1 | %bcond_with systemd |
---|
2 | %bcond_with tests |
---|
3 | |
---|
4 | %global py2to3 /usr/bin/2to3-3.8 |
---|
5 | |
---|
6 | Summary: Ban IPs that make too many password failures |
---|
7 | Name: fail2ban |
---|
8 | Version: 0.11.1 |
---|
9 | Release: 2%{?_dist_release}%{?with_systemd:.systemd} |
---|
10 | Group: system |
---|
11 | Vendor: Project Vine |
---|
12 | Distribution: Vine Linux |
---|
13 | |
---|
14 | License: GPLv2+ |
---|
15 | URL: https://github.com/fail2ban/fail2ban |
---|
16 | Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz |
---|
17 | Source1: fail2ban-logrotate |
---|
18 | |
---|
19 | # Fix nginx-block-map |
---|
20 | Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch |
---|
21 | # testIPAddr_CompareDNS: add missing network constraint |
---|
22 | Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch |
---|
23 | # Fix test thread stack size on aarch64 |
---|
24 | Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch |
---|
25 | # Fix handling of journal in tests |
---|
26 | Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch |
---|
27 | # Fix test install |
---|
28 | Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch |
---|
29 | # Patch for Python 3.9 |
---|
30 | # https://bugzilla.redhat.com/show_bug.cgi?id=1808347 |
---|
31 | #Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch |
---|
32 | #Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch |
---|
33 | |
---|
34 | BuildArch: noarch |
---|
35 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root |
---|
36 | BuildRequires: python3-devel |
---|
37 | BuildRequires: python3-rpm-macros |
---|
38 | BuildRequires: python3-setuptools |
---|
39 | Requires: iptables, ipset |
---|
40 | #Requires: tcp_wrappers |
---|
41 | Requires: python3-inotify |
---|
42 | %if %{with systemd} |
---|
43 | %{?systemd_requires} |
---|
44 | %else |
---|
45 | Requires: initscripts |
---|
46 | Requires(post): /sbin/chkconfig |
---|
47 | Requires(preun): /sbin/chkconfig |
---|
48 | Requires(preun): /sbin/service |
---|
49 | %endif |
---|
50 | |
---|
51 | %description |
---|
52 | Fail2ban scans log files like /var/log/pwdfail or |
---|
53 | /var/log/apache/error_log and bans IP that makes too many password |
---|
54 | failures. It updates firewall rules to reject the IP address. |
---|
55 | |
---|
56 | |
---|
57 | %prep |
---|
58 | %setup -q |
---|
59 | %autosetup -p1 |
---|
60 | |
---|
61 | %{py2to3} --write --nobackups . |
---|
62 | find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} + |
---|
63 | |
---|
64 | |
---|
65 | %build |
---|
66 | %{py3_build} |
---|
67 | |
---|
68 | |
---|
69 | %install |
---|
70 | rm -rf %{buildroot} |
---|
71 | %{py3_install} |
---|
72 | |
---|
73 | %if %{with systemd} |
---|
74 | mkdir -p %{buildroot}%{_unitdir} |
---|
75 | install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/ |
---|
76 | mkdir -p %{buildroot}%{_tmpfilesdir} |
---|
77 | install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf |
---|
78 | install -d -m 0755 %{buildroot}/run/fail2ban/ |
---|
79 | install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid |
---|
80 | # systemd journal configuration |
---|
81 | cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF |
---|
82 | # This file is part of the fail2ban-systemd package to configure the use of |
---|
83 | # the systemd journal as the default backend. You can remove this package |
---|
84 | # (along with the empty fail2ban meta-package) if you do not want to use the |
---|
85 | # journal backend |
---|
86 | [DEFAULT] |
---|
87 | backend=systemd |
---|
88 | EOF |
---|
89 | %else |
---|
90 | mkdir -p %{buildroot}%{_initddir} |
---|
91 | install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban |
---|
92 | %endif |
---|
93 | mkdir -p %{buildroot}%{_mandir}/man{1,5} |
---|
94 | install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 |
---|
95 | install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 |
---|
96 | mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d |
---|
97 | install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban |
---|
98 | install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ |
---|
99 | install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ |
---|
100 | |
---|
101 | rm -rf %{buildroot}%{_docdir}/fail2ban |
---|
102 | |
---|
103 | # Remove non-Linux actions |
---|
104 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf |
---|
105 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf |
---|
106 | rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf |
---|
107 | |
---|
108 | |
---|
109 | %if %{with tests} |
---|
110 | %check |
---|
111 | export LANG=ja_JP.UTF-8 |
---|
112 | %{__python3} bin/fail2ban-testcases --verbosity=2 --no-network |
---|
113 | %endif |
---|
114 | |
---|
115 | |
---|
116 | %clean |
---|
117 | rm -rf %{buildroot} |
---|
118 | |
---|
119 | |
---|
120 | %post |
---|
121 | %if %{with systemd} |
---|
122 | %systemd_post fail2ban.service |
---|
123 | %else |
---|
124 | /sbin/chkconfig --add %{name} |
---|
125 | %endif |
---|
126 | |
---|
127 | %preun |
---|
128 | %if %{with systemd} |
---|
129 | %systemd_preun fail2ban.service |
---|
130 | %else |
---|
131 | if [ $1 = 0 -o -x /bin/systemctl ]; then |
---|
132 | /sbin/service %{name} stop > /dev/null 2>&1 |
---|
133 | /sbin/chkconfig --del %{name} |
---|
134 | fi |
---|
135 | %endif |
---|
136 | |
---|
137 | %if %{with systemd} |
---|
138 | %postun |
---|
139 | %systemd_postun_with_restart fail2ban.service |
---|
140 | %endif |
---|
141 | |
---|
142 | |
---|
143 | %files |
---|
144 | %defattr(-,root,root,-) |
---|
145 | %license COPYING |
---|
146 | %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt |
---|
147 | #doc config/fail2ban.conf* |
---|
148 | %{_bindir}/fail2ban-python |
---|
149 | %{_bindir}/fail2ban-server |
---|
150 | %{_bindir}/fail2ban-client |
---|
151 | %{_bindir}/fail2ban-regex |
---|
152 | %{_bindir}/fail2ban-testcases |
---|
153 | #%{_datadir}/fail2ban |
---|
154 | %{python3_sitelib}/fail2ban* |
---|
155 | %{_mandir}/man1/*.1* |
---|
156 | %{_mandir}/man5/*.5* |
---|
157 | %dir %{_sysconfdir}/fail2ban |
---|
158 | %dir %{_sysconfdir}/fail2ban/action.d |
---|
159 | %dir %{_sysconfdir}/fail2ban/filter.d |
---|
160 | %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands |
---|
161 | %dir %{_sysconfdir}/fail2ban/jail.d |
---|
162 | %config(noreplace) %{_sysconfdir}/fail2ban/*.conf |
---|
163 | %config(noreplace) %{_sysconfdir}/fail2ban/action.d/* |
---|
164 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf |
---|
165 | %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/* |
---|
166 | %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban |
---|
167 | %dir %{_localstatedir}/lib/fail2ban/ |
---|
168 | %if %{with systemd} |
---|
169 | %{_unitdir}/* |
---|
170 | %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/* |
---|
171 | %config(noreplace) %{_tmpfilesdir}/fail2ban.conf |
---|
172 | %dir /run/%{name}/ |
---|
173 | %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid |
---|
174 | %else |
---|
175 | %{_initddir}/fail2ban |
---|
176 | %dir %{_localstatedir}/run/fail2ban/ |
---|
177 | %endif |
---|
178 | |
---|
179 | |
---|
180 | %changelog |
---|
181 | * Sat Aug 15 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-2 |
---|
182 | - rebuilt with python-3.8. |
---|
183 | |
---|
184 | * Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1 |
---|
185 | - new upstream release. |
---|
186 | - added systemd support (disabled as default). |
---|
187 | |
---|
188 | * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1 |
---|
189 | - new upstream release. |
---|
190 | - switched to python3. |
---|
191 | |
---|
192 | * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1 |
---|
193 | - new upstream release. |
---|
194 | |
---|
195 | * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1 |
---|
196 | - new upstream release. |
---|
197 | |
---|
198 | * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1 |
---|
199 | - new upstream release. |
---|
200 | |
---|
201 | * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1 |
---|
202 | - new upstream release. |
---|
203 | |
---|
204 | * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2 |
---|
205 | - initial build on Vine Linux. |
---|
206 | |
---|
207 | * Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1 |
---|
208 | - Update to 0.8.7.1 |
---|
209 | - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream |
---|
210 | - Rebase sshd and notmp patches |
---|
211 | - Use _initddir macro |
---|
212 | |
---|
213 | * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29 |
---|
214 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
---|
215 | |
---|
216 | * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28 |
---|
217 | - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
---|
218 | |
---|
219 | * Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27 |
---|
220 | - Move tmp files to /var/lib (suggested by Phil Anderson). |
---|
221 | - Enable inotify support (by Jonathan Underwood). |
---|
222 | - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584. |
---|
223 | |
---|
224 | * Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24 |
---|
225 | - Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to |
---|
226 | cloexec another fd leak. |
---|
227 | |
---|
228 | * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23 |
---|
229 | - update to 0.8.4. |
---|
230 | |
---|
231 | * Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22 |
---|
232 | - Update to a newer svn snapshot to fix python 2.6 issue. |
---|
233 | |
---|
234 | * Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21 |
---|
235 | - Log to syslog (RH bug #491983). Also deals with RH bug #515116. |
---|
236 | - Check inodes of log files (RH bug #503852). |
---|
237 | |
---|
238 | * Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18 |
---|
239 | - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466). |
---|
240 | |
---|
241 | * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17 |
---|
242 | - Rebuild for Python 2.6 |
---|
243 | |
---|
244 | * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16 |
---|
245 | - Update to 0.8.3. |
---|
246 | |
---|
247 | * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15 |
---|
248 | - fix license tag |
---|
249 | |
---|
250 | * Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14 |
---|
251 | - Close on exec fixes by Jonathan Underwood. |
---|
252 | |
---|
253 | * Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13 |
---|
254 | - Add %%{_localstatedir}/run/fail2ban (David Rees). |
---|
255 | |
---|
256 | * Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12 |
---|
257 | - Update to 0.8.2. |
---|
258 | |
---|
259 | * Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11 |
---|
260 | - Move socket file from /tmp to /var/run to prevent SElinux from stopping |
---|
261 | fail2ban from starting (BZ #429281) |
---|
262 | - Change logic in init file to start with -x to remove the socket file in case |
---|
263 | of unclean shutdown |
---|
264 | |
---|
265 | * Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10 |
---|
266 | - Update to 0.8.1. |
---|
267 | - Remove patch fixing CVE-2007-4321 (upstream). |
---|
268 | - Remove AllowUsers patch (upstream). |
---|
269 | - Add dependency to gamin-python. |
---|
270 | |
---|
271 | * Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9 |
---|
272 | - Fix remote log injection (no CVE assignment yet). |
---|
273 | |
---|
274 | * Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8 |
---|
275 | - Also trigger on non-AllowUsers failures (Jonathan Underwood |
---|
276 | <jonathan.underwood@gmail.com>). |
---|
277 | |
---|
278 | * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7 |
---|
279 | - logrotate should restart fail2ban (Zing <zing@fastmail.fm>). |
---|
280 | - send mail to root; logrotate (Jonathan Underwood |
---|
281 | <jonathan.underwood@gmail.com>) |
---|
282 | |
---|
283 | * Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4 |
---|
284 | - Update to 0.8.0. |
---|
285 | - enable ssh by default, fix log file for ssh scanning, adjust python |
---|
286 | dependency (Jonathan Underwood <jonathan.underwood@gmail.com>) |
---|
287 | |
---|
288 | * Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3 |
---|
289 | - Remove forgotten condrestart. |
---|
290 | |
---|
291 | * Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2 |
---|
292 | - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban. |
---|
293 | - Don't default chkconfig to enabled. |
---|
294 | - Add dependencies on service/chkconfig. |
---|
295 | - Use example iptables/ssh config as default config. |
---|
296 | |
---|
297 | * Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1 |
---|
298 | - Initial build. |
---|