Mercurial > syslog2iptables
changeset 71:79f310d1bc46
RHEL7 systemd and /var/run on tmpfs
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 09 Feb 2017 12:44:31 -0800 |
parents | e841d8422b74 |
children | ea7b7a0d0039 |
files | ChangeLog Makefile.am NEWS configure.in syslog2iptables.service.rc syslog2iptables.spec.in |
diffstat | 6 files changed, 87 insertions(+), 19 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Dec 21 08:00:33 2015 -0800 +++ b/ChangeLog Thu Feb 09 12:44:31 2017 -0800 @@ -1,3 +1,6 @@ +1.17 2017-02-09 + RHEL7 systemd and /var/run on tmpfs + 1.16 2015-12-21 good authentication prevents ip blocking for awhile fix default config regular expressions for geedy matching
--- a/Makefile.am Mon Dec 21 08:00:33 2015 -0800 +++ b/Makefile.am Thu Feb 09 12:44:31 2017 -0800 @@ -2,18 +2,24 @@ SUBDIRS = src man html info hackdir = $(sysconfdir) -hack_SCRIPTS = syslog2iptables -sysconf_DATA = syslog2iptables.conf.make syslog2iptables.conf.top syslog2iptables.conf.bottom syslog2iptables.conf.httpd +hack_SCRIPTS = syslog2iptables syslog2iptables.service +hack_DATA = syslog2iptables.conf.make syslog2iptables.conf.top syslog2iptables.conf.bottom +syslog2iptables.conf.httpd htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ html_DATA = AUTHORS COPYING ChangeLog NEWS README -CLEANFILES = syslog2iptables xml/syslog2iptables xml/Makefile -EXTRA_DIST = syslog2iptables.conf.make syslog2iptables.conf.top syslog2iptables.conf.bottom syslog2iptables.conf.httpd syslog2iptables.spec xml/header.sgml xml/header.xml xml/Makefile.am xml/Makefile.in xml/syslog2iptables.in +CLEANFILES = syslog2iptables syslog2iptables.service xml/syslog2iptables xml/Makefile +EXTRA_DIST = syslog2iptables.rc syslog2iptables.service.rc $(hack_DATA) syslog2iptables.spec xml/header.sgml xml/header.xml xml/Makefile.am xml/Makefile.in xml/syslog2iptables.in syslog2iptables: syslog2iptables.rc cat syslog2iptables.rc | \ sed -e "s,SBINDIR,$(sbindir),g" | \ sed -e "s,SYSCONFDIR,$(sysconfdir),g" >>syslog2iptables +syslog2iptables.service: syslog2iptables.service.rc + cat syslog2iptables.rc | \ + sed -e "s,SBINDIR,$(sbindir),g" | \ + sed -e "s,SYSCONFDIR,$(sysconfdir),g" >>syslog2iptables.service + chkconfig: syslog2iptables mv -f $(sysconfdir)/syslog2iptables /etc/rc.d/init.d /sbin/chkconfig --del syslog2iptables
--- a/NEWS Mon Dec 21 08:00:33 2015 -0800 +++ b/NEWS Thu Feb 09 12:44:31 2017 -0800 @@ -1,3 +1,4 @@ +1.17 2017-02-09 RHEL7 systemd and /var/run on tmpfs 1.16 2015-12-19 good authentication prevents ip blocking for awhile 1.15 2014-10-02 add script to build syslog2iptables.conf 1.14 2014-06-10 Add exponential increase in penalty for repeat offenders.
--- a/configure.in Mon Dec 21 08:00:33 2015 -0800 +++ b/configure.in Thu Feb 09 12:44:31 2017 -0800 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(syslog2iptables,1.16,carl@five-ten-sg.com) +AC_INIT(syslog2iptables,1.17,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h])
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/syslog2iptables.service.rc Thu Feb 09 12:44:31 2017 -0800 @@ -0,0 +1,15 @@ +[Unit] +Description = Syslog to iptables dynamic firewall +After = syslog.target +After = local-fs.target +After = network.target + +[Service] +Type = forking +UMask = 0022 +User = root +WorkingDirectory = SYSCONFDIR +ExecStart = SBINDIR/syslog2iptables -d 3 + +[Install] +WantedBy = multi-user.target
--- a/syslog2iptables.spec.in Mon Dec 21 08:00:33 2015 -0800 +++ b/syslog2iptables.spec.in Thu Feb 09 12:44:31 2017 -0800 @@ -3,7 +3,7 @@ Summary: Syslog to iptables dynamic firewall Name: @PACKAGE@ Version: @VERSION@ -Release: 3%{?dist} +Release: 1%{?dist} License: GPLv3+ Group: System Environment/Daemons Source: http://www.five-ten-sg.com/%{name}/packages/%{name}-%{version}.tar.gz @@ -15,6 +15,15 @@ Requires: iptables Requires: coreutils BuildRequires: gcc gcc-c++ +%if "%{?dist}" == ".el7" +Requires(pre): systemd-sysv, shadow-utils +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: coreutils +Requires: systemd-units +BuildRequires: systemd-units +%endif %description @@ -30,31 +39,59 @@ %install -rm -rf $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT install -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name} $RPM_BUILD_ROOT/etc/rc.d/init.d -rm -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.conf +rm -rf %{buildroot} +make DESTDIR=%{buildroot} install +%if "%{?dist}" == ".el7" +install -m 644 -D %{buildroot}%{_sysconfdir}/%{name}.service \ + %{buildroot}%{_unitdir}/%{name}.service +%else +install -m 755 -D %{buildroot}%{_sysconfdir}/%{name} \ + %{buildroot}%{_initrddir}/%{name} +%endif +rm -f %{buildroot}%{_sysconfdir}/%{name} +rm -f %{buildroot}%{_sysconfdir}/%{name}.service %clean -rm -rf $RPM_BUILD_ROOT +rm -rf %{buildroot} %pre %post +if [ $1 = 1 ]; then + # initial install +%if "%{?dist}" == ".el7" + /bin/systemctl daemon-reload &>/dev/null || : +%else /sbin/chkconfig --add %{name} +%endif (cd %{_sysconfdir}; ./%{name}.conf.make) - +fi %preun -[ $1 = 0 ] && /sbin/service %{name} stop || : +if [ $1 = 0 ]; then + # package removal, not upgrade +%if "%{?dist}" == ".el7" + /bin/systemctl --no-reload disable %{name}.service &>/dev/null || : + /bin/systemctl stop %{name}.service &>/dev/null || : +%else + /sbin/service %{name} stop || : + /sbin/chkconfig --del %{name} +%endif +fi %postun -[ $1 = 0 ] && /sbin/chkconfig --del %{name} || : +if [ $1 -ge 1 ]; then + # package upgrade, not uninstall +%if "%{?dist}" == ".el7" + /bin/systemctl try-restart %{name}.service &>/dev/null || : +%else + /sbin/service %{name} restart || : +%endif +fi %files @@ -68,10 +105,17 @@ %config(noreplace) %{_sysconfdir}/%{name}.conf.httpd %config(noreplace) %{_sysconfdir}/%{name}.conf.bottom %attr(750,root,root) %{_sysconfdir}/%{name}.conf.make -/etc/rc.d/init.d/%{name} +%if "%{?dist}" == ".el7" +%{_unitdir}/%{name}.service +%else +%{_initrddir}/%{name} +%endif %changelog +* Thu Feb 09 2017 Carl Byington <carl@five-ten-sg.com> - 1.17-1 +- RHEL7 systemd and /var/run is on tmpfs + * Mon Dec 21 2015 Carl Byington <carl@five-ten-sg.com> - 1.16-3 - fix post uninstall script - allow config bucket count zero to disable a pattern