From 6be289add438264702641c5afb07131d52329c8b08a09404a427608e6364135f Mon Sep 17 00:00:00 2001 From: Johannes Weberhofer Date: Thu, 21 Aug 2014 13:18:17 +0000 Subject: [PATCH] Accepting request 245601 from home:weberho:BACKPORTS:webserver Updated patch information in the .changes and the spec file OBS-URL: https://build.opensuse.org/request/show/245601 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=47 --- 0.8.14.tar.gz | 3 + fail2ban-0.8.13.tar.bz2 | 3 - fail2ban-opensuse-locations.patch | 256 ++++++++++++++++++++++++++++++ fail2ban.changes | 14 ++ fail2ban.spec | 7 +- 5 files changed, 278 insertions(+), 5 deletions(-) create mode 100644 0.8.14.tar.gz delete mode 100644 fail2ban-0.8.13.tar.bz2 create mode 100644 fail2ban-opensuse-locations.patch diff --git a/0.8.14.tar.gz b/0.8.14.tar.gz new file mode 100644 index 0000000..9bdd071 --- /dev/null +++ b/0.8.14.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2d579d9f403eb95064781ffb28aca2b258ca55d7a2ba056a8fa2b3e6b79721f2 +size 228121 diff --git a/fail2ban-0.8.13.tar.bz2 b/fail2ban-0.8.13.tar.bz2 deleted file mode 100644 index 169ef85..0000000 --- a/fail2ban-0.8.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f709a6a180553bbb20b7c27d686703d930d50ea99aeed47e70df427b6de494d3 -size 188068 diff --git a/fail2ban-opensuse-locations.patch b/fail2ban-opensuse-locations.patch new file mode 100644 index 0000000..532ef37 --- /dev/null +++ b/fail2ban-opensuse-locations.patch @@ -0,0 +1,256 @@ +diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf +--- fail2ban-0.8.14.orig/config/jail.conf 2014-08-19 22:23:33.000000000 +0200 ++++ fail2ban-0.8.14/config/jail.conf 2014-08-20 17:39:21.428256837 +0200 +@@ -80,7 +80,7 @@ + enabled = false + filter = pam-generic + action = iptables-allports[name=pam,protocol=all] +-logpath = /var/log/secure ++logpath = /var/log/messages + + + [xinetd-fail] +@@ -97,7 +97,7 @@ + filter = sshd + action = iptables[name=SSH, port=ssh, protocol=tcp] + sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 5 + + +@@ -106,7 +106,7 @@ + enabled = false + filter = sshd-ddos + action = iptables[name=SSHDDOS, port=ssh, protocol=tcp] +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 2 + + +@@ -135,7 +135,7 @@ + filter = gssftpd + action = iptables[name=GSSFTPd, port=ftp, protocol=tcp] + sendmail-whois[name=GSSFTPd, dest=you@example.com] +-logpath = /var/log/daemon.log ++logpath = /var/log/messages + maxretry = 6 + + +@@ -144,7 +144,7 @@ + enabled = false + filter = pure-ftpd + action = iptables[name=pureftpd, port=ftp, protocol=tcp] +-logpath = /var/log/pureftpd.log ++logpath = /var/log/messages + maxretry = 6 + + +@@ -153,7 +153,7 @@ + enabled = false + filter = wuftpd + action = iptables[name=wuftpd, port=ftp, protocol=tcp] +-logpath = /var/log/daemon.log ++logpath = /var/log/messages + maxretry = 6 + + +@@ -162,7 +162,7 @@ + enabled = false + filter = sendmail-auth + action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] +-logpath = /var/log/mail.log ++logpath = /var/log/mail + + + [sendmail-reject] +@@ -170,7 +170,7 @@ + enabled = false + filter = sendmail-reject + action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] +-logpath = /var/log/mail.log ++logpath = /var/log/mail + + + # This jail forces the backend to "polling". +@@ -181,7 +181,7 @@ + backend = polling + action = iptables[name=sasl, port=smtp, protocol=tcp] + sendmail-whois[name=sasl, dest=you@example.com] +-logpath = /var/log/mail.log ++logpath = /var/log/mail + + + # ASSP SMTP Proxy Jail +@@ -202,7 +202,7 @@ + action = hostsdeny[daemon_list=sshd] + sendmail-whois[name=SSH, dest=you@example.com] + ignoreregex = for myuser from +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + + + # Here we use blackhole routes for not requiring any additional kernel support +@@ -212,7 +212,7 @@ + enabled = false + filter = sshd + action = route +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 5 + + +@@ -226,7 +226,7 @@ + enabled = false + filter = sshd + action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 5 + + +@@ -235,7 +235,7 @@ + enabled = false + filter = sshd + action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 5 + + +@@ -329,7 +329,7 @@ + enabled = false + filter = cyrus-imap + action = iptables-multiport[name=cyrus-imap,port="143,993"] +-logpath = /var/log/mail*log ++logpath = /var/log/mail + + + [courierlogin] +@@ -337,7 +337,7 @@ + enabled = false + filter = courierlogin + action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"] +-logpath = /var/log/mail*log ++logpath = /var/log/mail + + + [couriersmtp] +@@ -345,7 +345,7 @@ + enabled = false + filter = couriersmtp + action = iptables-multiport[name=couriersmtp,port="25,465,587"] +-logpath = /var/log/mail*log ++logpath = /var/log/mail + + + [qmail-rbl] +@@ -361,7 +361,7 @@ + enabled = false + filter = sieve + action = iptables-multiport[name=sieve,port="25,465,587"] +-logpath = /var/log/mail*log ++logpath = /var/log/mail + + + # Do not ban anybody. Just report information about the remote host. +@@ -396,7 +396,8 @@ + filter = apache-badbots + action = iptables-multiport[name=BadBots, port="http,https"] + sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] +-logpath = /var/www/*/logs/access_log ++logpath = /var/log/apache/access_log ++ /var/log/apache2/*/access_log + bantime = 172800 + maxretry = 1 + +@@ -466,7 +467,7 @@ + enabled = false + action = iptables-multiport[name=php-url-open, port="http,https"] + filter = php-url-fopen +-logpath = /var/www/*/logs/access_log ++logpath = /var/log/apache/access_log + maxretry = 1 + + +@@ -500,7 +501,7 @@ + filter = sshd + action = ipfw[localhost=192.168.0.1] + sendmail-whois[name="SSH,IPFW", dest=you@example.com] +-logpath = /var/log/auth.log ++logpath = /var/log/messages + ignoreip = 168.192.0.1 + + +@@ -531,7 +532,7 @@ + filter = named-refused + action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] + sendmail-whois[name=Named, dest=you@example.com] +-logpath = /var/log/named/security.log ++logpath = /var/lib/named/log/security.log + ignoreip = 168.192.0.1 + + +@@ -601,7 +602,7 @@ + filter = mysqld-auth + action = iptables[name=mysql, port=3306, protocol=tcp] + sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com] +-logpath = /var/log/mysqld.log ++logpath = /var/log/mysql/mysqld.log + maxretry = 5 + + +@@ -610,7 +611,7 @@ + enabled = false + filter = mysqld-auth + action = iptables[name=mysql, port=3306, protocol=tcp] +-logpath = /var/log/daemon.log ++logpath = /var/log/mysql/mysqld.log + maxretry = 5 + + +@@ -637,7 +638,7 @@ + enabled = false + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 5 + + +@@ -723,7 +724,7 @@ + enabled = false + filter = dovecot + action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] +-logpath = /var/log/mail.log ++logpath = /var/log/mail + + + [dovecot-auth] +@@ -731,7 +732,7 @@ + enabled = false + filter = dovecot + action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] +-logpath = /var/log/secure ++logpath = /var/log/mail + + + [solid-pop3d] +@@ -739,7 +740,7 @@ + enabled = false + filter = solid-pop3d + action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp] +-logpath = /var/log/mail.log ++logpath = /var/log/mail + + + [selinux-ssh] +@@ -761,7 +762,7 @@ + action = iptables[name=SSH, port=ssh, protocol=tcp] + sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"] + blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s] +-logpath = /var/log/sshd.log ++logpath = /var/log/messages + maxretry = 20 + + diff --git a/fail2ban.changes b/fail2ban.changes index 24f0bb6..7858f0d 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Aug 20 15:44:54 UTC 2014 - jweberhofer@weberhofer.at + +- update to 0.8.14 + * minor fixes for claimed Python 2.4 and 2.5 compatibility + * Handle case when inotify watch is auto deleted on file deletion to stop + error messages + * tests - fixed few "leaky" file descriptors when files were not closed while + being removed physically + * grep in mail*-whois-lines.conf now also matches end of line to work with + the recidive filter +- add fail2ban-opensuse-locations.patch to fix default locations as suggested + in bnc#878028 + ------------------------------------------------------------------- Wed Jun 25 15:13:37 UTC 2014 - lars@linux-schulserver.de diff --git a/fail2ban.spec b/fail2ban.spec index b6c3323..a5908a9 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -17,14 +17,14 @@ Name: fail2ban -Version: 0.8.13 +Version: 0.8.14 Release: 0 Url: http://www.fail2ban.org/ Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0+ Group: Productivity/Networking/Security -Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2 +Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz %if 0%{?suse_version} < 1230 # the init-script requires lsof Requires: lsof @@ -36,6 +36,8 @@ Source4: %{name}.service Source5: %{name}.tmpfiles Source6: sfw-fail2ban.conf Source7: f2b-restart.conf +# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhoferat -- update default locations for logfiles +Patch100: fail2ban-opensuse-locations.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?suse_version} >= 1230 @@ -92,6 +94,7 @@ Just have to run the following command: %prep %setup +%patch100 -p1 # correct doc-path sed -i -e 's|/usr/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py