view syslog2iptables.spec.in @ 76:c6c8a2102a3e

add more logging when blocked addresses move to higher scale values
author Carl Byington <carl@five-ten-sg.com>
date Wed, 15 Jul 2020 13:38:43 -0700
parents 4685767c0c85
children c6ba792f1a9a
line wrap: on
line source

%define localstatedir   /var/lib

Summary:            Syslog to iptables dynamic firewall
Name:               @PACKAGE@
Version:            @VERSION@
Release:            1%{?dist}
License:            GPLv3+
Group:              System Environment/Daemons
Source:             http://www.five-ten-sg.com/%{name}/packages/%{name}-%{version}.tar.gz
BuildRoot:          %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
URL:                http://www.five-ten-sg.com/%{name}/

Requires(post,preun):   /sbin/chkconfig
Requires(post,preun):   /sbin/service
Requires:               iptables, coreutils
BuildRequires:          gcc gcc-c++
%if "%{?dist}" == ".el7"
Requires(pre):  systemd-sysv, shadow-utils
Requires(post): systemd-units
Requires(preun):  systemd-units
Requires(postun): systemd-units
Requires:       rsyslog, systemd-units
BuildRequires:  systemd-units
%endif


%description
This is a simple adaptive firewall.  It maintains the INPUT chain
of the iptables firewall set based on syslog entries.

%prep
%setup -q

%build
%configure
make %{?_smp_mflags}

%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
%if "%{?dist}" == ".el7"
install -m 644 -D %{buildroot}%{_sysconfdir}/%{name}.service \
    %{buildroot}%{_unitdir}/%{name}.service
%else
install -m 755 -D %{buildroot}%{_sysconfdir}/%{name} \
    %{buildroot}%{_initrddir}/%{name}
%endif
rm -f  %{buildroot}%{_sysconfdir}/%{name}
rm -f  %{buildroot}%{_sysconfdir}/%{name}.service


%clean
rm -rf %{buildroot}


%pre


%post
if [ $1 = 1 ]; then
    # initial install
%if "%{?dist}" == ".el7"
    /bin/systemctl daemon-reload &>/dev/null || :
%else
    /sbin/chkconfig --add %{name}
%endif
    (cd %{_sysconfdir}; ./%{name}.conf.make)
fi

%preun
if [ $1 = 0 ]; then
    # package removal, not upgrade
%if "%{?dist}" == ".el7"
    /bin/systemctl --no-reload disable %{name}.service &>/dev/null || :
    /bin/systemctl stop %{name}.service &>/dev/null || :
%else
    /sbin/service %{name} stop || :
    /sbin/chkconfig --del %{name}
%endif
fi


%postun
if [ $1 -ge 1 ]; then
    # package upgrade, not uninstall
    (cd %{_sysconfdir}; ./%{name}.conf.make)
%if "%{?dist}" == ".el7"
    /bin/systemctl try-restart %{name}.service &>/dev/null || :
%else
    /sbin/service %{name} restart || :
%endif
fi


%files
%defattr(-,root,root,-)
%{_sbindir}/*
%{_mandir}/man1/*
%{_mandir}/man5/*
%docdir %{_datadir}/doc/%{name}-%{version}
%{_datadir}/doc/%{name}-%{version}
%config(noreplace) %{_sysconfdir}/%{name}.conf.top
%config(noreplace) %{_sysconfdir}/%{name}.conf.httpd
%config(noreplace) %{_sysconfdir}/%{name}.conf.bottom
%attr(750,root,root) %{_sysconfdir}/%{name}.conf.make
%if "%{?dist}" == ".el7"
%{_unitdir}/%{name}.service
%else
%{_initrddir}/%{name}
%endif


%changelog
* Wed Jul 15 2020 Carl Byington <carl@five-ten-sg.com> - 1.18-1
- add more logging when blocked addresses move to higher scale values

* Thu Feb 09 2017 Carl Byington <carl@five-ten-sg.com> - 1.17-1
- RHEL7 systemd and /var/run is on tmpfs

* Mon Dec 21 2015 Carl Byington <carl@five-ten-sg.com> - 1.16-3
- fix post uninstall script
- allow config bucket count zero to disable a pattern

* Sat Dec 19 2015 Carl Byington <carl@five-ten-sg.com> - 1.16-2
- fix default config regular expressions

* Sat Dec 19 2015 Carl Byington <carl@five-ten-sg.com> - 1.16-1
- good authentication prevents ip blocking for awhile

* Thu Oct 02 2014 Carl Byington <carl@five-ten-sg.com> - 1.15-1
- add script to build syslog2iptables.conf

* Tue Jun 10 2014 Carl Byington <carl@five-ten-sg.com> - 1.14-1
- Add exponential increase in penalty for repeat offenders.

* Wed Aug 17 2011 Carl Byington <carl@five-ten-sg.com> - 1.13-2
- switch to auto requires

* Sun Jan 25 2009 Carl Byington <carl@five-ten-sg.com> - 1.13-1
- Document multiple contexts.

* Sat Jan 24 2009 Carl Byington <carl@five-ten-sg.com> - 1.12-1
- Allow multiple contexts with independent add/remove commands.

* Thu May 29 2008 Carl Byington <carl@five-ten-sg.com> - 1.11-1
- Fix to compile on Fedora 9 and for const correctness.

* Sat Mar 22 2008 Carl Byington <carl@five-ten-sg.com> - 1.10
- Fix to compile on Solaris.

* Fri Mar 21 2008 Carl Byington <carl@five-ten-sg.com> - 1.9
- changes for Fedora packaging guidelines

* Thu Aug 30 2007 Carl Byington <carl@five-ten-sg.com> - 1.5
- Fix pre/post scripts

* Thu Dec 08 2005 Carl Byington <carl@five-ten-sg.com> - 1.0
- initial revision based on dnsbl spec file
- and http://www.fedora.us/docs/rpm-packaging-guidelines.html