smeserver-fail2ban/contribs10/smeserver-fail2ban.spec

%define version 0.1.18
%define release 24
%define name smeserver-fail2ban

Summary: fail2ban integration on SME Server
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
Epoch: 9
License: GPL
Group: Networking/Daemons
Source: %{name}-%{version}.tar.gz
Patch0: smeserver-fail2ban-0.1.18.bz10767-adminpanel.patch
Patch1: smeserver-fail2ban-0.1.18.bz9709-wordpress.patch
Patch2: smeserver-fail2ban-0.1.18.bz10775-sfail2ban.patch
Patch3: smeserver-fail2ban-0.1.18-locale-2019-05-15.patch
Patch4: smeserver-fail2ban-0.1.18-bz10776-wordpress.patch
Patch5: smeserver-fail2ban-0.1.18-bz9669-sogo.patch
Patch6: smeserver-fail2ban-0.1.18-bz10814-denylist-display.patch
Patch7: smeserver-fail2ban-0.1.18-bz10817-configure.patch
Patch8: smeserver-fail2ban-0.1.18.bz10839.patch
Patch9: smeserver-fail2ban-0.1.18.bz10370.patch
Patch10: smeserver-fail2ban-0.1.18-Add-update-to-createlinks.patch
Patch11: smeserver-fail2ban-0.1.18-bz11586-serverfailstostart.patch
Patch12: smeserver-fail2ban-0.1.18-bz11636-smanager.patch
Patch13: smeserver-fail2ban-0.1.18-locale-2021-08-22.patch
Patch14: smeserver-fail2ban-0.1.18-locale-2021-09-08.patch
Patch15: smeserver-fail2ban-0.1.18-bz11586-redofailtostart.patch
Patch16: smeserver-fail2ban-0.1.18-bz11650.patch 
Patch17: smeserver-fail2ban-0.1.18-bz11651-wordpress.patch
Patch18: smeserver-fail2ban-0.1.18-bz10857.patch
Patch19: smeserver-fail2ban-0.1.18-bz10819-whitelisthostfix.patch

BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
BuildRequires: e-smith-devtools

Requires: e-smith-base >= 5.2.0
Requires: fail2ban-server, fail2ban-sendmail
Requires: perl-Data-Validate-IP
Obsoletes: fail2ban-firewalld, firewalld
AutoReqProv: no

%description
Configure fail2ban on SME Server

%changelog
* Thu Dec 09 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-24.sme
- fix adding removing whitelisted hosts [SME: 10819]
  moved config options to dedicated page
- removed apache-badbots.local, lot of false positives [SME: 10857]

* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-22.sme
- fix apache-badbots logfile definition [SME: 10857]
  add updated badbot list.

* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-21.sme
- update wordpress filters [SME: 11651]

* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-20.sme
- allow baning subnet [SME: 11650]

* Wed Oct 27 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1.18-19.sme
- Fix my versioning

* Wed Oct 27 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1.18-18.sme
- Add Requires for perl-Data-Validate-IP [SME: 11720]

* Sun Sep 12 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-17.sme
- redo fix for typo qpsmtpd status [SME: 11636]

* Wed Sep 08 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-16.sme
- Update locale 2021-09-08 patch

* Sun Aug 22 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-15.sme
- Update locale 2021-08-21 patch

* Thu Jul 08 2021 Michel Begue <mab974@gmail.com> 0.1.18-14.sme
- Add fail2ban panel in smeserver-manager  [SME: 11636]
- add smanager jail and filter
- fix typo for qsmtpd status change
- add AutoReqProv so smeserver-manager is not required

* Mon May 31 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-13.sme
- fix requirements and avoid firewalld  [SME: 10949]

* Tue May 25 2021 Terry Fage <tfage@yahoo.com.au> 0.1.18-12.sme
- Server Fails to Start SME10 [SME: 11586]

* Mon Apr 19 2021 Brian Read <brianr@bjsystems.co.uk> 0.1.18-11.sme
- Initial import to SME10 [SME: 10949]
- Add -update event to createlinks.

* Wed Nov 27 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-10.sme
- fix wordpress template error [SME: 10839]
- rewrite rule for [SME: 9719]
- add configurable values for recidive jail [SME: 10370]

* Wed Oct 16 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-9.sme
- propagate configuration changes to fail2ban after submiting changes [SME: 10817]

* Wed Oct 16 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-8.sme
- fix blocked hosts list not displaying unless smeserver-denyhosts also installed [SME: 10814]

* Fri Jul 19 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-7.sme
- prevent fail2ban failure if sogo not installed while a backup restored db entries [SME: 9669]

* Mon Jun 03 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-6.sme
- fix incorrect permissions on sfail2ban [SME: 10775]

* Mon Jun 03 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-5.sme
- fix wordpress fragment error preventing jail.conf to be updated [SME: 10776]

* Tue May 14 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-4.sme
- fix missing sfail2ban exec [SME: 10775]
- Apply locals

* Tue Apr 09 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-3.sme
- add admin panel [SME: 10767]
- add wordpress jails and filters [SME: 9709]

* Fri Oct 27 2017 Daniel Berteaud <daniel@firewall-services.com> - 0.1.18-1.sme
- Ignore greylisting, from Michael McCarn [SME: 10447]

* Thu Nov 17 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.17-1.sme
- Makes sur log files exist before resuming monitoring after a logrotate
  [SME: 9875]

* Tue Aug 2 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.16-1.sme
- Add a new prop (FilterValidRemoteHosts) to allow blacklisting of hosts allowed
  to access the server-manager
- Ignore 0.0.0.0/0.0.0.0 by default [SME: 9719]

* Tue Jul 5 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.15-1.sme
- Fix compat with older qpsmtpd

* Thu Jun 9 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.14-1.sme
- Update regex for qpsmtpd 0.96

* Mon Feb 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.13-1.sme
- Ignore failure to get proxy.pac

* Fri Jul 24 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.12-1.sme
- Updates for fail2ban 0.9.2
- Add more httpd jails
- Switch to upstream Ejabberd filter

* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.11-1.sme
- Start fail2ban a bit later [SME: 8708]

* Tue Jan 27 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.10-1.sme
- Suspend log monitoring during logrotate [SME: 8708]

* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.9-1.sme
- Fix LL::NG jail name

* Wed Sep 17 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.8-1.sme
- Restart fail2ban during logrotate event so it re-open apache log file [SME: 8557]

* Wed Jun 25 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.7-1.sme
- Correctly handle single IP in IgnoreIP prop

* Tue Jun 24 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.6-1.sme
- Relax proxy regex so requests for proxy.pac aren't matched

* Mon Jun 23 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.5-1.sme
- Pre-create the logfile so fail2ban can start the first time
- Remove most warnings on startup

* Wed Apr 23 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.4-1.sme
- New branch for SME9
- Remove sogo-auth.conf which is included in EL6 build of fail2ban

* Wed Dec 18 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.3-1.sme
- Fix port, which was incorrectly set to proto

* Tue Nov 19 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.2-1.sme
- Create the DB entries in one transaction to reduce the amount of log
  for each ban

* Thu Jul 4 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.1-1.sme
- Fix service name for LemonLDAP::NG

* Tue May 14 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1.sme
- initial release

%prep
%setup -q -n %{name}-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1

%build
%{__mkdir_p} root/var/log/fail2ban
perl createlinks

%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root   ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
   --dir /var/log/fail2ban 'attr(0750,root,root)' \
   --file /var/log/fail2ban/daemon.log 'config(noreplace) %attr(0600,root,root)' \
   --file /etc/cron.daily/cleanup_fail2ban 'attr(0755,root,root)' \
   --file /etc/fail2ban/filter.d/apache-auth.local 'config(noreplace) %attr(0644,root,root)' \
   --file /usr/bin/sfail2ban 'attr(0755,root,root)' \
  > %{name}-%{version}-filelist
#--file /etc/fail2ban/filter.d/apache-badbots.local 'config(noreplace) %attr(0644,root,root)' \

%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

%clean
rm -rf $RPM_BUILD_ROOT

%post

%preun
1	%define version 0.1.18
2	%define release 24
3	%define name smeserver-fail2ban
4
5	Summary: fail2ban integration on SME Server
6	Name: %{name}
7	Version: %{version}
8	Release: %{release}%{?dist}
9	Epoch: 9
10	License: GPL
11	Group: Networking/Daemons
12	Source: %{name}-%{version}.tar.gz
13	Patch0: smeserver-fail2ban-0.1.18.bz10767-adminpanel.patch
14	Patch1: smeserver-fail2ban-0.1.18.bz9709-wordpress.patch
15	Patch2: smeserver-fail2ban-0.1.18.bz10775-sfail2ban.patch
16	Patch3: smeserver-fail2ban-0.1.18-locale-2019-05-15.patch
17	Patch4: smeserver-fail2ban-0.1.18-bz10776-wordpress.patch
18	Patch5: smeserver-fail2ban-0.1.18-bz9669-sogo.patch
19	Patch6: smeserver-fail2ban-0.1.18-bz10814-denylist-display.patch
20	Patch7: smeserver-fail2ban-0.1.18-bz10817-configure.patch
21	Patch8: smeserver-fail2ban-0.1.18.bz10839.patch
22	Patch9: smeserver-fail2ban-0.1.18.bz10370.patch
23	Patch10: smeserver-fail2ban-0.1.18-Add-update-to-createlinks.patch
24	Patch11: smeserver-fail2ban-0.1.18-bz11586-serverfailstostart.patch
25	Patch12: smeserver-fail2ban-0.1.18-bz11636-smanager.patch
26	Patch13: smeserver-fail2ban-0.1.18-locale-2021-08-22.patch
27	Patch14: smeserver-fail2ban-0.1.18-locale-2021-09-08.patch
28	Patch15: smeserver-fail2ban-0.1.18-bz11586-redofailtostart.patch
29	Patch16: smeserver-fail2ban-0.1.18-bz11650.patch
30	Patch17: smeserver-fail2ban-0.1.18-bz11651-wordpress.patch
31	Patch18: smeserver-fail2ban-0.1.18-bz10857.patch
32	Patch19: smeserver-fail2ban-0.1.18-bz10819-whitelisthostfix.patch
33
34	BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
35	BuildArchitectures: noarch
36	BuildRequires: e-smith-devtools
37
38	Requires: e-smith-base >= 5.2.0
39	Requires: fail2ban-server, fail2ban-sendmail
40	Requires: perl-Data-Validate-IP
41	Obsoletes: fail2ban-firewalld, firewalld
42	AutoReqProv: no
43
44	%description
45	Configure fail2ban on SME Server
46
47	%changelog
48	* Thu Dec 09 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-24.sme
49	- fix adding removing whitelisted hosts [SME: 10819]
50	moved config options to dedicated page
51	- removed apache-badbots.local, lot of false positives [SME: 10857]
52
53	* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-22.sme
54	- fix apache-badbots logfile definition [SME: 10857]
55	add updated badbot list.
56
57	* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-21.sme
58	- update wordpress filters [SME: 11651]
59
60	* Wed Dec 08 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-20.sme
61	- allow baning subnet [SME: 11650]
62
63	* Wed Oct 27 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1.18-19.sme
64	- Fix my versioning
65
66	* Wed Oct 27 2021 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1.18-18.sme
67	- Add Requires for perl-Data-Validate-IP [SME: 11720]
68
69	* Sun Sep 12 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-17.sme
70	- redo fix for typo qpsmtpd status [SME: 11636]
71
72	* Wed Sep 08 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-16.sme
73	- Update locale 2021-09-08 patch
74
75	* Sun Aug 22 2021 Terry Fage <terry.fage@gmail.com> 0.1.18-15.sme
76	- Update locale 2021-08-21 patch
77
78	* Thu Jul 08 2021 Michel Begue <mab974@gmail.com> 0.1.18-14.sme
79	- Add fail2ban panel in smeserver-manager [SME: 11636]
80	- add smanager jail and filter
81	- fix typo for qsmtpd status change
82	- add AutoReqProv so smeserver-manager is not required
83
84	* Mon May 31 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.1.18-13.sme
85	- fix requirements and avoid firewalld [SME: 10949]
86
87	* Tue May 25 2021 Terry Fage <tfage@yahoo.com.au> 0.1.18-12.sme
88	- Server Fails to Start SME10 [SME: 11586]
89
90	* Mon Apr 19 2021 Brian Read <brianr@bjsystems.co.uk> 0.1.18-11.sme
91	- Initial import to SME10 [SME: 10949]
92	- Add -update event to createlinks.
93
94	* Wed Nov 27 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-10.sme
95	- fix wordpress template error [SME: 10839]
96	- rewrite rule for [SME: 9719]
97	- add configurable values for recidive jail [SME: 10370]
98
99	* Wed Oct 16 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-9.sme
100	- propagate configuration changes to fail2ban after submiting changes [SME: 10817]
101
102	* Wed Oct 16 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-8.sme
103	- fix blocked hosts list not displaying unless smeserver-denyhosts also installed [SME: 10814]
104
105	* Fri Jul 19 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-7.sme
106	- prevent fail2ban failure if sogo not installed while a backup restored db entries [SME: 9669]
107
108	* Mon Jun 03 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-6.sme
109	- fix incorrect permissions on sfail2ban [SME: 10775]
110
111	* Mon Jun 03 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-5.sme
112	- fix wordpress fragment error preventing jail.conf to be updated [SME: 10776]
113
114	* Tue May 14 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-4.sme
115	- fix missing sfail2ban exec [SME: 10775]
116	- Apply locals
117
118	* Tue Apr 09 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-3.sme
119	- add admin panel [SME: 10767]
120	- add wordpress jails and filters [SME: 9709]
121
122	* Fri Oct 27 2017 Daniel Berteaud <daniel@firewall-services.com> - 0.1.18-1.sme
123	- Ignore greylisting, from Michael McCarn [SME: 10447]
124
125	* Thu Nov 17 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.17-1.sme
126	- Makes sur log files exist before resuming monitoring after a logrotate
127	[SME: 9875]
128
129	* Tue Aug 2 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.16-1.sme
130	- Add a new prop (FilterValidRemoteHosts) to allow blacklisting of hosts allowed
131	to access the server-manager
132	- Ignore 0.0.0.0/0.0.0.0 by default [SME: 9719]
133
134	* Tue Jul 5 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.15-1.sme
135	- Fix compat with older qpsmtpd
136
137	* Thu Jun 9 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.14-1.sme
138	- Update regex for qpsmtpd 0.96
139
140	* Mon Feb 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.13-1.sme
141	- Ignore failure to get proxy.pac
142
143	* Fri Jul 24 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.12-1.sme
144	- Updates for fail2ban 0.9.2
145	- Add more httpd jails
146	- Switch to upstream Ejabberd filter
147
148	* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.11-1.sme
149	- Start fail2ban a bit later [SME: 8708]
150
151	* Tue Jan 27 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.10-1.sme
152	- Suspend log monitoring during logrotate [SME: 8708]
153
154	* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com> - 0.1.9-1.sme
155	- Fix LL::NG jail name
156
157	* Wed Sep 17 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.8-1.sme
158	- Restart fail2ban during logrotate event so it re-open apache log file [SME: 8557]
159
160	* Wed Jun 25 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.7-1.sme
161	- Correctly handle single IP in IgnoreIP prop
162
163	* Tue Jun 24 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.6-1.sme
164	- Relax proxy regex so requests for proxy.pac aren't matched
165
166	* Mon Jun 23 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.5-1.sme
167	- Pre-create the logfile so fail2ban can start the first time
168	- Remove most warnings on startup
169
170	* Wed Apr 23 2014 Daniel Berteaud <daniel@firewall-services.com> - 0.1.4-1.sme
171	- New branch for SME9
172	- Remove sogo-auth.conf which is included in EL6 build of fail2ban
173
174	* Wed Dec 18 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.3-1.sme
175	- Fix port, which was incorrectly set to proto
176
177	* Tue Nov 19 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.2-1.sme
178	- Create the DB entries in one transaction to reduce the amount of log
179	for each ban
180
181	* Thu Jul 4 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.1-1.sme
182	- Fix service name for LemonLDAP::NG
183
184	* Tue May 14 2013 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1.sme
185	- initial release
186
187	%prep
188	%setup -q -n %{name}-%{version}
189	%patch0 -p1
190	%patch1 -p1
191	%patch2 -p1
192	%patch3 -p1
193	%patch4 -p1
194	%patch5 -p1
195	%patch6 -p1
196	%patch7 -p1
197	%patch8 -p1
198	%patch9 -p1
199	%patch10 -p1
200	%patch11 -p1
201	%patch12 -p1
202	%patch13 -p1
203	%patch14 -p1
204	%patch15 -p1
205	%patch16 -p1
206	%patch17 -p1
207	%patch18 -p1
208	%patch19 -p1
209
210	%build
211	%{__mkdir_p} root/var/log/fail2ban
212	perl createlinks
213
214	%install
215	/bin/rm -rf $RPM_BUILD_ROOT
216	(cd root ; /usr/bin/find . -depth -print \| /bin/cpio -dump $RPM_BUILD_ROOT)
217	/bin/rm -f %{name}-%{version}-filelist
218	/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
219	--dir /var/log/fail2ban 'attr(0750,root,root)' \
220	--file /var/log/fail2ban/daemon.log 'config(noreplace) %attr(0600,root,root)' \
221	--file /etc/cron.daily/cleanup_fail2ban 'attr(0755,root,root)' \
222	--file /etc/fail2ban/filter.d/apache-auth.local 'config(noreplace) %attr(0644,root,root)' \
223	--file /usr/bin/sfail2ban 'attr(0755,root,root)' \
224	> %{name}-%{version}-filelist
225	#--file /etc/fail2ban/filter.d/apache-badbots.local 'config(noreplace) %attr(0644,root,root)' \
226
227	%files -f %{name}-%{version}-filelist
228	%defattr(-,root,root)
229
230	%clean
231	rm -rf $RPM_BUILD_ROOT
232
233	%post
234
235	%preun