1 | %bcond_with systemd |
---|
2 | %bcond_with tests |
---|
3 | |
---|
4 | %global py2to3 /usr/bin/2to3-3.5 |
---|
5 | |
---|
6 | Summary: Ban IPs that make too many password failures |
---|
7 | Name: fail2ban |
---|
8 | Version: 0.11.1 |
---|
9 | Release: 1%{?_dist_release}%{?with_systemd:.systemd} |
---|
10 | Group: System Environment/Daemons |
---|
11 | Vendor: Project Vine |
---|
12 | Distribution: Vine Linux |
---|
13 | |
---|
14 | License: GPLv2+ |
---|
15 | URL: https://github.com/fail2ban/fail2ban |
---|
16 | Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz |
---|
17 | Source1: fail2ban-logrotate |
---|
18 | |
---|
19 | # Fix nginx-block-map |
---|
20 | Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch |
---|
21 | # testIPAddr_CompareDNS: add missing network constraint |
---|
22 | Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch |
---|
23 | # Fix test thread stack size on aarch64 |
---|
24 | Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch |
---|
25 | # Fix handling of journal in tests |
---|
26 | Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch |
---|
27 | # Fix test install |
---|
28 | Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch |
---|
29 | # Patch for Python 3.9 |
---|
30 | # https://bugzilla.redhat.com/show_bug.cgi?id=1808347 |
---|
31 | #Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch |
---|
32 | #Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch |
---|
33 | |
---|
34 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
35 | BuildRequires: python3-devel |
---|
36 | BuildRequires: python3-rpm-macros |
---|
37 | BuildRequires: python3-setuptools |
---|
38 | BuildArch: noarch |
---|
39 | Requires: iptables, tcp_wrappers |
---|
40 | Requires: python3-inotify |
---|
41 | %if %{with systemd} |
---|
42 | %{?systemd_requires} |
---|
43 | %else |
---|
44 | Requires: initscripts |
---|
45 | Requires(post): /sbin/chkconfig |
---|
46 | Requires(preun): /sbin/chkconfig |
---|
47 | Requires(preun): /sbin/service |
---|
48 | %endif |
---|
49 | |
---|
50 | %description |
---|
51 | Fail2ban scans log files like /var/log/pwdfail or |
---|
52 | /var/log/apache/error_log and bans IP that makes too many password |
---|
53 | failures. It updates firewall rules to reject the IP address. |
---|
54 | |
---|
55 | |
---|
56 | %prep |
---|
57 | %setup -q |
---|
58 | %autosetup -p1 |
---|
59 | |
---|
60 | %{py2to3} --write --nobackups . |
---|
61 | find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} + |
---|
62 | |
---|
63 | |
---|
64 | %build |
---|
65 | %{py3_build} |
---|
66 | |
---|
67 | |
---|
68 | %install |
---|
69 | rm -rf %{buildroot} |
---|
70 | %{py3_install} |
---|
71 | |
---|
72 | %if %{with systemd} |
---|
73 | mkdir -p %{buildroot}%{_unitdir} |
---|
74 | install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/ |
---|
75 | mkdir -p %{buildroot}%{_tmpfilesdir} |
---|
76 | install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf |
---|
77 | install -d -m 0755 %{buildroot}/run/fail2ban/ |
---|
78 | install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid |
---|
79 | # systemd journal configuration |
---|
80 | cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF |
---|
81 | # This file is part of the fail2ban-systemd package to configure the use of |
---|
82 | # the systemd journal as the default backend. You can remove this package |
---|
83 | # (along with the empty fail2ban meta-package) if you do not want to use the |
---|
84 | # journal backend |
---|
85 | [DEFAULT] |
---|
86 | backend=systemd |
---|
87 | EOF |
---|
88 | %else |
---|
89 | mkdir -p %{buildroot}%{_initddir} |
---|
90 | install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban |
---|
91 | %endif |
---|
92 | mkdir -p %{buildroot}%{_mandir}/man{1,5} |
---|
93 | install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 |
---|
94 | install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 |
---|
95 | mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d |
---|
96 | install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban |
---|
97 | install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ |
---|
98 | install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ |
---|
99 | |
---|
100 | rm -rf %{buildroot}%{_docdir}/fail2ban |
---|
101 | |
---|
102 | # Remove non-Linux actions |
---|
103 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf |
---|
104 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf |
---|
105 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf |
---|
106 | |
---|
107 | |
---|
108 | %if %{with tests} |
---|
109 | %check |
---|
110 | export LANG=ja_JP.UTF-8 |
---|
111 | %{__python3} bin/fail2ban-testcases --verbosity=2 --no-network |
---|
112 | %endif |
---|
113 | |
---|
114 | %clean |
---|
115 | rm -rf %{buildroot} |
---|
116 | |
---|
117 | |
---|
118 | %post |
---|
119 | %if %{with systemd} |
---|
120 | %systemd_post fail2ban.service |
---|
121 | %else |
---|
122 | /sbin/chkconfig --add %{name} |
---|
123 | %endif |
---|
124 | |
---|
125 | %preun |
---|
126 | %if %{with systemd} |
---|
127 | %systemd_preun fail2ban.service |
---|
128 | %else |
---|
129 | if [ $1 = 0 -o -x /bin/systemctl ]; then |
---|
130 | /sbin/service %{name} stop > /dev/null 2>&1 |
---|
131 | /sbin/chkconfig --del %{name} |
---|
132 | fi |
---|
133 | %endif |
---|
134 | |
---|
135 | %if %{with systemd} |
---|
136 | %postun |
---|
137 | %systemd_postun_with_restart fail2ban.service |
---|
138 | %endif |
---|
139 | |
---|
140 | |
---|
141 | %files |
---|
142 | %defattr(-,root,root,-) |
---|
143 | %license COPYING |
---|
144 | %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt |
---|
145 | #doc config/fail2ban.conf* |
---|
146 | %{_bindir}/fail2ban-python |
---|
147 | %{_bindir}/fail2ban-server |
---|
148 | %{_bindir}/fail2ban-client |
---|
149 | %{_bindir}/fail2ban-regex |
---|
150 | %{_bindir}/fail2ban-testcases |
---|
151 | #%{_datadir}/fail2ban |
---|
152 | %{python3_sitelib}/fail2ban* |
---|
153 | %{_mandir}/man1/*.1* |
---|
154 | %{_mandir}/man5/*.5* |
---|
155 | %dir %{_sysconfdir}/fail2ban |
---|
156 | %dir %{_sysconfdir}/fail2ban/action.d |
---|
157 | %dir %{_sysconfdir}/fail2ban/filter.d |
---|
158 | %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands |
---|
159 | %dir %{_sysconfdir}/fail2ban/jail.d |
---|
160 | %config(noreplace) %{_sysconfdir}/fail2ban/*.conf |
---|
161 | %config(noreplace) %{_sysconfdir}/fail2ban/action.d/* |
---|
162 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf |
---|
163 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/* |
---|
164 | %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban |
---|
165 | %dir %{_localstatedir}/lib/fail2ban/ |
---|
166 | %if %{with systemd} |
---|
167 | %{_unitdir}/* |
---|
168 | %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/* |
---|
169 | %config(noreplace) %{_tmpfilesdir}/fail2ban.conf |
---|
170 | %dir /run/%{name}/ |
---|
171 | %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid |
---|
172 | %else |
---|
173 | %{_initddir}/fail2ban |
---|
174 | %dir %{_localstatedir}/run/fail2ban/ |
---|
175 | %endif |
---|
176 | |
---|
177 | |
---|
178 | %changelog |
---|
179 | * Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1 |
---|
180 | - new upstream release. |
---|
181 | - added systemd support (disabled as default). |
---|
182 | |
---|
183 | * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1 |
---|
184 | - new upstream release. |
---|
185 | - switched to python3. |
---|
186 | |
---|
187 | * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1 |
---|
188 | - new upstream release. |
---|
189 | |
---|
190 | * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1 |
---|
191 | - new upstream release. |
---|
192 | |
---|
193 | * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1 |
---|
194 | - new upstream release. |
---|
195 | |
---|
196 | * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1 |
---|
197 | - new upstream release. |
---|
198 | |
---|
199 | * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2 |
---|
200 | - initial build on Vine Linux. |
---|
201 | |
---|
202 | * Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1 |
---|
203 | - Update to 0.8.7.1 |
---|
204 | - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream |
---|
205 | - Rebase sshd and notmp patches |
---|
206 | - Use _initddir macro |
---|
207 | |
---|
208 | * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29 |
---|
209 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
---|
210 | |
---|
211 | * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28 |
---|
212 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
---|
213 | |
---|
214 | * Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27 |
---|
215 | - Move tmp files to /var/lib (suggested by Phil Anderson). |
---|
216 | - Enable inotify support (by Jonathan Underwood). |
---|
217 | - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584. |
---|
218 | |
---|
219 | * Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24 |
---|
220 | - Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to |
---|
221 | cloexec another fd leak. |
---|
222 | |
---|
223 | * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23 |
---|
224 | - update to 0.8.4. |
---|
225 | |
---|
226 | * Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22 |
---|
227 | - Update to a newer svn snapshot to fix python 2.6 issue. |
---|
228 | |
---|
229 | * Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21 |
---|
230 | - Log to syslog (RH bug #491983). Also deals with RH bug #515116. |
---|
231 | - Check inodes of log files (RH bug #503852). |
---|
232 | |
---|
233 | * Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18 |
---|
234 | - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466). |
---|
235 | |
---|
236 | * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17 |
---|
237 | - Rebuild for Python 2.6 |
---|
238 | |
---|
239 | * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16 |
---|
240 | - Update to 0.8.3. |
---|
241 | |
---|
242 | * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15 |
---|
243 | - fix license tag |
---|
244 | |
---|
245 | * Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14 |
---|
246 | - Close on exec fixes by Jonathan Underwood. |
---|
247 | |
---|
248 | * Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13 |
---|
249 | - Add %%{_localstatedir}/run/fail2ban (David Rees). |
---|
250 | |
---|
251 | * Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12 |
---|
252 | - Update to 0.8.2. |
---|
253 | |
---|
254 | * Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11 |
---|
255 | - Move socket file from /tmp to /var/run to prevent SElinux from stopping |
---|
256 | fail2ban from starting (BZ #429281) |
---|
257 | - Change logic in init file to start with -x to remove the socket file in case |
---|
258 | of unclean shutdown |
---|
259 | |
---|
260 | * Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10 |
---|
261 | - Update to 0.8.1. |
---|
262 | - Remove patch fixing CVE-2007-4321 (upstream). |
---|
263 | - Remove AllowUsers patch (upstream). |
---|
264 | - Add dependency to gamin-python. |
---|
265 | |
---|
266 | * Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9 |
---|
267 | - Fix remote log injection (no CVE assignment yet). |
---|
268 | |
---|
269 | * Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8 |
---|
270 | - Also trigger on non-AllowUsers failures (Jonathan Underwood |
---|
271 | <jonathan.underwood@gmail.com>). |
---|
272 | |
---|
273 | * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7 |
---|
274 | - logrotate should restart fail2ban (Zing <zing@fastmail.fm>). |
---|
275 | - send mail to root; logrotate (Jonathan Underwood |
---|
276 | <jonathan.underwood@gmail.com>) |
---|
277 | |
---|
278 | * Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4 |
---|
279 | - Update to 0.8.0. |
---|
280 | - enable ssh by default, fix log file for ssh scanning, adjust python |
---|
281 | dependency (Jonathan Underwood <jonathan.underwood@gmail.com>) |
---|
282 | |
---|
283 | * Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3 |
---|
284 | - Remove forgotten condrestart. |
---|
285 | |
---|
286 | * Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2 |
---|
287 | - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban. |
---|
288 | - Don't default chkconfig to enabled. |
---|
289 | - Add dependencies on service/chkconfig. |
---|
290 | - Use example iptables/ssh config as default config. |
---|
291 | |
---|
292 | * Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1 |
---|
293 | - Initial build. |
---|