Date: Thu, 22 May 2014 13:17:34 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r354836 - in head/security/sshguard: . files Message-ID: <201405221317.s4MDHYOi050263@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu May 22 13:17:34 2014 New Revision: 354836 URL: http://svnweb.freebsd.org/changeset/ports/354836 QAT: https://qat.redports.org/buildarchive/r354836/ Log: Adopting security/sshguard rc script passes rclint Removed clever built-in sysadmin countermeasure: Previously sshguard would automatically add a line to your /etc/syslog.conf file. You could activate sshguard by uncommenting this line. However, every time you reinstall/update sshguard this line will also be automatically removed rendering the program inactive and your system unprotected. Sponsored by: SupraNet Communications, Inc Deleted: head/security/sshguard/pkg-deinstall head/security/sshguard/pkg-install Modified: head/security/sshguard/Makefile head/security/sshguard/files/pkg-message.in head/security/sshguard/files/sshguard.in Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/Makefile Thu May 22 13:17:34 2014 (r354836) @@ -3,11 +3,11 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* @@ -32,7 +32,7 @@ PKGMSG_FWBLOCK=" To activate or configu .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" Verify that IPFW is active with \"ipfw show\"." .elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow, I have touched it for you." +PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" .elif ${SSHGUARDFW} == ipfilter PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .endif Modified: head/security/sshguard/files/pkg-message.in ============================================================================== --- head/security/sshguard/files/pkg-message.in Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/files/pkg-message.in Thu May 22 13:17:34 2014 (r354836) @@ -3,8 +3,13 @@ %%PKGMSG_FWBLOCK%% - Your /etc/syslog.conf has been added a line for sshguard; uncomment it - and use "/etc/rc.d/syslogd reload" for activating it. + If you would like to use sshguard via syslogd, add an entry to your + /etc/syslog.conf like the following: + + auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshguard + + and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add + additional arguments to the sshguard command if you so desire. Alternatively, you can also start sshguard as a daemon by using the rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . Modified: head/security/sshguard/files/sshguard.in ============================================================================== --- head/security/sshguard/files/sshguard.in Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/files/sshguard.in Thu May 22 13:17:34 2014 (r354836) @@ -61,25 +61,25 @@ . /etc/rc.subr -name="sshguard" -rcvar="sshguard_enable" +name=sshguard +rcvar=sshguard_enable load_rc_config sshguard -: ${sshguard_enable:="NO"} -: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} -: ${sshguard_safety_thresh="40"} -: ${sshguard_pardon_min_interval="1200"} -: ${sshguard_prescribe_interval="420"} +: ${sshguard_enable:=NO} +: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db} +: ${sshguard_safety_thresh=40} +: ${sshguard_pardon_min_interval=1200} +: ${sshguard_prescribe_interval=420} : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} -: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} +: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog} -pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"} +pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} -command="/usr/sbin/daemon" +command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" procname="${actual_command}" -start_precmd="sshguard_prestart" +start_precmd=sshguard_prestart command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" sshguard_prestart()
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405221317.s4MDHYOi050263>