[Bug 220789] Review Request: fail2ban - Ban IPs that make too many password failures
bugzilla at redhat.com
bugzilla at redhat.com
Thu Dec 28 16:24:51 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: fail2ban - Ban IPs that make too many password failures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220789
------- Additional Comments From mtasaka at ioa.s.u-tokyo.ac.jp 2006-12-28 11:24 EST -------
Well,
A. First for general packaging issue of this package:
E: fail2ban only-non-binary-in-usr-lib
! Well, for this package moving all files in /usr/lib
to %{_datadir} seems very easy and I recommend it
(currently not a blocker, however would you contact with
upstream?)
* And... for this package the directory is /usr/lib,
not %{_libdir}!!
You can check this by setup.py (hard-coded)
W: fail2ban service-default-enabled /etc/rc.d/init.d/fail2ban
* Umm.. I think this should be avoided.
This warning is due to the line
---------------------------------------------------------------
# chkconfig: 345 91 9
---------------------------------------------------------------
of /etc/rc.d/init.d/fail2ban . The description "345"
means that fail2ban service is automatically enabled when
installed on the level of 3-5 (man 8 chkconfig)
And...
> The service may be enabled, but in absence of
> /etc/fail2ban.conf (which is the default) it will not start.
* I think only the default behaviour of this script is
unkind because fail2ban won't start but no error message
is printed out.
Current message is:
------------------------------------------------------
Starting fail2ban:
------------------------------------------------------
Some messages like
------------------------------------------------------
Starting fail2ban: configulation file not found
[ FAILED ]
------------------------------------------------------
should be printed out. Also, the exit status of the
failure should not be 0.
Even I copyed /usr/share/doc/fail2ban/fail2ban.conf.iptables
to /etc/fail2ban.conf, no message is printed out.
Some messages which tells that starting daemon succeeded
should be printed out.
Well, then...
B. From http://fedoraproject.org/wiki/Packaging/Guidelines :
! Licensing
- Well, this package is licensed under GPL, however,
GPL document is not included in source tarball. Currently
this is not a blocker, however, please ask the upstream
to include GPL document to source tarball.
! Filesystem Layout
- Described above (not a blocker)
- My opinion is fail2ban should be under %{_sbindir}.
- Usually config files of initscripts should be under
%{_sysconfdir}/sysconfig
* Scriptlets requirements
( http://fedoraproject.org/wiki/Packaging/ScriptletSnippets )
- For /sbin/chkconfig and etc
Please write Requires(post): /sbin/chkconfig and others
- condrestart scriptlet on %postun stage is needed
* File and Directory Ownership
- My opinion is that this package should own /var/log/fail2ban
as a ghost file.
C. From http://fedoraproject.org/wiki/Packaging/ReviewGuidelines :
= Okay, except for written in A and B.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list