%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} Name: nufw Version: 2.2.20 Release: 5%{dist} Summary: Authentication Firewall Suite for Linux License: GPLv2 Group: System Environment/Daemons Source: http://www.nufw.org/download/nufw/%{name}-%{version}.tar.bz2 Source1: nufw.init Source2: nuauth.init Source3: nuauth.pam Source4: setup-python_nufw.py Source5: version-python_nufw.py Source6: README.python_nufw Source7: sysconfig-nufw Source8: sysconfig-nuauth # added to the internal INL Bugtracker and will be fixed in the next release Patch0: %{name}-avoid-version.patch URL: http://www.nufw.org/ Requires: iptables python-IPy Requires(pre): shadow-utils Requires(post): chkconfig Requires(preun): chkconfig Requires(preun): initscripts BuildRequires: postgresql-devel mysql-devel BuildRequires: libtasn1-devel gnutls-devel glib2-devel pam-devel cyrus-sasl-devel chrpath BuildRequires: openldap-devel iptables-devel BuildRequires: libprelude-devel libnetfilter_queue-devel libnetfilter_conntrack-devel libnfnetlink-devel BuildRequires: python-IPy python-setuptools python-devel BuildRequires: dos2unix BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description NuFW is a firewall able to filter connection according to user uid or user software, meaning you can allows port 80 for only one user, whatever ip he uses, or only for konqueror. NuFW performs an authentication of every single connection passing through the IP filter, by transparently requesting user's credentials before any filtering decision is taken. Practically, this means security policies can integrate with the users directory, and bring the notion of user ID down to the IP layers. %package utils Summary: Various utilities for Nufw administrators Group: Applications/Internet %description utils This package contains various utilities : * nutop : a top-like utility to watch connection * nuaclgen : a perl script to add users to ldap %package -n libnuclient Summary: Nuclient library Group: System Environment/Libraries %description -n libnuclient Library needed by nufw for nuclient. %package -n libnuclient-devel Summary: Nuclient development library Group: Development/Libraries Requires: libnuclient = %{version}-%{release} %description -n libnuclient-devel Development file of the nuclient library, used to compile client accessing to nufw. %package -n pam_nufw Summary: Nufw client using pam credentials Group: System Environment/Libraries BuildRequires: chrpath %description -n pam_nufw pam_nufw is a PAM module able to integrate with the PAM stack. It reuse pam credentials to connect to nufw daemon, instead of requiring to start nutcpc by hand. %package -n nutcpc Summary: Nufw client Group: Applications/Internet %description -n nutcpc Nutcpc is the command line client used to authenticate on a firewall using nufw. %package -n nuauth Summary: Nufw user database daemon Group: System Environment/Daemons Requires: cyrus-sasl-plain python-IPy perl-LDAP Provides: nufw-nuauth-auth-plaintext = %{version}-%{release} Provides: nufw-nuauth-log-syslog = %{version}-%{release} Provides: nufw-nuauth-auth-system = %{version}-%{release} %description -n nuauth NuFW is an authenticating gateway, which means that connections are authenticated before being forwarded through the gateway. Classical packet filtering systems disregard the identity of the user who may be attempting to access the network, instead caring only about the originating IP addresses. Nuauth lays on a user database, and an ACL system (which can reside in an LDAP directory, etc. Nuauth receives requests from nufw, and auth packets from users' clients, and sends decision to the nufw daemon. This package contains the main daemon. %package -n nuauth-auth-ldap Summary: Module for nuauth providing ldap user database Group: System Environment/Libraries %description -n nuauth-auth-ldap This package provides a module to use ldap as user database for nuauth. %package -n nuauth-log-mysql Summary: Module for nuauth to log in Mysql database Group: System Environment/Libraries %description -n nuauth-log-mysql This module allows you to log user activity in a mysql database. %package -n nuauth-log-pgsql Summary: Module for nuauth to log in Postgresql database Group: System Environment/Libraries %description -n nuauth-log-pgsql This module allows you to log user activity in a postgresql database. %package -n nuauth-log-prelude Summary: Module for nuauth to log to Prelude IDS Group: System Environment/Libraries %description -n nuauth-log-prelude This module allows you to log user activity to the Prelude IDS. %package -n python-nufw Summary: Python bindings for NuFW client (nutcpc) Group: Development/Languages BuildRequires: python-devel BuildRequires: python-setuptools-devel %description -n python-nufw Bindings Python and nutcpc client for NuFW. %prep %setup -q %patch0 -p1 -b .avoid-version # fixup EOL pushd "scripts" dos2unix -q --keepdate nutop popd # fixup encoding pushd "doc" f=acls iconv -f ISO8859-1 -t UTF-8 -o $f.new $f touch -r $f $f.new mv $f.new $f popd # fix postgresql name perl -pi -e "s|postgresql|pgsql|" ./src/nuauth/modules/log_pgsql/Makefile* perl -pi -e 's|^(modulesdir\s*=\s*/)lib|$1%_lib|' ./src/clients/pam_nufw/Makefile* perl -pi -e 's|(\@modulesdir\s*=\s*/)lib|$1%_lib|' ./src/clients/pam_nufw/Makefile* # fix nuauth-utils build perl -pi -e 's|\$\(prefix\)|\%\{buildroot\}|' ./scripts/nuauth_command/Makefile* %build %configure \ --sysconfdir=%{_sysconfdir}/nufw/ \ --with-mysql-log --with-pgsql-log --with-system-auth --with-ldap \ --with-nfqueue --with-nfconntrack --with-fixedtimeout --with-utf8 \ --enable-pam-nufw --with-prelude-log perl -pi -e 's|(install -d \$\(localstatedir\)/run/nuauth/)|#$1|' ./src/nuauth/Makefile make %install rm -rf %{buildroot} make DESTDIR=%{buildroot} install #install python bindings cp %{SOURCE4} python/setup.py cp %{SOURCE5} python/nuclient/version.py cp %{SOURCE5} python/README cd python; %{__python} setup.py install --no-compil --root=%{buildroot}; cd .. cp -p scripts/nuaclgen %{buildroot}/%{_bindir} cp -p scripts/nutop %{buildroot}/%{_bindir} mkdir -p %{buildroot}/%{_sysconfdir}/nufw cp -p conf/{nutop,nuauth,nuaclgen}.conf %{buildroot}/%{_sysconfdir}/nufw cp -p conf/{acls.nufw,periods.xml} %{buildroot}/%{_sysconfdir}/nufw cp -p -R conf/certs/* %{buildroot}/%{_sysconfdir}/nufw cp -p conf/users-plaintext.nufw %{buildroot}/%{_sysconfdir}/nufw/users.nufw mkdir -p %{buildroot}/%{_localstatedir}/lib/nuauth mkdir -p %{buildroot}/%{_localstatedir}/run/nuauth # clean useless files rm -f %{buildroot}/%{_libdir}/nuauth/modules/*.{a,la} rm -f %{buildroot}/%{_lib}/security/*{a,la} rm -f %{buildroot}/%{_libdir}/libnobuffer* mkdir -p %{buildroot}/%_initrddir/ install -m755 %SOURCE1 %{buildroot}/%_initrddir/nufw install -m755 %SOURCE2 %{buildroot}/%_initrddir/nuauth mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig/ cp -p %SOURCE7 %{buildroot}%{_sysconfdir}/sysconfig/nufw cp -p %SOURCE8 %{buildroot}%{_sysconfdir}/sysconfig/nufw mkdir %{buildroot}/%{_sysconfdir}/pam.d/ cp -p %SOURCE3 %{buildroot}/%{_sysconfdir}/pam.d/nuauth chrpath --delete $RPM_BUILD_ROOT%{_bindir}/nutcpc chrpath --delete $RPM_BUILD_ROOT/%{_lib}/security/pam_nufw.so %clean rm -rf %{buildroot} %post /sbin/chkconfig --add nufw %post -n libnuclient -p /sbin/ldconfig %postun if [ "$1" -ge "1" ]; then service nufw condrestart > /dev/null 2>&1 ||: fi %postun -n libnuclient -p /sbin/ldconfig %preun if [ $1 = 0 ] ; then /sbin/service nufw stop >/dev/null 2>&1 /sbin/chkconfig --del nufw fi %pre -n nuauth getent group nuauth >/dev/null || groupadd -r nuauth getent passwd nuauth >/dev/null || \ useradd -r -g nuauth -d %{_localstatedir}/lib/nuauth -s /sbin/nologin \ -c "Privilege-separated Nuauth" nuauth exit 0 %post -n nuauth /sbin/chkconfig --add nuauth %preun -n nuauth if [ $1 = 0 ]; then /sbin/service nuauth stop >/dev/null 2>&1 /sbin/chkconfig --del nuauth fi %postun -n nuauth if [ "$1" -ge "1" ]; then service nuauth condrestart > /dev/null 2>&1 ||: fi %files %defattr(-, root, root, -) %doc AUTHORS ChangeLog NEWS README TODO COPYING %doc doc/acls doc/cache_system doc/debug %{_sbindir}/nufw %{_mandir}/man8/nufw.8* %{_initrddir}/nufw %config(noreplace) %{_sysconfdir}/sysconfig/nufw %dir %{_sysconfdir}/nufw/ %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/NuFW-cacert.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/nufw-cert.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/nufw-key.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/user@nufw.org-cert.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/user@nufw.org-key.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/admin@nufw.org-cert.pem %config(noreplace) %attr(0600,-,-) %{_sysconfdir}/%{name}/admin@nufw.org-key.pem %files utils %defattr(-, root, root, -) %{_bindir}/nuaclgen %{_bindir}/nutop %{_mandir}/man8/nuaclgen.8* %{_mandir}/man8/nutop.8* %config(noreplace) %{_sysconfdir}/nufw/nutop.conf %config(noreplace) %{_sysconfdir}/nufw/nuaclgen.conf %dir %{_sysconfdir}/nufw/ %files -n libnuclient %defattr(-, root, root, -) %{_libdir}/libnuclient.so.* %files -n libnuclient-devel %defattr(-, root, root, -) %exclude %{_libdir}/libnuclient.a %exclude %{_libdir}/libnuclient.la %{_libdir}/libnuclient.so %{_includedir}/* %{_mandir}/man3/libnuclient.3* %files -n pam_nufw %defattr(-, root, root, -) %doc doc/README.pam_nufw /%{_lib}/security/pam_nufw.so %files -n nuauth-auth-ldap %defattr(-, root, root, -) %doc conf/acls.schema %{_libdir}/nuauth/modules/libldap.so* %files -n nuauth-log-mysql %defattr(-, root, root, -) %doc conf/nulog*mysql.dump %{_libdir}/nuauth/modules/libmysql.so* %files -n nuauth-log-pgsql %defattr(-, root, root, -) %doc conf/nulog*pgsql.dump %{_libdir}/nuauth/modules/libpgsql.so* %files -n nuauth-log-prelude %defattr(-, root, root, -) %{_libdir}/nuauth/modules/libnuprelude.so* %files -n nuauth %defattr(-, root, root, -) %{_sbindir}/nuauth %{_mandir}/man8/nuauth.8* %{_mandir}/man5/nuclient.conf.5* %{_localstatedir}/lib/nuauth %dir %{_localstatedir}/run/nuauth/ %{_initrddir}/nuauth %config(noreplace) %{_sysconfdir}/%{name}/nuauth.conf %config(noreplace) %{_sysconfdir}/%{name}/periods.xml %config(noreplace) %{_sysconfdir}/%{name}/users.nufw %config(noreplace) %{_sysconfdir}/%{name}/acls.nufw %config(noreplace) %attr(0600, nuauth, nuauth) %{_sysconfdir}/%{name}/nuauth-key.pem %config(noreplace) %attr(0600, nuauth, nuauth) %{_sysconfdir}/%{name}/nuauth-cert.pem %config(noreplace) %{_sysconfdir}/pam.d/nuauth %dir %{_sysconfdir}/%{name}/ %{_libdir}/nuauth/modules/libsyslog.so* %{_libdir}/nuauth/modules/libplaintext.so* %{_libdir}/nuauth/modules/libsystem.so* %{_libdir}/nuauth/modules/libscript.so* %{_libdir}/nuauth/modules/libx509_std.so* %{_libdir}/nuauth/modules/libxml_defs.so* %{_libdir}/nuauth/modules/libipauth_guest.so* %{_libdir}/nuauth/modules/libmark_field.so* %{_libdir}/nuauth/modules/libmark_flag.so* %{_libdir}/nuauth/modules/libmark_group.so* %{_libdir}/nuauth/modules/libmark_uid.so* %{_libdir}/nuauth/modules/libsession_expire.so* %{_libdir}/nuauth/modules/libsession_authtype.so* %files -n nutcpc %defattr(-, root, root, -) %{_bindir}/nutcpc %{_mandir}/man1/nutcpc.1* %files -n python-nufw %defattr(-, root, root) %{python_sitelib}/*egg-info %{python_sitelib}/nuclient/* %changelog * Fri Dec 19 2008 Jerome Soyer 2.2.20-5 - Add "touch -r" in the charset conversion for keeping timestamps * Thu Dec 18 2008 Jerome Soyer 2.2.20-4 - Separate in two sysconfig files - Fix initscripts - Fix BuilRequires on nuauth-utils - Fix permissions on cert and key file * Wed Dec 17 2008 Jerome Soyer 2.2.20-3 - Remove useless BuildRequires on python-nufw - Make a source for /etc/sysconfig/nufw file - Fix DefaultStop in initscripts - Fix mix tabs and spaces - Remove useless ldconfig * Fri Dec 12 2008 Jerome Soyer 2.2.20-2 - Fix ldconfig for libnuclient - Remove useless Provides - Fix encoding and end line encoding - Remove delete user - Fix nutcpc group - Fix initscripts - Modify Patch0 for readding "-avoid-version" in missing Makefile.in and sent upstream * Mon Dec 10 2008 Jerome Soyer 2.2.20-1 - Initial Fedora Package