FreeBSD Port: security/sshguard-pf
Benjamin Podszun
dar at darklajid.de
Mon Apr 14 08:26:04 UTC 2014
On Wednesday, April 9, 2014 1:55:51 PM CEST, Dr. Michael Letzgus wrote:
> Hi all,
>
> sshguard-pf won't start any more after the ports update to
> 1.5_3. There are no messages in auth.log.
>
> A manual start via command line of "sshguard" is successful -
> so maybe there is a problem with the
> rc script?
Hi.
Ran into the same issue. So - what are my next steps? Filing a PR against
ports@ seems good, but .. probably the slow route.. :)
CC'd crees@ as last committer/potentially most familiar with that stuff?
Tracking down the issue:
Same issue here:
# service sshguard start
Starting sshguard.
# service sshguard status
sshguard is not running.
Thanks, Sergey. Good start, but no error:
# sh -x /usr/local/etc/rc.d/sshguard start
<snip>
+ eval '/usr/sbin/daemon -cf /usr/local/sbin/sshguard -b
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w
/usr/local/etc/sshguard.whitelist -i '
+ /usr/sbin/daemon -cf /usr/local/sbin/sshguard -b
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w
/usr/local/etc/sshguard.whitelist -i
Let's remove the input/output redirection (-f)
# /usr/sbin/daemon -c /usr/local/sbin/sshguard -b
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w
/usr/local/etc/sshguard.whitelist -i
sshguard: option requires an argument -- i
Usage:
sshguard [-b <thr:file>] [-w <whlst>]{0,n} [-a num] [-p sec] [-s sec]
[-l <source>] [-f <srv:pidfile>]{0,n} [-i <pidfile>] [-v]
-b Blacklist: thr = number of abuses before blacklisting, file = blacklist
filename.
-a Number of hits after which blocking an address (40)
-p Seconds after which unblocking a blocked address (420)
-w Whitelisting of addr/host/block, or take from file if starts with "/"
or "." (repeatable)
-s Seconds after which forgetting about a cracker candidate (1200)
-l Add the given log source to Log Sucker's monitored sources (off)
-f "authenticate" service's logs through its process pid, as in pidfile
-i When started, save PID in the given file; useful for startup scripts
(off)
-v Dump version message to stderr, supply this when reporting bugs
The SSHGUARD_DEBUG environment variable enables debugging mode (verbosity
+ interactivity).
I'd say this is a bug in sshguard: Failing to start shouldn't exit with 0.
That said, it first and foremost is a bug in the port.
Looking at the rc script and the diff [1] the problem's easy enough:
${sshguard_pidfile} is passed as parameter to -i, but isn't set in the
script/has no default value. Either the related line from the previous
revision should be revived or the substitution should change to use
${pidfile}, which _is_ set.
What now? To PR or not?
Regards,
Ben
1:
http://svnweb.freebsd.org/ports/head/security/sshguard/files/sshguard.in?r1=311381&r2=350643
More information about the freebsd-ports
mailing list