ports/166471: [PATCH] Add a rc.d script for security/sshguard

Xin LI delphij at FreeBSD.org
Wed Mar 28 20:10:10 UTC 2012 

>Number:         166471
>Category:       ports
>Synopsis:       [PATCH] Add a rc.d script for security/sshguard
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 28 20:10:09 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Xin LI
>Release:        FreeBSD 8.2-STABLE i386
>Organization:
iXsystems, Inc.
>Environment:
System: FreeBSD freefall.freebsd.org 8.2-STABLE FreeBSD 8.2-STABLE #5 r227907: Wed Nov 23 21:55:50 UTC 2011 simon at freefall.freebsd.org:/usr/obj/usr/src/sys/FREEFALL i386


>Description:
	The attached patch adds a rc.d script to daemonize sshguard.
>How-To-Repeat:
>Fix:


--- sshguard.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/sshguard/Makefile,v
retrieving revision 1.15
diff -u -p -u -r1.15 Makefile
--- Makefile	24 Jul 2011 18:16:29 -0000	1.15
+++ Makefile	28 Mar 2012 19:58:55 -0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.5
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/sshguard-${PORTVERSION}
 
@@ -21,6 +21,7 @@ PLIST_FILES=	sbin/sshguard
 MAN8=		sshguard.8
 MANCOMPRESSED=	no
 USE_BZIP2=	yes
+USE_RC_SUBR=	sshguard
 MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
 HAS_CONFIGURE=	yes
 
Index: files/pkg-message.in
===================================================================
RCS file: /home/ncvs/ports/security/sshguard/files/pkg-message.in,v
retrieving revision 1.1
diff -u -p -u -r1.1 pkg-message.in
--- files/pkg-message.in	12 Jun 2007 20:05:42 -0000	1.1
+++ files/pkg-message.in	28 Mar 2012 19:56:07 -0000
@@ -5,6 +5,9 @@
 
   Your /etc/syslog.conf has been added a line for sshguard; uncomment it
   and use "/etc/rc.d/syslogd reload" for activating it.
+
+  Alternatively, you can also start sshguard as a daemon by using the
+  rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
   
   See sshguard(8) and http://sshguard.sourceforge.net for additional info.
 ##########################################################################
Index: files/sshguard.in
===================================================================
RCS file: files/sshguard.in
diff -N files/sshguard.in
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/sshguard.in	28 Mar 2012 19:58:02 -0000
@@ -0,0 +1,92 @@
+#!/bin/sh
+#-
+# Copyright (c) 2012 iXsystems, Inc.
+# All rights reserved.
+#
+# Written by: Xin Li <delphij at FreeBSD.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sshguard
+# REQUIRE: LOGIN cleanvar
+
+#
+# Add the following lines to /etc/rc.conf to enable sshguard:
+# sshguard_enable (bool):	Set to "NO" by default.
+#				Set it to "YES" to enable sshguard
+# sshguard_pidfile (str):	Path to PID file.
+#				Set to "/var/run/sshguard.pid" by default
+# sshguard_watch_logs (str):	Colon splitted list of logs to watch.
+#				Set to "/var/log/auth.log:/var/log/maillog"
+#				by default.
+# The following options directly maps to their command line options,
+# please read manual page sshguard(8) for detailed information:
+# sshguard_blacklist (str):	[thr:]/path/to/blacklist.
+#				Set to "40:/var/db/sshguard/blacklist.db"
+#				by default.
+# sshguard_safety_thresh (int):	Safety threshold.  Set to "40" by default.
+# sshguard_pardon_min_interval (int):
+#				Minimum pardon interval.  Set to "1200"
+#				by default.
+# sshguard_prescribe_interval (int):
+#				Prescribe interval.  Set to "420" by
+#				default.
+# sshguard_whitelistfile (str):	Path to the whitelist.
+#				Set to "%%PREFIX%%/etc/sshguard.whitelist"
+#				by default.
+
+
+. /etc/rc.subr
+
+name="sshguard"
+rcvar="sshguard_enable"
+command="/usr/sbin/daemon"
+actual_command="%%PREFIX%%/sbin/${name}"
+procname="${actual_command}"
+
+load_rc_config $name
+
+: ${sshguard_enable="NO"}
+: ${sshguard_pidfile="/var/run/${name}.pid"}
+: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
+: ${sshguard_safety_thresh="40"}
+: ${sshguard_pardon_min_interval="1200"}
+: ${sshguard_prescribe_interval="420"}
+: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
+: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
+
+pidfile="${sshguard_pidfile}"
+sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ `
+start_precmd="${name}_prestart"
+
+command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}"
+
+sshguard_prestart()
+{
+	mkdir -p `dirname ${sshguard_blacklist##*:}`
+	[ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile}
+}
+
+run_rc_command "$1"
--- sshguard.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list