2009-02-11 04:32:18 +01:00
#
2011-09-01 16:59:53 +02:00
# spec file for package fail2ban
2009-02-11 04:32:18 +01:00
#
2015-04-14 10:03:38 +02:00
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
2009-02-11 04:32:18 +01:00
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
2011-11-23 17:46:37 +01:00
2009-02-11 04:32:18 +01:00
Name : fail2ban
2015-09-07 10:44:02 +02:00
Version : 0.9.3
2012-06-03 19:51:16 +02:00
Release : 0
2010-05-07 16:09:42 +02:00
Summary : Bans IP addresses that make too many authentication failures
2012-06-03 19:51:16 +02:00
License : GPL-2.0+
Group : Productivity/Networking/Security
2015-07-01 21:56:17 +02:00
Url : http://www.fail2ban.org/
Source0 : https://github.com/fail2ban/fail2ban/archive/%{version} .tar.gz#/%{name}-%{version}.tar.gz
2009-02-11 04:32:18 +01:00
Source2 : %{name} .sysconfig
2013-05-29 09:26:03 +02:00
Source3 : %{name} .logrotate
2013-09-23 11:42:53 +02:00
Source5 : %{name} .tmpfiles
2014-04-28 11:16:08 +02:00
Source6 : sfw-fail2ban.conf
Source7 : f2b-restart.conf
2015-07-01 21:56:17 +02:00
# Path definitions have been submitted to upstream
Source8 : paths-opensuse.conf
# ignore some rpm-lint messages
Source200 : %{name} -rpmlintrc
2015-01-23 11:27:14 +01:00
# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhofer.at -- update default locations for logfiles
2014-08-21 15:18:17 +02:00
Patch100 : fail2ban-opensuse-locations.patch
2015-07-01 21:56:17 +02:00
# PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file
Patch101 : fail2ban-opensuse-service.patch
2015-09-07 10:44:02 +02:00
# PATCH-FIX-OPENSUSE fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- disable test which currently fails on some systems
Patch102 : fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
2015-09-07 11:49:02 +02:00
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
Patch200 : fail2ban-disable-iptables-w-option.patch
# PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch jweberhofer@weberhofer.at -- remove tests that can't work on opensuse < 13.3
Patch201 : fail2ban-exclude-dev-log-tests.patch
2015-07-01 21:56:17 +02:00
BuildRequires : fdupes
2014-04-28 11:16:08 +02:00
BuildRequires : logrotate
BuildRequires : python-devel
2015-07-01 21:56:17 +02:00
# timezone package is required to run the tests
BuildRequires : timezone
2014-01-22 10:26:34 +01:00
Requires : cron
2015-04-14 10:03:38 +02:00
Requires : ed
2014-01-22 10:26:34 +01:00
Requires : iptables
Requires : logrotate
Requires : python >= 2.5
2015-07-01 21:56:17 +02:00
Requires : whois
BuildRoot : %{_tmppath} /%{name} -%{version} -build
%if 0%{?suse_version} != 1110
BuildArch : noarch
%endif
%if 0%{?suse_version} < 1230
# the init-script requires lsof
Requires : lsof
2014-11-25 15:53:42 +01:00
Requires : syslog
2015-07-01 21:56:17 +02:00
%else
BuildRequires : systemd
Requires : systemd
%{?systemd_requires}
%endif
%if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010 && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
BuildRequires : python-pyinotify
2014-01-22 10:26:34 +01:00
Requires : python-pyinotify
%endif
%if 0%{?suse_version} >= 1220
Requires : python-gamin
%endif
2009-02-11 04:32:18 +01:00
%description
2015-07-01 21:56:17 +02:00
Fail2ban scans log files like %{_localstatedir} /log/messages and bans IP
addresses that makes too many password failures. It updates firewall rules to
reject the IP address, can send e-mails, or set host.deny entries. These rules
can be defined by the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.
%package tests
Summary : Test-cases for fail2ban
Group : System/Monitoring
%description tests
This package contains fail2ban's testcases
2009-02-11 04:32:18 +01:00
2014-04-28 11:16:08 +02:00
%package -n SuSEfirewall2-fail2ban
2014-06-25 17:39:26 +02:00
Summary : Files for integrating fail2ban into SuSEfirewall2 via systemd
2014-04-28 11:16:08 +02:00
Group : Productivity/Networking/Security
Requires : SuSEfirewall2
Requires : fail2ban
2015-07-01 21:56:17 +02:00
Recommends: packageand(SuSEfirewall2:fail2ban)
2014-04-28 11:16:08 +02:00
%description -n SuSEfirewall2-fail2ban
2015-07-01 21:56:17 +02:00
This package ships systemd files which will cause fail2ban to be ordered in
relation to SuSEfirewall2 such that the two can be run concurrently within
reason, i.e. SFW will always run first because it does a table flush.
2014-04-28 11:16:08 +02:00
2014-06-25 17:39:26 +02:00
%package -n nagios-plugins-fail2ban
2015-07-01 21:56:17 +02:00
%define nagios_plugindir %{_libexecdir}/nagios/plugins
2014-06-25 17:39:26 +02:00
Summary : Check fail2ban server and how many IPs are currently banned
Group : System/Monitoring
%description -n nagios-plugins-fail2ban
This plugin checks if the fail2ban server is running and how many IPs are
currently banned. You can use this plugin to monitor all the jails or just a
specific jail.
How to use
----------
Just have to run the following command:
$ ./check_fail2ban --help
2009-02-11 04:32:18 +01:00
%prep
2015-07-01 21:56:17 +02:00
%setup -q
install -m644 %{SOURCE8} config/paths-opensuse.conf
# Use openSUSE paths
sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
2014-08-21 15:18:17 +02:00
%patch100 -p1
2015-01-23 11:27:14 +01:00
%patch101 -p1
2015-07-01 21:56:17 +02:00
%patch102 -p1
2015-09-07 10:44:02 +02:00
%if 0%{?suse_version} < 1310
%patch200 -p1
%endif
%if 0%{?suse_version} < 1321
%patch201 -p1
2015-07-01 21:56:17 +02:00
%endif
rm config/paths-debian.conf \
config/paths-fedora.conf \
config/paths-freebsd.conf \
config/paths-osx.conf
2015-01-23 11:27:14 +01:00
2013-05-15 09:27:16 +02:00
# correct doc-path
2015-07-01 21:56:17 +02:00
sed -i -e 's|%{_datadir}/doc/fail2ban|%{_docdir}/%{name}|' setup.py
2009-02-11 04:32:18 +01:00
%build
2015-07-01 21:56:17 +02:00
export CFLAGS=" %{optflags} "
2009-02-11 04:32:18 +01:00
python setup.py build
2015-07-01 21:56:17 +02:00
gzip man/*.{1,5}
2009-02-11 04:32:18 +01:00
%install
python setup.py install \
2015-07-01 21:56:17 +02:00
--root=%{buildroot} \
2009-02-11 04:32:18 +01:00
--prefix=%{_prefix}
2015-07-01 21:56:17 +02:00
install -d -m 755 %{buildroot} %{_mandir} /man{1,5}
install -p -m 644 man/fail2ban-*.1.gz %{buildroot} %{_mandir} /man1
install -p -m 644 man/jail.conf.5.gz %{buildroot} %{_mandir} /man5
install -d -m 755 %{buildroot} %{_initrddir}
install -d -m 755 %{buildroot} %{_sbindir}
2013-05-29 09:26:03 +02:00
2013-09-23 11:42:53 +02:00
%if 0%{?suse_version} >= 1230
2015-07-01 21:56:17 +02:00
install -d -m 755 %{buildroot} %{_unitdir}
install -p -m 644 files/%{name} .service %{buildroot} %{_unitdir} /%{name} .service
install -d -m 755 %{buildroot} %{_libexecdir} /tmpfiles.d/
install -p -m 644 %{SOURCE5} %{buildroot} %{_libexecdir} /tmpfiles.d/%{name} .conf
sed -i -e 's/^backend = auto/backend = systemd/' %{buildroot} %{_sysconfdir} /%{name} /paths-opensuse.conf
%else
install -m 755 files/suse-initd %{buildroot} %{_initddir} /%{name}
ln -sf %{_initddir} /%{name} %{buildroot} %{_sbindir} /rc%{name}
install -d -m 755 %{buildroot} %{_localstatedir} /run/%{name}
2013-09-23 11:42:53 +02:00
%endif
2015-07-01 21:56:17 +02:00
install -d -m 0755 %{buildroot} %{_localstatedir} /lib/fail2ban/
install -d -m 755 %{buildroot} %{_localstatedir} /adm/fillup-templates
install -p -m 644 %{SOURCE2} %{buildroot} %{_localstatedir} /adm/fillup-templates/sysconfig.%{name}
install -d -m 755 %{buildroot} %{_sysconfdir} /logrotate.d
install -p -m 644 %{SOURCE3} %{buildroot} %{_sysconfdir} /logrotate.d/fail2ban
2014-08-21 18:58:13 +02:00
%if 0%{?_unitdir:1}
2015-07-01 21:56:17 +02:00
install -Dm 0644 " %{_sourcedir} / s f w - f a i l 2 b a n . c o n f " \
" %{buildroot} %{_unitdir} / S u S E f i r e w a l l 2 . s e r v i c e . d / f a i l 2 b a n . c o n f "
install -D -m 0644 " %{_sourcedir} / f 2 b - r e s t a r t . c o n f " \
" %{buildroot} %{_unitdir} / f a i l 2 b a n . s e r v i c e . d / S u S E f i r e w a l l 2 . c o n f "
%endif
install -D -m 755 files/nagios/check_fail2ban %{buildroot} %{nagios_plugindir} /check_fail2ban
# install docs using the macro
rm -r %{buildroot} %{_docdir} /%{name}
# remove duplicates
%fdupes -s %{buildroot} %{python_sitelib}
%check
#stat /dev/log
#python -c "import platform; print(platform.system())"
# tests require python-pyinotify to be installed, so don't run them on older versions
%if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010 && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
# Need a UTF-8 locale to work
export LANG=en_US.UTF-8
./fail2ban-testcases-all --no-network
2014-04-28 11:16:08 +02:00
%endif
2013-09-23 11:42:53 +02:00
%pre
%if 0%{?suse_version} >= 1230
%service_add_pre %{name} .service
%endif
2009-02-11 04:32:18 +01:00
%post
2015-07-01 21:56:17 +02:00
%fillup_only
2013-09-23 11:42:53 +02:00
%if 0%{?suse_version} >= 1230
2015-07-01 21:56:17 +02:00
systemd-tmpfiles --create %{_libexecdir} /tmpfiles.d/%{name} .conf
2013-09-23 11:42:53 +02:00
%service_add_post %{name} .service
%endif
2009-02-11 04:32:18 +01:00
%preun
2013-09-23 11:42:53 +02:00
%if 0%{?suse_version} >= 1230
%service_del_preun %{name} .service
%else
2009-02-11 04:32:18 +01:00
%stop_on_removal %{name}
2013-09-23 11:42:53 +02:00
%endif
2009-02-11 04:32:18 +01:00
%postun
2013-09-23 11:42:53 +02:00
%if 0%{?suse_version} >= 1230
%service_del_postun %{name} .service
%else
2009-02-11 04:32:18 +01:00
%restart_on_update %{name}
%insserv_cleanup
2013-09-23 11:42:53 +02:00
%endif
2009-02-11 04:32:18 +01:00
2014-08-21 18:58:13 +02:00
%if 0%{?_unitdir:1}
2014-04-28 11:16:08 +02:00
%post -n SuSEfirewall2-fail2ban
2015-07-01 21:56:17 +02:00
%{_bindir} /systemctl daemon-reload >/dev/null 2>&1 || :
2014-04-28 11:16:08 +02:00
%postun -n SuSEfirewall2-fail2ban
2015-07-01 21:56:17 +02:00
%{_bindir} /systemctl daemon-reload >/dev/null 2>&1 || :
2014-04-28 11:16:08 +02:00
%endif
2009-02-11 04:32:18 +01:00
%files
%defattr (-, root, root)
2015-07-01 21:56:17 +02:00
%config (noreplace) %{_sysconfdir} /%{name}
2013-05-29 09:26:03 +02:00
%config %{_sysconfdir} /logrotate.d/fail2ban
2015-07-01 21:56:17 +02:00
%dir %{_localstatedir} /lib/fail2ban/
2013-09-23 11:42:53 +02:00
%if 0%{?suse_version} >= 1230
%{_unitdir} /%{name} .service
2015-07-01 21:56:17 +02:00
%{_libexecdir} /tmpfiles.d/%{name} .conf
2013-09-23 11:42:53 +02:00
%else
2015-07-01 21:56:17 +02:00
%{_initddir} /%{name}
2012-10-03 11:45:50 +02:00
%{_sbindir} /rc%{name}
2015-07-01 21:56:17 +02:00
%dir %ghost %{_localstatedir} /run/%{name}
2013-09-23 11:42:53 +02:00
%endif
2015-07-01 21:56:17 +02:00
%{_bindir} /fail2ban-server
%{_bindir} /fail2ban-client
%{_bindir} /fail2ban-regex
%{python_sitelib} /%{name}
%exclude %{python_sitelib} /%{name} /tests
%{python_sitelib} /%{name} -*
%{_localstatedir} /adm/fillup-templates/sysconfig.%{name}
%{_mandir} /man1/*
%{_mandir} /man5/*
%doc README.md TODO ChangeLog COPYING doc/*.txt
2009-02-11 04:32:18 +01:00
2014-08-21 18:58:13 +02:00
%if 0%{?_unitdir:1}
2014-04-28 11:16:08 +02:00
%files -n SuSEfirewall2-fail2ban
%defattr (-,root,root)
2015-07-01 21:56:17 +02:00
%{_unitdir} /SuSEfirewall2.service.d
%{_unitdir} /fail2ban.service.d
2014-04-28 11:16:08 +02:00
%endif
2015-07-01 21:56:17 +02:00
%files tests
%defattr (-,root,root)
%{_bindir} /fail2ban-testcases
%{python_sitelib} /%{name} /tests
2014-06-25 17:39:26 +02:00
%files -n nagios-plugins-fail2ban
%defattr (-,root,root)
%doc files/nagios/README COPYING
2015-07-01 21:56:17 +02:00
%dir %{_libexecdir} /nagios
2014-06-25 17:39:26 +02:00
%dir %{nagios_plugindir}
%{nagios_plugindir} /check_fail2ban
2009-02-11 04:32:18 +01:00
%changelog
