rpm/fail2ban
SHA256
1
0
Fork 0
forked from pool/fail2ban
Code Pull Requests Activity

Accepting request 245652 from security

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/245652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=33
This commit is contained in:
Stephan Kulow 2014-08-25 09:03:47 +00:00 committed by Git OBS Bridge
commit 2edba31972
6 changed files with 340 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
0.8.14.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2d579d9f403eb95064781ffb28aca2b258ca55d7a2ba056a8fa2b3e6b79721f2
size 228121

3
fail2ban-0.8.12.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2cdd7cbbf8b770715ce0068aec9dd8857388cd4d690fd5211907d7f2f3bdcde4
size 169644

256
fail2ban-opensuse-locations.patch Normal file
View File

@ -0,0 +1,256 @@
diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf
--- fail2ban-0.8.14.orig/config/jail.conf 2014-08-19 22:23:33.000000000 +0200
+++ fail2ban-0.8.14/config/jail.conf 2014-08-20 17:39:21.428256837 +0200
@@ -80,7 +80,7 @@
enabled = false
filter = pam-generic
action = iptables-allports[name=pam,protocol=all]
-logpath = /var/log/secure
+logpath = /var/log/messages
[xinetd-fail]
@@ -97,7 +97,7 @@
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 5
@@ -106,7 +106,7 @@
enabled = false
filter = sshd-ddos
action = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 2
@@ -135,7 +135,7 @@
filter = gssftpd
action = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
sendmail-whois[name=GSSFTPd, dest=you@example.com]
-logpath = /var/log/daemon.log
+logpath = /var/log/messages
maxretry = 6
@@ -144,7 +144,7 @@
enabled = false
filter = pure-ftpd
action = iptables[name=pureftpd, port=ftp, protocol=tcp]
-logpath = /var/log/pureftpd.log
+logpath = /var/log/messages
maxretry = 6
@@ -153,7 +153,7 @@
enabled = false
filter = wuftpd
action = iptables[name=wuftpd, port=ftp, protocol=tcp]
-logpath = /var/log/daemon.log
+logpath = /var/log/messages
maxretry = 6
@@ -162,7 +162,7 @@
enabled = false
filter = sendmail-auth
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
-logpath = /var/log/mail.log
+logpath = /var/log/mail
[sendmail-reject]
@@ -170,7 +170,7 @@
enabled = false
filter = sendmail-reject
action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
-logpath = /var/log/mail.log
+logpath = /var/log/mail
# This jail forces the backend to "polling".
@@ -181,7 +181,7 @@
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=you@example.com]
-logpath = /var/log/mail.log
+logpath = /var/log/mail
# ASSP SMTP Proxy Jail
@@ -202,7 +202,7 @@
action = hostsdeny[daemon_list=sshd]
sendmail-whois[name=SSH, dest=you@example.com]
ignoreregex = for myuser from
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
# Here we use blackhole routes for not requiring any additional kernel support
@@ -212,7 +212,7 @@
enabled = false
filter = sshd
action = route
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 5
@@ -226,7 +226,7 @@
enabled = false
filter = sshd
action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 5
@@ -235,7 +235,7 @@
enabled = false
filter = sshd
action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 5
@@ -329,7 +329,7 @@
enabled = false
filter = cyrus-imap
action = iptables-multiport[name=cyrus-imap,port="143,993"]
-logpath = /var/log/mail*log
+logpath = /var/log/mail
[courierlogin]
@@ -337,7 +337,7 @@
enabled = false
filter = courierlogin
action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
-logpath = /var/log/mail*log
+logpath = /var/log/mail
[couriersmtp]
@@ -345,7 +345,7 @@
enabled = false
filter = couriersmtp
action = iptables-multiport[name=couriersmtp,port="25,465,587"]
-logpath = /var/log/mail*log
+logpath = /var/log/mail
[qmail-rbl]
@@ -361,7 +361,7 @@
enabled = false
filter = sieve
action = iptables-multiport[name=sieve,port="25,465,587"]
-logpath = /var/log/mail*log
+logpath = /var/log/mail
# Do not ban anybody. Just report information about the remote host.
@@ -396,7 +396,8 @@
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
-logpath = /var/www/*/logs/access_log
+logpath = /var/log/apache/access_log
+ /var/log/apache2/*/access_log
bantime = 172800
maxretry = 1
@@ -466,7 +467,7 @@
enabled = false
action = iptables-multiport[name=php-url-open, port="http,https"]
filter = php-url-fopen
-logpath = /var/www/*/logs/access_log
+logpath = /var/log/apache/access_log
maxretry = 1
@@ -500,7 +501,7 @@
filter = sshd
action = ipfw[localhost=192.168.0.1]
sendmail-whois[name="SSH,IPFW", dest=you@example.com]
-logpath = /var/log/auth.log
+logpath = /var/log/messages
ignoreip = 168.192.0.1
@@ -531,7 +532,7 @@
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
sendmail-whois[name=Named, dest=you@example.com]
-logpath = /var/log/named/security.log
+logpath = /var/lib/named/log/security.log
ignoreip = 168.192.0.1
@@ -601,7 +602,7 @@
filter = mysqld-auth
action = iptables[name=mysql, port=3306, protocol=tcp]
sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
-logpath = /var/log/mysqld.log
+logpath = /var/log/mysql/mysqld.log
maxretry = 5
@@ -610,7 +611,7 @@
enabled = false
filter = mysqld-auth
action = iptables[name=mysql, port=3306, protocol=tcp]
-logpath = /var/log/daemon.log
+logpath = /var/log/mysql/mysqld.log
maxretry = 5
@@ -637,7 +638,7 @@
enabled = false
filter = sshd
action = pf
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 5
@@ -723,7 +724,7 @@
enabled = false
filter = dovecot
action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
-logpath = /var/log/mail.log
+logpath = /var/log/mail
[dovecot-auth]
@@ -731,7 +732,7 @@
enabled = false
filter = dovecot
action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
-logpath = /var/log/secure
+logpath = /var/log/mail
[solid-pop3d]
@@ -739,7 +740,7 @@
enabled = false
filter = solid-pop3d
action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
-logpath = /var/log/mail.log
+logpath = /var/log/mail
[selinux-ssh]
@@ -761,7 +762,7 @@
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
-logpath = /var/log/sshd.log
+logpath = /var/log/messages
maxretry = 20

43
fail2ban.changes
View File

@ -1,3 +1,46 @@
-------------------------------------------------------------------
Thu Aug 21 16:50:20 UTC 2014 - jweberhofer@weberhofer.at
- Fixed check for %_unitdir to make fail2ban build under older systems, too.
- Changed /usr to %{_prefix} in the spec file
-------------------------------------------------------------------
Wed Aug 20 15:44:54 UTC 2014 - jweberhofer@weberhofer.at
- update to 0.8.14
* minor fixes for claimed Python 2.4 and 2.5 compatibility
* Handle case when inotify watch is auto deleted on file deletion to stop
error messages
* tests - fixed few "leaky" file descriptors when files were not closed while
being removed physically
* grep in mail*-whois-lines.conf now also matches end of line to work with
the recidive filter
- add fail2ban-opensuse-locations.patch to fix default locations as suggested
in bnc#878028
-------------------------------------------------------------------
Wed Jun 25 15:13:37 UTC 2014 - lars@linux-schulserver.de
- update to 0.8.13:
+ Fixes:
- action firewallcmd-ipset had non-working actioncheck. Removed.
redhat bug #1046816.
- filter pureftpd - added _daemon which got removed. Added
+ New Features:
- filter nagios - detects unauthorized access to the nrpe daemon (Ivo Truxa)
- filter sendmail-{auth,reject} (jserrachinha and cepheid666 and fab23).
+ Enhancements:
- filter asterisk now supports syslog format
- filter pureftpd - added all translations of "Authentication failed for
user"
- filter dovecot - lip= was optional and extended TLS errors can occur.
Thanks Noel Butler.
- removed fix-for-upstream-firewallcmd-ipset.conf.patch : fixed
upstream
- split out nagios-plugins-fail2ban package
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 18 00:03:12 UTC 2014 - jengelh@inai.de Tue Feb 18 00:03:12 UTC 2014 - jengelh@inai.de

52
fail2ban.spec
View File

@ -17,14 +17,14 @@
Name: fail2ban Name: fail2ban
Version: 0.8.12 Version: 0.8.14
Release: 0 Release: 0
Url: http://www.fail2ban.org/ Url: http://www.fail2ban.org/
Summary: Bans IP addresses that make too many authentication failures Summary: Bans IP addresses that make too many authentication failures
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2 Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz
%if 0%{?suse_version} < 1230 %if 0%{?suse_version} < 1230
# the init-script requires lsof # the init-script requires lsof
Requires: lsof Requires: lsof
@ -36,8 +36,8 @@ Source4: %{name}.service
Source5: %{name}.tmpfiles Source5: %{name}.tmpfiles
Source6: sfw-fail2ban.conf Source6: sfw-fail2ban.conf
Source7: f2b-restart.conf Source7: f2b-restart.conf
# PATCH-FIX-UPSTREAM fix-for-upstream-firewallcmd-ipset.conf.patch rh#1046816 # PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhoferat -- update default locations for logfiles
Patch0: fix-for-upstream-firewallcmd-ipset.conf.patch Patch100: fail2ban-opensuse-locations.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
%if 0%{?suse_version} >= 1230 %if 0%{?suse_version} >= 1230
@ -65,7 +65,7 @@ These rules can be defined by the user. Fail2Ban can read multiple log
files such as sshd or Apache web server ones. files such as sshd or Apache web server ones.
%package -n SuSEfirewall2-fail2ban %package -n SuSEfirewall2-fail2ban
Summary: systemd files for integrating fail2ban into SuSEfirewall2 Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
BuildArch: noarch BuildArch: noarch
Requires: SuSEfirewall2 Requires: SuSEfirewall2
@ -76,11 +76,27 @@ This package ships systemd files which will cause fail2ban to be ordered
in relation to SuSEfirewall2 such that the two can be run concurrently in relation to SuSEfirewall2 such that the two can be run concurrently
within reason, i.e. SFW will always run first because it does a table flush. within reason, i.e. SFW will always run first because it does a table flush.
%package -n nagios-plugins-fail2ban
Summary: Check fail2ban server and how many IPs are currently banned
Group: System/Monitoring
%define nagios_plugindir %{_prefix}/lib/nagios/plugins
%description -n nagios-plugins-fail2ban
This plugin checks if the fail2ban server is running and how many IPs are
currently banned. You can use this plugin to monitor all the jails or just a
specific jail.
How to use
----------
Just have to run the following command:
$ ./check_fail2ban --help
%prep %prep
%setup %setup
%patch0 -p1 %patch100 -p1
# correct doc-path # correct doc-path
sed -i -e 's|/usr/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py sed -i -e 's|%{_prefix}/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py
%build %build
export CFLAGS="$RPM_OPT_FLAGS" export CFLAGS="$RPM_OPT_FLAGS"
@ -111,15 +127,16 @@ install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir} install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service
install -d -m755 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/ install -d -m755 $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/
install -m644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf install -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf
%endif %endif
%if "%_unitdir" != "" %if 0%{?_unitdir:1}
install -Dm0644 "%_sourcedir/sfw-fail2ban.conf" \ install -Dm0644 "%_sourcedir/sfw-fail2ban.conf" \
"%buildroot/%_unitdir/SuSEfirewall2.service.d/fail2ban.conf" "%buildroot/%_unitdir/SuSEfirewall2.service.d/fail2ban.conf"
install -Dm0644 "%_sourcedir/f2b-restart.conf" \ install -Dm0644 "%_sourcedir/f2b-restart.conf" \
"%buildroot/%_unitdir/fail2ban.service.d/SuSEfirewall2.conf" "%buildroot/%_unitdir/fail2ban.service.d/SuSEfirewall2.conf"
%endif %endif
install -Dm755 files/nagios/check_fail2ban %{buildroot}/%{nagios_plugindir}/check_fail2ban
%pre %pre
%if 0%{?suse_version} >= 1230 %if 0%{?suse_version} >= 1230
@ -129,7 +146,7 @@ install -Dm0644 "%_sourcedir/f2b-restart.conf" \
%post %post
%{fillup_only} %{fillup_only}
%if 0%{?suse_version} >= 1230 %if 0%{?suse_version} >= 1230
systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf
%service_add_post %{name}.service %service_add_post %{name}.service
%endif %endif
@ -148,7 +165,7 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
%insserv_cleanup %insserv_cleanup
%endif %endif
%if "%_unitdir" != "" %if 0%{?_unitdir:1}
%post -n SuSEfirewall2-fail2ban %post -n SuSEfirewall2-fail2ban
%_bindir/systemctl daemon-reload >/dev/null 2>&1 || : %_bindir/systemctl daemon-reload >/dev/null 2>&1 || :
@ -167,7 +184,7 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
%config %{_sysconfdir}/logrotate.d/fail2ban %config %{_sysconfdir}/logrotate.d/fail2ban
%if 0%{?suse_version} >= 1230 %if 0%{?suse_version} >= 1230
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
/usr/lib/tmpfiles.d/%{name}.conf %{_prefix}/lib/tmpfiles.d/%{name}.conf
%else %else
%{_initrddir}/%{name} %{_initrddir}/%{name}
%{_sbindir}/rc%{name} %{_sbindir}/rc%{name}
@ -179,11 +196,18 @@ systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
%doc %{_mandir}/man1/* %doc %{_mandir}/man1/*
%doc COPYING ChangeLog DEVELOP README.md TODO files/cacti %doc COPYING ChangeLog DEVELOP README.md TODO files/cacti
%if "%{?_unitdir}" != "" %if 0%{?_unitdir:1}
%files -n SuSEfirewall2-fail2ban %files -n SuSEfirewall2-fail2ban
%defattr(-,root,root) %defattr(-,root,root)
%_unitdir/SuSEfirewall2.service.d %_unitdir/SuSEfirewall2.service.d
%_unitdir/fail2ban.service.d %_unitdir/fail2ban.service.d
%endif %endif
%files -n nagios-plugins-fail2ban
%defattr(-,root,root)
%doc files/nagios/README COPYING
%dir %{_prefix}/lib/nagios
%dir %{nagios_plugindir}
%{nagios_plugindir}/check_fail2ban
%changelog %changelog

23
fix-for-upstream-firewallcmd-ipset.conf.patch
View File

@ -1,23 +0,0 @@
diff -ur fail2ban-0.8.12.orig/config/action.d/firewallcmd-ipset.conf fail2ban-0.8.12/config/action.d/firewallcmd-ipset.conf
--- fail2ban-0.8.12.orig/config/action.d/firewallcmd-ipset.conf 2014-01-16 09:20:14.000000000 +0100
+++ fail2ban-0.8.12/config/action.d/firewallcmd-ipset.conf 2014-01-23 22:43:53.115263616 +0100
@@ -25,8 +25,6 @@
ipset flush fail2ban-<name>
ipset destroy fail2ban-<name>
-actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q '^fail2ban-<name>$'
-
actionban = ipset add fail2ban-<name> <ip> timeout <bantime> -exist
actionunban = ipset del fail2ban-<name> <ip> -exist
diff -ur fail2ban-0.8.12.orig/THANKS fail2ban-0.8.12/THANKS
--- fail2ban-0.8.12.orig/THANKS 2014-01-21 21:59:49.000000000 +0100
+++ fail2ban-0.8.12/THANKS 2014-01-23 22:43:53.115263616 +0100
@@ -30,6 +30,7 @@
Daniel B.
Daniel Black
David Nutter
+Derek Atkins
Eric Gerbier
Enrico Labedzki
ftoppi