## START: Set by rpmautospec ## (rpmautospec version 0.7.3) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 5; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec %if 0%{?rhel} >= 8 || 0%{?fedora} %global use_subpackages 1 %endif Name: sshguard Version: 2.4.3 Release: %autorelease # The entire source code is BSD-3-Clause # except src/parser/attack_parser.{h,c} is GPL-3.0-or-later # except src/blocker/hash_32a.c & src/blocker/fnv.h which are Public Domain # the latter two get compiled in, the license is thus superseded # src/parser/* is compiled into its own binary %%{_libexecdir}/%%{name}/sshg_parser License: BSD-3-Clause AND GPL-3.0-or-later AND LicenseRef-Fedora-Public-Domain Summary: Protects hosts from brute-force attacks against SSH and other services Url: http://www.sshguard.net Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source1: %{name}.conf.in Source2: %{name}.whitelist Patch1: 0001-fix-backend-path-in-example.patch # fnv is a very small implementation of the fnv hash algorithm not worth splitting # into its own package. It has not seen updates since 2012, and upstream does not # distribute it as a stand-alone library # Public Domain license Provides: bundled(fnv) = 5.0.2 # simclist is a small library not worth splitting into its own package, and has not # seen updates since 2011 # BSD-3-Clause license Provides: bundled(simclist) = 1.4.4 %if 0%{?use_subpackages} # Require a firewall backend Requires: %{name}-config = %{version}-%{release} # Autoinstall appropriate firewall backends Recommends: (%{name}-firewalld if firewalld) Recommends: (%{name}-iptables if iptables-services) Recommends: (%{name}-nftables if nftables) %endif BuildRequires: make BuildRequires: gcc BuildRequires: flex BuildRequires: byacc Requires: coreutils Requires: grep Requires: systemd # for systemd service installation support %if 0%{?fedora} > 29 BuildRequires: systemd-rpm-macros %else BuildRequires: systemd %endif %description Sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends. Sshguard can read log messages from standard input or monitor one or more log files. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval, but can be semi-permanently banned using the blacklist option. %if 0%{?use_subpackages} %package iptables Requires: iptables-services Requires: %{name}%{?_isa} = %{version}-%{release} Provides: %{name}-config = %{version}-%{release} Conflicts: %{name}-firewalld %{name}-nftables Summary: Configuration for iptables backend of SSHGuard RemovePathPostfixes: .iptables %description iptables Sshguard-iptables provides a configuration file for SSHGuard to use iptables as the firewall backend. %package firewalld Requires: firewalld ipset Requires: %{name}%{?_isa} = %{version}-%{release} Provides: %{name}-config = %{version}-%{release} Conflicts: %{name}-iptables %{name}-nftables Summary: Configuration for firewalld backend of SSHGuard RemovePathPostfixes: .firewalld %description firewalld Sshguard-firewalld provides a configuration file for SSHGuard to use firewalld as the firewall backend. %package nftables Requires: nftables Requires: %{name}%{?_isa} = %{version}-%{release} Provides: %{name}-config = %{version}-%{release} Conflicts: %{name}-firewalld %{name}-iptables Summary: Configuration for nftables backend of SSHGuard RemovePathPostfixes: .nftables %description nftables Sshguard-nftables provides a configuration file for SSHGuard to use nftables as the firewall backend. %endif #-- PREP, BUILD & INSTALL -----------------------------------------------------# %prep %autosetup -p1 sed -i -e "s|%%{_bindir}|%{_bindir}|g" \ -e "s|%%{_sbindir}|%{_sbindir}|g" \ -e "s|%%{_libexecdir}|%{_libexecdir}|g" \ -e "s|%%{_sysconfdir}|%{_sysconfdir}|g" \ -e "s|%%{_initddir}|%{_initddir}|g" \ -e "s|%%{_localstatedir}|%{_localstatedir}|g" \ -e "s|%%{_sharedstatedir}|%{_sharedstatedir}|g" \ -e "s|%%{_rundir}|%{_rundir}|g" \ -e "s|%%{_pkgdocdir}|%{_pkgdocdir}|g" \ -e "s|%%{name}|%{name}|g" \ %{SOURCE1} %{SOURCE2} %build %{configure} --prefix=%{_prefix} --sysconfdir=%{_sysconfdir} --sbindir=%{_sbindir} --libexecdir=%{_libexecdir}/%{name} %{make_build} %install %{make_install} install -p -d -m 0755 %{buildroot}%{_pkgdocdir}/ install -p -d -m 0755 %{buildroot}%{_sysconfdir}/ install -p -d -m 0755 %{buildroot}%{_sharedstatedir}/%{name}/ %if 0%{?use_subpackages} sed -e "s|__BACKEND__|sshg-fw-firewalld|g" %{SOURCE1} > %{buildroot}%{_sysconfdir}/%{name}.conf.firewalld sed -e "s|__BACKEND__|sshg-fw-nft-sets|g" %{SOURCE1} > %{buildroot}%{_sysconfdir}/%{name}.conf.nftables sed -e "s|__BACKEND__|sshg-fw-iptables|g" %{SOURCE1} > %{buildroot}%{_sysconfdir}/%{name}.conf.iptables chmod 0644 %{buildroot}%{_sysconfdir}/%{name}.conf.* %endif install -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}.whitelist install -p -d -m 0755 %{buildroot}%{_unitdir} sed -i -e "/ExecStartPre=/d" examples/%{name}.service sed -i -e "s|ExecStart=/usr/local/sbin/sshguard|ExecStart=%{_sbindir}/%{name}|g" examples/%{name}.service install -p -m 0644 examples/%{name}.service %{buildroot}%{_unitdir}/ # cleanup # *.plist is only relevant for MacOS systems rm examples/net.sshguard.plist # we already ship a service file rm examples/sshguard.service %check make check #-- SCRIPTLETS -----------------------------------------------------------------# %post %systemd_post %{name}.service %if 0%{?use_subpackages} # with iptables backend, sshguard does not auto-create its tables, so we do that here %post iptables if [[ $1 -eq 1 ]]; then iptables -N sshguard iptables -A INPUT -j sshguard iptables-save > /etc/sysconfig/iptables ip6tables -N sshguard ip6tables -A INPUT -j sshguard ip6tables-save > /etc/sysconfig/ip6tables fi exit 0 %endif %preun %systemd_preun %{name}.service %postun %systemd_postun_with_restart %{name}.service #-- FILES ---------------------------------------------------------------------# %files %doc examples %doc README.rst %doc CONTRIBUTING.rst %license COPYING %{_sbindir}/%{name} %{_mandir}/man8/%{name}* %{_mandir}/man7/%{name}* %dir %{_sharedstatedir}/%{name}/ %dir %{_libexecdir}/%{name}/ %{_libexecdir}/%{name}/sshg-logtail %{_libexecdir}/%{name}/sshg-parser %{_libexecdir}/%{name}/sshg-blocker %{_libexecdir}/%{name}/sshg-fw-firewalld %{_libexecdir}/%{name}/sshg-fw-hosts %{_libexecdir}/%{name}/sshg-fw-ipfilter %{_libexecdir}/%{name}/sshg-fw-ipfw %{_libexecdir}/%{name}/sshg-fw-ipset %{_libexecdir}/%{name}/sshg-fw-iptables %{_libexecdir}/%{name}/sshg-fw-null %{_libexecdir}/%{name}/sshg-fw-pf %{_libexecdir}/%{name}/sshg-fw-nft-sets %{_unitdir}/%{name}.service %config(noreplace) %{_sysconfdir}/%{name}.whitelist %if 0%{?use_subpackages} %files iptables %config(noreplace) %{_sysconfdir}/%{name}.conf.iptables %files firewalld %config(noreplace) %{_sysconfdir}/%{name}.conf.firewalld %files nftables %config(noreplace) %{_sysconfdir}/%{name}.conf.nftables %endif #-- CHANGELOG -----------------------------------------------------------------# %changelog ## START: Generated by rpmautospec * Sat Jul 20 2024 Fedora Release Engineering - 2.4.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sun Apr 07 2024 Miroslav Suchý - 2.4.3-4 - Correct SPDX license * Fri Mar 29 2024 topazus - 2.4.3-3 - fix %%%%{?_isa} * Thu Mar 28 2024 topazus - 2.4.3-2 - remove packit file * Thu Mar 28 2024 topazus - 2.4.3-1 - Update to 2.4.3 * Sat Jan 27 2024 Fedora Release Engineering - 2.4.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering - 2.4.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Jan 21 2023 Fedora Release Engineering - 2.4.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering - 2.4.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sat Jan 22 2022 Fedora Release Engineering - 2.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering - 2.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jun 09 2021 Christopher Engelhard 2.4.2-1 - Update to 2.4.2 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.4.1-6 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Tue Feb 23 2021 Christopher Engelhard 2.4.1-5 - Fix backend path in example spec file - Remove SysV init related things - Require a backend - Fix wrong check for EPEL8 * Wed Jan 27 2021 Fedora Release Engineering - 2.4.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Sep 11 2020 Christopher Engelhard 2.4.1-3 - Revert patch from previous release as it could cause attacks to not be blocked. * Thu Sep 03 2020 Christopher Engelhard 2.4.1-2 - add patch that fixes high load when banning many IPs using firewalld * Sat Aug 01 2020 Christopher Engelhard 2.4.1-1 - Update to 2.4.1 * Wed Jul 29 2020 Fedora Release Engineering - 2.4.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jan 31 2020 Fedora Release Engineering - 2.4.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sun Nov 17 2019 Christopher Engelhard 2.4.0-12 - include patch to fully whitelist localhost in IPv6/v4 (PR #56) - add explicit Requires: ipset to firewalld backend * Mon Oct 21 2019 Christopher Engelhard 2.4.0-11 - replace systemd with systemd-rpm-macros in f30+ BuildRequires - remove %%systemd_requires macro * Fri Oct 04 2019 Christopher Engelhard 2.4.0-10 - add missing dependencies - move examples to (docdir)/examples subfolder - prefix directories with %%dir in %%files - use complete & commented config files - add white/blacklisting * Mon Sep 30 2019 Christopher Engelhard 2.4.0-9 - add bundled provides for fnv and simclist - add systemd dependency - fix changelog formatting - patch & use upstream service file - revert 05037d7b - disallow building on rhel < 6 - make package own /usr/libexec/sshguard * Tue Sep 24 2019 Christopher Engelhard 2.4.0-8 - Allow building on rhel < 6 * Thu Aug 29 2019 Christopher Engelhard 2.4.0-7 - add explicit dependency on logrotate for epel6 - fixed iptables install scriptlet * Sun Aug 25 2019 Christopher Engelhard 2.4.0-6 - fixes to initscript for CentOS/RHEL6 - added logrotate config for sysvinit systems * Wed Aug 21 2019 Christopher Engelhard 2.4.0-5 - fixed rpm macros not being replaced in service/init file * Tue Aug 20 2019 Christopher Engelhard 2.4.0-4 - Create iptables chains for sshguard on install * Fri Jul 19 2019 Christopher Engelhard 2.4.0-3 - use own service file instead of example * Tue Jul 16 2019 Christopher Engelhard 2.4.0-2 - changed SysV initscript handling to match EPEL guidelines - enable subpackages for RHEL8 * Tue Jul 16 2019 Christopher Engelhard 2.4.0-1 - updated for 2.4.0 * Tue Jan 08 2019 Christopher Engelhard 2.3.1-1 - remove upgrade notice for upgrade from v2.2.0-5, people should have noticed by now - update to v2.3.1 * Sun Dec 16 2018 Christopher Engelhard 2.3.0-1 - update to 2.3.0 * Tue Oct 23 2018 Christopher Engelhard 2.2.0-8 - allow building for EPEL - use RPM path macros in config/init files * Mon Oct 22 2018 Christopher Engelhard 2.2.0-7 - Change subpackages to weak dependencies - Make sshguard-iptables depend on iptables-services instead of iptables * Mon Oct 22 2018 Christopher Engelhard 2.2.0-6 - split off configuration into subpackages, allows autoconfig of multiple firewall backends * Sat Sep 29 2018 Christopher Engelhard 2.2.0-5 - include upstream patches for issues #100 and #101 instead of my own * Tue Sep 25 2018 Christopher Engelhard 2.2.0-4 - add patch to fix upstream Issue #100, firewalld errors * Sun Sep 23 2018 Christopher Engelhard 2.2.0-3 - disabled LFS in repo, incompatible with COPR (ce@lcts.de) * Sun Sep 23 2018 Christopher Engelhard 2.2.0-2 - new package built with tito * Thu Sep 13 2018 Christopher Engelhard - 2.2.0-1 - first release of this package ## END: Generated by rpmautospec