From patchwork Wed Oct 4 20:51:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 31696 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3DF3E936E6 for ; Wed, 4 Oct 2023 20:51:30 +0000 (UTC) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.107]) by mx.groups.io with SMTP id smtpd.web11.5902.1696452686020847680 for ; Wed, 04 Oct 2023 13:51:30 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@prevas.dk header.s=selector1 header.b=QZia8ccw; spf=pass (domain: prevas.dk, ip: 40.107.7.107, mailfrom: rasmus.villemoes@prevas.dk) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SNVYEVgMVPtGXmwNL4kxmXdFR2ZuXi+3OhsiwyhuGlCBDyXx7G3PufRlrkaPuwXYTgAGAaThTFzglFZAfrnSopppVljfsekVf3r+/3hSTdc8lIF+68ZFq2uKiOGDYyId/Hefmu90M3wU+8xElTlvDhjYtnGLWlqlGWRBx1iVBdMLIWVC0DnOQ1iTwZA/oRt9CnTPUKluTZR/QCaJb3mdz1ysxflOeAJXB4vJfC9FoJz80ZrKEXsQ2aMDA+kUGucJpcJKUsRFsyInSD1cOpJD+lFd9HshkKCoAFjesDcRaoGWGLNC6ET01rhweaCgIc8Am4+pi9V8BhkUEDuNmX5FfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eSbu3mmuz1Eu9InnX7zX7DYo2HP5sGSRJAbolZZlxs8=; b=ZC3d2/wOHw5vUqSW1THxZvaFFkN03saOPfOCwwuMtTTPKUu7Es/NT2S2Vg3cgl5Op+mGv96N4rchGjv35qnDbXQLykQW+9jnvOGtv12o+wTJ7lheG6IEkiV0/xYVCIvSRT/92CAsGIAycBK5sC9GRZ0HDwsDM0UwP2pIg9Vq73S/MK44FidBnGP5etWR6gCcdSm54gt/kjVNxB8u28LdjaIuLF4eXgOo4mE711tw9ZsTtl+5OZT/deL97cpzUMj9NV/j/a+hv2cHahYVR8xeL070oe1WrPND8q+i+3gCtvWtus7o843daYkcSQ6g2sOsAi4Oy2HNJHizyyx/FfhjPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.dk; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.dk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eSbu3mmuz1Eu9InnX7zX7DYo2HP5sGSRJAbolZZlxs8=; b=QZia8ccw4nj+tDu6f4gsazSKFw9sTQOyNsZTQeumCKeYXb/9tyOvtXgQXdOWu5XBS7v2o73so2YgmyLWSUdR1CQGsUXNPkyws9zkoLPFkICCQFzoD1oDbqqk7V5VBWVvcRQrCnzXqJt1HOEyais4BByKxAJ+OurATx6JTtg8XmQ= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=prevas.dk; Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) by DU0PR10MB7566.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:402::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33; Wed, 4 Oct 2023 20:51:21 +0000 Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5]) by DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5%7]) with mapi id 15.20.6838.033; Wed, 4 Oct 2023 20:51:21 +0000 From: Rasmus Villemoes To: yocto@lists.yoctoproject.org, akuster808@gmail.com CC: Rasmus Villemoes Subject: [meta-security][PATCH 1/3] fail2ban: add systemd support Date: Wed, 4 Oct 2023 22:51:09 +0200 Message-ID: <20231004205111.443943-2-rasmus.villemoes@prevas.dk> X-Mailer: git-send-email 2.40.1.1.g1c60b9335d In-Reply-To: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> References: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> X-ClientProxiedBy: MM0P280CA0019.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:a::11) To DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR10MB7100:EE_|DU0PR10MB7566:EE_ X-MS-Office365-Filtering-Correlation-Id: b12f57de-3563-4483-e5e5-08dbc51baa3d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OIt9pfKCFQEIP0L8BA4rVXm8Yq398U1iQWRzPxd8l+CzPgK1Boz6z5cCJsbs9AJZv13VLPvV+6ppB7LvSaV1BtASJ6ivHEpAGW8QeZg43EEULW3zWRBDUi1yM1oOOyBKXEOeudXQTy7wa75cxjy2jF5LsjWer8e3kfszci85JOZRW39maGudvbecbSs+oE1sLj0HzMV1NzzyS/0+RR8Ak8ba5ZeWajNH64qanKLTQ8ZqPvdVvZcp0B+wPtC40hJTU3W046TLpuiopQWgDF3pLjwvJXDf1R8CEMLCXnCiX+lJOT4V4p98RhDkADTE4OxXk98kyIBNc0TN1NRZ2iwuiXEu3OE1DrT1URCWOcq4DigFf2LN9spOnlmIyc/P3xiMXe9APRqusHzzUJZAXdrbAyqwpTiTpoBM49zBnvhcv0eoIKweYXe9cIy2LJJFXUK8ivzDSrtEgPsNZckwTI9oXZY6mud59Shj9fyZMaZDg5N4DsRjrQOIshMxrjt7KqSBUo0wlDaNb8vjRrwtltTx326lVksGVOjQMp5De2btTPJNJHM59TioCIShTNZkR2cq6VoBf+DOzsAbYod82XTK/9XT2s80h2e9tvJidb5VA/M= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(376002)(346002)(39850400004)(366004)(396003)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(26005)(2616005)(1076003)(2906002)(107886003)(38100700002)(38350700002)(8976002)(52116002)(8936002)(4326008)(8676002)(41300700001)(6512007)(478600001)(316002)(6506007)(86362001)(6486002)(5660300002)(44832011)(66946007)(66476007)(15650500001)(36756003)(83380400001)(66556008)(6666004);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: AXEu0tg29yYB1GX+I4NMV7i15U+pX8KcYdUJXXReRwLLXRu+M7V11AeqmXjzTWgQOh6LzzFOgSg3LTGJsYPLXGyxY7lP65lN4/c9hToCw+eRjx1AUC1RjbXKdut7zV55RUNMcNDzQwdi2IRNVXa1YYrZtqN2PyEauzoNQCph0gHlwuh36z0923aohZO5/kA3V+M/CCjJrqu3v7ry1geg63CMvcXvUhDKmj/4Lx0fTAJmQo71uMUP+dH89mZIBHwh9ZMkBmQTjx4y3948DmzmuA3u7KX+Ylt0eKuXgCeeuVtSyyscAVlmqDsHpGssn2tUO/EMv0t3Y43BU36VC7slgrayc2CAIh3TF3RvVN6Uzp4YvGN0c5xqw5R2u2sErFbk5mOLHBA9X4joNLZZ826Ij30thvm8lrV2gNcaL9Cyzz94trGwHX+QWQr5jzjze2+8Mm7gjmjxIP4GhplG4YAIPsD+4ZcoU/4O4dkkbn9tavJikKfDU7kF23Iwl3fUcSl1tSg/65Dqh7n9CA+cEShrTiiueUdfUpni1rfw8JwZlUSHRiQUFmM/kMTVplQpknLbcLA6qKRFkc5P306nOtAcnnZ/fJPVYKT5aqYeJIUCr7XU3KF3rBhLDU1jNsIB1Z7ngYcNWsBxn/XsddlWbUb20sa/iDbI36BrVXdDv5XZgqcK0o33/eimYPjeVRJJKSy4e59Z/w5ty8X6k05a+hQVUGcdxB/Q2GoWkLHqCiihChAh7HszrEKn+Zy+pmPm6XRGNPpHZtL/8F+9pToqBvlCRP7mjIhjhds+1gMZb/PfHK+vLLVroEHFTgTLvYPOeCdUtREVgxI+OFs/iivGM0nVy6UI9JLwgCJ9MfEoIZBic5tjwktX+QGptWlZxu2RY23R44JYxL6+8E131PJWvsLt60QdGIObtz7oiloo86WRZyXJmQ7fGgoklMivLAXSJ6mpc+jMyqS+YNtU5VPbnfEEUhdYQ3c0bB79oyzEZBRDi/7RtiTgF/aAWq52b1RwoH4lGM5QwnsH84gVhVgmgOb9epjITkxeQedkbJGhPUpmME0FdkgdAyyA4PYElKRNlRfl/iUZUSFZxGewnoBCDQwF20enT6FH0+9+QTQWOGJcMDYpBOpp20Ov6r+rC4iF2I4SDQoYW/4mrHpziAxUan/i+D5/RP5RhYxo+Ke6szCUkD+mfdPNopwNPSxSezKSbMqkFt/nNEXW/I4JnYcL5R0P1zN1XlRqxlmR8dnG8kwvwqFeB1vyOCBTwGMZOB6q7W62w1fvuA3juI45Nir6dWT0SYcuAnbOe+5Z0958DuASdsdbRDIcgPEDiAl4Irdyk+CJ2Q3YwaiO+qjWsObBoJqi75JGFxjVrYBF6AUpSTlxtzNmDTSK/vjU3O3IzDkUQ1nZoDVr2+57msDlkRf6K7ocTFHbQoGDDbdfkUgJZN7DgLoLgOYXAd1Rrq3p4z7YbCTM3IVpgQOvIxTjlFDvKWdg4qszhFLLB78c1R5NXU25kFEvfqs4NMiGj7/gydfaUoc7kAtk4+MSJRpxLI8EAeo77FQZcM8PNA3lCLVqKvE4u6DpsXnUhCjMwe5E+jje6oR/WgfkWx6JphFjmMKwp7AI2w== X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: b12f57de-3563-4483-e5e5-08dbc51baa3d X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2023 20:51:21.4761 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AOcgjgCYRixjg07/frFqht1lQuk1NVS/ZhoO0XeoUeFI+tH5qNVLoDHnExk3fcJvEDWPjPC5ACut3sBeEbRs0HRgsTRt/V0EpxdXu74GU+4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB7566 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Oct 2023 20:51:30 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61244 From: Rasmus Villemoes fail2ban ships with a suitable .service file, so install that if systemd is in DISTRO_FEATURES. The logic in rm_sysvinit_initddir in systemd.bbclass will then take care of removing the sysvinit script if sysvinit is not in DISTRO_FEATURES. Signed-off-by: Rasmus Villemoes --- .../fail2ban/python3-fail2ban_1.0.2.bb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb index 9379494..81fa00d 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb @@ -20,6 +20,9 @@ SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \ UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" inherit update-rc.d ptest setuptools3_legacy +inherit systemd + +SYSTEMD_SERVICE:${PN} = "fail2ban.service" S = "${WORKDIR}/git" @@ -38,6 +41,12 @@ do_install:append () { install -d ${D}/${sysconfdir}/fail2ban install -d ${D}/${sysconfdir}/init.d install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${B}/fail2ban.service ${D}${systemd_system_unitdir} + fi + chown -R root:root ${D}/${bindir} rm -rf ${D}/run } @@ -60,3 +69,4 @@ INSANE_SKIP:${PN}:append = "already-stripped" RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" + From patchwork Wed Oct 4 20:51:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 31697 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8BE3E936E8 for ; Wed, 4 Oct 2023 20:51:30 +0000 (UTC) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.107]) by mx.groups.io with SMTP id smtpd.web11.5902.1696452686020847680 for ; Wed, 04 Oct 2023 13:51:29 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@prevas.dk header.s=selector1 header.b=M07eo91B; spf=pass (domain: prevas.dk, ip: 40.107.7.107, mailfrom: rasmus.villemoes@prevas.dk) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fRkhU2wH/Djr55HuqvmMzhZ/d9rXGftG1KpYCqGqBEA/NEJxaZaRyankOXmdOof18/T5mwV4bjTbwPYA5mOUWhmFsDQxDuM+FUyNG4U2FHQI2SNi5smR/1fbYl3GX+2XNasc1M9opdOMyFK6Lj1DHVrE/ctrS1cAH/XF0MoWe9kphTNOD1GUJLcercsYZd2KMYlfbtlka75Z1saEE4Scu5z5D01PD3VHlfS2a1Ps/8o+87Qef5ybZf4d0wDKYh5NAi8V/fsENbW58wC2u5pPzl+Aea6IBJeSaLespFupkNFvaVU9lN3Vg59kjH/58e9a1o4DJcdyFhk4G0x33RUhrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hbRzsv36OWbkWzXWvozIstNthh3ok9p9W9hskvkxI+U=; b=XwEpUxFYxegwDojThs9GG/rGwUAeiNJZVOhk9WWTdCuIU3pK/DEpBVEhjSiIOw/+y92agtUGX2Hi7Mg4FxTOyfb8YnXPt5RisKtj7jlJsYv0pwvt24FHo0hfA7Hw/Zv6QVgZdDpiy61spqp+kccQZ7N7dhtxBl9hsbRTtH2XJeqHQDwBCyMzVARkVeanGDz9QHgt/N1sxFIJDM0qZc8ic0SV893MIVVtLp+3NfGrA9/k2Gc39QkX43FXtVU5Fj6B3RSvI1Iuv6uT9VAoZxogXz1gOuPENdlKM3nqtz7dyesu6By5sTjOsXUqU5fh3kyaX8Ixxhuk7BUGUYs7s9ci3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.dk; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.dk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hbRzsv36OWbkWzXWvozIstNthh3ok9p9W9hskvkxI+U=; b=M07eo91BLX9eoup6Dbx3fnuQvUazWSYd31JCIJ7hDFfvTmScm3ntVU8WZshxj3fMfQ8OaQ+U2hOGtpn9HFzg+VB6j0CP3ZFNfchH1aQNJR1AUd7STXk6JnXbW68r9/aiowEDFd7ckvJgZJHjK8Fr9k+Y7PH48zcp2gwerHbArWE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=prevas.dk; Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) by DU0PR10MB7566.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:402::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33; Wed, 4 Oct 2023 20:51:22 +0000 Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5]) by DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5%7]) with mapi id 15.20.6838.033; Wed, 4 Oct 2023 20:51:21 +0000 From: Rasmus Villemoes To: yocto@lists.yoctoproject.org, akuster808@gmail.com CC: Rasmus Villemoes Subject: [meta-security][PATCH 2/3] fail2ban: change sqlite3 dependency to python3-sqlite3 Date: Wed, 4 Oct 2023 22:51:10 +0200 Message-ID: <20231004205111.443943-3-rasmus.villemoes@prevas.dk> X-Mailer: git-send-email 2.40.1.1.g1c60b9335d In-Reply-To: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> References: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> X-ClientProxiedBy: MM0P280CA0019.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:a::11) To DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR10MB7100:EE_|DU0PR10MB7566:EE_ X-MS-Office365-Filtering-Correlation-Id: 672bbcb9-949d-415c-4758-08dbc51baa7e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zCK9OWXYi/mbbqTtLDfpgH4jS79A85XoxZ4THhjwHj/fzlZJBYb0Bf0GuJ4nFTvcU/ZcD+P5OhGstGitvzLBHHVLa7YYDcbfcYjmjFb45JSZ0dL8Xc4BzHCwmP178TXRqdsleYx/MrpgzHLDbpsBoVlP06nV+UheRAKj78GqmrvJuPbuGrMLihQLQl+ug8L8BimDVbE0Iig94XMOPZa8BYcOmm6Yoy1tRC6AjGraTe7KJjCXimuvvgahNbBhzLnwOxYsXX8Or8Pr2XjXqp7mSQt1UyF+6HET6ZZd9ghJq664VJZPqZlad4w1TcpAI7Muk+00mCeSFlk8SsAjV5TSrRZOQNp80YmF4T3xiUvQ9ogr/g1iFrwztCbVzWAFo5WW8i4ZR5x+D/3Ip3+0jXnToRtGyn+/KR6dI283ZlSskm+8P9A48j0jtg97B7VyZfdRBTJYru9gr5E/obEcy78npAdYpBiBdravnLJerCCYGWRbW5xnVAwGlz/i0+HpFMqUCm6hgeURufncroGqKrqVtwwNKkj6KJOxmOXiPLsjwoOliBvzWvuJ3b0UU6oOCf2fCn09Wz/3cK6o7ij0P/kWpVBs5SlX8ZOSlVjmTw2C2Jllo6/GfIsPvrOlFbD1odup X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(376002)(346002)(39850400004)(366004)(396003)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(26005)(2616005)(1076003)(2906002)(107886003)(38100700002)(38350700002)(8976002)(52116002)(8936002)(4326008)(8676002)(41300700001)(6512007)(478600001)(316002)(6506007)(86362001)(6486002)(5660300002)(44832011)(66946007)(66476007)(15650500001)(36756003)(83380400001)(66556008)(6666004);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6wryNGD0uw1ENI9Oq/Vny7NE3buPzGrMgDuYGZwjpExK2JUyaESJms+NUHYkf7yUHf99mklRNDFHPlHpoLpLW0mFo6UKrcFxf+Sp8nGI22yf3RYuJYdqdyTeotBtpn51VzMRWonE/WADJieVYcAdqL0CmxBz5OtFxeUa4yNDpXnfmFxE8j7LzBZL2oV0xpTYNB1G3Rl9iKrYm3/MCaUSSIHKYPOz586ZPZGV0WcryJHu0f76cMetXrlsCKnDJpVWMHQFgvKH6z9ukcrGoAMm6JMRL6I5DN+X8g/64+zmfAiiQwjGjHoVKcJgMH8I8QEEJ9KqCELe0M0nJLfU5EwUKnAi3fdWndIhpZXclNGev74HDlAZcBtVR1C6jJISlYnqlcN3AX1BX93gDFftMUydeC2AyPm7M01p1OxEXNrdmlo0gRFRbMODVlamSfiB4sn6V+Fm2jyYMG/+f31Fs7rxeFgv0jwQzVwN5UQhl6uYDRnnfVE/FI+DG+d/6H+FMlzQ4M+bjXzuXZ0swkC8H5JvUvX/IQ3XvzogNyzk+Ee++bz4X/SnzkF8ySSsn2F0sj0HmmHmd4vXoBtPnb0jsgDMsjLKXRbXnGQCXtkAdjSQ0fhZMybKurEhHNSdKbsqKHOieMe6z3VFOQLP+LSAfotns0k+7uOlpjGI7+9WdV2mrcWdudN/t52mtR7hfpZKKAUd5pdvIEbZEFUy76BqnN5knk+fNAoX/YpAyc/PRvVv15Bm7f0T9nMdfsANKBfd2oNEDFVOM/GELHPcYbW58mx6wyxaPzVwWYrlYeV2sXHDwy5GAZrvS1TeNbONyFmWkKsuo+1eE9tIMzU993IHC+62ys5tUEzhnsxWS9X9abx4jF40i3n2wb7kI1NOU8fqvAF9wKMEp7NmeKP4NqQn9VXg5WZgk1uqJnH5pS54BUCwVGWNVLew4aYILH1A5kYjeKOiFfWIuHfSQCemmOEVNLKB6/mWk0MwVwyj2ryRoz9uKHR+pNm7TGc8iCGnQr7WeFne6551WfLC4k9Hy644xoZqLZ9BWq0FeXZFK1i+JJYZdnLasJ7Ny1mQ/8qqmGQO3bOmme/+9e48/eTPCeljlyVIqvyx//vyGnP0ArxF/IziunOL7+5gAAKxUmPAqlF8Zj3E/3E2v1F59XnrFiNBnITO15Q7mjauVyKNc6CioLY3Kx5SAVftDLUCmgCYImww+8bjxnxzeotsg0b4+NUr78KYxJ6Ms9UOugupt9+g9gtl7NSnq3nALaAcXUhnN7UJlLCCW/ywjkb2yGoioiGkIo2KQYM8PvmlEZ1uc8zXI1RCUgRZar8nWNmX1dalyeHzqs9k3Llk3hig/joMdieJdJVVkt/uxEL+w7z0PbZ3SkbUy3FBx8kta7Ujoj775YGAhOdkKs0+8mXdhJ782XMb7KeQQ1vAz+2qGENQvmdEv13ZNNdA6qGIGVn8Z/oounBY7/YhcdBkfXeh6MeMr6AIhslPhoP8p4Jm9C/QomV4T43XGInlTOHyy4infB1vVn3ZWvLN/VhoapnL7fIF6yhTY+J41PZfdwXFX5kulaFbmQ16LmcshhCXtjPbklrU/B5vhVJe2xeFZ5xu/iz5f6/I9IiC1w== X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: 672bbcb9-949d-415c-4758-08dbc51baa7e X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2023 20:51:21.8915 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ea03acXmhH/eN+6BdTBIVTBFSG1ZFpiHDafuBuJw74sTH3hipVALfouNjz50+sv146ewwScRiGv9i78WqTBGFmTkWHGmn83S76Dgri94etQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB7566 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Oct 2023 20:51:30 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61243 From: Rasmus Villemoes Currently, one gets Unable to import fail2ban database module as sqlite is not available So we need to ensure the sqlite3 python module is available. That will automatically pull in libsqlite3. Since fail2ban does not actually depend on the the CLI which the sqlite3 package provides, drop that dependency. Signed-off-by: Rasmus Villemoes --- .../recipes-security/fail2ban/python3-fail2ban_1.0.2.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb index 81fa00d..d64108a 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb @@ -66,7 +66,8 @@ INITSCRIPT_PARAMS = "defaults 25" INSANE_SKIP:${PN}:append = "already-stripped" -RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify" +RDEPENDS:${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables python3-core python3-pyinotify" +RDEPENDS:${PN} += "python3-sqlite3" RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" From patchwork Wed Oct 4 20:51:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 31698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3711E936E7 for ; Wed, 4 Oct 2023 20:51:40 +0000 (UTC) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.107]) by mx.groups.io with SMTP id smtpd.web11.5902.1696452686020847680 for ; Wed, 04 Oct 2023 13:51:31 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@prevas.dk header.s=selector1 header.b=dgRm+jdY; spf=pass (domain: prevas.dk, ip: 40.107.7.107, mailfrom: rasmus.villemoes@prevas.dk) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WhnH0DcUVkR+EpG8hIjra6PlS1ngnAWpR40o1p1zMGEOD7j+IVx/FxnXt3T6u7zdkxcgOgTA5AYpS+lyOzpk1n+AwJ4/leGM4elRcfuX1RWa3noeVUSLVu3IgPm/sT5cq7pUubbnyyXPQQtn3QAQHYvlg9opKIIWKcEwAKxOB2TKDWwrN79G1ptM5p2WWisabJGBBZlHRa6khwF0+F4629WLdq4T6hhDvTWs1IB1a84ol2WQkcMd3G1VPbMUpJnRWFdd3RhXONotogUG0cJD0XuX3Zia2EpHnh1r0fVzS9Dmx8ULOZcgOb2fMQfZ8NKOHueHEo8DUomtTTwbgW/9PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hzyZnFUB5Q33Qybbx8tLhe6mAC/tN8RgIV84YgbgeMQ=; b=Eue9IY1w4dzyouMRmkoc198rzOXyaCHiyQqST76byaG8UvUfbBg1yoS/UfOF2jG91aErnHIIRL2eA0j5JEG0wQrcaCCHYN2oeoKLPq9rMbqNfpwkn9pvD79liRuSNcrMzOPs9t0kH641hB1riKqzttVW8bC5BScMM7IK6o8E8rCOUUKjygCTpjLkzdNAlI2YPuISPAP3WvE9uihiANY0JwL6slEkJk6Wxg9gKB5AMPP853u1sQB18zYCpCHHvzZVfb3uPxeiOTYXG2+GhS1ZiI4LmbxuGrhdSDgxU3uttcB2HPhC6WtHAQW0ShoaZBTXKYMwQGC5ziig4JqYN0bcWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=prevas.dk; dmarc=pass action=none header.from=prevas.dk; dkim=pass header.d=prevas.dk; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.dk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hzyZnFUB5Q33Qybbx8tLhe6mAC/tN8RgIV84YgbgeMQ=; b=dgRm+jdYuODen1cBPLWxIKIN9hPGfyl7Tqel6YCZi0/1RSSElL/8BQM1hKH2l+KoeNudIDhInAC2nbsXUAIly4BF1P9Tg2CIh6c+jIqQcBwzoucxVypnHlJaOToralN01JbHnjp9dPzqjB+Lqbyv2svBwAlOKkTojc/+YZDTTYo= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=prevas.dk; Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) by DU0PR10MB7566.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:402::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33; Wed, 4 Oct 2023 20:51:22 +0000 Received: from DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5]) by DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM ([fe80::52ba:4d74:6ab:aa5%7]) with mapi id 15.20.6838.033; Wed, 4 Oct 2023 20:51:22 +0000 From: Rasmus Villemoes To: yocto@lists.yoctoproject.org, akuster808@gmail.com CC: Rasmus Villemoes Subject: [meta-security][PATCH 3/3] fail2ban: add useful recommendations Date: Wed, 4 Oct 2023 22:51:11 +0200 Message-ID: <20231004205111.443943-4-rasmus.villemoes@prevas.dk> X-Mailer: git-send-email 2.40.1.1.g1c60b9335d In-Reply-To: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> References: <20231004205111.443943-1-rasmus.villemoes@prevas.dk> X-ClientProxiedBy: MM0P280CA0019.SWEP280.PROD.OUTLOOK.COM (2603:10a6:190:a::11) To DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:45a::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR10MB7100:EE_|DU0PR10MB7566:EE_ X-MS-Office365-Filtering-Correlation-Id: 82537a34-59bf-40c0-463d-08dbc51baabc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lumf845umCqEX/rFN1UhYB5saG7xedIWng+SU83SWIJg7cZvCcqKwFzh+c6fBqpgTj1gBjXmvQsnfbAVWKLYcvHSyEJRho9gl7pxpJay5NiZuyDAbuzGGjfmWMDZ5Fkay9tSFcObFlkP0xCjzsOY/zXt6p6giicFicCk7nFls5zXSxEQpSElfS4tSGEbRGZjNsxrmoTgcLlxZejIso4xwajFLFGU97u0r+E9DeJp5OtoUa0RWWVNY404PPnqqT1CPTypR//p1/HoSdgC2Hyag+HD+KjIWegxB9SoLCeQO+rI3Mzdbl0cvV4f/XKZcO6wdcPvxUMguWhXaZeKtxGm+77xG/M5VRDrzq2jVrhY0HC14ekJ10udA5taPAjtyuSt6fySPDuAQ1E4fHX5llvvpaEw8cehnuiZU0wOLIu0QUlOyjYT9iYcEHlVK+Na0xElzMETbhSkTgqw/ik14zO6gjN/pyxff2WBO13xMo6Af6au4wWzSocrHwfcXV9Hf+a4Eif6r7i0Sscb4PApmNEpltkHFBvkbS2dvLvctrs9Ppjy5kDNGhBen3c4rODdVh0pgKYafqab9PcH0BG6OAFp7GpqQUqqfsFozkV6EyJbIv0ccm+T1Y206kbKZoFk6Jza X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(136003)(376002)(346002)(39850400004)(366004)(396003)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(26005)(2616005)(1076003)(2906002)(107886003)(38100700002)(38350700002)(8976002)(52116002)(8936002)(4326008)(8676002)(41300700001)(6512007)(478600001)(316002)(6506007)(86362001)(6486002)(5660300002)(44832011)(66946007)(66476007)(15650500001)(36756003)(83380400001)(66556008)(6666004);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: TULujLpoF+DIseDuCpQJZtkDkh0i+ZW6FL6OtLJrNOCWQpEEtd8LglSaJIbrm+wNgFG+sqHtuaRa37hnQGQ3nityP9a/rNaCP2Xo1pyEe0ZcqrP+Vmms9Sm/zUwhj/9Cw2JoVhbjzl9pC1+0+zDuoaO/7HA0EEQLZHwsy03XfAQbzM2focfHvafpqPT9gRseEASKwVgNKF1yZfWIe93jtUfKJk3IggdQqsTIBgdhB0l8oBdhMnDuBNH8pBglzVxCr+gFl2N3nOKPaFgM2FR42+R2UNOMIXPm80/tcdIYV+mszixTfdjKnTmBxUKjnEKOGmIcpM8rNRjYL/PnHRpThg3pd+jwu8kfd1ODtyKLAqwmnfmFH97IlMl96dISMjsSEiArRuqHwDWu3habRhI3DzUNouPI6/IcvHhZDDQRWRPSnRXrIWOOzD5H96JMBjt7+zz2eTUWAUavhzbOXcYrtvK/1Q4pxJWamQF/Wna0GMyJNY1wP7U6xHoebLGYr/xxo8NQxdfbjFJn4pXL0VDWe+Eg+5Ewil4aaIzlGObn4adFXqXVq3CMA5Uv5bGICKhxLIxK3td262Im+OXXiwP44UMKP/j2nCLn+uKXh/Dpw3sMNpW+TFxOZauaHf5OrcRCbnQ94ezJgkZTnb9YuyqjaJwIgb37hxlTt5V1dkQ+hCgmGljmw1fEQiP2eXvoQmKIVkLlSxYejJ892YGRVvGaUDLQf9PqsxqxK5X6QviaJ7p0h3X4SYbuEX4aNKea/JdI9ymlrC/M/rQTqgf5pyIUoaz1V8aFHhVV0N30qgsubMYAran+MD1z15a/Otr6g21TDziucTO4LRV15vk/EEtjP155pBOcCyA3wMDOTHEI3CtJK35XB2kZzjbgEAmQabaRa08cGdwDFMxRRaNZn2GQ0A4DRKqM+VYDRbLZssLTzrM6Yuq/gPxt2WwmH6CLEzvfxVRih6VWIZn5VJ/eZ6NXb6lrGsDiNrBZimixGXVZimCrOB0/gpZFFNfSgzropD8P+3tnEmJUVELhoTiXOPYQ78Kl4IDzVE/zfSFtThrcCbMfiE902ZIUWgj3AO1ph19/IM/8NsLO0UlHpZTV3duMI+BB5zTjtJUYSoAlBj7QYSkttL1/oKWfIdytDCpmsW3arYbK026FsuWrhi3fyfYge9LRRaUF4Y05heggzeKtViNVLWcXOcguMJhXxBY4ZauHiHiwNzpq7iA5kizuyaBu5vMxBQa7q1Y+icCwwx7yKlCu/ZUiscjHCvV8mKMsrMziDaNdytBKURDiNZJT+2d5MZjGBA9/h2cmQ58f3xm2E2LM41xQgug94bfqpIFI24At7H+6aCvPfavpMNaL4HWSdCSw2V6wOT/jgJoAXgH0heuWR1Zkvaumewh2HAzKtLK8DbzJsptuS4fYAdtEiG7YI087NcMKiAI0cQSlBW5g9mm8QzX6QsTxjBCWg5eY9MCukAdkfD+U9A7sRsAP7IXBK8PLhds3yM483LIgcFi3ohyupd354j/GstnM6sCo8gL8WGYKkHHRt1/j1N2bhkuZf8NTvgOLVr52XlguBWFm+cMBn/uvncrASuG0Oy+3zQdn1qCIsOGCwaxpLXYBACay4Q== X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: 82537a34-59bf-40c0-463d-08dbc51baabc X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB7100.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2023 20:51:22.3647 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rN/LJE9hkEIPy9T48fN7PDPyqz0FQqayHIDYmqqykofQiYeMO7+wESmbO/mH8qH8voh1tyGCXSaNxGtpuxQkIyleoYIoqfWioGD92TlWmKc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR10MB7566 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 04 Oct 2023 20:51:40 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61245 From: Rasmus Villemoes On a systemd-based system, one is likely to make use of 'backend=systemd', which requires the systemd module. Both the pyinotify and systemd backends require the distutils module. Signed-off-by: Rasmus Villemoes --- .../recipes-security/fail2ban/python3-fail2ban_1.0.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb index d64108a..68695f2 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_1.0.2.bb @@ -71,3 +71,5 @@ RDEPENDS:${PN} += "python3-sqlite3" RDEPENDS:${PN} += " python3-logging python3-fcntl python3-json" RDEPENDS:${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban" +RRECOMMENDS:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'python3-systemd', '', d)}" +RRECOMMENDS:${PN} += "python3-distutils"