From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Mar 28 20:10:10 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78D421065673 for ; Wed, 28 Mar 2012 20:10:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 509D08FC17; Wed, 28 Mar 2012 20:10:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2SKAA1I057082; Wed, 28 Mar 2012 20:10:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2SKAAUr057081; Wed, 28 Mar 2012 20:10:10 GMT (envelope-from gnats) Resent-Date: Wed, 28 Mar 2012 20:10:10 GMT Resent-Message-Id: <201203282010.q2SKAAUr057081@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Cc: d@delphij.net Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Xin LI Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 752001065676 for ; Wed, 28 Mar 2012 20:03:35 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 55FB98FC17; Wed, 28 Mar 2012 20:03:35 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q2SK3ZCt056620; Wed, 28 Mar 2012 20:03:35 GMT (envelope-from delphij@freefall.freebsd.org) Received: (from delphij@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q2SK3YkX056617; Wed, 28 Mar 2012 20:03:34 GMT (envelope-from delphij) Message-Id: <201203282003.q2SK3YkX056617@freefall.freebsd.org> Date: Wed, 28 Mar 2012 20:03:34 GMT From: Xin LI To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 X-GNATS-Notify: d@delphij.net Cc: mij@bitchx.it Subject: ports/166471: [PATCH] Add a rc.d script for security/sshguard X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Xin LI List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Mar 2012 20:10:10 -0000 >Number: 166471 >Category: ports >Synopsis: [PATCH] Add a rc.d script for security/sshguard >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Mar 28 20:10:09 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Xin LI >Release: FreeBSD 8.2-STABLE i386 >Organization: iXsystems, Inc. >Environment: System: FreeBSD freefall.freebsd.org 8.2-STABLE FreeBSD 8.2-STABLE #5 r227907: Wed Nov 23 21:55:50 UTC 2011 simon@freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL i386 >Description: The attached patch adds a rc.d script to daemonize sshguard. >How-To-Repeat: >Fix: --- sshguard.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/sshguard/Makefile,v retrieving revision 1.15 diff -u -p -u -r1.15 Makefile --- Makefile 24 Jul 2011 18:16:29 -0000 1.15 +++ Makefile 28 Mar 2012 19:58:55 -0000 @@ -7,7 +7,7 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} @@ -21,6 +21,7 @@ PLIST_FILES= sbin/sshguard MAN8= sshguard.8 MANCOMPRESSED= no USE_BZIP2= yes +USE_RC_SUBR= sshguard MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" HAS_CONFIGURE= yes Index: files/pkg-message.in =================================================================== RCS file: /home/ncvs/ports/security/sshguard/files/pkg-message.in,v retrieving revision 1.1 diff -u -p -u -r1.1 pkg-message.in --- files/pkg-message.in 12 Jun 2007 20:05:42 -0000 1.1 +++ files/pkg-message.in 28 Mar 2012 19:56:07 -0000 @@ -5,6 +5,9 @@ Your /etc/syslog.conf has been added a line for sshguard; uncomment it and use "/etc/rc.d/syslogd reload" for activating it. + + Alternatively, you can also start sshguard as a daemon by using the + rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . See sshguard(8) and http://sshguard.sourceforge.net for additional info. ########################################################################## Index: files/sshguard.in =================================================================== RCS file: files/sshguard.in diff -N files/sshguard.in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/sshguard.in 28 Mar 2012 19:58:02 -0000 @@ -0,0 +1,92 @@ +#!/bin/sh +#- +# Copyright (c) 2012 iXsystems, Inc. +# All rights reserved. +# +# Written by: Xin Li +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: sshguard +# REQUIRE: LOGIN cleanvar + +# +# Add the following lines to /etc/rc.conf to enable sshguard: +# sshguard_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable sshguard +# sshguard_pidfile (str): Path to PID file. +# Set to "/var/run/sshguard.pid" by default +# sshguard_watch_logs (str): Colon splitted list of logs to watch. +# Set to "/var/log/auth.log:/var/log/maillog" +# by default. +# The following options directly maps to their command line options, +# please read manual page sshguard(8) for detailed information: +# sshguard_blacklist (str): [thr:]/path/to/blacklist. +# Set to "40:/var/db/sshguard/blacklist.db" +# by default. +# sshguard_safety_thresh (int): Safety threshold. Set to "40" by default. +# sshguard_pardon_min_interval (int): +# Minimum pardon interval. Set to "1200" +# by default. +# sshguard_prescribe_interval (int): +# Prescribe interval. Set to "420" by +# default. +# sshguard_whitelistfile (str): Path to the whitelist. +# Set to "%%PREFIX%%/etc/sshguard.whitelist" +# by default. + + +. /etc/rc.subr + +name="sshguard" +rcvar="sshguard_enable" +command="/usr/sbin/daemon" +actual_command="%%PREFIX%%/sbin/${name}" +procname="${actual_command}" + +load_rc_config $name + +: ${sshguard_enable="NO"} +: ${sshguard_pidfile="/var/run/${name}.pid"} +: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} +: ${sshguard_safety_thresh="40"} +: ${sshguard_pardon_min_interval="1200"} +: ${sshguard_prescribe_interval="420"} +: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} +: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} + +pidfile="${sshguard_pidfile}" +sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ` +start_precmd="${name}_prestart" + +command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}" + +sshguard_prestart() +{ + mkdir -p `dirname ${sshguard_blacklist##*:}` + [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} +} + +run_rc_command "$1" --- sshguard.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: