|
@@ -0,0 +1,293 @@
|
|
|
+%bcond_with systemd
|
|
|
+%bcond_with tests
|
|
|
+
|
|
|
+%global py2to3 /usr/bin/2to3-3.5
|
|
|
+
|
|
|
+Summary: Ban IPs that make too many password failures
|
|
|
+Name: fail2ban
|
|
|
+Version: 0.11.1
|
|
|
+Release: 1%{?_dist_release}%{?with_systemd:.systemd}
|
|
|
+Group: System Environment/Daemons
|
|
|
+Vendor: Project Vine
|
|
|
+Distribution: Vine Linux
|
|
|
+
|
|
|
+License: GPLv2+
|
|
|
+URL: https://github.com/fail2ban/fail2ban
|
|
|
+Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
|
|
+Source1: fail2ban-logrotate
|
|
|
+
|
|
|
+# Fix nginx-block-map
|
|
|
+Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
|
|
|
+# testIPAddr_CompareDNS: add missing network constraint
|
|
|
+Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
|
|
|
+# Fix test thread stack size on aarch64
|
|
|
+Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
|
|
|
+# Fix handling of journal in tests
|
|
|
+Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
|
|
|
+# Fix test install
|
|
|
+Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
|
|
|
+# Patch for Python 3.9
|
|
|
+# https://bugzilla.redhat.com/show_bug.cgi?id=1808347
|
|
|
+#Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch
|
|
|
+#Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
|
|
|
+
|
|
|
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
+BuildRequires: python3-devel
|
|
|
+BuildRequires: python3-rpm-macros
|
|
|
+BuildRequires: python3-setuptools
|
|
|
+BuildArch: noarch
|
|
|
+Requires: iptables, tcp_wrappers
|
|
|
+Requires: python3-inotify
|
|
|
+%if %{with systemd}
|
|
|
+%{?systemd_requires}
|
|
|
+%else
|
|
|
+Requires: initscripts
|
|
|
+Requires(post): /sbin/chkconfig
|
|
|
+Requires(preun): /sbin/chkconfig
|
|
|
+Requires(preun): /sbin/service
|
|
|
+%endif
|
|
|
+
|
|
|
+%description
|
|
|
+Fail2ban scans log files like /var/log/pwdfail or
|
|
|
+/var/log/apache/error_log and bans IP that makes too many password
|
|
|
+failures. It updates firewall rules to reject the IP address.
|
|
|
+
|
|
|
+
|
|
|
+%prep
|
|
|
+%setup -q
|
|
|
+%autosetup -p1
|
|
|
+
|
|
|
+%{py2to3} --write --nobackups .
|
|
|
+find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
|
|
|
+
|
|
|
+
|
|
|
+%build
|
|
|
+%{py3_build}
|
|
|
+
|
|
|
+
|
|
|
+%install
|
|
|
+rm -rf %{buildroot}
|
|
|
+%{py3_install}
|
|
|
+
|
|
|
+%if %{with systemd}
|
|
|
+mkdir -p %{buildroot}%{_unitdir}
|
|
|
+install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/
|
|
|
+mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
|
|
|
+install -d -m 0755 %{buildroot}/run/fail2ban/
|
|
|
+install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
|
|
|
+# systemd journal configuration
|
|
|
+cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
|
|
|
+# This file is part of the fail2ban-systemd package to configure the use of
|
|
|
+# the systemd journal as the default backend. You can remove this package
|
|
|
+# (along with the empty fail2ban meta-package) if you do not want to use the
|
|
|
+# journal backend
|
|
|
+[DEFAULT]
|
|
|
+backend=systemd
|
|
|
+EOF
|
|
|
+%else
|
|
|
+mkdir -p %{buildroot}%{_initddir}
|
|
|
+install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
|
|
|
+%endif
|
|
|
+mkdir -p %{buildroot}%{_mandir}/man{1,5}
|
|
|
+install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
|
|
|
+install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
|
|
|
+mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
|
|
+install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
|
|
|
+install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
|
|
|
+install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
|
|
|
+
|
|
|
+rm -rf %{buildroot}%{_docdir}/fail2ban
|
|
|
+
|
|
|
+# Remove non-Linux actions
|
|
|
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
|
|
|
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
|
|
|
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
|
|
|
+
|
|
|
+
|
|
|
+%if %{with tests}
|
|
|
+%check
|
|
|
+export LANG=ja_JP.UTF-8
|
|
|
+%{__python3} bin/fail2ban-testcases --verbosity=2 --no-network
|
|
|
+%endif
|
|
|
+
|
|
|
+%clean
|
|
|
+rm -rf %{buildroot}
|
|
|
+
|
|
|
+
|
|
|
+%post
|
|
|
+%if %{with systemd}
|
|
|
+%systemd_post fail2ban.service
|
|
|
+%else
|
|
|
+/sbin/chkconfig --add %{name}
|
|
|
+%endif
|
|
|
+
|
|
|
+%preun
|
|
|
+%if %{with systemd}
|
|
|
+%systemd_preun fail2ban.service
|
|
|
+%else
|
|
|
+if [ $1 = 0 -o -x /bin/systemctl ]; then
|
|
|
+ /sbin/service %{name} stop > /dev/null 2>&1
|
|
|
+ /sbin/chkconfig --del %{name}
|
|
|
+fi
|
|
|
+%endif
|
|
|
+
|
|
|
+%if %{with systemd}
|
|
|
+%postun
|
|
|
+%systemd_postun_with_restart fail2ban.service
|
|
|
+%endif
|
|
|
+
|
|
|
+
|
|
|
+%files
|
|
|
+%defattr(-,root,root,-)
|
|
|
+%license COPYING
|
|
|
+%doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt
|
|
|
+#doc config/fail2ban.conf*
|
|
|
+%{_bindir}/fail2ban-python
|
|
|
+%{_bindir}/fail2ban-server
|
|
|
+%{_bindir}/fail2ban-client
|
|
|
+%{_bindir}/fail2ban-regex
|
|
|
+%{_bindir}/fail2ban-testcases
|
|
|
+#%{_datadir}/fail2ban
|
|
|
+%{python3_sitelib}/fail2ban*
|
|
|
+%{_mandir}/man1/*.1*
|
|
|
+%{_mandir}/man5/*.5*
|
|
|
+%dir %{_sysconfdir}/fail2ban
|
|
|
+%dir %{_sysconfdir}/fail2ban/action.d
|
|
|
+%dir %{_sysconfdir}/fail2ban/filter.d
|
|
|
+%dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands
|
|
|
+%dir %{_sysconfdir}/fail2ban/jail.d
|
|
|
+%config(noreplace) %{_sysconfdir}/fail2ban/*.conf
|
|
|
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*
|
|
|
+%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
|
|
|
+%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/*
|
|
|
+%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
|
|
|
+%dir %{_localstatedir}/lib/fail2ban/
|
|
|
+%if %{with systemd}
|
|
|
+%{_unitdir}/*
|
|
|
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/*
|
|
|
+%config(noreplace) %{_tmpfilesdir}/fail2ban.conf
|
|
|
+%dir /run/%{name}/
|
|
|
+%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
|
|
|
+%else
|
|
|
+%{_initddir}/fail2ban
|
|
|
+%dir %{_localstatedir}/run/fail2ban/
|
|
|
+%endif
|
|
|
+
|
|
|
+
|
|
|
+%changelog
|
|
|
+* Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1
|
|
|
+- new upstream release.
|
|
|
+- added systemd support (disabled as default).
|
|
|
+
|
|
|
+* Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1
|
|
|
+- new upstream release.
|
|
|
+- switched to python3.
|
|
|
+
|
|
|
+* Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1
|
|
|
+- new upstream release.
|
|
|
+
|
|
|
+* Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1
|
|
|
+- new upstream release.
|
|
|
+
|
|
|
+* Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1
|
|
|
+- new upstream release.
|
|
|
+
|
|
|
+* Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1
|
|
|
+- new upstream release.
|
|
|
+
|
|
|
+* Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2
|
|
|
+- initial build on Vine Linux.
|
|
|
+
|
|
|
+* Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
|
|
|
+- Update to 0.8.7.1
|
|
|
+- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
|
|
|
+- Rebase sshd and notmp patches
|
|
|
+- Use _initddir macro
|
|
|
+
|
|
|
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
|
|
|
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
+
|
|
|
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
|
|
|
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
+
|
|
|
+* Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
|
|
|
+- Move tmp files to /var/lib (suggested by Phil Anderson).
|
|
|
+- Enable inotify support (by Jonathan Underwood).
|
|
|
+- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
|
|
|
+
|
|
|
+* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
|
|
|
+- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
|
|
|
+ cloexec another fd leak.
|
|
|
+
|
|
|
+* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
|
|
|
+- update to 0.8.4.
|
|
|
+
|
|
|
+* Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
|
|
|
+- Update to a newer svn snapshot to fix python 2.6 issue.
|
|
|
+
|
|
|
+* Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
|
|
|
+- Log to syslog (RH bug #491983). Also deals with RH bug #515116.
|
|
|
+- Check inodes of log files (RH bug #503852).
|
|
|
+
|
|
|
+* Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
|
|
|
+- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
|
|
|
+
|
|
|
+* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
|
|
|
+- Rebuild for Python 2.6
|
|
|
+
|
|
|
+* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
|
|
|
+- Update to 0.8.3.
|
|
|
+
|
|
|
+* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
|
|
|
+- fix license tag
|
|
|
+
|
|
|
+* Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
|
|
|
+- Close on exec fixes by Jonathan Underwood.
|
|
|
+
|
|
|
+* Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
|
|
|
+- Add %%{_localstatedir}/run/fail2ban (David Rees).
|
|
|
+
|
|
|
+* Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
|
|
|
+- Update to 0.8.2.
|
|
|
+
|
|
|
+* Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
|
|
|
+- Move socket file from /tmp to /var/run to prevent SElinux from stopping
|
|
|
+ fail2ban from starting (BZ #429281)
|
|
|
+- Change logic in init file to start with -x to remove the socket file in case
|
|
|
+ of unclean shutdown
|
|
|
+
|
|
|
+* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
|
|
|
+- Update to 0.8.1.
|
|
|
+- Remove patch fixing CVE-2007-4321 (upstream).
|
|
|
+- Remove AllowUsers patch (upstream).
|
|
|
+- Add dependency to gamin-python.
|
|
|
+
|
|
|
+* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
|
|
|
+- Fix remote log injection (no CVE assignment yet).
|
|
|
+
|
|
|
+* Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
|
|
|
+- Also trigger on non-AllowUsers failures (Jonathan Underwood
|
|
|
+ <jonathan.underwood@gmail.com>).
|
|
|
+
|
|
|
+* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
|
|
|
+- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
|
|
|
+- send mail to root; logrotate (Jonathan Underwood
|
|
|
+ <jonathan.underwood@gmail.com>)
|
|
|
+
|
|
|
+* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
|
|
|
+- Update to 0.8.0.
|
|
|
+- enable ssh by default, fix log file for ssh scanning, adjust python
|
|
|
+ dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
|
|
|
+
|
|
|
+* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
|
|
|
+- Remove forgotten condrestart.
|
|
|
+
|
|
|
+* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
|
|
|
+- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
|
|
|
+- Don't default chkconfig to enabled.
|
|
|
+- Add dependencies on service/chkconfig.
|
|
|
+- Use example iptables/ssh config as default config.
|
|
|
+
|
|
|
+* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
|
|
|
+- Initial build.
|