From owner-svn-ports-all@FreeBSD.ORG Thu May 22 13:17:35 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 80DD52A1; Thu, 22 May 2014 13:17:35 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6E9CE210E; Thu, 22 May 2014 13:17:35 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4MDHZYJ050269; Thu, 22 May 2014 13:17:35 GMT (envelope-from feld@svn.freebsd.org) Received: (from feld@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4MDHYOi050263; Thu, 22 May 2014 13:17:34 GMT (envelope-from feld@svn.freebsd.org) Message-Id: <201405221317.s4MDHYOi050263@svn.freebsd.org> From: Mark Felder Date: Thu, 22 May 2014 13:17:34 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r354836 - in head/security/sshguard: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2014 13:17:35 -0000 Author: feld Date: Thu May 22 13:17:34 2014 New Revision: 354836 URL: http://svnweb.freebsd.org/changeset/ports/354836 QAT: https://qat.redports.org/buildarchive/r354836/ Log: Adopting security/sshguard rc script passes rclint Removed clever built-in sysadmin countermeasure: Previously sshguard would automatically add a line to your /etc/syslog.conf file. You could activate sshguard by uncommenting this line. However, every time you reinstall/update sshguard this line will also be automatically removed rendering the program inactive and your system unprotected. Sponsored by: SupraNet Communications, Inc Deleted: head/security/sshguard/pkg-deinstall head/security/sshguard/pkg-install Modified: head/security/sshguard/Makefile head/security/sshguard/files/pkg-message.in head/security/sshguard/files/sshguard.in Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/Makefile Thu May 22 13:17:34 2014 (r354836) @@ -3,11 +3,11 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* @@ -32,7 +32,7 @@ PKGMSG_FWBLOCK=" To activate or configu .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" Verify that IPFW is active with \"ipfw show\"." .elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow, I have touched it for you." +PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" .elif ${SSHGUARDFW} == ipfilter PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .endif Modified: head/security/sshguard/files/pkg-message.in ============================================================================== --- head/security/sshguard/files/pkg-message.in Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/files/pkg-message.in Thu May 22 13:17:34 2014 (r354836) @@ -3,8 +3,13 @@ %%PKGMSG_FWBLOCK%% - Your /etc/syslog.conf has been added a line for sshguard; uncomment it - and use "/etc/rc.d/syslogd reload" for activating it. + If you would like to use sshguard via syslogd, add an entry to your + /etc/syslog.conf like the following: + + auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshguard + + and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add + additional arguments to the sshguard command if you so desire. Alternatively, you can also start sshguard as a daemon by using the rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . Modified: head/security/sshguard/files/sshguard.in ============================================================================== --- head/security/sshguard/files/sshguard.in Thu May 22 13:16:37 2014 (r354835) +++ head/security/sshguard/files/sshguard.in Thu May 22 13:17:34 2014 (r354836) @@ -61,25 +61,25 @@ . /etc/rc.subr -name="sshguard" -rcvar="sshguard_enable" +name=sshguard +rcvar=sshguard_enable load_rc_config sshguard -: ${sshguard_enable:="NO"} -: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} -: ${sshguard_safety_thresh="40"} -: ${sshguard_pardon_min_interval="1200"} -: ${sshguard_prescribe_interval="420"} +: ${sshguard_enable:=NO} +: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db} +: ${sshguard_safety_thresh=40} +: ${sshguard_pardon_min_interval=1200} +: ${sshguard_prescribe_interval=420} : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} -: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} +: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog} -pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"} +pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} -command="/usr/sbin/daemon" +command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" procname="${actual_command}" -start_precmd="sshguard_prestart" +start_precmd=sshguard_prestart command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" sshguard_prestart()