Bug 210424 - Review Request: fail2ban - scan log files and ban IPs with too many password failures
Summary: Review Request: fail2ban - scan log files and ban IPs with too many password ...
Keywords:
Status: CLOSED DUPLICATE of bug 220789
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mamoru TASAKA
QA Contact: Fedora Package Reviews List
URL: http://fail2ban.sourceforge.net/
Whiteboard:
Depends On:
Blocks: FE-DEADREVIEW
TreeView+ depends on / blocked
 
Reported: 2006-10-11 23:23 UTC by Walter Cervini
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-12-24 12:07:34 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Walter Cervini 2006-10-11 23:23:43 UTC
Spec URL: http://www.softwarelibre777.com/volp/fail2ba.spec
SRPM URL: http://www.softwarelibre777.com/volp/fail2ban-0.6.1-2.fc5.src.rpm
Description: Fail2Ban scans log files like /var/log/pwdfail and bans IP
that makes too many password failures. It updates firewall
rules to reject the IP address. These rules can be defined by
the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones.
This is my first Packages.
I'm looking for a Sponsor

Comment 1 Mamoru TASAKA 2006-11-12 14:25:55 UTC
Interestig package, however, I have to say that there 
are not a few issues to be fixed before accepting this 
package.

Please read and be familliar with the following URL.

http://fedoraproject.org/wiki/Packaging/Guidelines
http://fedoraproject.org/wiki/Packaging/ReviewGuidelines

Especially, please use 'rpmlint' (this is in Fedora Extras 
and Maintained by  Ville Skyttä) to check if your package 
got shaped to Fedora Extras packaging criteria.

For this package, you also have to read the following:
http://fedoraproject.org/wiki/Packaging/ScriptletSnippets
http://fedoraproject.org/wiki/Packaging/Python

Not a full review, however:

A.
For srpm, rpmlint complains about the following.
E: fail2ban no-changelogname-tag
W: fail2ban strange-permission fail2ban.spec 0444
W: fail2ban hardcoded-packager-tag Walter
W: fail2ban prereq-use /sbin/chkconfig /sbin/service

* Add changelog
* Change the permission of spec file to 0644.
* Don't write 'Packager'. This should be written in Changelog.
* Don't use Prereq. The correct usage of requirements are in
  http://fedoraproject.org/wiki/Packaging/ScriptletSnippets .

Also:
* Don't use hardcoded dist tag to release number.
* pyo bytecompiled python binary are not ghosted any longer
  because of SELinux issue.
* Use 'cp -p' or 'install -p' to keep timestamps.
* BuildRoot is not the format recommended by Fedora Extras.

B. For binary rpm, rpmlint complains as following.
E: fail2ban no-changelogname-tag
E: fail2ban only-non-binary-in-usr-lib
W: fail2ban service-default-enabled /etc/rc.d/init.d/fail2ban
E: fail2ban subsys-not-used /etc/rc.d/init.d/fail2ban

* No binary files are installed in /usr/lib, which is generally
  regarded as wrong. Consider to move all the files in %{_libdir}
  to %{_datadir}
  NOTE: /usr/bin/fail2ban has a hardcoded directory setting of
  /usr/lib/fail2ban and your spec file says some files should be
  installed under %{_libdir}/%{name}. This is anyway incorrect
  because for x86_64 system, %{_libdir} is /usr/lib64.
* This package enables fail2ban daemon when installed by default
  (see init script), which is usually unwilling. Check if this
  is the expected behavior (usually it is not).
* fail2ban init script does not use subsys lock file (for this
  package, this is usually /var/lock/subsys/fail2ban). Rewrite
  the init script to use subsys file.
  (Usually this is done correctly by using 'daemon' function
  in /etc/rc.d/init.d/function. Init scripts in other rpms are 
  good examples.)

Comment 2 Mamoru TASAKA 2006-11-20 16:29:59 UTC
ping?

Comment 3 Mamoru TASAKA 2006-12-02 14:05:03 UTC
Again ping?

Comment 4 Mamoru TASAKA 2006-12-12 12:47:57 UTC
Well, again ping?

I will close this bug as NOTABUG if I cannot receive 
any response within one week according to

http://fedoraproject.org/wiki/Extras/Policy/StalledReviews

Comment 5 Ville Skyttä 2006-12-12 16:49:45 UTC
Note also http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6302

Comment 6 Mamoru TASAKA 2006-12-22 07:02:38 UTC
I will wait 2 days before closing this bug
as NOTABUG.

Comment 7 Mamoru TASAKA 2006-12-24 12:07:34 UTC
I regard this bug as stalled review.

I mark this bug as NOTABUG and make this bug block FE-DEADREVIEW.

Comment 8 Axel Thimm 2006-12-25 10:55:59 UTC
Mamoru, do you want to continue on this package as a new submitter? I would
review it if you like to.

Comment 9 Mamoru TASAKA 2006-12-25 11:04:55 UTC
(In reply to comment #8)
> Mamoru, do you want to continue on this package as a new submitter? I would
> review it if you like to.

No, I don't.....

Comment 10 Axel Thimm 2006-12-25 12:03:48 UTC
I took a look at the package submitted in comment 0. This is just the upstream
provided package with the changelog trimmed and the Packager field replaced,
this isn't quite what it considered packaging for Fedora. ;)

I'll submit a new package, then - Mamoru, hope you haven't lost your patience on
fail2ban and will be willing to review :)

Comment 11 Mamoru TASAKA 2006-12-25 12:33:29 UTC
(In reply to comment #10)
> I'll submit a new package, then - Mamoru, hope 
> you haven't lost your patience on
> fail2ban and will be willing to review :)

Well, when you submit a new package, I will review your
package.

Comment 12 Axel Thimm 2006-12-27 00:06:15 UTC
Thanks Mamoru, the new package is under bug #220789


Comment 13 Mamoru TASAKA 2006-12-27 00:24:37 UTC

*** This bug has been marked as a duplicate of 220789 ***


Note You need to log in before you can comment on or make changes to this bug.