From owner-svn-ports-head@freebsd.org Fri Jul 19 02:09:12 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9ADAFB6A8C; Fri, 19 Jul 2019 02:09:12 +0000 (UTC) (envelope-from adamw@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7966C82ADA; Fri, 19 Jul 2019 02:09:12 +0000 (UTC) (envelope-from adamw@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 508A5198D1; Fri, 19 Jul 2019 02:09:12 +0000 (UTC) (envelope-from adamw@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6J29CuI088517; Fri, 19 Jul 2019 02:09:12 GMT (envelope-from adamw@FreeBSD.org) Received: (from adamw@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6J29Bwf088516; Fri, 19 Jul 2019 02:09:11 GMT (envelope-from adamw@FreeBSD.org) Message-Id: <201907190209.x6J29Bwf088516@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: adamw set sender to adamw@FreeBSD.org using -f From: Adam Weinberger Date: Fri, 19 Jul 2019 02:09:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r506904 - in head/security/sshguard: . files X-SVN-Group: ports-head X-SVN-Commit-Author: adamw X-SVN-Commit-Paths: in head/security/sshguard: . files X-SVN-Commit-Revision: 506904 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 7966C82ADA X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.956,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jul 2019 02:09:12 -0000 Author: adamw Date: Fri Jul 19 02:09:11 2019 New Revision: 506904 URL: https://svnweb.freebsd.org/changeset/ports/506904 Log: sshguard: Fix rc(8) script, broken in update and then broken further in followup commits Also clean up some comments while here. PR: 238458 Submitted by: Kevin Zheng Deleted: head/security/sshguard/files/patch-src-sshguard.in Modified: head/security/sshguard/Makefile head/security/sshguard/files/sshguard.in Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Fri Jul 19 00:20:11 2019 (r506903) +++ head/security/sshguard/Makefile Fri Jul 19 02:09:11 2019 (r506904) @@ -3,6 +3,7 @@ PORTNAME= sshguard PORTVERSION= 2.4.0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} Modified: head/security/sshguard/files/sshguard.in ============================================================================== --- head/security/sshguard/files/sshguard.in Fri Jul 19 00:20:11 2019 (r506903) +++ head/security/sshguard/files/sshguard.in Fri Jul 19 02:09:11 2019 (r506904) @@ -39,17 +39,17 @@ # Set it to "YES" to enable sshguard # sshguard_pidfile (str): Path to PID file. # Set to "/var/run/sshguard.pid" by default -# sshguard_watch_logs (str): Colon splitted list of logs to watch. +# sshguard_watch_logs (str): Colon-splitted list of logs to watch. # Unset by default. Overrides the configuration file. -# The following options directly maps to their command line options, +# The following options directly map to their command line options, # and override the configuration file, so most are unset by default. -# Please read manual page sshguard(8) for detailed information: -# sshguard_blacklist (str): [thr:]/path/to/blacklist. +# Please read the sshguard(8) manual page for detailed information: +# sshguard_blacklist (str): [threshold:]/path/to/blacklist. # Set to "30:/var/db/sshguard/blacklist.db" # by default. # sshguard_danger_thresh (int): Danger threshold. # sshguard_release_interval (int): -# Minimum interval an address remains +# Minimum interval (in sec) an address remains # blocked. # sshguard_reset_interval (int): # Interval before a suspected attack is @@ -58,35 +58,33 @@ # sshguard_flags (str): Set additional command line arguments. # - . /etc/rc.subr name=sshguard rcvar=sshguard_enable +set_rcvar sshguard_blacklist "120:/var/db/sshguard/blacklist.db" "Blacklisting threshold and path to blacklist file (colon-separated)" +set_rcvar sshguard_danger_thresh "" "Attack threshold" +set_rcvar sshguard_pidfile "/var/run/sshguard.pid" "Path to PID file" +set_rcvar sshguard_release_interval "" "Time before releasing first-time attackers (s)" +set_rcvar sshguard_reset_interval "" "Time before forgetting attackers (s)" +set_rcvar sshguard_watch_logs "" "Log files to monitor, overriding sshguard.conf (space-separated)" +set_rcvar sshguard_whitelistfile "" "Path to whitelist" + load_rc_config sshguard -: ${sshguard_enable:=NO} -: ${sshguard_blacklist=120:/var/db/sshguard/blacklist.db} -: ${sshguard_danger_thresh=} -: ${sshguard_release_interval=} -: ${sshguard_reset_interval=} -: ${sshguard_whitelistfile=} -: ${sshguard_watch_logs=} +pidfile=${sshguard_pidfile} -pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} - command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" procname="/bin/sh" start_precmd=sshguard_prestart -stop_cmd=sshguard_stop -command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}" +command_args="-c -f ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}" sshguard_prestart() { # Clear rc_flags so sshguard_flags can be passed to sshguard - # instaed of daemon(8) + # instead of daemon(8) rc_flags="" if [ ! -z ${sshguard_blacklist} ]; then @@ -114,13 +112,6 @@ sshguard_prestart() if [ ! -z "${sshguard_watch_logs}" ]; then sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ) fi -} - -sshguard_stop() -{ - sshg_blocker="%%PREFIX%%/libexec/sshg-blocker" - rc_pid="$(check_process ${sshg_blocker})" - kill $sig_stop "$rc_pid" } run_rc_command "$1"