rpms / pam_shield

Clone
Source Code
GIT

Files

el5 el6 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 main rawhide
  1.   f29
  2.   pam_shield.spec
Blob Blame History Raw 
Name:		pam_shield
Version:	0.9.5
Release:	23%{?dist}
Summary:	Pam Shield - A pam module to counter brute force attacks

Group:		System Environment/Libraries
License:	GPLv2
URL:		http://www.heiho.net/pam_shield/index.html
Source0:	http://www.heiho.net/pam_shield/pam_shield-0.9.5.tar.gz
Source1:	shield-trigger.8.gz
Source2:	shield-purge.8.gz
Source3:	shield-trigger-iptables.8.gz
BuildRequires:  gcc
BuildRequires:	pam-devel, gdbm-devel
%if 0%{?rhel} <= 5
Requires:	policycoreutils
%else
Requires:	policycoreutils-python
%endif
Patch0:		shield_purge_segfault.patch
Patch1:		shield-trigger-iptables.patch

%description
This is a pam module that supports brute force blocking against pam
authentication mechanisms.

%prep
%setup -q -n pam_shield-%{version}
mv GPL LICENSE
%patch0 -p0 -b .shield_purge_segfault
%patch1 -p0 -b .shield_trigger_iptables
#disable debug by default
sed -i -e 's/debug on/debug off/' shield.conf
#change to block all users for failed attempts
sed -i -e 's/block unknown-users/block all-users/' shield.conf
#reduce connections before block from 10 to 3
sed -i -e 's/max_conns 10/max_conns 3/' shield.conf
#reduce retention time from 1 week to 1 hour
sed -i -e 's/retention 1w/retention 1h/' shield.conf
#change the default behavior from shield-trigger to shield-trigger-iptables
#this uses iptables instead of route to block brute force attack
sed -i -e 's/shield\-trigger/shield-trigger-iptables/' shield.conf

%build
#software required -fPIC flag to build
make CFLAGS="%{optflags} -fPIC"

%check

%install
rm -rf %{buildroot}
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/security
mkdir -p -m 755 %{buildroot}%{_sysconfdir}/cron.daily
mkdir -p -m 755 %{buildroot}%{_sbindir}
mkdir -p -m 755 %{buildroot}/%{_lib}/security
mkdir -p -m 755 %{buildroot}%{_mandir}/man8
install -m 755 pam_shield.so %{buildroot}/%{_lib}/security/
install -m 755 -T pam_shield.cron %{buildroot}%{_sysconfdir}/cron.daily/pam_shield
install -m 755 shield-trigger %{buildroot}%{_sbindir}/
install -m 755 shield-trigger-iptables %{buildroot}%{_sbindir}/
install -m 755 shield-purge %{buildroot}%{_sbindir}/
install -m 644 shield.conf %{buildroot}%{_sysconfdir}/security/
mkdir -p -m 700 %{buildroot}/var/lib/pam_shield
install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/
install -m 644 %{SOURCE3} %{buildroot}%{_mandir}/man8/

%post
semanage fcontext -a -t var_auth_t '/var/lib/pam_shield' 2>/dev/null || :
restorecon -R /var/lib/pam_shield || :

%postun
if [ $1 -eq 0 ] ; then
semanage fcontext -d -t var_auth_t '/var/lib/pam_shield' 2>/dev/null || :
if [ -e "/var/lib/pam_shield/db" ]
then
rm -f /var/lib/pam_shield/db
fi
fi

%files
/%{_lib}/security/pam_shield.so
%doc INSTALL README LICENSE CREDITS Changelog
%doc %{_mandir}/man8/shield-trigger.8.gz
%doc %{_mandir}/man8/shield-purge.8.gz
%doc %{_mandir}/man8/shield-trigger-iptables.8.gz
%config(noreplace) %{_sysconfdir}/security/shield.conf
%dir /var/lib/pam_shield
%{_sysconfdir}/cron.daily/pam_shield
%{_sbindir}/shield-trigger
%{_sbindir}/shield-purge
%{_sbindir}/shield-trigger-iptables

%changelog
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Wed Nov 13 2013 Ville Skyttä <ville.skytta@iki.fi> - 0.9.5-14
- Install docs with special %%doc (#994019).

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Thu Aug 11 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-9
- fixed selinux conflict by adding context definition
- added some additional cleanup on uninstall
* Sat Apr 30 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-8
- patches shield-trigger-iptables to insert rules instead of add
- and added checks for chain existance and creation if necessary
- before adding rules to iptables/ip6tables and dropped the
- destination port so it can be used for any service
* Sun Apr 10 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-7
- restored /var/lib/pam_shield to 700
* Sat Apr 9 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-6
- fixed the permissions duplications
- changed permissions on /var/lib/pam_shield to 755
- changed permissions on pam_shield.so to 755
- removed -s flag from install command to preserve
- debuginfo data
* Fri Apr 8 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-5
- fixed issues with my implementation of %%{optflags}
- this in turn fixed the empty -debug package
* Thu Apr 7 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-4
- fixed a typo in previous release in %%build section
* Thu Apr 7 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-3
- updated %%build section with %%{optflags}
* Mon Mar 28 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-2
- included shield-trigger-iptables
- changed default blocking method from route to iptables
- modified default retention policy from 1 week to 1 hour
- added man page for shield-trigger-iptables
- fixed typos in man page for shield-purge
* Sat Mar 26 2011 Carl Thompson <fedora@red-dragon.com> 0.9.5-1
- Initial package
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.