diff mbox series

[bug#56579,v5] gnu: admin: Add fail2ban 0.11.2.

Message ID 20220717023040.422-1-mail@muradm.net
State Accepted
Headers show
Series [bug#56579,v5] gnu: admin: Add fail2ban 0.11.2. | expand

Checks

Context Check Description
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

muradm July 17, 2022, 2:30 a.m. UTC
* gnu/packages/admin.scm (fail2ban): New variable.
---
 gnu/packages/admin.scm                        | 195 ++++++++++++++++++
 .../fail2ban-0.11.2_CVE-2021-32749.patch      | 155 ++++++++++++++
 ...2ban-0.11.2_fix-setuptools-drop-2to3.patch |  64 ++++++
 .../fail2ban-0.11.2_fix-test-suite.patch      |  48 +++++
 .../patches/fail2ban-paths-guix-conf.patch    |  32 +++
 .../fail2ban-python310-server-action.patch    |  27 +++
 .../fail2ban-python310-server-actions.patch   |  25 +++
 .../fail2ban-python310-server-jails.patch     |  25 +++
 8 files changed, 571 insertions(+)
 create mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
 create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
 create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
 create mode 100644 gnu/packages/patches/fail2ban-paths-guix-conf.patch
 create mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
 create mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
 create mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

Comments

Ludovic Courtès Aug. 1, 2022, 3:19 p.m. UTC | #1
Hi,

muradm <mail@muradm.net> skribis:

> * gnu/packages/admin.scm (fail2ban): New variable.
> ---
>  gnu/packages/admin.scm                        | 195 ++++++++++++++++++
>  .../fail2ban-0.11.2_CVE-2021-32749.patch      | 155 ++++++++++++++
>  ...2ban-0.11.2_fix-setuptools-drop-2to3.patch |  64 ++++++
>  .../fail2ban-0.11.2_fix-test-suite.patch      |  48 +++++
>  .../patches/fail2ban-paths-guix-conf.patch    |  32 +++
>  .../fail2ban-python310-server-action.patch    |  27 +++
>  .../fail2ban-python310-server-actions.patch   |  25 +++
>  .../fail2ban-python310-server-jails.patch     |  25 +++
>  8 files changed, 571 insertions(+)
>  create mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
>  create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
>  create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
>  create mode 100644 gnu/packages/patches/fail2ban-paths-guix-conf.patch
>  create mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
>  create mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
>  create mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch

Applied with minimal changes: added the patches to ‘gnu/local.mk’,
changed (for-each (lambda (f) (substitute* f …)) files) to
(substitute* files …), changed ‘coreutils’ to ‘coreutils-minimal’,
changed license to ‘gpl2+’ since headers carry the “or any later
version” wording, and tweaked indentation.

Thanks!

Ludo’.
diff mbox series

Patch

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 88cb8fded9..4e2b7b081a 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -100,6 +100,7 @@  (define-module (gnu packages admin)
   #:use-module (gnu packages cross-base)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cryptsetup)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages dns)
   #:use-module (gnu packages elf)
@@ -134,6 +135,7 @@  (define-module (gnu packages admin)
   #:use-module (gnu packages mcrypt)
   #:use-module (gnu packages mpi)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages patchutils)
   #:use-module (gnu packages pciutils)
@@ -152,6 +154,7 @@  (define-module (gnu packages admin)
   #:use-module (gnu packages ruby)
   #:use-module (gnu packages selinux)
   #:use-module (gnu packages serialization)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages sphinx)
   #:use-module (gnu packages tcl)
@@ -5231,3 +5234,195 @@  (define-public seatd
 mediate access to shared devices, such as graphics and input, for applications
 that require it.")
     (license license:expat)))
+
+(define-public fail2ban
+  (package
+    (name "fail2ban")
+    (version "0.11.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/fail2ban/fail2ban")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           ;; get rid of absolute paths
+           (substitute* "setup.py"
+             (("/etc/fail2ban") "etc/fail2ban")
+             (("/var/lib/fail2ban") "var/lib/fail2ban")
+             (("\"/usr/bin/\"") "\"usr/bin/\"")
+             (("\"/usr/lib/fail2ban/\"") "\"usr/lib/fail2ban/\"")
+             (("'/usr/share/doc/fail2ban'") "'usr/share/doc/fail2ban'"))
+           ;; disable tests performing unacceptable side-effects
+           (let ((make-suite
+                  (lambda (t)
+                    (string-append "tests.addTest.unittest.makeSuite." t ".."))))
+             (substitute* "fail2ban/tests/utils.py"
+               (((make-suite "actiontestcase.CommandActionTest")) "")
+               (((make-suite "misctestcase.SetupTest")) "")
+               (((make-suite "filtertestcase.DNSUtilsNetworkTests")) "")
+               (((make-suite "filtertestcase.IgnoreIPDNS")) "")
+               (((make-suite "filtertestcase.GetFailures")) "")
+               (((make-suite "fail2banclienttestcase.Fail2banServerTest")) "")
+               (((make-suite "servertestcase.ServerConfigReaderTests")) "")))))
+       (patches
+        (search-patches
+         "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
+         "fail2ban-python310-server-action.patch"
+         "fail2ban-python310-server-actions.patch"
+         "fail2ban-python310-server-jails.patch"
+         "fail2ban-0.11.2_fix-test-suite.patch"
+         "fail2ban-0.11.2_CVE-2021-32749.patch"
+         "fail2ban-paths-guix-conf.patch"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'build 'invoke-2to3
+                    (lambda _
+                      (invoke "./fail2ban-2to3")))
+                  (add-before 'install 'fix-default-config
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (for-each
+                       (lambda (f)
+                         (substitute* f
+                           (("/etc/fail2ban")
+                            (string-append
+                             (assoc-ref outputs "out")
+                             "/etc/fail2ban"))))
+                       '("config/paths-common.conf"
+                         "fail2ban/tests/utils.py"
+                         "fail2ban/client/configreader.py"
+                         "fail2ban/client/fail2bancmdline.py"
+                         "fail2ban/client/fail2banregex.py"))))
+                  (add-after 'fix-default-config 'set-action-dependencies
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      ;; deleting things that are not feasible to fix
+                      ;; or won't be used any way
+                      (with-directory-excursion "config"
+                        (for-each delete-file '("paths-arch.conf"
+                                                "paths-debian.conf"
+                                                "paths-fedora.conf"
+                                                "paths-freebsd.conf"
+                                                "paths-opensuse.conf"
+                                                "paths-osx.conf")))
+                      (with-directory-excursion "config/action.d"
+                        (for-each delete-file
+                                  '("apf.conf"
+                                    "bsd-ipfw.conf"
+                                    "dshield.conf"
+                                    "ipfilter.conf"
+                                    "ipfw.conf"
+                                    "firewallcmd-allports.conf"
+                                    "firewallcmd-common.conf"
+                                    "firewallcmd-ipset.conf"
+                                    "firewallcmd-multiport.conf"
+                                    "firewallcmd-new.conf"
+                                    "firewallcmd-rich-logging.conf"
+                                    "firewallcmd-rich-rules.conf"
+                                    "osx-afctl.conf"
+                                    "osx-ipfw.conf"
+                                    "pf.conf"
+                                    "nginx-block-map.conf"
+                                    "npf.conf"
+                                    "shorewall.conf"
+                                    "shorewall-ipset-proto6.conf"
+                                    "ufw.conf")))
+                      (let* ((lookup-cmd (lambda (i) (search-input-file inputs i)))
+                             (bin (lambda (i) (lookup-cmd (string-append "/bin/" i))))
+                             (sbin (lambda (i) (lookup-cmd (string-append "/sbin/" i))))
+                             (ip (sbin "ip"))
+                             (sendmail (sbin "sendmail")))
+                        (for-each
+                         (lambda (f)
+                           (substitute* f
+                             ;; TODO: deal with geoiplookup ..
+                             (("(awk|curl|dig|jq)" all cmd)
+                              (bin cmd))
+                             (("(cat|echo|grep|head|printf|wc) " all cmd)
+                              (string-append (bin cmd) " "))
+                             ((" (date|rm|sed|tail|touch|tr) " all cmd)
+                              (string-append " " (bin cmd) " "))
+                             (("cut -d")
+                              (string-append (bin "cut") " -d"))
+                             (("`date`")
+                              (string-append "`" (bin "date") "`"))
+                             (("id -")
+                              (string-append (bin "id") " -"))
+                             (("ip -([46]) addr" all ver)
+                              (string-append ip " -" ver " addr"))
+                             (("ip route")
+                              (string-append ip " route"))
+                             (("ipset ")
+                              (string-append (sbin "ipset") " "))
+                             (("(iptables|ip6tables) <" all cmd)
+                              (string-append (sbin cmd) " <"))
+                             (("/usr/bin/nsupdate") (bin "nsupdate"))
+                             (("mail -E")
+                              (string-append sendmail " -E"))
+                             (("nftables = nft")
+                              (string-append "nftables = " (sbin "nft")))
+                             (("perl -e")
+                              (string-append (bin "perl") " -e"))
+                             (("/usr/sbin/sendmail") sendmail)
+                             (("test -e")
+                              (string-append (bin "test") " -e"))
+                             (("_whois = whois")
+                              (string-append "_whois = " (bin "whois")))))
+                         (find-files "config/action.d" "\\.conf$")))
+                      (substitute* "config/jail.conf"
+                        (("before = paths-debian.conf") "before = paths-guix.conf"))))
+                  (add-after 'install 'copy-man-pages
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((man (string-append (assoc-ref outputs "out") "/man"))
+                             (install-man
+                              (lambda (m)
+                                (lambda (f)
+                                  (install-file
+                                   (string-append f "." m)
+                                   (string-append man "/man" m)))))
+                             (install-man1 (install-man "1"))
+                             (install-man5 (install-man "5")))
+                        (with-directory-excursion "man"
+                          (for-each install-man1 '("fail2ban"
+                                                   "fail2ban-client"
+                                                   "fail2ban-python"
+                                                   "fail2ban-regex"
+                                                   "fail2ban-server"
+                                                   "fail2ban-testcases"))
+                          (for-each install-man5 '("jail.conf")))))))))
+    (inputs (list
+             gawk
+             coreutils
+             curl
+             grep
+             jq
+             iproute
+             ipset
+             iptables
+             `(,isc-bind "utils")
+             nftables
+             perl
+             python-pyinotify
+             sed
+             sendmail
+             sqlite
+             whois))
+    (home-page "http://www.fail2ban.org")
+    (synopsis "Daemon to ban hosts that cause multiple authentication errors")
+    (description "Fail2Ban scans log files like /var/log/auth.log and bans IP
+addresses conducting too many failed login attempts.  It does this by updating
+system firewall rules to reject new connections from those IP addresses, for
+a configurable amount of time.  Fail2Ban comes out-of-the-box ready to read
+many standard log files, such as those for sshd and Apache, and is easily
+configured to read any log file of your choosing, for any error you wish.
+
+Though Fail2Ban is able to reduce the rate of incorrect authentication
+attempts, it cannot eliminate the risk presented by weak authentication.  Set
+up services to use only two factor, or public/private authentication
+mechanisms if you really want to protect services.")
+    (license license:gpl2)))
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
new file mode 100644
index 0000000000..d3c677918c
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
@@ -0,0 +1,155 @@ 
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+---
+ config/action.d/complain.conf         | 2 +-
+ config/action.d/dshield.conf          | 2 +-
+ config/action.d/mail-buffered.conf    | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf       | 6 +++---
+ config/action.d/mail.conf             | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
++++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
++++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
++++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Output will be buffered until <lines> lines are available.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
+                  These hosts have been banned by Fail2Ban.\n
+                  `cat <tmpfile>`
+                  Regards,\n
+-                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
++                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+                  rm <tmpfile>
+              fi
+              printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 \nRegards,\n
+-                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
++                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
+                 rm <tmpfile>
+             fi
+ 
+diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
++++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
++++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+             Here is more information about <ip> :\n
+             `%(_whois_command)s`\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
++++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+             The IP <ip> has just been banned by Fail2Ban after
+             <failures> attempts against <name>.\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
new file mode 100644
index 0000000000..b0b14364b1
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
@@ -0,0 +1,64 @@ 
+From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:49:18 +0200
+Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
+ command: use_2to3 is invalid (setuptools 58+)
+
+---
+ setup.py | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index f4c2550f6f..98413273c5 100755
+--- a/setup.py
++++ b/setup.py
+@@ -48,7 +48,7 @@
+ from glob import glob
+ 
+ from fail2ban.setup import updatePyExec
+-
++from fail2ban.version import version
+ 
+ source_dir = os.path.realpath(os.path.dirname(
+ 	# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
+@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
+ # Wrapper to specify fail2ban own options:
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+-		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
+ 		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+-		self.disable_2to3 = None
+ 		self.without_tests = not with_tests
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+-		global _2to3
+-		## in the test cases 2to3 should be already done (fail2ban-2to3):
+-		if self.disable_2to3:
+-			_2to3 = False
+-		if _2to3:
+-			cmdclass = self.distribution.cmdclass
+-			cmdclass['build_py'] = build_py_2to3
+-			cmdclass['build_scripts'] = build_scripts_2to3
+ 		if self.without_tests:
+ 			self.distribution.scripts.remove('bin/fail2ban-testcases')
+ 
+@@ -178,7 +168,6 @@ def run(self):
+ if setuptools:
+ 	setup_extra = {
+ 		'test_suite': "fail2ban.tests.utils.gatherTests",
+-		'use_2to3': True,
+ 	}
+ else:
+ 	setup_extra = {}
+@@ -202,9 +191,6 @@ def run(self):
+ 		('/usr/share/doc/fail2ban', doc_files)
+ 	)
+ 
+-# Get version number, avoiding importing fail2ban.
+-# This is due to tests not functioning for python3 as 2to3 takes place later
+-exec(open(join("fail2ban", "version.py")).read())
+ 
+ setup(
+ 	name = "fail2ban",
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
new file mode 100644
index 0000000000..91d973e72e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
@@ -0,0 +1,48 @@ 
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1f..39fc795865 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
+ 	Thereby respect possible run in the test-cases (alternate date used there)
+ 	"""
+ 	cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++	def grp(exprset):
++		c = None
++		if len(exprset) > 1:
++			for i in exprset:
++				if c is None or i[0:-1] == c:
++					c = i[0:-1]
++				else:
++					c = None
++					break
++			if not c:
++				for i in exprset:
++					if c is None or i[0] == c:
++						c = i[0]
++					else:
++						c = None
++						break
++			if c:
++				return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
++		return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
++			if len(exprset) > 1 else "".join(exprset)
+ 	exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ 	if len(now) and now[1]:
+-		exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+-	return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
++		exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
++	return grp(sorted(list(exprset)))
+ 
+ timeRE = TimeRE()
+ 
diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
new file mode 100644
index 0000000000..8c2a5747ba
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
@@ -0,0 +1,32 @@ 
+From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001
+From: muradm <mail@muradm.net>
+Date: Fri, 15 Jul 2022 20:08:14 +0300
+Subject: [PATCH] Add paths-guix.conf file.
+
+---
+ config/paths-guix.conf | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+ create mode 100644 config/paths-guix.conf
+
+diff --git a/config/paths-guix.conf b/config/paths-guix.conf
+new file mode 100644
+index 00000000..b4a2e9f5
+--- /dev/null
++++ b/config/paths-guix.conf
+@@ -0,0 +1,13 @@
++# Guix
++
++[INCLUDES]
++
++before = paths-common.conf
++after = paths-overrides.local
++
++
++[DEFAULT]
++
++syslog_authpriv = /var/log/secure
++syslog_mail = /var/log/maillog
++syslog_mail_warn = /var/log/maillog
+-- 
+2.36.1
+
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch
new file mode 100644
index 0000000000..723d7f7aa6
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-action.patch
@@ -0,0 +1,27 @@ 
+From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:19:24 +0100
+Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
+ moved to the :mod:`collections.abc` module
+
+(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
+---
+ fail2ban/server/action.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
+index 3bc48fe046..f0f1e6f59a 100644
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,10 @@
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++try:
++	from collections.abc import MutableMapping
++except ImportError:
++	from collections import MutableMapping
+ 
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch
new file mode 100644
index 0000000000..e31316d28b
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch
@@ -0,0 +1,25 @@ 
+From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:25:45 +0100
+Subject: [PATCH] amend for `Mapping`
+
+---
+ fail2ban/server/actions.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
+index b7b95b445a..897d907c1a 100644
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,10 @@
+ import os
+ import sys
+ import time
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ try:
+ 	from collections import OrderedDict
+ except ImportError:
diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch b/gnu/packages/patches/fail2ban-python310-server-jails.patch
new file mode 100644
index 0000000000..e5873c415e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch
@@ -0,0 +1,25 @@ 
+From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:35:59 +0100
+Subject: [PATCH] amend for `Mapping` (jails)
+
+---
+ fail2ban/server/jails.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
+index 972a8c4bd2..27e12ddf65 100644
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,10 @@
+ __license__ = "GPL"
+ 
+ from threading import Lock
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ 
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail