[packages/fail2ban] - initial (unfinished) update to 0.9.1
arekm
arekm at pld-linux.org
Wed Jan 21 11:25:04 CET 2015
commit ce81aec7499100b9cdfdd86d65ffc4798595b1bb
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Jan 21 11:24:30 2015 +0100
- initial (unfinished) update to 0.9.1
fail2ban.spec | 29 ++++----
logifiles.patch | 189 +++++-------------------------------------------
paths-pld.conf | 36 +++++++++
private-scriptdir.patch | 33 ---------
4 files changed, 68 insertions(+), 219 deletions(-)
---
diff --git a/fail2ban.spec b/fail2ban.spec
index 01e7399..3d2bc58 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,17 +1,19 @@
+# TODO:
+# - resurrect ipv6 support
Summary: Ban IPs that make too many password failures
Summary(pl.UTF-8): Blokowanie IP powodujących zbyt dużo prób logowań z błędnym hasłem
Name: fail2ban
-Version: 0.8.11
-Release: 4
+Version: 0.9.1
+Release: 0.1
License: GPL
Group: Daemons
-Source0: http://download.sourceforge.net/fail2ban/%{name}-%{version}.tar.gz
-# Source0-md5: 2182a21c7efd885f373ffc941d11914d
+Source0: https://github.com/fail2ban/fail2ban/archive/0.9.1.tar.gz
+# Source0-md5: 3554cc3de3f06ddfd7f90f8305b765b8
Source1: %{name}.init
Source2: %{name}.logrotate
+Source3: paths-pld.conf
Patch0: ipv6.patch
-Patch1: private-scriptdir.patch
-Patch2: logifiles.patch
+Patch1: logifiles.patch
URL: http://fail2ban.sourceforge.net/
BuildRequires: python-devel
BuildRequires: python-modules
@@ -40,21 +42,17 @@ z sshd czy plikami logów serwera WWW Apache.
%prep
%setup -q
-%patch0 -p1
+#%patch0 -p1
%patch1 -p1
-%patch2 -p1
rm setup.cfg
-# we don't want very generic named dirs directly in py_sitescriptdir
-sed -i -e 's|@@SCRIPTDIR@@|"%{py_sitescriptdir}/%{name}"|' fail2ban-{client,regex,server}
-
%build
%{__python} setup.py build
%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,logrotate.d} \
- $RPM_BUILD_ROOT{%{_mandir}/man1,/var/log} \
+ $RPM_BUILD_ROOT{%{_mandir}/man1,/var/{log,run/fail2ban}} \
$RPM_BUILD_ROOT{%{systemdunitdir},%{systemdtmpfilesdir}}
%{__python} setup.py install \
@@ -66,6 +64,7 @@ install -p man/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/fail2ban
install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/fail2ban
+install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/fail2ban/paths-pld.conf
install -p files/fail2ban-tmpfiles.conf $RPM_BUILD_ROOT%{systemdtmpfilesdir}/fail2ban.conf
install -p files/fail2ban.service $RPM_BUILD_ROOT%{systemdunitdir}/fail2ban.service
@@ -97,17 +96,19 @@ fi
%files
%defattr(644,root,root,755)
-%doc ChangeLog README.md TODO COPYING
+%doc CONTRIBUTING.md ChangeLog DEVELOP FILTERS README.md RELEASE THANKS TODO COPYING
%attr(754,root,root) /etc/rc.d/init.d/fail2ban
%attr(755,root,root) %{_bindir}/fail2ban-client
-%attr(755,root,root) %{_bindir}/fail2ban-iptables
%attr(755,root,root) %{_bindir}/fail2ban-regex
%attr(755,root,root) %{_bindir}/fail2ban-server
+%attr(755,root,root) %{_bindir}/fail2ban-testcases
%{systemdunitdir}/fail2ban.service
%{systemdtmpfilesdir}/fail2ban.conf
%dir /var/run/fail2ban
%dir %{_sysconfdir}/fail2ban
%dir %{_sysconfdir}/fail2ban/action.d
+%attr(755,root,root) %{_sysconfdir}/fail2ban/action.d/badips.py
+%attr(755,root,root) %{_sysconfdir}/fail2ban/action.d/smtp.py
%dir %{_sysconfdir}/fail2ban/fail2ban.d
%dir %{_sysconfdir}/fail2ban/filter.d
%dir %{_sysconfdir}/fail2ban/jail.d
diff --git a/logifiles.patch b/logifiles.patch
index 78060b9..30c6e0d 100644
--- a/logifiles.patch
+++ b/logifiles.patch
@@ -1,173 +1,18 @@
---- fail2ban-0.8.11/config/jail.conf.orig 2014-01-06 20:44:20.948073144 +0100
-+++ fail2ban-0.8.11/config/jail.conf 2014-01-06 20:52:15.888069706 +0100
-@@ -75,7 +75,7 @@
- filter = sshd
- action = iptables[name=SSH, port=ssh, protocol=tcp]
- sendmail-whois[name=SSH, dest=you at example.com, sender=fail2ban at example.com, sendername="Fail2Ban"]
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry = 5
-
- [proftpd-iptables]
-@@ -84,7 +84,7 @@
- filter = proftpd
- action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
- sendmail-whois[name=ProFTPD, dest=you at example.com]
--logpath = /var/log/proftpd/proftpd.log
-+logpath = /var/log/secure
- maxretry = 6
-
-
-@@ -96,7 +96,7 @@
- backend = polling
- action = iptables[name=sasl, port=smtp, protocol=tcp]
- sendmail-whois[name=sasl, dest=you at example.com]
--logpath = /var/log/mail.log
-+logpath = /var/log/maillog
-
-
- # ASSP SMTP Proxy Jail
-@@ -117,7 +117,7 @@
- action = hostsdeny[daemon_list=sshd]
- sendmail-whois[name=SSH, dest=you at example.com]
- ignoreregex = for myuser from
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
-
-
- # Here we use blackhole routes for not requiring any additional kernel support
-@@ -127,7 +127,7 @@
- enabled = false
- filter = sshd
- action = route
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry = 5
-
-
-@@ -141,7 +141,7 @@
- enabled = false
- filter = sshd
- action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry = 5
-
-
-@@ -150,7 +150,7 @@
- enabled = false
- filter = sshd
- action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry = 5
-
-
-@@ -176,7 +176,7 @@
- enabled = false
- filter = apache-auth
- action = hostsdeny
--logpath = /var/log/apache*/*error.log
-+logpath = /var/log/httpd/*error_log
- /home/www/myhomepage/error.log
- maxretry = 6
-
-@@ -197,7 +197,7 @@
- filter = postfix
- action = hostsdeny[file=/not/a/standard/path/hosts.deny]
- sendmail[name=Postfix, dest=you at example.com]
--logpath = /var/log/postfix.log
-+logpath = /var/log/maillog
- bantime = 300
-
-
-@@ -233,7 +233,7 @@
- filter = apache-badbots
- action = iptables-multiport[name=BadBots, port="http,https"]
- sendmail-buffered[name=BadBots, lines=5, dest=you at example.com]
--logpath = /var/www/*/logs/access_log
-+logpath = /var/log/httpd/*access_log
- bantime = 172800
- maxretry = 1
-
-@@ -245,7 +245,7 @@
- filter = apache-noscript
- action = shorewall
- sendmail[name=Postfix, dest=you at example.com]
--logpath = /var/log/apache2/error_log
-+logpath = /var/log/httpd/error_log
-
-
- # Monitor roundcube server
-@@ -276,7 +276,7 @@
- enabled = false
- action = iptables-multiport[name=php-url-open, port="http,https"]
- filter = php-url-fopen
--logpath = /var/www/*/logs/access_log
-+logpath = /var/log/httpd/*access_log
- maxretry = 1
-
-
-@@ -341,7 +341,7 @@
- filter = named-refused
- action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
- sendmail-whois[name=Named, dest=you at example.com]
--logpath = /var/log/named/security.log
-+logpath = /var/log/named/named.log
- ignoreip = 168.192.0.1
-
-
-@@ -385,7 +385,7 @@
- filter = mysqld-auth
- action = iptables[name=mysql, port=3306, protocol=tcp]
- sendmail-whois[name=MySQL, dest=root, sender=fail2ban at example.com]
--logpath = /var/log/mysqld.log
-+logpath = /var/log/mysql/mysqld.log
- maxretry = 5
-
-
-@@ -394,7 +394,7 @@
+--- fail2ban-0.9.1/config/jail.conf~ 2014-10-28 02:49:40.000000000 +0100
++++ fail2ban-0.9.1/config/jail.conf 2015-01-21 11:16:14.946314277 +0100
+@@ -33,7 +33,7 @@
+ [INCLUDES]
+
+ #before = paths-distro.conf
+-before = paths-debian.conf
++before = paths-pld.conf
+
+ # The DEFAULT allows a global definition of the options. They can be overridden
+ # in each jail afterwards.
+@@ -723,4 +723,4 @@
+ [portsentry]
enabled = false
- filter = mysqld-auth
- action = iptables[name=mysql, port=3306, protocol=tcp]
--logpath = /var/log/daemon.log
-+logpath = /var/log/mysql/mysqld.log
- maxretry = 5
-
-
-@@ -438,7 +438,7 @@
- enabled = false
- filter = exim
- action = iptables-multiport[name=exim,port="25,465,587"]
--logpath = /var/log/exim/mainlog
-+logpath = /var/log/exim/main.log
-
-
- [exim-spam]
-@@ -446,7 +446,7 @@
- enabled = false
- filter = exim-spam
- action = iptables-multiport[name=exim-spam,port="25,465,587"]
--logpath = /var/log/exim/mainlog
-+logpath = /var/log/exim/main.log
-
-
- [perdition]
-@@ -497,7 +497,7 @@
- enabled = false
- filter = webmin-auth
- action = iptables-multiport[name=webmin,port="10000"]
--logpath = /var/log/auth.log
-+logpath = /var/log/secure
-
-
- # dovecot defaults to logging to the mail syslog facility
-@@ -507,7 +507,7 @@
- enabled = false
- filter = dovecot
- action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,smtps,sieve", protocol=tcp]
--logpath = /var/log/mail.log
-+logpath = /var/log/maillog
-
-
- [dovecot-auth]
+ logpath = /var/lib/portsentry/portsentry.history
+-maxretry = 1
+\ Brak znaku nowej linii na końcu pliku
++maxretry = 1
diff --git a/paths-pld.conf b/paths-pld.conf
new file mode 100644
index 0000000..702a0b8
--- /dev/null
+++ b/paths-pld.conf
@@ -0,0 +1,36 @@
+# PLD
+
+[INCLUDES]
+
+before = paths-common.conf
+
+after = paths-overrides.local
+
+
+[DEFAULT]
+
+syslog_mail = /var/log/mail.log
+
+syslog_mail_warn = /var/log/mail.warn
+
+syslog_authpriv = /var/log/secure
+
+syslog_user = /var/log/user
+
+syslog_ftp = /var/log/syslog
+
+syslog_daemon = /var/log/daemon
+
+syslog_local0 = /var/log/messages
+
+
+apache_error_log = /var/log/httpd/*error.log
+
+apache_access_log = /var/log/httpd/*access.log
+
+exim_main_log = /var/log/exim/main.log
+
+proftpd_log = /var/log/secure
+
+
+
diff --git a/private-scriptdir.patch b/private-scriptdir.patch
deleted file mode 100644
index 4667876..0000000
--- a/private-scriptdir.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- fail2ban-0.8.11/fail2ban-client~ 2013-11-12 22:06:54.000000000 +0100
-+++ fail2ban-0.8.11/fail2ban-client 2014-01-06 19:55:02.041427898 +0100
-@@ -30,7 +30,7 @@
- try:
- from common.version import version
- except ImportError, e:
-- sys.path.insert(1, "/usr/share/fail2ban")
-+ sys.path.insert(1, @@SCRIPTDIR@@)
- from common.version import version
-
- # Now we can import the rest of modules
---- fail2ban-0.8.11/fail2ban-regex~ 2013-11-12 22:06:54.000000000 +0100
-+++ fail2ban-0.8.11/fail2ban-regex 2014-01-06 19:55:23.041427746 +0100
-@@ -36,7 +36,7 @@
- try:
- from common.version import version
- except ImportError, e:
-- sys.path.insert(1, "/usr/share/fail2ban")
-+ sys.path.insert(1, @@SCRIPTDIR@@)
- from common.version import version
-
- from optparse import OptionParser, Option
---- fail2ban-0.8.11/fail2ban-server~ 2013-11-12 22:06:54.000000000 +0100
-+++ fail2ban-0.8.11/fail2ban-server 2014-01-06 19:55:39.534760960 +0100
-@@ -29,7 +29,7 @@
- try:
- from common.version import version
- except ImportError, e:
-- sys.path.insert(1, "/usr/share/fail2ban")
-+ sys.path.insert(1, @@SCRIPTDIR@@)
- from common.version import version
-
- from server.server import Server
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/fail2ban.git/commitdiff/ce81aec7499100b9cdfdd86d65ffc4798595b1bb
More information about the pld-cvs-commit
mailing list