diff --git a/.gitignore b/.gitignore index ebbd8d0..f421bcf 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban_0.8.8.orig.tar.gz /fail2ban-0.8.10.tar.gz /fail2ban-0.9-d529151.tar.xz +/fail2ban-0.9-1f1a561.tar.xz diff --git a/fail2ban-0.8.3-init.patch b/fail2ban-0.8.3-init.patch deleted file mode 100644 index 3ed8609..0000000 --- a/fail2ban-0.8.3-init.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- fail2ban-0.8.3/files/redhat-initd.init 2008-03-10 23:36:22.000000000 +0100 -+++ fail2ban-0.8.3/files/redhat-initd 2008-08-24 20:46:01.000000000 +0200 -@@ -1,6 +1,6 @@ - #!/bin/bash - # --# chkconfig: 345 92 08 -+# chkconfig: - 92 08 - # description: Fail2ban daemon - # http://fail2ban.sourceforge.net/wiki/index.php/Main_Page - # process name: fail2ban-server -@@ -27,8 +27,7 @@ - echo -n $"Starting fail2ban: " - getpid - if [ -z "$pid" ]; then -- rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown -- $FAIL2BAN start > /dev/null -+ $FAIL2BAN -x start > /dev/null - RETVAL=$? - fi - if [ $RETVAL -eq 0 ]; then diff --git a/fail2ban-init.patch b/fail2ban-init.patch new file mode 100644 index 0000000..03b0016 --- /dev/null +++ b/fail2ban-init.patch @@ -0,0 +1,11 @@ +diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd +--- fail2ban-0.9-1f1a561/files/redhat-initd.init 2013-09-24 16:57:09.515712728 -0600 ++++ fail2ban-0.9-1f1a561/files/redhat-initd 2013-09-24 16:57:52.435590284 -0600 +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# chkconfig: 345 92 08 ++# chkconfig: - 92 08 + # processname: fail2ban-server + # config: /etc/fail2ban/fail2ban.conf + # pidfile: /var/run/fail2ban/fail2ban.pid diff --git a/fail2ban-jail.d.patch b/fail2ban-jail.d.patch deleted file mode 100644 index 9ccb6bb..0000000 --- a/fail2ban-jail.d.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/setup.py b/setup.py -index b61ecce..27ad17b 100755 ---- a/setup.py -+++ b/setup.py -@@ -66,6 +66,9 @@ setup( - ('/etc/fail2ban/action.d', - glob("config/action.d/*.conf") - ), -+ ('/etc/fail2ban/jail.d', -+ '' -+ ), - ('/var/run/fail2ban', - '' - ), diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch index c2cf359..a6082da 100644 --- a/fail2ban-logfiles.patch +++ b/fail2ban-logfiles.patch @@ -1,6 +1,6 @@ -diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf ---- fail2ban-0.9-d529151/config/jail.conf.logfiles 2013-07-28 03:43:54.000000000 -0600 -+++ fail2ban-0.9-d529151/config/jail.conf 2013-08-08 21:23:41.785950007 -0600 +diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf +--- fail2ban-0.9-1f1a561/config/jail.conf.logfiles 2013-09-08 05:02:35.000000000 -0600 ++++ fail2ban-0.9-1f1a561/config/jail.conf 2013-09-24 17:01:40.264930006 -0600 @@ -152,20 +152,18 @@ action = %(action_)s [sshd] @@ -40,7 +40,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con maxretry = 2 # .. custom jails -@@ -201,7 +199,7 @@ filter = sshd +@@ -194,7 +192,7 @@ filter = sshd action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, dest=you@example.com] ignoreregex = for myuser from @@ -49,7 +49,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Here we use blackhole routes for not requiring any additional kernel support # to store large volumes of banned IPs -@@ -210,7 +208,7 @@ logpath = /var/log/sshd.log +@@ -203,7 +201,7 @@ logpath = /var/log/sshd.log filter = sshd action = route @@ -58,7 +58,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Here we use a combination of Netfilter/Iptables and IPsets # for storing large volumes of banned IPs -@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log +@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log filter = sshd action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] @@ -74,25 +74,33 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip" # option is overridden in this jail. Moreover, the action "mail-whois" defines -@@ -238,7 +236,7 @@ logpath = /var/log/sshd.log +@@ -231,7 +229,7 @@ logpath = /var/log/sshd.log filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", dest=you@example.com] -logpath = /var/log/auth.log +logpath = /var/log/secure - ignoreip = 168.192.0.1 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables. -@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1 - [ssh-bsd-ipfw] + # table number must be unique. +@@ -243,14 +241,14 @@ logpath = /var/log/auth.log + filter = sshd action = bsd-ipfw[port=ssh,table=1] -logpath = /var/log/auth.log +logpath = /var/log/secure + # PF is a BSD based firewall + [ssh-pf] + + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/secure + maxretry= 5 + # - # HTTP servers -@@ -259,7 +257,7 @@ logpath = /var/log/auth.log +@@ -260,7 +258,7 @@ maxretry= 5 [apache-auth] port = http,https @@ -101,7 +109,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # Ban hosts which agent identifies spammer robots crawling the web # for email addresses. The mail outputs are buffered. -@@ -267,21 +265,20 @@ logpath = /var/log/apache*/*error.log +@@ -268,21 +266,20 @@ logpath = /var/log/apache*/*error.log [apache-badbots] port = http,https @@ -126,16 +134,16 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con maxretry = 2 # Ban attackers that try to use PHP's URL-fopen() functionality -@@ -291,7 +288,7 @@ maxretry = 2 +@@ -292,7 +289,7 @@ maxretry = 2 [php-url-fopen] port = http,https -logpath = /var/www/*/logs/access_log +logpath = /var/log/httpd/*access_log - # A simple PHP-fastcgi jail which works with lighttpd. - # If you run a lighttpd server, then you probably will -@@ -330,7 +327,7 @@ logpath = /var/log/sogo/sogo.log + [suhosin] + +@@ -325,7 +322,7 @@ logpath = /var/log/sogo/sogo.log filter = apache-auth action = hostsdeny @@ -143,7 +151,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con +logpath = /var/log/httpd/*error_log maxretry = 6 - + [3proxy] @@ -347,7 +344,7 @@ logpath = /var/log/proftpd/proftpd.log [pure-ftpd] @@ -162,7 +170,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # if you want to rely on PAM failed login attempts # vsftpd's failregex should match both of those formats -@@ -384,12 +381,12 @@ maxretry = 6 +@@ -390,12 +387,12 @@ logpath = /root/path/to/assp/logs/maill [courier-smtp] port = smtp,ssmtp,submission @@ -177,7 +185,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con # The hosts.deny path can be defined with the "file" argument if it is # not in /etc. -@@ -410,7 +407,7 @@ bantime = 300 +@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog [courier-auth] port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s @@ -186,7 +194,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con [sasl] -@@ -419,12 +416,12 @@ port = smtp,ssmtp,submission,imap2,i +@@ -436,12 +433,12 @@ port = smtp,ssmtp,submission,imap2,i # You might consider monitoring /var/log/mail.warn instead if you are # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. @@ -199,14 +207,5 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con -logpath = /var/log/mail.log +logpath = /var/log/maillog - # - # DNS servers -@@ -519,7 +516,7 @@ maxretry = 5 - enabled=false - filter = sshd - action = pf --logpath = /var/log/sshd.log -+logpath = /var/log/secure - maxretry=5 + [perdition] - [3proxy] diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch deleted file mode 100644 index af207d5..0000000 --- a/fail2ban-notmp.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py ---- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp 2013-07-28 03:43:54.000000000 -0600 -+++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py 2013-08-08 20:15:19.997686089 -0600 -@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader): - ConfigReader.read(self, "fail2ban") - - def getEarlyOptions(self): -- opts = [["string", "socket", "/tmp/fail2ban.sock"], -+ opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"], - ["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]] - return ConfigReader.getOptions(self, "Definition", opts) - diff --git a/fail2ban.spec b/fail2ban.spec index 84714ba..3ad6df0 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,20 +1,17 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.9 -Release: 0.2.gitd529151%{?dist} +Release: 0.3.git1f1a561%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ #Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -Source0: %{name}-%{version}-d529151.tar.xz +Source0: %{name}-%{version}-1f1a561.tar.xz Source1: fail2ban-logrotate -Patch0: fail2ban-0.8.3-init.patch +Patch0: fail2ban-init.patch # Fix logfile paths in jail.conf Patch1: fail2ban-logfiles.patch -# Install jail.d -Patch2: fail2ban-jail.d.patch Patch6: fail2ban-log2syslog.patch -Patch8: fail2ban-notmp.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel >= 2.3 # For testcases @@ -47,12 +44,10 @@ and shorewall respectively. %prep -%setup -q -n %{name}-%{version}-d529151 +%setup -q -n %{name}-%{version}-1f1a561 %patch0 -p1 -b .init %patch1 -p1 -b .logfiles -%patch2 -p1 -b .jail.d %patch6 -p1 -b .log2syslog -%patch8 -p1 -b .notmp %build python setup.py build @@ -138,6 +133,10 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Tue Sep 24 2013 Orion Poplawski - 0.9-0.3.git1f1a561 +- Update to current 0.9 git branch +- Rebase init patch, drop jail.d and notmp patch applied upstream + * Fri Aug 9 2013 Orion Poplawski - 0.9-0.2.gitd529151 - Ship jail.conf(5) man page - Ship empty /etc/fail2ban/jail.d directory diff --git a/sources b/sources index df0bbd5..9e9d22b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d51144c03988c9f63d91515b6ebc5d57 fail2ban-0.9-d529151.tar.xz +6c8a581bc46712be597f3a949d036217 fail2ban-0.9-1f1a561.tar.xz