From b5e668e8493ce336013e62f047c79c475bef5812 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 8 Aug 2013 21:42:28 -0600 Subject: [PATCH] - Update to 0.9 git branch - Rebase patches - Require systemd-python for journal support --- .gitignore | 1 + fail2ban-0.8.7.1-sshd.patch | 18 --- fail2ban-logfiles.patch | 212 ++++++++++++++++++++++++++++++++++++ fail2ban-notmp.patch | 6 +- fail2ban.spec | 23 ++-- sources | 2 +- 6 files changed, 233 insertions(+), 29 deletions(-) delete mode 100644 fail2ban-0.8.7.1-sshd.patch create mode 100644 fail2ban-logfiles.patch diff --git a/.gitignore b/.gitignore index fa2b88b..ebbd8d0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban_0.8.7.1.orig.tar.gz /fail2ban_0.8.8.orig.tar.gz /fail2ban-0.8.10.tar.gz +/fail2ban-0.9-d529151.tar.xz diff --git a/fail2ban-0.8.7.1-sshd.patch b/fail2ban-0.8.7.1-sshd.patch deleted file mode 100644 index aa3773e..0000000 --- a/fail2ban-0.8.7.1-sshd.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf ---- fail2ban-0.8.7.1/config/jail.conf.sshd 2012-07-31 19:45:04.000000000 -0600 -+++ fail2ban-0.8.7.1/config/jail.conf 2012-10-11 11:47:33.131451895 -0600 -@@ -62,11 +62,11 @@ usedns = warn - - [ssh-iptables] - --enabled = false -+enabled = true - filter = sshd - action = iptables[name=SSH, port=ssh, protocol=tcp] -- sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com] --logpath = /var/log/sshd.log -+ sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] -+logpath = /var/log/secure - maxretry = 5 - - [proftpd-iptables] diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch new file mode 100644 index 0000000..c2cf359 --- /dev/null +++ b/fail2ban-logfiles.patch @@ -0,0 +1,212 @@ +diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf +--- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600 ++++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600 +@@ -152,20 +152,18 @@ action = %(action_)s + [sshd] + + port = ssh +-logpath = /var/log/auth.log +- /var/log/sshd.log ++logpath = /var/log/secure + + [sshd-ddos] + + port = ssh +-logpath = /var/log/auth.log +- /var/log/sshd.log ++logpath = /var/log/secure + + [dropbear] + + port = ssh + filter = sshd +-logpath = /var/log/dropbear ++logpath = /var/log/secure + + + # Generic filter for PAM. Has to be used with action which bans all +@@ -175,12 +173,12 @@ logpath = /var/log/dropbear + + # pam-generic filter can be customized to monitor specific subset of 'tty's + banaction = iptables-allports +-logpath = /var/log/auth.log ++logpath = /var/log/secure + + [xinetd-fail] + + banaction = iptables-multiport-log +-logpath = /var/log/daemon.log ++logpath = /var/log/messages + maxretry = 2 + + # .. custom jails +@@ -201,7 +199,7 @@ filter = sshd + action = hostsdeny[daemon_list=sshd] + sendmail-whois[name=SSH, dest=you@example.com] + ignoreregex = for myuser from +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # Here we use blackhole routes for not requiring any additional kernel support + # to store large volumes of banned IPs +@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log + + filter = sshd + action = route +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # Here we use a combination of Netfilter/Iptables and IPsets + # for storing large volumes of banned IPs +@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log + + filter = sshd + action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + [sshd-iptables-ipset6] + + filter = sshd + action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" + # option is overridden in this jail. Moreover, the action "mail-whois" defines +@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log + filter = sshd + action = ipfw[localhost=192.168.0.1] + sendmail-whois[name="SSH,IPFW", dest=you@example.com] +-logpath = /var/log/auth.log ++logpath = /var/log/secure + ignoreip = 168.192.0.1 + + # bsd-ipfw is ipfw used by BSD. It uses ipfw tables. +@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1 + [ssh-bsd-ipfw] + filter = sshd + action = bsd-ipfw[port=ssh,table=1] +-logpath = /var/log/auth.log ++logpath = /var/log/secure + + # + # HTTP servers +@@ -259,7 +257,7 @@ logpath = /var/log/auth.log + [apache-auth] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + + # Ban hosts which agent identifies spammer robots crawling the web + # for email addresses. The mail outputs are buffered. +@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log + [apache-badbots] + + port = http,https +-logpath = /var/log/apache*/*access.log +- /var/www/*/logs/access_log ++logpath = /var/log/httpd/*access_log + bantime = 172800 + maxretry = 1 + + [apache-noscript] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 6 + + [apache-overflows] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 2 + + # Ban attackers that try to use PHP's URL-fopen() functionality +@@ -291,7 +288,7 @@ maxretry = 2 + [php-url-fopen] + + port = http,https +-logpath = /var/www/*/logs/access_log ++logpath = /var/log/httpd/*access_log + + # A simple PHP-fastcgi jail which works with lighttpd. + # If you run a lighttpd server, then you probably will +@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log + + filter = apache-auth + action = hostsdeny +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 6 + + +@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log + [pure-ftpd] + + port = ftp,ftp-data,ftps,ftps-data +-logpath = /var/log/auth.log ++logpath = /var/log/secure + maxretry = 6 + + [vsftpd] +@@ -355,7 +352,7 @@ maxretry = 6 + port = ftp,ftp-data,ftps,ftps-data + logpath = /var/log/vsftpd.log + # or overwrite it in jails.local to be +-# logpath = /var/log/auth.log ++# logpath = /var/log/secure + # if you want to rely on PAM failed login attempts + # vsftpd's failregex should match both of those formats + +@@ -384,12 +381,12 @@ maxretry = 6 + [courier-smtp] + + port = smtp,ssmtp,submission +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + [postfix] + + port = smtp,ssmtp,submission +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + # The hosts.deny path can be defined with the "file" argument if it is + # not in /etc. +@@ -410,7 +407,7 @@ bantime = 300 + [courier-auth] + + port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + + [sasl] +@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i + # You might consider monitoring /var/log/mail.warn instead if you are + # running postfix since it would provide the same log lines at the + # "warn" level but overall at the smaller filesize. +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + [dovecot] + + port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + # + # DNS servers +@@ -519,7 +516,7 @@ maxretry = 5 + enabled=false + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + maxretry=5 + + [3proxy] diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch index 8799101..af207d5 100644 --- a/fail2ban-notmp.patch +++ b/fail2ban-notmp.patch @@ -1,6 +1,6 @@ -diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py ---- fail2ban-0.8.10/client/fail2banreader.py.notmp 2013-06-12 11:21:12.000000000 -0600 -+++ fail2ban-0.8.10/client/fail2banreader.py 2013-06-12 16:17:43.820837700 -0600 +diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py +--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600 ++++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600 @@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader): ConfigReader.read(self, "fail2ban") diff --git a/fail2ban.spec b/fail2ban.spec index 6d3a0d5..ac087b9 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,14 +1,16 @@ Summary: Ban IPs that make too many password failures Name: fail2ban -Version: 0.8.10 -Release: 2%{?dist} +Version: 0.9 +Release: 0.1.gitd529151%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ -Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: %{name}-%{version}-d529151.tar.xz Source1: fail2ban-logrotate Patch0: fail2ban-0.8.3-init.patch -Patch1: fail2ban-0.8.7.1-sshd.patch +# Fix logfile paths in jail.conf +Patch1: fail2ban-logfiles.patch Patch6: fail2ban-log2syslog.patch Patch8: fail2ban-notmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -21,6 +23,7 @@ Requires: gamin-python Requires: python-inotify %if 0%{?fedora} >= 19 BuildRequires: systemd +Requires: systemd-python Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -41,9 +44,9 @@ and shorewall respectively. %prep -%setup -q +%setup -q -n %{name}-%{version}-d529151 %patch0 -p1 -b .init -%patch1 -p1 -b .sshd +%patch1 -p1 -b .logfiles %patch6 -p1 -b .log2syslog %patch8 -p1 -b .notmp @@ -107,7 +110,8 @@ fi %{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex -%{_datadir}/fail2ban +%{_bindir}/fail2ban-testcases +%{python_sitelib}/* %if 0%{?fedora} >= 19 %{_unitdir}/fail2ban.service %else @@ -127,6 +131,11 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Thu Aug 8 2013 Orion Poplawski - 0.9-0.1.gitd529151 +- Update to 0.9 git branch +- Rebase patches +- Require systemd-python for journal support + * Sat Aug 03 2013 Fedora Release Engineering - 0.8.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/sources b/sources index 72b95f0..df0bbd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -48327ac0f5938dcc2f82c63728fc8918 fail2ban-0.8.10.tar.gz +d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz