From 4918cc13d558fef20673f4b02586076ebee5596f Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 9 Mar 2016 14:27:16 -0700 Subject: [PATCH 1/8] No longer need to add After=firewalld.service (bug #1301910) --- fail2ban.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index eace602..c6b9696 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -152,8 +152,6 @@ by default. %patch1 -p1 -b .mysql # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf -# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147) -sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service 2to3 --write --nobackups . %build @@ -280,6 +278,9 @@ fi %changelog +* Wed Mar 9 2016 Orion Poplawski - 0.9.4-3 +- No longer need to add After=firewalld.service (bug #1301910) + * Wed Mar 9 2016 Orion Poplawski - 0.9.4-2 - Fix mariadb/mysql log handling From 7939b816091d7bf3bf583ec310ca8595c882f84e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 27 Mar 2016 11:28:56 -0600 Subject: [PATCH 2/8] Use %{_tmpfilesdir} for systemd tmpfile config --- fail2ban.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index c6b9696..6f7994e 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.4 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -174,8 +174,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ -mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d -install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf +mkdir -p %{buildroot}%{_tmpfilesdir} +install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf # Remove non-Linux actions rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf @@ -251,7 +251,7 @@ fi %exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf %exclude %{_sysconfdir}/fail2ban/jail.d/*.conf %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban -%config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf +%{_tmpfilesdir}/fail2ban.conf %dir %{_localstatedir}/lib/fail2ban/ %dir %{_localstatedir}/run/fail2ban/ @@ -278,6 +278,9 @@ fi %changelog +* Sun Mar 27 2016 Orion Poplawski - 0.9.4-4 +- Use %%{_tmpfilesdir} for systemd tmpfile config + * Wed Mar 9 2016 Orion Poplawski - 0.9.4-3 - No longer need to add After=firewalld.service (bug #1301910) From 491ac3332272c145f0d11b71030790d74a824702 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 5 Apr 2016 09:18:47 -0600 Subject: [PATCH 3/8] Fix python3 usage (bug #1324113) --- fail2ban.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 6f7994e..4793895 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.4 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -153,6 +153,7 @@ by default. # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf 2to3 --write --nobackups . +find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} + %build %py3_build @@ -278,6 +279,9 @@ fi %changelog +* Tue Apr 5 2016 Orion Poplawski - 0.9.4-5 +- Fix python3 usage (bug #1324113) + * Sun Mar 27 2016 Orion Poplawski - 0.9.4-4 - Use %%{_tmpfilesdir} for systemd tmpfile config From 314a77633d7ee94dd49138a3f66868a9d1054395 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 19 Jul 2016 07:02:06 +0000 Subject: [PATCH 4/8] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 4793895..fabcb96 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.4 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -279,6 +279,9 @@ fi %changelog +* Tue Jul 19 2016 Fedora Release Engineering - 0.9.4-6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + * Tue Apr 5 2016 Orion Poplawski - 0.9.4-5 - Fix python3 usage (bug #1324113) From f918a8706c05dc692107f93d15fd81a884ceaee0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 25 Sep 2016 09:47:36 -0600 Subject: [PATCH 5/8] Update to 0.9.5 - Drop mysql patch applied upstream --- .gitignore | 1 + fail2ban-mysql.patch | 19 ------------------- fail2ban.spec | 12 ++++++------ sources | 2 +- 4 files changed, 8 insertions(+), 26 deletions(-) delete mode 100644 fail2ban-mysql.patch diff --git a/.gitignore b/.gitignore index bf86dda..000a84c 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban-0.9.2.tar.gz /fail2ban-0.9.3.tar.gz /fail2ban-0.9.4.tar.gz +/fail2ban-0.9.5.tar.gz diff --git a/fail2ban-mysql.patch b/fail2ban-mysql.patch deleted file mode 100644 index 4eb52a3..0000000 --- a/fail2ban-mysql.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf -index b3c978c..d13645b 100644 ---- a/config/paths-fedora.conf -+++ b/config/paths-fedora.conf -@@ -34,7 +34,8 @@ apache_access_log = /var/log/httpd/*access_log - - exim_main_log = /var/log/exim/main.log - --mysql_log = /var/lib/mysql/mysqld.log -+mysql_log = /var/log/mariadb/mariadb.log -+ /var/log/mysqld.log - - roundcube_errors_log = /var/log/roundcubemail/errors - -@@ -48,4 +49,3 @@ pureftpd_backend = systemd - wuftpd_backend = systemd - postfix_backend = systemd - dovecot_backend = systemd --mysql_backend = systemd diff --git a/fail2ban.spec b/fail2ban.spec index fabcb96..9fa8d9b 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban -Version: 0.9.4 -Release: 6%{?dist} +Version: 0.9.5 +Release: 1%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -9,9 +9,6 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-% # Fix failing test # https://github.com/fail2ban/fail2ban/issues/1353 Patch0: fail2ban-test.patch -# Fix mysql log path -# https://github.com/fail2ban/fail2ban/issues/1354 -Patch1: fail2ban-mysql.patch BuildRequires: python3-devel # For 2to3 @@ -149,7 +146,6 @@ by default. %prep %setup -q %patch0 -p1 -b .test -%patch1 -p1 -b .mysql # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf 2to3 --write --nobackups . @@ -279,6 +275,10 @@ fi %changelog +* Sun Sep 25 2016 Orion Poplawski - 0.9.5-1 +- Update to 0.9.5 +- Drop mysql patch applied upstream + * Tue Jul 19 2016 Fedora Release Engineering - 0.9.4-6 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages diff --git a/sources b/sources index 6113bd9..7cb27dc 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2dc93dff03c4da9fb95d4695e07b65d8 fail2ban-0.9.4.tar.gz +1b59fc84a40b790e3f959257d64ab313 fail2ban-0.9.5.tar.gz From c12a4ed538e73262bddddddbb4ba0aeb94d915dc Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 3 Oct 2016 12:14:07 -0600 Subject: [PATCH 6/8] Add patch to fix failing test --- ...e12f701807a8d89bfe57c9f7f492375a0a53.patch | 60 +++++++++++++++++++ fail2ban.spec | 7 +++ 2 files changed, 67 insertions(+) create mode 100644 c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch diff --git a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch new file mode 100644 index 0000000..848ef2a --- /dev/null +++ b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch @@ -0,0 +1,60 @@ +From c49fe12f701807a8d89bfe57c9f7f492375a0a53 Mon Sep 17 00:00:00 2001 +From: sebres +Date: Mon, 15 Aug 2016 12:53:40 +0200 +Subject: [PATCH] fix fail2banregextestcase using setUpMyTime/tearDownMyTime: + always use correct static time as base-time (using mock up MyTime), correct + datetimes inside test + +--- + fail2ban/tests/fail2banregextestcase.py | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py +index 3321ffd..1119efd 100644 +--- a/fail2ban/tests/fail2banregextestcase.py ++++ b/fail2ban/tests/fail2banregextestcase.py +@@ -39,7 +39,7 @@ + + from ..client import fail2banregex + from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output +-from .utils import LogCaptureTestCase, logSys ++from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys + from .utils import CONFIG_DIR + + +@@ -70,10 +70,12 @@ class Fail2banRegexTest(LogCaptureTestCase): + def setUp(self): + """Call before every test case.""" + LogCaptureTestCase.setUp(self) ++ setUpMyTime() + + def tearDown(self): + """Call after every test case.""" + LogCaptureTestCase.tearDown(self) ++ tearDownMyTime() + + def testWrongRE(self): + (opts, args, fail2banRegex) = _Fail2banRegex( +@@ -159,8 +161,8 @@ def testVerbose(self): + self.assertTrue(fail2banRegex.start(opts, args)) + self.assertLogged('Lines: 13 lines, 0 ignored, 5 matched, 8 missed') + +- self.assertLogged('141.3.81.106 Fri Aug 14 11:53:59 2015') +- self.assertLogged('141.3.81.106 Fri Aug 14 11:54:59 2015') ++ self.assertLogged('141.3.81.106 Sun Aug 14 11:53:59 2005') ++ self.assertLogged('141.3.81.106 Sun Aug 14 11:54:59 2005') + + def testWronChar(self): + (opts, args, fail2banRegex) = _Fail2banRegex( +@@ -169,9 +171,8 @@ def testWronChar(self): + self.assertTrue(fail2banRegex.start(opts, args)) + self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed') + +- self.assertLogged('Error decoding line'); +- self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:58 user '); +- self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:59 user '); ++ self.assertLogged('Error decoding line') ++ self.assertLogged('Continuing to process line ignoring invalid characters:') + + self.assertLogged('Nov 8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llinco') + self.assertLogged('Nov 8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco') diff --git a/fail2ban.spec b/fail2ban.spec index 9fa8d9b..59e1410 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -9,6 +9,9 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-% # Fix failing test # https://github.com/fail2ban/fail2ban/issues/1353 Patch0: fail2ban-test.patch +# Upstream patch to fix failing tests +# https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53 +Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch BuildRequires: python3-devel # For 2to3 @@ -146,6 +149,7 @@ by default. %prep %setup -q %patch0 -p1 -b .test +%patch1 -p1 # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf 2to3 --write --nobackups . @@ -275,6 +279,9 @@ fi %changelog +* Mon Oct 3 2016 Orion Poplawski - 0.9.5-1 +- Add patch to fix failing test + * Sun Sep 25 2016 Orion Poplawski - 0.9.5-1 - Update to 0.9.5 - Drop mysql patch applied upstream From 64d45110bb6b8dbe0b74b4bf0ebbed7b85a4e216 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 3 Oct 2016 16:01:29 -0600 Subject: [PATCH 7/8] Give up being PartOf iptables to allow firewalld restarts to work (bug #1379141) --- fail2ban-partof.patch | 12 ++++++++++++ fail2ban.spec | 10 +++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 fail2ban-partof.patch diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch new file mode 100644 index 0000000..d634668 --- /dev/null +++ b/fail2ban-partof.patch @@ -0,0 +1,12 @@ +diff -up fail2ban-0.9.5/files/fail2ban.service.partof fail2ban-0.9.5/files/fail2ban.service +--- fail2ban-0.9.5/files/fail2ban.service.partof 2016-07-14 20:25:07.000000000 -0600 ++++ fail2ban-0.9.5/files/fail2ban.service 2016-10-03 15:59:24.761782253 -0600 +@@ -2,7 +2,7 @@ + Description=Fail2Ban Service + Documentation=man:fail2ban(1) + After=network.target iptables.service firewalld.service +-PartOf=iptables.service firewalld.service ++PartOf=firewalld.service + + [Service] + Type=forking diff --git a/fail2ban.spec b/fail2ban.spec index 59e1410..fd3c1b5 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -12,6 +12,9 @@ Patch0: fail2ban-test.patch # Upstream patch to fix failing tests # https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53 Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch +# Give up being PartOf iptables for now +# https://bugzilla.redhat.com/show_bug.cgi?id=1379141 +Patch2: fail2ban-partof.patch BuildRequires: python3-devel # For 2to3 @@ -150,6 +153,7 @@ by default. %setup -q %patch0 -p1 -b .test %patch1 -p1 +%patch2 -p1 -b .partof # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf 2to3 --write --nobackups . @@ -279,6 +283,10 @@ fi %changelog +* Mon Oct 3 2016 Orion Poplawski - 0.9.5-2 +- Give up being PartOf iptables to allow firewalld restarts to work + (bug #1379141) + * Mon Oct 3 2016 Orion Poplawski - 0.9.5-1 - Add patch to fix failing test From 7dfd4e4924c9b26f9538244aa8b9c832aec17840 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 3 Oct 2016 16:37:16 -0600 Subject: [PATCH 8/8] Add journalmatch entries for sendmail (bug #1329919) --- fail2ban-sendmail.patch | 34 ++++++++++++++++++++++++++++++++++ fail2ban.spec | 10 +++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 fail2ban-sendmail.patch diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch new file mode 100644 index 0000000..c612560 --- /dev/null +++ b/fail2ban-sendmail.patch @@ -0,0 +1,34 @@ +commit 6a5f8ddf63658f3645a88988641c06d5a9625c00 +Author: Orion Poplawski +Date: Mon Oct 3 16:26:11 2016 -0600 + + Add sendmail journalmatch options + +diff --git a/config/filter.d/sendmail-auth.conf b/config/filter.d/sendmail-auth.conf +index 138fbb8..7886e60 100644 +--- a/config/filter.d/sendmail-auth.conf ++++ b/config/filter.d/sendmail-auth.conf +@@ -13,6 +13,10 @@ failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: po + + ignoreregex = + ++[Init] ++ ++journalmatch = _SYSTEMD_UNIT=sendmail.service ++ + # DEV Notes: + # + # Author: Daniel Black +diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf +index 93b8343..219d910 100644 +--- a/config/filter.d/sendmail-reject.conf ++++ b/config/filter.d/sendmail-reject.conf +@@ -33,6 +33,8 @@ ignoreregex = + + [Init] + ++journalmatch = _SYSTEMD_UNIT=sendmail.service ++ + # "maxlines" is number of log lines to buffer for multi-line regex searches + maxlines = 10 + diff --git a/fail2ban.spec b/fail2ban.spec index fd3c1b5..d188879 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.5 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -15,6 +15,10 @@ Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7 # Give up being PartOf iptables for now # https://bugzilla.redhat.com/show_bug.cgi?id=1379141 Patch2: fail2ban-partof.patch +# Add journalmatch entries for sendmail +# https://bugzilla.redhat.com/show_bug.cgi?id=1329919 +# https://github.com/fail2ban/fail2ban/pull/1566 +Patch3: fail2ban-sendmail.patch BuildRequires: python3-devel # For 2to3 @@ -154,6 +158,7 @@ by default. %patch0 -p1 -b .test %patch1 -p1 %patch2 -p1 -b .partof +%patch3 -p1 -b .sendmail # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf 2to3 --write --nobackups . @@ -283,6 +288,9 @@ fi %changelog +* Mon Oct 3 2016 Orion Poplawski - 0.9.5-3 +- Add journalmatch entries for sendmail (bug #1329919) + * Mon Oct 3 2016 Orion Poplawski - 0.9.5-2 - Give up being PartOf iptables to allow firewalld restarts to work (bug #1379141)