Accepting request 39531 from security

Copy from security/fail2ban based on submit request 39531 from user coolo

OBS-URL: https://build.opensuse.org/request/show/39531
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=5

fail2ban.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed May  5 16:48:46 UTC 2010 - lchiquitto@novell.com
+
+- Create /var/run/fail2ban during startup to support systems that
+  mount /var/run as tmpfs
+- Build package as noarch
+- Spec file cleanup: fix a couple of rpmlint warnings
+- Init script: look for fail2ban-server when checking if the
+  daemon is running
+
 -------------------------------------------------------------------
 Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de
 

fail2ban.init

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 #     Template SUSE system startup script for example daemon fail2ban
-#     Copyright (C) 2009  Klaus Sinvogel, SUSE / Novell Inc.
+#     Copyright (C) 2010  Klaus Sinvogel, SUSE / Novell Inc.
 #          
 #     This library is free software; you can redistribute it and/or modify it
 #     under the terms of the GNU Lesser General Public License as published by
@@ -22,19 +22,23 @@
 ### BEGIN INIT INFO
 # Provides:          fail2ban
 # Required-Start:    $syslog $remote_fs $local_fs
-# Should-Start: $time $network iptables
+# Should-Start:      $time $network iptables
 # Required-Stop:     $syslog $remote_fs $local_fs
-# Should-Stop: $time $network iptables
+# Should-Stop:       $time $network iptables
 # Default-Start:     3 5
 # Default-Stop:      0 1 2 6
-# Short-Description: fail2ban daemon bans IPs with too many password failures 
+# Short-Description: Bans IPs with too many password failures 
 # Description:       Start fail2ban to scan logfiles and ban IP addresses
 #	which make too many logfiles failures, and/or sent e-mails about
 ### END INIT INFO
 
 # Check for missing binaries (stale symlinks should not happen)
-FAIL2BAN_BIN=/usr/bin/fail2ban-client
-test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; 
+FAIL2BAN_CLI=/usr/bin/fail2ban-client
+test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; 
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 5; fi; }
+FAIL2BAN_SRV=/usr/bin/fail2ban-server
+test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; 
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 5; fi; }
 
@@ -44,6 +48,9 @@ test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
 	if [ "$1" = "stop" ]; then exit 0;
 	else exit 6; fi; }
 
+# Socket directory
+FAIL2BAN_SOCK_DIR="/var/run/fail2ban"
+
 # Read config	
 . $FAIL2BAN_CONFIG
 
@@ -53,9 +60,13 @@ rc_reset
 case "$1" in
     start)
 	echo -n "Starting fail2ban "
+
+	if [ ! -d $FAIL2BAN_SOCK_DIR ]; then
+		mkdir -p $FAIL2BAN_SOCK_DIR
+	fi
 	## Start daemon with startproc(8). If this fails
 	## the return value is set appropriately by startproc.
-	/sbin/startproc $FAIL2BAN_BIN start
+	startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1
 
 	# Remember status and be verbose
 	rc_status -v
@@ -63,7 +74,7 @@ case "$1" in
     stop)
 	echo -n "Shutting down fail2ban "
 	## Stop daemon with built-in functionality 'stop'
-	/sbin/startproc $FAIL2BAN_BIN stop
+	startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
 
 	# Remember status and be verbose
 	rc_status -v
@@ -100,9 +111,7 @@ case "$1" in
 	## is running.
 
 	echo -n "Reload service fail2ban "
-	## if it supports it:
-	/sbin/killproc -HUP $FAIL2BAN_BIN
-	#touch /var/run/fail2ban/fail2ban.pid
+	killproc -HUP $FAIL2BAN_SRV
 	rc_status -v
 
 	## Otherwise:
@@ -115,8 +124,8 @@ case "$1" in
 
 	# If it supports signaling:
 	echo -n "Reload service fail2ban "
-	/sbin/killproc -HUP $FAIL2BAN_BIN
-	#touch /var/run/fail2ban/fail2ban.pid
+	startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
+
 	rc_status -v
 	
 	## Otherwise if it does not support reload:
@@ -137,7 +146,7 @@ case "$1" in
 	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
 	
 	# NOTE: checkproc returns LSB compliant status values.
-	/sbin/checkproc $FAIL2BAN_BIN
+	checkproc $FAIL2BAN_SRV
 	# NOTE: rc_status knows that we called this init script with
 	# "status" option and adapts its messages accordingly.
 	rc_status -v

fail2ban.spec

@@ -26,17 +26,17 @@ BuildRequires:  python-devel
 PreReq:         %fillup_prereq
 AutoReqProv:    on
 Version:        0.8.4
-Release:        1
+Release:        2
 Url:            http://www.fail2ban.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Summary:        fail2ban scans log files and bans IP addresses that makes too many failures
+BuildArch:      noarch
+Summary:        Bans IP addresses that make too many authentication failures
 Source0:        http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
 Source1:        %{name}.init
 Source2:        %{name}.sysconfig
-# Patch0:         fail2ban-0.8.3-config.patch
 
 %description
-fail2ban scans log files like /var/log/messages and bans IP addresses
+Fail2ban scans log files like /var/log/messages and bans IP addresses
 that makes too many password failures. It updates firewall rules to
 reject the IP address, can send e-mails, or set host.deny entries.
 These rules can be defined by the user. Fail2Ban can read multiple log
@@ -50,7 +50,6 @@ Authors:
 
 %prep
 %setup
-# %patch0 -p1 -b _orig
 perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
 
 %build
@@ -98,7 +97,7 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{n
 /usr/bin/%{name}*
 /usr/sbin/rc%{name}
 /usr/share/%{name}
-%dir /var/run/%{name}
+%dir %ghost /var/run/%{name}
 /var/adm/fillup-templates/sysconfig.%{name}
 %doc %{_mandir}/man1/*
 %doc COPYING ChangeLog README TODO files/cacti

fail2ban.sysconfig

@@ -12,7 +12,7 @@ DESCRIPTIVE="fail2ban daemon"
 ## Type:        string
 ## Default:     ""
 #
-# change FAIL2BAN_OPTIONS for arguments of start of cupsd
+# change FAIL2BAN_OPTIONS for arguments of start of fail2ban
 # e.g.  FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf"
 FAIL2BAN_OPTIONS=""