- Update to 0.9 git branch

- Rebase patches - Require systemd-python for journal support
12 years ago · b5e668e849
parent 29c113ec6e
commit b5e668e849
6 changed files with 233 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
 /fail2ban_0.8.8.orig.tar.gz
 /fail2ban-0.8.10.tar.gz
+/fail2ban-0.9-d529151.tar.xz
--- a/fail2ban-0.8.7.1-sshd.patch
+++ b/fail2ban-0.8.7.1-sshd.patch
@ -1,18 +0,0 @@
-diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf
--- fail2ban-0.8.7.1/config/jail.conf.sshd	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/config/jail.conf	2012-10-11 11:47:33.131451895 -0600
-@@ -62,11 +62,11 @@ usedns = warn
- 
- [ssh-iptables]
- 
-enabled  = false
-+enabled  = true
- filter   = sshd
- action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
-logpath  = /var/log/sshd.log
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
-+logpath  = /var/log/secure
- maxretry = 5
- 
- [proftpd-iptables]
--- a/fail2ban-logfiles.patch
+++ b/fail2ban-logfiles.patch
@ -0,0 +1,212 @@
+diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf
+--- fail2ban-0.9-d529151/config/jail.conf.logfiles	2013-07-28 03:43:54.000000000 -0600
+++ fail2ban-0.9-d529151/config/jail.conf	2013-08-08 21:23:41.785950007 -0600
+@@ -152,20 +152,18 @@ action = %(action_)s
+ [sshd]
+ 
+ port    = ssh
+-logpath = /var/log/auth.log
+-          /var/log/sshd.log
+logpath = /var/log/secure
+ 
+ [sshd-ddos]
+ 
+ port    = ssh
+-logpath = /var/log/auth.log
+-          /var/log/sshd.log
+logpath = /var/log/secure
+ 
+ [dropbear]
+ 
+ port     = ssh
+ filter   = sshd
+-logpath  = /var/log/dropbear
+logpath  = /var/log/secure
+ 
+ 
+ # Generic filter for PAM. Has to be used with action which bans all
+@@ -175,12 +173,12 @@ logpath  = /var/log/dropbear
+ 
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath  = /var/log/auth.log
+logpath  = /var/log/secure
+ 
+ [xinetd-fail]
+ 
+ banaction = iptables-multiport-log
+-logpath   = /var/log/daemon.log
+logpath   = /var/log/messages
+ maxretry  = 2
+ 
+ # .. custom jails
+@@ -201,7 +199,7 @@ filter      = sshd
+ action      = hostsdeny[daemon_list=sshd]
+               sendmail-whois[name=SSH, dest=you@example.com]
+ ignoreregex = for myuser from
+-logpath     = /var/log/sshd.log
+logpath     = /var/log/secure
+ 
+ # Here we use blackhole routes for not requiring any additional kernel support
+ # to store large volumes of banned IPs
+@@ -210,7 +208,7 @@ logpath     = /var/log/sshd.log
+ 
+ filter = sshd
+ action = route
+-logpath = /var/log/sshd.log
+logpath = /var/log/secure
+ 
+ # Here we use a combination of Netfilter/Iptables and IPsets
+ # for storing large volumes of banned IPs
+@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log
+ 
+ filter   = sshd
+ action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
+-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
+ 
+ [sshd-iptables-ipset6]
+ 
+ filter   = sshd
+ action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
+-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
+ 
+ # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+ # option is overridden in this jail. Moreover, the action "mail-whois" defines
+@@ -238,7 +236,7 @@ logpath  = /var/log/sshd.log
+ filter   = sshd
+ action   = ipfw[localhost=192.168.0.1]
+            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
+-logpath  = /var/log/auth.log
+logpath  = /var/log/secure
+ ignoreip = 168.192.0.1
+ 
+ # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
+@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1
+ [ssh-bsd-ipfw]
+ filter   = sshd
+ action   = bsd-ipfw[port=ssh,table=1]
+-logpath  = /var/log/auth.log
+logpath  = /var/log/secure
+ 
+ #
+ # HTTP servers
+@@ -259,7 +257,7 @@ logpath  = /var/log/auth.log
+ [apache-auth]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
+logpath  = /var/log/httpd/*error_log
+ 
+ # Ban hosts which agent identifies spammer robots crawling the web
+ # for email addresses. The mail outputs are buffered.
+@@ -267,21 +265,20 @@ logpath  = /var/log/apache*/*error.log
+ [apache-badbots]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*access.log
+-		   /var/www/*/logs/access_log
+logpath  = /var/log/httpd/*access_log
+ bantime  = 172800
+ maxretry = 1
+ 
+ [apache-noscript]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
+logpath  = /var/log/httpd/*error_log
+ maxretry = 6
+ 
+ [apache-overflows]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
+logpath  = /var/log/httpd/*error_log
+ maxretry = 2
+ 
+ # Ban attackers that try to use PHP's URL-fopen() functionality
+@@ -291,7 +288,7 @@ maxretry = 2
+ [php-url-fopen]
+ 
+ port    = http,https
+-logpath = /var/www/*/logs/access_log
+logpath = /var/log/httpd/*access_log
+ 
+ # A simple PHP-fastcgi jail which works with lighttpd.
+ # If you run a lighttpd server, then you probably will
+@@ -330,7 +327,7 @@ logpath  = /var/log/sogo/sogo.log
+ 
+ filter	 = apache-auth
+ action   = hostsdeny
+-logpath  = /var/log/apache*/*error.log
+logpath  = /var/log/httpd/*error_log
+ maxretry = 6
+ 
+ 
+@@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
+ [pure-ftpd]
+ 
+ port     = ftp,ftp-data,ftps,ftps-data
+-logpath  = /var/log/auth.log
+logpath  = /var/log/secure
+ maxretry = 6
+ 
+ [vsftpd]
+@@ -355,7 +352,7 @@ maxretry = 6
+ port     = ftp,ftp-data,ftps,ftps-data
+ logpath  = /var/log/vsftpd.log
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
+# logpath = /var/log/secure
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+ 
+@@ -384,12 +381,12 @@ maxretry = 6
+ [courier-smtp]
+ 
+ port     = smtp,ssmtp,submission
+-logpath  = /var/log/mail.log
+logpath  = /var/log/maillog
+ 
+ [postfix]
+ 
+ port     = smtp,ssmtp,submission
+-logpath  = /var/log/mail.log
+logpath  = /var/log/maillog
+ 
+ # The hosts.deny path can be defined with the "file" argument if it is
+ # not in /etc.
+@@ -410,7 +407,7 @@ bantime  = 300
+ [courier-auth]
+ 
+ port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath  = /var/log/mail.log
+logpath  = /var/log/maillog
+ 
+ 
+ [sasl]
+@@ -419,12 +416,12 @@ port     = smtp,ssmtp,submission,imap2,i
+ # You might consider monitoring /var/log/mail.warn instead if you are
+ # running postfix since it would provide the same log lines at the
+ # "warn" level but overall at the smaller filesize.
+-logpath  = /var/log/mail.log
+logpath  = /var/log/maillog
+ 
+ [dovecot]
+ 
+ port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath = /var/log/mail.log
+logpath = /var/log/maillog
+ 
+ #
+ # DNS servers
+@@ -519,7 +516,7 @@ maxretry = 5
+ enabled=false
+ filter = sshd
+ action = pf
+-logpath  = /var/log/sshd.log
+logpath  = /var/log/secure
+ maxretry=5
+ 
+ [3proxy]
--- a/fail2ban-notmp.patch
+++ b/fail2ban-notmp.patch
@ -1,6 +1,6 @@
-diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
--- fail2ban-0.8.10/client/fail2banreader.py.notmp	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/client/fail2banreader.py	2013-06-12 16:17:43.820837700 -0600
+diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py
+--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp	2013-07-28 03:43:54.000000000 -0600
+++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py	2013-08-08 20:15:19.997686089 -0600
@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
 		ConfigReader.read(self, "fail2ban")
 	
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -1,14 +1,16 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.10
-Release: 2%{?dist}
+Version: 0.9
+Release: 0.1.gitd529151%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0: %{name}-%{version}-d529151.tar.xz
 Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
-Patch1: fail2ban-0.8.7.1-sshd.patch
+# Fix logfile paths in jail.conf
+Patch1: fail2ban-logfiles.patch
 Patch6: fail2ban-log2syslog.patch
 Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -21,6 +23,7 @@ Requires: gamin-python
 Requires: python-inotify
 %if 0%{?fedora} >= 19
 BuildRequires: systemd
+Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@ -41,9 +44,9 @@ and shorewall respectively.


 %prep
-%setup -q
+%setup -q -n %{name}-%{version}-d529151
 %patch0 -p1 -b .init
-%patch1 -p1 -b .sshd
+%patch1 -p1 -b .logfiles
 %patch6 -p1 -b .log2syslog
 %patch8 -p1 -b .notmp

@ -107,7 +110,8 @@ fi
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
-%{_datadir}/fail2ban
+%{_bindir}/fail2ban-testcases
+%{python_sitelib}/*
 %if 0%{?fedora} >= 19
 %{_unitdir}/fail2ban.service
 %else
@ -127,6 +131,11 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/

 %changelog
+* Thu Aug 8 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.1.gitd529151
+- Update to 0.9 git branch
+- Rebase patches
+- Require systemd-python for journal support
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.10-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-48327ac0f5938dcc2f82c63728fc8918  fail2ban-0.8.10.tar.gz
+d51144c03988c9f63d91515b6ebc5d57  fail2ban-0.9-d529151.tar.xz