fail2ban-vl.spec 9.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295
  1. %bcond_with systemd
  2. %bcond_with tests
  3. %global py2to3 /usr/bin/2to3-3.8
  4. Summary: Ban IPs that make too many password failures
  5. Name: fail2ban
  6. Version: 0.11.2
  7. Release: 1%{?_dist_release}%{?with_systemd:.systemd}
  8. Group: system
  9. Vendor: Project Vine
  10. Distribution: Vine Linux
  11. License: GPLv2+
  12. URL: https://github.com/fail2ban/fail2ban
  13. Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
  14. Source1: fail2ban-logrotate
  15. # Fixes century selector for tests
  16. # https://bugzilla.redhat.com/show_bug.cgi?id=1912472
  17. Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf45277137771fc747fe.patch
  18. Patch1000: CVE-2021-32749.patch
  19. BuildArch: noarch
  20. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
  21. BuildRequires: python3-devel
  22. BuildRequires: python3-rpm-macros
  23. BuildRequires: python3-setuptools
  24. Requires: iptables, ipset
  25. #Requires: tcp_wrappers
  26. Requires: python3-inotify
  27. %if %{with systemd}
  28. %{?systemd_requires}
  29. %else
  30. Requires: initscripts
  31. Requires(post): /sbin/chkconfig
  32. Requires(preun): /sbin/chkconfig
  33. Requires(preun): /sbin/service
  34. %endif
  35. %description
  36. Fail2ban scans log files like /var/log/pwdfail or
  37. /var/log/apache/error_log and bans IP that makes too many password
  38. failures. It updates firewall rules to reject the IP address.
  39. %prep
  40. %setup -q
  41. %autosetup -p1
  42. %{py2to3} --write --nobackups .
  43. find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
  44. %build
  45. %{py3_build}
  46. %install
  47. rm -rf %{buildroot}
  48. %{py3_install}
  49. %if %{with systemd}
  50. mkdir -p %{buildroot}%{_unitdir}
  51. install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/
  52. mkdir -p %{buildroot}%{_tmpfilesdir}
  53. install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
  54. install -d -m 0755 %{buildroot}/run/fail2ban/
  55. install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
  56. # systemd journal configuration
  57. cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
  58. # This file is part of the fail2ban-systemd package to configure the use of
  59. # the systemd journal as the default backend. You can remove this package
  60. # (along with the empty fail2ban meta-package) if you do not want to use the
  61. # journal backend
  62. [DEFAULT]
  63. backend=systemd
  64. EOF
  65. %else
  66. mkdir -p %{buildroot}%{_initddir}
  67. install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
  68. %endif
  69. mkdir -p %{buildroot}%{_mandir}/man{1,5}
  70. install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
  71. install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
  72. mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
  73. install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
  74. install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
  75. install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
  76. rm -rf %{buildroot}%{_docdir}/fail2ban
  77. # Remove non-Linux actions
  78. rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
  79. rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
  80. rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
  81. %if %{with tests}
  82. %check
  83. export LANG=ja_JP.UTF-8
  84. %{__python3} bin/fail2ban-testcases --verbosity=2 --no-network
  85. %endif
  86. %clean
  87. rm -rf %{buildroot}
  88. %post
  89. %if %{with systemd}
  90. %systemd_post fail2ban.service
  91. %else
  92. /sbin/chkconfig --add %{name}
  93. %endif
  94. %preun
  95. %if %{with systemd}
  96. %systemd_preun fail2ban.service
  97. %else
  98. if [ $1 = 0 -o -x /bin/systemctl ]; then
  99. /sbin/service %{name} stop > /dev/null 2>&1
  100. /sbin/chkconfig --del %{name}
  101. fi
  102. %endif
  103. %if %{with systemd}
  104. %postun
  105. %systemd_postun_with_restart fail2ban.service
  106. %endif
  107. %files
  108. %defattr(-,root,root,-)
  109. %license COPYING
  110. %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt
  111. #doc config/fail2ban.conf*
  112. %{_bindir}/fail2ban-python
  113. %{_bindir}/fail2ban-server
  114. %{_bindir}/fail2ban-client
  115. %{_bindir}/fail2ban-regex
  116. %{_bindir}/fail2ban-testcases
  117. #%{_datadir}/fail2ban
  118. %{python3_sitelib}/fail2ban*
  119. %{_mandir}/man1/*.1*
  120. %{_mandir}/man5/*.5*
  121. %dir %{_sysconfdir}/fail2ban
  122. %dir %{_sysconfdir}/fail2ban/action.d
  123. %dir %{_sysconfdir}/fail2ban/filter.d
  124. %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands
  125. %dir %{_sysconfdir}/fail2ban/jail.d
  126. %config(noreplace) %{_sysconfdir}/fail2ban/*.conf
  127. %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*
  128. %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
  129. %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/*
  130. %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
  131. %dir %{_localstatedir}/lib/fail2ban/
  132. %if %{with systemd}
  133. %{_unitdir}/*
  134. %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/*
  135. %config(noreplace) %{_tmpfilesdir}/fail2ban.conf
  136. %dir /run/%{name}/
  137. %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
  138. %else
  139. %{_initddir}/fail2ban
  140. %dir %{_localstatedir}/run/fail2ban/
  141. %endif
  142. %changelog
  143. * Wed Jul 28 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.2-1
  144. - new upstream release.
  145. - imported Patch1000 from upstream to fix CVE-2021-32749.
  146. - dropped Patch1-4: fixed in upstream.
  147. - imported Patch1 from rawhide.
  148. * Sat Aug 15 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-2
  149. - rebuilt with python-3.8.
  150. * Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1
  151. - new upstream release.
  152. - added systemd support (disabled as default).
  153. * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1
  154. - new upstream release.
  155. - switched to python3.
  156. * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1
  157. - new upstream release.
  158. * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1
  159. - new upstream release.
  160. * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1
  161. - new upstream release.
  162. * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1
  163. - new upstream release.
  164. * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2
  165. - initial build on Vine Linux.
  166. * Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
  167. - Update to 0.8.7.1
  168. - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
  169. - Rebase sshd and notmp patches
  170. - Use _initddir macro
  171. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
  172. - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
  173. * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
  174. - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
  175. * Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
  176. - Move tmp files to /var/lib (suggested by Phil Anderson).
  177. - Enable inotify support (by Jonathan Underwood).
  178. - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
  179. * Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
  180. - Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
  181. cloexec another fd leak.
  182. * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
  183. - update to 0.8.4.
  184. * Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
  185. - Update to a newer svn snapshot to fix python 2.6 issue.
  186. * Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
  187. - Log to syslog (RH bug #491983). Also deals with RH bug #515116.
  188. - Check inodes of log files (RH bug #503852).
  189. * Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
  190. - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
  191. * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
  192. - Rebuild for Python 2.6
  193. * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
  194. - Update to 0.8.3.
  195. * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
  196. - fix license tag
  197. * Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
  198. - Close on exec fixes by Jonathan Underwood.
  199. * Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
  200. - Add %%{_localstatedir}/run/fail2ban (David Rees).
  201. * Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
  202. - Update to 0.8.2.
  203. * Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
  204. - Move socket file from /tmp to /var/run to prevent SElinux from stopping
  205. fail2ban from starting (BZ #429281)
  206. - Change logic in init file to start with -x to remove the socket file in case
  207. of unclean shutdown
  208. * Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
  209. - Update to 0.8.1.
  210. - Remove patch fixing CVE-2007-4321 (upstream).
  211. - Remove AllowUsers patch (upstream).
  212. - Add dependency to gamin-python.
  213. * Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
  214. - Fix remote log injection (no CVE assignment yet).
  215. * Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
  216. - Also trigger on non-AllowUsers failures (Jonathan Underwood
  217. <jonathan.underwood@gmail.com>).
  218. * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
  219. - logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
  220. - send mail to root; logrotate (Jonathan Underwood
  221. <jonathan.underwood@gmail.com>)
  222. * Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
  223. - Update to 0.8.0.
  224. - enable ssh by default, fix log file for ssh scanning, adjust python
  225. dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
  226. * Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
  227. - Remove forgotten condrestart.
  228. * Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
  229. - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
  230. - Don't default chkconfig to enabled.
  231. - Add dependencies on service/chkconfig.
  232. - Use example iptables/ssh config as default config.
  233. * Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
  234. - Initial build.