/[smecontribs]/rpms/denyhosts/contribs10/denyhosts.spec
ViewVC logotype

Annotation of /rpms/denyhosts/contribs10/denyhosts.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Mon Mar 15 03:36:18 2021 UTC (3 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: denyhosts-3_1-11_el7_sme
Changes since 1.1: +17 -27 lines
* Sun Mar 14 2021 Jean-Philippe Pialasse <tests@pialasse.com> 3.1-11.sme
- First release for SME10 [SME: 11459]
  imported from opensuse, reworked spec file to build it on CentOS 7 / SME 10

1 jpp 1.1 #
2     # spec file for package denyhosts
3     #
4     # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
5     #
6     # All modifications and additions to the file contributed by third parties
7     # remain the property of their copyright owners, unless otherwise agreed
8     # upon. The license for this file, and modifications and additions to the
9     # file, is the same license as for the pristine package itself (unless the
10     # license for the pristine package is not an Open Source License, in which
11     # case the license is the MIT License). An "Open Source License" is a
12     # license that conforms to the Open Source Definition (Version 1.9)
13     # published by the Open Source Initiative.
14    
15     # Please submit bugfixes or comments via http://bugs.opensuse.org/
16     #
17 jpp 1.2 %define release 11
18     %define _unitdir /usr/lib/systemd/system/
19     %global with_systemd 1
20 jpp 1.1
21     Name: denyhosts
22     Version: 3.1
23 jpp 1.2 Release: %{release}%{?dist}
24 jpp 1.1 Summary: Utility to help system administrators thwart brute-force ssh hackers
25     License: GPL-2.0-only
26     Group: Productivity/Networking/Security
27     Url: https://github.com/denyhosts/denyhosts
28     Source: %{name}-%{version}.tar.gz
29     Source2: denyhosts.init
30     Source3: logrotate.denyhosts
31     Source4: denyhosts-dh_reenable
32     Source5: denyhosts.README
33     BuildRequires: perl
34     BuildRequires: python-devel
35     BuildRequires: python-ipaddr
36     Requires: python-ipaddr
37     Requires: logrotate
38     Requires: python
39     Requires: rsyslog
40 jpp 1.2 BuildRequires: python-rpm-macros
41     #BuildRequires: systemd-rpm-macros
42     BuildRequires: systemd
43 jpp 1.1 %{?systemd_requires}
44     BuildArch: noarch
45     BuildRoot: %{_tmppath}/%{name}-%{version}-build
46    
47    
48     %description
49     DenyHosts is a python program that automatically blocks ssh attacks by adding
50     entries to %{_sysconfdir}/hosts.deny. DenyHosts will also inform Linux
51     administrators about offending hosts, attacked users and suspicious logins.
52    
53     %prep
54     %setup -q
55    
56     %build
57     export CFLAGS="%{optflags}"
58     python setup.py build
59    
60     %install
61     python setup.py install \
62     --root=%{buildroot} \
63     --prefix=%{_prefix} \
64     --install-scripts=%{_sbindir}
65    
66     #remove bytecode (wrong mtime)
67     find %{buildroot}%{python_sitelib} -name "*.pyc" -delete
68    
69     # create work directory
70     mkdir -p %{buildroot}%{_localstatedir}/lib/denyhosts
71     # install denyhosts-reenable script
72     install -D -m755 %{SOURCE4} %{buildroot}%{_sbindir}/dh_reenable
73     # file containing blocked IP addresses - track it for the user
74     # ('rpm -qf /etc/blacklist' should give a hint)
75     touch %{buildroot}%{_sysconfdir}/blacklist
76    
77     # configuration file
78     sed -i "s|^#SECURE_LOG = /var/log/messages|SECURE_LOG = /var/log/messages|g; \
79     s|^SECURE_LOG = /var/log/auth.log|#SECURE_LOG = /var/log/auth.log|g; \
80     s|^IPTABLES = /sbin/iptables|IPTABLES = /usr/sbin/iptables|g;" \
81     %{buildroot}%{_sysconfdir}/denyhosts.conf
82    
83     # daemon-control-dist
84     sed -i "s|/usr/bin/env python|%{_bindir}/python|g" %{buildroot}%{_sbindir}/daemon-control-dist
85    
86     # init script / systemd service
87 jpp 1.2 %if %{with_systemd}
88 jpp 1.1 install -D -m644 denyhosts.service %{buildroot}%{_unitdir}/denyhosts.service
89     ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcdenyhosts
90     %else
91     install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/denyhosts
92     ln -s %{_sysconfdir}/init.d/denyhosts %{buildroot}%{_sbindir}/rcdenyhosts
93     %endif
94    
95     # logfile handling
96     install -D -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/denyhosts
97     mkdir -p %{buildroot}%{_localstatedir}/log
98     touch %{buildroot}%{_localstatedir}/log/denyhosts
99    
100     # move the main app
101     mv %{buildroot}%{_sbindir}/denyhosts.py %{buildroot}%{_sbindir}/denyhosts
102     sed -i "s|/usr/bin/denyhosts.py|/usr/sbin/denyhosts|g" %{buildroot}%{_unitdir}/denyhosts.service
103    
104     # fix wrong env-path
105     pushd %{buildroot} >/dev/null
106     for i in `find -name "*.py"`; do
107     sed -i "s@\!.*/bin/env.*@\!%{_bindir}/python@g" $i
108     done
109     popd >/dev/null
110    
111     # handle plugins
112     mkdir -p %{buildroot}%{_datadir}/%{name}
113     install -m0755 plugins/*{.sh,py} %{buildroot}%{_datadir}/%{name}
114    
115     # move some files to the documentation directory
116     install -D -m644 %{SOURCE5} %{buildroot}%{_defaultdocdir}/%{name}/README.SUSE
117     install -m0644 plugins/README.contrib %{buildroot}%{_defaultdocdir}/%{name}/
118     install -m0644 *.txt %{buildroot}%{_defaultdocdir}/%{name}/
119     install -m0644 *.md %{buildroot}%{_defaultdocdir}/%{name}/
120     install -m0644 *.conf %{buildroot}%{_defaultdocdir}/%{name}/
121    
122 jpp 1.2 %if %{with_systemd}
123 jpp 1.1 %pre
124     %service_add_pre %{name}.service
125     %endif
126    
127     %post
128 jpp 1.2 %if %{with_systemd}
129 jpp 1.1 %service_add_post %{name}.service
130     %else
131     %{fillup_and_insserv -f denyhosts}
132     %endif
133    
134     %preun
135 jpp 1.2 %if %{with_systemd}
136 jpp 1.1 %service_del_preun %{name}.service
137     %else
138     %stop_on_removal denyhosts
139     %endif
140    
141     %postun
142 jpp 1.2 %if %{with_systemd}
143 jpp 1.1 %service_del_postun %{name}.service
144     %else
145     %insserv_cleanup
146     %endif
147    
148    
149     %files
150     %doc %{_defaultdocdir}/%{name}
151     %if 0%{?suse_version} > 1315
152     %license LICENSE.txt
153     %endif
154     %{_sbindir}/daemon-control-dist
155     %{_sbindir}/denyhosts
156     %{_sbindir}/rcdenyhosts
157     %{_sbindir}/dh_reenable
158     %{python_sitelib}/DenyHosts*
159     %{_mandir}/man8/denyhosts.8.gz
160     %dir %{_localstatedir}/lib/denyhosts
161     %{_datadir}/%{name}
162     %ghost %{_localstatedir}/log/denyhosts
163     %ghost %config(noreplace) %{_sysconfdir}/blacklist
164     %config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
165     %config(noreplace) %{_sysconfdir}/denyhosts.conf
166 jpp 1.2 %if %{with_systemd}
167 jpp 1.1 %{_unitdir}/denyhosts.service
168     %else
169     %attr(755,root,root) %{_sysconfdir}/init.d/denyhosts
170     %endif
171    
172     %changelog
173 jpp 1.2 * Sun Mar 14 2021 Jean-Philippe Pialasse <tests@pialasse.com> 3.1-11.sme
174     - First release for SME10 [SME: 11459]
175     imported from opensuse, reworked spec file to build it on CentOS 7 / SME 10
176    
177 jpp 1.1 * Sat Aug 11 2018 javier@opensuse.org
178     - Update to 3.1
179     + Fixes a bug when moving between Python 2 and Python 3
180     environments
181     + A new check has been added to confirm IP addresses retrieved
182     from the security log are valid
183     + DenyHosts will now (optionally) check for break-in attacks
184     against IMAP services such as Dovecot.
185     + A new dependency has been added, the Python ipaddr library
186     is now a run-time requirement
187     * Mon Jul 2 2018 javier@opensuse.org
188     - Fix path to binary in service file
189     * Mon Mar 12 2018 lars@linux-schulserver.de
190     - update to 3.0
191     + Initial translation of code from Python 2 to Python 3. DenyHosts
192     can now be run as either a Python 2 or a Python 3 program. The new
193     code has been tested with Pyhton 2.7 and Python 3.4. If you require
194     an older version of Python, please continue to use DenyHosts 2.10
195     and let us know of your requirements.
196     + Added patch from Fedora to fix initial sync issue and insure info
197     logging stream is active. (Provided by Jason Tibbitts.)
198     + Added "import logging" to denyhosts.py to avoid errors when setting
199     up logging. (See above change.)
200     + Added option PF_TABLE_FILE to the configuration file. When this option
201     is enabled it causes DenyHosts to write blocked IP addresses to a text
202     file.
203     The default location is /etc/blacklist. This text file should correspond
204     to a PF firewall table.
205     + At start-up, try to create the file specified by HOSTS_DENY. That
206     way we avoid errors later if the file does not exists. Can be a
207     problem on operating systems where /etc/hosts.deny does not exist
208     in the default configuration.
209     + Added regex pattern to detect invalid user accounts. This blocks
210     connections from remote hosts who are attempting to login with
211     accounts not found on the local system. While these connections to
212     non-existent accounts are relatively harmless, they are usually used
213     as part of a brute force attack and filtering them before they
214     reach OpenSSH is a good idea.
215     + Finally, Jan-Pascal has created a sync server for DenyHosts which
216     will allow DenyHosts services to coordinate lists of banned IP addresses.
217     The new sync server is open source (GPLv3) and can be set up on
218     private servers, networks and VPS. We plan to set up our own sync
219     server in the near future. When a sync server is created it will
220     be announced at http://denyhost.sourceforge.net/news.php
221     - require rsyslog to fix the not existing systemd journal support
222     (https://github.com/denyhosts/denyhosts/issues/14) - this resolves
223     boo#960856 until upstream implemented the feature
224     - use provided systemd service on newer distributions
225     - use upstream configuration file instead of own one
226     - removed ALL patches
227     * Wed Jan 5 2011 tejas.guruswamy@opensuse.org
228     - Make package noarch on > 11.2
229     - Run spec-cleaner
230     * Thu Apr 15 2010 lars@linux-schulserver.de
231     - fix dh_reenable as mentioned in bnc #596354
232     (thanks to Patrick Shanahan for the patch!)
233     * Sun Dec 28 2008 lars@linux-schulserver.de
234     - added some Debian patches
235     - enhanced init script
236     - adapted default denyhosts.conf (which is now located in /etc)
237     - added README.SuSE
238     - fix some rpmlint warnings
239     * Wed Dec 20 2006 lars@linux-schulserver.de
240     - initial package 2.6
241     Thanks to Craig Millar for the logrotate and initial init file.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed