Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Jul 2017 17:44:42 +0000
From:      "McGregor, Dan" <dkm560@mail.usask.ca>
To:        Adam Weinberger <adamw@adamw.org>, Mark Felder <feld@FreeBSD.org>
Cc:        "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "svn-ports-all@freebsd.org" <svn-ports-all@freebsd.org>, "svn-ports-head@freebsd.org" <svn-ports-head@freebsd.org>
Subject:   Re: svn commit: r446263 - in head: . security security/sshguard security/sshguard/files
Message-ID:  <1500659082046.53330@mail.usask.ca>
In-Reply-To: <A031266C-7CDE-45BB-9BAA-1B60AC049FDE@adamw.org>
References:  <201707201534.v6KFY9S4093093@repo.freebsd.org>, <A031266C-7CDE-45BB-9BAA-1B60AC049FDE@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
=0A=
________________________________________=0A=
From: Adam Weinberger <adamw@adamw.org>=0A=
Sent: July 20, 2017 10:10 PM=0A=
To: Mark Felder; McGregor, Dan=0A=
Cc: ports-committers@freebsd.org; svn-ports-all@freebsd.org; svn-ports-head=
@freebsd.org=0A=
Subject: Re: svn commit: r446263 - in head: . security security/sshguard se=
curity/sshguard/files=0A=
=0A=
> On 20 Jul, 2017, at 9:34, Mark Felder <feld@FreeBSD.org> wrote:=0A=
>=0A=
> Author: feld=0A=
> Date: Thu Jul 20 15:34:08 2017=0A=
> New Revision: 446263=0A=
> URL: https://svnweb.freebsd.org/changeset/ports/446263=0A=
>=0A=
> Log:=0A=
>  security/sshguard: Update to 2.0.0=0A=
>=0A=
>  PR:          219409=0A=
=0A=
Dan,=0A=
=0A=
Something for UPDATING would be pretty reasonable here, given that (a) peop=
le will have to manually uninstall sshguard-* and install sshguard, (b) use=
r intervention is required to reconfigure sshguard in a new sshguard.conf f=
ile, and (c) "service sshguard ..." is broken unless PID_FILE is uncommente=
d in that sshguard.conf.=0A=
=0A=
Can you write up some UPDATING text, and take a look at the PID_FILE issue?=
=0A=
=0A=
# Adam=0A=
=0A=
=0A=
=0A=
Yes, I'm writing something now. There's been some discussion on the sshguar=
d mailing list too.=0A=
=0A=
=0A=
--=0A=
Adam Weinberger=0A=
adamw@adamw.org=0A=
https://www.adamw.org=0A=
=0A=
=0A=
=0A=
>=0A=
> Added:=0A=
>  head/security/sshguard/files/patch-examples-sshguard.conf.sample   (cont=
ents, props changed)=0A=
>  head/security/sshguard/files/patch-src-sshguard.in   (contents, props ch=
anged)=0A=
>  head/security/sshguard/pkg-plist   (contents, props changed)=0A=
> Modified:=0A=
>  head/MOVED=0A=
>  head/security/Makefile=0A=
>  head/security/sshguard/Makefile=0A=
>  head/security/sshguard/distinfo=0A=
>  head/security/sshguard/files/pkg-message.in=0A=
>  head/security/sshguard/files/sshguard.in=0A=
>=0A=
> Modified: head/MOVED=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/MOVED        Thu Jul 20 15:30:52 2017        (r446262)=0A=
> +++ head/MOVED        Thu Jul 20 15:34:08 2017        (r446263)=0A=
> @@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has ex=
pir=0A=
> multimedia/banshee||2017-07-13|Has expired: Project is not being actively=
 maintained upstream anymore=0A=
> www/libhtp-suricata||2017-07-16|No longer required. security/suricata now=
 uses official (not forked) libhtp=0A=
> databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with Py=
PI scheme=0A=
> +security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with security=
/sshguard=0A=
> +security/sshguard-pf|security/sshguard|2017-07-20|Merged with security/s=
shguard=0A=
> +security/sshguard-null|security/sshguard|2017-07-20|Merged with security=
/sshguard=0A=
>=0A=
> Modified: head/security/Makefile=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/security/Makefile    Thu Jul 20 15:30:52 2017        (r446262)=
=0A=
> +++ head/security/Makefile    Thu Jul 20 15:34:08 2017        (r446263)=
=0A=
> @@ -1153,9 +1153,6 @@=0A=
>     SUBDIR +=3D ssh_askpass_gtk2=0A=
>     SUBDIR +=3D sshblock=0A=
>     SUBDIR +=3D sshguard=0A=
> -    SUBDIR +=3D sshguard-ipfw=0A=
> -    SUBDIR +=3D sshguard-null=0A=
> -    SUBDIR +=3D sshguard-pf=0A=
>     SUBDIR +=3D sshpass=0A=
>     SUBDIR +=3D ssl-admin=0A=
>     SUBDIR +=3D sslscan=0A=
>=0A=
> Modified: head/security/sshguard/Makefile=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/security/sshguard/Makefile   Thu Jul 20 15:30:52 2017        (r4=
46262)=0A=
> +++ head/security/sshguard/Makefile   Thu Jul 20 15:34:08 2017        (r4=
46263)=0A=
> @@ -2,62 +2,28 @@=0A=
> # $FreeBSD$=0A=
>=0A=
> PORTNAME=3D     sshguard=0A=
> -PORTVERSION=3D 1.7.1=0A=
> -PORTREVISION=3D        0=0A=
> +PORTVERSION=3D 2.0.0=0A=
> CATEGORIES=3D   security=0A=
> MASTER_SITES=3D SF/sshguard/sshguard/${PORTVERSION}=0A=
>=0A=
> -MAINTAINER=3D  ports@FreeBSD.org=0A=
> -COMMENT?=3D    Protect hosts from brute force attacks against ssh and ot=
her services=0A=
> +MAINTAINER=3D  dan.mcgregor@usask.ca=0A=
> +COMMENT=3D     Protect hosts from brute force attacks against ssh and ot=
her services=0A=
>=0A=
> -SSHGUARDFW?=3D none=0A=
> -=0A=
> -# If SSHGUARDFW is not set by a slave port, then we only use the=0A=
> -# following which makes this a metaport to choose a backend=0A=
> -.if ${SSHGUARDFW} =3D=3D none=0A=
> -NO_BUILD=3DYES=0A=
> -NO_INSTALL=3DYES=0A=
> -NO_ARCH=3DYES=0A=
> -=0A=
> -OPTIONS_SINGLE=3D      BACKEND=0A=
> -OPTIONS_SINGLE_BACKEND=3D      IPFW NULL PF=0A=
> -OPTIONS_DEFAULT=3D     IPFW=0A=
> -=0A=
> -IPFW_DESC=3D   IPFW firewall backend=0A=
> -NULL_DESC=3D   null firewall backend (detection only)=0A=
> -PF_DESC=3D     pf firewall backend=0A=
> -=0A=
> -IPFW_RUN_DEPENDS=3D    sshguard-ipfw>0:security/sshguard-ipfw=0A=
> -NULL_RUN_DEPENDS=3D    sshguard-null>0:security/sshguard-null=0A=
> -PF_RUN_DEPENDS=3D              sshguard-pf>0:security/sshguard-pf=0A=
> -=0A=
> -.include <bsd.port.options.mk>=0A=
> -=0A=
> -# The remaining settings are used by the slave ports=0A=
> -.else=0A=
> -=0A=
> LICENSE=3D      BSD2CLAUSE=0A=
>=0A=
> USES=3D         autoreconf=0A=
>=0A=
> -PLIST_FILES=3D libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser =
\=0A=
> -             sbin/sshguard man/man8/sshguard.8.gz=0A=
> -=0A=
> USE_RC_SUBR=3D  sshguard=0A=
> MAKE_ARGS+=3D   ACLOCAL=3D"${TRUE}" AUTOCONF=3D"${TRUE}" AUTOMAKE=3D"${TR=
UE}"=0A=
> GNU_CONFIGURE=3D        yes=0A=
> -CONFIGURE_ARGS+=3D--with-firewall=3D${SSHGUARDFW}=0A=
>=0A=
> -SUB_LIST+=3D   PKGMSG_FWBLOCK=3D${PKGMSG_FWBLOCK}=0A=
> SUB_FILES=3D    pkg-message=0A=
> -.endif=0A=
>=0A=
> -.if ${SSHGUARDFW} =3D=3D pf=0A=
> -PKGMSG_FWBLOCK=3D"  To activate or configure PF see http://www.sshguard.=
net/docs/setup/firewall/pf/"=0A=
> -.elif ${SSHGUARDFW} =3D=3D ipfw=0A=
> -PKGMSG_FWBLOCK=3D"  IPFW support has been rewritten. Sshguard will now a=
dd entries to table 22."=0A=
> -.elif ${SSHGUARDFW} =3D=3D null=0A=
> -PKGMSG_FWBLOCK=3D"  Sshguard null backend does detection only. It does n=
ot take action."=0A=
> -.endif=0A=
> +post-patch:=0A=
> +     @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard=
.8.rst=0A=
> +=0A=
> +post-install:=0A=
> +     ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc=0A=
> +     ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDI=
R}${PREFIX}/etc=0A=
>=0A=
> .include <bsd.port.mk>=0A=
>=0A=
> Modified: head/security/sshguard/distinfo=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/security/sshguard/distinfo   Thu Jul 20 15:30:52 2017        (r4=
46262)=0A=
> +++ head/security/sshguard/distinfo   Thu Jul 20 15:34:08 2017        (r4=
46263)=0A=
> @@ -1,3 +1,3 @@=0A=
> -TIMESTAMP =3D 1483998292=0A=
> -SHA256 (sshguard-1.7.1.tar.gz) =3D 2e527589c9b33219222d827dff63974229d04=
4de945729aa47271c4a29aaa195=0A=
> -SIZE (sshguard-1.7.1.tar.gz) =3D 832220=0A=
> +TIMESTAMP =3D 1500391750=0A=
> +SHA256 (sshguard-2.0.0.tar.gz) =3D e87c6c4a6dddf06f440ea76464eb6197869c0=
293f0a60ffa51f8a6a0d7b0cb06=0A=
> +SIZE (sshguard-2.0.0.tar.gz) =3D 886995=0A=
>=0A=
> Added: head/security/sshguard/files/patch-examples-sshguard.conf.sample=
=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- /dev/null 00:00:00 1970   (empty, because file is newly added)=0A=
> +++ head/security/sshguard/files/patch-examples-sshguard.conf.sample  Thu=
 Jul 20 15:34:08 2017        (r446263)=0A=
> @@ -0,0 +1,36 @@=0A=
> +diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample=
=0A=
> +index d881e51..87b7acc 100644=0A=
> +--- examples/sshguard.conf.sample=0A=
> ++++ examples/sshguard.conf.sample=0A=
> +@@ -6,11 +6,13 @@=0A=
> +=0A=
> + #### REQUIRED CONFIGURATION ####=0A=
> + # Full path to backend executable (required, no default)=0A=
> +-#BACKEND=3D"/usr/local/libexec/sshg-fw-hosts"=0A=
> ++BACKEND=3D"/usr/local/libexec/sshg-fw-null"=0A=
> ++#BACKEND=3D"/usr/local/libexec/sshg-fw-ipfw"=0A=
> ++#BACKEND=3D"/usr/local/libexec/sshg-fw-pf"=0A=
> +=0A=
> + # Space-separated list of log files to monitor. Ignored if LOGREADER is=
 set.=0A=
> + # (optional, no default)=0A=
> +-#FILES=3D"/var/log/auth.log /var/log/authlog /var/log/maillog"=0A=
> ++#FILES=3D"/var/log/auth.log /var/log/maillog"=0A=
> +=0A=
> + # Shell command that provides logs on standard output. Takes precedence=
 over=0A=
> + # FILES. (optional, no default)=0A=
> +@@ -36,12 +38,12 @@ DETECTION_TIME=3D1800=0A=
> + # !! Warning: These features may not work correctly with sandboxing. !!=
=0A=
> +=0A=
> + # Full path to PID file (optional, no default)=0A=
> +-#PID_FILE=3D/run/sshguard.pid=0A=
> ++#PID_FILE=3D/var/run/sshguard.pid=0A=
> +=0A=
> + # Colon-separated blacklist threshold and full path to blacklist file.=
=0A=
> + # (optional, no default)=0A=
> +-#BLACKLIST_FILE=3D90:/var/lib/sshguard/enemies=0A=
> ++#BLACKLIST_FILE=3D30:/var/db/sshguard/blacklist.db=0A=
> +=0A=
> + # IP addresses listed in the WHITELIST_FILE are considered to be=0A=
> + # friendlies and will never be blocked.=0A=
> +-#WHITELIST_FILE=3D/etc/friends=0A=
> ++#WHITELIST_FILE=3D/usr/local/etc/sshguard.whitelist=0A=
>=0A=
> Added: head/security/sshguard/files/patch-src-sshguard.in=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- /dev/null 00:00:00 1970   (empty, because file is newly added)=0A=
> +++ head/security/sshguard/files/patch-src-sshguard.in        Thu Jul 20 =
15:34:08 2017        (r446263)=0A=
> @@ -0,0 +1,10 @@=0A=
> +diff --git src/sshguard.in src/sshguard.in=0A=
> +index 40c864b..249ddb5 100644=0A=
> +--- src/sshguard.in=0A=
> ++++ src/sshguard.in=0A=
> +@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then=0A=
> + fi=0A=
> +=0A=
> + eval $tailcmd | $libexec/sshg-parser | \=0A=
> +-    $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$)=0A=
> ++    $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$)=0A=
>=0A=
> Modified: head/security/sshguard/files/pkg-message.in=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/security/sshguard/files/pkg-message.in       Thu Jul 20 15:30:52=
 2017        (r446262)=0A=
> +++ head/security/sshguard/files/pkg-message.in       Thu Jul 20 15:34:08=
 2017        (r446263)=0A=
> @@ -1,12 +1,10 @@=0A=
> #########################################################################=
#=0A=
>   Sshguard installed successfully.=0A=
>=0A=
> -%%PKGMSG_FWBLOCK%%=0A=
> -=0A=
>   You can start sshguard as a daemon by using the=0A=
>   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .=0A=
>=0A=
> -  See sshguard(8) and http://www.sshguard.net/docs/setup for additional =
info.=0A=
> +  See sshguard-setup(7) and http://www.sshguard.net/docs/setup for addit=
ional info.=0A=
>=0A=
>   Please note that a few rc script parameters have been renamed to=0A=
>   better reflect the documentation:=0A=
>=0A=
> Modified: head/security/sshguard/files/sshguard.in=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- head/security/sshguard/files/sshguard.in  Thu Jul 20 15:30:52 2017   =
     (r446262)=0A=
> +++ head/security/sshguard/files/sshguard.in  Thu Jul 20 15:34:08 2017   =
     (r446263)=0A=
> @@ -81,7 +81,7 @@ pidfile=3D${sshguard_pidfile:=3D"/var/run/sshguard.pid"=
}=0A=
>=0A=
> command=3D/usr/sbin/daemon=0A=
> actual_command=3D"%%PREFIX%%/sbin/sshguard"=0A=
> -procname=3D"${actual_command}"=0A=
> +procname=3D"%%PREFIX%%/libexec/sshg-blocker"=0A=
> start_precmd=3Dsshguard_prestart=0A=
> command_args=3D"-c ${actual_command} \${sshguard_flags} \${sshguard_black=
list_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${ss=
hguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitel=
istfile} -i ${pidfile}"=0A=
>=0A=
>=0A=
> Added: head/security/sshguard/pkg-plist=0A=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=0A=
> --- /dev/null 00:00:00 1970   (empty, because file is newly added)=0A=
> +++ head/security/sshguard/pkg-plist  Thu Jul 20 15:34:08 2017        (r4=
46263)=0A=
> @@ -0,0 +1,15 @@=0A=
> +@sample etc/sshguard.conf.sample=0A=
> +sbin/sshguard=0A=
> +libexec/sshg-blocker=0A=
> +libexec/sshg-fw-firewalld=0A=
> +libexec/sshg-fw-hosts=0A=
> +libexec/sshg-fw-ipfilter=0A=
> +libexec/sshg-fw-ipfw=0A=
> +libexec/sshg-fw-ipset=0A=
> +libexec/sshg-fw-iptables=0A=
> +libexec/sshg-fw-null=0A=
> +libexec/sshg-fw-pf=0A=
> +libexec/sshg-logtail=0A=
> +libexec/sshg-parser=0A=
> +man/man7/sshguard-setup.7.gz=0A=
> +man/man8/sshguard.8.gz=0A=
>=0A=
=0A=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1500659082046.53330>