|
|
|
|
@ -1,6 +1,6 @@
|
|
|
|
|
Name: fail2ban
|
|
|
|
|
Version: 0.11.1
|
|
|
|
|
Release: 5%{?dist}
|
|
|
|
|
Release: 6%{?dist}
|
|
|
|
|
Summary: Daemon to ban hosts that cause multiple authentication errors
|
|
|
|
|
|
|
|
|
|
License: GPLv2+
|
|
|
|
|
@ -36,9 +36,7 @@ BuildRequires: /usr/bin/2to3
|
|
|
|
|
BuildRequires: python3-inotify
|
|
|
|
|
BuildRequires: sqlite
|
|
|
|
|
BuildArch: noarch
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
BuildRequires: systemd
|
|
|
|
|
%endif
|
|
|
|
|
BuildRequires: selinux-policy-devel
|
|
|
|
|
# Default components
|
|
|
|
|
Requires: %{name}-firewalld = %{version}-%{release}
|
|
|
|
|
@ -75,17 +73,10 @@ SELinux policies for Fail2Ban.
|
|
|
|
|
|
|
|
|
|
%package server
|
|
|
|
|
Summary: Core server component for Fail2Ban
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
Requires: python3-systemd
|
|
|
|
|
Requires(post): systemd
|
|
|
|
|
Requires(preun): systemd
|
|
|
|
|
Requires(postun): systemd
|
|
|
|
|
%else
|
|
|
|
|
Requires: initscripts
|
|
|
|
|
Requires(post): /sbin/chkconfig
|
|
|
|
|
Requires(preun): /sbin/chkconfig
|
|
|
|
|
Requires(preun): /sbin/service
|
|
|
|
|
%endif
|
|
|
|
|
Requires: ipset
|
|
|
|
|
Requires: iptables
|
|
|
|
|
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
|
|
|
|
@ -185,13 +176,16 @@ by default.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%autosetup -p1
|
|
|
|
|
|
|
|
|
|
# Use Fedora paths
|
|
|
|
|
sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
|
|
|
|
|
2to3 --write --nobackups .
|
|
|
|
|
find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
|
|
|
|
|
|
|
|
|
|
# SELinux sources
|
|
|
|
|
cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
%py3_build
|
|
|
|
|
make -f %SOURCE4
|
|
|
|
|
@ -202,13 +196,8 @@ make -f %SOURCE4
|
|
|
|
|
# Make symbolic link relative
|
|
|
|
|
ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
|
|
|
|
|
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
mkdir -p %{buildroot}%{_unitdir}
|
|
|
|
|
cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
|
|
|
|
|
%else
|
|
|
|
|
mkdir -p %{buildroot}%{_initddir}
|
|
|
|
|
install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
|
|
|
|
|
%endif
|
|
|
|
|
mkdir -p %{buildroot}%{_mandir}/man{1,5}
|
|
|
|
|
install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
|
|
|
|
|
install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
|
|
|
|
|
@ -219,21 +208,25 @@ install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
|
|
|
|
|
install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
|
|
|
|
|
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
|
|
install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
|
|
|
|
|
|
|
|
|
|
# Remove non-Linux actions
|
|
|
|
|
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
|
|
|
|
|
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
|
|
|
|
|
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
|
|
|
|
|
|
|
|
|
|
# Remove config files for other distros
|
|
|
|
|
rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
|
|
|
|
|
|
|
|
|
|
# firewalld configuration
|
|
|
|
|
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <<EOF
|
|
|
|
|
# This file is part of the fail2ban-firewalld package to configure the use of
|
|
|
|
|
# the firewalld actions as the default actions. You can remove this package
|
|
|
|
|
# (along with the empty fail2ban meta-package) if you do not use firewalld
|
|
|
|
|
[DEFAULT]
|
|
|
|
|
banaction = firewallcmd-ipset[actiontype=<multiport>]
|
|
|
|
|
banaction_allports = firewallcmd-ipset[actiontype=<allports>]
|
|
|
|
|
banaction = firewallcmd-rich-rules[actiontype=<multiport>]
|
|
|
|
|
banaction_allports = firewallcmd-rich-rules[actiontype=<allports>]
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
# systemd journal configuration
|
|
|
|
|
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
|
|
|
|
|
# This file is part of the fail2ban-systemd package to configure the use of
|
|
|
|
|
@ -243,6 +236,7 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
|
|
|
|
|
[DEFAULT]
|
|
|
|
|
backend=systemd
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
# Remove installed doc, use doc macro instead
|
|
|
|
|
rm -r %{buildroot}%{_docdir}/%{name}
|
|
|
|
|
|
|
|
|
|
@ -272,26 +266,14 @@ fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%post server
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
%systemd_post fail2ban.service
|
|
|
|
|
%else
|
|
|
|
|
/sbin/chkconfig --add %{name}
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%preun server
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
%systemd_preun fail2ban.service
|
|
|
|
|
%else
|
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
|
/sbin/service %{name} stop > /dev/null 2>&1
|
|
|
|
|
/sbin/chkconfig --del %{name}
|
|
|
|
|
fi
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
%postun server
|
|
|
|
|
%systemd_postun_with_restart fail2ban.service
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
|
|
|
|
|
@ -308,11 +290,7 @@ fi
|
|
|
|
|
%{_bindir}/fail2ban-server
|
|
|
|
|
%{python3_sitelib}/*
|
|
|
|
|
%exclude %{python3_sitelib}/fail2ban/tests
|
|
|
|
|
%if 0%{?fedora} || 0%{?rhel} >= 7
|
|
|
|
|
%{_unitdir}/fail2ban.service
|
|
|
|
|
%else
|
|
|
|
|
%{_initddir}/fail2ban
|
|
|
|
|
%endif
|
|
|
|
|
%{_mandir}/man1/fail2ban.1*
|
|
|
|
|
%{_mandir}/man1/fail2ban-client.1*
|
|
|
|
|
%{_mandir}/man1/fail2ban-python.1*
|
|
|
|
|
@ -366,6 +344,11 @@ fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Thu Apr 16 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-6
|
|
|
|
|
- Change default firewalld backend from ipset to rich-rules as ipset causes
|
|
|
|
|
firewalld to use legacy iptables. Fixes RHBZ#1823746.
|
|
|
|
|
- Remove conditionals for EL versions less than 7.
|
|
|
|
|
|
|
|
|
|
* Thu Mar 19 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-5
|
|
|
|
|
- Update for Python 3.9.
|
|
|
|
|
|
|
|
|
|
|
Richard Shaw
5 years ago