Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15:Update
fail2ban
fail2ban.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fail2ban.spec of Package fail2ban
# # spec file for package fail2ban # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create} Name: fail2ban Version: 0.10.3.1 Release: 0 Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.fail2ban.org/ Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2: %{name}.sysconfig Source3: %{name}.logrotate Source5: %{name}.tmpfiles Source6: sfw-fail2ban.conf Source7: f2b-restart.conf # Path definitions have been submitted to upstream Source8: paths-opensuse.conf # ignore some rpm-lint messages Source200: %{name}-rpmlintrc # PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhofer.at -- update default locations for logfiles Patch100: %{name}-opensuse-locations.patch # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file Patch101: %{name}-opensuse-service.patch # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases Patch200: %{name}-disable-iptables-w-option.patch BuildRequires: fdupes BuildRequires: logrotate BuildRequires: python-devel # timezone package is required to run the tests BuildRequires: timezone Requires: cron Requires: ed Requires: iptables Requires: logrotate Requires: python >= 2.6 Requires: whois BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} != 1110 BuildArch: noarch %endif %if 0%{?suse_version} >= 1230 # systemd BuildRequires: python-systemd BuildRequires: systemd Requires: python-systemd Requires: systemd > 204 %{?systemd_requires} %else # no systemd (the init-script requires lsof) Requires: lsof Requires: syslog %endif %if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010 && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315 BuildRequires: python-pyinotify >= 0.8.3 Requires: python-pyinotify >= 0.8.3 %endif %if 0%{?suse_version} >= 1220 Requires: python-gamin >= 0.0.21 %endif %description Fail2ban scans log files like %{_localstatedir}/log/messages and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address, can send e-mails, or set host.deny entries. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. %package -n SuSEfirewall2-%{name} Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd Group: Productivity/Networking/Security Requires: SuSEfirewall2 Requires: fail2ban Recommends: packageand(SuSEfirewall2:fail2ban) %description -n SuSEfirewall2-%{name} This package ships systemd files which will cause fail2ban to be ordered in relation to SuSEfirewall2 such that the two can be run concurrently within reason, i.e. SFW will always run first because it does a table flush. %package -n monitoring-plugins-%{name} %define nagios_plugindir %{_libexecdir}/nagios/plugins Summary: Check fail2ban server and how many IPs are currently banned Group: System/Monitoring Provides: nagios-plugins-%{name} = %{version} Obsoletes: nagios-plugins-%{name} < %{version} %description -n monitoring-plugins-%{name} This plugin checks if the fail2ban server is running and how many IPs are currently banned. You can use this plugin to monitor all the jails or just a specific jail. How to use ---------- Just have to run the following command: $ ./check_fail2ban --help %prep %setup -q install -m644 %{SOURCE8} config/paths-opensuse.conf # Use openSUSE paths sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf # Remove shebang sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py %patch100 %patch101 -p1 %if 0%{?suse_version} < 1310 %patch200 -p1 %endif rm config/paths-arch.conf \ config/paths-debian.conf \ config/paths-fedora.conf \ config/paths-freebsd.conf \ config/paths-osx.conf # correct doc-path sed -i -e 's|%{_datadir}/doc/%{name}|%{_docdir}/%{name}|' setup.py # remove syslogd-logger settings for older distributions %if 0%{?suse_version} < 1230 sed -i -e 's|^\([^_]*_backend = systemd\)|#\1|' config/paths-opensuse.conf %endif %build export CFLAGS="%{optflags}" python setup.py build gzip man/*.{1,5} %install python setup.py install \ --root=%{buildroot} \ --prefix=%{_prefix} install -d -m 755 %{buildroot}%{_mandir}/man{1,5} install -p -m 644 man/fail2ban-*.1.gz %{buildroot}%{_mandir}/man1 install -p -m 644 man/jail.conf.5.gz %{buildroot}%{_mandir}/man5 install -d -m 755 %{buildroot}%{_initddir} install -d -m 755 %{buildroot}%{_sbindir} %if 0%{?suse_version} > 1310 # use /run directory install -d -m 755 %{buildroot}/run touch %{buildroot}/run/%{name} %else #use /var/run directory install -d -m 755 %{buildroot}%{_localstatedir}/run/%{name} %endif %if 0%{?suse_version} >= 1230 # systemd install -d -m 755 %{buildroot}%{_unitdir} install -p -m 644 files/%{name}.service.in %{buildroot}%{_unitdir}/%{name}.service install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/ install -p -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf ln -sf service %{buildroot}%{_sbindir}/rc%{name} %else # without systemd install -d -m 755 %{buildroot}%{_initddir} install -m 755 files/suse-initd %{buildroot}%{_initddir}/%{name} ln -sf %{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name} %endif echo "# Do all your modifications to the jail's configuration in jail.local!" > %{buildroot}%{_sysconfdir}/%{name}/jail.local install -d -m 0755 %{buildroot}%{_localstatedir}/lib/%{name}/ install -d -m 755 %{buildroot}%{_fillupdir} install -p -m 644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.%{name} install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} %if 0%{?_unitdir:1} install -Dm 0644 "%{_sourcedir}/sfw-fail2ban.conf" \ "%{buildroot}%{_unitdir}/SuSEfirewall2.service.d/fail2ban.conf" install -D -m 0644 "%{_sourcedir}/f2b-restart.conf" \ "%{buildroot}%{_unitdir}/fail2ban.service.d/SuSEfirewall2.conf" %endif install -D -m 755 files/nagios/check_fail2ban %{buildroot}%{nagios_plugindir}/check_%{name} # install docs using the macro rm -r %{buildroot}%{_docdir}/%{name} # remove duplicates %fdupes -s %{buildroot}%{python_sitelib} %check #stat /dev/log #python -c "import platform; print(platform.system())" # tests require python-pyinotify to be installed, so don't run them on older versions %if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010 && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315 # Need a UTF-8 locale to work export LANG=en_US.UTF-8 ./fail2ban-testcases-all --no-network || true %endif %pre %if 0%{?suse_version} >= 1230 %service_add_pre %{name}.service %endif %post %fillup_only %if 0%{?suse_version} >= 1230 %tmpfiles_create %{_tmpfilesdir}/%{name}.conf # The next line is not workin in Leap 42.1, so keep the old way #%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf %service_add_post %{name}.service %endif %preun %if 0%{?suse_version} >= 1230 %service_del_preun %{name}.service %else %stop_on_removal %{name} %endif %postun %if 0%{?suse_version} >= 1230 %service_del_postun %{name}.service %else %restart_on_update %{name} %insserv_cleanup %endif %if 0%{?_unitdir:1} %post -n SuSEfirewall2-%{name} %{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || : %postun -n SuSEfirewall2-%{name} %{_bindir}/systemctl daemon-reload >/dev/null 2>&1 || : %endif %files %defattr(-, root, root) %dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}/action.d %dir %{_sysconfdir}/%{name}/%{name}.d %dir %{_sysconfdir}/%{name}/filter.d %dir %{_sysconfdir}/%{name}/jail.d # %config %{_sysconfdir}/%{name}/action.d/* %config %{_sysconfdir}/%{name}/filter.d/* # %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config %{_sysconfdir}/%{name}/jail.conf %config %{_sysconfdir}/%{name}/paths-common.conf %config %{_sysconfdir}/%{name}/paths-opensuse.conf # %config(noreplace) %{_sysconfdir}/%{name}/jail.local # %config %{_sysconfdir}/logrotate.d/%{name} %dir %{_localstatedir}/lib/%{name}/ %if 0%{?suse_version} > 1310 # use /run directory %ghost /run/%{name} %else # use /var/run directory %dir %ghost %{_localstatedir}/run/%{name} %endif %if 0%{?suse_version} >= 1230 # systemd %{_unitdir}/%{name}.service %{_tmpfilesdir}/%{name}.conf %else # without-systemd %{_initddir}/%{name} %endif %{_sbindir}/rc%{name} %{_bindir}/%{name}-server %{_bindir}/%{name}-client %{_bindir}/%{name}-python %{_bindir}/%{name}-regex %{python_sitelib}/%{name} %exclude %{python_sitelib}/%{name}/tests %{python_sitelib}/%{name}-* %{_fillupdir}/sysconfig.%{name} %{_mandir}/man1/* %{_mandir}/man5/* %doc README.md TODO ChangeLog COPYING doc/*.txt # do not include tests as they are executed during the build process %exclude %{_bindir}/%{name}-testcases %exclude %{python_sitelib}/%{name}/tests %if 0%{?_unitdir:1} %files -n SuSEfirewall2-%{name} %defattr(-,root,root) %{_unitdir}/SuSEfirewall2.service.d %{_unitdir}/%{name}.service.d %endif %files -n monitoring-plugins-%{name} %defattr(-,root,root) %doc files/nagios/README COPYING %dir %{_libexecdir}/nagios %dir %{nagios_plugindir} %{nagios_plugindir}/check_%{name} %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor