Hello community, here is the log from the commit of package fail2ban for openSUSE:Factory checked in at 2014-08-25 11:03:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fail2ban (Old) and /work/SRC/openSUSE:Factory/.fail2ban.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fail2ban" Changes: -------- --- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes 2014-05-02 13:55:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes 2014-08-25 11:04:48.000000000 +0200 @@ -1,0 +2,43 @@ +Thu Aug 21 16:50:20 UTC 2014 - [email protected] + +- Fixed check for %_unitdir to make fail2ban build under older systems, too. +- Changed /usr to %{_prefix} in the spec file + +------------------------------------------------------------------- +Wed Aug 20 15:44:54 UTC 2014 - [email protected] + +- update to 0.8.14 + * minor fixes for claimed Python 2.4 and 2.5 compatibility + * Handle case when inotify watch is auto deleted on file deletion to stop + error messages + * tests - fixed few "leaky" file descriptors when files were not closed while + being removed physically + * grep in mail*-whois-lines.conf now also matches end of line to work with + the recidive filter +- add fail2ban-opensuse-locations.patch to fix default locations as suggested + in bnc#878028 + +------------------------------------------------------------------- +Wed Jun 25 15:13:37 UTC 2014 - [email protected] + +- update to 0.8.13: + + Fixes: + - action firewallcmd-ipset had non-working actioncheck. Removed. + redhat bug #1046816. + - filter pureftpd - added _daemon which got removed. Added + + + New Features: + - filter nagios - detects unauthorized access to the nrpe daemon (Ivo Truxa) + - filter sendmail-{auth,reject} (jserrachinha and cepheid666 and fab23). + + + Enhancements: + - filter asterisk now supports syslog format + - filter pureftpd - added all translations of "Authentication failed for + user" + - filter dovecot - lip= was optional and extended TLS errors can occur. + Thanks Noel Butler. +- removed fix-for-upstream-firewallcmd-ipset.conf.patch : fixed + upstream +- split out nagios-plugins-fail2ban package + +------------------------------------------------------------------- Old: ---- fail2ban-0.8.12.tar.bz2 fix-for-upstream-firewallcmd-ipset.conf.patch New: ---- 0.8.14.tar.gz fail2ban-opensuse-locations.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fail2ban.spec ++++++ --- /var/tmp/diff_new_pack.hZvgwm/_old 2014-08-25 11:04:49.000000000 +0200 +++ /var/tmp/diff_new_pack.hZvgwm/_new 2014-08-25 11:04:49.000000000 +0200 @@ -17,14 +17,14 @@ Name: fail2ban -Version: 0.8.12 +Version: 0.8.14 Release: 0 Url: http://www.fail2ban.org/ Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0+ Group: Productivity/Networking/Security -Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2 +Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz %if 0%{?suse_version} < 1230 # the init-script requires lsof Requires: lsof @@ -36,8 +36,8 @@ Source5: %{name}.tmpfiles Source6: sfw-fail2ban.conf Source7: f2b-restart.conf -# PATCH-FIX-UPSTREAM fix-for-upstream-firewallcmd-ipset.conf.patch rh#1046816 -Patch0: fix-for-upstream-firewallcmd-ipset.conf.patch +# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhoferat -- update default locations for logfiles +Patch100: fail2ban-opensuse-locations.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %if 0%{?suse_version} >= 1230 @@ -65,7 +65,7 @@ files such as sshd or Apache web server ones. %package -n SuSEfirewall2-fail2ban -Summary: systemd files for integrating fail2ban into SuSEfirewall2 +Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd Group: Productivity/Networking/Security BuildArch: noarch Requires: SuSEfirewall2 @@ -76,11 +76,27 @@ in relation to SuSEfirewall2 such that the two can be run concurrently within reason, i.e. SFW will always run first because it does a table flush. +%package -n nagios-plugins-fail2ban +Summary: Check fail2ban server and how many IPs are currently banned +Group: System/Monitoring +%define nagios_plugindir %{_prefix}/lib/nagios/plugins + +%description -n nagios-plugins-fail2ban +This plugin checks if the fail2ban server is running and how many IPs are +currently banned. You can use this plugin to monitor all the jails or just a +specific jail. + +How to use +---------- +Just have to run the following command: + $ ./check_fail2ban --help + + %prep %setup -%patch0 -p1 +%patch100 -p1 # correct doc-path -sed -i -e 's|/usr/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py +sed -i -e 's|%{_prefix}/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py %build export CFLAGS="$RPM_OPT_FLAGS" @@ -111,15 +127,16 @@ install -d -m755 $RPM_BUILD_ROOT/%{_unitdir} install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service -install -d -m755 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/ -install -m644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf +install -d -m755 $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/ +install -m644 %{SOURCE5} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf %endif -%if "%_unitdir" != "" +%if 0%{?_unitdir:1} install -Dm0644 "%_sourcedir/sfw-fail2ban.conf" \ "%buildroot/%_unitdir/SuSEfirewall2.service.d/fail2ban.conf" install -Dm0644 "%_sourcedir/f2b-restart.conf" \ "%buildroot/%_unitdir/fail2ban.service.d/SuSEfirewall2.conf" %endif +install -Dm755 files/nagios/check_fail2ban %{buildroot}/%{nagios_plugindir}/check_fail2ban %pre %if 0%{?suse_version} >= 1230 @@ -129,7 +146,7 @@ %post %{fillup_only} %if 0%{?suse_version} >= 1230 -systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf +systemd-tmpfiles --create %{_prefix}/lib/tmpfiles.d/%{name}.conf %service_add_post %{name}.service %endif @@ -148,7 +165,7 @@ %insserv_cleanup %endif -%if "%_unitdir" != "" +%if 0%{?_unitdir:1} %post -n SuSEfirewall2-fail2ban %_bindir/systemctl daemon-reload >/dev/null 2>&1 || : @@ -167,7 +184,7 @@ %config %{_sysconfdir}/logrotate.d/fail2ban %if 0%{?suse_version} >= 1230 %{_unitdir}/%{name}.service -/usr/lib/tmpfiles.d/%{name}.conf +%{_prefix}/lib/tmpfiles.d/%{name}.conf %else %{_initrddir}/%{name} %{_sbindir}/rc%{name} @@ -179,11 +196,18 @@ %doc %{_mandir}/man1/* %doc COPYING ChangeLog DEVELOP README.md TODO files/cacti -%if "%{?_unitdir}" != "" +%if 0%{?_unitdir:1} %files -n SuSEfirewall2-fail2ban %defattr(-,root,root) %_unitdir/SuSEfirewall2.service.d %_unitdir/fail2ban.service.d %endif +%files -n nagios-plugins-fail2ban +%defattr(-,root,root) +%doc files/nagios/README COPYING +%dir %{_prefix}/lib/nagios +%dir %{nagios_plugindir} +%{nagios_plugindir}/check_fail2ban + %changelog ++++++ fail2ban-opensuse-locations.patch ++++++ diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf --- fail2ban-0.8.14.orig/config/jail.conf 2014-08-19 22:23:33.000000000 +0200 +++ fail2ban-0.8.14/config/jail.conf 2014-08-20 17:39:21.428256837 +0200 @@ -80,7 +80,7 @@ enabled = false filter = pam-generic action = iptables-allports[name=pam,protocol=all] -logpath = /var/log/secure +logpath = /var/log/messages [xinetd-fail] @@ -97,7 +97,7 @@ filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -106,7 +106,7 @@ enabled = false filter = sshd-ddos action = iptables[name=SSHDDOS, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 2 @@ -135,7 +135,7 @@ filter = gssftpd action = iptables[name=GSSFTPd, port=ftp, protocol=tcp] sendmail-whois[name=GSSFTPd, [email protected]] -logpath = /var/log/daemon.log +logpath = /var/log/messages maxretry = 6 @@ -144,7 +144,7 @@ enabled = false filter = pure-ftpd action = iptables[name=pureftpd, port=ftp, protocol=tcp] -logpath = /var/log/pureftpd.log +logpath = /var/log/messages maxretry = 6 @@ -153,7 +153,7 @@ enabled = false filter = wuftpd action = iptables[name=wuftpd, port=ftp, protocol=tcp] -logpath = /var/log/daemon.log +logpath = /var/log/messages maxretry = 6 @@ -162,7 +162,7 @@ enabled = false filter = sendmail-auth action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [sendmail-reject] @@ -170,7 +170,7 @@ enabled = false filter = sendmail-reject action = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail # This jail forces the backend to "polling". @@ -181,7 +181,7 @@ backend = polling action = iptables[name=sasl, port=smtp, protocol=tcp] sendmail-whois[name=sasl, [email protected]] -logpath = /var/log/mail.log +logpath = /var/log/mail # ASSP SMTP Proxy Jail @@ -202,7 +202,7 @@ action = hostsdeny[daemon_list=sshd] sendmail-whois[name=SSH, [email protected]] ignoreregex = for myuser from -logpath = /var/log/sshd.log +logpath = /var/log/messages # Here we use blackhole routes for not requiring any additional kernel support @@ -212,7 +212,7 @@ enabled = false filter = sshd action = route -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -226,7 +226,7 @@ enabled = false filter = sshd action = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -235,7 +235,7 @@ enabled = false filter = sshd action = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -329,7 +329,7 @@ enabled = false filter = cyrus-imap action = iptables-multiport[name=cyrus-imap,port="143,993"] -logpath = /var/log/mail*log +logpath = /var/log/mail [courierlogin] @@ -337,7 +337,7 @@ enabled = false filter = courierlogin action = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"] -logpath = /var/log/mail*log +logpath = /var/log/mail [couriersmtp] @@ -345,7 +345,7 @@ enabled = false filter = couriersmtp action = iptables-multiport[name=couriersmtp,port="25,465,587"] -logpath = /var/log/mail*log +logpath = /var/log/mail [qmail-rbl] @@ -361,7 +361,7 @@ enabled = false filter = sieve action = iptables-multiport[name=sieve,port="25,465,587"] -logpath = /var/log/mail*log +logpath = /var/log/mail # Do not ban anybody. Just report information about the remote host. @@ -396,7 +396,8 @@ filter = apache-badbots action = iptables-multiport[name=BadBots, port="http,https"] sendmail-buffered[name=BadBots, lines=5, [email protected]] -logpath = /var/www/*/logs/access_log +logpath = /var/log/apache/access_log + /var/log/apache2/*/access_log bantime = 172800 maxretry = 1 @@ -466,7 +467,7 @@ enabled = false action = iptables-multiport[name=php-url-open, port="http,https"] filter = php-url-fopen -logpath = /var/www/*/logs/access_log +logpath = /var/log/apache/access_log maxretry = 1 @@ -500,7 +501,7 @@ filter = sshd action = ipfw[localhost=192.168.0.1] sendmail-whois[name="SSH,IPFW", [email protected]] -logpath = /var/log/auth.log +logpath = /var/log/messages ignoreip = 168.192.0.1 @@ -531,7 +532,7 @@ filter = named-refused action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] sendmail-whois[name=Named, [email protected]] -logpath = /var/log/named/security.log +logpath = /var/lib/named/log/security.log ignoreip = 168.192.0.1 @@ -601,7 +602,7 @@ filter = mysqld-auth action = iptables[name=mysql, port=3306, protocol=tcp] sendmail-whois[name=MySQL, dest=root, [email protected]] -logpath = /var/log/mysqld.log +logpath = /var/log/mysql/mysqld.log maxretry = 5 @@ -610,7 +611,7 @@ enabled = false filter = mysqld-auth action = iptables[name=mysql, port=3306, protocol=tcp] -logpath = /var/log/daemon.log +logpath = /var/log/mysql/mysqld.log maxretry = 5 @@ -637,7 +638,7 @@ enabled = false filter = sshd action = pf -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 5 @@ -723,7 +724,7 @@ enabled = false filter = dovecot action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [dovecot-auth] @@ -731,7 +732,7 @@ enabled = false filter = dovecot action = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp] -logpath = /var/log/secure +logpath = /var/log/mail [solid-pop3d] @@ -739,7 +740,7 @@ enabled = false filter = solid-pop3d action = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp] -logpath = /var/log/mail.log +logpath = /var/log/mail [selinux-ssh] @@ -761,7 +762,7 @@ action = iptables[name=SSH, port=ssh, protocol=tcp] sendmail-whois[name=SSH, [email protected], [email protected], sendername="Fail2Ban"] blocklist_de[email="[email protected]", apikey="xxxxxx", service=%(filter)s] -logpath = /var/log/sshd.log +logpath = /var/log/messages maxretry = 20 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
