%define oname denyhost Name: denyhosts Version: 3.1 Release: %mkrel 3 Summary: A script to help thwart ssh server attacks Group: Networking/Other License: GPLv2 URL: http://denyhost.sourceforge.net/ Source0: http://download.sourceforge.net/%{oname}/%{name}-%{version}.tar.gz Source1: denyhosts.cron Source3: denyhosts-allowed-hosts Source4: denyhosts.sysconfig Source5: denyhosts.logrotate Source6: README.fedora Source7: denyhosts.service Patch0: denyhosts-3.1-mga-config.patch BuildArch: noarch BuildRequires: pkgconfig(python) BuildRequires: systemd-units BuildRequires: python-ipaddr Requires: openssh-server Requires: rsyslog Requires(post): rpm-helper Requires(preun): rpm-helper %description DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack host, updates the /etc/hosts.deny file to prevent future break-in attempts from that host. Email reports can be sent to a system admin. %prep %setup -q -n %{name} %patch0 -p1 -b .config # This must be moved before the Python build process runs so that we # can include it as documentation. mv plugins/README.contrib . # And the permissions are off as well chmod +x plugins/* %build %py2_build %install %py2_install install -d %{buildroot}/%{_bindir} install -d %{buildroot}/%{_sysconfdir}/cron.d install -d %{buildroot}/%{_sysconfdir}/logrotate.d install -d %{buildroot}/%{_sysconfdir}/sysconfig install -d -m 700 %{buildroot}/%{_localstatedir}/lib/denyhosts install -d %{buildroot}/%{_localstatedir}/log install -p -m 600 denyhosts.conf %{buildroot}/%{_sysconfdir}/denyhosts.conf install -p -m 755 daemon-control-dist %{buildroot}/%{_bindir}/denyhosts-control install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/cron.d/denyhosts install -p -m 644 %{SOURCE3} %{buildroot}/%{_localstatedir}/lib/denyhosts/allowed-hosts install -p -m 644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/denyhosts install -p -m 644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/logrotate.d/denyhosts install -D -m 644 %{SOURCE7} %{buildroot}%{_unitdir}/%{name}.service # We don't want this because it serves no purpose on Mageia rm -f %{buildroot}/%{_bindir}/daemon-control-dist touch %{buildroot}/%{_localstatedir}/log/denyhosts for i in allowed-warned-hosts hosts hosts-restricted hosts-root \ hosts-valid offset suspicious-logins sync-hosts \ users-hosts users-invalid users-valid; do touch %{buildroot}/%{_localstatedir}/lib/denyhosts/$i done %preun %_preun_service %name %post # Note that we do not automaticaly run --migrate, because we can't be # sure that all of the hosts.deny entries were created by denyhosts %_post_service %name touch %{_logdir}/denyhosts touch %{_localstatedir}/lib/denyhosts/allowed-warned-hosts touch %{_localstatedir}/lib/denyhosts/hosts touch %{_localstatedir}/lib/denyhosts/hosts-restricted touch %{_localstatedir}/lib/denyhosts/hosts-root touch %{_localstatedir}/lib/denyhosts/hosts-valid touch %{_localstatedir}/lib/denyhosts/suspicious-logins touch %{_localstatedir}/lib/denyhosts/sync-hosts touch %{_localstatedir}/lib/denyhosts/users-hosts touch %{_localstatedir}/lib/denyhosts/users-invalid touch %{_localstatedir}/lib/denyhosts/users-valid %postun if [ $1 -ge 1 ] ; then systemctl restart %name.service >/dev/null 2>&1 fi %files %doc CHANGELOG.txt denyhosts.conf %doc README* %{_bindir}/denyhosts.py %{_bindir}/denyhosts-control %{py_puresitedir}/* %{_mandir}/man8/%{oname}* %config(noreplace) %{_sysconfdir}/denyhosts.conf %config(noreplace) %{_sysconfdir}/cron.d/denyhosts %config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts %config(noreplace) %{_sysconfdir}/sysconfig/denyhosts %config(noreplace) %{_localstatedir}/lib/denyhosts/allowed-hosts %ghost %{_logdir}/denyhosts %ghost %{_localstatedir}/lib/denyhosts/allowed-warned-hosts %ghost %{_localstatedir}/lib/denyhosts/hosts %ghost %{_localstatedir}/lib/denyhosts/hosts-restricted %ghost %{_localstatedir}/lib/denyhosts/hosts-root %ghost %{_localstatedir}/lib/denyhosts/hosts-valid %ghost %{_localstatedir}/lib/denyhosts/offset %ghost %{_localstatedir}/lib/denyhosts/suspicious-logins %ghost %{_localstatedir}/lib/denyhosts/sync-hosts %ghost %{_localstatedir}/lib/denyhosts/users-hosts %ghost %{_localstatedir}/lib/denyhosts/users-invalid %ghost %{_localstatedir}/lib/denyhosts/users-valid %dir %{_localstatedir}/lib/denyhosts %{_unitdir}/%{name}.service %changelog * Thu Sep 20 2018 umeabot <umeabot> 3.1-3.mga7 (not released yet) + Revision: 1277892 - Mageia 7 Mass Rebuild * Mon Oct 23 2017 solbu <solbu> 3.1-2.mga7 + Revision: 1173202 - Actually fix the .service file * Mon Oct 23 2017 solbu <solbu> 3.1-1.mga7 + Revision: 1173197 - If restarting, use systemctl - New version: 3.1 - Spec cleanup - Rediff Patch0 * Fri Feb 19 2016 umeabot <umeabot> 3.0-5.mga6 + Revision: 968787 - Mageia 6 Mass Rebuild * Fri Jul 17 2015 solbu <solbu> 3.0-4.mga6 + Revision: 854934 - Remove unnecessary prestart check. Systemd handles that. * Thu Jul 16 2015 solbu <solbu> 3.0-3.mga6 + Revision: 854591 - Create the pid file in the correct folder * Sat Jul 11 2015 solbu <solbu> 3.0-2.mga6 + Revision: 853302 - Don't create an emtpy offset file on install, it breaks denyhosts - Rediff Patch0. pidfile need to be in /var/run * Sat Jul 11 2015 solbu <solbu> 3.0-1.mga6 + Revision: 853286 - New version: 3.0 - Rediff Patch0 - Drop patches 1-12, merged upstream - New upstream URL and Source * Wed Oct 15 2014 umeabot <umeabot> 2.6-14.mga5 + Revision: 740327 - Second Mageia 5 Mass Rebuild * Sat Sep 27 2014 tv <tv> 2.6-13.mga5 + Revision: 726084 - rebuild for missing pythoneggs deps * Tue Sep 16 2014 umeabot <umeabot> 2.6-12.mga5 + Revision: 678712 - Mageia 5 Mass Rebuild * Sat May 31 2014 pterjan <pterjan> 2.6-11.mga5 + Revision: 628156 - Rebuild for new Python * Fri Jan 24 2014 solbu <solbu> 2.6-10.mga4 + Revision: 568033 - Update P12. Fix regression error * Thu Jan 23 2014 solbu <solbu> 2.6-9.mga4 + Revision: 567548 - Rediff and actually implement Patch12 * Mon Dec 23 2013 solbu <solbu> 2.6-8.mga4 + Revision: 560115 - P12: security fix for CVE-2013-6890 (debian) * Tue Oct 22 2013 umeabot <umeabot> 2.6-7.mga4 + Revision: 542556 - Mageia 4 Mass Rebuild * Mon Oct 14 2013 pterjan <pterjan> 2.6-6.mga4 + Revision: 497689 - Rebuild to add different pythonegg provides for python 2 and 3 * Fri Jul 12 2013 solbu <solbu> 2.6-5.mga4 + Revision: 453489 - Move to systemd - Add fedora patch, missing hostname variable - Fix Requires * Fri Jan 11 2013 umeabot <umeabot> 2.6-4.mga3 + Revision: 348723 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Tue Jul 17 2012 solbu <solbu> 2.6-3.mga3 + Revision: 271706 - Imported Mandriva package - Rename patches, according to policy - Spec cleanup * Fri Nov 12 2010 Bogdano Arendartchuk <bogdano@mandriva.com> 2.6-2mdv2011.0 + Revision: 596962 - removed unnecessary protection for .py[co] files * Tue Jan 06 2009 Funda Wang <fwang@mandriva.org> 2.6-2mdv2009.1 + Revision: 325275 - rediff daemon control patch * Sat Nov 08 2008 Gaëtan Lehmann <glehmann@mandriva.org> 2.6-1mdv2009.1 + Revision: 301169 - import denyhosts * Sat Nov 8 2008 Gatan Lehmann <glehmann@mandriva.org> 2.6-1mdv2009.0 - import package from fedora