rpms
/
fail2ban
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into epel7

Browse Source
i9ce
Orion Poplawski 10 years ago
parent e2fc2a5023 bb0440075a
commit a623fb662a
9 changed files with 38 additions and 182 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -7,3 +7,4 @@ fail2ban-0.8.4.tar.bz2
/fail2ban-0.9-d529151.tar.xz /fail2ban-0.9-d529151.tar.xz
/fail2ban-0.9-1f1a561.tar.xz /fail2ban-0.9-1f1a561.tar.xz
/fail2ban-0.9.tar.gz /fail2ban-0.9.tar.gz
/fail2ban-0.9.1.tar.gz

26
0001-Separate-php-url-fopen-logpath-by-newline.patch
Unescape View File

@ -0,0 +1,26 @@
From d8867807f560838e70375cc9ca90585179700fe6 Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Fri, 28 Nov 2014 22:04:09 -0700
Subject: [PATCH] Separate php-url-fopen logpath by newline
---
config/jail.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/config/jail.conf b/config/jail.conf
index d119d22..6a95aa1 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s
[php-url-fopen]
port = http,https
-logpath = %(nginx_access_log)s %(apache_access_log)s
+logpath = %(nginx_access_log)s
+ %(apache_access_log)s
[suhosin]
--
2.1.0

21
fail2ban-loglevel.patch
Unescape View File

@ -1,21 +0,0 @@
commit 1470e3c01d49841335e11ed7ca7898516d1b8be8
Author: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Wed Mar 19 19:09:07 2014 +0000
BF: fail2ban.conf reader expected "int" type for `loglevel`
Closes #657
diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
index f17ff92..251c698 100644
--- a/fail2ban/client/fail2banreader.py
+++ b/fail2ban/client/fail2banreader.py
@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader):
return ConfigReader.getOptions(self, "Definition", opts)
def getOptions(self):
- opts = [["int", "loglevel", "INFO" ],
+ opts = [["string", "loglevel", "INFO" ],
["string", "logtarget", "STDERR"],
["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
["int", "dbpurgeage", 86400]]

53
fail2ban-logpath.patch
Unescape View File

@ -1,53 +0,0 @@
diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
--- fail2ban-0.9/config/jail.conf.logpath 2014-08-08 13:29:40.101582649 -0600
+++ fail2ban-0.9/config/jail.conf 2014-08-08 13:33:56.376307236 -0600
@@ -370,7 +370,7 @@ logpath = /var/log/tomcat*/catalina.out
[webmin-auth]
port = 10000
-logpath = /var/log/auth.log
+logpath = %(syslog_authpriv)s
#
@@ -423,7 +423,7 @@ maxretry = 6
[vsftpd]
# or overwrite it in jails.local to be
-# logpath = /var/log/auth.log
+# logpath = %(syslog_authpriv)s
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
port = ftp,ftp-data,ftps,ftps-data
@@ -533,7 +533,7 @@ logpath = %(postfix_log)s
[perdition]
port = imap3,imaps,pop3,pop3s
-logpath = /var/log/maillog
+logpath = %(syslog_mail)s
[squirrelmail]
@@ -657,13 +657,13 @@ maxretry = 5
[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = iptables-allports
-logpath = /var/log/auth.log
+logpath = %(syslog_authpriv)s
[xinetd-fail]
banaction = iptables-multiport-log
-logpath = /var/log/daemon.log
+logpath = %(syslog_daemon)s
maxretry = 2
@@ -693,5 +693,5 @@ action = %(banaction)s[name=%(__name__)
[nagios]
enabled = false
-logpath = /var/log/messages ; nrpe.cfg may define a different log_facility
+logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
maxretry = 1

20
fail2ban-tests-nonet.patch
Unescape View File

@ -1,20 +0,0 @@
commit 175c5934620adb600fe4435732a3887855320669
Author: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Wed Mar 19 19:30:48 2014 +0000
TST: Skip badips.py test is no network option set
diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
index 456a829..85c1d92 100644
--- a/fail2ban/tests/utils.py
+++ b/fail2ban/tests/utils.py
@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False):
for file_ in os.listdir(
os.path.abspath(os.path.dirname(action_d.__file__))):
if file_.startswith("test_") and file_.endswith(".py"):
+ if no_network and file_ in ['test_badips.py']: #pragma: no cover
+ # Test required network
+ continue
tests.addTest(testloader.loadTestsFromName(
"%s.%s" % (action_d.__name__, os.path.splitext(file_)[0])))

23
fail2ban-tests-syslog.patch
Unescape View File

@ -1,23 +0,0 @@
commit 75325da09091f3ae800a2efbcde1a016617e5f1a
Author: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Wed Mar 19 19:21:23 2014 +0000
TST: Skip SYSLOG log target test if '/dev/log' not present
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index 231aecd..c4163db 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase):
self.setGetTest("logtarget", "STDOUT")
self.setGetTest("logtarget", "STDERR")
+
+ def testLogTargetSYSLOG(self):
+ if not os.path.exists("/dev/log") and sys.version_info >= (2, 7):
+ raise unittest.SkipTest("'/dev/log' not present")
+ elif not os.path.exists("/dev/log"):
+ return
self.setGetTest("logtarget", "SYSLOG")
def testLogLevel(self):

41
fail2ban-tests.patch
Unescape View File

@ -1,41 +0,0 @@
commit b2a1032f5738575f1c368360ba93fc7da5991225
Author: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue Aug 12 11:31:42 2014 -0400
ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
index c02e861..1fa3116 100644
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@@ -24,6 +24,7 @@ __license__ = "GPL"
from __builtin__ import open as fopen
import unittest
+import getpass
import os
import sys
import time
@@ -349,10 +350,20 @@ class LogFileMonitor(LogCaptureTestCase):
# shorter wait time for not modified status
return not self.isModified(0.4)
- def testNoLogFile(self):
+ def testUnaccessibleLogFile(self):
os.chmod(self.name, 0)
self.filter.getFailures(self.name)
- self.assertTrue(self._is_logged('Unable to open %s' % self.name))
+ failure_was_logged = self._is_logged('Unable to open %s' % self.name)
+ is_root = getpass.getuser() == 'root'
+ # If ran as root, those restrictive permissions would not
+ # forbid log to be read.
+ self.assertTrue(failure_was_logged != is_root)
+
+ def testNoLogFile(self):
+ _killfile(self.file, self.name)
+ self.filter.getFailures(self.name)
+ failure_was_logged = self._is_logged('Unable to open %s' % self.name)
+ self.assertTrue(failure_was_logged)
def testRemovingFailRegex(self):
self.filter.delFailRegex(0)

33
fail2ban.spec
Unescape View File

@ -1,26 +1,12 @@
Summary: Daemon to ban hosts that cause multiple authentication errors Summary: Daemon to ban hosts that cause multiple authentication errors
Name: fail2ban Name: fail2ban
Version: 0.9 Version: 0.9.1
Release: 9%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://fail2ban.sourceforge.net/ URL: http://fail2ban.sourceforge.net/
Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
# Upstream patch to fix setting loglevel # https://bugzilla.redhat.com/show_bug.cgi?id=1169026
# https://github.com/fail2ban/fail2ban/issues/657 Patch0: 0001-Separate-php-url-fopen-logpath-by-newline.patch
Patch0: fail2ban-loglevel.patch
# Upstream patch to skip tests with no-network
# https://github.com/fail2ban/fail2ban/issues/110
Patch1: fail2ban-tests-nonet.patch
# Upstream patch to skip syslog tests without /dev/log
# https://github.com/fail2ban/fail2ban/issues/110
Patch2: fail2ban-tests-syslog.patch
# Fix logpaths to use syslog macros
# https://bugzilla.redhat.com/show_bug.cgi?id=1128152
# https://github.com/fail2ban/fail2ban/pull/780
Patch3: fail2ban-logpath.patch
# Fix test failure
# https://github.com/fail2ban/fail2ban/pull/784
Patch4: fail2ban-tests.patch
BuildRequires: python2-devel BuildRequires: python2-devel
# For testcases # For testcases
@ -152,11 +138,6 @@ by default.
%prep %prep
%setup -q %setup -q
%patch0 -p1 -b .loglevel
%patch1 -p1 -b .tests-nonet
%patch2 -p1 -b .tests-syslog
%patch3 -p1 -b .logpath
%patch4 -p1 -b .tests
# Use Fedora paths # Use Fedora paths
sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147) # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@ -283,6 +264,12 @@ fi
%changelog %changelog
* Fri Nov 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-2
- Fix php-url-fopen logpath (bug #1169026)
* Tue Oct 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-1
- Update to 0.9.1
* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8 * Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
- Add patch to fix tests - Add patch to fix tests

2
sources
Unescape View File

@ -1 +1 @@
02de1ff774f3c16d23450a3ad1c43137 fail2ban-0.9.tar.gz 3554cc3de3f06ddfd7f90f8305b765b8 fail2ban-0.9.1.tar.gz

Write Preview
Loading…
Cancel
Save