From owner-svn-ports-all@freebsd.org  Mon Jul 24 10:56:17 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7E4BC7AC97;
 Mon, 24 Jul 2017 10:56:17 +0000 (UTC)
 (envelope-from woodsb02@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B1D0E63E64;
 Mon, 24 Jul 2017 10:56:17 +0000 (UTC)
 (envelope-from woodsb02@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v6OAuGoK044943;
 Mon, 24 Jul 2017 10:56:16 GMT (envelope-from woodsb02@FreeBSD.org)
Received: (from woodsb02@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v6OAuGFC044939;
 Mon, 24 Jul 2017 10:56:16 GMT (envelope-from woodsb02@FreeBSD.org)
Message-Id: <201707241056.v6OAuGFC044939@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: woodsb02 set sender to
 woodsb02@FreeBSD.org using -f
From: Ben Woods <woodsb02@FreeBSD.org>
Date: Mon, 24 Jul 2017 10:56:16 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r446517 - in head: . security/sshguard
 security/sshguard/files
X-SVN-Group: ports-head
X-SVN-Commit-Author: woodsb02
X-SVN-Commit-Paths: in head: . security/sshguard security/sshguard/files
X-SVN-Commit-Revision: 446517
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 10:56:17 -0000

Author: woodsb02
Date: Mon Jul 24 10:56:16 2017
New Revision: 446517
URL: https://svnweb.freebsd.org/changeset/ports/446517

Log:
  security/sshguard: Fix rc script, add UPDATING entry
  
  sshguard usually looks at sshguard.conf for a list of files to monitor,
  but lets you override it via the command line using -l arguments.
  
  This change fixes an issue with the previous rc script which was
  *always* setting the '-l' arguments even if sshguard_watch_logs wasn't
  set in rc.conf.
  
  This change also sets the defaults in the config file to match the
  former defaults in the rc script, and adds an UPDATING entry to warn
  of the change from default configuration via rc.conf the config file.
  
  PR:		220906
  Submitted by:	Dan McGregor (maintainer)
  Reported by:	chris@cretaforce.gr

Modified:
  head/UPDATING
  head/security/sshguard/Makefile
  head/security/sshguard/files/patch-examples-sshguard.conf.sample
  head/security/sshguard/files/sshguard.in

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Mon Jul 24 10:30:37 2017	(r446516)
+++ head/UPDATING	Mon Jul 24 10:56:16 2017	(r446517)
@@ -5,6 +5,23 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20170721:
+  AFFECTS: users of security/sshguard*
+  AUTHOR: dan.mcgregir@usask.ca
+
+  security/sshguard was updated to 2.0.0, and security/sshguard-pf,
+  security/sshguard-ipfw, and security/sshguard-null have been merged into
+  security/sshguard.
+
+  Configuration of the service is now handled in ${PREFIX}/etc/sshguard.conf.
+  Please select the desired backend, -null is selected by default.
+
+  In order to upgrade from 1.7.1 change the origin to security/sshguard
+
+  # pkg set -o security/sshguard-ipfw:security/sshguard
+  # pkg set -o security/sshguard-null:security/sshguard
+  # pkg set -o security/sshguard-pf:security/sshguard
+
 20170717:
   AFFECTS: users of devel/p5-Log-Any and devel/p5-Log-Any-Adapter-Syslog
   AUTHOR: eugen@FreeBSD.org

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Mon Jul 24 10:30:37 2017	(r446516)
+++ head/security/sshguard/Makefile	Mon Jul 24 10:56:16 2017	(r446517)
@@ -3,6 +3,7 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	2.0.0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 
@@ -21,6 +22,7 @@ SUB_FILES=	pkg-message
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst
+	@${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|' ${WRKSRC}/examples/sshguard.conf.sample
 
 post-install:
 	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc

Modified: head/security/sshguard/files/patch-examples-sshguard.conf.sample
==============================================================================
--- head/security/sshguard/files/patch-examples-sshguard.conf.sample	Mon Jul 24 10:30:37 2017	(r446516)
+++ head/security/sshguard/files/patch-examples-sshguard.conf.sample	Mon Jul 24 10:56:16 2017	(r446517)
@@ -14,7 +14,7 @@ index d881e51..87b7acc 100644
  # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
  # (optional, no default)
 -#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
-+#FILES="/var/log/auth.log /var/log/maillog"
++FILES="/var/log/auth.log /var/log/maillog"
  
  # Shell command that provides logs on standard output. Takes precedence over
  # FILES. (optional, no default)

Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in	Mon Jul 24 10:30:37 2017	(r446516)
+++ head/security/sshguard/files/sshguard.in	Mon Jul 24 10:56:16 2017	(r446517)
@@ -40,24 +40,21 @@
 # sshguard_pidfile (str):	Path to PID file.
 #				Set to "/var/run/sshguard.pid" by default
 # sshguard_watch_logs (str):	Colon splitted list of logs to watch.
-#				Set to "/var/log/auth.log:/var/log/maillog"
-#				by default.
+#				Unset by default. Overrides the configuration file.
 # The following options directly maps to their command line options,
-# please read manual page sshguard(8) for detailed information:
+# and override the configuration file, so most are unset by default.
+# Please read manual page sshguard(8) for detailed information:
 # sshguard_blacklist (str):	[thr:]/path/to/blacklist.
 #				Set to "30:/var/db/sshguard/blacklist.db"
 #				by default.
-# sshguard_danger_thresh (int):	Danger threshold.  Set to "30" by default.
+# sshguard_danger_thresh (int):	Danger threshold.
 # sshguard_release_interval (int):
 #				Minimum interval an address remains
-#				blocked.  Set to "120" by default.
+#				blocked.
 # sshguard_reset_interval (int):
 #				Interval before a suspected attack is
 #				forgotten and danger is reset to 0.
-#				Set to "1800" by default.
 # sshguard_whitelistfile (str):	Path to the whitelist.
-#				Set to "%%PREFIX%%/etc/sshguard.whitelist"
-#				by default.
 # sshguard_flags (str):		Set additional command line arguments.
 #
 
@@ -71,11 +68,11 @@ load_rc_config sshguard
 
 : ${sshguard_enable:=NO}
 : ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db}
-: ${sshguard_danger_thresh=30}
-: ${sshguard_release_interval=120}
-: ${sshguard_reset_interval=1800}
-: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
-: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}
+: ${sshguard_danger_thresh=}
+: ${sshguard_release_interval=}
+: ${sshguard_reset_interval=}
+: ${sshguard_whitelistfile=}
+: ${sshguard_watch_logs=}
 
 pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
 
@@ -83,7 +80,7 @@ command=/usr/sbin/daemon
 actual_command="%%PREFIX%%/sbin/sshguard"
 procname="%%PREFIX%%/libexec/sshg-blocker"
 start_precmd=sshguard_prestart
-command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
+command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}"
 
 sshguard_prestart()
 {
@@ -96,9 +93,26 @@ sshguard_prestart()
 	    sshguard_blacklist_params="-b ${sshguard_blacklist}"
 	fi
 
-	[ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile}
+	if [ ! -z ${sshguard_whitelistfile} ]; then
+		[ -e "${sshguard_whitelistfile}" ] || touch ${sshguard_whitelistfile}
+		sshguard_whitelist_params="-w ${sshguard_whitelistfile}"
+	fi
 
-	sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ )
+	if [ ! -z ${sshguard_danger_thresh} ]; then
+		sshguard_danger_params="-a ${sshguard_danger_thresh}"
+	fi
+
+	if [ ! -z ${sshguard_release_interval} ]; then
+		sshguard_release_params="-p ${sshguard_release_interval}"
+	fi
+
+	if [ ! -z ${sshguard_reset_interval} ]; then
+		sshguard_reset_params="-s ${sshguard_reset_interval}"
+	fi
+
+	if [ ! -z "${sshguard_watch_logs}" ]; then
+		sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ )
+	fi
 }
 
 run_rc_command "$1"