svn commit: r446263 - in head: . security security/sshguard security/sshguard/files
Mark Felder
feld at FreeBSD.org
Thu Jul 20 15:34:11 UTC 2017
Author: feld
Date: Thu Jul 20 15:34:08 2017
New Revision: 446263
URL: https://svnweb.freebsd.org/changeset/ports/446263
Log:
security/sshguard: Update to 2.0.0
PR: 219409
Added:
head/security/sshguard/files/patch-examples-sshguard.conf.sample (contents, props changed)
head/security/sshguard/files/patch-src-sshguard.in (contents, props changed)
head/security/sshguard/pkg-plist (contents, props changed)
Modified:
head/MOVED
head/security/Makefile
head/security/sshguard/Makefile
head/security/sshguard/distinfo
head/security/sshguard/files/pkg-message.in
head/security/sshguard/files/sshguard.in
Modified: head/MOVED
==============================================================================
--- head/MOVED Thu Jul 20 15:30:52 2017 (r446262)
+++ head/MOVED Thu Jul 20 15:34:08 2017 (r446263)
@@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has expir
multimedia/banshee||2017-07-13|Has expired: Project is not being actively maintained upstream anymore
www/libhtp-suricata||2017-07-16|No longer required. security/suricata now uses official (not forked) libhtp
databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with PyPI scheme
+security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with security/sshguard
+security/sshguard-pf|security/sshguard|2017-07-20|Merged with security/sshguard
+security/sshguard-null|security/sshguard|2017-07-20|Merged with security/sshguard
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Thu Jul 20 15:30:52 2017 (r446262)
+++ head/security/Makefile Thu Jul 20 15:34:08 2017 (r446263)
@@ -1153,9 +1153,6 @@
SUBDIR += ssh_askpass_gtk2
SUBDIR += sshblock
SUBDIR += sshguard
- SUBDIR += sshguard-ipfw
- SUBDIR += sshguard-null
- SUBDIR += sshguard-pf
SUBDIR += sshpass
SUBDIR += ssl-admin
SUBDIR += sslscan
Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile Thu Jul 20 15:30:52 2017 (r446262)
+++ head/security/sshguard/Makefile Thu Jul 20 15:34:08 2017 (r446263)
@@ -2,62 +2,28 @@
# $FreeBSD$
PORTNAME= sshguard
-PORTVERSION= 1.7.1
-PORTREVISION= 0
+PORTVERSION= 2.0.0
CATEGORIES= security
MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
-MAINTAINER= ports at FreeBSD.org
-COMMENT?= Protect hosts from brute force attacks against ssh and other services
+MAINTAINER= dan.mcgregor at usask.ca
+COMMENT= Protect hosts from brute force attacks against ssh and other services
-SSHGUARDFW?= none
-
-# If SSHGUARDFW is not set by a slave port, then we only use the
-# following which makes this a metaport to choose a backend
-.if ${SSHGUARDFW} == none
-NO_BUILD=YES
-NO_INSTALL=YES
-NO_ARCH=YES
-
-OPTIONS_SINGLE= BACKEND
-OPTIONS_SINGLE_BACKEND= IPFW NULL PF
-OPTIONS_DEFAULT= IPFW
-
-IPFW_DESC= IPFW firewall backend
-NULL_DESC= null firewall backend (detection only)
-PF_DESC= pf firewall backend
-
-IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw
-NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null
-PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf
-
-.include <bsd.port.options.mk>
-
-# The remaining settings are used by the slave ports
-.else
-
LICENSE= BSD2CLAUSE
USES= autoreconf
-PLIST_FILES= libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \
- sbin/sshguard man/man8/sshguard.8.gz
-
USE_RC_SUBR= sshguard
MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
GNU_CONFIGURE= yes
-CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}
-SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
SUB_FILES= pkg-message
-.endif
-.if ${SSHGUARDFW} == pf
-PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
-.elif ${SSHGUARDFW} == ipfw
-PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22."
-.elif ${SSHGUARDFW} == null
-PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action."
-.endif
+post-patch:
+ @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst
+
+post-install:
+ ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
+ ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc
.include <bsd.port.mk>
Modified: head/security/sshguard/distinfo
==============================================================================
--- head/security/sshguard/distinfo Thu Jul 20 15:30:52 2017 (r446262)
+++ head/security/sshguard/distinfo Thu Jul 20 15:34:08 2017 (r446263)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1483998292
-SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195
-SIZE (sshguard-1.7.1.tar.gz) = 832220
+TIMESTAMP = 1500391750
+SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
+SIZE (sshguard-2.0.0.tar.gz) = 886995
Added: head/security/sshguard/files/patch-examples-sshguard.conf.sample
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/sshguard/files/patch-examples-sshguard.conf.sample Thu Jul 20 15:34:08 2017 (r446263)
@@ -0,0 +1,36 @@
+diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
+index d881e51..87b7acc 100644
+--- examples/sshguard.conf.sample
++++ examples/sshguard.conf.sample
+@@ -6,11 +6,13 @@
+
+ #### REQUIRED CONFIGURATION ####
+ # Full path to backend executable (required, no default)
+-#BACKEND="/usr/local/libexec/sshg-fw-hosts"
++BACKEND="/usr/local/libexec/sshg-fw-null"
++#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
++#BACKEND="/usr/local/libexec/sshg-fw-pf"
+
+ # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
+ # (optional, no default)
+-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
++#FILES="/var/log/auth.log /var/log/maillog"
+
+ # Shell command that provides logs on standard output. Takes precedence over
+ # FILES. (optional, no default)
+@@ -36,12 +38,12 @@ DETECTION_TIME=1800
+ # !! Warning: These features may not work correctly with sandboxing. !!
+
+ # Full path to PID file (optional, no default)
+-#PID_FILE=/run/sshguard.pid
++#PID_FILE=/var/run/sshguard.pid
+
+ # Colon-separated blacklist threshold and full path to blacklist file.
+ # (optional, no default)
+-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
++#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db
+
+ # IP addresses listed in the WHITELIST_FILE are considered to be
+ # friendlies and will never be blocked.
+-#WHITELIST_FILE=/etc/friends
++#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist
Added: head/security/sshguard/files/patch-src-sshguard.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/sshguard/files/patch-src-sshguard.in Thu Jul 20 15:34:08 2017 (r446263)
@@ -0,0 +1,10 @@
+diff --git src/sshguard.in src/sshguard.in
+index 40c864b..249ddb5 100644
+--- src/sshguard.in
++++ src/sshguard.in
+@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then
+ fi
+
+ eval $tailcmd | $libexec/sshg-parser | \
+- $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$)
++ $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$)
Modified: head/security/sshguard/files/pkg-message.in
==============================================================================
--- head/security/sshguard/files/pkg-message.in Thu Jul 20 15:30:52 2017 (r446262)
+++ head/security/sshguard/files/pkg-message.in Thu Jul 20 15:34:08 2017 (r446263)
@@ -1,12 +1,10 @@
##########################################################################
Sshguard installed successfully.
-%%PKGMSG_FWBLOCK%%
-
You can start sshguard as a daemon by using the
rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
- See sshguard(8) and http://www.sshguard.net/docs/setup for additional info.
+ See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.
Please note that a few rc script parameters have been renamed to
better reflect the documentation:
Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in Thu Jul 20 15:30:52 2017 (r446262)
+++ head/security/sshguard/files/sshguard.in Thu Jul 20 15:34:08 2017 (r446263)
@@ -81,7 +81,7 @@ pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
command=/usr/sbin/daemon
actual_command="%%PREFIX%%/sbin/sshguard"
-procname="${actual_command}"
+procname="%%PREFIX%%/libexec/sshg-blocker"
start_precmd=sshguard_prestart
command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
Added: head/security/sshguard/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/sshguard/pkg-plist Thu Jul 20 15:34:08 2017 (r446263)
@@ -0,0 +1,15 @@
+ at sample etc/sshguard.conf.sample
+sbin/sshguard
+libexec/sshg-blocker
+libexec/sshg-fw-firewalld
+libexec/sshg-fw-hosts
+libexec/sshg-fw-ipfilter
+libexec/sshg-fw-ipfw
+libexec/sshg-fw-ipset
+libexec/sshg-fw-iptables
+libexec/sshg-fw-null
+libexec/sshg-fw-pf
+libexec/sshg-logtail
+libexec/sshg-parser
+man/man7/sshguard-setup.7.gz
+man/man8/sshguard.8.gz
More information about the svn-ports-all
mailing list