This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes

Bug 210424

Summary: Review Request: fail2ban - scan log files and ban IPs with too many password failures
Product: [Fedora] Fedora Reporter: Walter Cervini <wcervini>
Component: Package ReviewAssignee: Mamoru TASAKA <mtasaka>
Status: CLOSED DUPLICATE QA Contact: Fedora Package Reviews List <fedora-package-review>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: axel.thimm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-24 07:07:34 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 201449    

Description Walter Cervini 2006-10-11 19:23:43 EDT
Spec URL:
Description: Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. These rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.
This is my first Packages.
I'm looking for a Sponsor
Comment 1 Mamoru TASAKA 2006-11-12 09:25:55 EST
Interestig package, however, I have to say that there 
are not a few issues to be fixed before accepting this 

Please read and be familliar with the following URL.

Especially, please use 'rpmlint' (this is in Fedora Extras 
and Maintained by  Ville Skyttä) to check if your package 
got shaped to Fedora Extras packaging criteria.

For this package, you also have to read the following:

Not a full review, however:

For srpm, rpmlint complains about the following.
E: fail2ban no-changelogname-tag
W: fail2ban strange-permission fail2ban.spec 0444
W: fail2ban hardcoded-packager-tag Walter
W: fail2ban prereq-use /sbin/chkconfig /sbin/service

* Add changelog
* Change the permission of spec file to 0644.
* Don't write 'Packager'. This should be written in Changelog.
* Don't use Prereq. The correct usage of requirements are in .

* Don't use hardcoded dist tag to release number.
* pyo bytecompiled python binary are not ghosted any longer
  because of SELinux issue.
* Use 'cp -p' or 'install -p' to keep timestamps.
* BuildRoot is not the format recommended by Fedora Extras.

B. For binary rpm, rpmlint complains as following.
E: fail2ban no-changelogname-tag
E: fail2ban only-non-binary-in-usr-lib
W: fail2ban service-default-enabled /etc/rc.d/init.d/fail2ban
E: fail2ban subsys-not-used /etc/rc.d/init.d/fail2ban

* No binary files are installed in /usr/lib, which is generally
  regarded as wrong. Consider to move all the files in %{_libdir}
  to %{_datadir}
  NOTE: /usr/bin/fail2ban has a hardcoded directory setting of
  /usr/lib/fail2ban and your spec file says some files should be
  installed under %{_libdir}/%{name}. This is anyway incorrect
  because for x86_64 system, %{_libdir} is /usr/lib64.
* This package enables fail2ban daemon when installed by default
  (see init script), which is usually unwilling. Check if this
  is the expected behavior (usually it is not).
* fail2ban init script does not use subsys lock file (for this
  package, this is usually /var/lock/subsys/fail2ban). Rewrite
  the init script to use subsys file.
  (Usually this is done correctly by using 'daemon' function
  in /etc/rc.d/init.d/function. Init scripts in other rpms are 
  good examples.)
Comment 2 Mamoru TASAKA 2006-11-20 11:29:59 EST
Comment 3 Mamoru TASAKA 2006-12-02 09:05:03 EST
Again ping?
Comment 4 Mamoru TASAKA 2006-12-12 07:47:57 EST
Well, again ping?

I will close this bug as NOTABUG if I cannot receive 
any response within one week according to
Comment 5 Ville Skyttä 2006-12-12 11:49:45 EST
Note also
Comment 6 Mamoru TASAKA 2006-12-22 02:02:38 EST
I will wait 2 days before closing this bug
Comment 7 Mamoru TASAKA 2006-12-24 07:07:34 EST
I regard this bug as stalled review.

I mark this bug as NOTABUG and make this bug block FE-DEADREVIEW.
Comment 8 Axel Thimm 2006-12-25 05:55:59 EST
Mamoru, do you want to continue on this package as a new submitter? I would
review it if you like to.
Comment 9 Mamoru TASAKA 2006-12-25 06:04:55 EST
(In reply to comment #8)
> Mamoru, do you want to continue on this package as a new submitter? I would
> review it if you like to.

No, I don't.....
Comment 10 Axel Thimm 2006-12-25 07:03:48 EST
I took a look at the package submitted in comment 0. This is just the upstream
provided package with the changelog trimmed and the Packager field replaced,
this isn't quite what it considered packaging for Fedora. ;)

I'll submit a new package, then - Mamoru, hope you haven't lost your patience on
fail2ban and will be willing to review :)
Comment 11 Mamoru TASAKA 2006-12-25 07:33:29 EST
(In reply to comment #10)
> I'll submit a new package, then - Mamoru, hope 
> you haven't lost your patience on
> fail2ban and will be willing to review :)

Well, when you submit a new package, I will review your
Comment 12 Axel Thimm 2006-12-26 19:06:15 EST
Thanks Mamoru, the new package is under bug #220789
Comment 13 Mamoru TASAKA 2006-12-26 19:24:37 EST

*** This bug has been marked as a duplicate of 220789 ***