123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321 |
- %bcond_with systemd
- %bcond_with tests
- %global py2to3 /usr/bin/2to3-3.11
- Summary: Ban IPs that make too many password failures
- Name: fail2ban
- Version: 1.0.2
- Release: 1%{?_dist_release}%{?with_systemd:.systemd}
- Group: system
- Vendor: Project Vine
- Distribution: Vine Linux
- License: GPLv2+
- URL: https://github.com/fail2ban/fail2ban
- Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
- Source1: fail2ban-logrotate
- # Give up being PartOf iptables and ipset for now
- # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
- # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
- Patch0: fail2ban-partof.patch
- # https://bugzilla.redhat.com/show_bug.cgi?id=2034205
- Patch1: fail2ban-python311.patch
- BuildArch: noarch
- BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
- BuildRequires: python3-devel
- BuildRequires: python3-rpm-macros
- BuildRequires: python3-setuptools
- Requires: iptables, ipset
- #Requires: tcp_wrappers
- Requires: python3-inotify
- %if %{with systemd}
- Requires: python3-systemd
- %{?systemd_requires}
- %else
- Requires: initscripts
- Requires(post): /sbin/chkconfig
- Requires(preun): /sbin/chkconfig
- Requires(preun): /sbin/service
- %endif
- %description
- Fail2ban scans log files like /var/log/pwdfail or
- /var/log/apache/error_log and bans IP that makes too many password
- failures. It updates firewall rules to reject the IP address.
- %prep
- %setup -q
- %autopatch -p1 -m 1
- %{py2to3} --write --nobackups .
- find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
- # 2to3 has been removed from setuptools and we already use the binary in
- # %%prep.
- sed -i "/use_2to3/d" setup.py
- sed -i -e 's|@BINDIR@|%{_bindir}|' \
- files/fail2ban.service.in
- %build
- %pip3_build_wheel
- %install
- rm -rf %{buildroot}
- %pip3_install_wheel
- ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
- mv %{buildroot}%{python3_sitelib}%{_sysconfdir} %{buildroot}%{_sysconfdir}
- rm -rf %{buildroot}%{python3_sitelib}%{_prefix}
- mkdir -p %{buildroot}%{_sysconfdir}/%{name}/jail.d
- %if %{with systemd}
- mkdir -p %{buildroot}%{_unitdir}
- install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/
- mkdir -p %{buildroot}%{_tmpfilesdir}
- install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
- install -d -m 0755 %{buildroot}/run/fail2ban/
- install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
- # systemd journal configuration
- cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
- # This file is part of the fail2ban-systemd package to configure the use of
- # the systemd journal as the default backend. You can remove this package
- # (along with the empty fail2ban meta-package) if you do not want to use the
- # journal backend
- [DEFAULT]
- backend=systemd
- EOF
- %else
- mkdir -p %{buildroot}%{_initddir}
- install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
- %endif
- mkdir -p %{buildroot}%{_mandir}/man{1,5}
- install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
- install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
- mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
- install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
- install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
- install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
- rm -rf %{buildroot}%{_docdir}/fail2ban
- # Remove non-Linux actions
- rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
- rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
- rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
- %if %{with tests}
- %check
- export LANG=ja_JP.UTF-8
- %{__python3} bin/fail2ban-testcases --verbosity=2 --no-network
- %endif
- %clean
- rm -rf %{buildroot}
- %post
- %if %{with systemd}
- %systemd_post fail2ban.service
- %else
- /sbin/chkconfig --add %{name}
- %endif
- %preun
- %if %{with systemd}
- %systemd_preun fail2ban.service
- %else
- if [ $1 = 0 -o -x /bin/systemctl ]; then
- /sbin/service %{name} stop > /dev/null 2>&1
- /sbin/chkconfig --del %{name}
- fi
- %endif
- %if %{with systemd}
- %postun
- %systemd_postun_with_restart fail2ban.service
- %endif
- %files
- %defattr(-,root,root,-)
- %license COPYING
- %doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt
- #doc config/fail2ban.conf*
- %{_bindir}/fail2ban-python
- %{_bindir}/fail2ban-server
- %{_bindir}/fail2ban-client
- %{_bindir}/fail2ban-regex
- %{_bindir}/fail2ban-testcases
- #%{_datadir}/fail2ban
- %{python3_sitelib}/fail2ban*
- %exclude %{python3_sitelib}/fail2ban/tests
- %{_mandir}/man1/*.1*
- %{_mandir}/man5/*.5*
- %dir %{_sysconfdir}/fail2ban
- %dir %{_sysconfdir}/fail2ban/action.d
- %dir %{_sysconfdir}/fail2ban/filter.d
- %dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands
- %dir %{_sysconfdir}/fail2ban/jail.d
- %config(noreplace) %{_sysconfdir}/fail2ban/*.conf
- %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*
- %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
- %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/*
- %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
- %dir %{_localstatedir}/lib/fail2ban/
- %if %{with systemd}
- %{_unitdir}/*
- %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/*
- %config(noreplace) %{_tmpfilesdir}/fail2ban.conf
- %dir /run/%{name}/
- %ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
- %else
- %{_initddir}/fail2ban
- %dir %{_localstatedir}/run/fail2ban/
- %endif
- %changelog
- * Thu Nov 10 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.2-1
- - new upstream release.
- * Tue Nov 08 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.1-2
- - fixed unit file for systemd.
- * Fri Oct 28 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.1-1
- - new upstream release.
- * Wed Jul 28 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.2-1
- - new upstream release.
- - imported Patch1000 from upstream to fix CVE-2021-32749.
- - dropped Patch1-4: fixed in upstream.
- - imported Patch1 from rawhide.
- * Sat Aug 15 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-2
- - rebuilt with python-3.8.
- * Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1
- - new upstream release.
- - added systemd support (disabled as default).
- * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1
- - new upstream release.
- - switched to python3.
- * Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1
- - new upstream release.
- * Fri Jun 3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1
- - new upstream release.
- * Sun Feb 8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1
- - new upstream release.
- * Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1
- - new upstream release.
- * Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2
- - initial build on Vine Linux.
- * Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
- - Update to 0.8.7.1
- - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
- - Rebase sshd and notmp patches
- - Use _initddir macro
- * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
- - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
- * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
- - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
- * Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
- - Move tmp files to /var/lib (suggested by Phil Anderson).
- - Enable inotify support (by Jonathan Underwood).
- - Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
- * Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
- - Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
- cloexec another fd leak.
- * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
- - update to 0.8.4.
- * Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
- - Update to a newer svn snapshot to fix python 2.6 issue.
- * Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
- - Log to syslog (RH bug #491983). Also deals with RH bug #515116.
- - Check inodes of log files (RH bug #503852).
- * Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
- - Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
- * Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
- - Rebuild for Python 2.6
- * Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
- - Update to 0.8.3.
- * Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
- - fix license tag
- * Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
- - Close on exec fixes by Jonathan Underwood.
- * Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
- - Add %%{_localstatedir}/run/fail2ban (David Rees).
- * Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
- - Update to 0.8.2.
- * Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
- - Move socket file from /tmp to /var/run to prevent SElinux from stopping
- fail2ban from starting (BZ #429281)
- - Change logic in init file to start with -x to remove the socket file in case
- of unclean shutdown
- * Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
- - Update to 0.8.1.
- - Remove patch fixing CVE-2007-4321 (upstream).
- - Remove AllowUsers patch (upstream).
- - Add dependency to gamin-python.
- * Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
- - Fix remote log injection (no CVE assignment yet).
- * Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
- - Also trigger on non-AllowUsers failures (Jonathan Underwood
- <jonathan.underwood@gmail.com>).
- * Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
- - logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
- - send mail to root; logrotate (Jonathan Underwood
- <jonathan.underwood@gmail.com>)
- * Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
- - Update to 0.8.0.
- - enable ssh by default, fix log file for ssh scanning, adjust python
- dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
- * Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
- - Remove forgotten condrestart.
- * Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
- - Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
- - Don't default chkconfig to enabled.
- - Add dependencies on service/chkconfig.
- - Use example iptables/ssh config as default config.
- * Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
- - Initial build.
|