/[smecontribs]/rpms/denyhosts/contribs10/denyhosts.spec
ViewVC logotype

Contents of /rpms/denyhosts/contribs10/denyhosts.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.3 - (show annotations) (download)
Mon Mar 15 05:25:59 2021 UTC (3 years, 7 months ago) by jpp
Branch: MAIN
CVS Tags: denyhosts-3_1-12_el7_sme, HEAD
Changes since 1.2: +27 -26 lines
* Sun Mar 14 2021 Jean-Philippe Pialasse <tests@pialasse.com> 3.1-11.sme
- First release for SME10 [SME: 11459]
  imported from opensuse, reworked spec file to build it on CentOS 7 / SME 10
- remove systemd pre post scriptlet, do not have macros, and we use SME to register service

1 #
2 # spec file for package denyhosts
3 #
4 # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
5 #
6 # All modifications and additions to the file contributed by third parties
7 # remain the property of their copyright owners, unless otherwise agreed
8 # upon. The license for this file, and modifications and additions to the
9 # file, is the same license as for the pristine package itself (unless the
10 # license for the pristine package is not an Open Source License, in which
11 # case the license is the MIT License). An "Open Source License" is a
12 # license that conforms to the Open Source Definition (Version 1.9)
13 # published by the Open Source Initiative.
14
15 # Please submit bugfixes or comments via http://bugs.opensuse.org/
16 #
17 %define release 12
18 %define _unitdir /usr/lib/systemd/system/
19 %global with_systemd 1
20
21 Name: denyhosts
22 Version: 3.1
23 Release: %{release}%{?dist}
24 Summary: Utility to help system administrators thwart brute-force ssh hackers
25 License: GPL-2.0-only
26 Group: Productivity/Networking/Security
27 Url: https://github.com/denyhosts/denyhosts
28 Source: %{name}-%{version}.tar.gz
29 Source2: denyhosts.init
30 Source3: logrotate.denyhosts
31 Source4: denyhosts-dh_reenable
32 Source5: denyhosts.README
33 BuildRequires: perl
34 BuildRequires: python-devel
35 BuildRequires: python-ipaddr
36 Requires: python-ipaddr
37 Requires: logrotate
38 Requires: python
39 Requires: rsyslog
40 BuildRequires: python-rpm-macros
41 #BuildRequires: systemd-rpm-macros
42 BuildRequires: systemd
43 %{?systemd_requires}
44 BuildArch: noarch
45 BuildRoot: %{_tmppath}/%{name}-%{version}-build
46
47
48 %description
49 DenyHosts is a python program that automatically blocks ssh attacks by adding
50 entries to %{_sysconfdir}/hosts.deny. DenyHosts will also inform Linux
51 administrators about offending hosts, attacked users and suspicious logins.
52
53 %prep
54 %setup -q
55
56 %build
57 export CFLAGS="%{optflags}"
58 python setup.py build
59
60 %install
61 python setup.py install \
62 --root=%{buildroot} \
63 --prefix=%{_prefix} \
64 --install-scripts=%{_sbindir}
65
66 #remove bytecode (wrong mtime)
67 find %{buildroot}%{python_sitelib} -name "*.pyc" -delete
68
69 # create work directory
70 mkdir -p %{buildroot}%{_localstatedir}/lib/denyhosts
71 # install denyhosts-reenable script
72 install -D -m755 %{SOURCE4} %{buildroot}%{_sbindir}/dh_reenable
73 # file containing blocked IP addresses - track it for the user
74 # ('rpm -qf /etc/blacklist' should give a hint)
75 touch %{buildroot}%{_sysconfdir}/blacklist
76
77 # configuration file
78 sed -i "s|^#SECURE_LOG = /var/log/messages|SECURE_LOG = /var/log/messages|g; \
79 s|^SECURE_LOG = /var/log/auth.log|#SECURE_LOG = /var/log/auth.log|g; \
80 s|^IPTABLES = /sbin/iptables|IPTABLES = /usr/sbin/iptables|g;" \
81 %{buildroot}%{_sysconfdir}/denyhosts.conf
82
83 # daemon-control-dist
84 sed -i "s|/usr/bin/env python|%{_bindir}/python|g" %{buildroot}%{_sbindir}/daemon-control-dist
85
86 # init script / systemd service
87 %if %{with_systemd}
88 install -D -m644 denyhosts.service %{buildroot}%{_unitdir}/denyhosts.service
89 ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcdenyhosts
90 %else
91 install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/denyhosts
92 ln -s %{_sysconfdir}/init.d/denyhosts %{buildroot}%{_sbindir}/rcdenyhosts
93 %endif
94
95 # logfile handling
96 install -D -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/denyhosts
97 mkdir -p %{buildroot}%{_localstatedir}/log
98 touch %{buildroot}%{_localstatedir}/log/denyhosts
99
100 # move the main app
101 mv %{buildroot}%{_sbindir}/denyhosts.py %{buildroot}%{_sbindir}/denyhosts
102 sed -i "s|/usr/bin/denyhosts.py|/usr/sbin/denyhosts|g" %{buildroot}%{_unitdir}/denyhosts.service
103
104 # fix wrong env-path
105 pushd %{buildroot} >/dev/null
106 for i in `find -name "*.py"`; do
107 sed -i "s@\!.*/bin/env.*@\!%{_bindir}/python@g" $i
108 done
109 popd >/dev/null
110
111 # handle plugins
112 mkdir -p %{buildroot}%{_datadir}/%{name}
113 install -m0755 plugins/*{.sh,py} %{buildroot}%{_datadir}/%{name}
114
115 # move some files to the documentation directory
116 install -D -m644 %{SOURCE5} %{buildroot}%{_defaultdocdir}/%{name}/README.SUSE
117 install -m0644 plugins/README.contrib %{buildroot}%{_defaultdocdir}/%{name}/
118 install -m0644 *.txt %{buildroot}%{_defaultdocdir}/%{name}/
119 install -m0644 *.md %{buildroot}%{_defaultdocdir}/%{name}/
120 install -m0644 *.conf %{buildroot}%{_defaultdocdir}/%{name}/
121
122 #% if %{with_systemd}
123 #% pre
124 #% service_add_pre %{name}.service
125 #% endif
126
127 #% post
128 #% if %{with_systemd}
129 #% service_add_post %{name}.service
130 #% else
131 #% {fillup_and_insserv -f denyhosts}
132 #% endif
133
134 #% preun
135 #% if %{with_systemd}
136 #% service_del_preun %{name}.service
137 #% else
138 #% stop_on_removal denyhosts
139 #% endif
140
141 #% postun
142 #% if %{with_systemd}
143 #% service_del_postun %{name}.service
144 #% else
145 #% insserv_cleanup
146 #% endif
147
148
149 %files
150 %doc %{_defaultdocdir}/%{name}
151 %if 0%{?suse_version} > 1315
152 %license LICENSE.txt
153 %endif
154 %{_sbindir}/daemon-control-dist
155 %{_sbindir}/denyhosts
156 %{_sbindir}/rcdenyhosts
157 %{_sbindir}/dh_reenable
158 %{python_sitelib}/DenyHosts*
159 %{_mandir}/man8/denyhosts.8.gz
160 %dir %{_localstatedir}/lib/denyhosts
161 %{_datadir}/%{name}
162 %ghost %{_localstatedir}/log/denyhosts
163 %ghost %config(noreplace) %{_sysconfdir}/blacklist
164 %config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
165 %config(noreplace) %{_sysconfdir}/denyhosts.conf
166 %if %{with_systemd}
167 %{_unitdir}/denyhosts.service
168 %else
169 %attr(755,root,root) %{_sysconfdir}/init.d/denyhosts
170 %endif
171
172 %changelog
173 * Sun Mar 14 2021 Jean-Philippe Pialasse <tests@pialasse.com> 3.1-11.sme
174 - First release for SME10 [SME: 11459]
175 imported from opensuse, reworked spec file to build it on CentOS 7 / SME 10
176 - remove systemd pre post scriptlet, do not have macros, and we use SME to register service
177
178 * Sat Aug 11 2018 javier@opensuse.org
179 - Update to 3.1
180 + Fixes a bug when moving between Python 2 and Python 3
181 environments
182 + A new check has been added to confirm IP addresses retrieved
183 from the security log are valid
184 + DenyHosts will now (optionally) check for break-in attacks
185 against IMAP services such as Dovecot.
186 + A new dependency has been added, the Python ipaddr library
187 is now a run-time requirement
188 * Mon Jul 2 2018 javier@opensuse.org
189 - Fix path to binary in service file
190 * Mon Mar 12 2018 lars@linux-schulserver.de
191 - update to 3.0
192 + Initial translation of code from Python 2 to Python 3. DenyHosts
193 can now be run as either a Python 2 or a Python 3 program. The new
194 code has been tested with Pyhton 2.7 and Python 3.4. If you require
195 an older version of Python, please continue to use DenyHosts 2.10
196 and let us know of your requirements.
197 + Added patch from Fedora to fix initial sync issue and insure info
198 logging stream is active. (Provided by Jason Tibbitts.)
199 + Added "import logging" to denyhosts.py to avoid errors when setting
200 up logging. (See above change.)
201 + Added option PF_TABLE_FILE to the configuration file. When this option
202 is enabled it causes DenyHosts to write blocked IP addresses to a text
203 file.
204 The default location is /etc/blacklist. This text file should correspond
205 to a PF firewall table.
206 + At start-up, try to create the file specified by HOSTS_DENY. That
207 way we avoid errors later if the file does not exists. Can be a
208 problem on operating systems where /etc/hosts.deny does not exist
209 in the default configuration.
210 + Added regex pattern to detect invalid user accounts. This blocks
211 connections from remote hosts who are attempting to login with
212 accounts not found on the local system. While these connections to
213 non-existent accounts are relatively harmless, they are usually used
214 as part of a brute force attack and filtering them before they
215 reach OpenSSH is a good idea.
216 + Finally, Jan-Pascal has created a sync server for DenyHosts which
217 will allow DenyHosts services to coordinate lists of banned IP addresses.
218 The new sync server is open source (GPLv3) and can be set up on
219 private servers, networks and VPS. We plan to set up our own sync
220 server in the near future. When a sync server is created it will
221 be announced at http://denyhost.sourceforge.net/news.php
222 - require rsyslog to fix the not existing systemd journal support
223 (https://github.com/denyhosts/denyhosts/issues/14) - this resolves
224 boo#960856 until upstream implemented the feature
225 - use provided systemd service on newer distributions
226 - use upstream configuration file instead of own one
227 - removed ALL patches
228 * Wed Jan 5 2011 tejas.guruswamy@opensuse.org
229 - Make package noarch on > 11.2
230 - Run spec-cleaner
231 * Thu Apr 15 2010 lars@linux-schulserver.de
232 - fix dh_reenable as mentioned in bnc #596354
233 (thanks to Patrick Shanahan for the patch!)
234 * Sun Dec 28 2008 lars@linux-schulserver.de
235 - added some Debian patches
236 - enhanced init script
237 - adapted default denyhosts.conf (which is now located in /etc)
238 - added README.SuSE
239 - fix some rpmlint warnings
240 * Wed Dec 20 2006 lars@linux-schulserver.de
241 - initial package 2.6
242 Thanks to Craig Millar for the logrotate and initial init file.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed