Update to 0.9

11 years ago · 8f487f6165
parent a1783e1929
commit 8f487f6165
9 changed files with 15 additions and 364 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.8.10.tar.gz
 /fail2ban-0.9-d529151.tar.xz
 /fail2ban-0.9-1f1a561.tar.xz
+/fail2ban-0.9.tar.gz
--- a/fail2ban-import.patch
+++ b/fail2ban-import.patch
@ -1,75 +0,0 @@
-commit d561a4c2bbc336db70d5923cf630813bc51dc3ee
-Author: Yaroslav Halchenko <debian@onerussian.com>
-Date:   Mon Jan 28 09:54:08 2013 -0500
-
-    BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
-    
-    This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
-    
-    but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
-
-diff --git a/fail2ban-client b/fail2ban-client
-index 1d8eb15..13d018e 100755
--- a/fail2ban-client
-+++ b/fail2ban-client
-@@ -27,12 +27,13 @@ import getopt, time, shlex, socket
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
-if os.path.abspath(__file__).startswith('/usr/'):
-	# makes sense to use system-wide library iff -client is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
-# Now we can import our modules
-from common.version import version
-+# Now we can import the rest of modules
- from common.protocol import printFormatted
- from client.csocket import CSocket
- from client.configurator import Configurator
-diff --git a/fail2ban-regex b/fail2ban-regex
-index a42ed96..f9bc72c 100755
--- a/fail2ban-regex
-+++ b/fail2ban-regex
-@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
-if os.path.abspath(__file__).startswith('/usr/'):
-	# makes sense to use system-wide library iff -regex is also under /usr/
-    sys.path.insert(1, "/usr/share/fail2ban")
-+try:
-+	from common.version import version
-+except ImportError, e:
-+	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
- from client.configparserinc import SafeConfigParserWithIncludes
- from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
-from common.version import version
- from server.filter import Filter
- from server.failregex import RegexException
- 
-diff --git a/fail2ban-server b/fail2ban-server
-index bd86e6c..0f3410c 100755
--- a/fail2ban-server
-+++ b/fail2ban-server
-@@ -26,11 +26,12 @@ import getopt, sys, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
-if os.path.abspath(__file__).startswith('/usr/'):
-	# makes sense to use system-wide library iff -server is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
-from common.version import version
- from server.server import Server
- 
- # Gets the instance of the logger.
--- a/fail2ban-init.patch
+++ b/fail2ban-init.patch
@ -1,11 +0,0 @@
-diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd
--- fail2ban-0.9-1f1a561/files/redhat-initd.init	2013-09-24 16:57:09.515712728 -0600
-+++ fail2ban-0.9-1f1a561/files/redhat-initd	2013-09-24 16:57:52.435590284 -0600
-@@ -1,6 +1,6 @@
- #!/bin/bash
- #
-# chkconfig: 345 92 08
-+# chkconfig: - 92 08
- # processname: fail2ban-server
- # config: /etc/fail2ban/fail2ban.conf
- # pidfile: /var/run/fail2ban/fail2ban.pid
--- a/fail2ban-log2syslog.patch
+++ b/fail2ban-log2syslog.patch
@ -1,12 +0,0 @@
-diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
--- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
-@@ -30,7 +30,7 @@ loglevel = 3
- #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
- # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
- #
-logtarget = /var/log/fail2ban.log
-+logtarget = SYSLOG
- 
- # Option: socket
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do
--- a/fail2ban-logfiles.patch
+++ b/fail2ban-logfiles.patch
@ -1,211 +0,0 @@
-diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
--- fail2ban-0.9-1f1a561/config/jail.conf.logfiles	2013-09-08 05:02:35.000000000 -0600
-+++ fail2ban-0.9-1f1a561/config/jail.conf	2013-09-24 17:01:40.264930006 -0600
-@@ -152,20 +152,18 @@ action = %(action_)s
- [sshd]
- 
- port    = ssh
-logpath = /var/log/auth.log
-          /var/log/sshd.log
-+logpath = /var/log/secure
- 
- [sshd-ddos]
- 
- port    = ssh
-logpath = /var/log/auth.log
-          /var/log/sshd.log
-+logpath = /var/log/secure
- 
- [dropbear]
- 
- port     = ssh
- filter   = sshd
-logpath  = /var/log/dropbear
-+logpath  = /var/log/secure
- 
- 
- # Generic filter for PAM. Has to be used with action which bans all
-@@ -175,12 +173,12 @@ logpath  = /var/log/dropbear
- 
- # pam-generic filter can be customized to monitor specific subset of 'tty's
- banaction = iptables-allports
-logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- [xinetd-fail]
- 
- banaction = iptables-multiport-log
-logpath   = /var/log/daemon.log
-+logpath   = /var/log/messages
- maxretry  = 2
- 
- # .. custom jails
-@@ -194,7 +192,7 @@ filter      = sshd
- action      = hostsdeny[daemon_list=sshd]
-               sendmail-whois[name=SSH, dest=you@example.com]
- ignoreregex = for myuser from
-logpath     = /var/log/sshd.log
-+logpath     = /var/log/secure
- 
- # Here we use blackhole routes for not requiring any additional kernel support
- # to store large volumes of banned IPs
-@@ -203,7 +201,7 @@ logpath     = /var/log/sshd.log
- 
- filter = sshd
- action = route
-logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- 
- # Here we use a combination of Netfilter/Iptables and IPsets
- # for storing large volumes of banned IPs
-@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
- 
- filter   = sshd
- action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
-logpath  = /var/log/sshd.log
-+logpath  = /var/log/secure
- 
- [sshd-iptables-ipset6]
- 
- filter   = sshd
- action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
-logpath  = /var/log/sshd.log
-+logpath  = /var/log/secure
- 
- # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
- # option is overridden in this jail. Moreover, the action "mail-whois" defines
-@@ -231,7 +229,7 @@ logpath  = /var/log/sshd.log
- filter   = sshd
- action   = ipfw[localhost=192.168.0.1]
-            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
-logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
- # table number must be unique.
-@@ -243,14 +241,14 @@ logpath  = /var/log/auth.log
- 
- filter   = sshd
- action   = bsd-ipfw[port=ssh,table=1]
-logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- # PF is a BSD based firewall
- [ssh-pf]
- 
- filter  = sshd
- action  = pf
-logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry= 5
- 
- #
-@@ -260,7 +258,7 @@ maxretry= 5
- [apache-auth]
- 
- port     = http,https
-logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- 
- # Ban hosts which agent identifies spammer robots crawling the web
- # for email addresses. The mail outputs are buffered.
-@@ -268,21 +266,20 @@ logpath  = /var/log/apache*/*error.log
- [apache-badbots]
- 
- port     = http,https
-logpath  = /var/log/apache*/*access.log
-		   /var/www/*/logs/access_log
-+logpath  = /var/log/httpd/*access_log
- bantime  = 172800
- maxretry = 1
- 
- [apache-noscript]
- 
- port     = http,https
-logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 6
- 
- [apache-overflows]
- 
- port     = http,https
-logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 2
- 
- # Ban attackers that try to use PHP's URL-fopen() functionality
-@@ -292,7 +289,7 @@ maxretry = 2
- [php-url-fopen]
- 
- port    = http,https
-logpath = /var/www/*/logs/access_log
-+logpath = /var/log/httpd/*access_log
- 
- [suhosin]
- 
-@@ -325,7 +322,7 @@ logpath  = /var/log/sogo/sogo.log
- 
- filter	 = apache-auth
- action   = hostsdeny
-logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 6
- 
- [3proxy]
-@@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
- [pure-ftpd]
- 
- port     = ftp,ftp-data,ftps,ftps-data
-logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- maxretry = 6
- 
- [vsftpd]
-@@ -355,7 +352,7 @@ maxretry = 6
- port     = ftp,ftp-data,ftps,ftps-data
- logpath  = /var/log/vsftpd.log
- # or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
-+# logpath = /var/log/secure
- # if you want to rely on PAM failed login attempts
- # vsftpd's failregex should match both of those formats
- 
-@@ -390,12 +387,12 @@ logpath  = /root/path/to/assp/logs/maill
- [courier-smtp]
- 
- port     = smtp,ssmtp,submission
-logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- [postfix]
- 
- port     = smtp,ssmtp,submission
-logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- # The hosts.deny path can be defined with the "file" argument if it is
- # not in /etc.
-@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
- [courier-auth]
- 
- port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- 
- [sasl]
-@@ -436,12 +433,12 @@ port     = smtp,ssmtp,submission,imap2,i
- # You might consider monitoring /var/log/mail.warn instead if you are
- # running postfix since it would provide the same log lines at the
- # "warn" level but overall at the smaller filesize.
-logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- [dovecot]
- 
- port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
-logpath = /var/log/mail.log
-+logpath = /var/log/maillog
- 
- [perdition]
- 
--- a/9
+++ b/9
@ -1,9 +0,0 @@
-/var/log/fail2ban.log {
-    missingok
-    notifempty
-    size 30k
-    create 0600 root root
-    postrotate
-        /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null || true
-    endscript
-}
--- a/fail2ban-utf8.patch
+++ b/fail2ban-utf8.patch
@ -1,18 +0,0 @@
-commit f8983872ad4297ddb3017f4818edd08892dd2129
-Author: Yaroslav Halchenko <debian@onerussian.com>
-Date:   Fri Feb 1 16:07:00 2013 -0500
-
-    BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
-    
-    thanks to opoplawski@github
-
-diff --git a/server/failregex.py b/server/failregex.py
-index 8ce9597..b194d47 100644
--- a/server/failregex.py
-+++ b/server/failregex.py
-@@ -130,4 +130,4 @@ class FailRegex(Regex):
- 			s = self._matchCache.string
- 			r = self._matchCache.re
- 			raise RegexException("No 'host' found in '%s' using '%s'" % (s, r))
-		return host
-+		return str(host)
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -1,19 +1,13 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 0.3.git1f1a561%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source0: %{name}-%{version}-1f1a561.tar.xz
-Source1: fail2ban-logrotate
-Patch0: fail2ban-init.patch
-# Fix logfile paths in jail.conf
-Patch1: fail2ban-logfiles.patch
-Patch6: fail2ban-log2syslog.patch
+Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: python-devel >= 2.3
+BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
@ -44,10 +38,7 @@ and shorewall respectively.


 %prep
-%setup -q -n %{name}-%{version}-1f1a561
-%patch0 -p1 -b .init
-%patch1 -p1 -b .logfiles
-%patch6 -p1 -b .log2syslog
+%setup -q

 %build
 python setup.py build
@ -66,7 +57,7 @@ mkdir -p %{buildroot}%{_mandir}/man{1,5}
 install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
+install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
@ -75,11 +66,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi
 rm -r %{buildroot}%{_docdir}/%{name}

 # Testcases need network access
-#%check
-#./fail2ban-testcases
+%check
+./fail2ban-testcases-all --no-network

-%clean
-rm -rf %{buildroot}

 %post
 %if 0%{?fedora} >= 19
@ -119,20 +108,17 @@ fi
 %endif
 %{_mandir}/man1/fail2ban*.1*
 %{_mandir}/man5/*.5*
-%dir %{_sysconfdir}/fail2ban
-%dir %{_sysconfdir}/fail2ban/action.d
-%dir %{_sysconfdir}/fail2ban/filter.d
-%dir %{_sysconfdir}/fail2ban/jail.d
-%config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
-%dir %{_localstatedir}/run/fail2ban/
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
+%dir %{_localstatedir}/run/fail2ban/
+

 %changelog
+* Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
+- Update to 0.9
+
 * Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
 - Update to current 0.9 git branch
 - Rebase init patch, drop jail.d and notmp patch applied upstream
--- a/2
+++ b/2
@ -1 +1 @@
-6c8a581bc46712be597f3a949d036217  fail2ban-0.9-1f1a561.tar.xz
+02de1ff774f3c16d23450a3ad1c43137  fail2ban-0.9.tar.gz