Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
server:mail
weakforced
weakforced.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File weakforced.spec of Package weakforced
# # spec file for package weakforced # # Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %if 0%{?suse_version} >= 1550 %define use_python python38 %else %define use_python python3 %endif %if 0%{?fedora_version} >= 24 || 0%{?fc24}%{?fc25} || 0%{?suse_version} > 1320 %bcond_with systemd_separatedlibs %else %bcond_without systemd_separatedlibs %endif %if 0%{?suse_version} %bcond_without apparmor %else %bcond_with apparmor %endif %bcond_with report_api Name: weakforced Version: 2.8.0 Release: 0 License: GPL-3.0 Summary: Distributed detection of brute forcing of passwords Url: https://github.com/PowerDNS/weakforced Group: System/Daemons Source: %{name}-%{version}.tar.gz Source2: usr.sbin.wforce Source3: local.usr.sbin.wforce Source4: https://raw.githubusercontent.com/ua-parser/uap-core/master/regexes.yaml Source5: wforce-firewalld.xml Patch1: weakforced-2.0.0-no-termcap.patch Patch2: weakforced-2.0.0-no-download.patch Patch3: weakforced-2.0.1-shebang.patch Patch4: weakforced-2.8.0-cstdint.patch %if %{with apparmor} BuildRequires: apparmor-profiles %endif BuildRequires: autoconf BuildRequires: automake BuildRequires: curl-devel %if 0%{?suse_version} <= 1320 BuildRequires: gcc5-c++ BuildRequires: boost-devel >= 1.42 %else BuildRequires: gcc-c++ >= 5.0 BuildRequires: libboost_date_time-devel BuildRequires: libboost_regex-devel BuildRequires: libboost_system-devel BuildRequires: libboost_filesystem-devel %endif BuildRequires: firewall-macros %if 0%{?suse_version} < 1550 BuildRequires: GeoIP-devel %endif BuildRequires: cmake(Drogon) BuildRequires: getdns-devel BuildRequires: hiredis-devel BuildRequires: prometheus-cpp-devel BuildRequires: libsodium-devel BuildRequires: libtool BuildRequires: pandoc BuildRequires: pkgconfig BuildRequires: protobuf-devel BuildRequires: openssl-devel BuildRequires: readline-devel BuildRequires: yaml-cpp-devel BuildRequires: pkgconfig(luajit) BuildRequires: pkgconfig(libmaxminddb) %if %{with report_api} BuildRequires: %{use_python}-pip # for report-api subpackage. keep in sync with the # requires_ list in the subpackage # BuildRequires: %{use_python}-click >= 6.7 # BuildRequires: %{use_python}-coverage >= 4.4.1 # BuildRequires: %{use_python}-elasticsearch # BuildRequires: %{use_python}-Flask >= 1.0.4 # BuildRequires: %{use_python}-Flask-Elastic >= 0.2 # BuildRequires: %{use_python}-Flask-HTTPAuth >= 3.2.3 # BuildRequires: %{use_python}-itsdangerous >= 0.24 # BuildRequires: %{use_python}-Jinja2 >= 2.10.1 # BuildRequires: %{use_python}-MarkupSafe >= 1.0 # BuildRequires: %{use_python}-pytz >= 2017.2 # BuildRequires: %{use_python}-urllib3 >= 1.24.2 # BuildRequires: %{use_python}-Werkzeug >= 0.15.3 # BuildRequires: %{use_python}-requests >= 2.20 # BuildRequires: %{use_python}-gunicorn >= 19.9.0 # BuildRequires: %{use_python}-wheel %endif %if 0%{?suse_version} Requires(post): %fillup_prereq %endif BuildRequires: pkgconfig(systemd) %if %{with systemd_separatedlibs} BuildRequires: pkgconfig(libsystemd-daemon) %else BuildRequires: pkgconfig(libsystemd) %endif %{?systemd_requires} %define service_name wforce %define home %{_var}/lib/%{service_name} Provides: wforce = %{version}-%{release} %description The goal of 'wforce' is to detect brute forcing of passwords across many servers, services and instances. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slowscans of passwords. The aim is to support the largest of installations, providing services to hundreds of millions of users. The current version of weakforced is not quit there yet. %package trackalert Summary: Longterm abuse data reporting and alerter Group: System/Daemons Requires: weakforced Provides: weakforced:%{_sbindir}/trackalert %description trackalert Trackalert is designed to be an optional service to complement wforce. Whereas wforce provides a toolkit to combat abuse of logins such as password brute forcing in realtime, trackalert is designed to look at abuse asynchronously, using long-term report data stored in an external DB such as elasticsearch, and to send alerts on potential login abuse. %if %{with report_api} %package report-api Summary: Enable access to the report information stored in Elasticsearch Group: System/Daemons %requires_ge %{use_python}-click %requires_ge %{use_python}-coverage %requires_ge %{use_python}-elasticsearch %requires_ge %{use_python}-Flask %requires_ge %{use_python}-Flask-Elastic %requires_ge %{use_python}-Flask-HTTPAuth %requires_ge %{use_python}-itsdangerous %requires_ge %{use_python}-Jinja2 %requires_ge %{use_python}-MarkupSafe %requires_ge %{use_python}-pytz %requires_ge %{use_python}-urllib3 %requires_ge %{use_python}-Werkzeug %requires_ge %{use_python}-requests %requires_ge %{use_python}-gunicorn %requires_ge %{use_python}-wheel %description report-api The Report API is provided to enable access to the report information stored in Elasticsearch. It provides REST API endpoints to retrieve data about logins and devices, as well as endpoints to "forget" devices and logins. %endif %prep %autosetup -p1 %build %if 0%{?suse_version} <= 1320 export CC=gcc-5 export CXX=g++-5 %endif cp %{S:4} wforce/ autoreconf -fi %configure \ --disable-dependency-tracking \ --disable-silent-rules \ --bindir=%{_sbindir} \ --sysconfdir=%{_sysconfdir}/%{service_name}/ \ --enable-systemd \ --with-luajit \ --enable-trackalert # currently does not build parallel make # %{?_smp_mflags} %if %{with report_api} pushd report_api python3 setup.py build popd %endif %install make install DESTDIR=%{buildroot} %{?_smp_mflags} mkdir -p %{buildroot}%{_datadir}/%{service_name} %if %{with report_api} mkdir -p %{buildroot}%{_datadir}/wforce-report-api/ %endif # trackalert %if 0%{?suse_version} ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{service_name} ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rctrackalert %if %{with report_api} ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcwforce-report-api %endif %endif # firewalld install -D -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/firewalld/services/%{service_name}.xml # apparmor %if %{with apparmor} install -D -m 0644 %{S:2} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.wforce install -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.wforce %endif install -Dd -m 0750 %{buildroot}%{home}/ rm -rf %{buildroot}%{_includedir}/yahttp/ %if %{with report_api} # wforce-report-api pushd report_api # TODO strange python build python3 setup.py install --root=%{buildroot} popd install -D -m 755 report_api/helpers/wforce-report-api-webserver %{buildroot}%{_bindir}/wforce-report-api-webserver install -D -m 644 report_api/helpers/wforce-report-api.conf %{buildroot}%{_sysconfdir}/wforce-report-api/wforce-report-api-web.conf install -D -m 644 report_api/instance/report.cfg %{buildroot}%{_sysconfdir}/wforce-report-api/wforce-report-api-instance.conf install -D -m 644 report_api/helpers/wforce-report-api.service %{buildroot}%{_unitdir}/wforce-report-api.service %endif # remove specific items for doc packaging rm -f docker/.gitignore docker/logstash/geoip/.gitignore docker/Makefile* docs/swagger/set-version %pre /usr/sbin/groupadd -r wforce >/dev/null 2>&1 || : /usr/sbin/useradd -g wforce -s /bin/false -r -c "wforce" -d %{home} wforce >/dev/null 2>&1 || : %if 0%{?suse_version} %service_add_pre %{service_name}.service %endif %pre trackalert %if 0%{?suse_version} %service_add_pre trackalert.service %endif %if %{with report_api} %pre report-api /usr/sbin/groupadd -r wforce-report-api >/dev/null 2>&1 || : /usr/sbin/useradd -g wforce-report-api -s /bin/false -r -c "wforce-report-api" -d %{home} wforce-report-api >/dev/null 2>&1 || : %if 0%{?suse_version} %service_add_pre wforce-report-api.service %endif %endif %preun %if 0%{?suse_version} %service_del_preun %{service_name}.service %else %systemd_preun %{service_name}.service %endif %preun trackalert %if 0%{?suse_version} %service_del_preun trackalert.service %else %systemd_preun trackalert.service %endif %if %{with report_api} %preun report-api %if 0%{?suse_version} %service_del_preun wforce-report-api.service %else %systemd_preun wforce-report-api.service %endif %endif %post %if 0%{?suse_version} %fillup_only %{service_name} %service_add_post %{service_name}.service %else %systemd_post %{service_name}.service %endif if [ $1 -eq 1 ]; then WFORCECONF=/etc/%{service_name}/%{service_name}.conf echo -n "Modifying %{service_name}.conf to replace password and key..." SETKEY=`echo "makeKey()" | %{service_name} | grep setKey` WEBPWD=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 | rev | cut -b 2-14 | rev` sed -e "s#--WEBPWD#$WEBPWD#" -e "s#--SETKEY#$SETKEY#" -i $WFORCECONF echo "done" fi %firewalld_reload %post trackalert %if 0%{?suse_version} %service_add_post trackalert.service %else %systemd_post trackalert.service %endif if [ $1 -eq 1 ]; then TRACKALERTCONF=/etc/%{service_name}/trackalert.conf echo -n "Modifying trackalert.conf to replace password and key..." SETKEY=`echo "makeKey()" | %{service_name} | grep setKey` WEBPWD=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 | rev | cut -b 2-14 | rev` sed -e "s#--WEBPWD#$WEBPWD#" -e "s#--SETKEY#$SETKEY#" -i $TRACKALERTCONF echo "done" fi %if %{with report_api} %post report-api %if 0%{?suse_version} %service_add_post wforce-report-api.service %else %systemd_post wforce-report-api.service %endif %endif %postun %if 0%{?suse_version} %service_del_postun %{service_name}.service %else %systemd_postun_with_restart %{service_name}.service %endif %postun trackalert %if 0%{?suse_version} %service_del_postun trackalert.service %else %systemd_postun_with_restart trackalert.service %endif %if %{with report_api} %postun report-api %if 0%{?suse_version} %service_del_postun wforce-report-api.service %else %systemd_postun_with_restart wforce-report-api.service %endif %endif %files %defattr(-,root,root) %doc README.md CHANGELOG.md %doc docs/release_notes/ docs/swagger/ %doc docker/ %doc %{_mandir}/man?/* %exclude %{_mandir}/man?/trackalert* %exclude %{_mandir}/man?/wforce-report-api* %license LICENSE %dir %attr(-,root,%{service_name}) %{_sysconfdir}/%{service_name}/ %config(noreplace) %attr(-,root,%{service_name}) %{_sysconfdir}/%{service_name}/regexes.yaml %config(noreplace) %attr(-,root,%{service_name}) %{_sysconfdir}/%{service_name}/wforce* %{_datadir}/%{service_name}/ %{_sbindir}/wforce %{_sbindir}/wf_dump_entries %{_unitdir}/%{service_name}.service %if 0%{?suse_version} %{_sbindir}/rc%{service_name} %endif %if %{with apparmor} %config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.wforce %config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.sbin.wforce %endif %dir %attr(750,%{service_name},%{service_name}) %{home} %dir %{_libexecdir}/firewalld %dir %{_libexecdir}/firewalld/services %{_libexecdir}/firewalld/services/%{service_name}.xml %files trackalert %defattr(-,root,root) %{_unitdir}/trackalert.service %{_sbindir}/trackalert %config(noreplace) %attr(-,root,%{service_name}) %{_sysconfdir}/%{service_name}/trackalert.conf %if 0%{?suse_version} %{_sbindir}/rctrackalert %endif %doc %{_mandir}/man?/trackalert* %if %{with report_api} %files report-api %defattr(-,root,root) %config(noreplace) %attr(-,root,wforce-report-api) %{_sysconfdir}/wforce-report-api/ %{_bindir}/wforce-report-api-webserver %{_unitdir}/wforce-report-api.service %if 0%{?suse_version} %{_sbindir}/rcwforce-report-api %endif %doc %{_mandir}/man?/wforce-report-api* %{_datadir}/wforce-report-api/ %{_bindir}/runreport.py %{python3_sitelib}/wforce/ %{python3_sitelib}/wforce_report_api-*.egg* %endif %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor