[fail2ban] - Update to 0.9 git branch - Rebase patches - Require systemd-python for journal support
Orion Poplawski
orion at fedoraproject.org
Fri Aug 9 03:42:52 UTC 2013
commit b5e668e8493ce336013e62f047c79c475bef5812
Author: Orion Poplawski <orion at cora.nwra.com>
Date: Thu Aug 8 21:42:28 2013 -0600
- Update to 0.9 git branch
- Rebase patches
- Require systemd-python for journal support
.gitignore | 1 +
fail2ban-0.8.7.1-sshd.patch | 18 ----
fail2ban-logfiles.patch | 212 +++++++++++++++++++++++++++++++++++++++++++
fail2ban-notmp.patch | 6 +-
fail2ban.spec | 23 +++--
sources | 2 +-
6 files changed, 233 insertions(+), 29 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index fa2b88b..ebbd8d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2
/fail2ban_0.8.7.1.orig.tar.gz
/fail2ban_0.8.8.orig.tar.gz
/fail2ban-0.8.10.tar.gz
+/fail2ban-0.9-d529151.tar.xz
diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch
new file mode 100644
index 0000000..c2cf359
--- /dev/null
+++ b/fail2ban-logfiles.patch
@@ -0,0 +1,212 @@
+diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf
+--- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600
++++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600
+@@ -152,20 +152,18 @@ action = %(action_)s
+ [sshd]
+
+ port = ssh
+-logpath = /var/log/auth.log
+- /var/log/sshd.log
++logpath = /var/log/secure
+
+ [sshd-ddos]
+
+ port = ssh
+-logpath = /var/log/auth.log
+- /var/log/sshd.log
++logpath = /var/log/secure
+
+ [dropbear]
+
+ port = ssh
+ filter = sshd
+-logpath = /var/log/dropbear
++logpath = /var/log/secure
+
+
+ # Generic filter for PAM. Has to be used with action which bans all
+@@ -175,12 +173,12 @@ logpath = /var/log/dropbear
+
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath = /var/log/auth.log
++logpath = /var/log/secure
+
+ [xinetd-fail]
+
+ banaction = iptables-multiport-log
+-logpath = /var/log/daemon.log
++logpath = /var/log/messages
+ maxretry = 2
+
+ # .. custom jails
+@@ -201,7 +199,7 @@ filter = sshd
+ action = hostsdeny[daemon_list=sshd]
+ sendmail-whois[name=SSH, dest=you at example.com]
+ ignoreregex = for myuser from
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+
+ # Here we use blackhole routes for not requiring any additional kernel support
+ # to store large volumes of banned IPs
+@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log
+
+ filter = sshd
+ action = route
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+
+ # Here we use a combination of Netfilter/Iptables and IPsets
+ # for storing large volumes of banned IPs
+@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log
+
+ filter = sshd
+ action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+
+ [sshd-iptables-ipset6]
+
+ filter = sshd
+ action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+
+ # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+ # option is overridden in this jail. Moreover, the action "mail-whois" defines
+@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log
+ filter = sshd
+ action = ipfw[localhost=192.168.0.1]
+ sendmail-whois[name="SSH,IPFW", dest=you at example.com]
+-logpath = /var/log/auth.log
++logpath = /var/log/secure
+ ignoreip = 168.192.0.1
+
+ # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
+@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1
+ [ssh-bsd-ipfw]
+ filter = sshd
+ action = bsd-ipfw[port=ssh,table=1]
+-logpath = /var/log/auth.log
++logpath = /var/log/secure
+
+ #
+ # HTTP servers
+@@ -259,7 +257,7 @@ logpath = /var/log/auth.log
+ [apache-auth]
+
+ port = http,https
+-logpath = /var/log/apache*/*error.log
++logpath = /var/log/httpd/*error_log
+
+ # Ban hosts which agent identifies spammer robots crawling the web
+ # for email addresses. The mail outputs are buffered.
+@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log
+ [apache-badbots]
+
+ port = http,https
+-logpath = /var/log/apache*/*access.log
+- /var/www/*/logs/access_log
++logpath = /var/log/httpd/*access_log
+ bantime = 172800
+ maxretry = 1
+
+ [apache-noscript]
+
+ port = http,https
+-logpath = /var/log/apache*/*error.log
++logpath = /var/log/httpd/*error_log
+ maxretry = 6
+
+ [apache-overflows]
+
+ port = http,https
+-logpath = /var/log/apache*/*error.log
++logpath = /var/log/httpd/*error_log
+ maxretry = 2
+
+ # Ban attackers that try to use PHP's URL-fopen() functionality
+@@ -291,7 +288,7 @@ maxretry = 2
+ [php-url-fopen]
+
+ port = http,https
+-logpath = /var/www/*/logs/access_log
++logpath = /var/log/httpd/*access_log
+
+ # A simple PHP-fastcgi jail which works with lighttpd.
+ # If you run a lighttpd server, then you probably will
+@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log
+
+ filter = apache-auth
+ action = hostsdeny
+-logpath = /var/log/apache*/*error.log
++logpath = /var/log/httpd/*error_log
+ maxretry = 6
+
+
+@@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log
+ [pure-ftpd]
+
+ port = ftp,ftp-data,ftps,ftps-data
+-logpath = /var/log/auth.log
++logpath = /var/log/secure
+ maxretry = 6
+
+ [vsftpd]
+@@ -355,7 +352,7 @@ maxretry = 6
+ port = ftp,ftp-data,ftps,ftps-data
+ logpath = /var/log/vsftpd.log
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
++# logpath = /var/log/secure
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+
+@@ -384,12 +381,12 @@ maxretry = 6
+ [courier-smtp]
+
+ port = smtp,ssmtp,submission
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+
+ [postfix]
+
+ port = smtp,ssmtp,submission
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+
+ # The hosts.deny path can be defined with the "file" argument if it is
+ # not in /etc.
+@@ -410,7 +407,7 @@ bantime = 300
+ [courier-auth]
+
+ port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+
+
+ [sasl]
+@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i
+ # You might consider monitoring /var/log/mail.warn instead if you are
+ # running postfix since it would provide the same log lines at the
+ # "warn" level but overall at the smaller filesize.
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+
+ [dovecot]
+
+ port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+
+ #
+ # DNS servers
+@@ -519,7 +516,7 @@ maxretry = 5
+ enabled=false
+ filter = sshd
+ action = pf
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+ maxretry=5
+
+ [3proxy]
diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch
index 8799101..af207d5 100644
--- a/fail2ban-notmp.patch
+++ b/fail2ban-notmp.patch
@@ -1,6 +1,6 @@
-diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
---- fail2ban-0.8.10/client/fail2banreader.py.notmp 2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/client/fail2banreader.py 2013-06-12 16:17:43.820837700 -0600
+diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py
+--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600
++++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600
@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
ConfigReader.read(self, "fail2ban")
diff --git a/fail2ban.spec b/fail2ban.spec
index 6d3a0d5..ac087b9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,14 +1,16 @@
Summary: Ban IPs that make too many password failures
Name: fail2ban
-Version: 0.8.10
-Release: 2%{?dist}
+Version: 0.9
+Release: 0.1.gitd529151%{?dist}
License: GPLv2+
Group: System Environment/Daemons
URL: http://fail2ban.sourceforge.net/
-Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0: %{name}-%{version}-d529151.tar.xz
Source1: fail2ban-logrotate
Patch0: fail2ban-0.8.3-init.patch
-Patch1: fail2ban-0.8.7.1-sshd.patch
+# Fix logfile paths in jail.conf
+Patch1: fail2ban-logfiles.patch
Patch6: fail2ban-log2syslog.patch
Patch8: fail2ban-notmp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -21,6 +23,7 @@ Requires: gamin-python
Requires: python-inotify
%if 0%{?fedora} >= 19
BuildRequires: systemd
+Requires: systemd-python
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -41,9 +44,9 @@ and shorewall respectively.
%prep
-%setup -q
+%setup -q -n %{name}-%{version}-d529151
%patch0 -p1 -b .init
-%patch1 -p1 -b .sshd
+%patch1 -p1 -b .logfiles
%patch6 -p1 -b .log2syslog
%patch8 -p1 -b .notmp
@@ -107,7 +110,8 @@ fi
%{_bindir}/fail2ban-server
%{_bindir}/fail2ban-client
%{_bindir}/fail2ban-regex
-%{_datadir}/fail2ban
+%{_bindir}/fail2ban-testcases
+%{python_sitelib}/*
%if 0%{?fedora} >= 19
%{_unitdir}/fail2ban.service
%else
@@ -127,6 +131,11 @@ fi
%dir %{_localstatedir}/lib/fail2ban/
%changelog
+* Thu Aug 8 2013 Orion Poplawski <orion at cora.nwra.com> - 0.9-0.1.gitd529151
+- Update to 0.9 git branch
+- Rebase patches
+- Require systemd-python for journal support
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/sources b/sources
index 72b95f0..df0bbd5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-48327ac0f5938dcc2f82c63728fc8918 fail2ban-0.8.10.tar.gz
+d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz
More information about the scm-commits
mailing list