Sophie

Sophie

distrib > Fedora > 13 > i386 > media > updates-src > by-pkgid > 3acb250cd1bd208aab874a32875ef22d > files > 2

pam_shield-0.9.5-8.fc13.src.rpm

Name:		pam_shield
Version:	0.9.5
Release:	8%{?dist}
Summary:	Pam Shield - A pam module to counter brute force attacks

Group:		System Environment/Libraries
License:	GPLv2
URL:		http://www.heiho.net/pam_shield/index.html
Source0:	http://www.heiho.net/pam_shield/pam_shield-0.9.5.tar.gz
Source1:	shield-trigger.8.gz
Source2:	shield-purge.8.gz
Source3:	shield-trigger-iptables.8.gz
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires:	pam-devel, gdbm-devel
Patch0:		shield_purge_segfault.patch
Patch1:		shield-trigger-iptables.patch

%description
This is a pam module that supports brute force blocking against pam
authentication mechanisms.

%prep
%setup -q -n pam_shield-%{version}
%patch0 -p0 -b .shield_purge_segfault
%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
sed -i -e 's/block unknown-users/block all-users/' shield.conf
#reduce connections before block from 10 to 3
sed -i -e 's/max_conns 10/max_conns 3/' shield.conf
#reduce retention time from 1 week to 1 hour
sed -i -e 's/retention 1w/retention 1h/' shield.conf
#change the default behavior from shield-trigger to shield-trigger-iptables
#this uses iptables instead of route to block brute force attack
sed -i -e 's/shield\-trigger/shield-trigger-iptables/' shield.conf

%build
#software required -fPIC flag to build
make CFLAGS="%{optflags} -fPIC"

%check

%install
rm -rf %{buildroot}
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/security
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/cron.daily
mkdir -p -m 755 %{buildroot}%{_sbindir}
mkdir -p -m 755 %{buildroot}/%{_lib}/security
mkdir -p -m 755 %{buildroot}%{_defaultdocdir}/pam_shield-%{version}
mkdir -p -m 755 %{buildroot}%{_mandir}/man8
install -m 755 pam_shield.so %{buildroot}/%{_lib}/security/
install -m 755 -T pam_shield.cron %{buildroot}%{_sysconfdir}/cron.daily/pam_shield
install -m 755 shield-trigger %{buildroot}%{_sbindir}/
install -m 755 shield-trigger-iptables %{buildroot}%{_sbindir}/
install -m 755 shield-purge %{buildroot}%{_sbindir}/
install -m 644 shield.conf %{buildroot}%{_sysconfdir}/security/
mkdir -p -m 700 %{buildroot}/var/lib/pam_shield
mkdir -p -m 755 %{buildroot}%{_defaultdocdir}/pam_shield-%{version}
install -m 644 INSTALL %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
install -m 644 README %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
install -m 644 GPL %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/LICENSE
install -m 644 CREDITS %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
install -m 644 Changelog %{buildroot}%{_defaultdocdir}/pam_shield-%{version}/
install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root)
/%{_lib}/security/pam_shield.so
%dir %{_defaultdocdir}/pam_shield-%{version}/
%doc %{_defaultdocdir}/pam_shield-%{version}/INSTALL
%doc %{_defaultdocdir}/pam_shield-%{version}/README
%doc %{_defaultdocdir}/pam_shield-%{version}/LICENSE
%doc %{_defaultdocdir}/pam_shield-%{version}/CREDITS
%doc %{_defaultdocdir}/pam_shield-%{version}/Changelog
%doc %{_mandir}/man8/shield-trigger.8.gz
%doc %{_mandir}/man8/shield-purge.8.gz
%doc %{_mandir}/man8/shield-trigger-iptables.8.gz
%config(noreplace) %{_sysconfdir}/security/shield.conf
%dir /var/lib/pam_shield
%{_sysconfdir}/cron.daily/pam_shield
%{_sbindir}/shield-trigger
%{_sbindir}/shield-purge
%{_sbindir}/shield-trigger-iptables

%changelog
* Sat Apr 30 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-8
- patches shield-trigger-iptables to insert rules instead of add
- and added checks for chain existance and creation if necessary
- before adding rules to iptables/ip6tables and dropped the
- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-6
- fixed the permissions duplications
- changed permissions on /var/lib/pam_shield to 755
- changed permissions on pam_shield.so to 755
- removed -s flag from install command to preserve
- debuginfo data
* Fri Apr 8 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-5
- fixed issues with my implementation of %%{optflags}
- this in turn fixed the empty -debug package
* Thu Apr 7 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-4
- fixed a typo in previous release in %%build section
* Thu Apr 7 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-3
- updated %%build section with %%{optflags}
* Mon Mar 28 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-2
- included shield-trigger-iptables
- changed default blocking method from route to iptables
- modified default retention policy from 1 week to 1 hour
- added man page for shield-trigger-iptables
- fixed typos in man page for shield-purge
* Sat Mar 26 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-1
- Initial package

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional