Accepting request 231797 from security

- Add a new subpackage to install systemd drop-ins that couple SuSEfirewall2 and fail2ban. (forwarded request 230864 from jengelh) OBS-URL: https://build.opensuse.org/request/show/231797 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=32
2014-05-02 11:55:17 +00:00 · 2014-05-02 11:55:17 +00:00 · 210a71f8fb
commit 210a71f8fb
parent b17e75956e 833b3f3a02
4 changed files with 63 additions and 10 deletions
--- a/f2b-restart.conf
+++ b/f2b-restart.conf
@ -0,0 +1,5 @@
 # When a restart is issued for SuSEfirewall2, fail2ban.service too must be
 # restarted, which is what this drop-in file does.
 [Unit]
 PartOf=SuSEfirewall2.service
--- a/fail2ban.changes
+++ b/fail2ban.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Feb 18 00:03:12 UTC 2014 - jengelh@inai.de
 - Add a new subpackage to install systemd drop-ins that couple
  SuSEfirewall2 and fail2ban. Added sfw-fail2ban.conf,
  f2b-restart.conf.
 -------------------------------------------------------------------
 Wed Jan 29 13:48:38 UTC 2014 - jweberhofer@weberhofer.at
--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -20,11 +20,10 @@ Name:           fail2ban
 Version:        0.8.12
 Release:        0
 Url:            http://www.fail2ban.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 Summary:        Bans IP addresses that make too many authentication failures
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2
 %if 0%{?suse_version} < 1230
 # the init-script requires lsof
@ -33,12 +32,20 @@ Source1:        %{name}.init
 %endif
 Source2:        %{name}.sysconfig
 Source3:        %{name}.logrotate
 %if 0%{?suse_version} >= 1230
 Source4:        %{name}.service
 Source5:        %{name}.tmpfiles
-%endif
+Source6:        sfw-fail2ban.conf
 Source7:        f2b-restart.conf
 # PATCH-FIX-UPSTREAM fix-for-upstream-firewallcmd-ipset.conf.patch rh#1046816
 Patch0:         fix-for-upstream-firewallcmd-ipset.conf.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %if 0%{?suse_version} >= 1230
 %{?systemd_requires}
 BuildRequires:  systemd
 %endif
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 Requires:       cron
 Requires:       iptables
 Requires:       logrotate
@ -49,12 +56,6 @@ Requires:       python-pyinotify
 %if 0%{?suse_version} >= 1220
 Requires:       python-gamin
 %endif
 %if 0%{?suse_version} >= 1230
 %{?systemd_requires}
 BuildRequires:  systemd
 %endif
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@ -63,6 +64,18 @@ reject the IP address, can send e-mails, or set host.deny entries.
 These rules can be defined by the user. Fail2Ban can read multiple log
 files such as sshd or Apache web server ones.
 %package -n SuSEfirewall2-fail2ban
 Summary:        systemd files for integrating fail2ban into SuSEfirewall2
 Group:          Productivity/Networking/Security
 BuildArch:      noarch
 Requires:       SuSEfirewall2
 Requires:       fail2ban
 %description -n SuSEfirewall2-fail2ban
 This package ships systemd files which will cause fail2ban to be ordered
 in relation to SuSEfirewall2 such that the two can be run concurrently
 within reason, i.e. SFW will always run first because it does a table flush.
 %prep
 %setup
 %patch0 -p1
@ -101,6 +114,12 @@ install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service
 install -d -m755 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/
 install -m644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
 %endif
 %if "%_unitdir" != ""
 install -Dm0644 "%_sourcedir/sfw-fail2ban.conf" \
 	"%buildroot/%_unitdir/SuSEfirewall2.service.d/fail2ban.conf"
 install -Dm0644 "%_sourcedir/f2b-restart.conf" \
 	"%buildroot/%_unitdir/fail2ban.service.d/SuSEfirewall2.conf"
 %endif
 %pre
 %if 0%{?suse_version} >= 1230
@ -129,6 +148,14 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
 %insserv_cleanup
 %endif
 %if "%_unitdir" != ""
 %post -n SuSEfirewall2-fail2ban
 %_bindir/systemctl daemon-reload >/dev/null 2>&1 || :
 %postun -n SuSEfirewall2-fail2ban
 %_bindir/systemctl daemon-reload >/dev/null 2>&1 || :
 %endif
 %files
 %defattr(-, root, root)
 %dir %{_sysconfdir}/%{name}
@ -152,4 +179,11 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
 %doc %{_mandir}/man1/*
 %doc COPYING ChangeLog DEVELOP README.md TODO files/cacti
 %if "%{?_unitdir}" != ""
 %files -n SuSEfirewall2-fail2ban
 %defattr(-,root,root)
 %_unitdir/SuSEfirewall2.service.d
 %_unitdir/fail2ban.service.d
 %endif
 %changelog
--- a/sfw-fail2ban.conf
+++ b/sfw-fail2ban.conf
@ -0,0 +1,7 @@
 # This drop-in file extends SuSEfirewall2.service to also start
 # fail2ban.service, and to make sure that fail2ban is only (re)started after
 # SFW has completed.
 [Unit]
 Wants=fail2ban.service
 Before=fail2ban.service