaris-fail2ban.xml
patching file files/solaris-svc-fail2ban
patching file setup.cfg
patching file setup.py

Install

python setup.py install
svccfg import files/solaris-fail2ban.xml
mkdir /var/svc/method
cp files/solaris-svc-fail2ban /var/svc/method/svc-fail2ban
chmod +x /var/svc/method/svc-fail2ban

enable service fail2ban

svcadm enable fail2ban

Example

ban ssh by tcpwrapper.

# cat /etc/fail2ban/jail.local 

[ssh-tcpwrapper]

enabled = true
filter = sshd
action = hostsdeny[daemon_list=sshd]
logpath = /var/log/authlog

ban ssh by ipfilter.

# cat /etc/fail2ban/jail.local 

[ssh-ipfilter]

enabled = true
filter = sshd
action = ipfilter
logpath = /var/log/authlog