From 4d14e01c684807d9ef71f62037b1f1232f298de0 Mon Sep 17 00:00:00 2001 From: Alexey Khromov Date: Sat, 19 Apr 2025 07:52:33 +0300 Subject: [PATCH] Added fail2ban filters, fx package naming, ver up --- .gitea/workflows/alt.yaml | 6 +- .gitea/workflows/arch.yaml | 4 +- .gitea/workflows/debpkg.yaml | 2 +- CHANGES | 5 ++ INSTALL | 33 +++++++++- INSTALL.ru | 77 +++++++++++++++--------- contrib/fail2ban/filter.d/bforce.conf | 25 ++++++++ contrib/fail2ban/jail.d/bforce_jail.conf | 8 +++ debian/changelog | 6 ++ rpm/bforce.spec | 4 +- source/.version | 2 +- source/Makefile.in | 2 + 12 files changed, 137 insertions(+), 37 deletions(-) create mode 100644 contrib/fail2ban/filter.d/bforce.conf create mode 100644 contrib/fail2ban/jail.d/bforce_jail.conf diff --git a/.gitea/workflows/alt.yaml b/.gitea/workflows/alt.yaml index de4b5e5..51d95f2 100644 --- a/.gitea/workflows/alt.yaml +++ b/.gitea/workflows/alt.yaml @@ -16,8 +16,8 @@ jobs: - name: Checking environment continue-on-error: true run: printenv - ## - name: Installing prerequisites - update apt - ## run: apt-get update + - name: Installing prerequisites - update apt + run: apt-get update ## - name: Installing prerequisites - install nodejs for actions & git ## run: apt-get install -y git nodejs su ## - name: Installing build environment @@ -54,7 +54,7 @@ jobs: su - builder -c 'rpmbuild -bb /builder/bforce.spec --define "_topdir /builder/rpmbuild"' - name: Constructing artifact name and version run: | - echo "BFORCE_VERLONG=$(cat ${{ env.GITHUB_WORKSPACE }}/source/.version)-$(date +%Y%M%d)" >> $GITHUB_ENV + echo "BFORCE_VERLONG=$(cat ${{ env.GITHUB_WORKSPACE }}/source/.version)-$(date +%Y%m%d)" >> $GITHUB_ENV - name: Retrieving artifact files run: mkdir bforce && cp /builder/rpmbuild/RPMS/x86_64/bforce-*.rpm bforce - name: Try to upload artifacts bin diff --git a/.gitea/workflows/arch.yaml b/.gitea/workflows/arch.yaml index 8445801..d7a661b 100644 --- a/.gitea/workflows/arch.yaml +++ b/.gitea/workflows/arch.yaml @@ -32,7 +32,7 @@ jobs: su - builder -c "ls -la" - name: Constructing artifact name and version run: | - echo "BFORCE_VER=$(cat /builder/src/bforce/source/.version)-$(date +%Y%M%d)" >> $GITHUB_ENV + echo "BFORCE_VER=$(cat /builder/src/bforce/source/.version)-$(date +%Y%m%d)" >> $GITHUB_ENV - name: Retrieving artifact files run: mkdir bforce && cp /builder/bforce-*.pkg.tar.zst bforce - name: Try to upload artifacts @@ -59,7 +59,7 @@ jobs: uses: actions/checkout@v3 - name: Constructing artifact name and version run: | - echo "BFORCE_VER=$(cat ${{ github.workspace }}/source/.version)-$(date +%Y%M%d)" >> $GITHUB_ENV + echo "BFORCE_VER=$(cat ${{ github.workspace }}/source/.version)-$(date +%Y%m%d)" >> $GITHUB_ENV - uses: actions/download-artifact@v3 with: name: bforce-${{ env.BFORCE_VER }}-Arch diff --git a/.gitea/workflows/debpkg.yaml b/.gitea/workflows/debpkg.yaml index 72bd633..395636d 100644 --- a/.gitea/workflows/debpkg.yaml +++ b/.gitea/workflows/debpkg.yaml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@v4 - name: Getting version info run: | - echo "BFORCE_VER=$(cat ${{ env.GITHUB_WORKSPACE }}/source/.version)-$(date +%Y%M%d)" >> $GITHUB_ENV + echo "BFORCE_VER=$(cat ${{ env.GITHUB_WORKSPACE }}/source/.version)-$(date +%Y%m%d)" >> $GITHUB_ENV - name: Building package continue-on-error: false run: | diff --git a/CHANGES b/CHANGES index 34770b2..0473730 100644 --- a/CHANGES +++ b/CHANGES @@ -279,3 +279,8 @@ Alexey Khromov (zx@zxalexis.ru) + Fixed binkp stuck on overrides in config + ReDebianized + Added CI automation: builds for Archlinux and Ubuntu + +0.26.2 + + Added tests with socat and integrate it with CI + + Fixed some minor lint errors by PVS-Studio + + Fixed RPM spec-file to make builds for AltLinux diff --git a/INSTALL b/INSTALL index dc7bfc1..9bd9664 100644 --- a/INSTALL +++ b/INSTALL @@ -1,4 +1,35 @@ -Basic Installation +Prerequisites +==================== + +C compiler (GCC in linux and clang in BSD will work well) +make +yacc or it's GNU's recreation named bison +Tcl optional for a couple of scripts + +Installing with packages += + +Debian-based systesms (Debian, *buntu, Mint, Astra) +==================== + +Install build system for packaging: + +apt install build-essential fakeroot devscripts debhelper pkg-config +apt install bison tcl + +Use debuild to make deb-s: + +cd /debian +debuild -us -uc -b + +RPM-based systems (RHEL, CentOS, Altlinux, SimplyLinux, RedOS) +===================== + +mkdir -p ./rpmbuild/{RPMS,BUILD} +rpmbuild -bb /rpm/bforce.spec --define "_topdir $( pwd )/rpmbuild" --define "_builddir /source" + + +Manual Installation ================== These are generic installation instructions. diff --git a/INSTALL.ru b/INSTALL.ru index a697fd5..b7f178c 100644 --- a/INSTALL.ru +++ b/INSTALL.ru @@ -3,21 +3,42 @@ В данном документе приняты следующие обозначения: - - путь, куда вы распаковали тарболл с исходными - текстами bforce 0.xx (далее bforce) + - путь, куда вы распаковали тарболл с исходными текстами +bforce 0.xx (далее bforce) Тарболл - файл с расширением tar.gz, или tar.bz2 - Требования к системе ==================== -Для компиляции bforce вам потребуется компилятор (для -gnu/bsd-систем gcc), так же GNU make (make для линукс, -gmake для bsd). +Для компиляции bforce вам потребуется компилятор с языка С, +так же GNU make (make для линукс, gmake для bsd) и yacc (в linux - +bison). Опционально - tcl -Обратитесь к документации по вашей системе того, что бы -узнать как установить вышеперечисленное программное обеспечение. +Создание пакета += +Debian-based системы (Debian, *buntu, Mint, Astra) +==================== + +Установка программ и набора скриптов для сборки пакетов: + +apt install build-essential fakeroot devscripts debhelper pkg-config +apt install bison tcl + +Для создания пакета из скачанных исходников достаточно воспользоваться +командой debuild: + +cd /debian +debuild -us -uc -b + +RPM-based системы (RHEL, CentOS, Altlinux, SimplyLinux, RedOS) +===================== + +mkdir -p ./rpmbuild/{RPMS,BUILD} +rpmbuild -bb /rpm/bforce.spec --define "_topdir $( pwd )/rpmbuild" --define "_builddir /source" + +Установка вручную += Процесс компиляции ================== @@ -160,29 +181,29 @@ ifc 60179/tcp # fidonet EMSI over TCP ====================== Дополнительные утилиты для bforce находятся в /contrib: -bflan - bforce log analyzer -callout.sh - скрипт для отзвонки на аплинков -outman - скрипт outman -timesync.tcl - скрипт для синхорнизации времени с узлами ftn. -init.d/bforce - init-скрипт для RedHat -bfha - bforce history analyzer (bfha) -bfha/README - bfha README -bfha/bfha.pl - собственно, bfha +bflan - bforce log analyzer +callout.sh - скрипт для отзвонки на аплинков +outman - скрипт outman +timesync.tcl - скрипт для синхорнизации времени с узлами ftn. +init.d/bforce - init-скрипт для RedHat +bfha - bforce history analyzer (bfha) +bfha/README - bfha README +bfha/bfha.pl - собственно, bfha legacy-part.conf - файл для донастройки прав на /run/lock в systemd -u-srif - продвинутый freq-процессор +u-srif - продвинутый freq-процессор u-srif/u-srif-index.py \ с поддержой отчетов, u-srif/u-srif-lookup.py \ ограничений, -u-srif/u-srif.py \ индексации файловой базы, -u-srif/conf \ что значительно ускоряет +u-srif/u-srif.py \ индексации файловой базы, +u-srif/conf \ что значительно ускоряет u-srif/conf/report.footer \ работу. u-srif/conf/report.header \ Написан на python. -u-srif/conf/u-srif.aliases \ -------------------- -u-srif/conf/u-srif.conf \ ------------------- -u-srif/conf/u-srif.dirs \ ------------------ -u-srif/lib / ------------------ -u-srif/lib/uconfig.py / ------------------- -u-srif/lib/udbase.py / -------------------- -u-srif/lib/ufido.py / --------------------- +u-srif/conf/u-srif.aliases \ -------------------- +u-srif/conf/u-srif.conf \ ------------------- +u-srif/conf/u-srif.dirs \ ------------------ +u-srif/lib / ------------------ +u-srif/lib/uconfig.py / ------------------- +u-srif/lib/udbase.py / -------------------- +u-srif/lib/ufido.py / --------------------- u-srif/lib/unodestat.py / ---------------------- -u-srif/lib/utmpl.py / ----------------------- -u-srif/lib/uutil.py / ------------------------ +u-srif/lib/utmpl.py / ----------------------- +u-srif/lib/uutil.py / ------------------------ diff --git a/contrib/fail2ban/filter.d/bforce.conf b/contrib/fail2ban/filter.d/bforce.conf new file mode 100644 index 0000000..dfeaf5c --- /dev/null +++ b/contrib/fail2ban/filter.d/bforce.conf @@ -0,0 +1,25 @@ +# Fail2Ban filter for bforce bf-log.tcpip log file +# Detecting unauthorized access +# Typically logged in /var/log/bforce/bf-debug + +# Apr 10 17:34:20 [944134] TCP/IP connect from 72.138.46.4 on port 5590 +# Apr 10 17:34:21 [944134] Session ended up, rc=21, inetd=1 +# Apr 10 17:34:21 [944134] session rc = 21 ("Cannot handshake with remote") +# Apr 10 17:34:21 [944135] Answering TCPIP call... +# Apr 10 17:34:21 [944135] TCP/IP connect from 72.138.46.4 on port 7714 +# Apr 10 17:34:21 [944135] Session ended up, rc=21, inetd=1 +# Apr 10 17:34:21 [944135] session rc = 21 ("Cannot handshake with remote") + +[INCLUDES] + +# Read common prefixes. If any customizations available -- read them from +# common.local +before = common.conf + +[Init] +maxlines = 5 + +[Definition] +prefregex = \[\d+\] TCP/IP connect from on port \d+$ +failregex = session rc \= 21 +ignoreregex = diff --git a/contrib/fail2ban/jail.d/bforce_jail.conf b/contrib/fail2ban/jail.d/bforce_jail.conf new file mode 100644 index 0000000..35c7ad7 --- /dev/null +++ b/contrib/fail2ban/jail.d/bforce_jail.conf @@ -0,0 +1,8 @@ +[bforce] +enabled = true +port = 24554,60179 +filter = bforce +logpath = /opt/fidonms/logs/bf-log.tcpip +maxretry = 5 +findtime = 60 +bantime = 600 \ No newline at end of file diff --git a/debian/changelog b/debian/changelog index 5c0cb06..a1c82a2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +bforce (0.26.2) UNRELEASED; urgency=medium + + * Added tests to CI actions + + -- Alexey Khromov Sat, 19 Apr 2025 07:43:54 +0300 + bforce (0.26.1) UNRELEASED; urgency=medium * Fixed for ubuntu/debian builds and CI actions diff --git a/rpm/bforce.spec b/rpm/bforce.spec index 0f438da..e8bf0b8 100644 --- a/rpm/bforce.spec +++ b/rpm/bforce.spec @@ -1,6 +1,6 @@ Summary: Bforce, Fidonet mailer Name: bforce -Version: 0.26.1 +Version: 0.26.2 Release: %{_vendor}.1 Copyright: GPL Group: Fidonet/mailer @@ -31,6 +31,7 @@ mkdir -p $RPM_BUILD_ROOT/etc/bforce mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/sbin mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1 +mkdir -p $PRM_BUILD_ROOT/usr/lib/systemd/system/ mkdir -p $RPM_BUILD_ROOT/var/log/bforce mkdir -p $RPM_BUILD_ROOT/var/spool/fido/bt/pin mkdir -p $RPM_BUILD_ROOT/var/spool/fido/bt/in @@ -49,6 +50,7 @@ install %{_builddir}/%{name}/examples/bforce.subst $RPM_BUILD_ROOT/etc/bforce/bf install %{_builddir}/%{name}/examples/freq.aliases $RPM_BUILD_ROOT/etc/bforce/freq.aliases.sample install %{_builddir}/%{name}/examples/freq.dirs $RPM_BUILD_ROOT/etc/bforce/freq.dirs.sample install %{_builddir}/%{name}/contrib/outman $RPM_BUILD_ROOT/usr/bin/outman +install %{_builddir}/%{name}/contrib/systemd/bforce.service $RPM_BUILD_ROOT/usr/lib/systemd/system/bforce.service cp %{_builddir}/%{name}/man/*.1 $RPM_BUILD_ROOT/usr/share/man/man1/ cp %{_builddir}/%{name}/{README.md,CHANGES,COPYING,INSTALL,INSTALL.ru,SYSLOG,TODO} $RPM_BUILD_ROOT/$RPM_DOC_DIR/$RPM_PACKAGE_NAME-$RPM_PACKAGE_VERSION/ diff --git a/source/.version b/source/.version index 30f6cf8..894542a 100644 --- a/source/.version +++ b/source/.version @@ -1 +1 @@ -0.26.1 +0.26.2 diff --git a/source/Makefile.in b/source/Makefile.in index 807a8ec..7906a8e 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -29,6 +29,7 @@ BINDIR = @bindir@ LOGDIR = @LOGDIR@ SPOOLDIR = @SPOOLDIR@ MANDIR = /usr/share/man/man1 +SYSTEMDDIR = /var/lib/systemd/system DAEMON_LOGFILE = $(LOGDIR)/bf-daemon BFORCE_LOGFILE = $(LOGDIR)/bf-log @@ -208,6 +209,7 @@ install-man: install-contrib: $(INSTALL_PROGRAM) -o $(OWNER) -g $(GROUP) $(CONTRIBDIR)/outman $(BINDIR)/outman + $(INSTALL_DATA) -o $(OWNER) -g $(GROUP) $(CONTRIBDIR)/systemd/bforce.service $(SYSTEMDDIR)/bforce.service @echo "Please, edit $(BINDIR)/outman" install: install-bin install-config install-man