From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue Jan 31 11:28:10 2012
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9EB831065673;
	Tue, 31 Jan 2012 11:28:10 +0000 (UTC)
	(envelope-from idefix@fechner.net)
Received: from anny.lostinspace.de (anny.lostinspace.de
	[IPv6:2a01:138:a006::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 26A868FC17;
	Tue, 31 Jan 2012 11:28:09 +0000 (UTC)
Received: from server.idefix.lan (ppp-93-104-80-240.dynamic.mnet-online.de
	[93.104.80.240]) (authenticated bits=0)
	by anny.lostinspace.de (8.14.5/8.14.5) with ESMTP id q0VBRxs4024433
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Tue, 31 Jan 2012 12:28:04 +0100 (CET)
	(envelope-from idefix@fechner.net)
Received: from server.idefix.lan (localhost [IPv6:::1])
	by server.idefix.lan (Postfix) with ESMTP id CCE2D3659;
	Tue, 31 Jan 2012 12:27:59 +0100 (CET)
X-Virus-Scanned: amavisd-new at fechner.net
Received: from server.idefix.lan ([127.0.0.1])
	by server.idefix.lan (server.idefix.lan [127.0.0.1]) (amavisd-new,
	port 10024)
	with LMTP id CiCK2Y491Wcu; Tue, 31 Jan 2012 12:27:59 +0100 (CET)
Received: from matthias-fechners-macbook.local (p50992e2f.dip0.t-ipconnect.de
	[80.153.46.47])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by server.idefix.lan (Postfix) with ESMTPSA id 1043B364F;
	Tue, 31 Jan 2012 12:27:58 +0100 (CET)
Message-ID: <4F27D03E.6040105@fechner.net>
Date: Tue, 31 Jan 2012 12:27:58 +0100
From: Matthias Fechner <idefix@fechner.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
	rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org
References: <201201310920.q0V9KAPE072226@freefall.freebsd.org>
In-Reply-To: <201201310920.q0V9KAPE072226@freefall.freebsd.org>
Content-Type: multipart/mixed; boundary="------------020808050508030908080707"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
	(anny.lostinspace.de [80.190.182.2]);
	Tue, 31 Jan 2012 12:28:04 +0100 (CET)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on anny.lostinspace.de
Cc: 
Subject: Re: ports/164659: fail2ban overwrite config files
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2012 11:28:10 -0000

This is a multi-part message in MIME format.
--------------020808050508030908080707
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

what do you think about the attached patch?
That should make clear how to configure and prevent the overwrite of the 
config file with an update.

Bye
Matthias

--------------020808050508030908080707
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0";
	name="fail2ban.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="fail2ban.patch"

diff -urN py-fail2ban.old/Makefile py-fail2ban/Makefile
--- py-fail2ban.old/Makefile	2012-01-31 12:19:28.247134384 +0100
+++ py-fail2ban/Makefile	2012-01-31 12:13:04.901139503 +0100
@@ -23,6 +23,7 @@
 USE_PYDISTUTILS=	yes
 
 USE_RC_SUBR=	fail2ban
+SUB_FILES=	pkg-message
 SUB_LIST+=	PYTHON_CMD=${PYTHON_CMD}
 
 PYDISTUTILS_INSTALLARGS+=	--install-purelib=${PYTHON_SITELIBDIR} \
@@ -38,4 +39,7 @@
 post-patch:
 	@${ECHO_CMD} ${FILES} | ${XARGS} ${REINPLACE_CMD} -e 's,/etc/fail2ban,${ETCDIR},g'
 
+post-install:
+		@${CAT} ${PKGMESSAGE}
+
 .include <bsd.port.mk>
diff -urN py-fail2ban.old/files/pkg-message.in py-fail2ban/files/pkg-message.in
--- py-fail2ban.old/files/pkg-message.in	1970-01-01 01:00:00.000000000 +0100
+++ py-fail2ban/files/pkg-message.in	2012-01-31 12:18:31.331132519 +0100
@@ -0,0 +1,19 @@
+
+To complete the configuration:
+
+1. Copy the standard config file to a local one:
+      cp %%ETCDIR%%/jail.conf %%ETCDIR%%/jail.local
+
+2. Add new jails in the jail.local, e.g. for ssh:
+[ssh-pf]
+enabled = true
+filter = bsd-sshd
+action = pf[name=SSH, port=ssh, protocol=tcp]
+logpath = /var/log/auth.log
+
+3. Enable fail2ban
+   Edit /etc/rc.conf to enable it.
+
+4. Start it
+   Use the start script in /usr/local/etc/rc.d/fail2ban start
+

--------------020808050508030908080707--