Changes - j0ke.net Open Build Service

Changes of Revision 3

[-] [+]	Changed	blocksshd.spec
@@ -7,8 +7,15 @@ URL: http://sourceforge.net/projects/blocksshd/ BuildArch: noarch Source: http://downloads.sourgeforge.net/blocksshd/blocksshd-%{version}.tar.bz2 -Patch: blocksshd-1.1.diff +Source1: blocksshd-suse.init +Patch0: blocksshd-1.1.diff +Patch1: blocksshd-suse-config.diff + Requires: perl >= 5, /sbin/chkconfig +%if 0%{?suse_version} +Requires: perl-Net-Subnet +%endif + AutoReq: no BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -22,7 +29,8 @@ %setup -q %if 0%{?suse_version} -%patch -p1 +%patch0 -p1 +%patch1 -p1 %endif %build @@ -39,8 +47,13 @@ MANCOMPRESS= \ INSTALL="%{__install} -p" +%if 0%{?suse_version} +install -D -m 755 -d %{buildroot}/etc/init.d/ +install -m 755 %{S:1} %{buildroot}/etc/init.d/blocksshd +%else %{__make} init DESTDIR="%{buildroot}" \ INITRDDIR="%{_initrddir}" +%endif %clean %{__rm} -rf "%{buildroot}" @@ -61,6 +74,10 @@ /sbin/chkconfig --add blocksshd %changelog +* Mon Jan 21 2008 Carsten Schoene <cs@linux-administrator.com> +- adapted spec to SuSE distributions +- added SuSE init script and configuration patch + * Thu Apr 12 2007 James Turnbull <james@lovedthanlost.net> 1.1-1 - Added -p to spec file - Changed download source from dl to download x 1 @@ -7,8 +7,15 @@ 2 URL: http://sourceforge.net/projects/blocksshd/ 3 BuildArch: noarch 4 Source: http://downloads.sourgeforge.net/blocksshd/blocksshd-%{version}.tar.bz2 5 -Patch: blocksshd-1.1.diff 6 +Source1: blocksshd-suse.init 7 +Patch0: blocksshd-1.1.diff 8 +Patch1: blocksshd-suse-config.diff 9 + 10 Requires: perl >= 5, /sbin/chkconfig 11 +%if 0%{?suse_version} 12 +Requires: perl-Net-Subnet 13 +%endif 14 + 15 AutoReq: no 16 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root 17 18 @@ -22,7 +29,8 @@ 19 20 %setup -q 21 %if 0%{?suse_version} 22 -%patch -p1 23 +%patch0 -p1 24 +%patch1 -p1 25 %endif 26 27 %build 28 @@ -39,8 +47,13 @@ 29 MANCOMPRESS= \ 30 INSTALL="%{__install} -p" 31 32 +%if 0%{?suse_version} 33 +install -D -m 755 -d %{buildroot}/etc/init.d/ 34 +install -m 755 %{S:1} %{buildroot}/etc/init.d/blocksshd 35 +%else 36 %{__make} init DESTDIR="%{buildroot}" \ 37 INITRDDIR="%{_initrddir}" 38 +%endif 39 40 %clean 41 %{__rm} -rf "%{buildroot}" 42 @@ -61,6 +74,10 @@ 43 /sbin/chkconfig --add blocksshd 44 45 %changelog 46 +* Mon Jan 21 2008 Carsten Schoene <cs@linux-administrator.com> 47 +- adapted spec to SuSE distributions 48 +- added SuSE init script and configuration patch 49 + 50 * Thu Apr 12 2007 James Turnbull <james@lovedthanlost.net> 1.1-1 51 - Added -p to spec file 52 - Changed download source from dl to download 53
[-] [+]	Added	blocksshd-suse-config.diff ^
@@ -0,0 +1,30 @@ +--- blocksshd-1.1/blocksshd.conf.orig 2008-01-21 16:58:44.000000000 +0100 ++++ blocksshd-1.1/blocksshd.conf 2008-01-21 16:59:18.000000000 +0100 +@@ -3,22 +3,22 @@ + $cfg = { + os => 'linux', # Target OS - either linux or bsd + chain => 'blocksshd', # Name of iptables or pf chain +- logfile => '/var/log/secure', # Log file to monitor ++ logfile => '/var/log/messages', # Log file to monitor + logcheck => '10', # How often to check the log file + max_attempts => '4', # Max number of failures + timeout => '360', # Reset IP count if no activity after time out in seconds + unblock => '1', # Enable unblocking + unblock_timeout => '43200', # Time in seconds after which to unblock a blocked IP address + restore_blocked => '0', # Turn on checking for previously blocked IPs +- log_ips => '/usr/local/etc/blocksshd.list', # Log file for blocked IPs ++ log_ips => '/var/log/blocksshd.list', # Log file for blocked IPs + pid_file => '/var/run/blocksshd.pid', # Location of PID file + send_email => '1', # Enable the sending of email notifications + email => 'root', # Email address to send notifications +- mail => '/bin/mail', # Location of mail binary ++ mail => '/usr/bin/mail', # Location of mail binary + email_whois_lookup => '1', # enable whois lookup of the blocked ip addres in the sent email + whois => '/usr/bin/whois', # location of the whois binary +- sed => '/bin/sed', # location of the sed binary +- iptables => '/sbin/iptables', # Location of iptables binary - only for Linux ++ sed => '/usr/bin/sed', # location of the sed binary ++ iptables => '/usr/sbin/iptables', # Location of iptables binary - only for Linux + pfctl => '/sbin/pfctl', # Location of pfctl binary - only for BSD + whitelist => [qw{ + 127.0.0.1/32
[-] [+]	Added	blocksshd-suse.init ^
@@ -0,0 +1,71 @@ +#!/bin/bash +# Copyright (c) 1995-2002 SUSE Linux AG, Nuernberg, Germany. +# All rights reserved. +# +# Author: Stanislav Brabec, feedback to http://www.suse.de/feedback +# +### BEGIN INIT INFO +# Provides: blocksshd +# Required-Start: $network +# Should-Start: $network +# Required-Stop: +# Should-Stop: $network +# Default-Start: 3 5 +# Default-Stop: +# Short-Description: blocksshd +# Description: BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. +### END INIT INFO + +BLOCKSSHD_BIN=/usr/bin/blocksshd +test -x $BLOCKSSHD_BIN \|\| { echo "$BLOCKSSHD_BIN not installed"; + if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } + +# Read config +. $BLOCKSSHD_CONFIG + +. /etc/rc.status +rc_reset + +case "$1" in + start) + echo -n "Starting blocksshd daemon" + startproc $BLOCKSSHD_BIN --start + rc_status -v + ;; + stop) + echo -n "Shutting down blocksshd daemon" + $BLOCKSSHD_BIN --stop + rc_status -v + ;; + try-restart) + $0 status >/dev/null && $0 restart + rc_status + ;; + restart) + $0 stop + $0 start + rc_status + ;; + force-reload) + echo -n "Reload service blocksshd" + checkproc $BLOCKSSHD_BIN + rc_status -v + ;; + reload) + rc_status -v + ;; + status) + echo -n "Checking for blocksshd: " + checkproc $BLOCKSSHD_BIN + rc_status -v + ;; + probe) + ;; + *) + echo "Usage: $0 {start\|stop\|status\|try-restart\|\ +restart\|force-reload\|reload\|probe}" + exit 1 + ;; +esac +rc_exit +