[12425] | 1 | %bcond_with systemd |
---|
| 2 | %bcond_with tests |
---|
| 3 | |
---|
[12469] | 4 | %global py2to3 /usr/bin/2to3-3.8 |
---|
[12425] | 5 | |
---|
| 6 | Summary: Ban IPs that make too many password failures |
---|
| 7 | Name: fail2ban |
---|
| 8 | Version: 0.11.1 |
---|
[12469] | 9 | Release: 2%{?_dist_release}%{?with_systemd:.systemd} |
---|
| 10 | Group: system |
---|
[12425] | 11 | Vendor: Project Vine |
---|
| 12 | Distribution: Vine Linux |
---|
| 13 | |
---|
| 14 | License: GPLv2+ |
---|
| 15 | URL: https://github.com/fail2ban/fail2ban |
---|
| 16 | Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz |
---|
| 17 | Source1: fail2ban-logrotate |
---|
| 18 | |
---|
| 19 | # Fix nginx-block-map |
---|
| 20 | Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch |
---|
| 21 | # testIPAddr_CompareDNS: add missing network constraint |
---|
| 22 | Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch |
---|
| 23 | # Fix test thread stack size on aarch64 |
---|
| 24 | Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch |
---|
| 25 | # Fix handling of journal in tests |
---|
| 26 | Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch |
---|
| 27 | # Fix test install |
---|
| 28 | Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch |
---|
| 29 | # Patch for Python 3.9 |
---|
| 30 | # https://bugzilla.redhat.com/show_bug.cgi?id=1808347 |
---|
| 31 | #Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch |
---|
| 32 | #Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch |
---|
| 33 | |
---|
[12469] | 34 | BuildArch: noarch |
---|
[12425] | 35 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
| 36 | BuildRequires: python3-devel |
---|
| 37 | BuildRequires: python3-rpm-macros |
---|
| 38 | BuildRequires: python3-setuptools |
---|
[12469] | 39 | Requires: iptables, ipset |
---|
| 40 | #Requires: tcp_wrappers |
---|
[12425] | 41 | Requires: python3-inotify |
---|
| 42 | %if %{with systemd} |
---|
| 43 | %{?systemd_requires} |
---|
| 44 | %else |
---|
| 45 | Requires: initscripts |
---|
| 46 | Requires(post): /sbin/chkconfig |
---|
| 47 | Requires(preun): /sbin/chkconfig |
---|
| 48 | Requires(preun): /sbin/service |
---|
| 49 | %endif |
---|
| 50 | |
---|
| 51 | %description |
---|
| 52 | Fail2ban scans log files like /var/log/pwdfail or |
---|
| 53 | /var/log/apache/error_log and bans IP that makes too many password |
---|
| 54 | failures. It updates firewall rules to reject the IP address. |
---|
| 55 | |
---|
| 56 | |
---|
| 57 | %prep |
---|
| 58 | %setup -q |
---|
| 59 | %autosetup -p1 |
---|
| 60 | |
---|
| 61 | %{py2to3} --write --nobackups . |
---|
| 62 | find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} + |
---|
| 63 | |
---|
| 64 | |
---|
| 65 | %build |
---|
| 66 | %{py3_build} |
---|
| 67 | |
---|
| 68 | |
---|
| 69 | %install |
---|
| 70 | rm -rf %{buildroot} |
---|
| 71 | %{py3_install} |
---|
| 72 | |
---|
| 73 | %if %{with systemd} |
---|
| 74 | mkdir -p %{buildroot}%{_unitdir} |
---|
| 75 | install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/ |
---|
| 76 | mkdir -p %{buildroot}%{_tmpfilesdir} |
---|
| 77 | install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf |
---|
| 78 | install -d -m 0755 %{buildroot}/run/fail2ban/ |
---|
| 79 | install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid |
---|
| 80 | # systemd journal configuration |
---|
| 81 | cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF |
---|
| 82 | # This file is part of the fail2ban-systemd package to configure the use of |
---|
| 83 | # the systemd journal as the default backend. You can remove this package |
---|
| 84 | # (along with the empty fail2ban meta-package) if you do not want to use the |
---|
| 85 | # journal backend |
---|
| 86 | [DEFAULT] |
---|
| 87 | backend=systemd |
---|
| 88 | EOF |
---|
| 89 | %else |
---|
| 90 | mkdir -p %{buildroot}%{_initddir} |
---|
| 91 | install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban |
---|
| 92 | %endif |
---|
| 93 | mkdir -p %{buildroot}%{_mandir}/man{1,5} |
---|
| 94 | install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 |
---|
| 95 | install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 |
---|
| 96 | mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d |
---|
| 97 | install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban |
---|
| 98 | install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ |
---|
| 99 | install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ |
---|
| 100 | |
---|
| 101 | rm -rf %{buildroot}%{_docdir}/fail2ban |
---|
| 102 | |
---|
| 103 | # Remove non-Linux actions |
---|
| 104 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf |
---|
| 105 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf |
---|
| 106 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf |
---|
| 107 | |
---|
| 108 | |
---|
| 109 | %if %{with tests} |
---|
| 110 | %check |
---|
| 111 | export LANG=ja_JP.UTF-8 |
---|
| 112 | %{__python3} bin/fail2ban-testcases --verbosity=2 --no-network |
---|
| 113 | %endif |
---|
| 114 | |
---|
[12469] | 115 | |
---|
[12425] | 116 | %clean |
---|
| 117 | rm -rf %{buildroot} |
---|
| 118 | |
---|
| 119 | |
---|
| 120 | %post |
---|
| 121 | %if %{with systemd} |
---|
| 122 | %systemd_post fail2ban.service |
---|
| 123 | %else |
---|
| 124 | /sbin/chkconfig --add %{name} |
---|
| 125 | %endif |
---|
| 126 | |
---|
| 127 | %preun |
---|
| 128 | %if %{with systemd} |
---|
| 129 | %systemd_preun fail2ban.service |
---|
| 130 | %else |
---|
| 131 | if [ $1 = 0 -o -x /bin/systemctl ]; then |
---|
| 132 | /sbin/service %{name} stop > /dev/null 2>&1 |
---|
| 133 | /sbin/chkconfig --del %{name} |
---|
| 134 | fi |
---|
| 135 | %endif |
---|
| 136 | |
---|
| 137 | %if %{with systemd} |
---|
| 138 | %postun |
---|
| 139 | %systemd_postun_with_restart fail2ban.service |
---|
| 140 | %endif |
---|
| 141 | |
---|
| 142 | |
---|
| 143 | %files |
---|
| 144 | %defattr(-,root,root,-) |
---|
| 145 | %license COPYING |
---|
| 146 | %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt |
---|
| 147 | #doc config/fail2ban.conf* |
---|
| 148 | %{_bindir}/fail2ban-python |
---|
| 149 | %{_bindir}/fail2ban-server |
---|
| 150 | %{_bindir}/fail2ban-client |
---|
| 151 | %{_bindir}/fail2ban-regex |
---|
| 152 | %{_bindir}/fail2ban-testcases |
---|
| 153 | #%{_datadir}/fail2ban |
---|
| 154 | %{python3_sitelib}/fail2ban* |
---|
| 155 | %{_mandir}/man1/*.1* |
---|
| 156 | %{_mandir}/man5/*.5* |
---|
| 157 | %dir %{_sysconfdir}/fail2ban |
---|
| 158 | %dir %{_sysconfdir}/fail2ban/action.d |
---|
| 159 | %dir %{_sysconfdir}/fail2ban/filter.d |
---|
| 160 | %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands |
---|
| 161 | %dir %{_sysconfdir}/fail2ban/jail.d |
---|
| 162 | %config(noreplace) %{_sysconfdir}/fail2ban/*.conf |
---|
| 163 | %config(noreplace) %{_sysconfdir}/fail2ban/action.d/* |
---|
| 164 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf |
---|
| 165 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/* |
---|
| 166 | %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban |
---|
| 167 | %dir %{_localstatedir}/lib/fail2ban/ |
---|
| 168 | %if %{with systemd} |
---|
| 169 | %{_unitdir}/* |
---|
| 170 | %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/* |
---|
| 171 | %config(noreplace) %{_tmpfilesdir}/fail2ban.conf |
---|
| 172 | %dir /run/%{name}/ |
---|
| 173 | %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid |
---|
| 174 | %else |
---|
| 175 | %{_initddir}/fail2ban |
---|
| 176 | %dir %{_localstatedir}/run/fail2ban/ |
---|
| 177 | %endif |
---|
| 178 | |
---|
| 179 | |
---|
| 180 | %changelog |
---|
[12469] | 181 | * Sat Aug 15 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-2 |
---|
| 182 | - rebuilt with python-3.8. |
---|
| 183 | |
---|
[12425] | 184 | * Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1 |
---|
| 185 | - new upstream release. |
---|
| 186 | - added systemd support (disabled as default). |
---|
| 187 | |
---|
| 188 | * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1 |
---|
| 189 | - new upstream release. |
---|
| 190 | - switched to python3. |
---|
| 191 | |
---|
| 192 | * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1 |
---|
| 193 | - new upstream release. |
---|
| 194 | |
---|
| 195 | * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1 |
---|
| 196 | - new upstream release. |
---|
| 197 | |
---|
| 198 | * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1 |
---|
| 199 | - new upstream release. |
---|
| 200 | |
---|
| 201 | * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1 |
---|
| 202 | - new upstream release. |
---|
| 203 | |
---|
| 204 | * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2 |
---|
| 205 | - initial build on Vine Linux. |
---|
| 206 | |
---|
| 207 | * Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1 |
---|
| 208 | - Update to 0.8.7.1 |
---|
| 209 | - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream |
---|
| 210 | - Rebase sshd and notmp patches |
---|
| 211 | - Use _initddir macro |
---|
| 212 | |
---|
| 213 | * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29 |
---|
| 214 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
---|
| 215 | |
---|
| 216 | * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28 |
---|
| 217 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
---|
| 218 | |
---|
| 219 | * Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27 |
---|
| 220 | - Move tmp files to /var/lib (suggested by Phil Anderson). |
---|
| 221 | - Enable inotify support (by Jonathan Underwood). |
---|
| 222 | - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584. |
---|
| 223 | |
---|
| 224 | * Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24 |
---|
| 225 | - Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to |
---|
| 226 | cloexec another fd leak. |
---|
| 227 | |
---|
| 228 | * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23 |
---|
| 229 | - update to 0.8.4. |
---|
| 230 | |
---|
| 231 | * Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22 |
---|
| 232 | - Update to a newer svn snapshot to fix python 2.6 issue. |
---|
| 233 | |
---|
| 234 | * Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21 |
---|
| 235 | - Log to syslog (RH bug #491983). Also deals with RH bug #515116. |
---|
| 236 | - Check inodes of log files (RH bug #503852). |
---|
| 237 | |
---|
| 238 | * Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18 |
---|
| 239 | - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466). |
---|
| 240 | |
---|
| 241 | * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17 |
---|
| 242 | - Rebuild for Python 2.6 |
---|
| 243 | |
---|
| 244 | * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16 |
---|
| 245 | - Update to 0.8.3. |
---|
| 246 | |
---|
| 247 | * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15 |
---|
| 248 | - fix license tag |
---|
| 249 | |
---|
| 250 | * Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14 |
---|
| 251 | - Close on exec fixes by Jonathan Underwood. |
---|
| 252 | |
---|
| 253 | * Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13 |
---|
| 254 | - Add %%{_localstatedir}/run/fail2ban (David Rees). |
---|
| 255 | |
---|
| 256 | * Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12 |
---|
| 257 | - Update to 0.8.2. |
---|
| 258 | |
---|
| 259 | * Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11 |
---|
| 260 | - Move socket file from /tmp to /var/run to prevent SElinux from stopping |
---|
| 261 | fail2ban from starting (BZ #429281) |
---|
| 262 | - Change logic in init file to start with -x to remove the socket file in case |
---|
| 263 | of unclean shutdown |
---|
| 264 | |
---|
| 265 | * Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10 |
---|
| 266 | - Update to 0.8.1. |
---|
| 267 | - Remove patch fixing CVE-2007-4321 (upstream). |
---|
| 268 | - Remove AllowUsers patch (upstream). |
---|
| 269 | - Add dependency to gamin-python. |
---|
| 270 | |
---|
| 271 | * Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9 |
---|
| 272 | - Fix remote log injection (no CVE assignment yet). |
---|
| 273 | |
---|
| 274 | * Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8 |
---|
| 275 | - Also trigger on non-AllowUsers failures (Jonathan Underwood |
---|
| 276 | <jonathan.underwood@gmail.com>). |
---|
| 277 | |
---|
| 278 | * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7 |
---|
| 279 | - logrotate should restart fail2ban (Zing <zing@fastmail.fm>). |
---|
| 280 | - send mail to root; logrotate (Jonathan Underwood |
---|
| 281 | <jonathan.underwood@gmail.com>) |
---|
| 282 | |
---|
| 283 | * Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4 |
---|
| 284 | - Update to 0.8.0. |
---|
| 285 | - enable ssh by default, fix log file for ssh scanning, adjust python |
---|
| 286 | dependency (Jonathan Underwood <jonathan.underwood@gmail.com>) |
---|
| 287 | |
---|
| 288 | * Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3 |
---|
| 289 | - Remove forgotten condrestart. |
---|
| 290 | |
---|
| 291 | * Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2 |
---|
| 292 | - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban. |
---|
| 293 | - Don't default chkconfig to enabled. |
---|
| 294 | - Add dependencies on service/chkconfig. |
---|
| 295 | - Use example iptables/ssh config as default config. |
---|
| 296 | |
---|
| 297 | * Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1 |
---|
| 298 | - Initial build. |
---|