fail2ban/fail2ban-opensuse-service.patch

diff -ur fail2ban-0.10.4-orig/files/fail2ban.service.in fail2ban-0.10.4/files/fail2ban.service.in
--- fail2ban-0.10.4-orig/files/fail2ban.service.in	2018-10-04 11:26:22.000000000 +0200
+++ fail2ban-0.10.4/files/fail2ban.service.in	2019-08-12 11:17:34.929129813 +0200
@@ -6,12 +6,13 @@
 
 [Service]
 Type=simple
+EnvironmentFile=-/etc/sysconfig/fail2ban
 ExecStartPre=/bin/mkdir -p /var/run/fail2ban
-ExecStart=@BINDIR@/fail2ban-server -xf start
+ExecStart=/usr/bin/fail2ban-server -xf $FAIL2BAN_OPTIONS start
 # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
-# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start
-ExecStop=@BINDIR@/fail2ban-client stop
-ExecReload=@BINDIR@/fail2ban-client reload
+# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
+ExecStop=/usr/bin/fail2ban-client stop
+ExecReload=/usr/bin/fail2ban-client reload
 PIDFile=/var/run/fail2ban/fail2ban.pid
 Restart=on-failure
 RestartPreventExitStatus=0 255
Accepting request 722640 from home:weberho:branches:security - Added fail2ban-0.10.4-env-script-interpreter.patch to define interpreter - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 will be removed from Factory (see sr#713247): * fail2ban-opensuse-service.patch: removed references to SuSEfirewall2 service * fail2ban-opensuse-service-sfw.patch: use references to SuSEfirewall2 only for older distributions * Removed installation recommendation of the SuSEfirewall2-fail2ban package for all distributions as it is deprecated. - fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file location (boo#1145181, gh#fail2ban/fail2ban#2474) OBS-URL: https://build.opensuse.org/request/show/722640 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=96 2019-08-12 12:37:17 +02:00			`diff -ur fail2ban-0.10.4-orig/files/fail2ban.service.in fail2ban-0.10.4/files/fail2ban.service.in`
			`--- fail2ban-0.10.4-orig/files/fail2ban.service.in 2018-10-04 11:26:22.000000000 +0200`
			`+++ fail2ban-0.10.4/files/fail2ban.service.in 2019-08-12 11:17:34.929129813 +0200`
			`@@ -6,12 +6,13 @@`
Accepting request 314731 from home:weberho:branches:security Major update to version 0.9.2 OBS-URL: https://build.opensuse.org/request/show/314731 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=59 2015-07-01 21:56:17 +02:00
			`[Service]`
Accepting request 536273 from home:weberho:branches:security - Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)\|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)\|(?P=ip6)\|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\sfailure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F->` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. OBS-URL: https://build.opensuse.org/request/show/536273 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=83 2017-10-24 12:04:00 +02:00			`Type=simple`
Accepting request 314731 from home:weberho:branches:security Major update to version 0.9.2 OBS-URL: https://build.opensuse.org/request/show/314731 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=59 2015-07-01 21:56:17 +02:00			`+EnvironmentFile=-/etc/sysconfig/fail2ban`
Accepting request 536273 from home:weberho:branches:security - Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)\|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)\|(?P=ip6)\|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\sfailure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F->` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. OBS-URL: https://build.opensuse.org/request/show/536273 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=83 2017-10-24 12:04:00 +02:00			`ExecStartPre=/bin/mkdir -p /var/run/fail2ban`
			`-ExecStart=@BINDIR@/fail2ban-server -xf start`
			`+ExecStart=/usr/bin/fail2ban-server -xf $FAIL2BAN_OPTIONS start`
Accepting request 578297 from home:weberho:branches:security - Updated to version 0.10.2. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog - rebased patch OBS-URL: https://build.opensuse.org/request/show/578297 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=87 2018-02-20 10:42:27 +01:00			`# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local`
			`-# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start`
Accepting request 536273 from home:weberho:branches:security - Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)\|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)\|(?P=ip6)\|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\sfailure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F->` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. OBS-URL: https://build.opensuse.org/request/show/536273 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=83 2017-10-24 12:04:00 +02:00			`-ExecStop=@BINDIR@/fail2ban-client stop`
			`-ExecReload=@BINDIR@/fail2ban-client reload`
Accepting request 578297 from home:weberho:branches:security - Updated to version 0.10.2. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog - rebased patch OBS-URL: https://build.opensuse.org/request/show/578297 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=87 2018-02-20 10:42:27 +01:00			`+# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start`
Accepting request 536273 from home:weberho:branches:security - Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)\|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)\|(?P=ip6)\|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\sfailure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F->` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. OBS-URL: https://build.opensuse.org/request/show/536273 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=83 2017-10-24 12:04:00 +02:00			`+ExecStop=/usr/bin/fail2ban-client stop`
			`+ExecReload=/usr/bin/fail2ban-client reload`
Accepting request 314731 from home:weberho:branches:security Major update to version 0.9.2 OBS-URL: https://build.opensuse.org/request/show/314731 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=59 2015-07-01 21:56:17 +02:00			`PIDFile=/var/run/fail2ban/fail2ban.pid`
Accepting request 536273 from home:weberho:branches:security - Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)\|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)\|(?P=ip6)\|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\sfailure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F->` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. OBS-URL: https://build.opensuse.org/request/show/536273 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=83 2017-10-24 12:04:00 +02:00			`Restart=on-failure`
			`RestartPreventExitStatus=0 255`