#
# spec file for package fail2ban
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           fail2ban
Version:        0.8.14
Release:        0
Url:            http://www.fail2ban.org/
Summary:        Bans IP addresses that make too many authentication failures
License:        GPL-2.0+
Group:          Productivity/Networking/Security

Source0:        https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz
%if 0%{?suse_version} < 1230
# the init-script requires lsof
Requires:       lsof
Source1:        %{name}.init
%endif
Source2:        %{name}.sysconfig
Source3:        %{name}.logrotate
Source4:        %{name}.service
Source5:        %{name}.tmpfiles
Source6:        sfw-fail2ban.conf
Source7:        f2b-restart.conf
# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhoferat -- update default locations for logfiles
Patch100:       fail2ban-opensuse-locations.patch
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch
%if 0%{?suse_version} >= 1230
%{?systemd_requires}
BuildRequires:  systemd
%endif
BuildRequires:  logrotate
BuildRequires:  python-devel
Requires:       cron
Requires:       iptables
Requires:       logrotate
Requires:       python >= 2.5
%if 0%{?suse_version} >= 1140 && 0%{?sles_version} == 0
Requires:       python-pyinotify
%endif
%if 0%{?suse_version} >= 1220
Requires:       python-gamin
%endif

%description
Fail2ban scans log files like /var/log/messages and bans IP addresses
that makes too many password failures. It updates firewall rules to
reject the IP address, can send e-mails, or set host.deny entries.
These rules can be defined by the user. Fail2Ban can read multiple log
files such as sshd or Apache web server ones.

%package -n SuSEfirewall2-fail2ban
Summary:        Files for integrating fail2ban into SuSEfirewall2 via systemd
Group:          Productivity/Networking/Security
BuildArch:      noarch
Recommends:     packageand(SuSEfirewall2:fail2ban)
Requires:       SuSEfirewall2
Requires:       fail2ban

%description -n SuSEfirewall2-fail2ban
This package ships systemd files which will cause fail2ban to be ordered
in relation to SuSEfirewall2 such that the two can be run concurrently
within reason, i.e. SFW will always run first because it does a table flush.

%package -n nagios-plugins-fail2ban
Summary:        Check fail2ban server and how many IPs are currently banned
Group:          System/Monitoring
%define         nagios_plugindir %{_prefix}/lib/nagios/plugins

%description -n nagios-plugins-fail2ban
This plugin checks if the fail2ban server is running and how many IPs are
currently banned.  You can use this plugin to monitor all the jails or just a
specific jail.

How to use
----------
Just have to run the following command:
  $ ./check_fail2ban --help


%prep
%setup
%patch100 -p1
# correct doc-path
sed -i -e 's|%{_prefix}/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py

%build
export CFLAGS="$RPM_OPT_FLAGS"
python setup.py build
gzip man/*.1

%install
python setup.py install \
	--root=$RPM_BUILD_ROOT \
	--prefix=%{_prefix}
install -d -m755 $RPM_BUILD_ROOT/%{_mandir}/man1
for i in fail2ban-client fail2ban-regex fail2ban-server; do
	install -m644 man/${i}.1.gz $RPM_BUILD_ROOT/%{_mandir}/man1
done
install -d -m755 $RPM_BUILD_ROOT/%{_initrddir}
install -d -m755 $RPM_BUILD_ROOT/%{_sbindir}
%if 0%{?suse_version} < 1230
install -m755 %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/%{name}
ln -sf %{_initrddir}/%{name} ${RPM_BUILD_ROOT}%{_sbindir}/rc%{name}
%endif
install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}

install -d -m755 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban

%if 0%{?suse_version} >= 1230
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service

install -d -m755 $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/
install -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf
%endif
%if 0%{?_unitdir:1}
install -Dm0644 "%_sourcedir/sfw-fail2ban.conf" \
	"%buildroot/%_unitdir/SuSEfirewall2.service.d/fail2ban.conf"
install -Dm0644 "%_sourcedir/f2b-restart.conf" \
	"%buildroot/%_unitdir/fail2ban.service.d/SuSEfirewall2.conf"
%endif
install -Dm755 files/nagios/check_fail2ban %{buildroot}/%{nagios_plugindir}/check_fail2ban

%pre
%if 0%{?suse_version} >= 1230
%service_add_pre %{name}.service
%endif

%post
%{fillup_only}
%if 0%{?suse_version} >= 1230
systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf
%service_add_post %{name}.service
%endif

%preun
%if 0%{?suse_version} >= 1230
%service_del_preun %{name}.service
%else
%stop_on_removal %{name}
%endif

%postun
%if 0%{?suse_version} >= 1230
%service_del_postun %{name}.service
%else
%restart_on_update %{name}
%insserv_cleanup
%endif

%if 0%{?_unitdir:1}
%post -n SuSEfirewall2-fail2ban
%_bindir/systemctl daemon-reload >/dev/null 2>&1 || :

%postun -n SuSEfirewall2-fail2ban
%_bindir/systemctl daemon-reload >/dev/null 2>&1 || :
%endif

%files
%defattr(-, root, root)
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/action.d
%dir %{_sysconfdir}/%{name}/filter.d
%config(noreplace) %{_sysconfdir}/%{name}/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf
%config %{_sysconfdir}/logrotate.d/fail2ban
%if 0%{?suse_version} >= 1230
%{_unitdir}/%{name}.service
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%else
%{_initrddir}/%{name}
%{_sbindir}/rc%{name}
%dir %ghost /var/run/%{name}
%endif
%{_bindir}/%{name}*
%{_datadir}/%{name}
/var/adm/fillup-templates/sysconfig.%{name}
%doc %{_mandir}/man1/*
%doc COPYING ChangeLog DEVELOP README.md TODO files/cacti

%if 0%{?_unitdir:1}
%files -n SuSEfirewall2-fail2ban
%defattr(-,root,root)
%_unitdir/SuSEfirewall2.service.d
%_unitdir/fail2ban.service.d
%endif

%files -n nagios-plugins-fail2ban
%defattr(-,root,root)
%doc files/nagios/README COPYING
%dir %{_prefix}/lib/nagios
%dir %{nagios_plugindir}
%{nagios_plugindir}/check_fail2ban

%changelog