From 29c113ec6e2561c1cda2b574e92783bfcd90822a Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 3 Aug 2013 05:35:13 -0500 Subject: [PATCH 01/19] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 40164e5..6d3a0d5 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.10 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -127,6 +127,9 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Sat Aug 03 2013 Fedora Release Engineering - 0.8.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Wed Jun 12 2013 Orion Poplawski - 0.8.10-1 - Update to 0.8.10 security release - Use upstream provided systemd files From b5e668e8493ce336013e62f047c79c475bef5812 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 8 Aug 2013 21:42:28 -0600 Subject: [PATCH 02/19] - Update to 0.9 git branch - Rebase patches - Require systemd-python for journal support --- .gitignore | 1 + fail2ban-0.8.7.1-sshd.patch | 18 --- fail2ban-logfiles.patch | 212 ++++++++++++++++++++++++++++++++++++ fail2ban-notmp.patch | 6 +- fail2ban.spec | 23 ++-- sources | 2 +- 6 files changed, 233 insertions(+), 29 deletions(-) delete mode 100644 fail2ban-0.8.7.1-sshd.patch create mode 100644 fail2ban-logfiles.patch diff --git a/.gitignore b/.gitignore index fa2b88b..ebbd8d0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban_0.8.7.1.orig.tar.gz /fail2ban_0.8.8.orig.tar.gz /fail2ban-0.8.10.tar.gz +/fail2ban-0.9-d529151.tar.xz diff --git a/fail2ban-0.8.7.1-sshd.patch b/fail2ban-0.8.7.1-sshd.patch deleted file mode 100644 index aa3773e..0000000 --- a/fail2ban-0.8.7.1-sshd.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf ---- fail2ban-0.8.7.1/config/jail.conf.sshd 2012-07-31 19:45:04.000000000 -0600 -+++ fail2ban-0.8.7.1/config/jail.conf 2012-10-11 11:47:33.131451895 -0600 -@@ -62,11 +62,11 @@ usedns = warn - - [ssh-iptables] - --enabled = false -+enabled = true - filter = sshd - action = iptables[name=SSH, port=ssh, protocol=tcp] -- sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com] --logpath = /var/log/sshd.log -+ sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] -+logpath = /var/log/secure - maxretry = 5 - - [proftpd-iptables] diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch new file mode 100644 index 0000000..c2cf359 --- /dev/null +++ b/fail2ban-logfiles.patch @@ -0,0 +1,212 @@ +diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf +--- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600 ++++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600 +@@ -152,20 +152,18 @@ action = %(action_)s + [sshd] + + port = ssh +-logpath = /var/log/auth.log +- /var/log/sshd.log ++logpath = /var/log/secure + + [sshd-ddos] + + port = ssh +-logpath = /var/log/auth.log +- /var/log/sshd.log ++logpath = /var/log/secure + + [dropbear] + + port = ssh + filter = sshd +-logpath = /var/log/dropbear ++logpath = /var/log/secure + + + # Generic filter for PAM. Has to be used with action which bans all +@@ -175,12 +173,12 @@ logpath = /var/log/dropbear + + # pam-generic filter can be customized to monitor specific subset of 'tty's + banaction = iptables-allports +-logpath = /var/log/auth.log ++logpath = /var/log/secure + + [xinetd-fail] + + banaction = iptables-multiport-log +-logpath = /var/log/daemon.log ++logpath = /var/log/messages + maxretry = 2 + + # .. custom jails +@@ -201,7 +199,7 @@ filter = sshd + action = hostsdeny[daemon_list=sshd] + sendmail-whois[name=SSH, dest=you@example.com] + ignoreregex = for myuser from +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # Here we use blackhole routes for not requiring any additional kernel support + # to store large volumes of banned IPs +@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log + + filter = sshd + action = route +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # Here we use a combination of Netfilter/Iptables and IPsets + # for storing large volumes of banned IPs +@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log + + filter = sshd + action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + [sshd-iptables-ipset6] + + filter = sshd + action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + + # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" + # option is overridden in this jail. Moreover, the action "mail-whois" defines +@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log + filter = sshd + action = ipfw[localhost=192.168.0.1] + sendmail-whois[name="SSH,IPFW", dest=you@example.com] +-logpath = /var/log/auth.log ++logpath = /var/log/secure + ignoreip = 168.192.0.1 + + # bsd-ipfw is ipfw used by BSD. It uses ipfw tables. +@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1 + [ssh-bsd-ipfw] + filter = sshd + action = bsd-ipfw[port=ssh,table=1] +-logpath = /var/log/auth.log ++logpath = /var/log/secure + + # + # HTTP servers +@@ -259,7 +257,7 @@ logpath = /var/log/auth.log + [apache-auth] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + + # Ban hosts which agent identifies spammer robots crawling the web + # for email addresses. The mail outputs are buffered. +@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log + [apache-badbots] + + port = http,https +-logpath = /var/log/apache*/*access.log +- /var/www/*/logs/access_log ++logpath = /var/log/httpd/*access_log + bantime = 172800 + maxretry = 1 + + [apache-noscript] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 6 + + [apache-overflows] + + port = http,https +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 2 + + # Ban attackers that try to use PHP's URL-fopen() functionality +@@ -291,7 +288,7 @@ maxretry = 2 + [php-url-fopen] + + port = http,https +-logpath = /var/www/*/logs/access_log ++logpath = /var/log/httpd/*access_log + + # A simple PHP-fastcgi jail which works with lighttpd. + # If you run a lighttpd server, then you probably will +@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log + + filter = apache-auth + action = hostsdeny +-logpath = /var/log/apache*/*error.log ++logpath = /var/log/httpd/*error_log + maxretry = 6 + + +@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log + [pure-ftpd] + + port = ftp,ftp-data,ftps,ftps-data +-logpath = /var/log/auth.log ++logpath = /var/log/secure + maxretry = 6 + + [vsftpd] +@@ -355,7 +352,7 @@ maxretry = 6 + port = ftp,ftp-data,ftps,ftps-data + logpath = /var/log/vsftpd.log + # or overwrite it in jails.local to be +-# logpath = /var/log/auth.log ++# logpath = /var/log/secure + # if you want to rely on PAM failed login attempts + # vsftpd's failregex should match both of those formats + +@@ -384,12 +381,12 @@ maxretry = 6 + [courier-smtp] + + port = smtp,ssmtp,submission +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + [postfix] + + port = smtp,ssmtp,submission +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + # The hosts.deny path can be defined with the "file" argument if it is + # not in /etc. +@@ -410,7 +407,7 @@ bantime = 300 + [courier-auth] + + port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + + [sasl] +@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i + # You might consider monitoring /var/log/mail.warn instead if you are + # running postfix since it would provide the same log lines at the + # "warn" level but overall at the smaller filesize. +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + [dovecot] + + port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s +-logpath = /var/log/mail.log ++logpath = /var/log/maillog + + # + # DNS servers +@@ -519,7 +516,7 @@ maxretry = 5 + enabled=false + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + maxretry=5 + + [3proxy] diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch index 8799101..af207d5 100644 --- a/fail2ban-notmp.patch +++ b/fail2ban-notmp.patch @@ -1,6 +1,6 @@ -diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py ---- fail2ban-0.8.10/client/fail2banreader.py.notmp 2013-06-12 11:21:12.000000000 -0600 -+++ fail2ban-0.8.10/client/fail2banreader.py 2013-06-12 16:17:43.820837700 -0600 +diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py +--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600 ++++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600 @@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader): ConfigReader.read(self, "fail2ban") diff --git a/fail2ban.spec b/fail2ban.spec index 6d3a0d5..ac087b9 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,14 +1,16 @@ Summary: Ban IPs that make too many password failures Name: fail2ban -Version: 0.8.10 -Release: 2%{?dist} +Version: 0.9 +Release: 0.1.gitd529151%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ -Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: %{name}-%{version}-d529151.tar.xz Source1: fail2ban-logrotate Patch0: fail2ban-0.8.3-init.patch -Patch1: fail2ban-0.8.7.1-sshd.patch +# Fix logfile paths in jail.conf +Patch1: fail2ban-logfiles.patch Patch6: fail2ban-log2syslog.patch Patch8: fail2ban-notmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -21,6 +23,7 @@ Requires: gamin-python Requires: python-inotify %if 0%{?fedora} >= 19 BuildRequires: systemd +Requires: systemd-python Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -41,9 +44,9 @@ and shorewall respectively. %prep -%setup -q +%setup -q -n %{name}-%{version}-d529151 %patch0 -p1 -b .init -%patch1 -p1 -b .sshd +%patch1 -p1 -b .logfiles %patch6 -p1 -b .log2syslog %patch8 -p1 -b .notmp @@ -107,7 +110,8 @@ fi %{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex -%{_datadir}/fail2ban +%{_bindir}/fail2ban-testcases +%{python_sitelib}/* %if 0%{?fedora} >= 19 %{_unitdir}/fail2ban.service %else @@ -127,6 +131,11 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Thu Aug 8 2013 Orion Poplawski - 0.9-0.1.gitd529151 +- Update to 0.9 git branch +- Rebase patches +- Require systemd-python for journal support + * Sat Aug 03 2013 Fedora Release Engineering - 0.8.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/sources b/sources index 72b95f0..df0bbd5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -48327ac0f5938dcc2f82c63728fc8918 fail2ban-0.8.10.tar.gz +d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz From 8cded8185094dc868feba424c040f64063d6ca38 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 9 Aug 2013 14:25:30 -0600 Subject: [PATCH 03/19] Ship jail.conf(5) man page --- fail2ban.spec | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index ac087b9..1bbdbc4 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.9 -Release: 0.1.gitd529151%{?dist} +Release: 0.2.gitd529151%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -63,8 +63,9 @@ cp -p files/fail2ban.service %{buildroot}%{_unitdir}/ mkdir -p %{buildroot}%{_initddir} install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban %endif -mkdir -p %{buildroot}%{_mandir}/man1 -install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1 +mkdir -p %{buildroot}%{_mandir}/man{1,5} +install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 +install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ @@ -118,6 +119,7 @@ fi %{_initddir}/fail2ban %endif %{_mandir}/man1/fail2ban*.1* +%{_mandir}/man5/*.1* %dir %{_sysconfdir}/fail2ban %dir %{_sysconfdir}/fail2ban/action.d %dir %{_sysconfdir}/fail2ban/filter.d @@ -131,6 +133,9 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Fri Aug 9 2013 Orion Poplawski - 0.9-0.2.gitd529151 +- Ship jail.conf(5) man page + * Thu Aug 8 2013 Orion Poplawski - 0.9-0.1.gitd529151 - Update to 0.9 git branch - Rebase patches From b43bf1b783b6907543ca872687236634d915f861 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 15 Aug 2013 13:25:42 -0600 Subject: [PATCH 04/19] Ship empty /etc/fail2ban/jail.d directory --- fail2ban-jail.d.patch | 14 ++++++++++++++ fail2ban.spec | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 fail2ban-jail.d.patch diff --git a/fail2ban-jail.d.patch b/fail2ban-jail.d.patch new file mode 100644 index 0000000..9ccb6bb --- /dev/null +++ b/fail2ban-jail.d.patch @@ -0,0 +1,14 @@ +diff --git a/setup.py b/setup.py +index b61ecce..27ad17b 100755 +--- a/setup.py ++++ b/setup.py +@@ -66,6 +66,9 @@ setup( + ('/etc/fail2ban/action.d', + glob("config/action.d/*.conf") + ), ++ ('/etc/fail2ban/jail.d', ++ '' ++ ), + ('/var/run/fail2ban', + '' + ), diff --git a/fail2ban.spec b/fail2ban.spec index 1bbdbc4..fe2b67d 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -11,6 +11,8 @@ Source1: fail2ban-logrotate Patch0: fail2ban-0.8.3-init.patch # Fix logfile paths in jail.conf Patch1: fail2ban-logfiles.patch +# Install jail.d +Patch2: fail2ban-jail.d.patch Patch6: fail2ban-log2syslog.patch Patch8: fail2ban-notmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -47,6 +49,7 @@ and shorewall respectively. %setup -q -n %{name}-%{version}-d529151 %patch0 -p1 -b .init %patch1 -p1 -b .logfiles +%patch2 -p1 -b .jail.d %patch6 -p1 -b .log2syslog %patch8 -p1 -b .notmp @@ -119,10 +122,11 @@ fi %{_initddir}/fail2ban %endif %{_mandir}/man1/fail2ban*.1* -%{_mandir}/man5/*.1* +%{_mandir}/man5/*.5* %dir %{_sysconfdir}/fail2ban %dir %{_sysconfdir}/fail2ban/action.d %dir %{_sysconfdir}/fail2ban/filter.d +%dir %{_sysconfdir}/fail2ban/jail.d %config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf %config(noreplace) %{_sysconfdir}/fail2ban/jail.conf %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf @@ -135,6 +139,7 @@ fi %changelog * Fri Aug 9 2013 Orion Poplawski - 0.9-0.2.gitd529151 - Ship jail.conf(5) man page +- Ship empty /etc/fail2ban/jail.d directory * Thu Aug 8 2013 Orion Poplawski - 0.9-0.1.gitd529151 - Update to 0.9 git branch From 51345ece5778b26fd26b9407a88bbd7e92b6a755 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 16 Aug 2013 09:15:34 -0600 Subject: [PATCH 05/19] Add requires on ed for hostsdeny action --- fail2ban.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/fail2ban.spec b/fail2ban.spec index fe2b67d..84714ba 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -20,6 +20,7 @@ BuildRequires: python-devel >= 2.3 # For testcases BuildRequires: python-inotify BuildArch: noarch +Requires: ed Requires: iptables Requires: gamin-python Requires: python-inotify From a1783e1929b345d64c5b53e252a8d1e549b5ed18 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 24 Sep 2013 21:03:40 -0600 Subject: [PATCH 06/19] - Update to current 0.9 git branch - Rebase init patch, drop jail.d and notmp patch applied upstream --- .gitignore | 1 + fail2ban-0.8.3-init.patch | 20 ------------- fail2ban-init.patch | 11 +++++++ fail2ban-jail.d.patch | 14 --------- fail2ban-logfiles.patch | 61 +++++++++++++++++++-------------------- fail2ban-notmp.patch | 12 -------- fail2ban.spec | 17 +++++------ sources | 2 +- 8 files changed, 51 insertions(+), 87 deletions(-) delete mode 100644 fail2ban-0.8.3-init.patch create mode 100644 fail2ban-init.patch delete mode 100644 fail2ban-jail.d.patch delete mode 100644 fail2ban-notmp.patch diff --git a/.gitignore b/.gitignore index ebbd8d0..f421bcf 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban_0.8.8.orig.tar.gz /fail2ban-0.8.10.tar.gz /fail2ban-0.9-d529151.tar.xz +/fail2ban-0.9-1f1a561.tar.xz diff --git a/fail2ban-0.8.3-init.patch b/fail2ban-0.8.3-init.patch deleted file mode 100644 index 3ed8609..0000000 --- a/fail2ban-0.8.3-init.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- fail2ban-0.8.3/files/redhat-initd.init 2008-03-10 23:36:22.000000000 +0100 -+++ fail2ban-0.8.3/files/redhat-initd 2008-08-24 20:46:01.000000000 +0200 -@@ -1,6 +1,6 @@ - #!/bin/bash - # --# chkconfig: 345 92 08 -+# chkconfig: - 92 08 - # description: Fail2ban daemon - # http://fail2ban.sourceforge.net/wiki/index.php/Main_Page - # process name: fail2ban-server -@@ -27,8 +27,7 @@ - echo -n $"Starting fail2ban: " - getpid - if [ -z "$pid" ]; then -- rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown -- $FAIL2BAN start > /dev/null -+ $FAIL2BAN -x start > /dev/null - RETVAL=$? - fi - if [ $RETVAL -eq 0 ]; then diff --git a/fail2ban-init.patch b/fail2ban-init.patch new file mode 100644 index 0000000..03b0016 --- /dev/null +++ b/fail2ban-init.patch @@ -0,0 +1,11 @@ +diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd +--- fail2ban-0.9-1f1a561/files/redhat-initd.init 2013-09-24 16:57:09.515712728 -0600 ++++ fail2ban-0.9-1f1a561/files/redhat-initd 2013-09-24 16:57:52.435590284 -0600 +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# chkconfig: 345 92 08 ++# chkconfig: - 92 08 + # processname: fail2ban-server + # config: /etc/fail2ban/fail2ban.conf + # pidfile: /var/run/fail2ban/fail2ban.pid diff --git a/fail2ban-jail.d.patch b/fail2ban-jail.d.patch deleted file mode 100644 index 9ccb6bb..0000000 --- a/fail2ban-jail.d.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/setup.py b/setup.py -index b61ecce..27ad17b 100755 ---- a/setup.py -+++ b/setup.py -@@ -66,6 +66,9 @@ setup( - ('/etc/fail2ban/action.d', - glob("config/action.d/*.conf") - ), -+ ('/etc/fail2ban/jail.d', -+ '' -+ ), - ('/var/run/fail2ban', - '' - ), diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch index c2cf359..a6082da 100644 --- a/fail2ban-logfiles.patch +++ b/fail2ban-logfiles.patch @@ -1,6 +1,6 @@ -diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf ---- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600 -+++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600 +diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf +--- fail2ban-0.9-1f1a561/config/jail.conf.logfiles 2013-09-08 05:02:35.000000000 -0600 ++++ fail2ban-0.9-1f1a561/config/jail.conf 2013-09-24 17:01:40.264930006 -0600 @@ -152,20 +152,18 @@ action = %(action_)s [sshd] @@ -40,7 +40,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con maxretry = 2 # .. custom jails -@@ -201,7 +199,7 @@ filter = sshd +@@ -194,7 +192,7 @@ filter = sshd action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from @@ -49,7 +49,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Here we use blackhole routes for not requiring any additional kernel support # to store large volumes of banned IPs -@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log +@@ -203,7 +201,7 @@ logpath = /var/log/sshd.log filter = sshd action = route @@ -58,7 +58,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Here we use a combination of Netfilter/Iptables and IPsets # for storing large volumes of banned IPs -@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log +@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log filter = sshd action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] @@ -74,25 +74,33 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # option is overridden in this jail. Moreover, the action "mail-whois" defines -@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log +@@ -231,7 +229,7 @@ logpath = /var/log/sshd.log filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=you@example.com] -logpath = /var/log/auth.log +logpath = /var/log/secure - ignoreip = 168.192.0.1 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables. -@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1 - [ssh-bsd-ipfw] + # table number must be unique. +@@ -243,14 +241,14 @@ logpath = /var/log/auth.log + filter = sshd action = bsd-ipfw[port=ssh,table=1] -logpath = /var/log/auth.log +logpath = /var/log/secure + # PF is a BSD based firewall + [ssh-pf] + + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + maxretry= 5 + # - # HTTP servers -@@ -259,7 +257,7 @@ logpath = /var/log/auth.log +@@ -260,7 +258,7 @@ maxretry= 5 [apache-auth] port = http,https @@ -101,7 +109,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Ban hosts which agent identifies spammer robots crawling the web # for email addresses. The mail outputs are buffered. -@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log +@@ -268,21 +266,20 @@ logpath = /var/log/apache*/*error.log [apache-badbots] port = http,https @@ -126,16 +134,16 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con maxretry = 2 # Ban attackers that try to use PHP's URL-fopen() functionality -@@ -291,7 +288,7 @@ maxretry = 2 +@@ -292,7 +289,7 @@ maxretry = 2 [php-url-fopen] port = http,https -logpath = /var/www/*/logs/access_log +logpath = /var/log/httpd/*access_log - # A simple PHP-fastcgi jail which works with lighttpd. - # If you run a lighttpd server, then you probably will -@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log + [suhosin] + +@@ -325,7 +322,7 @@ logpath = /var/log/sogo/sogo.log filter = apache-auth action = hostsdeny @@ -143,7 +151,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con +logpath = /var/log/httpd/*error_log maxretry = 6 - + [3proxy] @@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log [pure-ftpd] @@ -162,7 +170,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # if you want to rely on PAM failed login attempts # vsftpd's failregex should match both of those formats -@@ -384,12 +381,12 @@ maxretry = 6 +@@ -390,12 +387,12 @@ logpath = /root/path/to/assp/logs/maill [courier-smtp] port = smtp,ssmtp,submission @@ -177,7 +185,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # The hosts.deny path can be defined with the "file" argument if it is # not in /etc. -@@ -410,7 +407,7 @@ bantime = 300 +@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog [courier-auth] port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s @@ -186,7 +194,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con [sasl] -@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i +@@ -436,12 +433,12 @@ port = smtp,ssmtp,submission,imap2,i # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. @@ -199,14 +207,5 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con -logpath = /var/log/mail.log +logpath = /var/log/maillog - # - # DNS servers -@@ -519,7 +516,7 @@ maxretry = 5 - enabled=false - filter = sshd - action = pf --logpath = /var/log/sshd.log -+logpath = /var/log/secure - maxretry=5 + [perdition] - [3proxy] diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch deleted file mode 100644 index af207d5..0000000 --- a/fail2ban-notmp.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py ---- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600 -+++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600 -@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader): - ConfigReader.read(self, "fail2ban") - - def getEarlyOptions(self): -- opts = [["string", "socket", "/tmp/fail2ban.sock"], -+ opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"], - ["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]] - return ConfigReader.getOptions(self, "Definition", opts) - diff --git a/fail2ban.spec b/fail2ban.spec index 84714ba..3ad6df0 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,20 +1,17 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.9 -Release: 0.2.gitd529151%{?dist} +Release: 0.3.git1f1a561%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ #Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -Source0: %{name}-%{version}-d529151.tar.xz +Source0: %{name}-%{version}-1f1a561.tar.xz Source1: fail2ban-logrotate -Patch0: fail2ban-0.8.3-init.patch +Patch0: fail2ban-init.patch # Fix logfile paths in jail.conf Patch1: fail2ban-logfiles.patch -# Install jail.d -Patch2: fail2ban-jail.d.patch Patch6: fail2ban-log2syslog.patch -Patch8: fail2ban-notmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel >= 2.3 # For testcases @@ -47,12 +44,10 @@ and shorewall respectively. %prep -%setup -q -n %{name}-%{version}-d529151 +%setup -q -n %{name}-%{version}-1f1a561 %patch0 -p1 -b .init %patch1 -p1 -b .logfiles -%patch2 -p1 -b .jail.d %patch6 -p1 -b .log2syslog -%patch8 -p1 -b .notmp %build python setup.py build @@ -138,6 +133,10 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Tue Sep 24 2013 Orion Poplawski - 0.9-0.3.git1f1a561 +- Update to current 0.9 git branch +- Rebase init patch, drop jail.d and notmp patch applied upstream + * Fri Aug 9 2013 Orion Poplawski - 0.9-0.2.gitd529151 - Ship jail.conf(5) man page - Ship empty /etc/fail2ban/jail.d directory diff --git a/sources b/sources index df0bbd5..9e9d22b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz +6c8a581bc46712be597f3a949d036217 fail2ban-0.9-1f1a561.tar.xz From 8f487f616581747788ca42ab879ff9c67a49b374 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Mar 2014 18:03:52 -0600 Subject: [PATCH 07/19] Update to 0.9 --- .gitignore | 1 + fail2ban-import.patch | 75 -------------- fail2ban-init.patch | 11 -- fail2ban-log2syslog.patch | 12 --- fail2ban-logfiles.patch | 211 -------------------------------------- fail2ban-logrotate | 9 -- fail2ban-utf8.patch | 18 ---- fail2ban.spec | 40 +++----- sources | 2 +- 9 files changed, 15 insertions(+), 364 deletions(-) delete mode 100644 fail2ban-import.patch delete mode 100644 fail2ban-init.patch delete mode 100644 fail2ban-log2syslog.patch delete mode 100644 fail2ban-logfiles.patch delete mode 100644 fail2ban-logrotate delete mode 100644 fail2ban-utf8.patch diff --git a/.gitignore b/.gitignore index f421bcf..8d98bf2 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban-0.8.10.tar.gz /fail2ban-0.9-d529151.tar.xz /fail2ban-0.9-1f1a561.tar.xz +/fail2ban-0.9.tar.gz diff --git a/fail2ban-import.patch b/fail2ban-import.patch deleted file mode 100644 index c4a2836..0000000 --- a/fail2ban-import.patch +++ /dev/null @@ -1,75 +0,0 @@ -commit d561a4c2bbc336db70d5923cf630813bc51dc3ee -Author: Yaroslav Halchenko -Date: Mon Jan 28 09:54:08 2013 -0500 - - BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112) - - This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed - - but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse - -diff --git a/fail2ban-client b/fail2ban-client -index 1d8eb15..13d018e 100755 ---- a/fail2ban-client -+++ b/fail2ban-client -@@ -27,12 +27,13 @@ import getopt, time, shlex, socket - - # Inserts our own modules path first in the list - # fix for bug #343821 --if os.path.abspath(__file__).startswith('/usr/'): -- # makes sense to use system-wide library iff -client is also under /usr/ -+try: -+ from common.version import version -+except ImportError, e: - sys.path.insert(1, "/usr/share/fail2ban") -+ from common.version import version - --# Now we can import our modules --from common.version import version -+# Now we can import the rest of modules - from common.protocol import printFormatted - from client.csocket import CSocket - from client.configurator import Configurator -diff --git a/fail2ban-regex b/fail2ban-regex -index a42ed96..f9bc72c 100755 ---- a/fail2ban-regex -+++ b/fail2ban-regex -@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os - - # Inserts our own modules path first in the list - # fix for bug #343821 --if os.path.abspath(__file__).startswith('/usr/'): -- # makes sense to use system-wide library iff -regex is also under /usr/ -- sys.path.insert(1, "/usr/share/fail2ban") -+try: -+ from common.version import version -+except ImportError, e: -+ sys.path.insert(1, "/usr/share/fail2ban") -+ from common.version import version - - from client.configparserinc import SafeConfigParserWithIncludes - from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError --from common.version import version - from server.filter import Filter - from server.failregex import RegexException - -diff --git a/fail2ban-server b/fail2ban-server -index bd86e6c..0f3410c 100755 ---- a/fail2ban-server -+++ b/fail2ban-server -@@ -26,11 +26,12 @@ import getopt, sys, logging, os - - # Inserts our own modules path first in the list - # fix for bug #343821 --if os.path.abspath(__file__).startswith('/usr/'): -- # makes sense to use system-wide library iff -server is also under /usr/ -+try: -+ from common.version import version -+except ImportError, e: - sys.path.insert(1, "/usr/share/fail2ban") -+ from common.version import version - --from common.version import version - from server.server import Server - - # Gets the instance of the logger. diff --git a/fail2ban-init.patch b/fail2ban-init.patch deleted file mode 100644 index 03b0016..0000000 --- a/fail2ban-init.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd ---- fail2ban-0.9-1f1a561/files/redhat-initd.init 2013-09-24 16:57:09.515712728 -0600 -+++ fail2ban-0.9-1f1a561/files/redhat-initd 2013-09-24 16:57:52.435590284 -0600 -@@ -1,6 +1,6 @@ - #!/bin/bash - # --# chkconfig: 345 92 08 -+# chkconfig: - 92 08 - # processname: fail2ban-server - # config: /etc/fail2ban/fail2ban.conf - # pidfile: /var/run/fail2ban/fail2ban.pid diff --git a/fail2ban-log2syslog.patch b/fail2ban-log2syslog.patch deleted file mode 100644 index 49c220d..0000000 --- a/fail2ban-log2syslog.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf ---- fail2ban-0.8.10/config/fail2ban.conf.log2syslog 2013-06-12 11:21:12.000000000 -0600 -+++ fail2ban-0.8.10/config/fail2ban.conf 2013-06-12 16:12:48.233512068 -0600 -@@ -30,7 +30,7 @@ loglevel = 3 - # (e.g. /etc/logrotate.d/fail2ban on Debian systems) - # Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log - # --logtarget = /var/log/fail2ban.log -+logtarget = SYSLOG - - # Option: socket - # Notes.: Set the socket file. This is used to communicate with the daemon. Do diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch deleted file mode 100644 index a6082da..0000000 --- a/fail2ban-logfiles.patch +++ /dev/null @@ -1,211 +0,0 @@ -diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf ---- fail2ban-0.9-1f1a561/config/jail.conf.logfiles 2013-09-08 05:02:35.000000000 -0600 -+++ fail2ban-0.9-1f1a561/config/jail.conf 2013-09-24 17:01:40.264930006 -0600 -@@ -152,20 +152,18 @@ action = %(action_)s - [sshd] - - port = ssh --logpath = /var/log/auth.log -- /var/log/sshd.log -+logpath = /var/log/secure - - [sshd-ddos] - - port = ssh --logpath = /var/log/auth.log -- /var/log/sshd.log -+logpath = /var/log/secure - - [dropbear] - - port = ssh - filter = sshd --logpath = /var/log/dropbear -+logpath = /var/log/secure - - - # Generic filter for PAM. Has to be used with action which bans all -@@ -175,12 +173,12 @@ logpath = /var/log/dropbear - - # pam-generic filter can be customized to monitor specific subset of 'tty's - banaction = iptables-allports --logpath = /var/log/auth.log -+logpath = /var/log/secure - - [xinetd-fail] - - banaction = iptables-multiport-log --logpath = /var/log/daemon.log -+logpath = /var/log/messages - maxretry = 2 - - # .. custom jails -@@ -194,7 +192,7 @@ filter = sshd - action = hostsdeny[daemon_list=sshd] - sendmail-whois[name=SSH, dest=you@example.com] - ignoreregex = for myuser from --logpath = /var/log/sshd.log -+logpath = /var/log/secure - - # Here we use blackhole routes for not requiring any additional kernel support - # to store large volumes of banned IPs -@@ -203,7 +201,7 @@ logpath = /var/log/sshd.log - - filter = sshd - action = route --logpath = /var/log/sshd.log -+logpath = /var/log/secure - - # Here we use a combination of Netfilter/Iptables and IPsets - # for storing large volumes of banned IPs -@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log - - filter = sshd - action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] --logpath = /var/log/sshd.log -+logpath = /var/log/secure - - [sshd-iptables-ipset6] - - filter = sshd - action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] --logpath = /var/log/sshd.log -+logpath = /var/log/secure - - # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" - # option is overridden in this jail. Moreover, the action "mail-whois" defines -@@ -231,7 +229,7 @@ logpath = /var/log/sshd.log - filter = sshd - action = ipfw[localhost=192.168.0.1] - sendmail-whois[name="SSH,IPFW", dest=you@example.com] --logpath = /var/log/auth.log -+logpath = /var/log/secure - - # bsd-ipfw is ipfw used by BSD. It uses ipfw tables. - # table number must be unique. -@@ -243,14 +241,14 @@ logpath = /var/log/auth.log - - filter = sshd - action = bsd-ipfw[port=ssh,table=1] --logpath = /var/log/auth.log -+logpath = /var/log/secure - - # PF is a BSD based firewall - [ssh-pf] - - filter = sshd - action = pf --logpath = /var/log/sshd.log -+logpath = /var/log/secure - maxretry= 5 - - # -@@ -260,7 +258,7 @@ maxretry= 5 - [apache-auth] - - port = http,https --logpath = /var/log/apache*/*error.log -+logpath = /var/log/httpd/*error_log - - # Ban hosts which agent identifies spammer robots crawling the web - # for email addresses. The mail outputs are buffered. -@@ -268,21 +266,20 @@ logpath = /var/log/apache*/*error.log - [apache-badbots] - - port = http,https --logpath = /var/log/apache*/*access.log -- /var/www/*/logs/access_log -+logpath = /var/log/httpd/*access_log - bantime = 172800 - maxretry = 1 - - [apache-noscript] - - port = http,https --logpath = /var/log/apache*/*error.log -+logpath = /var/log/httpd/*error_log - maxretry = 6 - - [apache-overflows] - - port = http,https --logpath = /var/log/apache*/*error.log -+logpath = /var/log/httpd/*error_log - maxretry = 2 - - # Ban attackers that try to use PHP's URL-fopen() functionality -@@ -292,7 +289,7 @@ maxretry = 2 - [php-url-fopen] - - port = http,https --logpath = /var/www/*/logs/access_log -+logpath = /var/log/httpd/*access_log - - [suhosin] - -@@ -325,7 +322,7 @@ logpath = /var/log/sogo/sogo.log - - filter = apache-auth - action = hostsdeny --logpath = /var/log/apache*/*error.log -+logpath = /var/log/httpd/*error_log - maxretry = 6 - - [3proxy] -@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log - [pure-ftpd] - - port = ftp,ftp-data,ftps,ftps-data --logpath = /var/log/auth.log -+logpath = /var/log/secure - maxretry = 6 - - [vsftpd] -@@ -355,7 +352,7 @@ maxretry = 6 - port = ftp,ftp-data,ftps,ftps-data - logpath = /var/log/vsftpd.log - # or overwrite it in jails.local to be --# logpath = /var/log/auth.log -+# logpath = /var/log/secure - # if you want to rely on PAM failed login attempts - # vsftpd's failregex should match both of those formats - -@@ -390,12 +387,12 @@ logpath = /root/path/to/assp/logs/maill - [courier-smtp] - - port = smtp,ssmtp,submission --logpath = /var/log/mail.log -+logpath = /var/log/maillog - - [postfix] - - port = smtp,ssmtp,submission --logpath = /var/log/mail.log -+logpath = /var/log/maillog - - # The hosts.deny path can be defined with the "file" argument if it is - # not in /etc. -@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog - [courier-auth] - - port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s --logpath = /var/log/mail.log -+logpath = /var/log/maillog - - - [sasl] -@@ -436,12 +433,12 @@ port = smtp,ssmtp,submission,imap2,i - # You might consider monitoring /var/log/mail.warn instead if you are - # running postfix since it would provide the same log lines at the - # "warn" level but overall at the smaller filesize. --logpath = /var/log/mail.log -+logpath = /var/log/maillog - - [dovecot] - - port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s --logpath = /var/log/mail.log -+logpath = /var/log/maillog - - [perdition] - diff --git a/fail2ban-logrotate b/fail2ban-logrotate deleted file mode 100644 index 4d7a6c9..0000000 --- a/fail2ban-logrotate +++ /dev/null @@ -1,9 +0,0 @@ -/var/log/fail2ban.log { - missingok - notifempty - size 30k - create 0600 root root - postrotate - /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null || true - endscript -} diff --git a/fail2ban-utf8.patch b/fail2ban-utf8.patch deleted file mode 100644 index d0013e7..0000000 --- a/fail2ban-utf8.patch +++ /dev/null @@ -1,18 +0,0 @@ -commit f8983872ad4297ddb3017f4818edd08892dd2129 -Author: Yaroslav Halchenko -Date: Fri Feb 1 16:07:00 2013 -0500 - - BF: return str(host) to avoid spurious characters in the logs (Close gh-113) - - thanks to opoplawski@github - -diff --git a/server/failregex.py b/server/failregex.py -index 8ce9597..b194d47 100644 ---- a/server/failregex.py -+++ b/server/failregex.py -@@ -130,4 +130,4 @@ class FailRegex(Regex): - s = self._matchCache.string - r = self._matchCache.re - raise RegexException("No 'host' found in '%s' using '%s'" % (s, r)) -- return host -+ return str(host) diff --git a/fail2ban.spec b/fail2ban.spec index 3ad6df0..04ce99a 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,19 +1,13 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.9 -Release: 0.3.git1f1a561%{?dist} +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ -#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -Source0: %{name}-%{version}-1f1a561.tar.xz -Source1: fail2ban-logrotate -Patch0: fail2ban-init.patch -# Fix logfile paths in jail.conf -Patch1: fail2ban-logfiles.patch -Patch6: fail2ban-log2syslog.patch +Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -BuildRequires: python-devel >= 2.3 +BuildRequires: python-devel # For testcases BuildRequires: python-inotify BuildArch: noarch @@ -44,10 +38,7 @@ and shorewall respectively. %prep -%setup -q -n %{name}-%{version}-1f1a561 -%patch0 -p1 -b .init -%patch1 -p1 -b .logfiles -%patch6 -p1 -b .log2syslog +%setup -q %build python setup.py build @@ -66,7 +57,7 @@ mkdir -p %{buildroot}%{_mandir}/man{1,5} install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d -install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban +install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d @@ -75,11 +66,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi rm -r %{buildroot}%{_docdir}/%{name} # Testcases need network access -#%check -#./fail2ban-testcases +%check +./fail2ban-testcases-all --no-network -%clean -rm -rf %{buildroot} %post %if 0%{?fedora} >= 19 @@ -119,20 +108,17 @@ fi %endif %{_mandir}/man1/fail2ban*.1* %{_mandir}/man5/*.5* -%dir %{_sysconfdir}/fail2ban -%dir %{_sysconfdir}/fail2ban/action.d -%dir %{_sysconfdir}/fail2ban/filter.d -%dir %{_sysconfdir}/fail2ban/jail.d -%config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf -%config(noreplace) %{_sysconfdir}/fail2ban/jail.conf -%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf -%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf +%config(noreplace) %{_sysconfdir}/fail2ban %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban -%dir %{_localstatedir}/run/fail2ban/ %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf %dir %{_localstatedir}/lib/fail2ban/ +%dir %{_localstatedir}/run/fail2ban/ + %changelog +* Mon Mar 17 2014 Orion Poplawski - 0.9-1 +- Update to 0.9 + * Tue Sep 24 2013 Orion Poplawski - 0.9-0.3.git1f1a561 - Update to current 0.9 git branch - Rebase init patch, drop jail.d and notmp patch applied upstream diff --git a/sources b/sources index 9e9d22b..78e6b89 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6c8a581bc46712be597f3a949d036217 fail2ban-0.9-1f1a561.tar.xz +02de1ff774f3c16d23450a3ad1c43137 fail2ban-0.9.tar.gz From de396da924b5002b42a1f810fe4ca38df6fee16a Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Mar 2014 18:43:32 -0600 Subject: [PATCH 08/19] Disable tests again for now --- fail2ban.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index 04ce99a..f75952b 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -65,10 +65,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi # Remove installed doc, use doc macro instead rm -r %{buildroot}%{_docdir}/%{name} -# Testcases need network access %check -./fail2ban-testcases-all --no-network - +# Testcases still pulling in network tests, wants /dev/log +#./fail2ban-testcases-all --no-network %post %if 0%{?fedora} >= 19 From c6ff414f68597621df1dd1c6885892e917a6d719 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Mar 2014 18:49:13 -0600 Subject: [PATCH 09/19] Spec cleanup --- fail2ban.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index f75952b..267f6c6 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -3,10 +3,8 @@ Name: fail2ban Version: 0.9 Release: 1%{?dist} License: GPLv2+ -Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel # For testcases BuildRequires: python-inotify @@ -44,7 +42,6 @@ and shorewall respectively. python setup.py build %install -rm -rf %{buildroot} python setup.py install -O1 --root %{buildroot} %if 0%{?fedora} >= 19 mkdir -p %{buildroot}%{_unitdir} @@ -92,7 +89,6 @@ fi %endif %files -%defattr(-,root,root,-) %doc README.md TODO ChangeLog COPYING doc/*.txt #doc config/fail2ban.conf* %{_bindir}/fail2ban-server From 3120ad735d61f695059f7808ba5976a38bad8797 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 18 Mar 2014 20:28:01 -0600 Subject: [PATCH 10/19] BR python2-devel --- fail2ban.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 267f6c6..8257e89 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -5,7 +5,7 @@ Release: 1%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -BuildRequires: python-devel +BuildRequires: python2-devel # For testcases BuildRequires: python-inotify BuildArch: noarch From 909f71303dec99e1551812b6cef4d6d8b879c5d3 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 18 Mar 2014 22:57:27 -0600 Subject: [PATCH 11/19] Use Fedora paths Start after firewalld (bug #1067147) --- fail2ban.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 8257e89..16317b3 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.9 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -37,6 +37,10 @@ and shorewall respectively. %prep %setup -q +# Use Fedora paths +sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf +# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147) +sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service %build python setup.py build @@ -111,6 +115,10 @@ fi %changelog +* Tue Mar 18 2014 Orion Poplawski - 0.9-2 +- Use Fedora paths +- Start after firewalld (bug #1067147) + * Mon Mar 17 2014 Orion Poplawski - 0.9-1 - Update to 0.9 From cfc0b77c7d97613f6d7b64d451732ab60cc39086 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 19 Mar 2014 21:59:36 -0600 Subject: [PATCH 12/19] Split into sub-packages for different components Enable journal filter by default (bug #985567) Enable firewalld action by default (bug #1046816) --- fail2ban.spec | 175 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 158 insertions(+), 17 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index 16317b3..3272e19 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ -Summary: Ban IPs that make too many password failures +Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -9,12 +9,34 @@ BuildRequires: python2-devel # For testcases BuildRequires: python-inotify BuildArch: noarch -Requires: ed -Requires: iptables -Requires: gamin-python -Requires: python-inotify %if 0%{?fedora} >= 19 BuildRequires: systemd +%endif +# Default components +Requires: %{name}-firewalld = %{version}-%{release} +Requires: %{name}-sendmail = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-systemd = %{version}-%{release} + +%description +Fail2Ban scans log files and bans IP addresses that makes too many password +failures. It updates firewall rules to reject the IP address. These rules can +be defined by the user. Fail2Ban can read multiple log files such as sshd or +Apache web server ones. + +Fail2Ban is able to reduce the rate of incorrect authentications attempts +however it cannot eliminate the risk that weak authentication presents. +Configure services to use only two factor or public/private authentication +mechanisms if you really want to protect services. + +This is a meta-package that will install the default configuration. Other +sub-packages are available to install support for other actions and +configurations. + + +%package server +Summary: Core server component for Fail2Ban +%if 0%{?fedora} >= 19 Requires: systemd-python Requires(post): systemd Requires(preun): systemd @@ -25,14 +47,90 @@ Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %endif +Requires: ipset +Requires: iptables + +%description server +This package contains the core server components for Fail2Ban with minimal +dependencies. You can install this directly if you want to have a small +installation and know what you are doing. + + +%package all +Summary: Install all Fail2Ban packages and dependencies +Requires: %{name}-firewalld = %{version}-%{release} +Requires: %{name}-hostsdeny = %{version}-%{release} +Requires: %{name}-mail = %{version}-%{release} +Requires: %{name}-sendmail = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-shorewall = %{version}-%{release} +Requires: %{name}-systemd = %{version}-%{release} +Requires: gamin-python +Requires: perl +Requires: python-inotify +Requires: /usr/bin/whois + +%description all +This package installs all of the Fail2Ban packages and dependencies. + + +%package firewalld +Summary: Firewalld support for Fail2Ban +Requires: %{name}-server = %{version}-%{release} +Requires: firewalld + +%description firewalld +This package enables support for manipulating firewalld rules. This is the +default firewall service in Fedora. -%description -Fail2ban scans log files like /var/log/pwdfail or -/var/log/apache/error_log and bans IP that makes too many password -failures. It updates firewall rules to reject the IP address. -To use the hostsdeny and shorewall actions you must install tcp_wrappers -and shorewall respectively. +%package hostsdeny +Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban +Requires: %{name}-server = %{version}-%{release} +Requires: ed +Requires: tcp_wrappers + +%description hostsdeny +This package enables support for manipulating tcp_wrapper's /etc/hosts.deny +files. + + +%package mail +Summary: Mail actions for Fail2Ban +Requires: %{name}-server = %{version}-%{release} +Requires: /usr/bin/mail + +%description mail +This package installs Fail2Ban's mail actions. These are an alternative +to the default sendmail actions. + + +%package sendmail +Summary: Sendmail actions for Fail2Ban +Requires: %{name}-server = %{version}-%{release} +Requires: /usr/sbin/sendmail + +%description sendmail +This package installs Fail2Ban's sendmail actions. This is the default +mail actions for Fail2Ban. + + +%package shorewall +Summary: Shorewall support for Fail2Ban +Requires: %{name}-server = %{version}-%{release} +Requires: shorewall + +%description shorewall +This package enables support for manipulating shoreall rules. + + +%package systemd +Summary: Systemd journal configuration for Fail2Ban +Requires: %{name}-server = %{version}-%{release} + +%description systemd +This package configures Fail2Ban to use the systemd journal for its log input +by default. %prep @@ -63,6 +161,20 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf +# Remove non-Linux actions +rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf +rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf +rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf +# firewalld configuration +cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf < %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <= 19 %systemd_post fail2ban.service %else /sbin/chkconfig --add %{name} %endif -%preun +%preun server %if 0%{?fedora} >= 19 %systemd_preun fail2ban.service %else @@ -88,13 +200,12 @@ fi %endif %if 0%{?fedora} >= 19 -%postun +%postun server %systemd_postun_with_restart fail2ban.service %endif -%files +%files server %doc README.md TODO ChangeLog COPYING doc/*.txt -#doc config/fail2ban.conf* %{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex @@ -108,13 +219,43 @@ fi %{_mandir}/man1/fail2ban*.1* %{_mandir}/man5/*.5* %config(noreplace) %{_sysconfdir}/fail2ban +%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf +%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf +%exclude %{_sysconfdir}/fail2ban/action.d/mail-*.conf +%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf +%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf +%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf %dir %{_localstatedir}/lib/fail2ban/ %dir %{_localstatedir}/run/fail2ban/ +%files firewalld +%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf + +%files hostsdeny +%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf + +%files mail +%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf +%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf + +%files sendmail +%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf + +%files shorewall +%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf + +%files systemd +%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf + %changelog +* Wed Mar 19 2014 Orion Poplawski - 0.9-3 +- Split into sub-packages for different components +- Enable journal filter by default (bug #985567) +- Enable firewalld action by default (bug #1046816) + * Tue Mar 18 2014 Orion Poplawski - 0.9-2 - Use Fedora paths - Start after firewalld (bug #1067147) From 673cc6fe140eb8dc2c4e7c16be9aa14f8beb31ad Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 19 Mar 2014 22:14:01 -0600 Subject: [PATCH 13/19] Add upstream patch to fix setting loglevel in fail2ban.conf Add upstream patches to fix tests in mock, run tests --- fail2ban-loglevel.patch | 21 +++++++++++++++++++++ fail2ban-tests-nonet.patch | 20 ++++++++++++++++++++ fail2ban-tests-syslog.patch | 23 +++++++++++++++++++++++ fail2ban.spec | 18 ++++++++++++++++-- 4 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 fail2ban-loglevel.patch create mode 100644 fail2ban-tests-nonet.patch create mode 100644 fail2ban-tests-syslog.patch diff --git a/fail2ban-loglevel.patch b/fail2ban-loglevel.patch new file mode 100644 index 0000000..f41fb87 --- /dev/null +++ b/fail2ban-loglevel.patch @@ -0,0 +1,21 @@ +commit 1470e3c01d49841335e11ed7ca7898516d1b8be8 +Author: Steven Hiscocks +Date: Wed Mar 19 19:09:07 2014 +0000 + + BF: fail2ban.conf reader expected "int" type for `loglevel` + + Closes #657 + +diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py +index f17ff92..251c698 100644 +--- a/fail2ban/client/fail2banreader.py ++++ b/fail2ban/client/fail2banreader.py +@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader): + return ConfigReader.getOptions(self, "Definition", opts) + + def getOptions(self): +- opts = [["int", "loglevel", "INFO" ], ++ opts = [["string", "loglevel", "INFO" ], + ["string", "logtarget", "STDERR"], + ["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"], + ["int", "dbpurgeage", 86400]] diff --git a/fail2ban-tests-nonet.patch b/fail2ban-tests-nonet.patch new file mode 100644 index 0000000..57e1c1c --- /dev/null +++ b/fail2ban-tests-nonet.patch @@ -0,0 +1,20 @@ +commit 175c5934620adb600fe4435732a3887855320669 +Author: Steven Hiscocks +Date: Wed Mar 19 19:30:48 2014 +0000 + + TST: Skip badips.py test is no network option set + +diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py +index 456a829..85c1d92 100644 +--- a/fail2ban/tests/utils.py ++++ b/fail2ban/tests/utils.py +@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False): + for file_ in os.listdir( + os.path.abspath(os.path.dirname(action_d.__file__))): + if file_.startswith("test_") and file_.endswith(".py"): ++ if no_network and file_ in ['test_badips.py']: #pragma: no cover ++ # Test required network ++ continue + tests.addTest(testloader.loadTestsFromName( + "%s.%s" % (action_d.__name__, os.path.splitext(file_)[0]))) + diff --git a/fail2ban-tests-syslog.patch b/fail2ban-tests-syslog.patch new file mode 100644 index 0000000..0541367 --- /dev/null +++ b/fail2ban-tests-syslog.patch @@ -0,0 +1,23 @@ +commit 75325da09091f3ae800a2efbcde1a016617e5f1a +Author: Steven Hiscocks +Date: Wed Mar 19 19:21:23 2014 +0000 + + TST: Skip SYSLOG log target test if '/dev/log' not present + +diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py +index 231aecd..c4163db 100644 +--- a/fail2ban/tests/servertestcase.py ++++ b/fail2ban/tests/servertestcase.py +@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase): + + self.setGetTest("logtarget", "STDOUT") + self.setGetTest("logtarget", "STDERR") ++ ++ def testLogTargetSYSLOG(self): ++ if not os.path.exists("/dev/log") and sys.version_info >= (2, 7): ++ raise unittest.SkipTest("'/dev/log' not present") ++ elif not os.path.exists("/dev/log"): ++ return + self.setGetTest("logtarget", "SYSLOG") + + def testLogLevel(self): diff --git a/fail2ban.spec b/fail2ban.spec index 3272e19..6eed81d 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -5,6 +5,16 @@ Release: 3%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +# Upstream patch to fix setting loglevel +# https://github.com/fail2ban/fail2ban/issues/657 +Patch0: fail2ban-loglevel.patch +# Upstream patch to skip tests with no-network +# https://github.com/fail2ban/fail2ban/issues/110 +Patch1: fail2ban-tests-nonet.patch +# Upstream patch to skip syslog tests without /dev/log +# https://github.com/fail2ban/fail2ban/issues/110 +Patch2: fail2ban-tests-syslog.patch + BuildRequires: python2-devel # For testcases BuildRequires: python-inotify @@ -135,6 +145,9 @@ by default. %prep %setup -q +%patch0 -p1 -b .loglevel +%patch1 -p1 -b .tests-nonet +%patch2 -p1 -b .tests-syslog # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147) @@ -179,8 +192,7 @@ EOF rm -r %{buildroot}%{_docdir}/%{name} %check -# Testcases still pulling in network tests, wants /dev/log -#./fail2ban-testcases-all --no-network +./fail2ban-testcases-all --no-network %post server %if 0%{?fedora} >= 19 @@ -255,6 +267,8 @@ fi - Split into sub-packages for different components - Enable journal filter by default (bug #985567) - Enable firewalld action by default (bug #1046816) +- Add upstream patch to fix setting loglevel in fail2ban.conf +- Add upstream patches to fix tests in mock, run tests * Tue Mar 18 2014 Orion Poplawski - 0.9-2 - Use Fedora paths From d81aba9573a205551f8e54998ca16480605af610 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 20 Mar 2014 08:59:00 -0600 Subject: [PATCH 14/19] Need empty %files to produce main and -all package --- fail2ban.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 6eed81d..7a24cbf 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -216,6 +216,8 @@ fi %systemd_postun_with_restart fail2ban.service %endif +%files + %files server %doc README.md TODO ChangeLog COPYING doc/*.txt %{_bindir}/fail2ban-server @@ -242,6 +244,8 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %dir %{_localstatedir}/run/fail2ban/ +%files all + %files firewalld %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf @@ -263,6 +267,9 @@ fi %changelog +* Thu Mar 20 2014 Orion Poplawski - 0.9-4 +- Need empty %%files to produce main and -all package + * Wed Mar 19 2014 Orion Poplawski - 0.9-3 - Split into sub-packages for different components - Enable journal filter by default (bug #985567) From ed39c40e98de3da6ac584f8dfb037107e477ee10 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 20 Mar 2014 13:30:25 -0600 Subject: [PATCH 15/19] Require mailx for /usr/bin/mailx --- fail2ban.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index 7a24cbf..d4d7f05 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -108,7 +108,7 @@ files. %package mail Summary: Mail actions for Fail2Ban Requires: %{name}-server = %{version}-%{release} -Requires: /usr/bin/mail +Requires: mailx %description mail This package installs Fail2Ban's mail actions. These are an alternative @@ -267,6 +267,9 @@ fi %changelog +* Thu Mar 20 2014 Orion Poplawski - 0.9-5 +- Require mailx for /usr/bin/mailx + * Thu Mar 20 2014 Orion Poplawski - 0.9-4 - Need empty %%files to produce main and -all package From 96df1d56f623faa0cb70ee5bb1cb2a006412469e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 20 Mar 2014 21:20:27 -0600 Subject: [PATCH 16/19] Fix typo --- fail2ban.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index d4d7f05..58937c7 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -268,7 +268,7 @@ fi %changelog * Thu Mar 20 2014 Orion Poplawski - 0.9-5 -- Require mailx for /usr/bin/mailx +- Require mailx for /usr/bin/mail * Thu Mar 20 2014 Orion Poplawski - 0.9-4 - Need empty %%files to produce main and -all package From 5dde66f4934720e97290b15c4cd5d7ae98e2ec1c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 21 Mar 2014 11:47:59 -0600 Subject: [PATCH 17/19] Add some comments to the config files --- fail2ban.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fail2ban.spec b/fail2ban.spec index 58937c7..66bf22b 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -180,11 +180,18 @@ rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf # firewalld configuration cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf < %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf < Date: Sat, 7 Jun 2014 06:22:15 -0500 Subject: [PATCH 18/19] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 66bf22b..fa25872 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -274,6 +274,9 @@ fi %changelog +* Sat Jun 07 2014 Fedora Release Engineering - 0.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Thu Mar 20 2014 Orion Poplawski - 0.9-5 - Require mailx for /usr/bin/mail From ac04ee13497368fd2d2ab575a33e37414226d70a Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 21 Jul 2014 16:20:39 -0600 Subject: [PATCH 19/19] Use systemd for EL7 --- fail2ban.spec | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index fa25872..37b3d73 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -19,7 +19,7 @@ BuildRequires: python2-devel # For testcases BuildRequires: python-inotify BuildArch: noarch -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 BuildRequires: systemd %endif # Default components @@ -46,7 +46,7 @@ configurations. %package server Summary: Core server component for Fail2Ban -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 Requires: systemd-python Requires(post): systemd Requires(preun): systemd @@ -158,7 +158,7 @@ python setup.py build %install python setup.py install -O1 --root %{buildroot} -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 mkdir -p %{buildroot}%{_unitdir} cp -p files/fail2ban.service %{buildroot}%{_unitdir}/ %else @@ -202,14 +202,14 @@ rm -r %{buildroot}%{_docdir}/%{name} ./fail2ban-testcases-all --no-network %post server -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_post fail2ban.service %else /sbin/chkconfig --add %{name} %endif %preun server -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %systemd_preun fail2ban.service %else if [ $1 = 0 ]; then @@ -218,7 +218,7 @@ if [ $1 = 0 ]; then fi %endif -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %postun server %systemd_postun_with_restart fail2ban.service %endif @@ -232,7 +232,7 @@ fi %{_bindir}/fail2ban-regex %{_bindir}/fail2ban-testcases %{python_sitelib}/* -%if 0%{?fedora} >= 19 +%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %{_unitdir}/fail2ban.service %else %{_initddir}/fail2ban @@ -274,6 +274,9 @@ fi %changelog +* Mon Jul 21 2014 Orion Poplawski - 0.9-7 +- Use systemd for EL7 + * Sat Jun 07 2014 Fedora Release Engineering - 0.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild