SHA256
1
0
forked from pool/fail2ban

Accepting request 39531 from security

Copy from security/fail2ban based on submit request 39531 from user coolo

OBS-URL: https://build.opensuse.org/request/show/39531
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=5
This commit is contained in:
OBS User autobuild 2010-05-07 14:09:42 +00:00 committed by Git OBS Bridge
parent 6140cbddc2
commit e98ef5911e
4 changed files with 39 additions and 21 deletions

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed May 5 16:48:46 UTC 2010 - lchiquitto@novell.com
- Create /var/run/fail2ban during startup to support systems that
mount /var/run as tmpfs
- Build package as noarch
- Spec file cleanup: fix a couple of rpmlint warnings
- Init script: look for fail2ban-server when checking if the
daemon is running
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.de

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
# #
# Template SUSE system startup script for example daemon fail2ban # Template SUSE system startup script for example daemon fail2ban
# Copyright (C) 2009 Klaus Sinvogel, SUSE / Novell Inc. # Copyright (C) 2010 Klaus Sinvogel, SUSE / Novell Inc.
# #
# This library is free software; you can redistribute it and/or modify it # This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by # under the terms of the GNU Lesser General Public License as published by
@ -22,19 +22,23 @@
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: fail2ban # Provides: fail2ban
# Required-Start: $syslog $remote_fs $local_fs # Required-Start: $syslog $remote_fs $local_fs
# Should-Start: $time $network iptables # Should-Start: $time $network iptables
# Required-Stop: $syslog $remote_fs $local_fs # Required-Stop: $syslog $remote_fs $local_fs
# Should-Stop: $time $network iptables # Should-Stop: $time $network iptables
# Default-Start: 3 5 # Default-Start: 3 5
# Default-Stop: 0 1 2 6 # Default-Stop: 0 1 2 6
# Short-Description: fail2ban daemon bans IPs with too many password failures # Short-Description: Bans IPs with too many password failures
# Description: Start fail2ban to scan logfiles and ban IP addresses # Description: Start fail2ban to scan logfiles and ban IP addresses
# which make too many logfiles failures, and/or sent e-mails about # which make too many logfiles failures, and/or sent e-mails about
### END INIT INFO ### END INIT INFO
# Check for missing binaries (stale symlinks should not happen) # Check for missing binaries (stale symlinks should not happen)
FAIL2BAN_BIN=/usr/bin/fail2ban-client FAIL2BAN_CLI=/usr/bin/fail2ban-client
test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed"; test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
FAIL2BAN_SRV=/usr/bin/fail2ban-server
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed";
if [ "$1" = "stop" ]; then exit 0; if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; } else exit 5; fi; }
@ -44,6 +48,9 @@ test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0; if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; } else exit 6; fi; }
# Socket directory
FAIL2BAN_SOCK_DIR="/var/run/fail2ban"
# Read config # Read config
. $FAIL2BAN_CONFIG . $FAIL2BAN_CONFIG
@ -53,9 +60,13 @@ rc_reset
case "$1" in case "$1" in
start) start)
echo -n "Starting fail2ban " echo -n "Starting fail2ban "
if [ ! -d $FAIL2BAN_SOCK_DIR ]; then
mkdir -p $FAIL2BAN_SOCK_DIR
fi
## Start daemon with startproc(8). If this fails ## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc. ## the return value is set appropriately by startproc.
/sbin/startproc $FAIL2BAN_BIN start startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1
# Remember status and be verbose # Remember status and be verbose
rc_status -v rc_status -v
@ -63,7 +74,7 @@ case "$1" in
stop) stop)
echo -n "Shutting down fail2ban " echo -n "Shutting down fail2ban "
## Stop daemon with built-in functionality 'stop' ## Stop daemon with built-in functionality 'stop'
/sbin/startproc $FAIL2BAN_BIN stop startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
# Remember status and be verbose # Remember status and be verbose
rc_status -v rc_status -v
@ -100,9 +111,7 @@ case "$1" in
## is running. ## is running.
echo -n "Reload service fail2ban " echo -n "Reload service fail2ban "
## if it supports it: killproc -HUP $FAIL2BAN_SRV
/sbin/killproc -HUP $FAIL2BAN_BIN
#touch /var/run/fail2ban/fail2ban.pid
rc_status -v rc_status -v
## Otherwise: ## Otherwise:
@ -115,8 +124,8 @@ case "$1" in
# If it supports signaling: # If it supports signaling:
echo -n "Reload service fail2ban " echo -n "Reload service fail2ban "
/sbin/killproc -HUP $FAIL2BAN_BIN startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
#touch /var/run/fail2ban/fail2ban.pid
rc_status -v rc_status -v
## Otherwise if it does not support reload: ## Otherwise if it does not support reload:
@ -137,7 +146,7 @@ case "$1" in
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values. # NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $FAIL2BAN_BIN checkproc $FAIL2BAN_SRV
# NOTE: rc_status knows that we called this init script with # NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly. # "status" option and adapts its messages accordingly.
rc_status -v rc_status -v

View File

@ -26,17 +26,17 @@ BuildRequires: python-devel
PreReq: %fillup_prereq PreReq: %fillup_prereq
AutoReqProv: on AutoReqProv: on
Version: 0.8.4 Version: 0.8.4
Release: 1 Release: 2
Url: http://www.fail2ban.org/ Url: http://www.fail2ban.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Summary: fail2ban scans log files and bans IP addresses that makes too many failures BuildArch: noarch
Summary: Bans IP addresses that make too many authentication failures
Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2 Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
Source1: %{name}.init Source1: %{name}.init
Source2: %{name}.sysconfig Source2: %{name}.sysconfig
# Patch0: fail2ban-0.8.3-config.patch
%description %description
fail2ban scans log files like /var/log/messages and bans IP addresses Fail2ban scans log files like /var/log/messages and bans IP addresses
that makes too many password failures. It updates firewall rules to that makes too many password failures. It updates firewall rules to
reject the IP address, can send e-mails, or set host.deny entries. reject the IP address, can send e-mails, or set host.deny entries.
These rules can be defined by the user. Fail2Ban can read multiple log These rules can be defined by the user. Fail2Ban can read multiple log
@ -50,7 +50,6 @@ Authors:
%prep %prep
%setup %setup
# %patch0 -p1 -b _orig
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
%build %build
@ -98,7 +97,7 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{n
/usr/bin/%{name}* /usr/bin/%{name}*
/usr/sbin/rc%{name} /usr/sbin/rc%{name}
/usr/share/%{name} /usr/share/%{name}
%dir /var/run/%{name} %dir %ghost /var/run/%{name}
/var/adm/fillup-templates/sysconfig.%{name} /var/adm/fillup-templates/sysconfig.%{name}
%doc %{_mandir}/man1/* %doc %{_mandir}/man1/*
%doc COPYING ChangeLog README TODO files/cacti %doc COPYING ChangeLog README TODO files/cacti

View File

@ -12,7 +12,7 @@ DESCRIPTIVE="fail2ban daemon"
## Type: string ## Type: string
## Default: "" ## Default: ""
# #
# change FAIL2BAN_OPTIONS for arguments of start of cupsd # change FAIL2BAN_OPTIONS for arguments of start of fail2ban
# e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf" # e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf"
FAIL2BAN_OPTIONS="" FAIL2BAN_OPTIONS=""