initial commit of file from CVS for denyhosts on Thu Oct 9 12:15:22 AEDT 2025

2025-10-09 12:15:22 +11:00
parent eddc911252
commit 9d55d63a34
11 changed files with 514 additions and 1 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.tar.gz filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.rpm
+*.log
+*spec-20*
--- a/21
+++ b/21
@@ -0,0 +1,21 @@
+# Makefile for source rpm: denyhosts
+# $Id: Makefile,v 1.1 2021/03/14 22:30:08 jpp Exp $
+NAME := denyhosts
+SPECFILE = $(firstword $(wildcard *.spec))
+
+define find-makefile-common
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+endef
+
+MAKEFILE_COMMON := $(shell $(find-makefile-common))
+
+ifeq ($(MAKEFILE_COMMON),)
+# attept a checkout
+define checkout-makefile-common
+test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
+endef
+
+MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
+endif
+
+include $(MAKEFILE_COMMON)
--- a/README.md
+++ b/README.md
@@ -1,3 +1,9 @@
 # denyhosts

 3rd Party (Maintained by Koozali) git repo for denyhosts smecontribs
+
+## Description
+
+<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
+*Once it has been checked, then this comment will be deleted*
+<br />
--- a/1
+++ b/1
@@ -0,0 +1 @@
+contribs10
--- a/denyhosts-3.1.tar.gz
+++ b/denyhosts-3.1.tar.gz
--- a/97
+++ b/97
@@ -0,0 +1,97 @@
+#!/usr/bin/python
+# This program help sysadmin to reenable a hosts blocked by denyhosts.
+#
+# dh_reenable (c) 2008 Marco Bertorello <marco@bertorello.ns0.it> and is
+# free software. You can use, modify and redistribute it under terms of
+# GNU General Public License version 2 or later, as you whish, as published by
+# Free Software Foundation.
+#
+# You can get a full copy of license here:
+#
+# http://www.gnu.org/licenses/gpl-2.0.txt
+#
+# and
+#
+# http://www.gnu.org/licenses/gpl-3.0.txt
+
+
+from __future__ import with_statement
+import os
+import sys
+import fileinput
+import re
+
+# file definition:
+
+HOSTSFILE='/var/lib/denyhosts/hosts'
+HOSTRESTFILE='/var/lib/denyhosts/hosts-restricted'
+HOSTROOTFILE='/var/lib/denyhosts/hosts-root'
+HOSTVALIDFILE='/var/lib/denyhosts/hosts-valid'
+HOSTSDENY='/etc/hosts.deny'
+#TEST='/etc/hosts.deny.tmp'
+CONFIGFILE='/etc/denyhosts.conf'
+
+# Parse the configuration file for the location of the HOSTS_DENY file.
+# If it exists, overwrite the hard-coded value for HOSTSDENY from the
+# top of the file.
+if os.path.isfile(CONFIGFILE):
+    with open(CONFIGFILE) as file:
+	for line in file:
+	    result = re.search('^(HOSTS_DENY\s*=\s*)(.*)', line)
+	    if result != None:
+		HOSTSDENY = result.group(2)
+
+def usage():
+	 print "Usage:"
+         print sys.argv[0]+"     --help: Show this help"
+         print sys.argv[0]+"       <IP>: check if the ip address was denied and reenable it"
+         print sys.argv[0]+" <HOSTNAME>: check if the hostname was denied and reenable it"
+
+try:
+	host=sys.argv[1]
+except:
+	print sys.argv[0]+" need a hostname or a ip address input. See --help."
+	sys.exit(1)
+
+if host == "--help":
+        usage()
+        sys.exit(1)
+
+def search(file_txt,host):
+	for lines in fileinput.FileInput(file_txt, inplace=1): 	
+	 	lines = lines.strip()
+	 	if lines.find(host) != -1: 
+			continue
+		else:
+	 		print lines
+
+
+try:
+	search(HOSTSFILE,host)
+except:
+	print "Problem parsing file "+HOSTSFILE
+	sys.exit(1)
+try:
+	search(HOSTRESTFILE,host)
+except:
+	print "Problem parsing file "+HOSTRESTFILE
+	sys.exit(1)
+try:
+	search(HOSTROOTFILE,host)
+except:
+        print "Problem parsing file "+HOSTROOTFILE
+	sys.exit(1)
+try:
+	search(HOSTVALIDFILE,host)
+except:
+        print "Problem parsing file "+HOSTVALIDFILE
+	sys.exit(1)
+try:
+	search(HOSTSDENY,host)
+except:
+        print "Problem parsing file "+HOSTSDENY
+	sys.exit(1)
+
+print "Done!"
+print "Please restart denyhosts"
+
--- a/denyhosts.README
+++ b/denyhosts.README
@@ -0,0 +1,14 @@
+dh_reenable script (thanks to Marco Bertorello)
+===============================================
+
+openSUSE version of denyhosts come with a script, stored in 
+
+/usr/sbin/dh_reenable
+
+that aim to be a support for sysadmin thats has to easly re-enable
+some hosts that are blocked by denyhosts.
+
+/usr/sbin/dh_reenable --help 
+
+give a short guide for usage.
+
--- a/denyhosts.init
+++ b/denyhosts.init
@@ -0,0 +1,106 @@
+#! /bin/sh
+#
+#     This library is free software; you can redistribute it and/or modify it
+#     under the terms of the GNU Lesser General Public License as published by
+#     the Free Software Foundation; either version 2.1 of the License, or (at
+#     your option) any later version.
+#
+#     This library is distributed in the hope that it will be useful, but
+#     WITHOUT ANY WARRANTY; without even the implied warranty of
+#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#     Lesser General Public License for more details.
+#
+#     You should have received a copy of the GNU Lesser General Public
+#     License along with this library; if not, write to the Free Software
+#     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
+#     USA.
+#
+# /etc/init.d/denyhosts
+#   and its symbolic link
+# /usr/sbin/rcdenyhosts
+#
+# LSB compatible service control script; see http://www.linuxbase.org/spec/
+#
+### BEGIN INIT INFO
+# Provides:          denyhosts
+# Required-Start:    $syslog $local_fs $network $remote_fs
+# Should-Start:      sshd
+# Required-Stop:     $syslog $local_fs $network $remote_fs
+# Should-Stop:       sshd
+# Default-Start:     3 5
+# Default-Stop:      0 1 2 6
+# Short-Description: denyhosts daemon to block ssh attempts
+# Description:       DenyHosts is a python program that automatically blocks ssh
+#	attacks by adding entries to /etc/hosts.deny. 
+### END INIT INFO
+
+
+# Check for missing binaries
+DAEMON=/usr/sbin/denyhosts
+test -x $DAEMON || { echo "$DAEMON not installed"; 
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 5; fi; }
+
+CONFIG=/etc/denyhosts.conf
+test -r $CONFIG || { echo "$CONFIG not existing";
+	if [ "$1" = "stop" ]; then exit 0;
+	else exit 6; fi; }
+
+FLAGS="--daemon --purge --config=$CONFIG"
+PIDFILE=/var/run/denyhosts.pid
+
+. /etc/rc.status
+
+rc_reset
+
+case "$1" in
+    start)
+	echo -n "Starting DenyHosts "
+	/sbin/startproc -p $PIDFILE $DAEMON $FLAGS 
+	rc_status -v
+	;;
+    stop)
+	echo -n "Shutting down DenyHosts "
+	/sbin/killproc -p $PIDFILE -TERM $DAEMON
+	rc_status -v
+	;;
+    try-restart|condrestart)
+	if test "$1" = "condrestart"; then
+		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+	fi
+	$0 status
+	if test $? = 0; then
+		$0 restart
+	else
+		rc_reset # Not running is not a failure.
+	fi
+	rc_status
+	;;
+    restart)
+	$0 stop
+	$0 start
+	rc_status
+	;;
+    force-reload)
+	echo -n "Reload service DenyHosts "
+	/sbin/killproc -HUP $DAEMON
+	rc_status -v
+	$0 try-restart
+	rc_status
+	;;
+    reload)
+	echo -n "Reload service DenyHosts "
+	/sbin/killproc -HUP $DAEMON
+	rc_status -v
+	;;
+    status)
+	echo -n "Checking for service DenyHosts "
+	/sbin/checkproc $DAEMON
+	rc_status -v
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
+	exit 1
+	;;
+esac
+rc_exit
--- a/denyhosts.spec
+++ b/denyhosts.spec
@@ -0,0 +1,246 @@
+#
+# spec file for package denyhosts
+#
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+%define release 12
+%define _unitdir /usr/lib/systemd/system/
+%global with_systemd     1
+
+Name:           denyhosts
+Version:        3.1
+Release:        %{release}%{?dist}
+Summary:        Utility to help system administrators thwart brute-force ssh hackers
+License:        GPL-2.0-only
+Group:          Productivity/Networking/Security
+Url:            https://github.com/denyhosts/denyhosts
+Source:         %{name}-%{version}.tar.gz
+Source2:        denyhosts.init
+Source3:        logrotate.denyhosts
+Source4:        denyhosts-dh_reenable
+Source5:        denyhosts.README
+BuildRequires:  perl
+BuildRequires:  python-devel
+BuildRequires:	python-ipaddr
+Requires:	python-ipaddr
+Requires:       logrotate
+Requires:       python
+Requires:       rsyslog
+BuildRequires:   python-rpm-macros
+#BuildRequires:  systemd-rpm-macros
+BuildRequires:  systemd
+%{?systemd_requires}
+BuildArch:      noarch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+
+
+%description
+DenyHosts is a python program that automatically blocks ssh attacks by adding
+entries to %{_sysconfdir}/hosts.deny. DenyHosts will also inform Linux 
+administrators about offending hosts, attacked users and suspicious logins.
+
+%prep
+%setup -q
+
+%build
+export CFLAGS="%{optflags}"
+python setup.py build
+
+%install
+python setup.py install \
+	--root=%{buildroot} \
+	--prefix=%{_prefix} \
+    --install-scripts=%{_sbindir}
+
+#remove bytecode (wrong mtime)
+find %{buildroot}%{python_sitelib} -name "*.pyc" -delete
+
+# create work directory
+mkdir -p %{buildroot}%{_localstatedir}/lib/denyhosts
+# install denyhosts-reenable script
+install -D -m755 %{SOURCE4} %{buildroot}%{_sbindir}/dh_reenable
+# file containing blocked IP addresses - track it for the user 
+# ('rpm -qf /etc/blacklist' should give a hint)
+touch %{buildroot}%{_sysconfdir}/blacklist
+
+# configuration file
+sed -i "s|^#SECURE_LOG = /var/log/messages|SECURE_LOG = /var/log/messages|g; \
+		s|^SECURE_LOG = /var/log/auth.log|#SECURE_LOG = /var/log/auth.log|g; \
+		s|^IPTABLES = /sbin/iptables|IPTABLES = /usr/sbin/iptables|g;" \
+		%{buildroot}%{_sysconfdir}/denyhosts.conf
+
+# daemon-control-dist
+sed -i "s|/usr/bin/env python|%{_bindir}/python|g" %{buildroot}%{_sbindir}/daemon-control-dist
+
+# init script / systemd service
+%if %{with_systemd}
+install -D -m644 denyhosts.service %{buildroot}%{_unitdir}/denyhosts.service
+ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rcdenyhosts
+%else
+install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/init.d/denyhosts
+ln -s %{_sysconfdir}/init.d/denyhosts %{buildroot}%{_sbindir}/rcdenyhosts
+%endif
+
+# logfile handling
+install -D -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/denyhosts
+mkdir -p %{buildroot}%{_localstatedir}/log
+touch %{buildroot}%{_localstatedir}/log/denyhosts
+
+# move the main app
+mv %{buildroot}%{_sbindir}/denyhosts.py %{buildroot}%{_sbindir}/denyhosts
+sed -i "s|/usr/bin/denyhosts.py|/usr/sbin/denyhosts|g"  %{buildroot}%{_unitdir}/denyhosts.service
+
+# fix wrong env-path
+pushd %{buildroot} >/dev/null
+for i in `find -name "*.py"`; do
+	sed -i "s@\!.*/bin/env.*@\!%{_bindir}/python@g" $i
+done
+popd >/dev/null
+
+# handle plugins
+mkdir -p %{buildroot}%{_datadir}/%{name}
+install -m0755 plugins/*{.sh,py} %{buildroot}%{_datadir}/%{name}
+
+# move some files to the documentation directory
+install -D -m644 %{SOURCE5} %{buildroot}%{_defaultdocdir}/%{name}/README.SUSE
+install -m0644 plugins/README.contrib %{buildroot}%{_defaultdocdir}/%{name}/
+install -m0644 *.txt  %{buildroot}%{_defaultdocdir}/%{name}/
+install -m0644 *.md   %{buildroot}%{_defaultdocdir}/%{name}/
+install -m0644 *.conf %{buildroot}%{_defaultdocdir}/%{name}/
+
+#% if %{with_systemd}
+#% pre
+#% service_add_pre %{name}.service
+#% endif
+
+#% post
+#% if %{with_systemd}
+#% service_add_post %{name}.service
+#% else
+#% {fillup_and_insserv -f denyhosts}
+#% endif
+
+#% preun
+#% if %{with_systemd}
+#% service_del_preun %{name}.service
+#% else
+#% stop_on_removal denyhosts
+#% endif
+
+#% postun
+#% if %{with_systemd}
+#% service_del_postun %{name}.service
+#% else
+#% insserv_cleanup
+#% endif
+
+
+%files
+%doc %{_defaultdocdir}/%{name}
+%if 0%{?suse_version} > 1315
+%license LICENSE.txt
+%endif
+%{_sbindir}/daemon-control-dist
+%{_sbindir}/denyhosts
+%{_sbindir}/rcdenyhosts
+%{_sbindir}/dh_reenable
+%{python_sitelib}/DenyHosts*
+%{_mandir}/man8/denyhosts.8.gz
+%dir %{_localstatedir}/lib/denyhosts
+%{_datadir}/%{name}
+%ghost %{_localstatedir}/log/denyhosts
+%ghost %config(noreplace) %{_sysconfdir}/blacklist
+%config(noreplace) %{_sysconfdir}/logrotate.d/denyhosts
+%config(noreplace) %{_sysconfdir}/denyhosts.conf
+%if %{with_systemd}
+%{_unitdir}/denyhosts.service
+%else
+%attr(755,root,root) %{_sysconfdir}/init.d/denyhosts
+%endif
+
+%changelog
+* Thu Oct 09 2025 BogusDateBot
+- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
+  by assuming the date is correct and changing the weekday.
+
+* Sun Mar 14 2021 Jean-Philippe Pialasse <tests@pialasse.com> 3.1-11.sme
+- First release for SME10 [SME: 11459]
+  imported from opensuse, reworked spec file to build it on CentOS 7 / SME 10
+- remove systemd pre post scriptlet, do not have macros, and we use SME to register service
+
+* Sat Aug 11 2018 javier@opensuse.org
+- Update to 3.1
+  + Fixes a bug when moving between Python 2 and Python 3
+    environments
+  + A new check has been added to confirm IP addresses retrieved
+    from the security log are valid
+  + DenyHosts will now (optionally) check for break-in attacks
+    against IMAP services such as Dovecot.
+  + A new dependency has been added, the Python ipaddr library
+    is now a run-time requirement
+* Mon Jul  2 2018 javier@opensuse.org
+- Fix path to binary in service file
+* Mon Mar 12 2018 lars@linux-schulserver.de
+- update to 3.0
+  + Initial translation of code from Python 2 to Python 3. DenyHosts
+    can now be run as either a Python 2 or a Python 3 program. The new
+    code has been tested with Pyhton 2.7 and Python 3.4. If you require
+    an older version of Python, please continue to use DenyHosts 2.10
+    and let us know of your requirements.
+  + Added patch from Fedora to fix initial sync issue and insure info
+    logging stream is active. (Provided by Jason Tibbitts.)
+  + Added "import logging" to denyhosts.py to avoid errors when setting
+    up logging. (See above change.)
+  + Added option PF_TABLE_FILE to the configuration file. When this option
+    is enabled it causes DenyHosts to write blocked IP addresses to a text
+    file.
+    The default location is /etc/blacklist. This text file should correspond
+    to a PF firewall table.
+  + At start-up, try to create the file specified by HOSTS_DENY. That
+    way we avoid errors later if the file does not exists. Can be a
+    problem on operating systems where /etc/hosts.deny does not exist
+    in the default configuration.
+  + Added regex pattern to detect invalid user accounts. This blocks
+    connections from remote hosts who are attempting to login with
+    accounts not found on the local system. While these connections to
+    non-existent accounts are relatively harmless, they are usually used
+    as part of a brute force attack and filtering them before they
+    reach OpenSSH is a good idea.
+  + Finally, Jan-Pascal has created a sync server for DenyHosts which
+    will allow DenyHosts services to coordinate lists of banned IP addresses.
+    The new sync server is open source (GPLv3) and can be set up on
+    private servers, networks and VPS. We plan to set up our own sync
+    server in the near future. When a sync server is created it will
+    be announced at http://denyhost.sourceforge.net/news.php
+- require rsyslog to fix the not existing systemd journal support
+  (https://github.com/denyhosts/denyhosts/issues/14) - this resolves
+  boo#960856 until upstream implemented the feature
+- use provided systemd service on newer distributions
+- use upstream configuration file instead of own one
+- removed ALL patches
+* Wed Jan  5 2011 tejas.guruswamy@opensuse.org
+- Make package noarch on > 11.2
+- Run spec-cleaner
+* Thu Apr 15 2010 lars@linux-schulserver.de
+- fix dh_reenable as mentioned in bnc #596354
+  (thanks to Patrick Shanahan for the patch!)
+* Sun Dec 28 2008 lars@linux-schulserver.de
+- added some Debian patches
+- enhanced init script
+- adapted default denyhosts.conf (which is now located in /etc)
+- added README.SuSE
+- fix some rpmlint warnings
+* Wed Dec 20 2006 lars@linux-schulserver.de
+- initial package 2.6
+  Thanks to Craig Millar for the logrotate and initial init file.
--- a/logrotate.denyhosts
+++ b/logrotate.denyhosts
@@ -0,0 +1,15 @@
+/var/log/denyhosts {
+    compress
+    create 0640 root root
+    missingok
+    dateext
+    maxage 365
+    rotate 99
+    size=+2048k
+    notifempty
+    copytruncate
+    postrotate
+		/usr/sbin/rcdenyhosts restart > /dev/null
+    endscript
+}
+
				`@@ -0,0 +1 @@`
				`*.tar.gz filter=lfs diff=lfs merge=lfs -text`