Date: Thu, 20 Jul 2017 15:34:09 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r446263 - in head: . security security/sshguard security/sshguard/files Message-ID: <201707201534.v6KFY9S4093093@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu Jul 20 15:34:08 2017 New Revision: 446263 URL: https://svnweb.freebsd.org/changeset/ports/446263 Log: security/sshguard: Update to 2.0.0 PR: 219409 Added: head/security/sshguard/files/patch-examples-sshguard.conf.sample (contents, props changed) head/security/sshguard/files/patch-src-sshguard.in (contents, props changed) head/security/sshguard/pkg-plist (contents, props changed) Modified: head/MOVED head/security/Makefile head/security/sshguard/Makefile head/security/sshguard/distinfo head/security/sshguard/files/pkg-message.in head/security/sshguard/files/sshguard.in Modified: head/MOVED ============================================================================== --- head/MOVED Thu Jul 20 15:30:52 2017 (r446262) +++ head/MOVED Thu Jul 20 15:34:08 2017 (r446263) @@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has expir multimedia/banshee||2017-07-13|Has expired: Project is not being actively maintained upstream anymore www/libhtp-suricata||2017-07-16|No longer required. security/suricata now uses official (not forked) libhtp databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with PyPI scheme +security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with security/sshguard +security/sshguard-pf|security/sshguard|2017-07-20|Merged with security/sshguard +security/sshguard-null|security/sshguard|2017-07-20|Merged with security/sshguard Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Thu Jul 20 15:30:52 2017 (r446262) +++ head/security/Makefile Thu Jul 20 15:34:08 2017 (r446263) @@ -1153,9 +1153,6 @@ SUBDIR += ssh_askpass_gtk2 SUBDIR += sshblock SUBDIR += sshguard - SUBDIR += sshguard-ipfw - SUBDIR += sshguard-null - SUBDIR += sshguard-pf SUBDIR += sshpass SUBDIR += ssl-admin SUBDIR += sslscan Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Thu Jul 20 15:30:52 2017 (r446262) +++ head/security/sshguard/Makefile Thu Jul 20 15:34:08 2017 (r446263) @@ -2,62 +2,28 @@ # $FreeBSD$ PORTNAME= sshguard -PORTVERSION= 1.7.1 -PORTREVISION= 0 +PORTVERSION= 2.0.0 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} -MAINTAINER= ports@FreeBSD.org -COMMENT?= Protect hosts from brute force attacks against ssh and other services +MAINTAINER= dan.mcgregor@usask.ca +COMMENT= Protect hosts from brute force attacks against ssh and other services -SSHGUARDFW?= none - -# If SSHGUARDFW is not set by a slave port, then we only use the -# following which makes this a metaport to choose a backend -.if ${SSHGUARDFW} == none -NO_BUILD=YES -NO_INSTALL=YES -NO_ARCH=YES - -OPTIONS_SINGLE= BACKEND -OPTIONS_SINGLE_BACKEND= IPFW NULL PF -OPTIONS_DEFAULT= IPFW - -IPFW_DESC= IPFW firewall backend -NULL_DESC= null firewall backend (detection only) -PF_DESC= pf firewall backend - -IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw -NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null -PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf - -.include <bsd.port.options.mk> - -# The remaining settings are used by the slave ports -.else - LICENSE= BSD2CLAUSE USES= autoreconf -PLIST_FILES= libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \ - sbin/sshguard man/man8/sshguard.8.gz - USE_RC_SUBR= sshguard MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" GNU_CONFIGURE= yes -CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} -SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message -.endif -.if ${SSHGUARDFW} == pf -PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" -.elif ${SSHGUARDFW} == ipfw -PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." -.elif ${SSHGUARDFW} == null -PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." -.endif +post-patch: + @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst + +post-install: + ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc + ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc .include <bsd.port.mk> Modified: head/security/sshguard/distinfo ============================================================================== --- head/security/sshguard/distinfo Thu Jul 20 15:30:52 2017 (r446262) +++ head/security/sshguard/distinfo Thu Jul 20 15:34:08 2017 (r446263) @@ -1,3 +1,3 @@ -TIMESTAMP = 1483998292 -SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195 -SIZE (sshguard-1.7.1.tar.gz) = 832220 +TIMESTAMP = 1500391750 +SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06 +SIZE (sshguard-2.0.0.tar.gz) = 886995 Added: head/security/sshguard/files/patch-examples-sshguard.conf.sample ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sshguard/files/patch-examples-sshguard.conf.sample Thu Jul 20 15:34:08 2017 (r446263) @@ -0,0 +1,36 @@ +diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample +index d881e51..87b7acc 100644 +--- examples/sshguard.conf.sample ++++ examples/sshguard.conf.sample +@@ -6,11 +6,13 @@ + + #### REQUIRED CONFIGURATION #### + # Full path to backend executable (required, no default) +-#BACKEND="/usr/local/libexec/sshg-fw-hosts" ++BACKEND="/usr/local/libexec/sshg-fw-null" ++#BACKEND="/usr/local/libexec/sshg-fw-ipfw" ++#BACKEND="/usr/local/libexec/sshg-fw-pf" + + # Space-separated list of log files to monitor. Ignored if LOGREADER is set. + # (optional, no default) +-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" ++#FILES="/var/log/auth.log /var/log/maillog" + + # Shell command that provides logs on standard output. Takes precedence over + # FILES. (optional, no default) +@@ -36,12 +38,12 @@ DETECTION_TIME=1800 + # !! Warning: These features may not work correctly with sandboxing. !! + + # Full path to PID file (optional, no default) +-#PID_FILE=/run/sshguard.pid ++#PID_FILE=/var/run/sshguard.pid + + # Colon-separated blacklist threshold and full path to blacklist file. + # (optional, no default) +-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies ++#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db + + # IP addresses listed in the WHITELIST_FILE are considered to be + # friendlies and will never be blocked. +-#WHITELIST_FILE=/etc/friends ++#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist Added: head/security/sshguard/files/patch-src-sshguard.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sshguard/files/patch-src-sshguard.in Thu Jul 20 15:34:08 2017 (r446263) @@ -0,0 +1,10 @@ +diff --git src/sshguard.in src/sshguard.in +index 40c864b..249ddb5 100644 +--- src/sshguard.in ++++ src/sshguard.in +@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then + fi + + eval $tailcmd | $libexec/sshg-parser | \ +- $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$) ++ $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$) Modified: head/security/sshguard/files/pkg-message.in ============================================================================== --- head/security/sshguard/files/pkg-message.in Thu Jul 20 15:30:52 2017 (r446262) +++ head/security/sshguard/files/pkg-message.in Thu Jul 20 15:34:08 2017 (r446263) @@ -1,12 +1,10 @@ ########################################################################## Sshguard installed successfully. -%%PKGMSG_FWBLOCK%% - You can start sshguard as a daemon by using the rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . - See sshguard(8) and http://www.sshguard.net/docs/setup for additional info. + See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info. Please note that a few rc script parameters have been renamed to better reflect the documentation: Modified: head/security/sshguard/files/sshguard.in ============================================================================== --- head/security/sshguard/files/sshguard.in Thu Jul 20 15:30:52 2017 (r446262) +++ head/security/sshguard/files/sshguard.in Thu Jul 20 15:34:08 2017 (r446263) @@ -81,7 +81,7 @@ pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" -procname="${actual_command}" +procname="%%PREFIX%%/libexec/sshg-blocker" start_precmd=sshguard_prestart command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" Added: head/security/sshguard/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sshguard/pkg-plist Thu Jul 20 15:34:08 2017 (r446263) @@ -0,0 +1,15 @@ +@sample etc/sshguard.conf.sample +sbin/sshguard +libexec/sshg-blocker +libexec/sshg-fw-firewalld +libexec/sshg-fw-hosts +libexec/sshg-fw-ipfilter +libexec/sshg-fw-ipfw +libexec/sshg-fw-ipset +libexec/sshg-fw-iptables +libexec/sshg-fw-null +libexec/sshg-fw-pf +libexec/sshg-logtail +libexec/sshg-parser +man/man7/sshguard-setup.7.gz +man/man8/sshguard.8.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707201534.v6KFY9S4093093>