Sophie

Sophie

sources > fail2ban > fail2ban.spec > 16cb5b4c6b2b36f5328d16affc87329f
Prev Next 
%define python %{__python3}

# spec file based on and patches graciously taken from tpg@mandriva
Summary:	Ban IP-addresses that result in too many password failures
Name:		fail2ban
Version:	1.0.2
#%%define subrel 1
Release:	%mkrel 1
License:	GPLv2+
Group:		System/Networking
URL:		http://www.fail2ban.org/
Source0:	https://github.com/fail2ban/fail2ban/archive/%{version}/%{name}-%{version}.tar.gz
Source2:	%{name}.service
Source3:	%{name}.tmpfiles.conf
#squidf: to cope with MGA environment specificities
Source4:    paths-mageia.conf
Source5:    jail.local.example
# Give up being PartOf iptables and ipset for now
# https://bugzilla.redhat.com/show_bug.cgi?id=1379141
# https://bugzilla.redhat.com/show_bug.cgi?id=1573185
#squidf: MGA does not use firewalld, like RedHat. Conflict fixed by removing firewalld instead.
Patch0:     fail2ban-partof.patch
#squidf: Mageia patches
Patch10:	generate-man.patch
#squidf: richer filter for nginx
Patch20:    fail2ban-1.0.1-enriched-nginx-botsearch.patch
#squidf: no need to inform back the attacker about the failed request
Patch21:    fail2ban-1.0.1-no-attacker-feedback-shorewall.patch
#squidf: server ip address can appear clearly on abuseipd website, in some cases
Patch22:    fail2ban-1.0.1-too-much-info-abuseipd.patch

BuildArch:	noarch
BuildRequires:	pkgconfig(python3)
BuildRequires:	pkgconfig(gamin)
BuildRequires:	pkgconfig(sqlite3)
BuildRequires:	systemd-units
BuildRequires:	python3
BuildRequires:	python3dist(dnspython)
BuildRequires:	python3dist(pyinotify)
BuildRequires:	python3dist(ipdns)
BuildRequires:	python3dist(coverage)
BuildRequires:	python3-systemd
BuildRequires:	help2man

Requires:	python3
Requires:	tcp_wrappers	>= 7.6-29
Requires:	iptables	>= 1.3.5-3
Requires:	python3-systemd
Requires:       sqlite3-tools
Requires(post):	systemd >= %{systemd_required_version}
Requires(post):	rpm-helper >= 0.24.8-1
Requires(preun):rpm-helper >= 0.24.8-1
Requires(post):	systemd-units
Requires(preun):systemd-units
#(eatdirt):
#this guys does not exist and triggers that bug: https://github.com/fail2ban/fail2ban/issues/885
Recommends:	python3-gamin
#let's add this guy as a backup:
Recommends:     python3-pyinotify
Recommends:	python3-dnspython
Recommends:     whois


%description
Fail2Ban scans log files like /var/log/secure and bans IP-addresses that have
too many password failures within a specified time frame. It updates firewall
rules to reject these IP addresses. The rules needed for this can be defined by
the user. Fail2Ban can read multiple log files including sshd and Apache web
server logs.

%prep
%autosetup -p1

#squidf: specific Mageia log paths
sed -i 's|paths-debian.conf|paths-mageia.conf|g' ./config/jail.conf

%build
./fail2ban-2to3
# (tv) fix build:
%define py3_shbang_opts %{nil}
%py3_build

%install
%py3_install

#squidf: add local configuration files
install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/%{name}

install -d %{buildroot}%{_mandir}/man1
install man/*.1 %{buildroot}%{_mandir}/man1/
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}/%{name}.conf

install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/

# Remove non-Linux actions
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf

cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
# This file is part of the fail2ban-systemd package to configure the use of
# the systemd journal as the default backend.  You can remove this package
# (along with the empty fail2ban meta-package) if you do not want to use the
# journal backend
# As Apache, Nginx.. have their own log files
# you need to change the backend in such case
# while you activate the filter in a separate .local file
# See example in 01-nginx.local
[DEFAULT]
backend=systemd
EOF

cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/01-ssh.local <<EOF
# Exemple to activate the ssh filter 
#  - ban for 1 hour and send email, if a mail agent is installed
# systemd backend is used unless you install the rsyslog package
# Uncomment all lines above to apply
#[sshd]
#enabled = true  
#filter = sshd
#bantime = 1h
#action = %%(action_mwl)s
EOF

cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/01-nginx.local <<EOF
# Apache, Nginx.. have their own log files
# you need to change the backend in such case
# Example of nginx-botsearch activation
# Uncomment all lines above to apply
#[nginx-botsearch]
#enabled = true
#filter   = nginx-botsearch
#backend = polling
#journalmatch =
#action = %%(action_mwl)s
EOF

# Remove installed doc, use doc macro instead
rm -r %{buildroot}%{_docdir}/%{name}

%post
%_tmpfilescreate %{name}
%_post_service %{name}

%preun
%_preun_service %{name}

%files
%doc ChangeLog README.md TODO DEVELOP FILTERS
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%{_bindir}/%{name}-*
%config(noreplace) %{_sysconfdir}/%{name}/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/jail.local.example
%config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/action.d/*.py*
%config(noreplace) %{_sysconfdir}/%{name}/action.d/__pycache__/
%config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/jail.d/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/jail.d/*.local
%config(noreplace) %{_sysconfdir}/%{name}/filter.d/ignorecommands/*
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/action.d
%dir %{_sysconfdir}/%{name}/filter.d
%dir %{_sysconfdir}/%{name}/filter.d/ignorecommands
%dir %{_sysconfdir}/%{name}/jail.d
%{_mandir}/man1/*
%{python3_sitelib}/%{name}
%{python3_sitelib}/%{name}*.egg-info
%dir %{_localstatedir}/lib/fail2ban/
%ghost %dir %{_localstatedir}/run/fail2ban/


%changelog
* Wed Nov 09 2022 squidf <squidf> 1.0.2-1.mga8
+ Revision: 1905015
- Update to 1.0.2
- Fix dovecot-filter regression (mga#30952)
- Update to 1.0.1 (mga#30922)
- Update patches
- Add Mageia specific configuration files
- Enrich nginx-botsearch filter
- Fix ip info sent by abuseipd command
- Remove shorewall feedback to attacker
+ ns80 <ns80>
- add patch from openSUSE for CVE-2021-32749 (mga#29469)

* Tue Nov 24 2020 kekepower <kekepower> 0.11.2-1.mga8
+ Revision: 1648959
- Update to version 0.11.2

* Wed Feb 19 2020 umeabot <umeabot> 0.11.1-2.mga8
+ Revision: 1543164
- Mageia 8 Mass Rebuild

* Thu Jan 16 2020 mokraemer <mokraemer> 0.11.1-1.mga8
+ Revision: 1478175
- Fix file list
- new version 0.11.1

* Sat Sep 21 2019 daviddavid <daviddavid> 0.10.4-3.mga8
+ Revision: 1444213
- rebuild for python3.8

* Sun Jan 06 2019 kekepower <kekepower> 0.10.4-2.mga7
+ Revision: 1350231
- Rebuild for Python 3.7

* Sat Oct 06 2018 daviddavid <daviddavid> 0.10.4-1.mga7
+ Revision: 1318120
- new version: 0.10.4

* Thu Sep 20 2018 umeabot <umeabot> 0.10.3.1-2.mga7
+ Revision: 1278217
- Mageia 7 Mass Rebuild

* Thu Apr 05 2018 kekepower <kekepower> 0.10.3.1-1.mga7
+ Revision: 1215474
- Update to version 0.10.3.1

* Mon Mar 26 2018 kekepower <kekepower> 0.10.2-1.mga7
+ Revision: 1212614
- Update to version 0.10.2

* Sat Aug 05 2017 pterjan <pterjan> 0.9.5-2.mga7
+ Revision: 1135207
- Rebuild for python 3.6

* Wed Sep 21 2016 daviddavid <daviddavid> 0.9.5-1.mga6
+ Revision: 1054841
- new version: 0.9.5

* Thu Jul 14 2016 eatdirt <eatdirt> 0.9.4-2.mga6
+ Revision: 1042040
- Fix 100%%CPU bug, adding python3-pyinotify as Recommends

* Thu Mar 10 2016 daviddavid <daviddavid> 0.9.4-1.mga6
+ Revision: 988686
- new version: 0.9.4
- use new python macros
- update Source URL

* Fri Feb 19 2016 umeabot <umeabot> 0.9.3-2.mga6
+ Revision: 970804
- Mageia 6 Mass Rebuild

* Fri Oct 09 2015 ovitters <ovitters> 0.9.3-1.mga6
+ Revision: 888510
- new version 0.9.3

* Wed Oct 07 2015 ovitters <ovitters> 0.9.2-4.mga6
+ Revision: 887159
- rebuild for new python3

* Mon Aug 31 2015 ovitters <ovitters> 0.9.2-3.mga6
+ Revision: 871653
- require python3-systemd
- various cleanups from Fedora

* Mon Aug 24 2015 ovitters <ovitters> 0.9.2-1.mga6
+ Revision: 869079
- new version 0.9.2

* Wed Oct 15 2014 umeabot <umeabot> 0.8.13-5.mga5
+ Revision: 748693
- Second Mageia 5 Mass Rebuild

* Tue Sep 16 2014 umeabot <umeabot> 0.8.13-4.mga5
+ Revision: 679081
- Mageia 5 Mass Rebuild
+ tv <tv>
- s/uggests:/Recommends:/

* Sat May 31 2014 pterjan <pterjan> 0.8.13-3.mga5
+ Revision: 628174
- Rebuild for new Python

* Thu Apr 10 2014 remmy <remmy> 0.8.13-2.mga5
+ Revision: 613268
- Paths update for apache logfiles (mga#10617)
- Security fixes (mga#11569) for CVE-2013-7176 (postfix arbitrary IP-address
  blocking) and CVE-2013-7177 (cyrus-imap arbitrary IP-address blocking)

* Tue Oct 22 2013 umeabot <umeabot> 0.8.10-3.mga4
+ Revision: 542575
- Mageia 4 Mass Rebuild

* Mon Oct 14 2013 pterjan <pterjan> 0.8.10-2.mga4
+ Revision: 497749
- Rebuild to add different pythonegg provides for python 2 and 3

* Wed Jun 19 2013 remmy <remmy> 0.8.10-1.mga4
+ Revision: 444901
- New upstream version, also fixing a DoS vulnerability

* Tue Mar 26 2013 colin <colin> 0.8.8-6.mga3
+ Revision: 405410
- Require syslog-daemon (as basesystem doesn't technically need one now) mga#8028

* Sun Mar 24 2013 colin <colin> 0.8.8-5.mga3
+ Revision: 404859
- Add systemd requires and general post/pre fixes (mga#9302)

* Tue Jan 22 2013 fwang <fwang> 0.8.8-4.mga3
+ Revision: 390855
- update rpm group

* Sat Jan 12 2013 colin <colin> 0.8.8-3.mga3
+ Revision: 358973
- Tidy up tmpfiles support (don't ship /var/run folder in package)

* Fri Jan 11 2013 umeabot <umeabot> 0.8.8-2.mga3
+ Revision: 350037
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild

* Sat Dec 29 2012 remmy <remmy> 0.8.8-1.mga3
+ Revision: 336004
- New upstream version: 0.8.8

* Fri Nov 23 2012 remmy <remmy> 0.8.7.1-3.mga3
+ Revision: 321218
- Remove init script, create systemd style tmpfile

* Sun Nov 11 2012 remmy <remmy> 0.8.7.1-2.mga3
+ Revision: 316938
- Create tmpfile on install, enabling fail2ban to start (closes mga#7871)

* Sat Aug 11 2012 remmy <remmy> 0.8.7.1-1.mga3
+ Revision: 280516
- New upstream version: 0.8.7.1

* Sat Apr 28 2012 tmb <tmb> 0.8.6-2.mga2
+ Revision: 233693
- Require rpm-helper >= 0.24.8-1 for systemd support

* Wed Mar 07 2012 remmy <remmy> 0.8.6-1.mga2
+ Revision: 221223
- Drop unneeded patches
- Provide systemd .service file
- Log to SYSLOG by default
- Moved to upstream release 0.8.6

* Wed May 04 2011 saispo <saispo> 0.8.4-5.mga1
+ Revision: 94760
- Add missing patch
- Fix fail2ban with running file in /tmp, see bug #908

* Sun Feb 20 2011 eandry <eandry> 0.8.4-4.mga1
+ Revision: 54755
- remove buildroot
- bump for upgrade
- imported package fail2ban


* Sun Oct 31 2010 Funda Wang <fwang@mandriva.org> 0.8.4-3mdv2011.0
+ Revision: 590802
- rebuild for py2.7

* Thu Sep 24 2009 Frederik Himpe <fhimpe@mandriva.org> 0.8.4-2mdv2010.0
+ Revision: 448503
- Suggests python-gamin so that faster gamin back-end instead of polling
  is used

* Wed Sep 09 2009 Frederik Himpe <fhimpe@mandriva.org> 0.8.4-1mdv2010.0
+ Revision: 435890
- Update to new version 0.8.4

* Sun Jul 26 2009 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.3-3mdv2010.0
+ Revision: 400456
- Patch1: Set the file descriptor to be FD_CLOEXEC
- remove sock in case of unclean shutdown in initscript

* Sun Dec 28 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.3-2mdv2009.1
+ Revision: 320115
- rebuild for python-2.6

* Sat Jul 19 2008 Emmanuel Andry <eandry@mandriva.org> 0.8.3-1mdv2009.0
+ Revision: 238790
- New version

* Fri May 30 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.2-2mdv2009.0
+ Revision: 213376
- Patch0: fix ssh log path (#40792), and enable by default ssh-iptables
- create missing directory (#40793)

* Sat Mar 08 2008 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.2-1mdv2008.1
+ Revision: 182153
- fix docs
- update init script
- new version

  + Olivier Blin <oblin@mandriva.com>
    - restore BuildRoot

  + Thierry Vignaud <tv@mandriva.org>
    - kill re-definition of %%buildroot on Pixel's request

* Sat Nov 17 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.1-1mdv2008.1
+ Revision: 109496
- new version
- new license policy
- drop patch 0, fixed upstream
- add patch 0 (ssh)

* Mon May 07 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 0.8.0-1mdv2008.0
+ Revision: 24052
- new version


* Tue Feb 13 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 0.7.7-1mdv2007.0
+ Revision: 120339
- new version
- provide better initscript
- drop patches
- spec file clean

* Sat Jan 06 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 0.7.6-1mdv2007.1
+ Revision: 104919
- forgot to add patch 0 into svn :(
- update to the latest version
- regenerate patches 0,1,2,3
- add patch 4
- add %%postun

* Sat Dec 30 2006 Tomasz Pawel Gajc <tpg@mandriva.org> 0.7.5-4mdv2007.1
+ Revision: 102842
- regenerate fail2ban-server patch

* Sat Dec 30 2006 Tomasz Pawel Gajc <tpg@mandriva.org> 0.7.5-3mdv2007.1
+ Revision: 102829
- fix module path

* Sat Dec 30 2006 Tomasz Pawel Gajc <tpg@mandriva.org> 0.7.5-2mdv2007.1
+ Revision: 102765
- changed %%py_platsitedir to %%py_puresitedir
- Import fail2ban

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional