From e98ef5911e4db35cd88f9d5b919fc005a96b1f926ae7676c97306e50ab059c9f Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 7 May 2010 14:09:42 +0000 Subject: [PATCH] Accepting request 39531 from security Copy from security/fail2ban based on submit request 39531 from user coolo OBS-URL: https://build.opensuse.org/request/show/39531 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=5 --- fail2ban.changes | 10 ++++++++++ fail2ban.init | 37 +++++++++++++++++++++++-------------- fail2ban.spec | 11 +++++------ fail2ban.sysconfig | 2 +- 4 files changed, 39 insertions(+), 21 deletions(-) diff --git a/fail2ban.changes b/fail2ban.changes index 8e6ff02..79c4a46 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed May 5 16:48:46 UTC 2010 - lchiquitto@novell.com + +- Create /var/run/fail2ban during startup to support systems that + mount /var/run as tmpfs +- Build package as noarch +- Spec file cleanup: fix a couple of rpmlint warnings +- Init script: look for fail2ban-server when checking if the + daemon is running + ------------------------------------------------------------------- Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de diff --git a/fail2ban.init b/fail2ban.init index cecea43..cc945cb 100644 --- a/fail2ban.init +++ b/fail2ban.init @@ -1,7 +1,7 @@ #!/bin/sh # # Template SUSE system startup script for example daemon fail2ban -# Copyright (C) 2009 Klaus Sinvogel, SUSE / Novell Inc. +# Copyright (C) 2010 Klaus Sinvogel, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by @@ -22,19 +22,23 @@ ### BEGIN INIT INFO # Provides: fail2ban # Required-Start: $syslog $remote_fs $local_fs -# Should-Start: $time $network iptables +# Should-Start: $time $network iptables # Required-Stop: $syslog $remote_fs $local_fs -# Should-Stop: $time $network iptables +# Should-Stop: $time $network iptables # Default-Start: 3 5 # Default-Stop: 0 1 2 6 -# Short-Description: fail2ban daemon bans IPs with too many password failures +# Short-Description: Bans IPs with too many password failures # Description: Start fail2ban to scan logfiles and ban IP addresses # which make too many logfiles failures, and/or sent e-mails about ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) -FAIL2BAN_BIN=/usr/bin/fail2ban-client -test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; +FAIL2BAN_CLI=/usr/bin/fail2ban-client +test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } +FAIL2BAN_SRV=/usr/bin/fail2ban-server +test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } @@ -44,6 +48,9 @@ test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } +# Socket directory +FAIL2BAN_SOCK_DIR="/var/run/fail2ban" + # Read config . $FAIL2BAN_CONFIG @@ -53,9 +60,13 @@ rc_reset case "$1" in start) echo -n "Starting fail2ban " + + if [ ! -d $FAIL2BAN_SOCK_DIR ]; then + mkdir -p $FAIL2BAN_SOCK_DIR + fi ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. - /sbin/startproc $FAIL2BAN_BIN start + startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1 # Remember status and be verbose rc_status -v @@ -63,7 +74,7 @@ case "$1" in stop) echo -n "Shutting down fail2ban " ## Stop daemon with built-in functionality 'stop' - /sbin/startproc $FAIL2BAN_BIN stop + startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1 # Remember status and be verbose rc_status -v @@ -100,9 +111,7 @@ case "$1" in ## is running. echo -n "Reload service fail2ban " - ## if it supports it: - /sbin/killproc -HUP $FAIL2BAN_BIN - #touch /var/run/fail2ban/fail2ban.pid + killproc -HUP $FAIL2BAN_SRV rc_status -v ## Otherwise: @@ -115,8 +124,8 @@ case "$1" in # If it supports signaling: echo -n "Reload service fail2ban " - /sbin/killproc -HUP $FAIL2BAN_BIN - #touch /var/run/fail2ban/fail2ban.pid + startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1 + rc_status -v ## Otherwise if it does not support reload: @@ -137,7 +146,7 @@ case "$1" in # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. - /sbin/checkproc $FAIL2BAN_BIN + checkproc $FAIL2BAN_SRV # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v diff --git a/fail2ban.spec b/fail2ban.spec index 9249c13..80b6fdb 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -26,17 +26,17 @@ BuildRequires: python-devel PreReq: %fillup_prereq AutoReqProv: on Version: 0.8.4 -Release: 1 +Release: 2 Url: http://www.fail2ban.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build -Summary: fail2ban scans log files and bans IP addresses that makes too many failures +BuildArch: noarch +Summary: Bans IP addresses that make too many authentication failures Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2 Source1: %{name}.init Source2: %{name}.sysconfig -# Patch0: fail2ban-0.8.3-config.patch %description -fail2ban scans log files like /var/log/messages and bans IP addresses +Fail2ban scans log files like /var/log/messages and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address, can send e-mails, or set host.deny entries. These rules can be defined by the user. Fail2Ban can read multiple log @@ -50,7 +50,6 @@ Authors: %prep %setup -# %patch0 -p1 -b _orig perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd %build @@ -98,7 +97,7 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{n /usr/bin/%{name}* /usr/sbin/rc%{name} /usr/share/%{name} -%dir /var/run/%{name} +%dir %ghost /var/run/%{name} /var/adm/fillup-templates/sysconfig.%{name} %doc %{_mandir}/man1/* %doc COPYING ChangeLog README TODO files/cacti diff --git a/fail2ban.sysconfig b/fail2ban.sysconfig index 04a682e..9b71cb3 100644 --- a/fail2ban.sysconfig +++ b/fail2ban.sysconfig @@ -12,7 +12,7 @@ DESCRIPTIVE="fail2ban daemon" ## Type: string ## Default: "" # -# change FAIL2BAN_OPTIONS for arguments of start of cupsd +# change FAIL2BAN_OPTIONS for arguments of start of fail2ban # e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf" FAIL2BAN_OPTIONS=""