[fail2ban] Fix log paths for some jails (bug #1128152)

Fri Aug 8 19:55:01 UTC 2014

commit 5d9a81c73977b3b06bd79f0fd6b5defec0c88ecc
Author: Orion Poplawski <orion at cora.nwra.com>
Date:   Fri Aug 8 13:55:00 2014 -0600

    Fix log paths for some jails (bug #1128152)

 fail2ban-logpath.patch |   53 ++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec          |   10 ++++++++-
 2 files changed, 62 insertions(+), 1 deletions(-)
---

diff --git a/fail2ban-logpath.patch b/fail2ban-logpath.patch
new file mode 100644
index 0000000..8de38a0
--- /dev/null
+++ b/fail2ban-logpath.patch
@@ -0,0 +1,53 @@
+diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
+--- fail2ban-0.9/config/jail.conf.logpath	2014-08-08 13:29:40.101582649 -0600
++++ fail2ban-0.9/config/jail.conf	2014-08-08 13:33:56.376307236 -0600
+@@ -370,7 +370,7 @@ logpath  = /var/log/tomcat*/catalina.out
+ [webmin-auth]
+ 
+ port    = 10000
+-logpath = /var/log/auth.log
++logpath = %(syslog_authpriv)s
+ 
+ 
+ #
+@@ -423,7 +423,7 @@ maxretry = 6
+ 
+ [vsftpd]
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
++# logpath = %(syslog_authpriv)s
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+ port     = ftp,ftp-data,ftps,ftps-data
+@@ -533,7 +533,7 @@ logpath  = %(postfix_log)s
+ [perdition]
+ 
+ port   = imap3,imaps,pop3,pop3s
+-logpath = /var/log/maillog
++logpath = %(syslog_mail)s
+ 
+ 
+ [squirrelmail]
+@@ -657,13 +657,13 @@ maxretry = 5
+ [pam-generic]
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath  = /var/log/auth.log
++logpath  = %(syslog_authpriv)s
+ 
+ 
+ [xinetd-fail]
+ 
+ banaction = iptables-multiport-log
+-logpath   = /var/log/daemon.log
++logpath   = %(syslog_daemon)s
+ maxretry  = 2
+ 
+ 
+@@ -693,5 +693,5 @@ action  = %(banaction)s[name=%(__name__)
+ [nagios]
+ 
+ enabled  = false
+-logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
++logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+ maxretry = 1
diff --git a/fail2ban.spec b/fail2ban.spec
index 37b3d73..2f5c67e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -14,6 +14,10 @@ Patch1: fail2ban-tests-nonet.patch
 # Upstream patch to skip syslog tests without /dev/log
 # https://github.com/fail2ban/fail2ban/issues/110
 Patch2: fail2ban-tests-syslog.patch
+# Fix logpaths to use syslog macros
+# https://bugzilla.redhat.com/show_bug.cgi?id=1128152
+# https://github.com/fail2ban/fail2ban/pull/780
+Patch3: fail2ban-logpath.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -148,6 +152,7 @@ by default.
 %patch0 -p1 -b .loglevel
 %patch1 -p1 -b .tests-nonet
 %patch2 -p1 -b .tests-syslog
+%patch3 -p1 -b .logpath
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -274,6 +279,9 @@ fi
 
 
 %changelog
+* Fri Aug 8 2014 Orion Poplawski <orion at cora.nwra.com> - 0.9-8
+- Fix log paths for some jails (bug #1128152)
+
 * Mon Jul 21 2014 Orion Poplawski <orion at cora.nwra.com> - 0.9-7
 - Use systemd for EL7
 
