Initial minimalistic but working packaging of fail2ban 0.7.1

2006-09-05 06:10:29 +00:00 · 2006-09-05 06:10:29 +00:00 · a4899fabf8
parent a2717f7c25
commit a4899fabf8
7 changed files with 244 additions and 26 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+fail2ban (0.7.1-1) UNRELEASED; urgency=low
+
+  * (NOT RELEASED YET) New upstream release
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Tue,  5 Sep 2006 00:26:08 -0400
+
 fail2ban (0.6.1-11) unstable; urgency=low

  * Adjusted manpage for fail2ban.conf to point to shipped examples of
--- a/debian/control
+++ b/debian/control
@ -5,21 +5,25 @@ Maintainer: Yaroslav Halchenko <debian@onerussian.com>
 Uploaders: Barak Pearlmutter <bap@debian.org>
 Build-Depends: debhelper (>= 4.1.67), dpatch
 Build-Depends-Indep: python, python-dev, help2man, python-central (>= 0.4.17)
-XS-Python-Version: current, >= 2.3
+XS-Python-Version: current, >= 2.4
 Standards-Version: 3.7.2

 Package: fail2ban
 Architecture: all
 Depends: ${python:Depends}, iptables, lsb-base (>=2.0-7)
-XB-Python-Version: ${python:Versions}
+XB-Python-Version: 2.4
 Description: bans IPs that cause multiple authentication errors
- Monitors (in daemon mode) or just scans log files (e.g. /var/log/auth.log,
- /var/log/apache/access.log) and temporarily bans failure-prone
- addresses by updating existing firewall rules.  Currently, by default, 
- supports ssh/apache but configuration can be easily extended for scanning
- the other ASCII log files. Firewall rules are given in the config file,
- thus it can be adopted to be used with a variety of firewalls (e.g. iptables,
- ipfwadm).
+ Monitors log files (e.g. /var/log/auth.log,
+ /var/log/apache/access.log) and temporarily or persistently bans
+ failure-prone addresses by updating existing firewall rules. The
+ software was completely rewritten at version 0.7.0 and now allows
+ easy specification of different actions to be taken such as to ban an
+ IP using iptables or hostsdeny rules, or simply to send a
+ notification email. Currently, by default, supports ssh/apache/vsftpd
+ but configuration can be easily extended for scanning the other ASCII
+ log files. All filters and actions are given in the config files,
+ thus fail2ban can be adopted to be used with a variety of files and
+ firewalls.
 .
 Homepage: http://www.sourceforge.net/projects/fail2ban

--- a/debian/fail2ban.default
+++ b/debian/fail2ban.default
@ -0,0 +1,23 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Author: Cyril Jaquier
+# 
+# $Revision: 1.2 $
+
+# Command line options for Fail2Ban. Refer to "fail2ban-client -h" for
+# valid options.
+FAIL2BAN_OPTS=""
--- a/debian/fail2ban.init
+++ b/debian/fail2ban.init
@ -0,0 +1,143 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          fail2ban
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Should-Start:      $time $network $syslog iptables firehol shorewall ipmasq
+# Should-Stop:       $network $syslog iptables firehol shorewall ipmasq
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop fail2ban
+# Description:       Start/stop fail2ban, a daemon scanning the log files and
+#                    banning potential attackers.
+### END INIT INFO
+
+# Author: Aaron Isotton <aaron@isotton.com>
+# Modified: by Yaroslav Halchenko <debian@onerussian.com>
+#  reindented + minor corrections + to work on sarge without modifications
+#
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="authentication failure monitor"
+NAME=fail2ban
+DAEMON=/usr/bin/$NAME-client
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+DAEMON_ARGS="$FAIL2BAN_OPTS"
+
+# Load the VERBOSE setting and other rcS variables
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Predefine what can be missing from lsb source later on -- necessary to run
+# on sarge. Just present it in a bit more compact way from what was shipped
+log_daemon_msg () {
+	[ -z "$1" ] && return 1
+	echo -n "$1:"
+	[ -z "$2" ] || echo -n " $2"
+}
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
+#  so we must be ok
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#	0 if daemon has been started
+	#	1 if daemon was already running
+	#	2 if daemon could not be started
+	start-stop-daemon --start --quiet --exec $DAEMON --test -- \
+		$DAEMON_ARGS start > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --exec $DAEMON -- \
+		$DAEMON_ARGS start > /dev/null\
+		|| return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#	0 if daemon has been stopped
+	#	1 if daemon was already stopped
+	#	2 if daemon could not be stopped
+	#	other if a failure occurred
+	$DAEMON status > /dev/null || return 1
+	$DAEMON stop > /dev/null || return 2
+	return 0
+}
+
+
+# yoh:
+# shortcut function to don't duplicate case statements and to don't use
+# bashisms (arrays). Fixes #368218
+#
+log_end_msg_wrapper()
+{
+	[ $1 -lt $2 ] && value=0 || value=1
+	log_end_msg $value
+}
+
+case "$1" in
+	start)
+		[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+		do_start
+		[ "$VERBOSE" != no ] && log_end_msg_wrapper $? 2
+		;;
+	stop)
+		[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+		do_stop
+		[ "$VERBOSE" != no ] && log_end_msg_wrapper $? 2
+		;;
+	restart|force-reload)
+		log_daemon_msg "Restarting $DESC" "$NAME"
+		do_stop
+		case "$?" in
+			0|1)
+				do_start
+				log_end_msg_wrapper $? 1
+				;;
+			*)
+				# Failed to stop
+				log_end_msg 1
+				;;
+ 		esac
+		;;
+	status)
+		log_daemon_msg "Status of $DESC"
+		pidofproc $NAME $PIDFILE > /dev/null
+		status=$?
+		case $status in
+			0)  log_success_msg " $NAME is running"
+				exit 0
+				;;
+			1|2) log_failure_msg " $NAME is not running but $PIDFILE exists"
+				exit 1
+				;;
+			3)  log_warning_msg " $NAME is not running"
+				exit 3
+				;;
+			4)  log_failure_msg " $PIDFILE not readable, status of $NAME unknown"
+				exit 4
+				;;
+		esac
+		;;
+	*)
+		echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
+		exit 3
+		;;
+esac
+
+:
--- a/debian/patches/00list
+++ b/debian/patches/00list
@ -1,8 +1 @@
-00_empty_ip
-00_locale_config
-00_verbosity
-00_proftpd_section
-00_vsftpd_regexp
-01_apache2_other
-02_sasl_section
-03_fail2ban_conf_5_manpage
+X00_rigid_python24
--- a/debian/patches/X00_rigid_python24.dpatch
+++ b/debian/patches/X00_rigid_python24.dpatch
@ -0,0 +1,45 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## rigid_python2.4.dpatch by  <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Due to currently default python2.3 we need to hardcode use of python2.4 
+## DP: for now
+
+@DPATCH@
+
+diff -Naur fail2ban-0.7.1/fail2ban-client fail2ban-0.7.1.modified/fail2ban-client
+--- fail2ban-0.7.1/fail2ban-client	2006-08-23 16:56:23.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-client	2006-09-05 00:58:47.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
+#!/usr/bin/env python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -Naur fail2ban-0.7.1/fail2ban-server fail2ban-0.7.1.modified/fail2ban-server
+--- fail2ban-0.7.1/fail2ban-server	2006-08-23 15:51:26.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-server	2006-09-05 00:58:54.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
+#!/usr/bin/env python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -Naur fail2ban-0.7.1/fail2ban-testcases fail2ban-0.7.1.modified/fail2ban-testcases
+--- fail2ban-0.7.1/fail2ban-testcases	2006-08-20 18:53:15.000000000 -0400
+++ fail2ban-0.7.1.modified/fail2ban-testcases	2006-09-05 00:59:18.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
+#!/usr/bin/env python2.4
+ # This file is part of Fail2Ban.
+ #
+ # Fail2Ban is free software; you can redistribute it and/or modify
+diff -Naur fail2ban-0.7.1/setup.py fail2ban-0.7.1.modified/setup.py
+--- fail2ban-0.7.1/setup.py	2006-08-22 18:09:25.000000000 -0400
+++ fail2ban-0.7.1.modified/setup.py	2006-09-05 00:59:06.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
+#!/usr/bin/env python2.4
+ 
+ # This file is part of Fail2Ban.
+ #
--- a/debian/rules
+++ b/debian/rules
@ -26,12 +26,12 @@ configure-stamp:
 build: patch

 copy-inits:
-	cp config/gentoo-confd debian/fail2ban.default
-	cp config/debian-initd debian/fail2ban.init
-	cp config/fail2ban.logrotate debian/
+#	cp config/gentoo-confd debian/fail2ban.default
+#	cp config/debian-initd debian/fail2ban.init
+#	cp config/fail2ban.logrotate debian/

 clean-inits:
-	rm -f debian/fail2ban.{default,init,logrotate}
+#	rm -f debian/fail2ban.{default,init,logrotate}

 clean: clean-inits unpatch
 	dh_testdir
@ -51,8 +51,11 @@ install: build copy-inits

 	# Add here commands to install the package into debian/fail2ban.
 	python setup.py install --root=$(DESTDIR) --no-compile
-	mkdir -p $(DESTDIR)/etc
-	cp config/fail2ban.conf.iptables $(DESTDIR)/etc/fail2ban.conf
+	#X Evil - must be removed after Debian switches over to 2.4, now
+	#  distutils.setup will override the enterpreter line to /usr/bin/python
+	install fail2ban-server fail2ban-client $(DESTDIR)/usr/bin
+#X	mkdir -p $(DESTDIR)/etc
+#X	cp config/fail2ban.conf.iptables $(DESTDIR)/etc/fail2ban.conf

 # To build manpage
 $(MANPAGE): fail2ban fail2ban.h2m
@ -62,19 +65,20 @@ $(MANPAGE): fail2ban fail2ban.h2m
 binary-arch:

 # Build architecture-independent files here.
-binary-indep: install $(MANPAGE)
+#X binary-indep: install $(MANPAGE)
+binary-indep: install
 	dh_testdir
 	dh_testroot
 	dh_installchangelogs CHANGELOG
 	dh_installdocs
-	dh_installexamples config/fail2ban.conf.*
+#X	dh_installexamples config/fail2ban.conf.*
 #	dh_install
 #	dh_installdebconf
 	dh_installlogrotate
 	dh_installinit -- defaults 99
 #	dh_installcron
 #	dh_installinfo
-	dh_installman fail2ban.8 man/fail2ban.conf.5
+#X	dh_installman fail2ban.8 man/fail2ban.conf.5
 	dh_pycentral
 	dh_python
 	dh_link