rpms/denyhosts/FC-3 README.fedora, NONE, 1.1 denyhosts-0.9.8-setup.patch, NONE, 1.1 denyhosts-1.0.0-config.patch, NONE, 1.1 denyhosts-1.0.0-daemon-control.patch, NONE, 1.1 denyhosts.logrotate, NONE, 1.1 denyhosts.sysconfig, NONE, 1.1 denyhosts.cron, 1.2, 1.3 denyhosts.init, 1.1, 1.2 denyhosts.spec, 1.2, 1.3 sources, 1.3, 1.4 denyhosts-0.5.5-workdir.patch, 1.1, NONE denyhosts-0.6.0-version.patch, 1.1, NONE
Jason Tibbitts (tibbs)
fedora-extras-commits at redhat.com
Thu Aug 18 00:21:45 UTC 2005
- Previous message (by thread): rpms/denyhosts/FC-4 README.fedora, NONE, 1.1 denyhosts-0.9.8-setup.patch, NONE, 1.1 denyhosts-1.0.0-config.patch, NONE, 1.1 denyhosts-1.0.0-daemon-control.patch, NONE, 1.1 denyhosts.logrotate, NONE, 1.1 denyhosts.sysconfig, NONE, 1.1 denyhosts.cron, 1.2, 1.3 denyhosts.init, 1.1, 1.2 denyhosts.spec, 1.2, 1.3 sources, 1.3, 1.4 denyhosts-0.5.5-workdir.patch, 1.1, NONE denyhosts-0.6.0-version.patch, 1.1, NONE
- Next message (by thread): rpms/perl-Class-Trigger - New directory
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tibbs
Update of /cvs/extras/rpms/denyhosts/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21482
Modified Files:
denyhosts.cron denyhosts.init denyhosts.spec sources
Added Files:
README.fedora denyhosts-0.9.8-setup.patch
denyhosts-1.0.0-config.patch
denyhosts-1.0.0-daemon-control.patch denyhosts.logrotate
denyhosts.sysconfig
Removed Files:
denyhosts-0.5.5-workdir.patch denyhosts-0.6.0-version.patch
Log Message:
Pull from devel branch.
--- NEW FILE README.fedora ---
Some useful information about DenyHosts as packaged by Fedora Extras
--------------------------------------------------------------------
It installs and runs as a service, so you can start it with:
service denyhosts start
and enable it at boot time with:
chkconfig denyhosts on
By default it will process your logs every ten minutes. You can
change the interval by editing /etc/cron.d/denyhosts. You can see a
description of the file format by running:
man 5 crontab
By default, DenyHosts is set up to purge old block entries, but only
after one year. If you wish to adjust this, edit /etc/denyhosts.conf
and look for "PURGE_DENY". The purge procedure is run daily at 5AM.
To adjust this frequency, edit /etc/cron.d/denyhosts.
DenyHosts will process only your current logfile (/var/log/secure).
If you want to incorporate an old logfile (in this example,
/var/log/secure.1) , you can run
denyhosts.py -c /etc/denyhosts.conf /var/log/secure.1
DenyHosts can also handle logs compressed with gzip or bzip2.
Notes about upgrading
---------------------
If upgrading from DenyHosts 0.6.0 or earlier, note that this package
does not run denyhosts --migrate to make the old entries expirable.
This preserves any entries that may have been manually added. You
can, of course, run this yourself.
This package runs denyhosts --upgrade099 automatically to move any
post-0.6.0 and pre-0.9.9 entries into the proper format.
denyhosts-0.9.8-setup.patch:
--- NEW FILE denyhosts-0.9.8-setup.patch ---
--- setup.py.orig 2005-07-22 17:39:17.000000000 -0500
+++ setup.py 2005-08-04 13:06:14.893095036 -0500
@@ -21,13 +21,13 @@
package_dir={'DenyHosts': 'DenyHosts'},
packages=["DenyHosts"],
##py_modules=["denyhosts_version"],
- data_files=[(libpath, glob("denyhosts.cfg-dist")),
- (libpath, glob("denyhosts-daemon-initscript")),
- (libpath, glob("setup.py")),
- (libpath, glob("daemon-control-dist")),
- (libpath, glob("CHANGELOG.txt")),
- (libpath, glob("README.txt")),
- (libpath, glob("LICENSE.txt"))],
+# data_files=[(libpath, glob("denyhosts.cfg-dist")),
+# (libpath, glob("denyhosts-daemon-initscript")),
+# (libpath, glob("setup.py")),
+# (libpath, glob("daemon-control-dist")),
+# (libpath, glob("CHANGELOG.txt")),
+# (libpath, glob("README.txt")),
+# (libpath, glob("LICENSE.txt"))],
license="GPL",
##extra_path='denyhosts',
long_description="""
denyhosts-1.0.0-config.patch:
--- NEW FILE denyhosts-1.0.0-config.patch ---
--- denyhosts.cfg-dist.orig 2005-08-15 10:51:55.000000000 -0500
+++ denyhosts.cfg-dist 2005-08-15 22:26:21.788502326 -0500
@@ -47,13 +47,18 @@
# 'y' = years
#
# never purge:
-PURGE_DENY =
+#PURGE_DENY =
#
# purge entries older than 1 week
#PURGE_DENY = 1w
#
# purge entries older than 5 days
#PURGE_DENY = 5d
+#
+# For the default Fedora Extras install, we want timestamping but no
+# expiration (at least by default) so this is deliberately set high.
+# Adjust to taste.
+PURGE_DENY = 1y
#######################################################################
@@ -116,7 +121,7 @@
# Note: when run in daemon mode, this directory should be specified
# as an absolute path name (eg. /home/foo/denyhosts/data)
#
-WORK_DIR = denyhosts
+WORK_DIR = /var/lib/denyhosts
#
#######################################################################
@@ -175,7 +180,7 @@
# match your email address. If you do not want to receive these reports
# leave this field blank (or run with the --noemail option)
#
-ADMIN_EMAIL =
+ADMIN_EMAIL = root
#
#######################################################################
denyhosts-1.0.0-daemon-control.patch:
--- NEW FILE denyhosts-1.0.0-daemon-control.patch ---
--- daemon-control-dist.orig 2005-08-16 17:31:58.285358954 -0500
+++ daemon-control-dist 2005-08-16 17:33:00.510336919 -0500
@@ -7,7 +7,7 @@
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_CFG = "/etc/denyhosts.conf"
###############################################
@@ -104,7 +104,7 @@
try:
option = sys.argv[1]
- if option in ('start', 'restart'):
+ if option in ('start', 'restart', 'condrestart'):
if '--config' not in args and '-c' not in args:
args.append("--config=%s" % DENYHOSTS_CFG)
--- NEW FILE denyhosts.logrotate ---
/var/log/denyhosts {
missingok
notifempty
size 100k
create 0644 root root
postrotate
/sbin/service denyhosts condrestart > /dev/null 2>&1 || :
endscript
}
--- NEW FILE denyhosts.sysconfig ---
# Should DenyHosts run in daemon mode?
# If not set to "yes", you also need to edit /etc/cron.d/denyhosts
# and uncomment the appropriate lines.
DAEMON=yes
Index: denyhosts.cron
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-3/denyhosts.cron,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- denyhosts.cron 2 Jul 2005 21:41:44 -0000 1.2
+++ denyhosts.cron 18 Aug 2005 00:21:43 -0000 1.3
@@ -1,6 +1,12 @@
-# This defaults to running once every ten minutes, but if your host is being
-# heavily attacked then it is reasonable to make it run as frequently as once
-# every minute. DenyHosts runs quickly once it has initially processed your
-# logs and should not take a significant amount of CPU time.
-*/10 * * * * root [ -f /var/lock/subsys/denyhosts ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf
-
+# The Fedora default is to use daemon mode, but if you wish to have
+# denyhosts run periodically, you can uncomment the appropriate two lines
+# and edit /etc/sysconfig/denyhosts. (You will also have to start the
+# "service" and set it to run at boot if necessary.)
+#
+# Run denyhosts occasionally; adjust the time span to your liking
+#*/10 * * * * root [ -f /var/lock/subsys/denyhosts.init ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+#
+# Automatically purge old entries early in the morning. Note that you must
+# edit /etc/denyhosts.conf and set PURGE_DENY to something reasonable, as the
+# default value purge time is set very high.
+#0 5 * * * root [ -f /var/lock/subsys/denyhosts.init ] && /usr/bin/denyhosts.py -c /etc/denyhosts.conf --purge
Index: denyhosts.init
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-3/denyhosts.init,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- denyhosts.init 20 May 2005 04:57:02 -0000 1.1
+++ denyhosts.init 18 Aug 2005 00:21:43 -0000 1.2
@@ -7,7 +7,7 @@
#
# chkconfig: - 50 01
#
-# description: Enable periodic execution of denyhosts, an SSH log watcher
+# description: Enable execution of denyhosts, an SSH log watcher
# processname denyhosts
# config: /etc/denyhosts.cfg
#
@@ -15,29 +15,58 @@
# source function library
. /etc/rc.d/init.d/functions
-lockfile=/var/lock/subsys/denyhosts
-
+CONTROL=/usr/bin/denyhosts-control
+CRONLOCK=/var/lock/subsys/denyhosts.init
+LOCKFILE=/var/lock/subsys/denyhosts
RETVAL=0
-start() {
+[ -f /etc/sysconfig/denyhosts ] && . /etc/sysconfig/denyhosts
+
+c_start() {
echo -n $"Enabling denyhosts: "
- touch "$lockfile" && success || failure
+ touch "$CRONLOCK" && success || failure
RETVAL=$?
echo
}
-stop() {
+c_stop() {
echo -n $"Disabling denyhosts: "
- rm -f "$lockfile" && success || failure
+ rm -f "$CRONLOCK" && success || failure
RETVAL=$?
echo
}
-restart() {
- stop
- start
+c_restart() {
+ c_stop
+ c_start
+}
+
+c_condrestart() {
+ [ -f "$CRONLOCK" ] && c_restart
}
+c_status() {
+ if [ -f $CRONLOCK ]; then
+ echo $"Denyhosts is enabled."
+ RETVAL=0
+ else
+ echo $"Denyhosts is disabled."
+ RETVAL=3
+ fi
+}
+
+d_condrestart() { $CONTROL condrestart; RETVAL=$?; }
+d_restart() { $CONTROL restart; RETVAL=$?; }
+d_start() { $CONTROL start; RETVAL=$?; }
+d_status() { $CONTROL status; RETVAL=$?; }
+d_stop() { $CONTROL stop; RETVAL=$?; }
+
+condrestart() { if [ $DAEMON = "yes" ]; then d_condrestart; else c_restart; fi }
+restart() { if [ $DAEMON = "yes" ]; then d_restart; else c_restart; fi }
+start() { if [ $DAEMON = "yes" ]; then d_start; else c_start; fi }
+status() { if [ $DAEMON = "yes" ]; then d_status; else c_status; fi }
+stop() { if [ $DAEMON = "yes" ]; then d_stop; else c_stop; fi }
+
case "$1" in
start)
start
@@ -51,16 +80,10 @@
reload)
;;
condrestart)
- [ -f "$lockfile" ] && restart
+ condrestart
;;
status)
- if [ -f $lockfile ]; then
- echo $"Denyhosts is enabled."
- RETVAL=0
- else
- echo $"Denyhosts is disabled."
- RETVAL=3
- fi
+ status
;;
*)
echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
Index: denyhosts.spec
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-3/denyhosts.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- denyhosts.spec 2 Jul 2005 21:41:44 -0000 1.2
+++ denyhosts.spec 18 Aug 2005 00:21:43 -0000 1.3
@@ -1,6 +1,6 @@
Name: denyhosts
-Version: 0.6.0
-Release: 1%{?dist}
+Version: 1.0.0
+release: 2%{?dist}
Summary: A script to help thwart ssh server attacks
Group: Applications/System
@@ -10,12 +10,16 @@
Source1: denyhosts.cron
Source2: denyhosts.init
Source3: denyhosts-allowed-hosts
-Patch0: denyhosts-0.5.5-workdir.patch
-Patch1: denyhosts-0.6.0-version.patch
+Source4: denyhosts.sysconfig
+Source5: denyhosts.logrotate
+Source6: README.fedora
+Patch0: denyhosts-1.0.0-config.patch
+Patch1: denyhosts-0.9.8-setup.patch
+Patch2: denyhosts-1.0.0-daemon-control.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArchitectures: noarch
-#BuildRequires:
+BuildRequires: python-devel
Requires: openssh-server
%description
@@ -31,21 +35,38 @@
%setup -q -n DenyHosts-%{version}
%patch0 -p0
%patch1 -p0
+%patch2 -p0
+
+cp %{SOURCE6} .
+
+
+%build
+python ./setup.py build
+
%install
rm -rf $RPM_BUILD_ROOT
+python ./setup.py install --root=$RPM_BUILD_ROOT --record=%{name}.files
install -d $RPM_BUILD_ROOT%{_bindir}
+
install -d $RPM_BUILD_ROOT%{_initrddir}
install -d $RPM_BUILD_ROOT%{_sysconfdir}/cron.d
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/lib/denyhosts
+install -d $RPM_BUILD_ROOT%{_localstatedir}/log
-install -p -m 755 denyhosts.py $RPM_BUILD_ROOT%{_bindir}
install -p -m 600 denyhosts.cfg-dist $RPM_BUILD_ROOT%{_sysconfdir}/denyhosts.conf
+install -p -m 755 daemon-control-dist $RPM_BUILD_ROOT%{_bindir}/denyhosts-control
install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/denyhosts
install -p -m 755 %{SOURCE2} $RPM_BUILD_ROOT%{_initrddir}/denyhosts
install -p -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{_localstatedir}/lib/denyhosts/allowed-hosts
+install -p -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/denyhosts
+install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/denyhosts
+
+touch $RPM_BUILD_ROOT%{_localstatedir}/log/denyhosts
for i in allowed-warned-hosts hosts offset suspicious-logins \
users-hosts users-invalid users-valid; do
@@ -56,25 +77,40 @@
%clean
rm -rf $RPM_BUILD_ROOT
+
+# Note that we do not automaticaly run --migrate, because we can't be
+# sure that all of the hosts.deny entries were created by denyhosts
%post
/sbin/chkconfig --add denyhosts
-/sbin/service denyhosts condrestart >> /dev/null
+
+RUNNING=`/sbin/service denyhosts status | grep "is running"`
+/sbin/service denyhosts stop > /dev/null 2>&1 || :
+%{_bindir}/denyhosts.py -c /etc/denyhosts.conf --upgrade099 > /dev/null 2>&1 || :
+if [ -n "$RUNNING" ]; then
+ /sbin/service denyhosts start > /dev/null 2>&1
+fi
exit 0
+
%preun
if [ $1 = 0 ]; then
+ /sbin/service denyhosts stop > /dev/null 2>&1
/sbin/chkconfig --del denyhosts
- /sbin/service denyhosts stop >> /dev/null
fi
exit 0
-%files
+
+%files -f %{name}.files
%defattr(-,root,root,-)
-%doc LICENSE.txt README.txt setup.py
+%doc CHANGELOG.txt denyhosts.cfg-dist LICENSE.txt
+%doc README.fedora README.txt setup.py
%config(noreplace) %{_sysconfdir}/denyhosts.conf
%config(noreplace) %{_sysconfdir}/cron.d/denyhosts
+%config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
+%config(noreplace) %{_sysconfdir}/sysconfig/denyhosts
%config(noreplace) %{_localstatedir}/lib/denyhosts/allowed-hosts
+%ghost %{_localstatedir}/log/denyhosts
%ghost %{_localstatedir}/lib/denyhosts/allowed-warned-hosts
%ghost %{_localstatedir}/lib/denyhosts/hosts
%ghost %{_localstatedir}/lib/denyhosts/offset
@@ -85,10 +121,54 @@
%dir %{_localstatedir}/lib/denyhosts
-%{_bindir}/denyhosts.py
%{_initrddir}/denyhosts
+%{_bindir}/denyhosts-control
%changelog
+* Wed Aug 17 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-2
+- Restart the daemon in the logrotate script
+- Stop the running daemon before calling --upgrade099
+
+* Tue Aug 16 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-1
+- Fix condrestart
+- Actually install logrotate entry
+
+* Mon Aug 15 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 1.0.0-0
+- Update to 1.0.0
+- Add logrotate entry
+- Clean up initscript
+- Add notes on upgrading.
+
+* Mon Aug 15 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-2
+- Automatically upgrade the format of hosts.deny entries.
+
+* Sun Aug 14 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-1
+- Framework for enabling daemon mode.
+
+* Sat Aug 13 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.9-0
+- Update to 0.9.9
+
+* Fri Aug 5 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.9.8-1
+- Update to 0.9.8
+
+* Fri Jul 22 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-3
+- Rename the lockfile used by the initscript/cron setup because
+ DenyHosts now has its own internal locking and they chose the exact
+ same lockfile we were using.
+- Turn on PURGE_DENY in the installed config file.
+- Delete data_files from setup.py.
+- Enable purging in denyhosts.cron.
+- Add README.fedora file.
+
+* Thu Jul 21 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-2
+- Package CHANGELOG.txt and denyhosts.cfg-dist as well (as
+ documentation).
+
+* Thu Jul 21 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.8.0-1
+- Update to 0.8.0
+- Use proper Python installation mechanism.
+- Drop denyhosts-0.6.0-version.patch as it's no longer necessary.
+
* Sat Jul 2 2005 Jason L Tibbitts III <tibbs at math.uh.edu> - 0.6.0-1
- Update to 0.6.0
- Add fix for "from version import VERSION" issue.
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/denyhosts/FC-3/sources,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sources 2 Jul 2005 21:41:44 -0000 1.3
+++ sources 18 Aug 2005 00:21:43 -0000 1.4
@@ -1 +1 @@
-6d65457ed9c31c548160e2aa74e5a80e DenyHosts-0.6.0.tar.gz
+12633e88a120ccdbd604bd775b154a62 DenyHosts-1.0.0.tar.gz
--- denyhosts-0.5.5-workdir.patch DELETED ---
--- denyhosts-0.6.0-version.patch DELETED ---
- Previous message (by thread): rpms/denyhosts/FC-4 README.fedora, NONE, 1.1 denyhosts-0.9.8-setup.patch, NONE, 1.1 denyhosts-1.0.0-config.patch, NONE, 1.1 denyhosts-1.0.0-daemon-control.patch, NONE, 1.1 denyhosts.logrotate, NONE, 1.1 denyhosts.sysconfig, NONE, 1.1 denyhosts.cron, 1.2, 1.3 denyhosts.init, 1.1, 1.2 denyhosts.spec, 1.2, 1.3 sources, 1.3, 1.4 denyhosts-0.5.5-workdir.patch, 1.1, NONE denyhosts-0.6.0-version.patch, 1.1, NONE
- Next message (by thread): rpms/perl-Class-Trigger - New directory
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list