rpms/denyhosts/FC-4 README.fedora, NONE, 1.1 denyhosts-0.9.8-setup.patch, NONE, 1.1 denyhosts-1.0.0-config.patch, NONE, 1.1 denyhosts-1.0.0-daemon-control.patch, NONE, 1.1 denyhosts.logrotate, NONE, 1.1 denyhosts.sysconfig, NONE, 1.1 denyhosts.cron, 1.2, 1.3 denyhosts.init, 1.1, 1.2 denyhosts.spec, 1.2, 1.3 sources, 1.3, 1.4 denyhosts-0.5.5-workdir.patch, 1.1, NONE denyhosts-0.6.0-version.patch, 1.1, NONE

Jason Tibbitts (tibbs) fedora-extras-commits at redhat.com
Thu Aug 18 00:21:30 UTC 2005


Author: tibbs

Update of /cvs/extras/rpms/denyhosts/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21440

Modified Files:
	denyhosts.cron denyhosts.init denyhosts.spec sources 
Added Files:
	README.fedora denyhosts-0.9.8-setup.patch 
	denyhosts-1.0.0-config.patch 
	denyhosts-1.0.0-daemon-control.patch denyhosts.logrotate 
	denyhosts.sysconfig 
Removed Files:
	denyhosts-0.5.5-workdir.patch denyhosts-0.6.0-version.patch 
Log Message:
Pull from development branch.



--- NEW FILE README.fedora ---
Some useful information about DenyHosts as packaged by Fedora Extras
--------------------------------------------------------------------

It installs and runs as a service, so you can start it with:

  service denyhosts start

and enable it at boot time with:

  chkconfig denyhosts on


By default it will process your logs every ten minutes.  You can
change the interval by editing /etc/cron.d/denyhosts.  You can see a
description of the file format by running:

  man 5 crontab


By default, DenyHosts is set up to purge old block entries, but only
after one year.  If you wish to adjust this, edit /etc/denyhosts.conf
and look for "PURGE_DENY".  The purge procedure is run daily at 5AM.
To adjust this frequency, edit /etc/cron.d/denyhosts.


DenyHosts will process only your current logfile (/var/log/secure).
If you want to incorporate an old logfile (in this example,
/var/log/secure.1) , you can run

  denyhosts.py -c /etc/denyhosts.conf /var/log/secure.1

DenyHosts can also handle logs compressed with gzip or bzip2.


Notes about upgrading
---------------------
If upgrading from DenyHosts 0.6.0 or earlier, note that this package
does not run denyhosts --migrate to make the old entries expirable.
This preserves any entries that may have been manually added.  You
can, of course, run this yourself.

This package runs denyhosts --upgrade099 automatically to move any
post-0.6.0 and pre-0.9.9 entries into the proper format.


denyhosts-0.9.8-setup.patch:

--- NEW FILE denyhosts-0.9.8-setup.patch ---
--- setup.py.orig	2005-07-22 17:39:17.000000000 -0500
+++ setup.py	2005-08-04 13:06:14.893095036 -0500
@@ -21,13 +21,13 @@
       package_dir={'DenyHosts': 'DenyHosts'},
       packages=["DenyHosts"],
       ##py_modules=["denyhosts_version"],
-      data_files=[(libpath, glob("denyhosts.cfg-dist")),
-                  (libpath, glob("denyhosts-daemon-initscript")),
-                  (libpath, glob("setup.py")),
-                  (libpath, glob("daemon-control-dist")),
-                  (libpath, glob("CHANGELOG.txt")),
-                  (libpath, glob("README.txt")),
-                  (libpath, glob("LICENSE.txt"))],
+#      data_files=[(libpath, glob("denyhosts.cfg-dist")),
+#                  (libpath, glob("denyhosts-daemon-initscript")),
+#                  (libpath, glob("setup.py")),
+#                  (libpath, glob("daemon-control-dist")),
+#                  (libpath, glob("CHANGELOG.txt")),
+#                  (libpath, glob("README.txt")),
+#                  (libpath, glob("LICENSE.txt"))],
       license="GPL",
       ##extra_path='denyhosts',
       long_description="""

denyhosts-1.0.0-config.patch:

--- NEW FILE denyhosts-1.0.0-config.patch ---
--- denyhosts.cfg-dist.orig	2005-08-15 10:51:55.000000000 -0500
+++ denyhosts.cfg-dist	2005-08-15 22:26:21.788502326 -0500
@@ -47,13 +47,18 @@
 #            'y' = years
 #
 # never purge:
-PURGE_DENY = 
+#PURGE_DENY = 
 #
 # purge entries older than 1 week
 #PURGE_DENY = 1w
 #
 # purge entries older than 5 days
 #PURGE_DENY = 5d
+#
+# For the default Fedora Extras install, we want timestamping but no
+# expiration (at least by default) so this is deliberately set high.
+# Adjust to taste.
+PURGE_DENY = 1y
 #######################################################################
 
 
@@ -116,7 +121,7 @@
 # Note: when run in daemon mode, this directory should be specified
 # as an absolute path name (eg. /home/foo/denyhosts/data)
 #
-WORK_DIR = denyhosts
+WORK_DIR = /var/lib/denyhosts
 #
 #######################################################################
 
@@ -175,7 +180,7 @@
 # match your email address.  If you do not want to receive these reports
 # leave this field blank (or run with the --noemail option)
 #
-ADMIN_EMAIL = 
+ADMIN_EMAIL = root
 #
 #######################################################################
 

denyhosts-1.0.0-daemon-control.patch:

--- NEW FILE denyhosts-1.0.0-daemon-control.patch ---
--- daemon-control-dist.orig	2005-08-16 17:31:58.285358954 -0500
+++ daemon-control-dist	2005-08-16 17:33:00.510336919 -0500
@@ -7,7 +7,7 @@
 
 DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
 DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_CFG   = "/etc/denyhosts.conf"
 
 
 ###############################################
@@ -104,7 +104,7 @@
     try:
         option = sys.argv[1]
         
-        if option in ('start', 'restart'):
+        if option in ('start', 'restart', 'condrestart'):
             if '--config' not in args and '-c' not in args:
                 args.append("--config=%s" % DENYHOSTS_CFG)
 


--- NEW FILE denyhosts.logrotate ---
/var/log/denyhosts {
    missingok
    notifempty
    size 100k
    create 0644 root root
    postrotate
        /sbin/service denyhosts condrestart > /dev/null 2>&1 || :
    endscript

}


--- NEW FILE denyhosts.sysconfig ---
# Should DenyHosts run in daemon mode?
# If not set to "yes", you also need to edit /etc/cron.d/denyhosts
# and uncomment the appropriate lines.
DAEMON=yes


Index: denyhosts.cron
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-4/denyhosts.cron,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- denyhosts.cron	2 Jul 2005 21:38:47 -0000	1.2
+++ denyhosts.cron	18 Aug 2005 00:21:28 -0000	1.3
@@ -1,6 +1,12 @@
-# This defaults to running once every ten minutes, but if your host is being
-# heavily attacked then it is reasonable to make it run as frequently as once
-# every minute.  DenyHosts runs quickly once it has initially processed your
-# logs and should not take a significant amount of CPU time.
-*/10 * * * * root [ -f /var/lock/subsys/denyhosts ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf
-
+# The Fedora default is to use daemon mode, but if you wish to have
+# denyhosts run periodically, you can uncomment the appropriate two lines
+# and edit /etc/sysconfig/denyhosts.  (You will also have to start the
+# "service" and set it to run at boot if necessary.)
+#
+# Run denyhosts occasionally; adjust the time span to your liking
+#*/10 * * * * root [ -f /var/lock/subsys/denyhosts.init ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+#
+# Automatically purge old entries early in the morning.  Note that you must
+# edit /etc/denyhosts.conf and set PURGE_DENY to something reasonable, as the
+# default value purge time is set very high.
+#0 5 * * * root [ -f /var/lock/subsys/denyhosts.init ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf --purge


Index: denyhosts.init
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-4/denyhosts.init,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- denyhosts.init	20 May 2005 04:57:02 -0000	1.1
+++ denyhosts.init	18 Aug 2005 00:21:28 -0000	1.2
@@ -7,7 +7,7 @@
 #
 # chkconfig:	- 50 01
 #
-# description:  Enable periodic execution of denyhosts, an SSH log watcher
+# description:  Enable execution of denyhosts, an SSH log watcher
 # processname	denyhosts
 # config:	/etc/denyhosts.cfg
 #
@@ -15,29 +15,58 @@
 # source function library
 . /etc/rc.d/init.d/functions
 
-lockfile=/var/lock/subsys/denyhosts
-
+CONTROL=/usr/bin/denyhosts-control
+CRONLOCK=/var/lock/subsys/denyhosts.init
+LOCKFILE=/var/lock/subsys/denyhosts
 RETVAL=0
 
-start() {
+[ -f /etc/sysconfig/denyhosts ] && . /etc/sysconfig/denyhosts
+
+c_start() {
 	echo -n $"Enabling denyhosts: "
-	touch "$lockfile" && success || failure
+	touch "$CRONLOCK" && success || failure
 	RETVAL=$?
 	echo
 }
 
-stop() {
+c_stop() {
 	echo -n $"Disabling denyhosts: "
-	rm -f "$lockfile" && success || failure
+	rm -f "$CRONLOCK" && success || failure
 	RETVAL=$?
 	echo
 }
 
-restart() {
-	stop
-	start
+c_restart() {
+	c_stop
+	c_start
+}
+
+c_condrestart() {
+	[ -f "$CRONLOCK" ] && c_restart
 }
 
+c_status() {
+	if [ -f $CRONLOCK ]; then
+		echo $"Denyhosts is enabled."
+		RETVAL=0
+	else
+		echo $"Denyhosts is disabled."
+		RETVAL=3
+	fi
+}
+
+d_condrestart() { $CONTROL condrestart; RETVAL=$?; }
+d_restart()     { $CONTROL restart;     RETVAL=$?; }
+d_start()       { $CONTROL start;       RETVAL=$?; }
+d_status()      { $CONTROL status;      RETVAL=$?; }
+d_stop()        { $CONTROL stop;        RETVAL=$?; }
+
+condrestart() { if [ $DAEMON = "yes" ]; then d_condrestart; else c_restart; fi }
+restart()     { if [ $DAEMON = "yes" ]; then d_restart;     else c_restart; fi }
+start()       { if [ $DAEMON = "yes" ]; then d_start;       else c_start;   fi }
+status()      { if [ $DAEMON = "yes" ]; then d_status;      else c_status;  fi }
+stop()        { if [ $DAEMON = "yes" ]; then d_stop;        else c_stop;    fi }
+
 case "$1" in
   start)
 	start
@@ -51,16 +80,10 @@
   reload)
 	;;
   condrestart)
-	[ -f "$lockfile" ] && restart
+	condrestart
 	;;
   status)
-	if [ -f $lockfile ]; then
-		echo $"Denyhosts is enabled."
-		RETVAL=0
-	else
-		echo $"Denyhosts is disabled."
-		RETVAL=3
-	fi
+	status
 	;;
   *)
 	echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"


Index: denyhosts.spec
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-4/denyhosts.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- denyhosts.spec	2 Jul 2005 21:38:47 -0000	1.2
+++ denyhosts.spec	18 Aug 2005 00:21:28 -0000	1.3
@@ -1,6 +1,6 @@
 Name:           denyhosts
-Version:        0.6.0
-Release:	1%{?dist}
+Version:        1.0.0
+release:	2%{?dist}
 Summary:        A script to help thwart ssh server attacks
 
 Group:          Applications/System
@@ -10,12 +10,16 @@
 Source1:	denyhosts.cron
 Source2:	denyhosts.init
 Source3:	denyhosts-allowed-hosts
-Patch0:		denyhosts-0.5.5-workdir.patch
-Patch1:		denyhosts-0.6.0-version.patch
+Source4:	denyhosts.sysconfig
+Source5:	denyhosts.logrotate
+Source6:	README.fedora
+Patch0:		denyhosts-1.0.0-config.patch
+Patch1:		denyhosts-0.9.8-setup.patch
+Patch2:		denyhosts-1.0.0-daemon-control.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArchitectures: noarch
 
-#BuildRequires:  
+BuildRequires:  python-devel
 Requires:       openssh-server
 
 %description
@@ -31,21 +35,38 @@
 %setup -q -n DenyHosts-%{version}
 %patch0 -p0
 %patch1 -p0
+%patch2 -p0
+
+cp %{SOURCE6} .
+
+
+%build
+python ./setup.py build
+
 
 %install
 rm -rf $RPM_BUILD_ROOT
+python ./setup.py install --root=$RPM_BUILD_ROOT --record=%{name}.files
 
 install -d $RPM_BUILD_ROOT%{_bindir}
+
 install -d $RPM_BUILD_ROOT%{_initrddir}
 install -d $RPM_BUILD_ROOT%{_sysconfdir}/cron.d
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 
 install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/lib/denyhosts
+install -d $RPM_BUILD_ROOT%{_localstatedir}/log
 
-install -p -m 755 denyhosts.py $RPM_BUILD_ROOT%{_bindir}
 install -p -m 600 denyhosts.cfg-dist $RPM_BUILD_ROOT%{_sysconfdir}/denyhosts.conf
+install -p -m 755 daemon-control-dist $RPM_BUILD_ROOT%{_bindir}/denyhosts-control
 install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/denyhosts
 install -p -m 755 %{SOURCE2} $RPM_BUILD_ROOT%{_initrddir}/denyhosts
 install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_localstatedir}/lib/denyhosts/allowed-hosts
+install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/denyhosts
+install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/denyhosts
+
+touch $RPM_BUILD_ROOT%{_localstatedir}/log/denyhosts
 
 for i in allowed-warned-hosts hosts offset suspicious-logins \
          users-hosts users-invalid users-valid; do
@@ -56,25 +77,40 @@
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+
+# Note that we do not automaticaly run --migrate, because we can't be
+# sure that all of the hosts.deny entries were created by denyhosts
 %post
 /sbin/chkconfig --add denyhosts
-/sbin/service denyhosts condrestart >> /dev/null
+
+RUNNING=`/sbin/service denyhosts status | grep "is running"`
+/sbin/service denyhosts stop > /dev/null 2>&1 || :
+%{_bindir}/denyhosts.py -c /etc/denyhosts.conf --upgrade099 > /dev/null 2>&1 || :
+if [ -n "$RUNNING" ]; then
+  /sbin/service denyhosts start > /dev/null 2>&1
+fi
 exit 0
 
+
 %preun
 if [ $1 = 0 ]; then
+  /sbin/service denyhosts stop > /dev/null 2>&1
   /sbin/chkconfig --del denyhosts
-  /sbin/service denyhosts stop >> /dev/null
 fi
 exit 0
 
-%files
+
+%files -f %{name}.files
 %defattr(-,root,root,-)
-%doc LICENSE.txt README.txt setup.py
+%doc CHANGELOG.txt denyhosts.cfg-dist LICENSE.txt
+%doc README.fedora README.txt setup.py
 %config(noreplace) %{_sysconfdir}/denyhosts.conf
 %config(noreplace) %{_sysconfdir}/cron.d/denyhosts
+%config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
+%config(noreplace) %{_sysconfdir}/sysconfig/denyhosts
 %config(noreplace) %{_localstatedir}/lib/denyhosts/allowed-hosts
 
+%ghost %{_localstatedir}/log/denyhosts
 %ghost %{_localstatedir}/lib/denyhosts/allowed-warned-hosts
 %ghost %{_localstatedir}/lib/denyhosts/hosts
 %ghost %{_localstatedir}/lib/denyhosts/offset
@@ -85,10 +121,54 @@
 
 %dir %{_localstatedir}/lib/denyhosts
 
-%{_bindir}/denyhosts.py
 %{_initrddir}/denyhosts
+%{_bindir}/denyhosts-control
 
 %changelog
+* Wed Aug 17 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-2
+- Restart the daemon in the logrotate script
+- Stop the running daemon before calling --upgrade099
+
+* Tue Aug 16 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-1
+- Fix condrestart
+- Actually install logrotate entry
+
+* Mon Aug 15 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-0
+- Update to 1.0.0
+- Add logrotate entry
+- Clean up initscript
+- Add notes on upgrading.
+
+* Mon Aug 15 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-2
+- Automatically upgrade the format of hosts.deny entries.
+
+* Sun Aug 14 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-1
+- Framework for enabling daemon mode.
+
+* Sat Aug 13 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-0
+- Update to 0.9.9
+
+* Fri Aug  5 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.8-1
+- Update to 0.9.8
+
+* Fri Jul 22 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-3
+- Rename the lockfile used by the initscript/cron setup because
+  DenyHosts now has its own internal locking and they chose the exact
+  same lockfile we were using.
+- Turn on PURGE_DENY in the installed config file.
+- Delete data_files from setup.py.
+- Enable purging in denyhosts.cron.
+- Add README.fedora file.
+
+* Thu Jul 21 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-2
+- Package CHANGELOG.txt and denyhosts.cfg-dist as well (as
+  documentation).
+
+* Thu Jul 21 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-1
+- Update to 0.8.0
+- Use proper Python installation mechanism.
+- Drop denyhosts-0.6.0-version.patch as it's no longer necessary.
+
 * Sat Jul  2 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.6.0-1
 - Update to 0.6.0
 - Add fix for "from version import VERSION" issue.


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-4/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sources	2 Jul 2005 21:38:47 -0000	1.3
+++ sources	18 Aug 2005 00:21:28 -0000	1.4
@@ -1 +1 @@
-6d65457ed9c31c548160e2aa74e5a80e  DenyHosts-0.6.0.tar.gz
+12633e88a120ccdbd604bd775b154a62  DenyHosts-1.0.0.tar.gz


--- denyhosts-0.5.5-workdir.patch DELETED ---


--- denyhosts-0.6.0-version.patch DELETED ---




More information about the scm-commits mailing list