# Not defined in Fedora's buildsystem %global _initdir %{_sysconfdir}/rc.d/init.d Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.0 Release: 9%{?dist} License: GPL Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 Source1: fail2ban-logrotate Patch0: fail2ban-0.8.0-init.patch Patch1: fail2ban-0.8.0-sshd.patch Patch2: fail2ban-0.8-sshd-filter.diff BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel >= 2.4 BuildArch: noarch Requires: iptables, tcp_wrappers, shorewall Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %description Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. %prep %setup -q %patch0 -p1 -b .init %patch1 -p1 -b .sshd %patch2 -p1 -b .sshdallowusersm %build python setup.py build %install rm -rf %{buildroot} python setup.py install -O1 --root %{buildroot} mkdir -p %{buildroot}%{_initdir} install -p -m 755 files/redhat-initd %{buildroot}%{_initdir}/fail2ban mkdir -p %{buildroot}%{_mandir}/man1 install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban %clean rm -rf %{buildroot} %post /sbin/chkconfig --add %{name} %preun if [ $1 = 0 ]; then /sbin/service %{name} stop > /dev/null 2>&1 /sbin/chkconfig --del %{name} fi %files %defattr(-,root,root,-) %doc README TODO CHANGELOG COPYING #doc config/fail2ban.conf* %{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex %{_datadir}/fail2ban %{_initdir}/fail2ban %{_mandir}/man1/fail2ban-*.1* %dir %{_sysconfdir}/fail2ban %dir %{_sysconfdir}/fail2ban/action.d %dir %{_sysconfdir}/fail2ban/filter.d %config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf %config(noreplace) %{_sysconfdir}/fail2ban/jail.conf %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban %changelog * Thu Jun 21 2007 Axel Thimm - 0.8.0-9 - Fix remote log injection (no CVE assignment yet). * Sun Jun 3 2007 Axel Thimm - 0.8.0-8 - Also trigger on non-AllowUsers failures (Jonathan Underwood ). * Wed May 23 2007 Axel Thimm - 0.8.0-7 - logrotate should restart fail2ban (Zing ). - send mail to root; logrotate (Jonathan Underwood ) * Sat May 19 2007 Axel Thimm - 0.8.0-4 - Update to 0.8.0. - enable ssh by default, fix log file for ssh scanning, adjust python dependency (Jonathan Underwood ) * Sat Dec 30 2006 Axel Thimm - 0.6.2-3 - Remove forgotten condrestart. * Fri Dec 29 2006 Axel Thimm - 0.6.2-2 - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban. - Don't default chkconfig to enabled. - Add dependencies on service/chkconfig. - Use example iptables/ssh config as default config. * Mon Dec 25 2006 Axel Thimm - 0.6.2-1 - Initial build.