/[smecontribs]/rpms/denyhosts/contribs10/denyhosts.spec
ViewVC logotype

Annotation of /rpms/denyhosts/contribs10/denyhosts.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sun Mar 14 22:32:32 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: denyhosts-3_1-lp152_1_1
Initial import

1 jpp 1.1 #
2     # spec file for package denyhosts
3     #
4     # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
5     #
6     # All modifications and additions to the file contributed by third parties
7     # remain the property of their copyright owners, unless otherwise agreed
8     # upon. The license for this file, and modifications and additions to the
9     # file, is the same license as for the pristine package itself (unless the
10     # license for the pristine package is not an Open Source License, in which
11     # case the license is the MIT License). An "Open Source License" is a
12     # license that conforms to the Open Source Definition (Version 1.9)
13     # published by the Open Source Initiative.
14    
15     # Please submit bugfixes or comments via http://bugs.opensuse.org/
16     #
17    
18    
19     %if 0%{?suse_version} < 1120
20     %define python_sitelib %{py_sitedir}
21     %endif
22    
23     %if 0%{?suse_version} >= 1210
24     %bcond_without systemd
25     %else
26     %bcond_with systemd
27     %endif
28    
29    
30     Name: denyhosts
31     Version: 3.1
32     Release: lp152.1.1
33     Summary: Utility to help system administrators thwart brute-force ssh hackers
34     License: GPL-2.0-only
35     Group: Productivity/Networking/Security
36     Url: https://github.com/denyhosts/denyhosts
37     Source: %{name}-%{version}.tar.gz
38     Source2: denyhosts.init
39     Source3: logrotate.denyhosts
40     Source4: denyhosts-dh_reenable
41     Source5: denyhosts.README
42     BuildRequires: perl
43     BuildRequires: python-devel
44     BuildRequires: python-ipaddr
45     Requires: python-ipaddr
46     Requires: logrotate
47     Requires: python
48     Requires: rsyslog
49     %if %{with systemd}
50     BuildRequires: systemd-rpm-macros
51     %{?systemd_requires}
52     %else
53     PreReq: %insserv_prereq
54     %endif
55     %py_requires
56     %if 0%{?suse_version} > 1110
57     BuildArch: noarch
58     %endif
59     BuildRoot: %{_tmppath}/%{name}-%{version}-build
60    
61    
62     %description
63     DenyHosts is a python program that automatically blocks ssh attacks by adding
64     entries to %{_sysconfdir}/hosts.deny. DenyHosts will also inform Linux
65     administrators about offending hosts, attacked users and suspicious logins.
66    
67     %prep
68     %setup -q
69    
70     %build
71     export CFLAGS="%{optflags}"
72     python setup.py build
73    
74     %install
75     python setup.py install \
76     --root=%{buildroot} \
77     --prefix=%{_prefix} \
78     --install-scripts=%{_sbindir}
79    
80     #remove bytecode (wrong mtime)
81     find %{buildroot}%{python_sitelib} -name "*.pyc" -delete
82    
83     # create work directory
84     mkdir -p %{buildroot}%{_localstatedir}/lib/denyhosts
85     # install denyhosts-reenable script
86     install -D -m755 %{SOURCE4} %{buildroot}%{_sbindir}/dh_reenable
87     # file containing blocked IP addresses - track it for the user
88     # ('rpm -qf /etc/blacklist' should give a hint)
89     touch %{buildroot}%{_sysconfdir}/blacklist
90    
91     # configuration file
92     sed -i "s|^#SECURE_LOG = /var/log/messages|SECURE_LOG = /var/log/messages|g; \
93     s|^SECURE_LOG = /var/log/auth.log|#SECURE_LOG = /var/log/auth.log|g; \
94     s|^IPTABLES = /sbin/iptables|IPTABLES = /usr/sbin/iptables|g;" \
95     %{buildroot}%{_sysconfdir}/denyhosts.conf
96    
97     # daemon-control-dist
98     sed -i "s|/usr/bin/env python|%{_bindir}/python|g" %{buildroot}%{_sbindir}/daemon-control-dist
99    
100     # init script / systemd service
101     %if %{with systemd}
102     install -D -m644 denyhosts.service %{buildroot}%{_unitdir}/denyhosts.service
103     ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcdenyhosts
104     %else
105     install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/denyhosts
106     ln -s %{_sysconfdir}/init.d/denyhosts %{buildroot}%{_sbindir}/rcdenyhosts
107     %endif
108    
109     # logfile handling
110     install -D -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/denyhosts
111     mkdir -p %{buildroot}%{_localstatedir}/log
112     touch %{buildroot}%{_localstatedir}/log/denyhosts
113    
114     # move the main app
115     mv %{buildroot}%{_sbindir}/denyhosts.py %{buildroot}%{_sbindir}/denyhosts
116     sed -i "s|/usr/bin/denyhosts.py|/usr/sbin/denyhosts|g" %{buildroot}%{_unitdir}/denyhosts.service
117    
118     # fix wrong env-path
119     pushd %{buildroot} >/dev/null
120     for i in `find -name "*.py"`; do
121     sed -i "s@\!.*/bin/env.*@\!%{_bindir}/python@g" $i
122     done
123     popd >/dev/null
124    
125     # handle plugins
126     mkdir -p %{buildroot}%{_datadir}/%{name}
127     install -m0755 plugins/*{.sh,py} %{buildroot}%{_datadir}/%{name}
128    
129     # move some files to the documentation directory
130     install -D -m644 %{SOURCE5} %{buildroot}%{_defaultdocdir}/%{name}/README.SUSE
131     install -m0644 plugins/README.contrib %{buildroot}%{_defaultdocdir}/%{name}/
132     install -m0644 *.txt %{buildroot}%{_defaultdocdir}/%{name}/
133     install -m0644 *.md %{buildroot}%{_defaultdocdir}/%{name}/
134     install -m0644 *.conf %{buildroot}%{_defaultdocdir}/%{name}/
135    
136     %if %{with systemd}
137     %pre
138     %service_add_pre %{name}.service
139     %endif
140    
141     %post
142     %if %{with systemd}
143     %service_add_post %{name}.service
144     %else
145     %{fillup_and_insserv -f denyhosts}
146     %endif
147    
148     %preun
149     %if %{with systemd}
150     %service_del_preun %{name}.service
151     %else
152     %stop_on_removal denyhosts
153     %endif
154    
155     %postun
156     %if %{with systemd}
157     %service_del_postun %{name}.service
158     %else
159     %insserv_cleanup
160     %endif
161    
162    
163     %files
164     %doc %{_defaultdocdir}/%{name}
165     %if 0%{?suse_version} > 1315
166     %license LICENSE.txt
167     %endif
168     %{_sbindir}/daemon-control-dist
169     %{_sbindir}/denyhosts
170     %{_sbindir}/rcdenyhosts
171     %{_sbindir}/dh_reenable
172     %{python_sitelib}/DenyHosts*
173     %{_mandir}/man8/denyhosts.8.gz
174     %dir %{_localstatedir}/lib/denyhosts
175     %{_datadir}/%{name}
176     %ghost %{_localstatedir}/log/denyhosts
177     %ghost %config(noreplace) %{_sysconfdir}/blacklist
178     %config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
179     %config(noreplace) %{_sysconfdir}/denyhosts.conf
180     %if %{with systemd}
181     %{_unitdir}/denyhosts.service
182     %else
183     %attr(755,root,root) %{_sysconfdir}/init.d/denyhosts
184     %endif
185    
186     %changelog
187     * Sat Aug 11 2018 javier@opensuse.org
188     - Update to 3.1
189     + Fixes a bug when moving between Python 2 and Python 3
190     environments
191     + A new check has been added to confirm IP addresses retrieved
192     from the security log are valid
193     + DenyHosts will now (optionally) check for break-in attacks
194     against IMAP services such as Dovecot.
195     + A new dependency has been added, the Python ipaddr library
196     is now a run-time requirement
197     * Mon Jul 2 2018 javier@opensuse.org
198     - Fix path to binary in service file
199     * Mon Mar 12 2018 lars@linux-schulserver.de
200     - update to 3.0
201     + Initial translation of code from Python 2 to Python 3. DenyHosts
202     can now be run as either a Python 2 or a Python 3 program. The new
203     code has been tested with Pyhton 2.7 and Python 3.4. If you require
204     an older version of Python, please continue to use DenyHosts 2.10
205     and let us know of your requirements.
206     + Added patch from Fedora to fix initial sync issue and insure info
207     logging stream is active. (Provided by Jason Tibbitts.)
208     + Added "import logging" to denyhosts.py to avoid errors when setting
209     up logging. (See above change.)
210     + Added option PF_TABLE_FILE to the configuration file. When this option
211     is enabled it causes DenyHosts to write blocked IP addresses to a text
212     file.
213     The default location is /etc/blacklist. This text file should correspond
214     to a PF firewall table.
215     + At start-up, try to create the file specified by HOSTS_DENY. That
216     way we avoid errors later if the file does not exists. Can be a
217     problem on operating systems where /etc/hosts.deny does not exist
218     in the default configuration.
219     + Added regex pattern to detect invalid user accounts. This blocks
220     connections from remote hosts who are attempting to login with
221     accounts not found on the local system. While these connections to
222     non-existent accounts are relatively harmless, they are usually used
223     as part of a brute force attack and filtering them before they
224     reach OpenSSH is a good idea.
225     + Finally, Jan-Pascal has created a sync server for DenyHosts which
226     will allow DenyHosts services to coordinate lists of banned IP addresses.
227     The new sync server is open source (GPLv3) and can be set up on
228     private servers, networks and VPS. We plan to set up our own sync
229     server in the near future. When a sync server is created it will
230     be announced at http://denyhost.sourceforge.net/news.php
231     - require rsyslog to fix the not existing systemd journal support
232     (https://github.com/denyhosts/denyhosts/issues/14) - this resolves
233     boo#960856 until upstream implemented the feature
234     - use provided systemd service on newer distributions
235     - use upstream configuration file instead of own one
236     - removed ALL patches
237     * Wed Jan 5 2011 tejas.guruswamy@opensuse.org
238     - Make package noarch on > 11.2
239     - Run spec-cleaner
240     * Thu Apr 15 2010 lars@linux-schulserver.de
241     - fix dh_reenable as mentioned in bnc #596354
242     (thanks to Patrick Shanahan for the patch!)
243     * Sun Dec 28 2008 lars@linux-schulserver.de
244     - added some Debian patches
245     - enhanced init script
246     - adapted default denyhosts.conf (which is now located in /etc)
247     - added README.SuSE
248     - fix some rpmlint warnings
249     * Wed Dec 20 2006 lars@linux-schulserver.de
250     - initial package 2.6
251     Thanks to Craig Millar for the logrotate and initial init file.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed