svn commit: r446263 - in head: . security security/sshguard security/sshguard/files
Adam Weinberger
adamw at adamw.org
Fri Jul 21 04:10:35 UTC 2017
> On 20 Jul, 2017, at 9:34, Mark Felder <feld at FreeBSD.org> wrote:
>
> Author: feld
> Date: Thu Jul 20 15:34:08 2017
> New Revision: 446263
> URL: https://svnweb.freebsd.org/changeset/ports/446263
>
> Log:
> security/sshguard: Update to 2.0.0
>
> PR: 219409
Dan,
Something for UPDATING would be pretty reasonable here, given that (a) people will have to manually uninstall sshguard-* and install sshguard, (b) user intervention is required to reconfigure sshguard in a new sshguard.conf file, and (c) "service sshguard ..." is broken unless PID_FILE is uncommented in that sshguard.conf.
Can you write up some UPDATING text, and take a look at the PID_FILE issue?
# Adam
--
Adam Weinberger
adamw at adamw.org
https://www.adamw.org
>
> Added:
> head/security/sshguard/files/patch-examples-sshguard.conf.sample (contents, props changed)
> head/security/sshguard/files/patch-src-sshguard.in (contents, props changed)
> head/security/sshguard/pkg-plist (contents, props changed)
> Modified:
> head/MOVED
> head/security/Makefile
> head/security/sshguard/Makefile
> head/security/sshguard/distinfo
> head/security/sshguard/files/pkg-message.in
> head/security/sshguard/files/sshguard.in
>
> Modified: head/MOVED
> ==============================================================================
> --- head/MOVED Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/MOVED Thu Jul 20 15:34:08 2017 (r446263)
> @@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has expir
> multimedia/banshee||2017-07-13|Has expired: Project is not being actively maintained upstream anymore
> www/libhtp-suricata||2017-07-16|No longer required. security/suricata now uses official (not forked) libhtp
> databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with PyPI scheme
> +security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with security/sshguard
> +security/sshguard-pf|security/sshguard|2017-07-20|Merged with security/sshguard
> +security/sshguard-null|security/sshguard|2017-07-20|Merged with security/sshguard
>
> Modified: head/security/Makefile
> ==============================================================================
> --- head/security/Makefile Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/security/Makefile Thu Jul 20 15:34:08 2017 (r446263)
> @@ -1153,9 +1153,6 @@
> SUBDIR += ssh_askpass_gtk2
> SUBDIR += sshblock
> SUBDIR += sshguard
> - SUBDIR += sshguard-ipfw
> - SUBDIR += sshguard-null
> - SUBDIR += sshguard-pf
> SUBDIR += sshpass
> SUBDIR += ssl-admin
> SUBDIR += sslscan
>
> Modified: head/security/sshguard/Makefile
> ==============================================================================
> --- head/security/sshguard/Makefile Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/security/sshguard/Makefile Thu Jul 20 15:34:08 2017 (r446263)
> @@ -2,62 +2,28 @@
> # $FreeBSD$
>
> PORTNAME= sshguard
> -PORTVERSION= 1.7.1
> -PORTREVISION= 0
> +PORTVERSION= 2.0.0
> CATEGORIES= security
> MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
>
> -MAINTAINER= ports at FreeBSD.org
> -COMMENT?= Protect hosts from brute force attacks against ssh and other services
> +MAINTAINER= dan.mcgregor at usask.ca
> +COMMENT= Protect hosts from brute force attacks against ssh and other services
>
> -SSHGUARDFW?= none
> -
> -# If SSHGUARDFW is not set by a slave port, then we only use the
> -# following which makes this a metaport to choose a backend
> -.if ${SSHGUARDFW} == none
> -NO_BUILD=YES
> -NO_INSTALL=YES
> -NO_ARCH=YES
> -
> -OPTIONS_SINGLE= BACKEND
> -OPTIONS_SINGLE_BACKEND= IPFW NULL PF
> -OPTIONS_DEFAULT= IPFW
> -
> -IPFW_DESC= IPFW firewall backend
> -NULL_DESC= null firewall backend (detection only)
> -PF_DESC= pf firewall backend
> -
> -IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw
> -NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null
> -PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf
> -
> -.include <bsd.port.options.mk>
> -
> -# The remaining settings are used by the slave ports
> -.else
> -
> LICENSE= BSD2CLAUSE
>
> USES= autoreconf
>
> -PLIST_FILES= libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \
> - sbin/sshguard man/man8/sshguard.8.gz
> -
> USE_RC_SUBR= sshguard
> MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
> GNU_CONFIGURE= yes
> -CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}
>
> -SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
> SUB_FILES= pkg-message
> -.endif
>
> -.if ${SSHGUARDFW} == pf
> -PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
> -.elif ${SSHGUARDFW} == ipfw
> -PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22."
> -.elif ${SSHGUARDFW} == null
> -PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action."
> -.endif
> +post-patch:
> + @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst
> +
> +post-install:
> + ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
> + ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc
>
> .include <bsd.port.mk>
>
> Modified: head/security/sshguard/distinfo
> ==============================================================================
> --- head/security/sshguard/distinfo Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/security/sshguard/distinfo Thu Jul 20 15:34:08 2017 (r446263)
> @@ -1,3 +1,3 @@
> -TIMESTAMP = 1483998292
> -SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195
> -SIZE (sshguard-1.7.1.tar.gz) = 832220
> +TIMESTAMP = 1500391750
> +SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
> +SIZE (sshguard-2.0.0.tar.gz) = 886995
>
> Added: head/security/sshguard/files/patch-examples-sshguard.conf.sample
> ==============================================================================
> --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> +++ head/security/sshguard/files/patch-examples-sshguard.conf.sample Thu Jul 20 15:34:08 2017 (r446263)
> @@ -0,0 +1,36 @@
> +diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
> +index d881e51..87b7acc 100644
> +--- examples/sshguard.conf.sample
> ++++ examples/sshguard.conf.sample
> +@@ -6,11 +6,13 @@
> +
> + #### REQUIRED CONFIGURATION ####
> + # Full path to backend executable (required, no default)
> +-#BACKEND="/usr/local/libexec/sshg-fw-hosts"
> ++BACKEND="/usr/local/libexec/sshg-fw-null"
> ++#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
> ++#BACKEND="/usr/local/libexec/sshg-fw-pf"
> +
> + # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
> + # (optional, no default)
> +-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
> ++#FILES="/var/log/auth.log /var/log/maillog"
> +
> + # Shell command that provides logs on standard output. Takes precedence over
> + # FILES. (optional, no default)
> +@@ -36,12 +38,12 @@ DETECTION_TIME=1800
> + # !! Warning: These features may not work correctly with sandboxing. !!
> +
> + # Full path to PID file (optional, no default)
> +-#PID_FILE=/run/sshguard.pid
> ++#PID_FILE=/var/run/sshguard.pid
> +
> + # Colon-separated blacklist threshold and full path to blacklist file.
> + # (optional, no default)
> +-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
> ++#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db
> +
> + # IP addresses listed in the WHITELIST_FILE are considered to be
> + # friendlies and will never be blocked.
> +-#WHITELIST_FILE=/etc/friends
> ++#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist
>
> Added: head/security/sshguard/files/patch-src-sshguard.in
> ==============================================================================
> --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> +++ head/security/sshguard/files/patch-src-sshguard.in Thu Jul 20 15:34:08 2017 (r446263)
> @@ -0,0 +1,10 @@
> +diff --git src/sshguard.in src/sshguard.in
> +index 40c864b..249ddb5 100644
> +--- src/sshguard.in
> ++++ src/sshguard.in
> +@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then
> + fi
> +
> + eval $tailcmd | $libexec/sshg-parser | \
> +- $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$)
> ++ $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$)
>
> Modified: head/security/sshguard/files/pkg-message.in
> ==============================================================================
> --- head/security/sshguard/files/pkg-message.in Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/security/sshguard/files/pkg-message.in Thu Jul 20 15:34:08 2017 (r446263)
> @@ -1,12 +1,10 @@
> ##########################################################################
> Sshguard installed successfully.
>
> -%%PKGMSG_FWBLOCK%%
> -
> You can start sshguard as a daemon by using the
> rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
>
> - See sshguard(8) and http://www.sshguard.net/docs/setup for additional info.
> + See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.
>
> Please note that a few rc script parameters have been renamed to
> better reflect the documentation:
>
> Modified: head/security/sshguard/files/sshguard.in
> ==============================================================================
> --- head/security/sshguard/files/sshguard.in Thu Jul 20 15:30:52 2017 (r446262)
> +++ head/security/sshguard/files/sshguard.in Thu Jul 20 15:34:08 2017 (r446263)
> @@ -81,7 +81,7 @@ pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
>
> command=/usr/sbin/daemon
> actual_command="%%PREFIX%%/sbin/sshguard"
> -procname="${actual_command}"
> +procname="%%PREFIX%%/libexec/sshg-blocker"
> start_precmd=sshguard_prestart
> command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
>
>
> Added: head/security/sshguard/pkg-plist
> ==============================================================================
> --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> +++ head/security/sshguard/pkg-plist Thu Jul 20 15:34:08 2017 (r446263)
> @@ -0,0 +1,15 @@
> + at sample etc/sshguard.conf.sample
> +sbin/sshguard
> +libexec/sshg-blocker
> +libexec/sshg-fw-firewalld
> +libexec/sshg-fw-hosts
> +libexec/sshg-fw-ipfilter
> +libexec/sshg-fw-ipfw
> +libexec/sshg-fw-ipset
> +libexec/sshg-fw-iptables
> +libexec/sshg-fw-null
> +libexec/sshg-fw-pf
> +libexec/sshg-logtail
> +libexec/sshg-parser
> +man/man7/sshguard-setup.7.gz
> +man/man8/sshguard.8.gz
>
More information about the svn-ports-all
mailing list