|
|
808902b |
%if 0%{?rhel} >= 9
|
|
|
808902b |
%bcond_with shorewall
|
|
|
808902b |
%else
|
|
|
808902b |
%bcond_without shorewall
|
|
|
808902b |
%endif
|
|
|
808902b |
|
|
|
ca499bc |
Name: fail2ban
|
|
|
74ee613 |
Version: 1.0.2
|
|
|
f04bf03 |
Release: 12%{?dist}
|
|
|
a61ce58 |
Summary: Daemon to ban hosts that cause multiple authentication errors
|
|
|
a61ce58 |
|
|
|
473ded4 |
License: GPLv2+
|
|
|
ca499bc |
URL: http://fail2ban.sourceforge.net/
|
|
Orion Poplawski |
8f487f6 |
Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
|
|
1c3fb52 |
Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
|
|
|
1c3fb52 |
# Releases are signed by Serg G. Brester (sebres) <info AT sebres.de>. The
|
|
|
1c3fb52 |
# fingerprint can be found in a signature file:
|
|
|
1c3fb52 |
# gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr'
|
|
|
1c3fb52 |
#
|
|
|
1c3fb52 |
# The following commands can be used to fetch the signing key via fingerprint
|
|
|
1c3fb52 |
# and extract it:
|
|
|
1c3fb52 |
# fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
|
|
|
1c3fb52 |
# gpg --receive-keys $fpr
|
|
|
1c3fb52 |
# gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
|
|
|
1c3fb52 |
Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
|
|
|
9c838cd |
# SELinux policy
|
|
|
1c3fb52 |
Source3: fail2ban.fc
|
|
|
1c3fb52 |
Source4: fail2ban.if
|
|
|
1c3fb52 |
Source5: fail2ban.te
|
|
|
1c3fb52 |
Source6: Makefile
|
|
|
74ee613 |
|
|
|
4574d23 |
# Give up being PartOf iptables and ipset for now
|
|
Orion Poplawski |
64d4511 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1379141
|
|
|
4574d23 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1573185
|
|
|
b9fa37f |
Patch0: fail2ban-partof.patch
|
|
|
97585e1 |
# Patch for dovecot jail eating 100% CPU
|
|
|
74ee613 |
#Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
|
|
|
af8f467 |
# Remove warning about allowipv6 from startup
|
|
|
bbf821b |
Patch2: https://github.com/fail2ban/fail2ban/commit/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
|
|
|
4aef760 |
|
|
|
48c7cf6 |
|
|
|
48c7cf6 |
BuildArch: noarch
|
|
|
673cc6f |
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
02a32ff |
BuildRequires: python-devel
|
|
|
1617c7e |
BuildRequires: python-setuptools
|
|
|
9eab35a |
# For testcases
|
|
|
9eab35a |
BuildRequires: python-inotify
|
|
|
9eab35a |
%else
|
|
Orion Poplawski |
3454a20 |
BuildRequires: python3-devel
|
|
|
1617c7e |
BuildRequires: python3-setuptools
|
|
|
06df6da |
BuildRequires: /usr/bin/2to3
|
|
|
d1c947a |
# For testcases
|
|
Orion Poplawski |
3454a20 |
BuildRequires: python3-inotify
|
|
|
9eab35a |
%endif
|
|
|
24c973f |
# using a python3_version-based conditional does not work here, so
|
|
|
24c973f |
# this is a proxy for "Python version greater than 3.12". asyncore
|
|
|
24c973f |
# and asynchat were dropped from cpython core in 3.12, these modules
|
|
|
24c973f |
# make them available again. See:
|
|
|
24c973f |
# https://github.com/fail2ban/fail2ban/issues/3487
|
|
|
24c973f |
# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
|
|
|
24c973f |
%if 0%{?fedora} > 38
|
|
|
24c973f |
BuildRequires: python3-pyasyncore
|
|
|
24c973f |
BuildRequires: python3-pyasynchat
|
|
|
24c973f |
%endif
|
|
|
81c8227 |
BuildRequires: sqlite
|
|
|
6bfd65e |
BuildRequires: systemd
|
|
|
9c838cd |
BuildRequires: selinux-policy-devel
|
|
|
049ce56 |
BuildRequires: make
|
|
|
f04bf03 |
%if 0%{?fedora} >= 41
|
|
|
f04bf03 |
BuildRequires: bash-completion-devel
|
|
|
f04bf03 |
%else
|
|
Paweł Marciniak |
b4bdb39 |
BuildRequires: bash-completion
|
|
|
f04bf03 |
%endif
|
|
|
1c3fb52 |
BuildRequires: gnupg2
|
|
|
48c7cf6 |
|
|
|
cfc0b77 |
# Default components
|
|
|
cfc0b77 |
Requires: %{name}-firewalld = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-sendmail = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
|
|
|
48c7cf6 |
|
|
|
cfc0b77 |
%description
|
|
|
cfc0b77 |
Fail2Ban scans log files and bans IP addresses that makes too many password
|
|
|
cfc0b77 |
failures. It updates firewall rules to reject the IP address. These rules can
|
|
|
cfc0b77 |
be defined by the user. Fail2Ban can read multiple log files such as sshd or
|
|
|
cfc0b77 |
Apache web server ones.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
Fail2Ban is able to reduce the rate of incorrect authentications attempts
|
|
|
cfc0b77 |
however it cannot eliminate the risk that weak authentication presents.
|
|
|
cfc0b77 |
Configure services to use only two factor or public/private authentication
|
|
|
cfc0b77 |
mechanisms if you really want to protect services.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
This is a meta-package that will install the default configuration. Other
|
|
|
cfc0b77 |
sub-packages are available to install support for other actions and
|
|
|
cfc0b77 |
configurations.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
9c838cd |
%package selinux
|
|
|
9c838cd |
Summary: SELinux policies for Fail2Ban
|
|
|
9c838cd |
%{?selinux_requires}
|
|
|
9c838cd |
%global modulename fail2ban
|
|
|
9c838cd |
%global selinuxtype targeted
|
|
|
9c838cd |
|
|
|
9c838cd |
%description selinux
|
|
|
9c838cd |
SELinux policies for Fail2Ban.
|
|
|
9c838cd |
|
|
|
9c838cd |
|
|
|
cfc0b77 |
%package server
|
|
|
cfc0b77 |
Summary: Core server component for Fail2Ban
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
e685f72 |
Requires: systemd-python
|
|
|
f3a4836 |
Requires: ipset
|
|
|
f3a4836 |
Requires: iptables
|
|
|
9eab35a |
%else
|
|
Orion Poplawski |
3454a20 |
Requires: python3-systemd
|
|
|
f3a4836 |
Requires: nftables
|
|
|
9eab35a |
%endif
|
|
|
6bfd65e |
Requires(post): systemd
|
|
|
6bfd65e |
Requires(preun): systemd
|
|
|
6bfd65e |
Requires(postun): systemd
|
|
|
d94388b |
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
|
9c838cd |
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
|
|
d94388b |
%else
|
|
|
d94388b |
Requires: %{name}-selinux
|
|
|
9eab35a |
%endif
|
|
|
24c973f |
# see note above in BuildRequires section
|
|
|
f04bf03 |
%if 0%{?fedora} > 38
|
|
|
24c973f |
Requires: python3-pyasyncore
|
|
|
24c973f |
Requires: python3-pyasynchat
|
|
|
24c973f |
%endif
|
|
|
ca499bc |
|
|
|
cfc0b77 |
%description server
|
|
|
cfc0b77 |
This package contains the core server components for Fail2Ban with minimal
|
|
|
cfc0b77 |
dependencies. You can install this directly if you want to have a small
|
|
|
cfc0b77 |
installation and know what you are doing.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%package all
|
|
|
cfc0b77 |
Summary: Install all Fail2Ban packages and dependencies
|
|
|
cfc0b77 |
Requires: %{name}-firewalld = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-hostsdeny = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-mail = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-sendmail = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
808902b |
%if %{with shorewall}
|
|
|
cfc0b77 |
Requires: %{name}-shorewall = %{version}-%{release}
|
|
|
808902b |
%endif
|
|
|
252f5a2 |
Requires: perl-interpreter
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
Requires: python-inotify
|
|
|
9eab35a |
# No python3 support for gamin so epel only
|
|
|
9eab35a |
Requires: gamin-python
|
|
|
9eab35a |
%else
|
|
|
28225b6 |
Requires: python3-inotify
|
|
|
9eab35a |
%endif
|
|
|
cfc0b77 |
Requires: /usr/bin/whois
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description all
|
|
|
cfc0b77 |
This package installs all of the Fail2Ban packages and dependencies.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%package firewalld
|
|
|
cfc0b77 |
Summary: Firewalld support for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: firewalld
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description firewalld
|
|
|
cfc0b77 |
This package enables support for manipulating firewalld rules. This is the
|
|
|
cfc0b77 |
default firewall service in Fedora.
|
|
|
ca499bc |
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%package hostsdeny
|
|
|
cfc0b77 |
Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: ed
|
|
|
cfc0b77 |
Requires: tcp_wrappers
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description hostsdeny
|
|
|
cfc0b77 |
This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
|
|
|
cfc0b77 |
files.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
Orion Poplawski |
79ae934 |
%package tests
|
|
Orion Poplawski |
79ae934 |
Summary: Fail2Ban testcases
|
|
Orion Poplawski |
79ae934 |
Requires: %{name}-server = %{version}-%{release}
|
|
Orion Poplawski |
79ae934 |
|
|
Orion Poplawski |
79ae934 |
%description tests
|
|
Orion Poplawski |
79ae934 |
This package contains Fail2Ban's testscases and scripts.
|
|
Orion Poplawski |
79ae934 |
|
|
Orion Poplawski |
79ae934 |
|
|
|
cfc0b77 |
%package mail
|
|
|
cfc0b77 |
Summary: Mail actions for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cc4f0a7 |
Requires: /usr/bin/mail
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description mail
|
|
|
cfc0b77 |
This package installs Fail2Ban's mail actions. These are an alternative
|
|
|
cfc0b77 |
to the default sendmail actions.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%package sendmail
|
|
|
cfc0b77 |
Summary: Sendmail actions for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: /usr/sbin/sendmail
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description sendmail
|
|
|
cfc0b77 |
This package installs Fail2Ban's sendmail actions. This is the default
|
|
|
cfc0b77 |
mail actions for Fail2Ban.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
808902b |
%if %{with shorewall}
|
|
|
cfc0b77 |
%package shorewall
|
|
|
cfc0b77 |
Summary: Shorewall support for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
Requires: shorewall
|
|
|
381568b |
Conflicts: %{name}-shorewall-lite
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description shorewall
|
|
Orion Poplawski |
79ae934 |
This package enables support for manipulating shorewall rules.
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
|
|
|
381568b |
%package shorewall-lite
|
|
|
381568b |
Summary: Shorewall lite support for Fail2Ban
|
|
|
381568b |
Requires: %{name}-server = %{version}-%{release}
|
|
|
381568b |
Requires: shorewall-lite
|
|
|
381568b |
Conflicts: %{name}-shorewall
|
|
|
381568b |
|
|
|
381568b |
%description shorewall-lite
|
|
|
381568b |
This package enables support for manipulating shorewall rules.
|
|
|
808902b |
%endif
|
|
|
381568b |
|
|
|
381568b |
|
|
|
cfc0b77 |
%package systemd
|
|
|
cfc0b77 |
Summary: Systemd journal configuration for Fail2Ban
|
|
|
cfc0b77 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%description systemd
|
|
|
cfc0b77 |
This package configures Fail2Ban to use the systemd journal for its log input
|
|
|
cfc0b77 |
by default.
|
|
|
83ab8cd |
|
|
|
83ab8cd |
|
|
|
ca499bc |
%prep
|
|
|
1c3fb52 |
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
|
|
b9fa37f |
%autosetup -p1
|
|
|
24c973f |
# this test uses smtpd which is removed in Python 3.12, rewriting it
|
|
|
24c973f |
# isn't trivial
|
|
|
f04bf03 |
%if 0%{?fedora} > 38
|
|
|
24c973f |
rm -f fail2ban/tests/action_d/test_smtp.py
|
|
|
24c973f |
%endif
|
|
|
fe5d325 |
|
|
Orion Poplawski |
909f713 |
# Use Fedora paths
|
|
Orion Poplawski |
909f713 |
sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
|
|
|
9eab35a |
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
Orion Poplawski |
3454a20 |
2to3 --write --nobackups .
|
|
Orion Poplawski |
491ac33 |
find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
|
|
|
9eab35a |
%endif
|
|
|
fe5d325 |
|
|
|
9c838cd |
# SELinux sources
|
|
|
1c3fb52 |
cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
|
|
|
ca499bc |
|
|
|
3f49a17 |
# 2to3 has been removed from setuptools and we already use the binary in
|
|
|
3f49a17 |
# %%prep.
|
|
|
3f49a17 |
sed -i "/use_2to3/d" setup.py
|
|
|
3f49a17 |
|
|
|
b65dff6 |
|
|
|
ca499bc |
%build
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
%py2_build
|
|
|
9eab35a |
%else
|
|
Orion Poplawski |
3454a20 |
%py3_build
|
|
|
9eab35a |
%endif
|
|
|
1c3fb52 |
make -f %SOURCE6
|
|
|
ca499bc |
|
|
|
74ee613 |
|
|
|
ca499bc |
%install
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
%py2_install
|
|
|
5474631 |
# Make symbolic link relative
|
|
|
9eab35a |
ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
|
|
|
9eab35a |
%else
|
|
|
9eab35a |
%py3_install
|
|
|
5474631 |
ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
|
|
|
9eab35a |
%endif
|
|
|
5474631 |
|
|
|
6bfd65e |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
e4745ad |
cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
|
|
|
8cded81 |
mkdir -p %{buildroot}%{_mandir}/man{1,5}
|
|
|
8cded81 |
install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
|
|
|
8cded81 |
install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
|
|
|
2d07810 |
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
|
Orion Poplawski |
8f487f6 |
install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
|
|
Orion Poplawski |
79ae934 |
install -d -m 0755 %{buildroot}/run/fail2ban/
|
|
Orion Poplawski |
0335adc |
install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
|
|
Axel Thimm |
af90cd2 |
install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
|
|
Orion Poplawski |
7939b81 |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
Orion Poplawski |
7939b81 |
install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
|
|
|
fe5d325 |
|
|
|
cfc0b77 |
# Remove non-Linux actions
|
|
|
cfc0b77 |
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
|
|
|
cfc0b77 |
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
|
|
|
cfc0b77 |
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
|
|
|
fe5d325 |
|
|
|
965cbc4 |
# Remove config files for other distros
|
|
|
965cbc4 |
rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
|
|
|
fe5d325 |
|
|
|
cfc0b77 |
# firewalld configuration
|
|
|
cfc0b77 |
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <
|
|
Orion Poplawski |
5dde66f |
# This file is part of the fail2ban-firewalld package to configure the use of
|
|
Orion Poplawski |
5dde66f |
# the firewalld actions as the default actions. You can remove this package
|
|
Orion Poplawski |
5dde66f |
# (along with the empty fail2ban meta-package) if you do not use firewalld
|
|
|
cfc0b77 |
[DEFAULT]
|
|
|
3f49a17 |
banaction = firewallcmd-rich-rules
|
|
|
3f49a17 |
banaction_allports = firewallcmd-rich-rules
|
|
|
cfc0b77 |
EOF
|
|
|
fe5d325 |
|
|
|
cfc0b77 |
# systemd journal configuration
|
|
|
cfc0b77 |
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <
|
|
Orion Poplawski |
5dde66f |
# This file is part of the fail2ban-systemd package to configure the use of
|
|
Orion Poplawski |
5dde66f |
# the systemd journal as the default backend. You can remove this package
|
|
Orion Poplawski |
5dde66f |
# (along with the empty fail2ban meta-package) if you do not want to use the
|
|
Orion Poplawski |
5dde66f |
# journal backend
|
|
|
cfc0b77 |
[DEFAULT]
|
|
|
cfc0b77 |
backend=systemd
|
|
|
cfc0b77 |
EOF
|
|
|
fe5d325 |
|
|
|
d0f8175 |
# Remove installed doc, use doc macro instead
|
|
|
d0f8175 |
rm -r %{buildroot}%{_docdir}/%{name}
|
|
|
bd068d0 |
|
|
|
9c838cd |
# SELinux
|
|
|
9c838cd |
# install policy modules
|
|
|
9c838cd |
install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
|
|
|
9c838cd |
install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
|
|
|
9c838cd |
|
|
Paweł Marciniak |
b4bdb39 |
#BASH completion
|
|
Paweł Marciniak |
b4bdb39 |
COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion)
|
|
Paweł Marciniak |
b4bdb39 |
%__mkdir_p $COMPLETIONDIR
|
|
Paweł Marciniak |
b4bdb39 |
%__install -p -m 644 files/bash-completion $COMPLETIONDIR/fail2ban
|
|
|
5474631 |
|
|
|
74ee613 |
|
|
Orion Poplawski |
8f487f6 |
%check
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
%python2 bin/fail2ban-testcases --verbosity=2 --no-network
|
|
|
9eab35a |
%else
|
|
|
24c973f |
%if 0%{?fedora} > 38
|
|
|
24c973f |
# testRepairDb does not work with sqlite 3.42.0+
|
|
|
24c973f |
# https://github.com/fail2ban/fail2ban/issues/3586
|
|
|
24c973f |
%python3 bin/fail2ban-testcases --verbosity=2 --no-network -i testRepairDb
|
|
|
24c973f |
%else
|
|
|
5474631 |
%python3 bin/fail2ban-testcases --verbosity=2 --no-network
|
|
|
9eab35a |
%endif
|
|
|
24c973f |
%endif
|
|
|
5474631 |
|
|
|
ca499bc |
|
|
|
9c838cd |
%pre selinux
|
|
|
9c838cd |
%selinux_relabel_pre -s %{selinuxtype}
|
|
|
9c838cd |
|
|
|
9c838cd |
%post selinux
|
|
|
9c838cd |
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
|
|
9c838cd |
|
|
|
9c838cd |
%postun selinux
|
|
|
9c838cd |
if [ $1 -eq 0 ]; then
|
|
|
9c838cd |
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
|
|
9c838cd |
fi
|
|
|
9c838cd |
|
|
|
9c838cd |
%posttrans selinux
|
|
|
9c838cd |
%selinux_relabel_post -s %{selinuxtype}
|
|
|
9c838cd |
|
|
|
cfc0b77 |
%post server
|
|
|
6bfd65e |
%systemd_post fail2ban.service
|
|
|
ca499bc |
|
|
|
cfc0b77 |
%preun server
|
|
|
6bfd65e |
%systemd_preun fail2ban.service
|
|
|
6bfd65e |
|
|
|
cfc0b77 |
%postun server
|
|
|
6bfd65e |
%systemd_postun_with_restart fail2ban.service
|
|
|
fe5d325 |
|
|
|
ca499bc |
|
|
|
d81aba9 |
%files
|
|
|
d81aba9 |
|
|
|
9c838cd |
%files selinux
|
|
|
9c838cd |
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
|
|
9c838cd |
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
|
|
|
9c838cd |
%license COPYING
|
|
|
9c838cd |
|
|
|
cfc0b77 |
%files server
|
|
|
d0f8175 |
%doc README.md TODO ChangeLog COPYING doc/*.txt
|
|
|
959d57f |
%{_bindir}/fail2ban-client
|
|
Orion Poplawski |
eaa8e0f |
%{_bindir}/fail2ban-python
|
|
|
959d57f |
%{_bindir}/fail2ban-regex
|
|
Orion Poplawski |
79ae934 |
%{_bindir}/fail2ban-server
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
%{python2_sitelib}/*
|
|
|
9eab35a |
%exclude %{python2_sitelib}/fail2ban/tests
|
|
|
9eab35a |
%else
|
|
Orion Poplawski |
3454a20 |
%{python3_sitelib}/*
|
|
Orion Poplawski |
79ae934 |
%exclude %{python3_sitelib}/fail2ban/tests
|
|
|
9eab35a |
%endif
|
|
|
6bfd65e |
%{_unitdir}/fail2ban.service
|
|
Paweł Marciniak |
b4bdb39 |
%{_datadir}/bash-completion/
|
|
Orion Poplawski |
79ae934 |
%{_mandir}/man1/fail2ban.1*
|
|
Orion Poplawski |
79ae934 |
%{_mandir}/man1/fail2ban-client.1*
|
|
|
39b3dbc |
%{_mandir}/man1/fail2ban-python.1*
|
|
Orion Poplawski |
79ae934 |
%{_mandir}/man1/fail2ban-regex.1*
|
|
Orion Poplawski |
79ae934 |
%{_mandir}/man1/fail2ban-server.1*
|
|
|
b43bf1b |
%{_mandir}/man5/*.5*
|
|
|
74ee613 |
%config(noreplace) %{_sysconfdir}/fail2ban/
|
|
|
cfc0b77 |
%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
|
|
|
cfc0b77 |
%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
|
|
|
1a4d927 |
%exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
|
|
|
1a4d927 |
%exclude %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
|
|
|
1a4d927 |
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
|
|
|
1a4d927 |
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
|
|
|
cfc0b77 |
%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
|
|
|
cfc0b77 |
%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
|
|
cfc0b77 |
%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
|
|
|
2d07810 |
%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
|
|
Orion Poplawski |
7939b81 |
%{_tmpfilesdir}/fail2ban.conf
|
|
Axel Thimm |
af90cd2 |
%dir %{_localstatedir}/lib/fail2ban/
|
|
Orion Poplawski |
0335adc |
%dir /run/%{name}/
|
|
Orion Poplawski |
3613474 |
%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
|
|
Orion Poplawski |
8f487f6 |
|
|
|
d81aba9 |
%files all
|
|
|
d81aba9 |
|
|
|
cfc0b77 |
%files firewalld
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%files hostsdeny
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
|
|
|
cfc0b77 |
|
|
Orion Poplawski |
79ae934 |
%files tests
|
|
Orion Poplawski |
79ae934 |
%{_bindir}/fail2ban-testcases
|
|
Orion Poplawski |
79ae934 |
%{_mandir}/man1/fail2ban-testcases.1*
|
|
|
9eab35a |
%if 0%{?rhel} && 0%{?rhel} < 8
|
|
|
9eab35a |
%{python2_sitelib}/fail2ban/tests
|
|
|
9eab35a |
%else
|
|
Orion Poplawski |
79ae934 |
%{python3_sitelib}/fail2ban/tests
|
|
|
9eab35a |
%endif
|
|
Orion Poplawski |
79ae934 |
|
|
|
cfc0b77 |
%files mail
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
|
|
|
1a4d927 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail.conf
|
|
|
1a4d927 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
|
|
|
1a4d927 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
|
|
|
1a4d927 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
|
|
|
cfc0b77 |
|
|
|
cfc0b77 |
%files sendmail
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
|
|
|
cfc0b77 |
|
|
|
808902b |
%if %{with shorewall}
|
|
|
cfc0b77 |
%files shorewall
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
|
|
cfc0b77 |
|
|
|
381568b |
%files shorewall-lite
|
|
|
381568b |
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
|
|
808902b |
%endif
|
|
|
381568b |
|
|
|
cfc0b77 |
%files systemd
|
|
|
cfc0b77 |
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
|
|
|
cfc0b77 |
|
|
|
ca499bc |
|
|
|
ca499bc |
%changelog
|
|
|
f04bf03 |
* Thu Feb 22 2024 Orion Poplawski <orion@nwra.com> - 1.0.2-12
|
|
|
f04bf03 |
- Allow watch on more logfiles
|
|
|
f04bf03 |
|
|
|
bdb628d |
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-11
|
|
|
bdb628d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
bdb628d |
|
|
|
eea4f1a |
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-10
|
|
|
eea4f1a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
eea4f1a |
|
|
|
24c973f |
* Wed Sep 27 2023 Adam Williamson <awilliam@redhat.com> - 1.0.2-9
|
|
|
24c973f |
- Require pyasynchat and pyasyncore with Python 3.12+
|
|
|
24c973f |
- Disable smtp tests on F39+ due to removal of smtpd from Python 3.12
|
|
|
24c973f |
- Disable db repair test on F39+ as it's broken with sqlite 3.42.0+
|
|
|
24c973f |
|
|
|
9385a54 |
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-8
|
|
|
9385a54 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
|
|
9385a54 |
|
|
|
808902b |
* Mon Jun 26 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-7
|
|
|
808902b |
- exclude shorewall subpackage on epel9 (rhbz#2217649)
|
|
|
808902b |
|
|
|
aeb9ac0 |
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.0.2-6
|
|
|
aeb9ac0 |
- Rebuilt for Python 3.12
|
|
|
aeb9ac0 |
|
|
|
1cb769f |
* Tue Apr 04 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-5
|
|
|
1cb769f |
- Drop downstream python3.11 patch, upstream went with a different fix
|
|
|
1cb769f |
|
|
|
1c3fb52 |
* Sun Apr 02 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-4
|
|
|
1c3fb52 |
- verify upstream source signature
|
|
|
1c3fb52 |
|
|
|
af8f467 |
* Thu Mar 30 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-3
|
|
|
af8f467 |
- Add upstream patch to remove warning about allowipv6 (bz#2160781)
|
|
|
af8f467 |
|
|
|
5388f7c |
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
|
|
|
5388f7c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
|
5388f7c |
|
|
|
74ee613 |
* Sat Dec 17 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.2-1
|
|
|
74ee613 |
- Update to 1.0.2.
|
|
|
74ee613 |
|
|
|
97585e1 |
* Wed Nov 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-2
|
|
|
97585e1 |
- Add patch for dovecot eating 100% CPU.
|
|
|
97585e1 |
|
|
|
c29152a |
* Sun Oct 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-1
|
|
|
c29152a |
- Update to 1.0.1.
|
|
|
c29152a |
|
|
|
872dd66 |
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-14
|
|
|
872dd66 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
|
872dd66 |
|
|
|
3673f99 |
* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 0.11.2-13
|
|
|
3673f99 |
- Rebuilt for Python 3.11
|
|
|
3673f99 |
|
|
|
ec52ec2 |
* Wed May 18 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-12
|
|
|
ec52ec2 |
- Fix SELinux policy to allow watch on var_log_t (bz#2083923)
|
|
|
ec52ec2 |
|
|
|
cc4f0a7 |
* Fri Jan 28 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-11
|
|
|
cc4f0a7 |
- Require /usr/bin/mail instead of mailx
|
|
|
cc4f0a7 |
|
|
|
796f2eb |
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-10
|
|
|
796f2eb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
|
796f2eb |
|
|
|
8860a08 |
* Sun Sep 26 2021 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.11.2-9
|
|
|
8860a08 |
- Fix CVE-2021-32749 RHBZ#1983223
|
|
|
8860a08 |
|
|
|
e9472c9 |
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-8
|
|
|
e9472c9 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
|
e9472c9 |
|
|
|
27db463 |
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 0.11.2-7
|
|
|
27db463 |
- Rebuilt for Python 3.10
|
|
|
27db463 |
|
|
|
8bdb66c |
* Sun Jun 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-6
|
|
|
6dbaddc |
- Update selinux policy for Fedora 34+
|
|
|
6dbaddc |
|
|
|
d44049e |
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.11.2-5
|
|
|
d44049e |
- Rebuilt for Python 3.10
|
|
|
d44049e |
|
|
|
247ec56 |
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.11.2-4
|
|
|
247ec56 |
- Rebuilt for updated systemd-rpm-macros
|
|
|
247ec56 |
See https://pagure.io/fesco/issue/2583.
|
|
|
247ec56 |
|
|
|
884fa78 |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-3
|
|
|
884fa78 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
884fa78 |
|
|
|
029795b |
* Wed Jan 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-2
|
|
|
029795b |
- Add patch to deal with a new century in tests (2021).
|
|
|
029795b |
|
|
|
f3a4836 |
* Tue Nov 24 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-1
|
|
|
f3a4836 |
- Update to 0.11.2.
|
|
|
f3a4836 |
|
|
|
381568b |
* Fri Aug 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-10.2
|
|
|
381568b |
- Create shorewall-lite subpackage package which conflicts with shorewall
|
|
|
381568b |
subpackage. Fixes RHBZ#1872759.
|
|
|
381568b |
|
|
|
e685f72 |
* Tue Jul 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9.2
|
|
|
7b1980d |
- Fix python2 requires for EPEL 7.
|
|
|
7b1980d |
|
|
|
74b2606 |
* Mon Jul 27 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9
|
|
|
74b2606 |
- Add conditonals back for EL 7 as it's being brought up to date.
|
|
|
74b2606 |
- Add patch to deal with nftables not accepting ":" as a port separator.
|
|
|
74b2606 |
|
|
|
20fc6d3 |
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-8
|
|
|
20fc6d3 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
20fc6d3 |
|
|
|
75dff9a |
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.11.1-7
|
|
|
75dff9a |
- Rebuilt for Python 3.9
|
|
|
75dff9a |
|
|
|
fe5d325 |
* Thu Apr 16 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-6
|
|
|
fe5d325 |
- Change default firewalld backend from ipset to rich-rules as ipset causes
|
|
|
fe5d325 |
firewalld to use legacy iptables. Fixes RHBZ#1823746.
|
|
|
fe5d325 |
- Remove conditionals for EL versions less than 7.
|
|
|
fe5d325 |
|
|
|
a61ce58 |
* Thu Mar 19 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-5
|
|
|
a61ce58 |
- Update for Python 3.9.
|
|
|
a61ce58 |
|
|
|
9c838cd |
* Wed Feb 26 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-4
|
|
|
9c838cd |
- Add SELinux policy
|
|
|
9c838cd |
|
|
|
143f9af |
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-3
|
|
|
143f9af |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
143f9af |
|
|
|
1a4d927 |
* Tue Jan 21 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-2
|
|
|
1a4d927 |
- Move action.d/mail-whois-common.conf into fail2ban-server
|
|
|
1a4d927 |
|
|
|
55f6b78 |
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-1
|
|
|
55f6b78 |
- Update to 0.11.1
|
|
|
55f6b78 |
|
|
|
0a5bad9 |
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.10.5-1
|
|
|
0a5bad9 |
- Update to 0.10.5
|
|
|
0a5bad9 |
|
|
|
b9fa37f |
* Thu Nov 21 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-8
|
|
|
b9fa37f |
- Define banaction_allports for firewalld, update banaction (bz#1775175)
|
|
|
b9fa37f |
- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
|
|
|
b9fa37f |
|
|
|
965cbc4 |
* Thu Oct 31 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-7
|
|
|
965cbc4 |
- Remove config files for other distros (bz#1533113)
|
|
|
965cbc4 |
|
|
|
9d196c3 |
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-6
|
|
|
9d196c3 |
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
|
|
9d196c3 |
|
|
|
be63f23 |
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-5
|
|
|
be63f23 |
- Rebuilt for Python 3.8
|
|
|
be63f23 |
|
|
|
63ce4a2 |
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-4
|
|
|
63ce4a2 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
63ce4a2 |
|
|
|
49fc7cb |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-3
|
|
|
49fc7cb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
49fc7cb |
|
|
|
0891a34 |
* Sun Nov 18 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.10.4-2
|
|
|
0891a34 |
- Drop explicit locale setting
|
|
|
0891a34 |
See https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot
|
|
|
0891a34 |
|
|
|
d502fde |
* Fri Oct 5 2018 Orion Poplawski <orion@nwra.com> - 0.10.4-1
|
|
|
d502fde |
- Update to 0.10.4
|
|
|
d502fde |
|
|
|
a4e6419 |
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.3.1-3
|
|
|
a4e6419 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
a4e6419 |
|
|
|
4574d23 |
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-2
|
|
|
4574d23 |
- Remove PartOf ipset.service (bug #1573185)
|
|
|
4574d23 |
|
|
|
39b3dbc |
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-1
|
|
|
39b3dbc |
- Update to 0.10.3.1
|
|
|
39b3dbc |
|
|
|
5b28d6f |
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.10.2-2
|
|
|
5b28d6f |
- Rebuilt for Python 3.7
|
|
|
5b28d6f |
|
|
|
81c8227 |
* Wed Mar 28 2018 Orion Poplawski <orion@nwra.com> - 0.10.2-1
|
|
|
81c8227 |
- Update to 0.10.2
|
|
|
81c8227 |
|
|
|
baa8815 |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.1-4
|
|
|
baa8815 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
baa8815 |
|
|
Orion Poplawski |
2059728 |
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-3
|
|
Orion Poplawski |
2059728 |
- Add upstream patch to fix ipset issue (bug #1525134)
|
|
Orion Poplawski |
2059728 |
|
|
Orion Poplawski |
d6aa896 |
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-2
|
|
Orion Poplawski |
d6aa896 |
- Add upstream patch to fix buildroot issue
|
|
Orion Poplawski |
d6aa896 |
|
|
|
a439a4f |
* Tue Nov 14 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.1-1
|
|
|
a439a4f |
- Update to 0.10.1
|
|
|
a439a4f |
|
|
Orion Poplawski |
87fc83e |
* Wed Sep 20 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.0-1
|
|
Orion Poplawski |
87fc83e |
- Update to 0.10.0
|
|
Orion Poplawski |
87fc83e |
|
|
|
06df6da |
* Wed Aug 16 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-4
|
|
|
06df6da |
- Use BR /usr/bin/2to3
|
|
|
06df6da |
|
|
|
72f0087 |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.7-3
|
|
|
72f0087 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
72f0087 |
|
|
|
252f5a2 |
* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.9.7-2
|
|
|
252f5a2 |
- perl dependency renamed to perl-interpreter
|
|
|
252f5a2 |
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
|
|
|
252f5a2 |
|
|
Orion Poplawski |
af59184 |
* Wed Jul 12 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-1
|
|
Orion Poplawski |
af59184 |
- Update to 0.9.7
|
|
Orion Poplawski |
af59184 |
|
|
Orion Poplawski |
0335adc |
* Wed Feb 15 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-4
|
|
Orion Poplawski |
0335adc |
- Properly handle /run/fail2ban (bug #1422500)
|
|
Orion Poplawski |
0335adc |
|
|
|
3929195 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-3
|
|
|
3929195 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
3929195 |
|
|
Orion Poplawski |
4d17e58 |
* Tue Jan 10 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-2
|
|
Orion Poplawski |
4d17e58 |
- Add upstream patch to fix fail2ban-regex with journal
|
|
Orion Poplawski |
4d17e58 |
|
|
Orion Poplawski |
eaa8e0f |
* Fri Jan 6 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-1
|
|
Orion Poplawski |
eaa8e0f |
- Update to 0.9.6
|
|
Orion Poplawski |
eaa8e0f |
- Fix sendmail-auth filter (bug #1329919)
|
|
Orion Poplawski |
eaa8e0f |
|
|
|
61410ac |
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 0.9.5-5
|
|
|
61410ac |
- Rebuild for Python 3.6
|
|
|
61410ac |
|
|
Orion Poplawski |
79ae934 |
* Fri Oct 7 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-4
|
|
Orion Poplawski |
79ae934 |
- %%ghost /run/fail2ban
|
|
Orion Poplawski |
79ae934 |
- Fix typo in shorewall description
|
|
Orion Poplawski |
79ae934 |
- Move tests to -tests sub-package
|
|
Orion Poplawski |
79ae934 |
|
|
Orion Poplawski |
7dfd4e4 |
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-3
|
|
Orion Poplawski |
7dfd4e4 |
- Add journalmatch entries for sendmail (bug #1329919)
|
|
Orion Poplawski |
7dfd4e4 |
|
|
Orion Poplawski |
64d4511 |
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-2
|
|
Orion Poplawski |
64d4511 |
- Give up being PartOf iptables to allow firewalld restarts to work
|
|
Orion Poplawski |
64d4511 |
(bug #1379141)
|
|
Orion Poplawski |
64d4511 |
|
|
Orion Poplawski |
c12a4ed |
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
|
|
Orion Poplawski |
c12a4ed |
- Add patch to fix failing test
|
|
Orion Poplawski |
c12a4ed |
|
|
Orion Poplawski |
f918a87 |
* Sun Sep 25 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
|
|
Orion Poplawski |
f918a87 |
- Update to 0.9.5
|
|
Orion Poplawski |
f918a87 |
- Drop mysql patch applied upstream
|
|
Orion Poplawski |
f918a87 |
|
|
|
314a776 |
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-6
|
|
|
314a776 |
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
|
|
314a776 |
|
|
Orion Poplawski |
491ac33 |
* Tue Apr 5 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-5
|
|
Orion Poplawski |
491ac33 |
- Fix python3 usage (bug #1324113)
|
|
Orion Poplawski |
491ac33 |
|
|
Orion Poplawski |
7939b81 |
* Sun Mar 27 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-4
|
|
Orion Poplawski |
7939b81 |
- Use %%{_tmpfilesdir} for systemd tmpfile config
|
|
Orion Poplawski |
7939b81 |
|
|
Orion Poplawski |
4918cc1 |
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-3
|
|
Orion Poplawski |
4918cc1 |
- No longer need to add After=firewalld.service (bug #1301910)
|
|
Orion Poplawski |
4918cc1 |
|
|
Orion Poplawski |
5fb4dae |
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-2
|
|
Orion Poplawski |
5fb4dae |
- Fix mariadb/mysql log handling
|
|
Orion Poplawski |
5fb4dae |
|
|
Orion Poplawski |
b818fb6 |
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-1
|
|
Orion Poplawski |
b818fb6 |
- Update to 0.9.4
|
|
Orion Poplawski |
b818fb6 |
- Use mariadb log path by default
|
|
Orion Poplawski |
b818fb6 |
|
|
Orion Poplawski |
3454a20 |
* Tue Feb 23 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-3
|
|
Orion Poplawski |
3454a20 |
- Use python3 (bug #1282498)
|
|
Orion Poplawski |
3454a20 |
|
|
|
ed8043c |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2
|
|
|
ed8043c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
ed8043c |
|
|
Orion Poplawski |
1896da9 |
* Sat Sep 12 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-1
|
|
Orion Poplawski |
1896da9 |
- Update to 0.9.3
|
|
Orion Poplawski |
1896da9 |
- Cleanup spec, use new python macros
|
|
Orion Poplawski |
1896da9 |
|
|
|
eb19baa |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.2-2
|
|
|
eb19baa |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
eb19baa |
|
|
Orion Poplawski |
863772f |
* Thu Apr 30 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.2-1
|
|
Orion Poplawski |
863772f |
- Update to 0.9.2
|
|
Orion Poplawski |
863772f |
|
|
Orion Poplawski |
55a0d27 |
* Mon Mar 16 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-4
|
|
Orion Poplawski |
55a0d27 |
- Do not load user paths for fail2ban-{client,server} (bug #1202151)
|
|
Orion Poplawski |
55a0d27 |
|
|
Orion Poplawski |
4fa088d |
* Sun Feb 22 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-3
|
|
Orion Poplawski |
4fa088d |
- Do not use systemd by default
|
|
Orion Poplawski |
4fa088d |
|
|
Orion Poplawski |
bb04400 |
* Fri Nov 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-2
|
|
Orion Poplawski |
bb04400 |
- Fix php-url-fopen logpath (bug #1169026)
|
|
Orion Poplawski |
bb04400 |
|
|
Orion Poplawski |
bc2d2aa |
* Tue Oct 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-1
|
|
Orion Poplawski |
bc2d2aa |
- Update to 0.9.1
|
|
Orion Poplawski |
bc2d2aa |
|
|
Orion Poplawski |
8cebd78 |
* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
|
|
Orion Poplawski |
8cebd78 |
- Add patch to fix tests
|
|
Orion Poplawski |
8cebd78 |
|
|
Orion Poplawski |
5d9a81c |
* Fri Aug 8 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
|
|
Orion Poplawski |
5d9a81c |
- Fix log paths for some jails (bug #1128152)
|
|
Orion Poplawski |
5d9a81c |
|
|
Orion Poplawski |
ac04ee1 |
* Mon Jul 21 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-7
|
|
Orion Poplawski |
ac04ee1 |
- Use systemd for EL7
|
|
Orion Poplawski |
ac04ee1 |
|
|
|
5e4615a |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-6
|
|
|
5e4615a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
5e4615a |
|
|
|
ed39c40 |
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-5
|
|
Orion Poplawski |
96df1d5 |
- Require mailx for /usr/bin/mail
|
|
|
ed39c40 |
|
|
|
d81aba9 |
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-4
|
|
|
d81aba9 |
- Need empty %%files to produce main and -all package
|
|
|
d81aba9 |
|
|
|
cfc0b77 |
* Wed Mar 19 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-3
|
|
|
cfc0b77 |
- Split into sub-packages for different components
|
|
|
cfc0b77 |
- Enable journal filter by default (bug #985567)
|
|
|
cfc0b77 |
- Enable firewalld action by default (bug #1046816)
|
|
|
673cc6f |
- Add upstream patch to fix setting loglevel in fail2ban.conf
|
|
|
673cc6f |
- Add upstream patches to fix tests in mock, run tests
|
|
|
cfc0b77 |
|
|
Orion Poplawski |
909f713 |
* Tue Mar 18 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-2
|
|
Orion Poplawski |
909f713 |
- Use Fedora paths
|
|
Orion Poplawski |
909f713 |
- Start after firewalld (bug #1067147)
|
|
Orion Poplawski |
909f713 |
|
|
Orion Poplawski |
8f487f6 |
* Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
|
|
Orion Poplawski |
8f487f6 |
- Update to 0.9
|
|
Orion Poplawski |
8f487f6 |
|
|
|
a1783e1 |
* Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
|
|
|
a1783e1 |
- Update to current 0.9 git branch
|
|
|
a1783e1 |
- Rebase init patch, drop jail.d and notmp patch applied upstream
|
|
|
a1783e1 |
|
|
|
8cded81 |
* Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151
|
|
|
8cded81 |
- Ship jail.conf(5) man page
|
|
|
b43bf1b |
- Ship empty /etc/fail2ban/jail.d directory
|
|
|
8cded81 |
|
|
Orion Poplawski |
b5e668e |
* Thu Aug 8 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.1.gitd529151
|
|
Orion Poplawski |
b5e668e |
- Update to 0.9 git branch
|
|
Orion Poplawski |
b5e668e |
- Rebase patches
|
|
Orion Poplawski |
b5e668e |
- Require systemd-python for journal support
|
|
Orion Poplawski |
b5e668e |
|
|
|
29c113e |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.10-2
|
|
|
29c113e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
29c113e |
|
|
|
d0f8175 |
* Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-1
|
|
|
d0f8175 |
- Update to 0.8.10 security release
|
|
|
d0f8175 |
- Use upstream provided systemd files
|
|
|
d0f8175 |
- Drop upstreamed patches, rebase log2syslog and notmp patches
|
|
|
d0f8175 |
|
|
|
6bfd65e |
* Fri Mar 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-4
|
|
|
6bfd65e |
- Use systemd init for Fedora 19+ (bug #883158)
|
|
|
6bfd65e |
|
|
|
83ab8cd |
* Thu Feb 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-3
|
|
|
83ab8cd |
- Add patch from upstream to fix module imports (Bug #892365)
|
|
|
83ab8cd |
- Add patch from upstream to UTF-8 characters in syslog (Bug #905097)
|
|
|
680209b |
- Drop Requires: tcp_wrappers and shorewall (Bug #781341)
|
|
|
83ab8cd |
|
|
|
260f069 |
* Fri Jan 18 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-2
|
|
|
260f069 |
- Add patch to prevent sshd blocks of successful logins for systems that use
|
|
|
260f069 |
sssd or ldap
|
|
|
260f069 |
|
|
|
9bcdcc2 |
* Mon Dec 17 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-1
|
|
|
9bcdcc2 |
- Update to 0.8.8 (CVE-2012-5642 Bug #887914)
|
|
|
9bcdcc2 |
|
|
|
6ebbe08 |
* Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
|
|
|
6ebbe08 |
- Update to 0.8.7.1
|
|
|
6ebbe08 |
- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
|
|
|
6ebbe08 |
- Rebase sshd and notmp patches
|
|
|
6ebbe08 |
- Use _initddir macro
|
|
|
6ebbe08 |
|
|
|
358d708 |
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
|
|
|
358d708 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
358d708 |
|
|
|
744512b |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
|
|
|
744512b |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
744512b |
|
|
Axel Thimm |
af90cd2 |
* Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
|
|
Axel Thimm |
af90cd2 |
- Move tmp files to /var/lib (suggested by Phil Anderson).
|
|
Axel Thimm |
af90cd2 |
- Enable inotify support (by Jonathan Underwood).
|
|
Axel Thimm |
af90cd2 |
- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
|
|
|
f7225b0 |
|
|
|
91ef859 |
* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
|
|
|
91ef859 |
- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
|
|
|
91ef859 |
cloexec another fd leak.
|
|
|
91ef859 |
|
|
|
4ab5ea7 |
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
|
|
|
4ab5ea7 |
- update to 0.8.4.
|
|
|
4ab5ea7 |
|
|
|
1a350e8 |
* Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
|
|
|
1a350e8 |
- Update to a newer svn snapshot to fix python 2.6 issue.
|
|
|
1a350e8 |
|
|
|
41c8d5a |
* Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
|
|
|
41c8d5a |
- Log to syslog (RH bug #491983). Also deals with RH bug #515116.
|
|
|
41c8d5a |
- Check inodes of log files (RH bug #503852).
|
|
|
36b030b |
|
|
|
08b9eed |
* Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
|
|
|
08b9eed |
- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
|
|
|
08b9eed |
|
|
|
508c8e4 |
* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
|
|
|
508c8e4 |
- Rebuild for Python 2.6
|
|
|
508c8e4 |
|
|
|
8bfc6bb |
* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
|
|
|
8bfc6bb |
- Update to 0.8.3.
|
|
|
8bfc6bb |
|
|
|
473ded4 |
* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
|
|
|
473ded4 |
- fix license tag
|
|
|
473ded4 |
|
|
|
7069b0f |
* Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
|
|
|
7069b0f |
- Close on exec fixes by Jonathan Underwood.
|
|
|
7069b0f |
|
|
|
bd068d0 |
* Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
|
|
|
bd068d0 |
- Add %%{_localstatedir}/run/fail2ban (David Rees).
|
|
|
bd068d0 |
|
|
|
bed4e7c |
* Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
|
|
|
bed4e7c |
- Update to 0.8.2.
|
|
|
bed4e7c |
|
|
|
129a6fe |
* Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
|
|
|
129a6fe |
- Move socket file from /tmp to /var/run to prevent SElinux from stopping
|
|
|
129a6fe |
fail2ban from starting (BZ #429281)
|
|
|
129a6fe |
- Change logic in init file to start with -x to remove the socket file in case
|
|
|
129a6fe |
of unclean shutdown
|
|
|
129a6fe |
|
|
|
25ce90b |
* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
|
|
|
25ce90b |
- Update to 0.8.1.
|
|
|
25ce90b |
- Remove patch fixing CVE-2007-4321 (upstream).
|
|
|
25ce90b |
- Remove AllowUsers patch (upstream).
|
|
|
25ce90b |
- Add dependency to gamin-python.
|
|
|
25ce90b |
|
|
|
372f288 |
* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
|
|
|
372f288 |
- Fix remote log injection (no CVE assignment yet).
|
|
|
372f288 |
|
|
|
8c6d2a1 |
* Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
|
|
|
8c6d2a1 |
- Also trigger on non-AllowUsers failures (Jonathan Underwood
|
|
|
8c6d2a1 |
<jonathan.underwood@gmail.com>).
|
|
|
8c6d2a1 |
|
|
|
ea3c694 |
* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
|
|
|
ea3c694 |
- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
|
|
|
2d07810 |
- send mail to root; logrotate (Jonathan Underwood
|
|
|
2d07810 |
<jonathan.underwood@gmail.com>)
|
|
|
2d07810 |
|
|
|
959d57f |
* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
|
|
|
959d57f |
- Update to 0.8.0.
|
|
|
959d57f |
- enable ssh by default, fix log file for ssh scanning, adjust python
|
|
|
959d57f |
dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
|
|
|
959d57f |
|
|
|
ca499bc |
* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
|
|
|
ca499bc |
- Remove forgotten condrestart.
|
|
|
ca499bc |
|
|
|
ca499bc |
* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
|
|
|
ca499bc |
- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
|
|
|
ca499bc |
- Don't default chkconfig to enabled.
|
|
|
ca499bc |
- Add dependencies on service/chkconfig.
|
|
|
ca499bc |
- Use example iptables/ssh config as default config.
|
|
|
ca499bc |
|
|
|
ca499bc |
* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
|
|
|
ca499bc |
- Initial build.
|