Compare commits
1 commit
rawhide
...
epel8-play
| Author | SHA1 | Date | |
|---|---|---|---|
|
21dbebb8d1 |
18 changed files with 1 additions and 2084 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1 +0,0 @@
|
|||
/fail2ban-*/
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
From 04ff4c060cdc233af9a6deeb85a6523da0416f31 Mon Sep 17 00:00:00 2001
|
||||
From: Nic Boet <nic@boet.cc>
|
||||
Date: Fri, 13 Jun 2025 16:44:57 -0500
|
||||
Subject: [PATCH] Dovecot 2.4 filter support
|
||||
|
||||
Dovecot 2.4 release is a major upgrade
|
||||
Logger event structure has changed, all messages are now
|
||||
prefixed with:
|
||||
|
||||
"Login aborted: " <reason> "auth failed"
|
||||
|
||||
Maintain 2.3 support as many folks have yet to migrate,
|
||||
community edition is still receiving cretial security patches
|
||||
|
||||
Dovecot 2.4.1
|
||||
Python 3.12.10
|
||||
|
||||
Signed-off-by: Nic Boet <nic@boet.cc>
|
||||
---
|
||||
config/filter.d/dovecot.conf | 2 ++
|
||||
fail2ban/tests/files/logs/dovecot | 6 ++++++
|
||||
2 files changed, 8 insertions(+)
|
||||
|
||||
diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
|
||||
index dc3ebbcd42..f49eebe726 100644
|
||||
--- a/config/filter.d/dovecot.conf
|
||||
+++ b/config/filter.d/dovecot.conf
|
||||
@@ -17,6 +17,7 @@ prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_a
|
||||
|
||||
failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1> uid=\S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER> rhost=<HOST>(?:\s+user=<F-ALT_USER>\S*</F-ALT_USER>)?\s*$
|
||||
^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
|
||||
+ ^(?:Login aborted):\s*%(_bypass_reject_reason)s.*?\((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\)(?:\s*\([^)]+\))?:\s*(?:user=<<F-USER>[^>]*</F-USER>>,?\s*)?(?:,?\s*method=\S+,\s*)?rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
|
||||
^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
|
||||
^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
|
||||
<mdre-<mode>>
|
||||
@@ -43,6 +44,7 @@ datepattern = {^LN-BEG}TAI64N
|
||||
# DEV Notes:
|
||||
# * the first regex is essentially a copy of pam-generic.conf
|
||||
# * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
|
||||
+# * Dovecot version 2.4 changed event log structure, line prior needed to maintain 2.3 support
|
||||
#
|
||||
# Author: Martin Waschbuesch
|
||||
# Daniel Black (rewrote with begin and end anchors)
|
||||
diff --git a/fail2ban/tests/files/logs/dovecot b/fail2ban/tests/files/logs/dovecot
|
||||
index 0e33296129..4f5a0b7867 100644
|
||||
--- a/fail2ban/tests/files/logs/dovecot
|
||||
+++ b/fail2ban/tests/files/logs/dovecot
|
||||
@@ -22,6 +22,12 @@ Jun 14 00:48:21 platypus dovecot: imap-login: Disconnected (auth failed, 1 attem
|
||||
# failJSON: { "time": "2005-06-23T00:52:43", "match": true , "host": "193.95.245.163" }
|
||||
Jun 23 00:52:43 vhost1-ua dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts): user=<info>, method=PLAIN, rip=193.95.245.163, lip=176.214.13.210
|
||||
|
||||
+# Dovecot version 2.4
|
||||
+# failJSON: { "time": "2005-06-12T19:07:29", "match": true , "host": "192.0.2.241" }
|
||||
+Jun 12 19:07:29 hostname dovecot[241]: imap-login: Login aborted: Connection closed (auth failed, 3 attempts in 16 secs) (auth_failed): user=<test>, method=PLAIN, rip=192.0.2.241, lip=203.0.113.104, TLS, session=<9ZHq02g3J8S60fan>
|
||||
+# failJSON: { "time": "2005-06-13T16:35:56", "match": true , "host": "192.0.2.241" }
|
||||
+Jun 13 16:35:56 mx dovecot[241]: managesieve-login: Login aborted: Logged out (auth failed, 1 attempts in 10 secs) (auth_failed): user=<user@domain>, method=PLAIN, rip=192.0.2.241, lip=203.0.113.104, TLS, session=<Dp8j1Ho3suQYdo+k>
|
||||
+
|
||||
# failJSON: { "time": "2005-07-02T13:49:31", "match": true , "host": "192.51.100.13" }
|
||||
Jul 02 13:49:31 hostname dovecot[442]: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=<test>, method=PLAIN, rip=192.51.100.13, lip=203.0.113.17, session=<YADINsQCDs5BH8Pg>
|
||||
|
||||
160
3728.patch
160
3728.patch
|
|
@ -1,160 +0,0 @@
|
|||
From a763fbbdfd6486e372965b4009eb3fe5db346718 Mon Sep 17 00:00:00 2001
|
||||
From: Branch Vincent <branchevincent@gmail.com>
|
||||
Date: Sat, 27 Apr 2024 10:24:01 -0700
|
||||
Subject: [PATCH 1/3] replace distutils for python 3.12
|
||||
|
||||
---
|
||||
doc/conf.py | 5 +----
|
||||
fail2ban/server/filterpyinotify.py | 3 +--
|
||||
fail2ban/server/filtersystemd.py | 3 +--
|
||||
3 files changed, 3 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/doc/conf.py b/doc/conf.py
|
||||
index 20845a5a0e..48d27f7062 100644
|
||||
--- a/doc/conf.py
|
||||
+++ b/doc/conf.py
|
||||
@@ -47,12 +47,9 @@
|
||||
#
|
||||
|
||||
from fail2ban.version import version as fail2ban_version
|
||||
-from distutils.version import LooseVersion
|
||||
-
|
||||
-fail2ban_loose_version = LooseVersion(fail2ban_version)
|
||||
|
||||
# The short X.Y version.
|
||||
-version = ".".join(str(_) for _ in fail2ban_loose_version.version[:2])
|
||||
+version = ".".join(str(_) for _ in fail2ban_version.split(".")[:2])
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = fail2ban_version
|
||||
|
||||
diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
|
||||
index 81bc7de393..c6972ced3f 100644
|
||||
--- a/fail2ban/server/filterpyinotify.py
|
||||
+++ b/fail2ban/server/filterpyinotify.py
|
||||
@@ -24,7 +24,6 @@
|
||||
__license__ = "GPL"
|
||||
|
||||
import logging
|
||||
-from distutils.version import LooseVersion
|
||||
import os
|
||||
from os.path import dirname, sep as pathsep
|
||||
|
||||
@@ -38,7 +37,7 @@
|
||||
|
||||
|
||||
if not hasattr(pyinotify, '__version__') \
|
||||
- or LooseVersion(pyinotify.__version__) < '0.8.3': # pragma: no cover
|
||||
+ or pyinotify.__version__.split(".") < '0.8.3'.split("."): # pragma: no cover
|
||||
raise ImportError("Fail2Ban requires pyinotify >= 0.8.3")
|
||||
|
||||
# Verify that pyinotify is functional on this system
|
||||
diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
|
||||
index 5aea9fdadc..2d4f862b97 100644
|
||||
--- a/fail2ban/server/filtersystemd.py
|
||||
+++ b/fail2ban/server/filtersystemd.py
|
||||
@@ -24,10 +24,9 @@
|
||||
|
||||
import os
|
||||
import time
|
||||
-from distutils.version import LooseVersion
|
||||
|
||||
from systemd import journal
|
||||
-if LooseVersion(getattr(journal, '__version__', "0")) < '204':
|
||||
+if getattr(journal, "__version__", "0").split(".") < "204".split("."):
|
||||
raise ImportError("Fail2Ban requires systemd >= 204")
|
||||
|
||||
from .failmanager import FailManagerEmpty
|
||||
|
||||
From ed20a9a5b9039319dd8913dfecf640e6eafee28b Mon Sep 17 00:00:00 2001
|
||||
From: sebres <info@sebres.de>
|
||||
Date: Tue, 7 May 2024 12:51:14 +0200
|
||||
Subject: [PATCH 2/3] there is no systemd < 204 and pyinotify < 0.8.3 for
|
||||
supported python3 versions anymore
|
||||
|
||||
---
|
||||
fail2ban/server/filterpyinotify.py | 4 ----
|
||||
fail2ban/server/filtersystemd.py | 2 --
|
||||
2 files changed, 6 deletions(-)
|
||||
|
||||
diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
|
||||
index c6972ced3f..f2f31e6fb5 100644
|
||||
--- a/fail2ban/server/filterpyinotify.py
|
||||
+++ b/fail2ban/server/filterpyinotify.py
|
||||
@@ -36,10 +36,6 @@
|
||||
from ..helpers import getLogger
|
||||
|
||||
|
||||
-if not hasattr(pyinotify, '__version__') \
|
||||
- or pyinotify.__version__.split(".") < '0.8.3'.split("."): # pragma: no cover
|
||||
- raise ImportError("Fail2Ban requires pyinotify >= 0.8.3")
|
||||
-
|
||||
# Verify that pyinotify is functional on this system
|
||||
# Even though imports -- might be dysfunctional, e.g. as on kfreebsd
|
||||
try:
|
||||
diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
|
||||
index 2d4f862b97..abd66e1f76 100644
|
||||
--- a/fail2ban/server/filtersystemd.py
|
||||
+++ b/fail2ban/server/filtersystemd.py
|
||||
@@ -26,8 +26,6 @@
|
||||
import time
|
||||
|
||||
from systemd import journal
|
||||
-if getattr(journal, "__version__", "0").split(".") < "204".split("."):
|
||||
- raise ImportError("Fail2Ban requires systemd >= 204")
|
||||
|
||||
from .failmanager import FailManagerEmpty
|
||||
from .filter import JournalFilter, Filter
|
||||
|
||||
From 0185e1c7d5e6534ab212462dd2aeab6f89e2fb50 Mon Sep 17 00:00:00 2001
|
||||
From: sebres <info@sebres.de>
|
||||
Date: Tue, 7 May 2024 13:06:50 +0200
|
||||
Subject: [PATCH 3/3] setup.py: no distutils anymore
|
||||
|
||||
---
|
||||
setup.py | 25 ++++++-------------------
|
||||
1 file changed, 6 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/setup.py b/setup.py
|
||||
index 9f7bd8fb59..ee9ea4df82 100755
|
||||
--- a/setup.py
|
||||
+++ b/setup.py
|
||||
@@ -24,23 +24,10 @@
|
||||
|
||||
import platform
|
||||
|
||||
-try:
|
||||
- import setuptools
|
||||
- from setuptools import setup
|
||||
- from setuptools.command.install import install
|
||||
- from setuptools.command.install_scripts import install_scripts
|
||||
- from setuptools.command.build_py import build_py
|
||||
- build_scripts = None
|
||||
-except ImportError:
|
||||
- setuptools = None
|
||||
- from distutils.core import setup
|
||||
-
|
||||
-# older versions
|
||||
-if setuptools is None:
|
||||
- from distutils.command.build_py import build_py
|
||||
- from distutils.command.build_scripts import build_scripts
|
||||
- from distutils.command.install import install
|
||||
- from distutils.command.install_scripts import install_scripts
|
||||
+import setuptools
|
||||
+from setuptools import setup
|
||||
+from setuptools.command.install import install
|
||||
+from setuptools.command.install_scripts import install_scripts
|
||||
|
||||
import os
|
||||
from os.path import isfile, join, isdir, realpath
|
||||
@@ -207,9 +194,9 @@ def run(self):
|
||||
url = "http://www.fail2ban.org",
|
||||
license = "GPL",
|
||||
platforms = "Posix",
|
||||
- cmdclass = dict({'build_py': build_py, 'build_scripts': build_scripts} if build_scripts else {}, **{
|
||||
+ cmdclass = {
|
||||
'install_scripts': install_scripts_f2b, 'install': install_command_f2b
|
||||
- }),
|
||||
+ },
|
||||
scripts = [
|
||||
'bin/fail2ban-client',
|
||||
'bin/fail2ban-server',
|
||||
94
3782.patch
94
3782.patch
|
|
@ -1,94 +0,0 @@
|
|||
From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001
|
||||
From: Fabian Dellwing <fabian.dellwing@mbconnectline.de>
|
||||
Date: Tue, 2 Jul 2024 07:54:15 +0200
|
||||
Subject: [PATCH 1/5] Adjust sshd filter for OpenSSH 9.8 new daemon name
|
||||
|
||||
---
|
||||
config/filter.d/sshd.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
|
||||
index 1c8a02deb5..a1fd749aed 100644
|
||||
--- a/config/filter.d/sshd.conf
|
||||
+++ b/config/filter.d/sshd.conf
|
||||
@@ -16,7 +16,7 @@ before = common.conf
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
-_daemon = sshd
|
||||
+_daemon = (?:sshd(?:-session)?)
|
||||
|
||||
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
|
||||
__pref = (?:(?:error|fatal): (?:PAM: )?)?
|
||||
|
||||
From 7b335f47ea112e2a36e59287582e613aef2fa0a3 Mon Sep 17 00:00:00 2001
|
||||
From: "Sergey G. Brester" <serg.brester@sebres.de>
|
||||
Date: Wed, 3 Jul 2024 19:09:28 +0200
|
||||
Subject: [PATCH 2/5] sshd: add test coverage for new format, gh-3782
|
||||
|
||||
---
|
||||
fail2ban/tests/files/logs/sshd | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd
|
||||
index ed54ded4d4..7d3948ed80 100644
|
||||
--- a/fail2ban/tests/files/logs/sshd
|
||||
+++ b/fail2ban/tests/files/logs/sshd
|
||||
@@ -20,6 +20,9 @@ Feb 25 14:34:10 belka sshd[31603]: Failed password for invalid user ROOT from aa
|
||||
# failJSON: { "time": "2005-02-25T14:34:11", "match": true , "host": "aaaa:bbbb:cccc:1234::1:1" }
|
||||
Feb 25 14:34:11 belka sshd[31603]: Failed password for invalid user ROOT from aaaa:bbbb:cccc:1234::1:1
|
||||
|
||||
+# failJSON: { "time": "2005-07-03T14:59:17", "match": true , "host": "192.0.2.1", "desc": "new log with session in daemon prefix, gh-3782" }
|
||||
+Jul 3 14:59:17 host sshd-session[1571]: Failed password for root from 192.0.2.1 port 56502 ssh2
|
||||
+
|
||||
#3
|
||||
# failJSON: { "time": "2005-01-05T01:31:41", "match": true , "host": "1.2.3.4" }
|
||||
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
|
||||
|
||||
From 8360776ce1b119d519a842069c73bec7f5e24fad Mon Sep 17 00:00:00 2001
|
||||
From: "Sergey G. Brester" <serg.brester@sebres.de>
|
||||
Date: Wed, 3 Jul 2024 19:33:39 +0200
|
||||
Subject: [PATCH 3/5] zzz-sshd-obsolete-multiline.conf: adjusted to new
|
||||
sshd-session log format
|
||||
|
||||
---
|
||||
fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
|
||||
index ad8adeb69f..14256ba68c 100644
|
||||
--- a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
|
||||
+++ b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
|
||||
@@ -9,7 +9,7 @@ before = ../../../../config/filter.d/common.conf
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
-_daemon = sshd
|
||||
+_daemon = sshd(?:-session)?
|
||||
|
||||
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
|
||||
__pref = (?:(?:error|fatal): (?:PAM: )?)?
|
||||
|
||||
From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001
|
||||
From: "Sergey G. Brester" <serg.brester@sebres.de>
|
||||
Date: Wed, 3 Jul 2024 19:35:28 +0200
|
||||
Subject: [PATCH 4/5] filter.d/sshd.conf: ungroup (unneeded for _daemon)
|
||||
|
||||
---
|
||||
config/filter.d/sshd.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
|
||||
index a1fd749aed..3a84b1ba52 100644
|
||||
--- a/config/filter.d/sshd.conf
|
||||
+++ b/config/filter.d/sshd.conf
|
||||
@@ -16,7 +16,7 @@ before = common.conf
|
||||
|
||||
[DEFAULT]
|
||||
|
||||
-_daemon = (?:sshd(?:-session)?)
|
||||
+_daemon = sshd(?:-session)?
|
||||
|
||||
# optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
|
||||
__pref = (?:(?:error|fatal): (?:PAM: )?)?
|
||||
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
From 54c0effceb998b73545073ac59c479d9d9bf19a4 Mon Sep 17 00:00:00 2001
|
||||
From: sebres <info@sebres.de>
|
||||
Date: Sun, 11 Aug 2024 12:10:12 +0200
|
||||
Subject: [PATCH] filter.d/sshd.conf: amend to #3747/#3812 (new ssh version
|
||||
would log with `_COMM=sshd-session`)
|
||||
|
||||
---
|
||||
config/filter.d/sshd.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
|
||||
index 206b913a78..595e957f0b 100644
|
||||
--- a/config/filter.d/sshd.conf
|
||||
+++ b/config/filter.d/sshd.conf
|
||||
@@ -126,7 +126,7 @@ ignoreregex =
|
||||
|
||||
maxlines = 1
|
||||
|
||||
-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
|
||||
+journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + _COMM=sshd-session
|
||||
|
||||
# DEV Notes:
|
||||
#
|
||||
26
Makefile
26
Makefile
|
|
@ -1,26 +0,0 @@
|
|||
TARGET?=fail2ban
|
||||
MODULES?=${TARGET:=.pp.bz2}
|
||||
SHAREDIR?=/usr/share
|
||||
|
||||
all: ${TARGET:=.pp.bz2}
|
||||
|
||||
%.pp.bz2: %.pp
|
||||
@echo Compressing $^ -\> $@
|
||||
bzip2 -9 $^
|
||||
|
||||
%.pp: %.te
|
||||
make -f ${SHAREDIR}/selinux/devel/Makefile $@
|
||||
|
||||
clean:
|
||||
rm -f *~ *.tc *.pp *.pp.bz2
|
||||
rm -rf tmp *.tar.gz
|
||||
|
||||
man: install-policy
|
||||
sepolicy manpage --path . --domain ${TARGET}_t
|
||||
|
||||
install-policy: all
|
||||
semodule -i ${TARGET}.pp.bz2
|
||||
|
||||
install: man
|
||||
install -D -m 644 ${TARGET}.pp.bz2 ${DESTDIR}${SHAREDIR}/selinux/packages/${TARGET}.pp.bz2
|
||||
install -D -m 644 ${TARGET}_selinux.8 ${DESTDIR}${SHAREDIR}/man/man8/
|
||||
|
|
@ -1,148 +0,0 @@
|
|||
From ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b Mon Sep 17 00:00:00 2001
|
||||
From: sebres <info@sebres.de>
|
||||
Date: Fri, 14 Jun 2024 14:31:21 +0200
|
||||
Subject: [PATCH] beautifier detect whether it can use unicode chars in stats
|
||||
table; asciified output of beautifier in test suite; closes gh-3750
|
||||
|
||||
---
|
||||
fail2ban/client/beautifier.py | 51 ++++++++++++++--------
|
||||
fail2ban/tests/clientbeautifiertestcase.py | 22 ++++++----
|
||||
2 files changed, 45 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/fail2ban/client/beautifier.py b/fail2ban/client/beautifier.py
|
||||
index 7ef173a655..21c49b9483 100644
|
||||
--- a/fail2ban/client/beautifier.py
|
||||
+++ b/fail2ban/client/beautifier.py
|
||||
@@ -21,8 +21,10 @@
|
||||
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko"
|
||||
__license__ = "GPL"
|
||||
|
||||
+import sys
|
||||
+
|
||||
from ..exceptions import UnknownJailException, DuplicateJailException
|
||||
-from ..helpers import getLogger, logging
|
||||
+from ..helpers import getLogger, logging, PREFER_ENC
|
||||
|
||||
# Gets the instance of the logger.
|
||||
logSys = getLogger(__name__)
|
||||
@@ -36,6 +38,11 @@
|
||||
|
||||
class Beautifier:
|
||||
|
||||
+ stdoutEnc = PREFER_ENC
|
||||
+ if sys.stdout and sys.stdout.encoding is not None:
|
||||
+ stdoutEnc = sys.stdout.encoding
|
||||
+ encUtf = 1 if stdoutEnc.lower() == 'utf-8' else 0
|
||||
+
|
||||
def __init__(self, cmd = None):
|
||||
self.__inputCmd = cmd
|
||||
|
||||
@@ -104,7 +111,11 @@ def jail_stat(response, pref=""):
|
||||
jail_stat(j, " " if i == len(jstat) else " | ")
|
||||
msg = "\n".join(msg)
|
||||
elif inC[0:1] == ['stats'] or inC[0:1] == ['statistics']:
|
||||
- def _statstable(response):
|
||||
+ chrTable = [
|
||||
+ ['|', '-', '|', 'x', 'x', '-', '|', '-'], ## ascii
|
||||
+ ["\u2551", "\u2550", "\u255F", "\u256B", "\u256C", "\u2569", "\u2502", "\u2500"] ## utf-8
|
||||
+ ];
|
||||
+ def _statstable(response, ct):
|
||||
tophead = ["Jail", "Backend", "Filter", "Actions"]
|
||||
headers = ["", "", "cur", "tot", "cur", "tot"]
|
||||
minlens = [8, 8, 3, 3, 3, 3]
|
||||
@@ -120,29 +131,31 @@ def _statstable(response):
|
||||
f = "%%%ds" if ralign[i] else "%%-%ds"
|
||||
rfmt.append(f % lens[i])
|
||||
hfmt.append(f % lens[i])
|
||||
- rfmt = [rfmt[0], rfmt[1], "%s \u2502 %s" % (rfmt[2], rfmt[3]), "%s \u2502 %s" % (rfmt[4], rfmt[5])]
|
||||
- hfmt = [hfmt[0], hfmt[1], "%s \u2502 %s" % (hfmt[2], hfmt[3]), "%s \u2502 %s" % (hfmt[4], hfmt[5])]
|
||||
+ rfmt = [rfmt[0], rfmt[1], "%s %s %s" % (rfmt[2], ct[6], rfmt[3]), "%s %s %s" % (rfmt[4], ct[6], rfmt[5])]
|
||||
+ hfmt = [hfmt[0], hfmt[1], "%s %s %s" % (hfmt[2], ct[6], hfmt[3]), "%s %s %s" % (hfmt[4], ct[6], hfmt[5])]
|
||||
tlens = [lens[0], lens[1], 3 + lens[2] + lens[3], 3 + lens[4] + lens[5]]
|
||||
tfmt = [hfmt[0], hfmt[1], "%%-%ds" % (tlens[2],), "%%-%ds" % (tlens[3],)]
|
||||
tsep = tfmt[0:2]
|
||||
- rfmt = " \u2551 ".join(rfmt)
|
||||
- hfmt = " \u2551 ".join(hfmt)
|
||||
- tfmt = " \u2551 ".join(tfmt)
|
||||
- tsep = " \u2551 ".join(tsep)
|
||||
- separator = ((tsep % tuple(tophead[0:2])) + " \u255F\u2500" +
|
||||
- ("\u2500\u256B\u2500".join(['\u2500' * n for n in tlens[2:]])) + '\u2500')
|
||||
+ rfmt = (" "+ct[0]+" ").join(rfmt)
|
||||
+ hfmt = (" "+ct[0]+" ").join(hfmt)
|
||||
+ tfmt = (" "+ct[0]+" ").join(tfmt)
|
||||
+ tsep = (" "+ct[0]+" ").join(tsep)
|
||||
+ separator = ((tsep % tuple(tophead[0:2])) + " "+ct[2]+ct[7] +
|
||||
+ ((ct[7]+ct[3]+ct[7]).join([ct[7] * n for n in tlens[2:]])) + ct[7])
|
||||
ret = []
|
||||
- ret.append(tfmt % tuple(["", ""]+tophead[2:]))
|
||||
- ret.append(separator)
|
||||
- ret.append(hfmt % tuple(headers))
|
||||
- separator = "\u2550\u256C\u2550".join(['\u2550' * n for n in tlens]) + '\u2550'
|
||||
- ret.append(separator)
|
||||
+ ret.append(" "+tfmt % tuple(["", ""]+tophead[2:]))
|
||||
+ ret.append(" "+separator)
|
||||
+ ret.append(" "+hfmt % tuple(headers))
|
||||
+ separator = (ct[1]+ct[4]+ct[1]).join([ct[1] * n for n in tlens]) + ct[1]
|
||||
+ ret.append(ct[1]+separator)
|
||||
for row in rows:
|
||||
- ret.append(rfmt % tuple(row))
|
||||
- separator = "\u2550\u2569\u2550".join(['\u2550' * n for n in tlens]) + '\u2550'
|
||||
- ret.append(separator)
|
||||
+ ret.append(" "+rfmt % tuple(row))
|
||||
+ separator = (ct[1]+ct[5]+ct[1]).join([ct[1] * n for n in tlens]) + ct[1]
|
||||
+ ret.append(ct[1]+separator)
|
||||
return ret
|
||||
- msg = "\n".join(_statstable(response))
|
||||
+ if not response:
|
||||
+ return "No jails found."
|
||||
+ msg = "\n".join(_statstable(response, chrTable[self.encUtf]))
|
||||
elif len(inC) < 2:
|
||||
pass # to few cmd args for below
|
||||
elif inC[1] == "syslogsocket":
|
||||
diff --git a/fail2ban/tests/clientbeautifiertestcase.py b/fail2ban/tests/clientbeautifiertestcase.py
|
||||
index defedbe1bf..5fcb240479 100644
|
||||
--- a/fail2ban/tests/clientbeautifiertestcase.py
|
||||
+++ b/fail2ban/tests/clientbeautifiertestcase.py
|
||||
@@ -34,6 +34,7 @@ def setUp(self):
|
||||
""" Call before every test case """
|
||||
super(BeautifierTest, self).setUp()
|
||||
self.b = Beautifier()
|
||||
+ self.b.encUtf = 0; ## we prefer ascii in test suite (see #3750)
|
||||
|
||||
def tearDown(self):
|
||||
""" Call after every test case """
|
||||
@@ -170,22 +171,25 @@ def testStatus(self):
|
||||
|
||||
def testStatusStats(self):
|
||||
self.b.setInputCmd(["stats"])
|
||||
+ ## no jails:
|
||||
+ self.assertEqual(self.b.beautify({}), "No jails found.")
|
||||
+ ## 3 jails:
|
||||
response = {
|
||||
"ssh": ["systemd", (3, 6), (12, 24)],
|
||||
"exim4": ["pyinotify", (6, 12), (20, 20)],
|
||||
"jail-with-long-name": ["polling", (0, 0), (0, 0)]
|
||||
}
|
||||
output = (""
|
||||
- + " ? ? Filter ? Actions \n"
|
||||
- + "Jail ? Backend ????????????????????????\n"
|
||||
- + " ? ? cur ? tot ? cur ? tot\n"
|
||||
- + "????????????????????????????????????????????????????????\n"
|
||||
- + "ssh ? systemd ? 3 ? 6 ? 12 ? 24\n"
|
||||
- + "exim4 ? pyinotify ? 6 ? 12 ? 20 ? 20\n"
|
||||
- + "jail-with-long-name ? polling ? 0 ? 0 ? 0 ? 0\n"
|
||||
- + "????????????????????????????????????????????????????????"
|
||||
+ + " | | Filter | Actions \n"
|
||||
+ + " Jail | Backend |-----------x-----------\n"
|
||||
+ + " | | cur | tot | cur | tot\n"
|
||||
+ + "---------------------x-----------x-----------x-----------\n"
|
||||
+ + " ssh | systemd | 3 | 6 | 12 | 24\n"
|
||||
+ + " exim4 | pyinotify | 6 | 12 | 20 | 20\n"
|
||||
+ + " jail-with-long-name | polling | 0 | 0 | 0 | 0\n"
|
||||
+ + "---------------------------------------------------------"
|
||||
)
|
||||
- response = self.b.beautify(response).encode('ascii', 'replace').decode('ascii')
|
||||
+ response = self.b.beautify(response)
|
||||
self.assertEqual(response, output)
|
||||
|
||||
|
||||
1
dead.package
Normal file
1
dead.package
Normal file
|
|
@ -0,0 +1 @@
|
|||
epel8-playground decommissioned : https://pagure.io/epel/issue/136
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAmYqzEoACgkQaDvxvr0K
|
||||
iCwMfQf9GcxsuVs/LiHeDYmmvFOxCmS2zO4K5pzDuX1JmtSzKCj9HbPSxUWbIZIc
|
||||
yJv+x8t6QNBPBMnxI70TP+RcxKpCO4Fc2WRcrYS5B6gDTKy9Ty0fHorHlA4QQthu
|
||||
ywoqxf1eddQKcwlk+lw/wI1QPwZ1xA93BkasJht/bTnhAvXJBeN1Tgf+jZ23bHHf
|
||||
9FIGV8zt8fvaAIG8lB22AD/+PhSYEkp1TRuRx9VEuBbkH00u1i054I0cHTrsu3Fr
|
||||
jTIljf5TgpmFyXHBCA6JT6nnGn0jsaNDT/lBNxUmw5BmMxGWUTv4SlKbcjKjgXRH
|
||||
MTZipOHHYPx/7IyKJJvB1p1gvmOxyg==
|
||||
=qvry
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
Index: fail2ban-1.0.2/config/action.d/firewallcmd-rich-rules.conf
|
||||
===================================================================
|
||||
--- fail2ban-1.0.2.orig/config/action.d/firewallcmd-rich-rules.conf
|
||||
+++ fail2ban-1.0.2/config/action.d/firewallcmd-rich-rules.conf
|
||||
@@ -37,8 +37,8 @@ actioncheck =
|
||||
|
||||
fwcmd_rich_rule = rule family='<family>' source address='<ip>' port port='$p' protocol='<protocol>' %(rich-suffix)s
|
||||
|
||||
-actionban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="%(fwcmd_rich_rule)s"; done
|
||||
+actionban = ports="<port>"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="%(fwcmd_rich_rule)s"; done
|
||||
|
||||
-actionunban = ports="<port>"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="%(fwcmd_rich_rule)s"; done
|
||||
+actionunban = ports="<port>"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="%(fwcmd_rich_rule)s"; done
|
||||
|
||||
-rich-suffix = <rich-blocktype>
|
||||
\ No newline at end of file
|
||||
+rich-suffix = <rich-blocktype>
|
||||
Index: fail2ban-1.0.2/fail2ban/tests/servertestcase.py
|
||||
===================================================================
|
||||
--- fail2ban-1.0.2.orig/fail2ban/tests/servertestcase.py
|
||||
+++ fail2ban-1.0.2/fail2ban/tests/servertestcase.py
|
||||
@@ -2051,32 +2051,32 @@ class ServerConfigReaderTests(LogCapture
|
||||
('j-fwcmd-rr', 'firewallcmd-rich-rules[port="22:24", protocol="tcp"]', {
|
||||
'ip4': ("family='ipv4'", "icmp-port-unreachable",), 'ip6': ("family='ipv6'", 'icmp6-port-unreachable',),
|
||||
'ip4-ban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip4-unban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip6-ban': (
|
||||
- """ `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
|
||||
+ """ `ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip6-unban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
|
||||
),
|
||||
}),
|
||||
# firewallcmd-rich-logging --
|
||||
('j-fwcmd-rl', 'firewallcmd-rich-logging[port="22:24", protocol="tcp"]', {
|
||||
'ip4': ("family='ipv4'", "icmp-port-unreachable",), 'ip6': ("family='ipv6'", 'icmp6-port-unreachable',),
|
||||
'ip4-ban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip4-unban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip6-ban': (
|
||||
- """ `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
|
||||
+ """ `ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
|
||||
),
|
||||
'ip6-unban': (
|
||||
- """`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
|
||||
+ """`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
|
||||
),
|
||||
}),
|
||||
)
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
diff -up fail2ban-0.10.5/files/fail2ban.service.in.partof fail2ban-0.10.5/files/fail2ban.service.in
|
||||
--- fail2ban-0.10.5/files/fail2ban.service.in.partof 2020-01-10 05:34:46.000000000 -0700
|
||||
+++ fail2ban-0.10.5/files/fail2ban.service.in 2020-01-11 16:13:53.372316861 -0700
|
||||
@@ -2,7 +2,7 @@
|
||||
Description=Fail2Ban Service
|
||||
Documentation=man:fail2ban(1)
|
||||
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
|
||||
-PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
|
||||
+PartOf=firewalld.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
10
fail2ban.fc
10
fail2ban.fc
|
|
@ -1,10 +0,0 @@
|
|||
#/etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
|
||||
|
||||
/usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
|
||||
/usr/bin/fail2ban-client -- gen_context(system_u:object_r:fail2ban_client_exec_t,s0)
|
||||
/usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
|
||||
|
||||
/var/lib/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
|
||||
/var/log/fail2ban\.log.* -- gen_context(system_u:object_r:fail2ban_log_t,s0)
|
||||
|
||||
/run/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_run_t,s0)
|
||||
313
fail2ban.if
313
fail2ban.if
|
|
@ -1,313 +0,0 @@
|
|||
## <summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute a domain transition to run fail2ban.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_domtrans',`
|
||||
gen_require(`
|
||||
type fail2ban_t, fail2ban_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute the fail2ban client in
|
||||
## the fail2ban client domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_domtrans_client',`
|
||||
gen_require(`
|
||||
type fail2ban_client_t, fail2ban_client_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, fail2ban_client_exec_t, fail2ban_client_t)
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Execute fail2ban client in the
|
||||
## fail2ban client domain, and allow
|
||||
## the specified role the fail2ban
|
||||
## client domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_run_client',`
|
||||
gen_require(`
|
||||
attribute_role fail2ban_client_roles;
|
||||
')
|
||||
|
||||
fail2ban_domtrans_client($1)
|
||||
roleattribute $2 fail2ban_client_roles;
|
||||
')
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Connect to fail2ban over a unix domain
|
||||
## stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_stream_connect',`
|
||||
gen_require(`
|
||||
type fail2ban_t, fail2ban_var_run_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write inherited temporary files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_rw_inherited_tmp_files',`
|
||||
gen_require(`
|
||||
type fail2ban_tmp_t;
|
||||
')
|
||||
|
||||
files_search_tmp($1)
|
||||
allow $1 fail2ban_tmp_t:file rw_inherited_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write to an fail2ba unix stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_rw_stream_sockets',`
|
||||
gen_require(`
|
||||
type fail2ban_t;
|
||||
')
|
||||
|
||||
allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Do not audit attempts to use
|
||||
## fail2ban file descriptors.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_dontaudit_use_fds',`
|
||||
gen_require(`
|
||||
type fail2ban_t;
|
||||
')
|
||||
|
||||
dontaudit $1 fail2ban_t:fd use;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Do not audit attempts to read and
|
||||
## write fail2ban unix stream sockets
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_dontaudit_rw_stream_sockets',`
|
||||
gen_require(`
|
||||
type fail2ban_t;
|
||||
')
|
||||
|
||||
dontaudit $1 fail2ban_t:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read fail2ban lib files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_read_lib_files',`
|
||||
gen_require(`
|
||||
type fail2ban_var_lib_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
read_files_pattern($1, fail2ban_var_lib_t, fail2ban_var_lib_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow the specified domain to read fail2ban's log files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`fail2ban_read_log',`
|
||||
gen_require(`
|
||||
type fail2ban_log_t;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
allow $1 fail2ban_log_t:dir list_dir_perms;
|
||||
allow $1 fail2ban_log_t:file read_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow the specified domain to append
|
||||
## fail2ban log files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_append_log',`
|
||||
gen_require(`
|
||||
type fail2ban_log_t;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
allow $1 fail2ban_log_t:dir list_dir_perms;
|
||||
allow $1 fail2ban_log_t:file append_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read fail2ban PID files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_read_pid_files',`
|
||||
gen_require(`
|
||||
type fail2ban_var_run_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
allow $1 fail2ban_var_run_t:file read_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## dontaudit read and write leaked file descriptors
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain to not audit.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_dontaudit_leaks',`
|
||||
gen_require(`
|
||||
type fail2ban_t;
|
||||
')
|
||||
|
||||
dontaudit $1 fail2ban_t:tcp_socket { read write };
|
||||
dontaudit $1 fail2ban_t:unix_dgram_socket { read write };
|
||||
dontaudit $1 fail2ban_t:unix_stream_socket { read write };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## a fail2ban environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## The role to be allowed to manage the fail2ban domain.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`fail2ban_admin',`
|
||||
gen_require(`
|
||||
type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
|
||||
type fail2ban_var_run_t, fail2ban_var_lib_t, fail2ban_tmp_t;
|
||||
type fail2ban_client_t;
|
||||
')
|
||||
|
||||
allow $1 { fail2ban_t fail2ban_client_t }:process signal_perms;
|
||||
ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
|
||||
|
||||
tunable_policy(`deny_ptrace',`',`
|
||||
allow $1 { fail2ban_t fail2ban_client_t }:process ptrace;
|
||||
')
|
||||
|
||||
init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
|
||||
domain_system_change_exemption($1)
|
||||
role_transition $2 fail2ban_initrc_exec_t system_r;
|
||||
allow $2 system_r;
|
||||
|
||||
logging_list_logs($1)
|
||||
admin_pattern($1, fail2ban_log_t)
|
||||
|
||||
files_list_pids($1)
|
||||
admin_pattern($1, fail2ban_var_run_t)
|
||||
|
||||
files_list_var_lib($1)
|
||||
admin_pattern($1, fail2ban_var_lib_t)
|
||||
|
||||
files_list_tmp($1)
|
||||
admin_pattern($1, fail2ban_tmp_t)
|
||||
|
||||
fail2ban_run_client($1, $2)
|
||||
')
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
from Config import *
|
||||
addFilter("incoherent-logrotate-file /etc/logrotate.d/fail2ban");
|
||||
addFilter("macro-in-comment %{(name|version|release)}");
|
||||
addFilter("spelling-error .* (tcp|sendmail|shorewall|sshd)");
|
||||
# Tests
|
||||
addFilter("hidden-file-or-dir .*fail2ban/tests/files/config/apache.*/\.htpasswd");
|
||||
addFilter("htaccess-file-error .*fail2ban/tests/files/config/apache.*/\.htaccess");
|
||||
addFilter("zero-length .*fail2ban/tests/files/files/");
|
||||
929
fail2ban.spec
929
fail2ban.spec
|
|
@ -1,929 +0,0 @@
|
|||
%if 0%{?rhel} >= 9
|
||||
%bcond_with shorewall
|
||||
%else
|
||||
%bcond_without shorewall
|
||||
%endif
|
||||
|
||||
# RHEL < 10 and Fedora < 40 use file context entries in /var/run
|
||||
%if %{defined rhel} && 0%{?rhel} < 10
|
||||
%define legacy_var_run 1
|
||||
%endif
|
||||
|
||||
Name: fail2ban
|
||||
Version: 1.1.0
|
||||
Release: 15%{?dist}
|
||||
Summary: Daemon to ban hosts that cause multiple authentication errors
|
||||
|
||||
License: GPL-2.0-or-later
|
||||
URL: https://www.fail2ban.org
|
||||
Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||
Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
|
||||
# Releases are signed by Serg G. Brester (sebres) <info AT sebres.de>. The
|
||||
# fingerprint can be found in a signature file:
|
||||
# gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr'
|
||||
#
|
||||
# The following commands can be used to fetch the signing key via fingerprint
|
||||
# and extract it:
|
||||
# fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
|
||||
# gpg --receive-keys $fpr
|
||||
# gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
|
||||
Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
|
||||
# SELinux policy
|
||||
Source3: fail2ban.fc
|
||||
Source4: fail2ban.if
|
||||
Source5: fail2ban.te
|
||||
Source6: Makefile
|
||||
|
||||
# Give up being PartOf iptables and ipset for now
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1379141
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1573185
|
||||
Patch0: fail2ban-partof.patch
|
||||
# default port in jail.conf is not compatible with firewalld-cmd syntax
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
|
||||
Patch1: fail2ban-nftables.patch
|
||||
# Work around encoding issues during tests
|
||||
Patch2: https://github.com/fail2ban/fail2ban/commit/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2315252
|
||||
Patch3: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3782.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2295265
|
||||
Patch4: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3728.patch
|
||||
# Upstream fix to also catch sshd-session logs
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2332945
|
||||
Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
|
||||
# Needed for Dovecot change to loging format in 2.4, fixed in f2b version 1.1.1.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2426440
|
||||
Patch6: https://github.com/fail2ban/fail2ban/commit/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch
|
||||
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
# For testcases
|
||||
BuildRequires: python3-inotify
|
||||
# using a python3_version-based conditional does not work here, so
|
||||
# this is a proxy for "Python version greater than 3.12". asyncore
|
||||
# and asynchat were dropped from cpython core in 3.12, these modules
|
||||
# make them available again. See:
|
||||
# https://github.com/fail2ban/fail2ban/issues/3487
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 10
|
||||
BuildRequires: python3-pyasyncore
|
||||
BuildRequires: python3-pyasynchat
|
||||
%endif
|
||||
BuildRequires: sqlite
|
||||
BuildRequires: systemd
|
||||
BuildRequires: selinux-policy-devel
|
||||
BuildRequires: make
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 11
|
||||
BuildRequires: bash-completion-devel
|
||||
%else
|
||||
BuildRequires: bash-completion
|
||||
%endif
|
||||
BuildRequires: gnupg2
|
||||
|
||||
# Default components
|
||||
Requires: %{name}-firewalld = %{version}-%{release}
|
||||
Requires: %{name}-sendmail = %{version}-%{release}
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
|
||||
|
||||
%description
|
||||
Fail2Ban scans log files and bans IP addresses that makes too many password
|
||||
failures. It updates firewall rules to reject the IP address. These rules can
|
||||
be defined by the user. Fail2Ban can read multiple log files such as sshd or
|
||||
Apache web server ones.
|
||||
|
||||
Fail2Ban is able to reduce the rate of incorrect authentications attempts
|
||||
however it cannot eliminate the risk that weak authentication presents.
|
||||
Configure services to use only two factor or public/private authentication
|
||||
mechanisms if you really want to protect services.
|
||||
|
||||
This is a meta-package that will install the default configuration. Other
|
||||
sub-packages are available to install support for other actions and
|
||||
configurations.
|
||||
|
||||
|
||||
%package selinux
|
||||
Summary: SELinux policies for Fail2Ban
|
||||
%{?selinux_requires}
|
||||
%global modulename fail2ban
|
||||
%global selinuxtype targeted
|
||||
|
||||
%description selinux
|
||||
SELinux policies for Fail2Ban.
|
||||
|
||||
|
||||
%package server
|
||||
Summary: Core server component for Fail2Ban
|
||||
Requires: python3-systemd
|
||||
Requires: nftables
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
|
||||
# see note above in BuildRequires section
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 10
|
||||
Requires: python3-pyasyncore
|
||||
Requires: python3-pyasynchat
|
||||
%endif
|
||||
|
||||
%description server
|
||||
This package contains the core server components for Fail2Ban with minimal
|
||||
dependencies. You can install this directly if you want to have a small
|
||||
installation and know what you are doing.
|
||||
|
||||
|
||||
%package all
|
||||
Summary: Install all Fail2Ban packages and dependencies
|
||||
Requires: %{name}-firewalld = %{version}-%{release}
|
||||
Requires: %{name}-hostsdeny = %{version}-%{release}
|
||||
Requires: %{name}-mail = %{version}-%{release}
|
||||
Requires: %{name}-sendmail = %{version}-%{release}
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
%if %{with shorewall}
|
||||
Requires: %{name}-shorewall = %{version}-%{release}
|
||||
%endif
|
||||
Requires: perl-interpreter
|
||||
Requires: python3-inotify
|
||||
Requires: /usr/bin/whois
|
||||
|
||||
%description all
|
||||
This package installs all of the Fail2Ban packages and dependencies.
|
||||
|
||||
|
||||
%package firewalld
|
||||
Summary: Firewalld support for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: firewalld
|
||||
|
||||
%description firewalld
|
||||
This package enables support for manipulating firewalld rules. This is the
|
||||
default firewall service in Fedora.
|
||||
|
||||
|
||||
%package hostsdeny
|
||||
Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: ed
|
||||
Requires: tcp_wrappers
|
||||
|
||||
%description hostsdeny
|
||||
This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
|
||||
files.
|
||||
|
||||
|
||||
%package tests
|
||||
Summary: Fail2Ban testcases
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
|
||||
%description tests
|
||||
This package contains Fail2Ban's testscases and scripts.
|
||||
|
||||
|
||||
%package mail
|
||||
Summary: Mail actions for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: /usr/bin/mail
|
||||
|
||||
%description mail
|
||||
This package installs Fail2Ban's mail actions. These are an alternative
|
||||
to the default sendmail actions.
|
||||
|
||||
|
||||
%package sendmail
|
||||
Summary: Sendmail actions for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: /usr/sbin/sendmail
|
||||
|
||||
%description sendmail
|
||||
This package installs Fail2Ban's sendmail actions. This is the default
|
||||
mail actions for Fail2Ban.
|
||||
|
||||
|
||||
%if %{with shorewall}
|
||||
%package shorewall
|
||||
Summary: Shorewall support for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: shorewall
|
||||
Conflicts: %{name}-shorewall-lite
|
||||
|
||||
%description shorewall
|
||||
This package enables support for manipulating shorewall rules.
|
||||
|
||||
|
||||
%package shorewall-lite
|
||||
Summary: Shorewall lite support for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
Requires: shorewall-lite
|
||||
Conflicts: %{name}-shorewall
|
||||
|
||||
%description shorewall-lite
|
||||
This package enables support for manipulating shorewall rules.
|
||||
%endif
|
||||
|
||||
|
||||
%package systemd
|
||||
Summary: Systemd journal configuration for Fail2Ban
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
|
||||
%description systemd
|
||||
This package configures Fail2Ban to use the systemd journal for its log input
|
||||
by default.
|
||||
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -p1
|
||||
|
||||
# Use Fedora paths
|
||||
sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
|
||||
|
||||
# SELinux sources
|
||||
cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
|
||||
|
||||
%if %{defined legacy_var_run}
|
||||
sed -i 's|^/run/|/var/run/|' %{name}.fc
|
||||
%endif
|
||||
|
||||
# 2to3 has been removed from setuptools and we already use the binary in
|
||||
# %%prep.
|
||||
sed -i "/use_2to3/d" setup.py
|
||||
|
||||
|
||||
%generate_buildrequires
|
||||
%pyproject_buildrequires
|
||||
|
||||
|
||||
%build
|
||||
%pyproject_wheel
|
||||
make -f %SOURCE6
|
||||
|
||||
|
||||
%install
|
||||
%pyproject_install
|
||||
ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
|
||||
mv %{buildroot}%{python3_sitelib}/etc %{buildroot}
|
||||
mv %{buildroot}%{python3_sitelib}/%{_datadir} %{buildroot}%{_datadir}
|
||||
rmdir %{buildroot}%{python3_sitelib}%{_prefix}
|
||||
|
||||
mkdir -p %{buildroot}%{_unitdir}
|
||||
# Note that the tests rewrite build/fail2ban.service, but it uses build/ paths before the rewrite
|
||||
# so we will do our own modification
|
||||
sed -e 's,@BINDIR@,%{_bindir},' files/fail2ban.service.in > %{buildroot}%{_unitdir}/fail2ban.service
|
||||
mkdir -p %{buildroot}%{_mandir}/man{1,5}
|
||||
install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
|
||||
install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||
install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
|
||||
install -d -m 0755 %{buildroot}/run/fail2ban/
|
||||
install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
|
||||
install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
|
||||
mkdir -p %{buildroot}%{_tmpfilesdir}
|
||||
install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/jail.d
|
||||
|
||||
# Remove non-Linux actions
|
||||
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
|
||||
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
|
||||
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
|
||||
|
||||
# Remove config files for other distros
|
||||
rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
|
||||
|
||||
# firewalld configuration
|
||||
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <<EOF
|
||||
# This file is part of the fail2ban-firewalld package to configure the use of
|
||||
# the firewalld actions as the default actions. You can remove this package
|
||||
# (along with the empty fail2ban meta-package) if you do not use firewalld
|
||||
[DEFAULT]
|
||||
banaction = firewallcmd-rich-rules
|
||||
banaction_allports = firewallcmd-rich-rules
|
||||
EOF
|
||||
|
||||
# systemd journal configuration
|
||||
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
|
||||
# This file is part of the fail2ban-systemd package to configure the use of
|
||||
# the systemd journal as the default backend. You can remove this package
|
||||
# (along with the empty fail2ban meta-package) if you do not want to use the
|
||||
# journal backend
|
||||
[DEFAULT]
|
||||
backend=systemd
|
||||
EOF
|
||||
|
||||
# Remove installed doc, use doc macro instead
|
||||
rm -r %{buildroot}%{_docdir}/%{name}
|
||||
|
||||
# SELinux
|
||||
# install policy modules
|
||||
install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
|
||||
install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
|
||||
|
||||
#BASH completion
|
||||
COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion)
|
||||
%__mkdir_p $COMPLETIONDIR
|
||||
%__install -p -m 644 files/bash-completion $COMPLETIONDIR/fail2ban
|
||||
|
||||
|
||||
%check
|
||||
%python3 bin/fail2ban-testcases --verbosity=2 --no-network
|
||||
|
||||
|
||||
%pre selinux
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
|
||||
%post selinux
|
||||
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
|
||||
|
||||
%postun selinux
|
||||
if [ $1 -eq 0 ]; then
|
||||
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
|
||||
fi
|
||||
|
||||
%posttrans selinux
|
||||
%selinux_relabel_post -s %{selinuxtype}
|
||||
|
||||
%post server
|
||||
%systemd_post fail2ban.service
|
||||
|
||||
%preun server
|
||||
%systemd_preun fail2ban.service
|
||||
|
||||
%postun server
|
||||
%systemd_postun_with_restart fail2ban.service
|
||||
|
||||
|
||||
%files
|
||||
|
||||
%files selinux
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
|
||||
%license COPYING
|
||||
|
||||
%files server
|
||||
%doc README.md TODO ChangeLog COPYING doc/*.txt
|
||||
%{_bindir}/fail2ban-client
|
||||
%{_bindir}/fail2ban-python
|
||||
%{_bindir}/fail2ban-regex
|
||||
%{_bindir}/fail2ban-server
|
||||
%{python3_sitelib}/*
|
||||
%exclude %{python3_sitelib}/fail2ban/tests
|
||||
%{_unitdir}/fail2ban.service
|
||||
%{_datadir}/bash-completion/
|
||||
%{_mandir}/man1/fail2ban.1*
|
||||
%{_mandir}/man1/fail2ban-client.1*
|
||||
%{_mandir}/man1/fail2ban-python.1*
|
||||
%{_mandir}/man1/fail2ban-regex.1*
|
||||
%{_mandir}/man1/fail2ban-server.1*
|
||||
%{_mandir}/man5/*.5*
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
||||
%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
|
||||
%{_tmpfilesdir}/fail2ban.conf
|
||||
%dir %{_localstatedir}/lib/fail2ban/
|
||||
%dir /run/%{name}/
|
||||
%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
|
||||
|
||||
%files all
|
||||
|
||||
%files firewalld
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
|
||||
|
||||
%files hostsdeny
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
|
||||
|
||||
%files tests
|
||||
%{_bindir}/fail2ban-testcases
|
||||
%{_mandir}/man1/fail2ban-testcases.1*
|
||||
%{python3_sitelib}/fail2ban/tests
|
||||
|
||||
%files mail
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail.conf
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
|
||||
|
||||
%files sendmail
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
|
||||
|
||||
%if %{with shorewall}
|
||||
%files shorewall
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
||||
|
||||
%files shorewall-lite
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
|
||||
%endif
|
||||
|
||||
%files systemd
|
||||
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 31 2025 Richard Shaw <hobbes1069@gmail.com> - 1.1.0-15
|
||||
- Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.
|
||||
|
||||
* Sat Oct 11 2025 Orion Poplawski <orion@nwra.com> - 1.1.0-14
|
||||
- Cleanup old conditionals
|
||||
|
||||
* Fri Oct 10 2025 Orion Poplawski <orion@nwra.com> - 1.1.0-13
|
||||
- Fix paths in fail2ban.service (rhbz#2399981)
|
||||
|
||||
* Fri Sep 19 2025 Python Maint <python-maint@redhat.com> - 1.1.0-12
|
||||
- Rebuilt for Python 3.14.0rc3 bytecode
|
||||
|
||||
* Thu Aug 21 2025 Richard Shaw <hobbes1069@gmail.com> - 1.1.0-11
|
||||
- Move from setup.py to wheels per
|
||||
https://fedoraproject.org/wiki/Changes/DeprecateSetuppyMacros.
|
||||
|
||||
* Fri Aug 15 2025 Python Maint <python-maint@redhat.com> - 1.1.0-10
|
||||
- Rebuilt for Python 3.14.0rc2 bytecode
|
||||
|
||||
* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
|
||||
|
||||
* Tue Jun 03 2025 Python Maint <python-maint@redhat.com> - 1.1.0-8
|
||||
- Rebuilt for Python 3.14
|
||||
|
||||
* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
|
||||
|
||||
* Thu Dec 19 2024 Orion Poplawski <orion@nwra.com> - 1.1.0-6
|
||||
- Add upstream fix for sshd filter (rhbz#2332945)
|
||||
|
||||
* Wed Oct 16 2024 Richard Shaw <hobbes1069@gmail.com> - 1.1.0-5
|
||||
- Add upstream patch for python distutils removal.
|
||||
|
||||
* Sat Sep 28 2024 Richard Shaw <hobbes1069@gmail.com> - 1.1.0-4
|
||||
- Add patch to deal with changes to OpenSSL log output.
|
||||
|
||||
* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
|
||||
|
||||
* Fri Jul 12 2024 Nils Philippsen <nils@tiptoe.de> - 1.1.0-2
|
||||
- Use SPDX license identifier
|
||||
- Use https upstream URL
|
||||
|
||||
* Wed Jun 12 2024 Richard Shaw <hobbes1069@gmail.com> - 1.1.0-1
|
||||
- Update to 1.1.0 for Python 3.13 support.
|
||||
|
||||
* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 1.0.2-16
|
||||
- Rebuilt for Python 3.13
|
||||
|
||||
* Sat May 11 2024 Todd Zullinger <tmz@pobox.com> - 1.0.2-15
|
||||
- Handle /var/run->/run transition in older Fedora and EPEL (RHBZ#2279054)
|
||||
|
||||
* Sun May 05 2024 Richard Shaw <hobbes1069@gmail.com> - 1.0.2-14
|
||||
- Increment SELinux module version.
|
||||
- Tweak selinux regex for /run/fail2ban.
|
||||
|
||||
* Thu Apr 25 2024 Richard Shaw <hobbes1069@gmail.com> - 1.0.2-13
|
||||
- Add nftables patch and fix selinux /var/run->/run issue, fixes RHBZ#1850164
|
||||
and RHBZ#2272476.
|
||||
|
||||
* Thu Feb 22 2024 Orion Poplawski <orion@nwra.com> - 1.0.2-12
|
||||
- Allow watch on more logfiles
|
||||
|
||||
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Wed Sep 27 2023 Adam Williamson <awilliam@redhat.com> - 1.0.2-9
|
||||
- Require pyasynchat and pyasyncore with Python 3.12+
|
||||
- Disable smtp tests on F39+ due to removal of smtpd from Python 3.12
|
||||
- Disable db repair test on F39+ as it's broken with sqlite 3.42.0+
|
||||
|
||||
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Mon Jun 26 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-7
|
||||
- exclude shorewall subpackage on epel9 (rhbz#2217649)
|
||||
|
||||
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.0.2-6
|
||||
- Rebuilt for Python 3.12
|
||||
|
||||
* Tue Apr 04 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-5
|
||||
- Drop downstream python3.11 patch, upstream went with a different fix
|
||||
|
||||
* Sun Apr 02 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-4
|
||||
- verify upstream source signature
|
||||
|
||||
* Thu Mar 30 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-3
|
||||
- Add upstream patch to remove warning about allowipv6 (bz#2160781)
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Sat Dec 17 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.2-1
|
||||
- Update to 1.0.2.
|
||||
|
||||
* Wed Nov 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-2
|
||||
- Add patch for dovecot eating 100% CPU.
|
||||
|
||||
* Sun Oct 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-1
|
||||
- Update to 1.0.1.
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-14
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 0.11.2-13
|
||||
- Rebuilt for Python 3.11
|
||||
|
||||
* Wed May 18 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-12
|
||||
- Fix SELinux policy to allow watch on var_log_t (bz#2083923)
|
||||
|
||||
* Fri Jan 28 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-11
|
||||
- Require /usr/bin/mail instead of mailx
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Sun Sep 26 2021 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.11.2-9
|
||||
- Fix CVE-2021-32749 RHBZ#1983223
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 0.11.2-7
|
||||
- Rebuilt for Python 3.10
|
||||
|
||||
* Sun Jun 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-6
|
||||
- Update selinux policy for Fedora 34+
|
||||
|
||||
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.11.2-5
|
||||
- Rebuilt for Python 3.10
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.11.2-4
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Jan 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-2
|
||||
- Add patch to deal with a new century in tests (2021).
|
||||
|
||||
* Tue Nov 24 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-1
|
||||
- Update to 0.11.2.
|
||||
|
||||
* Fri Aug 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-10.2
|
||||
- Create shorewall-lite subpackage package which conflicts with shorewall
|
||||
subpackage. Fixes RHBZ#1872759.
|
||||
|
||||
* Tue Jul 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9.2
|
||||
- Fix python2 requires for EPEL 7.
|
||||
|
||||
* Mon Jul 27 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9
|
||||
- Add conditonals back for EL 7 as it's being brought up to date.
|
||||
- Add patch to deal with nftables not accepting ":" as a port separator.
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.11.1-7
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Thu Apr 16 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-6
|
||||
- Change default firewalld backend from ipset to rich-rules as ipset causes
|
||||
firewalld to use legacy iptables. Fixes RHBZ#1823746.
|
||||
- Remove conditionals for EL versions less than 7.
|
||||
|
||||
* Thu Mar 19 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-5
|
||||
- Update for Python 3.9.
|
||||
|
||||
* Wed Feb 26 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-4
|
||||
- Add SELinux policy
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Tue Jan 21 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-2
|
||||
- Move action.d/mail-whois-common.conf into fail2ban-server
|
||||
|
||||
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-1
|
||||
- Update to 0.11.1
|
||||
|
||||
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.10.5-1
|
||||
- Update to 0.10.5
|
||||
|
||||
* Thu Nov 21 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-8
|
||||
- Define banaction_allports for firewalld, update banaction (bz#1775175)
|
||||
- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
|
||||
|
||||
* Thu Oct 31 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-7
|
||||
- Remove config files for other distros (bz#1533113)
|
||||
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-6
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-5
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Sun Nov 18 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.10.4-2
|
||||
- Drop explicit locale setting
|
||||
See https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot
|
||||
|
||||
* Fri Oct 5 2018 Orion Poplawski <orion@nwra.com> - 0.10.4-1
|
||||
- Update to 0.10.4
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.3.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-2
|
||||
- Remove PartOf ipset.service (bug #1573185)
|
||||
|
||||
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-1
|
||||
- Update to 0.10.3.1
|
||||
|
||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.10.2-2
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Wed Mar 28 2018 Orion Poplawski <orion@nwra.com> - 0.10.2-1
|
||||
- Update to 0.10.2
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-3
|
||||
- Add upstream patch to fix ipset issue (bug #1525134)
|
||||
|
||||
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-2
|
||||
- Add upstream patch to fix buildroot issue
|
||||
|
||||
* Tue Nov 14 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.1-1
|
||||
- Update to 0.10.1
|
||||
|
||||
* Wed Sep 20 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.0-1
|
||||
- Update to 0.10.0
|
||||
|
||||
* Wed Aug 16 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-4
|
||||
- Use BR /usr/bin/2to3
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.7-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.9.7-2
|
||||
- perl dependency renamed to perl-interpreter
|
||||
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
|
||||
|
||||
* Wed Jul 12 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-1
|
||||
- Update to 0.9.7
|
||||
|
||||
* Wed Feb 15 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-4
|
||||
- Properly handle /run/fail2ban (bug #1422500)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Tue Jan 10 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-2
|
||||
- Add upstream patch to fix fail2ban-regex with journal
|
||||
|
||||
* Fri Jan 6 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-1
|
||||
- Update to 0.9.6
|
||||
- Fix sendmail-auth filter (bug #1329919)
|
||||
|
||||
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 0.9.5-5
|
||||
- Rebuild for Python 3.6
|
||||
|
||||
* Fri Oct 7 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-4
|
||||
- %%ghost /run/fail2ban
|
||||
- Fix typo in shorewall description
|
||||
- Move tests to -tests sub-package
|
||||
|
||||
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-3
|
||||
- Add journalmatch entries for sendmail (bug #1329919)
|
||||
|
||||
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-2
|
||||
- Give up being PartOf iptables to allow firewalld restarts to work
|
||||
(bug #1379141)
|
||||
|
||||
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
|
||||
- Add patch to fix failing test
|
||||
|
||||
* Sun Sep 25 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
|
||||
- Update to 0.9.5
|
||||
- Drop mysql patch applied upstream
|
||||
|
||||
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-6
|
||||
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
||||
|
||||
* Tue Apr 5 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-5
|
||||
- Fix python3 usage (bug #1324113)
|
||||
|
||||
* Sun Mar 27 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-4
|
||||
- Use %%{_tmpfilesdir} for systemd tmpfile config
|
||||
|
||||
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-3
|
||||
- No longer need to add After=firewalld.service (bug #1301910)
|
||||
|
||||
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-2
|
||||
- Fix mariadb/mysql log handling
|
||||
|
||||
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-1
|
||||
- Update to 0.9.4
|
||||
- Use mariadb log path by default
|
||||
|
||||
* Tue Feb 23 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-3
|
||||
- Use python3 (bug #1282498)
|
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Sat Sep 12 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-1
|
||||
- Update to 0.9.3
|
||||
- Cleanup spec, use new python macros
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Thu Apr 30 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.2-1
|
||||
- Update to 0.9.2
|
||||
|
||||
* Mon Mar 16 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-4
|
||||
- Do not load user paths for fail2ban-{client,server} (bug #1202151)
|
||||
|
||||
* Sun Feb 22 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-3
|
||||
- Do not use systemd by default
|
||||
|
||||
* Fri Nov 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-2
|
||||
- Fix php-url-fopen logpath (bug #1169026)
|
||||
|
||||
* Tue Oct 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-1
|
||||
- Update to 0.9.1
|
||||
|
||||
* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
|
||||
- Add patch to fix tests
|
||||
|
||||
* Fri Aug 8 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
|
||||
- Fix log paths for some jails (bug #1128152)
|
||||
|
||||
* Mon Jul 21 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-7
|
||||
- Use systemd for EL7
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-5
|
||||
- Require mailx for /usr/bin/mail
|
||||
|
||||
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-4
|
||||
- Need empty %%files to produce main and -all package
|
||||
|
||||
* Wed Mar 19 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-3
|
||||
- Split into sub-packages for different components
|
||||
- Enable journal filter by default (bug #985567)
|
||||
- Enable firewalld action by default (bug #1046816)
|
||||
- Add upstream patch to fix setting loglevel in fail2ban.conf
|
||||
- Add upstream patches to fix tests in mock, run tests
|
||||
|
||||
* Tue Mar 18 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-2
|
||||
- Use Fedora paths
|
||||
- Start after firewalld (bug #1067147)
|
||||
|
||||
* Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
|
||||
- Update to 0.9
|
||||
|
||||
* Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
|
||||
- Update to current 0.9 git branch
|
||||
- Rebase init patch, drop jail.d and notmp patch applied upstream
|
||||
|
||||
* Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151
|
||||
- Ship jail.conf(5) man page
|
||||
- Ship empty /etc/fail2ban/jail.d directory
|
||||
|
||||
* Thu Aug 8 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.1.gitd529151
|
||||
- Update to 0.9 git branch
|
||||
- Rebase patches
|
||||
- Require systemd-python for journal support
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.10-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-1
|
||||
- Update to 0.8.10 security release
|
||||
- Use upstream provided systemd files
|
||||
- Drop upstreamed patches, rebase log2syslog and notmp patches
|
||||
|
||||
* Fri Mar 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-4
|
||||
- Use systemd init for Fedora 19+ (bug #883158)
|
||||
|
||||
* Thu Feb 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-3
|
||||
- Add patch from upstream to fix module imports (Bug #892365)
|
||||
- Add patch from upstream to UTF-8 characters in syslog (Bug #905097)
|
||||
- Drop Requires: tcp_wrappers and shorewall (Bug #781341)
|
||||
|
||||
* Fri Jan 18 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-2
|
||||
- Add patch to prevent sshd blocks of successful logins for systems that use
|
||||
sssd or ldap
|
||||
|
||||
* Mon Dec 17 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-1
|
||||
- Update to 0.8.8 (CVE-2012-5642 Bug #887914)
|
||||
|
||||
* Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
|
||||
- Update to 0.8.7.1
|
||||
- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
|
||||
- Rebase sshd and notmp patches
|
||||
- Use _initddir macro
|
||||
|
||||
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
|
||||
- Move tmp files to /var/lib (suggested by Phil Anderson).
|
||||
- Enable inotify support (by Jonathan Underwood).
|
||||
- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
|
||||
|
||||
* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
|
||||
- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
|
||||
cloexec another fd leak.
|
||||
|
||||
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
|
||||
- update to 0.8.4.
|
||||
|
||||
* Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
|
||||
- Update to a newer svn snapshot to fix python 2.6 issue.
|
||||
|
||||
* Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
|
||||
- Log to syslog (RH bug #491983). Also deals with RH bug #515116.
|
||||
- Check inodes of log files (RH bug #503852).
|
||||
|
||||
* Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
|
||||
- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
|
||||
|
||||
* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
|
||||
- Rebuild for Python 2.6
|
||||
|
||||
* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
|
||||
- Update to 0.8.3.
|
||||
|
||||
* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
|
||||
- fix license tag
|
||||
|
||||
* Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
|
||||
- Close on exec fixes by Jonathan Underwood.
|
||||
|
||||
* Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
|
||||
- Add %%{_localstatedir}/run/fail2ban (David Rees).
|
||||
|
||||
* Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
|
||||
- Update to 0.8.2.
|
||||
|
||||
* Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
|
||||
- Move socket file from /tmp to /var/run to prevent SElinux from stopping
|
||||
fail2ban from starting (BZ #429281)
|
||||
- Change logic in init file to start with -x to remove the socket file in case
|
||||
of unclean shutdown
|
||||
|
||||
* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
|
||||
- Update to 0.8.1.
|
||||
- Remove patch fixing CVE-2007-4321 (upstream).
|
||||
- Remove AllowUsers patch (upstream).
|
||||
- Add dependency to gamin-python.
|
||||
|
||||
* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
|
||||
- Fix remote log injection (no CVE assignment yet).
|
||||
|
||||
* Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
|
||||
- Also trigger on non-AllowUsers failures (Jonathan Underwood
|
||||
<jonathan.underwood@gmail.com>).
|
||||
|
||||
* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
|
||||
- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
|
||||
- send mail to root; logrotate (Jonathan Underwood
|
||||
<jonathan.underwood@gmail.com>)
|
||||
|
||||
* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
|
||||
- Update to 0.8.0.
|
||||
- enable ssh by default, fix log file for ssh scanning, adjust python
|
||||
dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
|
||||
|
||||
* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
|
||||
- Remove forgotten condrestart.
|
||||
|
||||
* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
|
||||
- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
|
||||
- Don't default chkconfig to enabled.
|
||||
- Add dependencies on service/chkconfig.
|
||||
- Use example iptables/ssh config as default config.
|
||||
|
||||
* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
|
||||
- Initial build.
|
||||
197
fail2ban.te
197
fail2ban.te
|
|
@ -1,197 +0,0 @@
|
|||
policy_module(fail2ban, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
attribute_role fail2ban_client_roles;
|
||||
|
||||
type fail2ban_t;
|
||||
type fail2ban_exec_t;
|
||||
init_daemon_domain(fail2ban_t, fail2ban_exec_t)
|
||||
|
||||
type fail2ban_initrc_exec_t;
|
||||
init_script_file(fail2ban_initrc_exec_t)
|
||||
|
||||
type fail2ban_log_t;
|
||||
logging_log_file(fail2ban_log_t)
|
||||
|
||||
type fail2ban_var_lib_t;
|
||||
files_type(fail2ban_var_lib_t)
|
||||
|
||||
type fail2ban_var_run_t;
|
||||
files_pid_file(fail2ban_var_run_t)
|
||||
|
||||
type fail2ban_tmp_t;
|
||||
files_tmp_file(fail2ban_tmp_t)
|
||||
|
||||
type fail2ban_client_t;
|
||||
type fail2ban_client_exec_t;
|
||||
init_system_domain(fail2ban_client_t, fail2ban_client_exec_t)
|
||||
role fail2ban_client_roles types fail2ban_client_t;
|
||||
|
||||
########################################
|
||||
#
|
||||
# Server Local policy
|
||||
#
|
||||
|
||||
allow fail2ban_t self:capability { dac_read_search sys_tty_config };
|
||||
allow fail2ban_t self:process { getpgid setsched signal };
|
||||
allow fail2ban_t self:fifo_file rw_fifo_file_perms;
|
||||
allow fail2ban_t self:unix_stream_socket { accept connectto listen };
|
||||
allow fail2ban_t self:tcp_socket { accept listen };
|
||||
allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
|
||||
|
||||
read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
|
||||
|
||||
append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
|
||||
create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
|
||||
setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
|
||||
logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
|
||||
|
||||
manage_dirs_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
|
||||
manage_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
|
||||
exec_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
|
||||
files_tmp_filetrans(fail2ban_t, fail2ban_tmp_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
|
||||
manage_files_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
|
||||
|
||||
manage_dirs_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
|
||||
manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
|
||||
manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
|
||||
files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
|
||||
|
||||
kernel_read_system_state(fail2ban_t)
|
||||
kernel_read_network_state(fail2ban_t)
|
||||
kernel_read_net_sysctls(fail2ban_t)
|
||||
|
||||
corecmd_exec_bin(fail2ban_t)
|
||||
corecmd_exec_shell(fail2ban_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(fail2ban_t)
|
||||
corenet_tcp_sendrecv_generic_if(fail2ban_t)
|
||||
corenet_tcp_sendrecv_generic_node(fail2ban_t)
|
||||
|
||||
corenet_sendrecv_whois_client_packets(fail2ban_t)
|
||||
corenet_tcp_connect_whois_port(fail2ban_t)
|
||||
corenet_tcp_sendrecv_whois_port(fail2ban_t)
|
||||
|
||||
dev_read_urand(fail2ban_t)
|
||||
dev_read_sysfs(fail2ban_t)
|
||||
|
||||
domain_use_interactive_fds(fail2ban_t)
|
||||
domain_dontaudit_read_all_domains_state(fail2ban_t)
|
||||
|
||||
files_read_etc_runtime_files(fail2ban_t)
|
||||
files_list_var(fail2ban_t)
|
||||
files_dontaudit_list_tmp(fail2ban_t)
|
||||
|
||||
fs_getattr_all_fs(fail2ban_t)
|
||||
|
||||
auth_use_nsswitch(fail2ban_t)
|
||||
|
||||
logging_read_all_logs(fail2ban_t)
|
||||
logging_read_audit_log(fail2ban_t)
|
||||
logging_send_syslog_msg(fail2ban_t)
|
||||
logging_read_syslog_pid(fail2ban_t)
|
||||
logging_dontaudit_search_audit_logs(fail2ban_t)
|
||||
logging_mmap_generic_logs(fail2ban_t)
|
||||
logging_mmap_journal(fail2ban_t)
|
||||
# Not in EL9 yet
|
||||
#logging_watch_audit_log_files(fail2ban_t)
|
||||
logging_watch_all_log_files(fail2ban_t)
|
||||
logging_watch_all_log_dirs(fail2ban_t)
|
||||
logging_watch_audit_log_files(fail2ban_t)
|
||||
logging_watch_audit_log_dirs(fail2ban_t)
|
||||
logging_watch_journal_dir(fail2ban_t)
|
||||
|
||||
mta_send_mail(fail2ban_t)
|
||||
|
||||
sysnet_manage_config(fail2ban_t)
|
||||
|
||||
optional_policy(`
|
||||
apache_read_log(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
dbus_system_bus_client(fail2ban_t)
|
||||
dbus_connect_system_bus(fail2ban_t)
|
||||
|
||||
optional_policy(`
|
||||
firewalld_dbus_chat(fail2ban_t)
|
||||
')
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
ftp_read_log(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
gnome_dontaudit_search_config(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
iptables_domtrans(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
allow fail2ban_t self:capability sys_resource;
|
||||
allow fail2ban_t self:process setrlimit;
|
||||
journalctl_exec(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
libs_exec_ldconfig(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
rpm_exec(fail2ban_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
shorewall_domtrans(fail2ban_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# Client Local policy
|
||||
#
|
||||
|
||||
allow fail2ban_client_t self:capability { dac_read_search };
|
||||
allow fail2ban_client_t self:unix_stream_socket { create connect write read };
|
||||
|
||||
domtrans_pattern(fail2ban_client_t, fail2ban_exec_t, fail2ban_t)
|
||||
|
||||
allow fail2ban_client_t fail2ban_t:process { rlimitinh };
|
||||
|
||||
dontaudit fail2ban_client_t fail2ban_var_run_t:dir_file_class_set audit_access;
|
||||
allow fail2ban_client_t fail2ban_var_run_t:dir write;
|
||||
stream_connect_pattern(fail2ban_client_t, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
|
||||
|
||||
kernel_read_system_state(fail2ban_client_t)
|
||||
|
||||
corecmd_exec_bin(fail2ban_client_t)
|
||||
|
||||
dev_read_urand(fail2ban_client_t)
|
||||
dev_read_rand(fail2ban_client_t)
|
||||
|
||||
domain_use_interactive_fds(fail2ban_client_t)
|
||||
|
||||
files_search_pids(fail2ban_client_t)
|
||||
|
||||
auth_use_nsswitch(fail2ban_client_t)
|
||||
|
||||
libs_exec_ldconfig(fail2ban_client_t)
|
||||
|
||||
logging_getattr_all_logs(fail2ban_client_t)
|
||||
logging_search_all_logs(fail2ban_client_t)
|
||||
logging_read_audit_log(fail2ban_client_t)
|
||||
|
||||
userdom_dontaudit_search_user_home_dirs(fail2ban_client_t)
|
||||
userdom_use_user_terminals(fail2ban_client_t)
|
||||
|
||||
optional_policy(`
|
||||
apache_read_log(fail2ban_client_t)
|
||||
')
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQENBFeHbzIBCACWgr54J4t2fpI7EIrMTqso5kqPRTSY7eO2T0965JW6Zl4C0HZT
|
||||
Wz+9c5aGlKeotf4Fv7zOhpUwULFSGAq3tVbxAxW9++LAXPGad6uE4aPsXoQ6+0RV
|
||||
lJozNclURRal46vz3uuGLiSJ5+VQ1WD1sFLuw2/bMzE4GFR0z4w4UOc3ufAQ3obC
|
||||
i5szSy5JWtCsmvCdNlhXTxa66aUddN8/8IHJSB6QZabGEcG4WfsfhUiH38KUuqrO
|
||||
hYvT9ROY74pwSsHuWEzVRE00eJB4uxngsKHAGMYhkNxdKCG7Blu2IbJRcBE8QAs3
|
||||
BGqJR8FBify86COZYUZ7CuAyLyo1U6BZd7ohABEBAAG0KVNlcmcgRy4gQnJlc3Rl
|
||||
ciAoc2VicmVzKSA8aW5mb0BzZWJyZXMuZGU+iQE4BBMBAgAiBQJXh28yAhsDBgsJ
|
||||
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoO/G+vQqILMThB/0YUr7Y+urJChgm
|
||||
NG9exjjmTayoNb+XiMR5T2+A919NrKulEaH2mb51B7XBmFuCj8x5O1wA3xYo7B6h
|
||||
RVuNyb2eI3+bRD33QsKcs6NsgK/I1xLD15NrEftPckWqYypR6//u9Tmz5o9n9+/n
|
||||
2dH7SU7UPW468/bRUhFp+SQ70B0XLdyDgGLEN9TNsAvnEi30Vtjbia4Lp/NXYRkq
|
||||
GEzvpgZ7Dt9YhT+qdSs6AwyN0ZhnvX+zqXi+Q18xlbnuq2ZZkwK8Es/HdEDu2HNJ
|
||||
3nn3l15pyMe/OxYhg646NcqGR6j1rEZ7jXyN2i5sEdspXfwv0lGtLr7ANElWqOvX
|
||||
XYBAspRvuQENBFeHbzIBCACyCMv4CQ+blzj53ZLPyBMnj38oQ7bbpAtDThfB8hEZ
|
||||
uk6Kmo799Zo2rLG2iqvy8SEuN/bLQKyzFTiB4UYWvRxne792N0nWLU24/bd7j/Gh
|
||||
Q4EHUhs38WRSYtu93XCKzvyzn5s3504luOBF6czNrLeDfWXGVGosBsBoASY7de7a
|
||||
kiXb7a28dNDSG0JaR+QwONjmde9hAzqOX0iOYHvJeu68UKaUp4IrJ+nTMHFhwUbf
|
||||
awCmz+NPPrm360j4BuvYSWhS06tM7c6+gfvXHOTtJ5TEGbrm+I8d2q7nhxg3nku6
|
||||
7qnddkW2OS8EQVlw7XFox929mTLzw0MEmjqmSRTx2Qk3ABEBAAGJAR8EGAECAAkF
|
||||
AleHbzICGwwACgkQaDvxvr0KiCwdxQf7BM7jo6v7uU7324ZkLQmtZndcXnXZMbSw
|
||||
2pDzR2h01Vx7dHppzNOkyv8DvUWttwaMaTU57cdzThTkQPk8Lx8sCvi40RmWS2vs
|
||||
IArgTS1HNStprPUg4sk99JOZg2y4LBqkLUxZveDsH+rXdFA/fp8048/M4ss6qj4O
|
||||
ySe4crABbbv5yRADBJZt4LQdFoNGEpSaOtcxJmwJ7hrV+wQhVMm9m+/JpgzNT4rb
|
||||
muPgveqzmSiTGJ6Yy2bEKyY0dCyPuWbWWPt4mCcT+9emZC1O8EjST0i9f9EUUU6c
|
||||
6UCy7zi5EQ9CVv1Dlz1qefm/5/iFAAFQ5DtYC3cwDq8CqgqzoHMtNg==
|
||||
=vqSW
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
1
sources
1
sources
|
|
@ -1 +0,0 @@
|
|||
SHA512 (fail2ban-1.1.0.tar.gz) = 9bff7b9c41e58a953901800468e5c4153c9db6af01c7eb18111ad8620b40d03a0771020472fb759b2809d250e2bb45471e6c7e8283e72ea48290ecf7bf921821
|
||||
Loading…
Add table
Add a link
Reference in a new issue