Fix log paths for some jails (bug #1128152)

11 years ago · 5d9a81c739
parent ac04ee1349
commit 5d9a81c739
2 changed files with 62 additions and 1 deletions
--- a/fail2ban-logpath.patch
+++ b/fail2ban-logpath.patch
@ -0,0 +1,53 @@
+diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
+--- fail2ban-0.9/config/jail.conf.logpath	2014-08-08 13:29:40.101582649 -0600
+++ fail2ban-0.9/config/jail.conf	2014-08-08 13:33:56.376307236 -0600
+@@ -370,7 +370,7 @@ logpath  = /var/log/tomcat*/catalina.out
+ [webmin-auth]
+ 
+ port    = 10000
+-logpath = /var/log/auth.log
+logpath = %(syslog_authpriv)s
+ 
+ 
+ #
+@@ -423,7 +423,7 @@ maxretry = 6
+ 
+ [vsftpd]
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
+# logpath = %(syslog_authpriv)s
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+ port     = ftp,ftp-data,ftps,ftps-data
+@@ -533,7 +533,7 @@ logpath  = %(postfix_log)s
+ [perdition]
+ 
+ port   = imap3,imaps,pop3,pop3s
+-logpath = /var/log/maillog
+logpath = %(syslog_mail)s
+ 
+ 
+ [squirrelmail]
+@@ -657,13 +657,13 @@ maxretry = 5
+ [pam-generic]
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath  = /var/log/auth.log
+logpath  = %(syslog_authpriv)s
+ 
+ 
+ [xinetd-fail]
+ 
+ banaction = iptables-multiport-log
+-logpath   = /var/log/daemon.log
+logpath   = %(syslog_daemon)s
+ maxretry  = 2
+ 
+ 
+@@ -693,5 +693,5 @@ action  = %(banaction)s[name=%(__name__)
+ [nagios]
+ 
+ enabled  = false
+-logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
+logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+ maxretry = 1
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@ -14,6 +14,10 @@ Patch1: fail2ban-tests-nonet.patch
 # Upstream patch to skip syslog tests without /dev/log
 # https://github.com/fail2ban/fail2ban/issues/110
 Patch2: fail2ban-tests-syslog.patch
+# Fix logpaths to use syslog macros
+# https://bugzilla.redhat.com/show_bug.cgi?id=1128152
+# https://github.com/fail2ban/fail2ban/pull/780
+Patch3: fail2ban-logpath.patch

 BuildRequires: python2-devel
 # For testcases
@ -148,6 +152,7 @@ by default.
 %patch0 -p1 -b .loglevel
 %patch1 -p1 -b .tests-nonet
 %patch2 -p1 -b .tests-syslog
+%patch3 -p1 -b .logpath
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@ -274,6 +279,9 @@ fi


 %changelog
+* Fri Aug 8 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
+- Fix log paths for some jails (bug #1128152)
+
 * Mon Jul 21 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-7
 - Use systemd for EL7