From fc221f7faf581a23843c649d5168073203a051ab Mon Sep 17 00:00:00 2001 From: Christopher Engelhard Date: Feb 23 2021 08:17:58 +0000 Subject: EPEL6 is EOL, remove support for SysV init. --- diff --git a/sshguard.init b/sshguard.init deleted file mode 100644 index a194167..0000000 --- a/sshguard.init +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -# -# sshguard - Protects hosts from brute-force attacks against SSH and other services -# -# chkconfig: - 20 80 -# description: Sshguard protects hosts from brute-force attacks against SSH \ -# and other services. It aggregates system logs and blocks \ -# repeat offenders using one of several firewall backends. \ -# \ -# Sshguard can read log messages from standard input or \ -# monitor one or more log files. Log messages are parsed, \ -# line-by-line, for recognized patterns. If an attack, such as \ -# several login failures within a few seconds, is detected, \ -# the offending IP is blocked. Offenders are unblocked after a \ -# set interval, but can be semi-permanently banned using the \ -# blacklist option. - -### BEGIN INIT INFO -# Provides: sshguard -# Required-Start: $local_fs $syslog -# Required-Stop: $local_fs $syslog -# Default-Stop: 0 1 6 -# Short-Description: Protects hosts from brute-force attacks against SSH and other services -# Description: Sshguard protects hosts from brute-force attacks against SSH and other -# services. It aggregates system logs and blocks repeat offenders using one of -# several firewall backends. -# -# Sshguard can read log messages from standard input or monitor one or more -# log files. Log messages are parsed, line-by-line, for recognized patterns. -# If an attack, such as several login failures within a few seconds, is -# detected, the offending IP is blocked. Offenders are unblocked after a set -# interval, but can be semi-permanently banned using the blacklist option. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -executable="%{_sbindir}/%{name}" -progname="%{name}" -config="%{_sysconfdir}/%{name}.conf" -pidfile="/var/run/$progname.pid" -logfile="/var/log/$progname.log" -lockfile="/var/lock/subsys/$progname" - -[ -e %{_sysconfdir}/sysconfig/$progname ] && . %{_sysconfdir}/sysconfig/$progname - -start() { - [ -x $executable ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $progname: " - daemon --pidfile $pidfile "$executable -i $pidfile &>> $logfile &" - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $progname: " - killproc $executable - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status $progname -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/sshguard.logrotate b/sshguard.logrotate deleted file mode 100644 index eeb478e..0000000 --- a/sshguard.logrotate +++ /dev/null @@ -1,6 +0,0 @@ -/var/log/%{name}.log { - missingok # If the log file is missing, go on to the next one without issuing an error message - notifempty # Don't do any rotation if the logfile is empty - compress # Compress older files with gzip - delaycompress # Don't compress yesterdays files -} diff --git a/sshguard.spec b/sshguard.spec index 93cdd43..d83e540 100644 --- a/sshguard.spec +++ b/sshguard.spec @@ -1,4 +1,3 @@ -%{?el6:%global use_sysvinit 1} %if "0%{?rhel}" >= "8" || 0%{?fedora} %global use_subpackages 1 %endif @@ -17,8 +16,6 @@ Url: http://www.sshguard.net Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source1: %{name}.conf.in Source2: %{name}.whitelist -Source3: %{name}.init -Source4: %{name}.logrotate # fnv is a very small implementation of the fnv hash algorithm not worth splitting # into its own package. It has not seen updates since 2012, and upstream does not @@ -42,16 +39,6 @@ BuildRequires: byacc Requires: coreutils Requires: grep -%if 0%{?use_sysvinit} -# for logging to file -Requires: logrotate -# for SysVinit service configuration -Requires(post): chkconfig -Requires(preun): chkconfig -# for /sbin/service -Requires(preun): initscripts -Requires(postun): initscripts -%else Requires: systemd # for systemd service installation support %if 0%{?fedora} > 29 @@ -59,7 +46,6 @@ BuildRequires: systemd-rpm-macros %else BuildRequires: systemd %endif -%endif %description Sshguard protects hosts from brute-force attacks against SSH and other @@ -115,7 +101,7 @@ sed -i -e "s|%%{_bindir}|%{_bindir}|g" \ -e "s|%%{_rundir}|%{_rundir}|g" \ -e "s|%%{_pkgdocdir}|%{_pkgdocdir}|g" \ -e "s|%%{name}|%{name}|g" \ - %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} + %{SOURCE1} %{SOURCE2} %build %{configure} --prefix=%{_prefix} --sysconfdir=%{_sysconfdir} --sbindir=%{_sbindir} --libexecdir=%{_libexecdir}/%{name} @@ -133,17 +119,10 @@ sed -e "s|__BACKEND__|sshg-fw-iptables|g" %{SOURCE1} > %{buildroot}%{_sysconfdir chmod 0644 %{buildroot}%{_sysconfdir}/%{name}.conf.* %endif install -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}.whitelist -%if 0%{?use_sysvinit} -install -p -d -m 0755 %{buildroot}%{_initddir} -install -p -m 0755 %{SOURCE3} %{buildroot}%{_initddir}/%{name} -install -p -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d -install -p -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} -%else install -p -d -m 0755 %{buildroot}%{_unitdir} sed -i -e "/ExecStartPre=/d" examples/%{name}.service sed -i -e "s|ExecStart=/usr/local/sbin/sshguard|ExecStart=%{_sbindir}/%{name}|g" examples/%{name}.service install -p -m 0644 examples/%{name}.service %{buildroot}%{_unitdir}/ -%endif # cleanup # *.plist is only relevant for MacOS systems @@ -156,12 +135,7 @@ make check #-- SCRIPTLETS -----------------------------------------------------------------# %post -%if 0%{?use_sysvinit} -# This adds the proper /etc/rc*.d links for the script -/sbin/chkconfig --add %{_initddir}/%{name} -%else %systemd_post %{name}.service -%endif %if 0%{?use_subpackages} # with iptables backend, sshguard does not auto-create its tables, so we do that here @@ -178,23 +152,10 @@ exit 0 %endif %preun -%if 0%{?use_sysvinit} -if [[ $1 -eq 0 ]]; then - /sbin/service %{name} stop >/dev/null 2>&1 - /sbin/chkconfig --del %{name} -fi -%else %systemd_preun %{name}.service -%endif %postun -%if 0%{?use_sysvinit} -if [ $1 -ge 1 ] ; then - /sbin/service %{name} condrestart >/dev/null 2>&1 || : -fi -%else %systemd_postun_with_restart %{name}.service -%endif #-- FILES ---------------------------------------------------------------------# %files @@ -219,12 +180,7 @@ fi %{_libexecdir}/%{name}/sshg-fw-null %{_libexecdir}/%{name}/sshg-fw-pf %{_libexecdir}/%{name}/sshg-fw-nft-sets -%if 0%{?use_sysvinit} -%{_initddir}/%{name} -%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} -%else %{_unitdir}/%{name}.service -%endif %config(noreplace) %{_sysconfdir}/%{name}.whitelist %if 0%{?use_subpackages}