Update to 0.9

11 years ago · 8f487f6165
parent a1783e1929
commit 8f487f6165
9 changed files with 15 additions and 364 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.8.10.tar.gz
 /fail2ban-0.9-d529151.tar.xz
 /fail2ban-0.9-1f1a561.tar.xz
 /fail2ban-0.9.tar.gz
--- a/fail2ban-import.patch
+++ b/fail2ban-import.patch
@ -1,75 +0,0 @@
 commit d561a4c2bbc336db70d5923cf630813bc51dc3ee
 Author: Yaroslav Halchenko <debian@onerussian.com>
 Date:   Mon Jan 28 09:54:08 2013 -0500
    BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
    This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
    but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
 diff --git a/fail2ban-client b/fail2ban-client
 index 1d8eb15..13d018e 100755
 --- a/fail2ban-client
 +++ b/fail2ban-client
@@ -27,12 +27,13 @@ import getopt, time, shlex, socket
 # Inserts our own modules path first in the list
 # fix for bug #343821
 -if os.path.abspath(__file__).startswith('/usr/'):
 -	# makes sense to use system-wide library iff -client is also under /usr/
 +try:
 +	from common.version import version
 +except ImportError, e:
 	sys.path.insert(1, "/usr/share/fail2ban")
 +	from common.version import version
 -# Now we can import our modules
 -from common.version import version
 +# Now we can import the rest of modules
 from common.protocol import printFormatted
 from client.csocket import CSocket
 from client.configurator import Configurator
 diff --git a/fail2ban-regex b/fail2ban-regex
 index a42ed96..f9bc72c 100755
 --- a/fail2ban-regex
 +++ b/fail2ban-regex
@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os
 # Inserts our own modules path first in the list
 # fix for bug #343821
 -if os.path.abspath(__file__).startswith('/usr/'):
 -	# makes sense to use system-wide library iff -regex is also under /usr/
 -    sys.path.insert(1, "/usr/share/fail2ban")
 +try:
 +	from common.version import version
 +except ImportError, e:
 +	sys.path.insert(1, "/usr/share/fail2ban")
 +	from common.version import version
 from client.configparserinc import SafeConfigParserWithIncludes
 from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
 -from common.version import version
 from server.filter import Filter
 from server.failregex import RegexException
 diff --git a/fail2ban-server b/fail2ban-server
 index bd86e6c..0f3410c 100755
 --- a/fail2ban-server
 +++ b/fail2ban-server
@@ -26,11 +26,12 @@ import getopt, sys, logging, os
 # Inserts our own modules path first in the list
 # fix for bug #343821
 -if os.path.abspath(__file__).startswith('/usr/'):
 -	# makes sense to use system-wide library iff -server is also under /usr/
 +try:
 +	from common.version import version
 +except ImportError, e:
 	sys.path.insert(1, "/usr/share/fail2ban")
 +	from common.version import version
 -from common.version import version
 from server.server import Server
 # Gets the instance of the logger.
--- a/fail2ban-init.patch
+++ b/fail2ban-init.patch
@ -1,11 +0,0 @@
 diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd
 --- fail2ban-0.9-1f1a561/files/redhat-initd.init	2013-09-24 16:57:09.515712728 -0600
 +++ fail2ban-0.9-1f1a561/files/redhat-initd	2013-09-24 16:57:52.435590284 -0600
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
 -# chkconfig: 345 92 08
 +# chkconfig: - 92 08
 # processname: fail2ban-server
 # config: /etc/fail2ban/fail2ban.conf
 # pidfile: /var/run/fail2ban/fail2ban.pid
--- a/fail2ban-log2syslog.patch
+++ b/fail2ban-log2syslog.patch
@ -1,12 +0,0 @@
 diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
 --- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
 +++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
@@ -30,7 +30,7 @@ loglevel = 3
 #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
 # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
 #
 -logtarget = /var/log/fail2ban.log
 +logtarget = SYSLOG
 # Option: socket
 # Notes.: Set the socket file. This is used to communicate with the daemon. Do
--- a/fail2ban-logfiles.patch
+++ b/fail2ban-logfiles.patch
@ -1,211 +0,0 @@
 diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
 --- fail2ban-0.9-1f1a561/config/jail.conf.logfiles	2013-09-08 05:02:35.000000000 -0600
 +++ fail2ban-0.9-1f1a561/config/jail.conf	2013-09-24 17:01:40.264930006 -0600
@@ -152,20 +152,18 @@ action = %(action_)s
 [sshd]
 port    = ssh
 -logpath = /var/log/auth.log
 -          /var/log/sshd.log
 +logpath = /var/log/secure
 [sshd-ddos]
 port    = ssh
 -logpath = /var/log/auth.log
 -          /var/log/sshd.log
 +logpath = /var/log/secure
 [dropbear]
 port     = ssh
 filter   = sshd
 -logpath  = /var/log/dropbear
 +logpath  = /var/log/secure
 # Generic filter for PAM. Has to be used with action which bans all
@@ -175,12 +173,12 @@ logpath  = /var/log/dropbear
 # pam-generic filter can be customized to monitor specific subset of 'tty's
 banaction = iptables-allports
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
 [xinetd-fail]
 banaction = iptables-multiport-log
 -logpath   = /var/log/daemon.log
 +logpath   = /var/log/messages
 maxretry  = 2
 # .. custom jails
@@ -194,7 +192,7 @@ filter      = sshd
 action      = hostsdeny[daemon_list=sshd]
               sendmail-whois[name=SSH, dest=you@example.com]
 ignoreregex = for myuser from
 -logpath     = /var/log/sshd.log
 +logpath     = /var/log/secure
 # Here we use blackhole routes for not requiring any additional kernel support
 # to store large volumes of banned IPs
@@ -203,7 +201,7 @@ logpath     = /var/log/sshd.log
 filter = sshd
 action = route
 -logpath = /var/log/sshd.log
 +logpath = /var/log/secure
 # Here we use a combination of Netfilter/Iptables and IPsets
 # for storing large volumes of banned IPs
@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
 filter   = sshd
 action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
 -logpath  = /var/log/sshd.log
 +logpath  = /var/log/secure
 [sshd-iptables-ipset6]
 filter   = sshd
 action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
 -logpath  = /var/log/sshd.log
 +logpath  = /var/log/secure
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
 # option is overridden in this jail. Moreover, the action "mail-whois" defines
@@ -231,7 +229,7 @@ logpath  = /var/log/sshd.log
 filter   = sshd
 action   = ipfw[localhost=192.168.0.1]
            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
 # table number must be unique.
@@ -243,14 +241,14 @@ logpath  = /var/log/auth.log
 filter   = sshd
 action   = bsd-ipfw[port=ssh,table=1]
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
 # PF is a BSD based firewall
 [ssh-pf]
 filter  = sshd
 action  = pf
 -logpath = /var/log/sshd.log
 +logpath = /var/log/secure
 maxretry= 5
 #
@@ -260,7 +258,7 @@ maxretry= 5
 [apache-auth]
 port     = http,https
 -logpath  = /var/log/apache*/*error.log
 +logpath  = /var/log/httpd/*error_log
 # Ban hosts which agent identifies spammer robots crawling the web
 # for email addresses. The mail outputs are buffered.
@@ -268,21 +266,20 @@ logpath  = /var/log/apache*/*error.log
 [apache-badbots]
 port     = http,https
 -logpath  = /var/log/apache*/*access.log
 -		   /var/www/*/logs/access_log
 +logpath  = /var/log/httpd/*access_log
 bantime  = 172800
 maxretry = 1
 [apache-noscript]
 port     = http,https
 -logpath  = /var/log/apache*/*error.log
 +logpath  = /var/log/httpd/*error_log
 maxretry = 6
 [apache-overflows]
 port     = http,https
 -logpath  = /var/log/apache*/*error.log
 +logpath  = /var/log/httpd/*error_log
 maxretry = 2
 # Ban attackers that try to use PHP's URL-fopen() functionality
@@ -292,7 +289,7 @@ maxretry = 2
 [php-url-fopen]
 port    = http,https
 -logpath = /var/www/*/logs/access_log
 +logpath = /var/log/httpd/*access_log
 [suhosin]
@@ -325,7 +322,7 @@ logpath  = /var/log/sogo/sogo.log
 filter	 = apache-auth
 action   = hostsdeny
 -logpath  = /var/log/apache*/*error.log
 +logpath  = /var/log/httpd/*error_log
 maxretry = 6
 [3proxy]
@@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
 [pure-ftpd]
 port     = ftp,ftp-data,ftps,ftps-data
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
 maxretry = 6
 [vsftpd]
@@ -355,7 +352,7 @@ maxretry = 6
 port     = ftp,ftp-data,ftps,ftps-data
 logpath  = /var/log/vsftpd.log
 # or overwrite it in jails.local to be
 -# logpath = /var/log/auth.log
 +# logpath = /var/log/secure
 # if you want to rely on PAM failed login attempts
 # vsftpd's failregex should match both of those formats
@@ -390,12 +387,12 @@ logpath  = /root/path/to/assp/logs/maill
 [courier-smtp]
 port     = smtp,ssmtp,submission
 -logpath  = /var/log/mail.log
 +logpath  = /var/log/maillog
 [postfix]
 port     = smtp,ssmtp,submission
 -logpath  = /var/log/mail.log
 +logpath  = /var/log/maillog
 # The hosts.deny path can be defined with the "file" argument if it is
 # not in /etc.
@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
 [courier-auth]
 port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
 -logpath  = /var/log/mail.log
 +logpath  = /var/log/maillog
 [sasl]
@@ -436,12 +433,12 @@ port     = smtp,ssmtp,submission,imap2,i
 # You might consider monitoring /var/log/mail.warn instead if you are
 # running postfix since it would provide the same log lines at the
 # "warn" level but overall at the smaller filesize.
 -logpath  = /var/log/mail.log
 +logpath  = /var/log/maillog
 [dovecot]
 port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
 -logpath = /var/log/mail.log
 +logpath = /var/log/maillog
 [perdition]
--- a/9
+++ b/9
@ -1,9 +0,0 @@
 /var/log/fail2ban.log {
    missingok
    notifempty
    size 30k
    create 0600 root root
    postrotate
        /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null || true
    endscript
 }
--- a/fail2ban-utf8.patch
+++ b/fail2ban-utf8.patch
@ -1,18 +0,0 @@
 commit f8983872ad4297ddb3017f4818edd08892dd2129
 Author: Yaroslav Halchenko <debian@onerussian.com>
 Date:   Fri Feb 1 16:07:00 2013 -0500
    BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
    thanks to opoplawski@github
 diff --git a/server/failregex.py b/server/failregex.py
 index 8ce9597..b194d47 100644
 --- a/server/failregex.py
 +++ b/server/failregex.py
@@ -130,4 +130,4 @@ class FailRegex(Regex):
 			s = self._matchCache.string
 			r = self._matchCache.re
 			raise RegexException("No 'host' found in '%s' using '%s'" % (s, r))
 -		return host
 +		return str(host)
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -1,19 +1,13 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 0.3.git1f1a561%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source0: %{name}-%{version}-1f1a561.tar.xz
 Source1: fail2ban-logrotate
 Patch0: fail2ban-init.patch
 # Fix logfile paths in jail.conf
 Patch1: fail2ban-logfiles.patch
 Patch6: fail2ban-log2syslog.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: python-devel >= 2.3
+BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
@ -44,10 +38,7 @@ and shorewall respectively.
 %prep
-%setup -q -n %{name}-%{version}-1f1a561
+%setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .logfiles
 %patch6 -p1 -b .log2syslog
 %build
 python setup.py build
@ -66,7 +57,7 @@ mkdir -p %{buildroot}%{_mandir}/man{1,5}
 install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
+install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
@ -75,11 +66,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi
 rm -r %{buildroot}%{_docdir}/%{name}
 # Testcases need network access
-#%check
+%check
-#./fail2ban-testcases
+./fail2ban-testcases-all --no-network
 %clean
 rm -rf %{buildroot}
 %post
 %if 0%{?fedora} >= 19
@ -119,20 +108,17 @@ fi
 %endif
 %{_mandir}/man1/fail2ban*.1*
 %{_mandir}/man5/*.5*
-%dir %{_sysconfdir}/fail2ban
+%config(noreplace) %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
 %dir %{_sysconfdir}/fail2ban/filter.d
 %dir %{_sysconfdir}/fail2ban/jail.d
 %config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 %dir %{_localstatedir}/run/fail2ban/
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir %{_localstatedir}/run/fail2ban/
 %changelog
 * Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
 - Update to 0.9
 * Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
 - Update to current 0.9 git branch
 - Rebase init patch, drop jail.d and notmp patch applied upstream
--- a/2
+++ b/2
@ -1 +1 @@
-6c8a581bc46712be597f3a949d036217  fail2ban-0.9-1f1a561.tar.xz
+02de1ff774f3c16d23450a3ad1c43137  fail2ban-0.9.tar.gz
`@ -1 +1 @@`
	`6c8a581bc46712be597f3a949d036217 fail2ban-0.9-1f1a561.tar.xz`	`02de1ff774f3c16d23450a3ad1c43137 fail2ban-0.9.tar.gz`