- Update to current 0.9 git branch

- Rebase init patch, drop jail.d and notmp patch applied upstream
i9ce
Orion Poplawski 11 years ago
parent 51345ece57
commit a1783e1929

1
.gitignore vendored

@ -4,3 +4,4 @@ fail2ban-0.8.4.tar.bz2
/fail2ban_0.8.8.orig.tar.gz /fail2ban_0.8.8.orig.tar.gz
/fail2ban-0.8.10.tar.gz /fail2ban-0.8.10.tar.gz
/fail2ban-0.9-d529151.tar.xz /fail2ban-0.9-d529151.tar.xz
/fail2ban-0.9-1f1a561.tar.xz

@ -1,20 +0,0 @@
--- fail2ban-0.8.3/files/redhat-initd.init 2008-03-10 23:36:22.000000000 +0100
+++ fail2ban-0.8.3/files/redhat-initd 2008-08-24 20:46:01.000000000 +0200
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# chkconfig: 345 92 08
+# chkconfig: - 92 08
# description: Fail2ban daemon
# http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
# process name: fail2ban-server
@@ -27,8 +27,7 @@
echo -n $"Starting fail2ban: "
getpid
if [ -z "$pid" ]; then
- rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown
- $FAIL2BAN start > /dev/null
+ $FAIL2BAN -x start > /dev/null
RETVAL=$?
fi
if [ $RETVAL -eq 0 ]; then

@ -0,0 +1,11 @@
diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd
--- fail2ban-0.9-1f1a561/files/redhat-initd.init 2013-09-24 16:57:09.515712728 -0600
+++ fail2ban-0.9-1f1a561/files/redhat-initd 2013-09-24 16:57:52.435590284 -0600
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# chkconfig: 345 92 08
+# chkconfig: - 92 08
# processname: fail2ban-server
# config: /etc/fail2ban/fail2ban.conf
# pidfile: /var/run/fail2ban/fail2ban.pid

@ -1,14 +0,0 @@
diff --git a/setup.py b/setup.py
index b61ecce..27ad17b 100755
--- a/setup.py
+++ b/setup.py
@@ -66,6 +66,9 @@ setup(
('/etc/fail2ban/action.d',
glob("config/action.d/*.conf")
),
+ ('/etc/fail2ban/jail.d',
+ ''
+ ),
('/var/run/fail2ban',
''
),

@ -1,6 +1,6 @@
diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
--- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600 --- fail2ban-0.9-1f1a561/config/jail.conf.logfiles 2013-09-08 05:02:35.000000000 -0600
+++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600 +++ fail2ban-0.9-1f1a561/config/jail.conf 2013-09-24 17:01:40.264930006 -0600
@@ -152,20 +152,18 @@ action = %(action_)s @@ -152,20 +152,18 @@ action = %(action_)s
[sshd] [sshd]
@ -40,7 +40,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
maxretry = 2 maxretry = 2
# .. custom jails # .. custom jails
@@ -201,7 +199,7 @@ filter = sshd @@ -194,7 +192,7 @@ filter = sshd
action = hostsdeny[daemon_list=sshd] action = hostsdeny[daemon_list=sshd]
sendmail-whois[name=SSH, dest=you@example.com] sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from ignoreregex = for myuser from
@ -49,7 +49,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# Here we use blackhole routes for not requiring any additional kernel support # Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs # to store large volumes of banned IPs
@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log @@ -203,7 +201,7 @@ logpath = /var/log/sshd.log
filter = sshd filter = sshd
action = route action = route
@ -58,7 +58,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# Here we use a combination of Netfilter/Iptables and IPsets # Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs # for storing large volumes of banned IPs
@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log @@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
filter = sshd filter = sshd
action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
@ -74,25 +74,33 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
# option is overridden in this jail. Moreover, the action "mail-whois" defines # option is overridden in this jail. Moreover, the action "mail-whois" defines
@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log @@ -231,7 +229,7 @@ logpath = /var/log/sshd.log
filter = sshd filter = sshd
action = ipfw[localhost=192.168.0.1] action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@example.com] sendmail-whois[name="SSH,IPFW", dest=you@example.com]
-logpath = /var/log/auth.log -logpath = /var/log/auth.log
+logpath = /var/log/secure +logpath = /var/log/secure
ignoreip = 168.192.0.1
# bsd-ipfw is ipfw used by BSD. It uses ipfw tables. # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1 # table number must be unique.
[ssh-bsd-ipfw] @@ -243,14 +241,14 @@ logpath = /var/log/auth.log
filter = sshd filter = sshd
action = bsd-ipfw[port=ssh,table=1] action = bsd-ipfw[port=ssh,table=1]
-logpath = /var/log/auth.log -logpath = /var/log/auth.log
+logpath = /var/log/secure +logpath = /var/log/secure
# PF is a BSD based firewall
[ssh-pf]
filter = sshd
action = pf
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
maxretry= 5
# #
# HTTP servers @@ -260,7 +258,7 @@ maxretry= 5
@@ -259,7 +257,7 @@ logpath = /var/log/auth.log
[apache-auth] [apache-auth]
port = http,https port = http,https
@ -101,7 +109,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# Ban hosts which agent identifies spammer robots crawling the web # Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered. # for email addresses. The mail outputs are buffered.
@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log @@ -268,21 +266,20 @@ logpath = /var/log/apache*/*error.log
[apache-badbots] [apache-badbots]
port = http,https port = http,https
@ -126,16 +134,16 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
maxretry = 2 maxretry = 2
# Ban attackers that try to use PHP's URL-fopen() functionality # Ban attackers that try to use PHP's URL-fopen() functionality
@@ -291,7 +288,7 @@ maxretry = 2 @@ -292,7 +289,7 @@ maxretry = 2
[php-url-fopen] [php-url-fopen]
port = http,https port = http,https
-logpath = /var/www/*/logs/access_log -logpath = /var/www/*/logs/access_log
+logpath = /var/log/httpd/*access_log +logpath = /var/log/httpd/*access_log
# A simple PHP-fastcgi jail which works with lighttpd. [suhosin]
# If you run a lighttpd server, then you probably will
@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log @@ -325,7 +322,7 @@ logpath = /var/log/sogo/sogo.log
filter = apache-auth filter = apache-auth
action = hostsdeny action = hostsdeny
@ -143,7 +151,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
+logpath = /var/log/httpd/*error_log +logpath = /var/log/httpd/*error_log
maxretry = 6 maxretry = 6
[3proxy]
@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log @@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log
[pure-ftpd] [pure-ftpd]
@ -162,7 +170,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# if you want to rely on PAM failed login attempts # if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats # vsftpd's failregex should match both of those formats
@@ -384,12 +381,12 @@ maxretry = 6 @@ -390,12 +387,12 @@ logpath = /root/path/to/assp/logs/maill
[courier-smtp] [courier-smtp]
port = smtp,ssmtp,submission port = smtp,ssmtp,submission
@ -177,7 +185,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
# The hosts.deny path can be defined with the "file" argument if it is # The hosts.deny path can be defined with the "file" argument if it is
# not in /etc. # not in /etc.
@@ -410,7 +407,7 @@ bantime = 300 @@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
[courier-auth] [courier-auth]
port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
@ -186,7 +194,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
[sasl] [sasl]
@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i @@ -436,12 +433,12 @@ port = smtp,ssmtp,submission,imap2,i
# You might consider monitoring /var/log/mail.warn instead if you are # You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the # running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize. # "warn" level but overall at the smaller filesize.
@ -199,14 +207,5 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
-logpath = /var/log/mail.log -logpath = /var/log/mail.log
+logpath = /var/log/maillog +logpath = /var/log/maillog
# [perdition]
# DNS servers
@@ -519,7 +516,7 @@ maxretry = 5
enabled=false
filter = sshd
action = pf
-logpath = /var/log/sshd.log
+logpath = /var/log/secure
maxretry=5
[3proxy]

@ -1,12 +0,0 @@
diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py
--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600
+++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600
@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
ConfigReader.read(self, "fail2ban")
def getEarlyOptions(self):
- opts = [["string", "socket", "/tmp/fail2ban.sock"],
+ opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"],
["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]]
return ConfigReader.getOptions(self, "Definition", opts)

@ -1,20 +1,17 @@
Summary: Ban IPs that make too many password failures Summary: Ban IPs that make too many password failures
Name: fail2ban Name: fail2ban
Version: 0.9 Version: 0.9
Release: 0.2.gitd529151%{?dist} Release: 0.3.git1f1a561%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://fail2ban.sourceforge.net/ URL: http://fail2ban.sourceforge.net/
#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz #Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source0: %{name}-%{version}-d529151.tar.xz Source0: %{name}-%{version}-1f1a561.tar.xz
Source1: fail2ban-logrotate Source1: fail2ban-logrotate
Patch0: fail2ban-0.8.3-init.patch Patch0: fail2ban-init.patch
# Fix logfile paths in jail.conf # Fix logfile paths in jail.conf
Patch1: fail2ban-logfiles.patch Patch1: fail2ban-logfiles.patch
# Install jail.d
Patch2: fail2ban-jail.d.patch
Patch6: fail2ban-log2syslog.patch Patch6: fail2ban-log2syslog.patch
Patch8: fail2ban-notmp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel >= 2.3 BuildRequires: python-devel >= 2.3
# For testcases # For testcases
@ -47,12 +44,10 @@ and shorewall respectively.
%prep %prep
%setup -q -n %{name}-%{version}-d529151 %setup -q -n %{name}-%{version}-1f1a561
%patch0 -p1 -b .init %patch0 -p1 -b .init
%patch1 -p1 -b .logfiles %patch1 -p1 -b .logfiles
%patch2 -p1 -b .jail.d
%patch6 -p1 -b .log2syslog %patch6 -p1 -b .log2syslog
%patch8 -p1 -b .notmp
%build %build
python setup.py build python setup.py build
@ -138,6 +133,10 @@ fi
%dir %{_localstatedir}/lib/fail2ban/ %dir %{_localstatedir}/lib/fail2ban/
%changelog %changelog
* Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
- Update to current 0.9 git branch
- Rebase init patch, drop jail.d and notmp patch applied upstream
* Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151 * Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151
- Ship jail.conf(5) man page - Ship jail.conf(5) man page
- Ship empty /etc/fail2ban/jail.d directory - Ship empty /etc/fail2ban/jail.d directory

@ -1 +1 @@
d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz 6c8a581bc46712be597f3a949d036217 fail2ban-0.9-1f1a561.tar.xz

Loading…
Cancel
Save