svn commit: r354836 - in head/security/sshguard: . files

Mark Felder feld at FreeBSD.org
Thu May 22 13:17:35 UTC 2014 

Author: feld
Date: Thu May 22 13:17:34 2014
New Revision: 354836
URL: http://svnweb.freebsd.org/changeset/ports/354836
QAT: https://qat.redports.org/buildarchive/r354836/

Log:
  Adopting security/sshguard
  
  rc script passes rclint
  
  Removed clever built-in sysadmin countermeasure:
  
  Previously sshguard would automatically add a line to your
  /etc/syslog.conf file. You could activate sshguard by uncommenting this
  line. However, every time you reinstall/update sshguard this line will
  also be automatically removed rendering the program inactive and your
  system unprotected.
  
  Sponsored by:	SupraNet Communications, Inc

Deleted:
  head/security/sshguard/pkg-deinstall
  head/security/sshguard/pkg-install
Modified:
  head/security/sshguard/Makefile
  head/security/sshguard/files/pkg-message.in
  head/security/sshguard/files/sshguard.in

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Thu May 22 13:16:37 2014	(r354835)
+++ head/security/sshguard/Makefile	Thu May 22 13:17:34 2014	(r354836)
@@ -3,11 +3,11 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.5
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/sshguard-${PORTVERSION}
 
-MAINTAINER=	ports at FreeBSD.org
+MAINTAINER=	feld at FreeBSD.org
 COMMENT?=	Protect hosts from brute force attacks against ssh and other services
 
 CONFLICTS?=	sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
@@ -32,7 +32,7 @@ PKGMSG_FWBLOCK="  To activate or configu
 .elif ${SSHGUARDFW} == ipfw
 PKGMSG_FWBLOCK="  Verify that IPFW is active with \"ipfw show\"."
 .elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow, I have touched it for you."
+PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
 .elif ${SSHGUARDFW} == ipfilter
 PKGMSG_FWBLOCK="  Sshguard will use /etc/ipf.rules as ruleset."
 .endif

Modified: head/security/sshguard/files/pkg-message.in
==============================================================================
--- head/security/sshguard/files/pkg-message.in	Thu May 22 13:16:37 2014	(r354835)
+++ head/security/sshguard/files/pkg-message.in	Thu May 22 13:17:34 2014	(r354836)
@@ -3,8 +3,13 @@
 
 %%PKGMSG_FWBLOCK%%
 
-  Your /etc/syslog.conf has been added a line for sshguard; uncomment it
-  and use "/etc/rc.d/syslogd reload" for activating it.
+  If you would like to use sshguard via syslogd, add an entry to your
+  /etc/syslog.conf like the following:
+
+    auth.info;authpriv.info     |exec %%PREFIX%%/sbin/sshguard
+
+  and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add
+  additional arguments to the sshguard command if you so desire.
 
   Alternatively, you can also start sshguard as a daemon by using the
   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .

Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in	Thu May 22 13:16:37 2014	(r354835)
+++ head/security/sshguard/files/sshguard.in	Thu May 22 13:17:34 2014	(r354836)
@@ -61,25 +61,25 @@
 
 . /etc/rc.subr
 
-name="sshguard"
-rcvar="sshguard_enable"
+name=sshguard
+rcvar=sshguard_enable
 
 load_rc_config sshguard
 
-: ${sshguard_enable:="NO"}
-: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
-: ${sshguard_safety_thresh="40"}
-: ${sshguard_pardon_min_interval="1200"}
-: ${sshguard_prescribe_interval="420"}
+: ${sshguard_enable:=NO}
+: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db}
+: ${sshguard_safety_thresh=40}
+: ${sshguard_pardon_min_interval=1200}
+: ${sshguard_prescribe_interval=420}
 : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
-: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
+: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}
 
-pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"}
+pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
 
-command="/usr/sbin/daemon"
+command=/usr/sbin/daemon
 actual_command="%%PREFIX%%/sbin/sshguard"
 procname="${actual_command}"
-start_precmd="sshguard_prestart"
+start_precmd=sshguard_prestart
 command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
 
 sshguard_prestart()

More information about the svn-ports-all mailing list