%bcond_with systemd %bcond_with tests %global py2to3 /usr/bin/2to3-3.8 Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.11.2 Release: 1%{?_dist_release}%{?with_systemd:.systemd} Group: system Vendor: Project Vine Distribution: Vine Linux License: GPLv2+ URL: https://github.com/fail2ban/fail2ban Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: fail2ban-logrotate # Fixes century selector for tests # https://bugzilla.redhat.com/show_bug.cgi?id=1912472 Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf45277137771fc747fe.patch Patch1000: CVE-2021-32749.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python3-devel BuildRequires: python3-rpm-macros BuildRequires: python3-setuptools Requires: iptables, ipset #Requires: tcp_wrappers Requires: python3-inotify %if %{with systemd} %{?systemd_requires} %else Requires: initscripts Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service %endif %description Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. %prep %setup -q %autosetup -p1 %{py2to3} --write --nobackups . find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} + %build %{py3_build} %install rm -rf %{buildroot} %{py3_install} %if %{with systemd} mkdir -p %{buildroot}%{_unitdir} install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/ mkdir -p %{buildroot}%{_tmpfilesdir} install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf install -d -m 0755 %{buildroot}/run/fail2ban/ install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid # systemd journal configuration cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf < /dev/null 2>&1 /sbin/chkconfig --del %{name} fi %endif %if %{with systemd} %postun %systemd_postun_with_restart fail2ban.service %endif %files %defattr(-,root,root,-) %license COPYING %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt #doc config/fail2ban.conf* %{_bindir}/fail2ban-python %{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex %{_bindir}/fail2ban-testcases #%{_datadir}/fail2ban %{python3_sitelib}/fail2ban* %{_mandir}/man1/*.1* %{_mandir}/man5/*.5* %dir %{_sysconfdir}/fail2ban %dir %{_sysconfdir}/fail2ban/action.d %dir %{_sysconfdir}/fail2ban/filter.d %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands %dir %{_sysconfdir}/fail2ban/jail.d %config(noreplace) %{_sysconfdir}/fail2ban/*.conf %config(noreplace) %{_sysconfdir}/fail2ban/action.d/* %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/* %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban %dir %{_localstatedir}/lib/fail2ban/ %if %{with systemd} %{_unitdir}/* %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/* %config(noreplace) %{_tmpfilesdir}/fail2ban.conf %dir /run/%{name}/ %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid %else %{_initddir}/fail2ban %dir %{_localstatedir}/run/fail2ban/ %endif %changelog * Wed Jul 28 2021 Tomohiro "Tomo-p" KATO 0.11.2-1 - new upstream release. - imported Patch1000 from upstream to fix CVE-2021-32749. - dropped Patch1-4: fixed in upstream. - imported Patch1 from rawhide. * Sat Aug 15 2020 Tomohiro "Tomo-p" KATO 0.11.1-2 - rebuilt with python-3.8. * Fri May 01 2020 Tomohiro "Tomo-p" KATO 0.11.1-1 - new upstream release. - added systemd support (disabled as default). * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO 0.10.4-1 - new upstream release. - switched to python3. * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO 0.10.1-1 - new upstream release. * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO 0.9.4-1 - new upstream release. * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO 0.8.14-1 - new upstream release. * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO 0.8.9-1 - new upstream release. * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO 0.8.7.1-2 - initial build on Vine Linux. * Thu Oct 11 2012 Orion Poplawski - 0.8.7.1-1 - Update to 0.8.7.1 - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream - Rebase sshd and notmp patches - Use _initddir macro * Thu Jul 19 2012 Fedora Release Engineering - 0.8.4-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering - 0.8.4-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Sat Apr 9 2011 Axel Thimm - 0.8.4-27 - Move tmp files to /var/lib (suggested by Phil Anderson). - Enable inotify support (by Jonathan Underwood). - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584. * Sun Feb 14 2010 Axel Thimm - 0.8.4-24 - Patch by Jonathan G. Underwood to cloexec another fd leak. * Fri Sep 11 2009 Axel Thimm - 0.8.4-23 - update to 0.8.4. * Wed Sep 2 2009 Axel Thimm - 0.8.3-22 - Update to a newer svn snapshot to fix python 2.6 issue. * Thu Aug 27 2009 Axel Thimm - 0.8.3-21 - Log to syslog (RH bug #491983). Also deals with RH bug #515116. - Check inodes of log files (RH bug #503852). * Sat Feb 14 2009 Axel Thimm - 0.8.3-18 - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466). * Mon Dec 01 2008 Ignacio Vazquez-Abrams - 0.8.3-17 - Rebuild for Python 2.6 * Sun Aug 24 2008 Axel Thimm - 0.8.3-16 - Update to 0.8.3. * Wed May 21 2008 Tom "spot" Callaway - 0.8.2-15 - fix license tag * Thu Mar 27 2008 Axel Thimm - 0.8.2-14 - Close on exec fixes by Jonathan Underwood. * Sun Mar 16 2008 Axel Thimm - 0.8.2-13 - Add %%{_localstatedir}/run/fail2ban (David Rees). * Fri Mar 14 2008 Axel Thimm - 0.8.2-12 - Update to 0.8.2. * Thu Jan 31 2008 Jonathan G. Underwood - 0.8.1-11 - Move socket file from /tmp to /var/run to prevent SElinux from stopping fail2ban from starting (BZ #429281) - Change logic in init file to start with -x to remove the socket file in case of unclean shutdown * Wed Aug 15 2007 Axel Thimm - 0.8.1-10 - Update to 0.8.1. - Remove patch fixing CVE-2007-4321 (upstream). - Remove AllowUsers patch (upstream). - Add dependency to gamin-python. * Thu Jun 21 2007 Axel Thimm - 0.8.0-9 - Fix remote log injection (no CVE assignment yet). * Sun Jun 3 2007 Axel Thimm - 0.8.0-8 - Also trigger on non-AllowUsers failures (Jonathan Underwood ). * Wed May 23 2007 Axel Thimm - 0.8.0-7 - logrotate should restart fail2ban (Zing ). - send mail to root; logrotate (Jonathan Underwood ) * Sat May 19 2007 Axel Thimm - 0.8.0-4 - Update to 0.8.0. - enable ssh by default, fix log file for ssh scanning, adjust python dependency (Jonathan Underwood ) * Sat Dec 30 2006 Axel Thimm - 0.6.2-3 - Remove forgotten condrestart. * Fri Dec 29 2006 Axel Thimm - 0.6.2-2 - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban. - Don't default chkconfig to enabled. - Add dependencies on service/chkconfig. - Use example iptables/ssh config as default config. * Mon Dec 25 2006 Axel Thimm - 0.6.2-1 - Initial build.