[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#56579] [PATCH v5] gnu: admin: Add fail2ban 0.11.2.
From: |
muradm |
Subject: |
[bug#56579] [PATCH v5] gnu: admin: Add fail2ban 0.11.2. |
Date: |
Sun, 17 Jul 2022 05:30:40 +0300 |
* gnu/packages/admin.scm (fail2ban): New variable.
---
gnu/packages/admin.scm | 195 ++++++++++++++++++
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 ++++++++++++++
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 ++++++
.../fail2ban-0.11.2_fix-test-suite.patch | 48 +++++
.../patches/fail2ban-paths-guix-conf.patch | 32 +++
.../fail2ban-python310-server-action.patch | 27 +++
.../fail2ban-python310-server-actions.patch | 25 +++
.../fail2ban-python310-server-jails.patch | 25 +++
8 files changed, 571 insertions(+)
create mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
create mode 100644
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
create mode 100644 gnu/packages/patches/fail2ban-paths-guix-conf.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 88cb8fded9..4e2b7b081a 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -100,6 +100,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages cross-base)
#:use-module (gnu packages crypto)
#:use-module (gnu packages cryptsetup)
+ #:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages dns)
#:use-module (gnu packages elf)
@@ -134,6 +135,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages mcrypt)
#:use-module (gnu packages mpi)
#:use-module (gnu packages ncurses)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages openldap)
#:use-module (gnu packages patchutils)
#:use-module (gnu packages pciutils)
@@ -152,6 +154,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages ruby)
#:use-module (gnu packages selinux)
#:use-module (gnu packages serialization)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages ssh)
#:use-module (gnu packages sphinx)
#:use-module (gnu packages tcl)
@@ -5231,3 +5234,195 @@ (define-public seatd
mediate access to shared devices, such as graphics and input, for applications
that require it.")
(license license:expat)))
+
+(define-public fail2ban
+ (package
+ (name "fail2ban")
+ (version "0.11.2")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/fail2ban/fail2ban")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; get rid of absolute paths
+ (substitute* "setup.py"
+ (("/etc/fail2ban") "etc/fail2ban")
+ (("/var/lib/fail2ban") "var/lib/fail2ban")
+ (("\"/usr/bin/\"") "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"") "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'") "'usr/share/doc/fail2ban'"))
+ ;; disable tests performing unacceptable side-effects
+ (let ((make-suite
+ (lambda (t)
+ (string-append "tests.addTest.unittest.makeSuite." t
".."))))
+ (substitute* "fail2ban/tests/utils.py"
+ (((make-suite "actiontestcase.CommandActionTest")) "")
+ (((make-suite "misctestcase.SetupTest")) "")
+ (((make-suite "filtertestcase.DNSUtilsNetworkTests")) "")
+ (((make-suite "filtertestcase.IgnoreIPDNS")) "")
+ (((make-suite "filtertestcase.GetFailures")) "")
+ (((make-suite "fail2banclienttestcase.Fail2banServerTest")) "")
+ (((make-suite "servertestcase.ServerConfigReaderTests")) "")))))
+ (patches
+ (search-patches
+ "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
+ "fail2ban-python310-server-action.patch"
+ "fail2ban-python310-server-actions.patch"
+ "fail2ban-python310-server-jails.patch"
+ "fail2ban-0.11.2_fix-test-suite.patch"
+ "fail2ban-0.11.2_CVE-2021-32749.patch"
+ "fail2ban-paths-guix-conf.patch"))))
+ (build-system python-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'build 'invoke-2to3
+ (lambda _
+ (invoke "./fail2ban-2to3")))
+ (add-before 'install 'fix-default-config
+ (lambda* (#:key outputs #:allow-other-keys)
+ (for-each
+ (lambda (f)
+ (substitute* f
+ (("/etc/fail2ban")
+ (string-append
+ (assoc-ref outputs "out")
+ "/etc/fail2ban"))))
+ '("config/paths-common.conf"
+ "fail2ban/tests/utils.py"
+ "fail2ban/client/configreader.py"
+ "fail2ban/client/fail2bancmdline.py"
+ "fail2ban/client/fail2banregex.py"))))
+ (add-after 'fix-default-config 'set-action-dependencies
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (with-directory-excursion "config"
+ (for-each delete-file '("paths-arch.conf"
+ "paths-debian.conf"
+ "paths-fedora.conf"
+ "paths-freebsd.conf"
+ "paths-opensuse.conf"
+ "paths-osx.conf")))
+ (with-directory-excursion "config/action.d"
+ (for-each delete-file
+ '("apf.conf"
+ "bsd-ipfw.conf"
+ "dshield.conf"
+ "ipfilter.conf"
+ "ipfw.conf"
+ "firewallcmd-allports.conf"
+ "firewallcmd-common.conf"
+ "firewallcmd-ipset.conf"
+ "firewallcmd-multiport.conf"
+ "firewallcmd-new.conf"
+ "firewallcmd-rich-logging.conf"
+ "firewallcmd-rich-rules.conf"
+ "osx-afctl.conf"
+ "osx-ipfw.conf"
+ "pf.conf"
+ "nginx-block-map.conf"
+ "npf.conf"
+ "shorewall.conf"
+ "shorewall-ipset-proto6.conf"
+ "ufw.conf")))
+ (let* ((lookup-cmd (lambda (i) (search-input-file inputs
i)))
+ (bin (lambda (i) (lookup-cmd (string-append
"/bin/" i))))
+ (sbin (lambda (i) (lookup-cmd (string-append
"/sbin/" i))))
+ (ip (sbin "ip"))
+ (sendmail (sbin "sendmail")))
+ (for-each
+ (lambda (f)
+ (substitute* f
+ ;; TODO: deal with geoiplookup ..
+ (("(awk|curl|dig|jq)" all cmd)
+ (bin cmd))
+ (("(cat|echo|grep|head|printf|wc) " all cmd)
+ (string-append (bin cmd) " "))
+ ((" (date|rm|sed|tail|touch|tr) " all cmd)
+ (string-append " " (bin cmd) " "))
+ (("cut -d")
+ (string-append (bin "cut") " -d"))
+ (("`date`")
+ (string-append "`" (bin "date") "`"))
+ (("id -")
+ (string-append (bin "id") " -"))
+ (("ip -([46]) addr" all ver)
+ (string-append ip " -" ver " addr"))
+ (("ip route")
+ (string-append ip " route"))
+ (("ipset ")
+ (string-append (sbin "ipset") " "))
+ (("(iptables|ip6tables) <" all cmd)
+ (string-append (sbin cmd) " <"))
+ (("/usr/bin/nsupdate") (bin "nsupdate"))
+ (("mail -E")
+ (string-append sendmail " -E"))
+ (("nftables = nft")
+ (string-append "nftables = " (sbin "nft")))
+ (("perl -e")
+ (string-append (bin "perl") " -e"))
+ (("/usr/sbin/sendmail") sendmail)
+ (("test -e")
+ (string-append (bin "test") " -e"))
+ (("_whois = whois")
+ (string-append "_whois = " (bin "whois")))))
+ (find-files "config/action.d" "\\.conf$")))
+ (substitute* "config/jail.conf"
+ (("before = paths-debian.conf") "before =
paths-guix.conf"))))
+ (add-after 'install 'copy-man-pages
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((man (string-append (assoc-ref outputs "out")
"/man"))
+ (install-man
+ (lambda (m)
+ (lambda (f)
+ (install-file
+ (string-append f "." m)
+ (string-append man "/man" m)))))
+ (install-man1 (install-man "1"))
+ (install-man5 (install-man "5")))
+ (with-directory-excursion "man"
+ (for-each install-man1 '("fail2ban"
+ "fail2ban-client"
+ "fail2ban-python"
+ "fail2ban-regex"
+ "fail2ban-server"
+ "fail2ban-testcases"))
+ (for-each install-man5 '("jail.conf")))))))))
+ (inputs (list
+ gawk
+ coreutils
+ curl
+ grep
+ jq
+ iproute
+ ipset
+ iptables
+ `(,isc-bind "utils")
+ nftables
+ perl
+ python-pyinotify
+ sed
+ sendmail
+ sqlite
+ whois))
+ (home-page "http://www.fail2ban.org")
+ (synopsis "Daemon to ban hosts that cause multiple authentication errors")
+ (description "Fail2Ban scans log files like /var/log/auth.log and bans IP
+addresses conducting too many failed login attempts. It does this by updating
+system firewall rules to reject new connections from those IP addresses, for
+a configurable amount of time. Fail2Ban comes out-of-the-box ready to read
+many standard log files, such as those for sshd and Apache, and is easily
+configured to read any log file of your choosing, for any error you wish.
+
+Though Fail2Ban is able to reduce the rate of incorrect authentication
+attempts, it cannot eliminate the risk presented by weak authentication. Set
+up services to use only two factor, or public/private authentication
+mechanisms if you really want to protect services.")
+ (license license:gpl2)))
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
new file mode 100644
index 0000000000..d3c677918c
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
@@ -0,0 +1,155 @@
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+---
+ config/action.d/complain.conf | 2 +-
+ config/action.d/dshield.conf | 2 +-
+ config/action.d/mail-buffered.conf | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf | 6 +++---
+ config/action.d/mail.conf | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
++++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Option: mailargs
+ # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
++++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Option: mailargs
+ # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf
b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
++++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Output will be buffered until <lines> lines are available.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>:
Summary from <fq-hostname>" <dest>
+ rm <tmpfile>
+ fi
+ printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures>
failures)\n" >> <tmpfile>
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ \nRegards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>:
Summary" <dest>
+ rm <tmpfile>
+ fi
+
+diff --git a/config/action.d/mail-whois-lines.conf
b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
++++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
++++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+ Here is more information about <ip> :\n
+ `%(_whois_command)s`\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip>
from <fq-hostname>" <dest>
+
+ # Option: actionunban
+ # Notes.: command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
++++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip>
from <fq-hostname>" <dest>
+
+ # Option: actionunban
+ # Notes.: command executed when unbanning an IP. Take care that the
diff --git
a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
new file mode 100644
index 0000000000..b0b14364b1
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
@@ -0,0 +1,64 @@
+From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:49:18 +0200
+Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
+ command: use_2to3 is invalid (setuptools 58+)
+
+---
+ setup.py | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index f4c2550f6f..98413273c5 100755
+--- a/setup.py
++++ b/setup.py
+@@ -48,7 +48,7 @@
+ from glob import glob
+
+ from fail2ban.setup import updatePyExec
+-
++from fail2ban.version import version
+
+ source_dir = os.path.realpath(os.path.dirname(
+ # __file__ seems to be overwritten sometimes on some python versions
(e.g. bug of 2.6 by running under cProfile, etc.):
+@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
+ # Wrapper to specify fail2ban own options:
+ class install_command_f2b(install):
+ user_options = install.user_options + [
+- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the
install runs from fail2ban test-cases.'),
+ ('without-tests', None, 'without tests files installation'),
+ ]
+ def initialize_options(self):
+- self.disable_2to3 = None
+ self.without_tests = not with_tests
+ install.initialize_options(self)
+ def finalize_options(self):
+- global _2to3
+- ## in the test cases 2to3 should be already done
(fail2ban-2to3):
+- if self.disable_2to3:
+- _2to3 = False
+- if _2to3:
+- cmdclass = self.distribution.cmdclass
+- cmdclass['build_py'] = build_py_2to3
+- cmdclass['build_scripts'] = build_scripts_2to3
+ if self.without_tests:
+
self.distribution.scripts.remove('bin/fail2ban-testcases')
+
+@@ -178,7 +168,6 @@ def run(self):
+ if setuptools:
+ setup_extra = {
+ 'test_suite': "fail2ban.tests.utils.gatherTests",
+- 'use_2to3': True,
+ }
+ else:
+ setup_extra = {}
+@@ -202,9 +191,6 @@ def run(self):
+ ('/usr/share/doc/fail2ban', doc_files)
+ )
+
+-# Get version number, avoiding importing fail2ban.
+-# This is due to tests not functioning for python3 as 2to3 takes place later
+-exec(open(join("fail2ban", "version.py")).read())
+
+ setup(
+ name = "fail2ban",
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
new file mode 100644
index 0000000000..91d973e72e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
@@ -0,0 +1,48 @@
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1f..39fc795865 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3,
now=(MyTime.now(), MyTime.alternateNo
+ Thereby respect possible run in the test-cases (alternate date used
there)
+ """
+ cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++ def grp(exprset):
++ c = None
++ if len(exprset) > 1:
++ for i in exprset:
++ if c is None or i[0:-1] == c:
++ c = i[0:-1]
++ else:
++ c = None
++ break
++ if not c:
++ for i in exprset:
++ if c is None or i[0] == c:
++ c = i[0]
++ else:
++ c = None
++ break
++ if c:
++ return "%s%s" % (c, grp([i[len(c):] for i in
exprset]))
++ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1
else "[%s]" % "".join(exprset)) \
++ if len(exprset) > 1 else "".join(exprset)
+ exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ if len(now) and now[1]:
+- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else
"".join(exprset)
++ exprset |= set( cent(now[1].year + i) for i in xrange(-1,
now[0].year-now[1].year+1, distance) )
++ return grp(sorted(list(exprset)))
+
+ timeRE = TimeRE()
+
diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch
b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
new file mode 100644
index 0000000000..8c2a5747ba
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
@@ -0,0 +1,32 @@
+From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001
+From: muradm <mail@muradm.net>
+Date: Fri, 15 Jul 2022 20:08:14 +0300
+Subject: [PATCH] Add paths-guix.conf file.
+
+---
+ config/paths-guix.conf | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+ create mode 100644 config/paths-guix.conf
+
+diff --git a/config/paths-guix.conf b/config/paths-guix.conf
+new file mode 100644
+index 00000000..b4a2e9f5
+--- /dev/null
++++ b/config/paths-guix.conf
+@@ -0,0 +1,13 @@
++# Guix
++
++[INCLUDES]
++
++before = paths-common.conf
++after = paths-overrides.local
++
++
++[DEFAULT]
++
++syslog_authpriv = /var/log/secure
++syslog_mail = /var/log/maillog
++syslog_mail_warn = /var/log/maillog
+--
+2.36.1
+
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch
b/gnu/packages/patches/fail2ban-python310-server-action.patch
new file mode 100644
index 0000000000..723d7f7aa6
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-action.patch
@@ -0,0 +1,27 @@
+From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:19:24 +0100
+Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
+ moved to the :mod:`collections.abc` module
+
+(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
+---
+ fail2ban/server/action.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
+index 3bc48fe046..f0f1e6f59a 100644
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,10 @@
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++try:
++ from collections.abc import MutableMapping
++except ImportError:
++ from collections import MutableMapping
+
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch
b/gnu/packages/patches/fail2ban-python310-server-actions.patch
new file mode 100644
index 0000000000..e31316d28b
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch
@@ -0,0 +1,25 @@
+From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:25:45 +0100
+Subject: [PATCH] amend for `Mapping`
+
+---
+ fail2ban/server/actions.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
+index b7b95b445a..897d907c1a 100644
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,10 @@
+ import os
+ import sys
+ import time
+-from collections import Mapping
++try:
++ from collections.abc import Mapping
++except ImportError:
++ from collections import Mapping
+ try:
+ from collections import OrderedDict
+ except ImportError:
diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch
b/gnu/packages/patches/fail2ban-python310-server-jails.patch
new file mode 100644
index 0000000000..e5873c415e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch
@@ -0,0 +1,25 @@
+From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:35:59 +0100
+Subject: [PATCH] amend for `Mapping` (jails)
+
+---
+ fail2ban/server/jails.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
+index 972a8c4bd2..27e12ddf65 100644
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,10 @@
+ __license__ = "GPL"
+
+ from threading import Lock
+-from collections import Mapping
++try:
++ from collections.abc import Mapping
++except ImportError:
++ from collections import Mapping
+
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail
--
2.36.1