forked from pool/fail2ban
Accepting request 39531 from security
Copy from security/fail2ban based on submit request 39531 from user coolo OBS-URL: https://build.opensuse.org/request/show/39531 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=5
This commit is contained in:
parent
6140cbddc2
commit
e98ef5911e
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 5 16:48:46 UTC 2010 - lchiquitto@novell.com
|
||||||
|
|
||||||
|
- Create /var/run/fail2ban during startup to support systems that
|
||||||
|
mount /var/run as tmpfs
|
||||||
|
- Build package as noarch
|
||||||
|
- Spec file cleanup: fix a couple of rpmlint warnings
|
||||||
|
- Init script: look for fail2ban-server when checking if the
|
||||||
|
daemon is running
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de
|
Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Template SUSE system startup script for example daemon fail2ban
|
# Template SUSE system startup script for example daemon fail2ban
|
||||||
# Copyright (C) 2009 Klaus Sinvogel, SUSE / Novell Inc.
|
# Copyright (C) 2010 Klaus Sinvogel, SUSE / Novell Inc.
|
||||||
#
|
#
|
||||||
# This library is free software; you can redistribute it and/or modify it
|
# This library is free software; you can redistribute it and/or modify it
|
||||||
# under the terms of the GNU Lesser General Public License as published by
|
# under the terms of the GNU Lesser General Public License as published by
|
||||||
@ -22,19 +22,23 @@
|
|||||||
### BEGIN INIT INFO
|
### BEGIN INIT INFO
|
||||||
# Provides: fail2ban
|
# Provides: fail2ban
|
||||||
# Required-Start: $syslog $remote_fs $local_fs
|
# Required-Start: $syslog $remote_fs $local_fs
|
||||||
# Should-Start: $time $network iptables
|
# Should-Start: $time $network iptables
|
||||||
# Required-Stop: $syslog $remote_fs $local_fs
|
# Required-Stop: $syslog $remote_fs $local_fs
|
||||||
# Should-Stop: $time $network iptables
|
# Should-Stop: $time $network iptables
|
||||||
# Default-Start: 3 5
|
# Default-Start: 3 5
|
||||||
# Default-Stop: 0 1 2 6
|
# Default-Stop: 0 1 2 6
|
||||||
# Short-Description: fail2ban daemon bans IPs with too many password failures
|
# Short-Description: Bans IPs with too many password failures
|
||||||
# Description: Start fail2ban to scan logfiles and ban IP addresses
|
# Description: Start fail2ban to scan logfiles and ban IP addresses
|
||||||
# which make too many logfiles failures, and/or sent e-mails about
|
# which make too many logfiles failures, and/or sent e-mails about
|
||||||
### END INIT INFO
|
### END INIT INFO
|
||||||
|
|
||||||
# Check for missing binaries (stale symlinks should not happen)
|
# Check for missing binaries (stale symlinks should not happen)
|
||||||
FAIL2BAN_BIN=/usr/bin/fail2ban-client
|
FAIL2BAN_CLI=/usr/bin/fail2ban-client
|
||||||
test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed";
|
test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed";
|
||||||
|
if [ "$1" = "stop" ]; then exit 0;
|
||||||
|
else exit 5; fi; }
|
||||||
|
FAIL2BAN_SRV=/usr/bin/fail2ban-server
|
||||||
|
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed";
|
||||||
if [ "$1" = "stop" ]; then exit 0;
|
if [ "$1" = "stop" ]; then exit 0;
|
||||||
else exit 5; fi; }
|
else exit 5; fi; }
|
||||||
|
|
||||||
@ -44,6 +48,9 @@ test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
|
|||||||
if [ "$1" = "stop" ]; then exit 0;
|
if [ "$1" = "stop" ]; then exit 0;
|
||||||
else exit 6; fi; }
|
else exit 6; fi; }
|
||||||
|
|
||||||
|
# Socket directory
|
||||||
|
FAIL2BAN_SOCK_DIR="/var/run/fail2ban"
|
||||||
|
|
||||||
# Read config
|
# Read config
|
||||||
. $FAIL2BAN_CONFIG
|
. $FAIL2BAN_CONFIG
|
||||||
|
|
||||||
@ -53,9 +60,13 @@ rc_reset
|
|||||||
case "$1" in
|
case "$1" in
|
||||||
start)
|
start)
|
||||||
echo -n "Starting fail2ban "
|
echo -n "Starting fail2ban "
|
||||||
|
|
||||||
|
if [ ! -d $FAIL2BAN_SOCK_DIR ]; then
|
||||||
|
mkdir -p $FAIL2BAN_SOCK_DIR
|
||||||
|
fi
|
||||||
## Start daemon with startproc(8). If this fails
|
## Start daemon with startproc(8). If this fails
|
||||||
## the return value is set appropriately by startproc.
|
## the return value is set appropriately by startproc.
|
||||||
/sbin/startproc $FAIL2BAN_BIN start
|
startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1
|
||||||
|
|
||||||
# Remember status and be verbose
|
# Remember status and be verbose
|
||||||
rc_status -v
|
rc_status -v
|
||||||
@ -63,7 +74,7 @@ case "$1" in
|
|||||||
stop)
|
stop)
|
||||||
echo -n "Shutting down fail2ban "
|
echo -n "Shutting down fail2ban "
|
||||||
## Stop daemon with built-in functionality 'stop'
|
## Stop daemon with built-in functionality 'stop'
|
||||||
/sbin/startproc $FAIL2BAN_BIN stop
|
startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
|
||||||
|
|
||||||
# Remember status and be verbose
|
# Remember status and be verbose
|
||||||
rc_status -v
|
rc_status -v
|
||||||
@ -100,9 +111,7 @@ case "$1" in
|
|||||||
## is running.
|
## is running.
|
||||||
|
|
||||||
echo -n "Reload service fail2ban "
|
echo -n "Reload service fail2ban "
|
||||||
## if it supports it:
|
killproc -HUP $FAIL2BAN_SRV
|
||||||
/sbin/killproc -HUP $FAIL2BAN_BIN
|
|
||||||
#touch /var/run/fail2ban/fail2ban.pid
|
|
||||||
rc_status -v
|
rc_status -v
|
||||||
|
|
||||||
## Otherwise:
|
## Otherwise:
|
||||||
@ -115,8 +124,8 @@ case "$1" in
|
|||||||
|
|
||||||
# If it supports signaling:
|
# If it supports signaling:
|
||||||
echo -n "Reload service fail2ban "
|
echo -n "Reload service fail2ban "
|
||||||
/sbin/killproc -HUP $FAIL2BAN_BIN
|
startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
|
||||||
#touch /var/run/fail2ban/fail2ban.pid
|
|
||||||
rc_status -v
|
rc_status -v
|
||||||
|
|
||||||
## Otherwise if it does not support reload:
|
## Otherwise if it does not support reload:
|
||||||
@ -137,7 +146,7 @@ case "$1" in
|
|||||||
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
|
||||||
|
|
||||||
# NOTE: checkproc returns LSB compliant status values.
|
# NOTE: checkproc returns LSB compliant status values.
|
||||||
/sbin/checkproc $FAIL2BAN_BIN
|
checkproc $FAIL2BAN_SRV
|
||||||
# NOTE: rc_status knows that we called this init script with
|
# NOTE: rc_status knows that we called this init script with
|
||||||
# "status" option and adapts its messages accordingly.
|
# "status" option and adapts its messages accordingly.
|
||||||
rc_status -v
|
rc_status -v
|
||||||
|
@ -26,17 +26,17 @@ BuildRequires: python-devel
|
|||||||
PreReq: %fillup_prereq
|
PreReq: %fillup_prereq
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 0.8.4
|
Version: 0.8.4
|
||||||
Release: 1
|
Release: 2
|
||||||
Url: http://www.fail2ban.org/
|
Url: http://www.fail2ban.org/
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
Summary: fail2ban scans log files and bans IP addresses that makes too many failures
|
BuildArch: noarch
|
||||||
|
Summary: Bans IP addresses that make too many authentication failures
|
||||||
Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
|
Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
|
||||||
Source1: %{name}.init
|
Source1: %{name}.init
|
||||||
Source2: %{name}.sysconfig
|
Source2: %{name}.sysconfig
|
||||||
# Patch0: fail2ban-0.8.3-config.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
fail2ban scans log files like /var/log/messages and bans IP addresses
|
Fail2ban scans log files like /var/log/messages and bans IP addresses
|
||||||
that makes too many password failures. It updates firewall rules to
|
that makes too many password failures. It updates firewall rules to
|
||||||
reject the IP address, can send e-mails, or set host.deny entries.
|
reject the IP address, can send e-mails, or set host.deny entries.
|
||||||
These rules can be defined by the user. Fail2Ban can read multiple log
|
These rules can be defined by the user. Fail2Ban can read multiple log
|
||||||
@ -50,7 +50,6 @@ Authors:
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup
|
%setup
|
||||||
# %patch0 -p1 -b _orig
|
|
||||||
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
|
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -98,7 +97,7 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{n
|
|||||||
/usr/bin/%{name}*
|
/usr/bin/%{name}*
|
||||||
/usr/sbin/rc%{name}
|
/usr/sbin/rc%{name}
|
||||||
/usr/share/%{name}
|
/usr/share/%{name}
|
||||||
%dir /var/run/%{name}
|
%dir %ghost /var/run/%{name}
|
||||||
/var/adm/fillup-templates/sysconfig.%{name}
|
/var/adm/fillup-templates/sysconfig.%{name}
|
||||||
%doc %{_mandir}/man1/*
|
%doc %{_mandir}/man1/*
|
||||||
%doc COPYING ChangeLog README TODO files/cacti
|
%doc COPYING ChangeLog README TODO files/cacti
|
||||||
|
@ -12,7 +12,7 @@ DESCRIPTIVE="fail2ban daemon"
|
|||||||
## Type: string
|
## Type: string
|
||||||
## Default: ""
|
## Default: ""
|
||||||
#
|
#
|
||||||
# change FAIL2BAN_OPTIONS for arguments of start of cupsd
|
# change FAIL2BAN_OPTIONS for arguments of start of fail2ban
|
||||||
# e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf"
|
# e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf"
|
||||||
FAIL2BAN_OPTIONS=""
|
FAIL2BAN_OPTIONS=""
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user