|
 |
8c6d2a1 |
# Not defined in Fedora's buildsystem
|
|
|
959d57f |
%global _initdir %{_sysconfdir}/rc.d/init.d
|
|
|
959d57f |
|
|
|
ca499bc |
Summary: Ban IPs that make too many password failures
|
|
|
ca499bc |
Name: fail2ban
|
|
|
25ce90b |
Version: 0.8.1
|
|
|
25ce90b |
Release: 10%{?dist}
|
|
|
ca499bc |
License: GPL
|
|
|
ca499bc |
Group: System Environment/Daemons
|
|
|
ca499bc |
URL: http://fail2ban.sourceforge.net/
|
|
|
ca499bc |
Source0: http://prdownloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
|
|
|
2d07810 |
Source1: fail2ban-logrotate
|
|
|
959d57f |
Patch0: fail2ban-0.8.0-init.patch
|
|
|
25ce90b |
Patch1: fail2ban-0.8.1-sshd.patch
|
|
|
ca499bc |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
959d57f |
BuildRequires: python-devel >= 2.4
|
|
|
ca499bc |
BuildArch: noarch
|
|
|
25ce90b |
Requires: iptables, tcp_wrappers, shorewall, gamin-python
|
|
|
ca499bc |
Requires(post): /sbin/chkconfig
|
|
|
ca499bc |
Requires(preun): /sbin/chkconfig
|
|
|
ca499bc |
Requires(preun): /sbin/service
|
|
|
ca499bc |
|
|
|
ca499bc |
%description
|
|
|
ca499bc |
Fail2ban scans log files like /var/log/pwdfail or
|
|
|
ca499bc |
/var/log/apache/error_log and bans IP that makes too many password
|
|
|
ca499bc |
failures. It updates firewall rules to reject the IP address.
|
|
|
ca499bc |
|
|
|
ca499bc |
%prep
|
|
|
ca499bc |
%setup -q
|
|
|
ca499bc |
%patch0 -p1 -b .init
|
|
|
959d57f |
%patch1 -p1 -b .sshd
|
|
|
ca499bc |
|
|
|
ca499bc |
%build
|
|
|
ca499bc |
python setup.py build
|
|
|
ca499bc |
|
|
|
ca499bc |
%install
|
|
|
ca499bc |
rm -rf %{buildroot}
|
|
|
ca499bc |
python setup.py install -O1 --root %{buildroot}
|
|
|
959d57f |
mkdir -p %{buildroot}%{_initdir}
|
|
|
959d57f |
install -p -m 755 files/redhat-initd %{buildroot}%{_initdir}/fail2ban
|
|
|
959d57f |
mkdir -p %{buildroot}%{_mandir}/man1
|
|
|
959d57f |
install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1
|
|
|
2d07810 |
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
|
|
2d07810 |
install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
|
|
|
ca499bc |
%clean
|
|
|
ca499bc |
rm -rf %{buildroot}
|
|
|
ca499bc |
|
|
|
ca499bc |
%post
|
|
|
ca499bc |
/sbin/chkconfig --add %{name}
|
|
|
ca499bc |
|
|
|
ca499bc |
%preun
|
|
|
ca499bc |
if [ $1 = 0 ]; then
|
|
|
ca499bc |
/sbin/service %{name} stop > /dev/null 2>&1
|
|
|
ca499bc |
/sbin/chkconfig --del %{name}
|
|
|
ca499bc |
fi
|
|
|
ca499bc |
|
|
|
ca499bc |
%files
|
|
|
ca499bc |
%defattr(-,root,root,-)
|
|
|
959d57f |
%doc README TODO CHANGELOG COPYING
|
|
|
959d57f |
#doc config/fail2ban.conf*
|
|
|
959d57f |
%{_bindir}/fail2ban-server
|
|
|
959d57f |
%{_bindir}/fail2ban-client
|
|
|
959d57f |
%{_bindir}/fail2ban-regex
|
|
|
ca499bc |
%{_datadir}/fail2ban
|
|
|
959d57f |
%{_initdir}/fail2ban
|
|
|
959d57f |
%{_mandir}/man1/fail2ban-*.1*
|
|
|
959d57f |
%dir %{_sysconfdir}/fail2ban
|
|
|
959d57f |
%dir %{_sysconfdir}/fail2ban/action.d
|
|
|
959d57f |
%dir %{_sysconfdir}/fail2ban/filter.d
|
|
|
959d57f |
%config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
|
|
|
959d57f |
%config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
|
|
|
959d57f |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
|
|
|
959d57f |
%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
|
|
|
2d07810 |
%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
|
|
|
ca499bc |
|
|
|
ca499bc |
%changelog
|
|
|
25ce90b |
* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
|
|
|
25ce90b |
- Update to 0.8.1.
|
|
|
25ce90b |
- Remove patch fixing CVE-2007-4321 (upstream).
|
|
|
25ce90b |
- Remove AllowUsers patch (upstream).
|
|
|
25ce90b |
- Add dependency to gamin-python.
|
|
|
25ce90b |
|
|
|
372f288 |
* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
|
|
|
372f288 |
- Fix remote log injection (no CVE assignment yet).
|
|
|
372f288 |
|
|
|
8c6d2a1 |
* Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
|
|
|
8c6d2a1 |
- Also trigger on non-AllowUsers failures (Jonathan Underwood
|
|
|
8c6d2a1 |
<jonathan.underwood@gmail.com>).
|
|
|
8c6d2a1 |
|
|
|
ea3c694 |
* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
|
|
|
ea3c694 |
- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
|
|
|
2d07810 |
- send mail to root; logrotate (Jonathan Underwood
|
|
|
2d07810 |
<jonathan.underwood@gmail.com>)
|
|
|
2d07810 |
|
|
|
959d57f |
* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
|
|
|
959d57f |
- Update to 0.8.0.
|
|
|
959d57f |
- enable ssh by default, fix log file for ssh scanning, adjust python
|
|
|
959d57f |
dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
|
|
|
959d57f |
|
|
|
ca499bc |
* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
|
|
|
ca499bc |
- Remove forgotten condrestart.
|
|
|
ca499bc |
|
|
|
ca499bc |
* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
|
|
|
ca499bc |
- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
|
|
|
ca499bc |
- Don't default chkconfig to enabled.
|
|
|
ca499bc |
- Add dependencies on service/chkconfig.
|
|
|
ca499bc |
- Use example iptables/ssh config as default config.
|
|
|
ca499bc |
|
|
|
ca499bc |
* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
|
|
|
ca499bc |
- Initial build.
|