svn commit: r354836 - in head/security/sshguard: . files
Mark Felder
feld at FreeBSD.org
Thu May 22 13:17:35 UTC 2014
Author: feld
Date: Thu May 22 13:17:34 2014
New Revision: 354836
URL: http://svnweb.freebsd.org/changeset/ports/354836
QAT: https://qat.redports.org/buildarchive/r354836/
Log:
Adopting security/sshguard
rc script passes rclint
Removed clever built-in sysadmin countermeasure:
Previously sshguard would automatically add a line to your
/etc/syslog.conf file. You could activate sshguard by uncommenting this
line. However, every time you reinstall/update sshguard this line will
also be automatically removed rendering the program inactive and your
system unprotected.
Sponsored by: SupraNet Communications, Inc
Deleted:
head/security/sshguard/pkg-deinstall
head/security/sshguard/pkg-install
Modified:
head/security/sshguard/Makefile
head/security/sshguard/files/pkg-message.in
head/security/sshguard/files/sshguard.in
Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile Thu May 22 13:16:37 2014 (r354835)
+++ head/security/sshguard/Makefile Thu May 22 13:17:34 2014 (r354836)
@@ -3,11 +3,11 @@
PORTNAME= sshguard
PORTVERSION= 1.5
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION}
-MAINTAINER= ports at FreeBSD.org
+MAINTAINER= feld at FreeBSD.org
COMMENT?= Protect hosts from brute force attacks against ssh and other services
CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
@@ -32,7 +32,7 @@ PKGMSG_FWBLOCK=" To activate or configu
.elif ${SSHGUARDFW} == ipfw
PKGMSG_FWBLOCK=" Verify that IPFW is active with \"ipfw show\"."
.elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow, I have touched it for you."
+PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
.elif ${SSHGUARDFW} == ipfilter
PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset."
.endif
Modified: head/security/sshguard/files/pkg-message.in
==============================================================================
--- head/security/sshguard/files/pkg-message.in Thu May 22 13:16:37 2014 (r354835)
+++ head/security/sshguard/files/pkg-message.in Thu May 22 13:17:34 2014 (r354836)
@@ -3,8 +3,13 @@
%%PKGMSG_FWBLOCK%%
- Your /etc/syslog.conf has been added a line for sshguard; uncomment it
- and use "/etc/rc.d/syslogd reload" for activating it.
+ If you would like to use sshguard via syslogd, add an entry to your
+ /etc/syslog.conf like the following:
+
+ auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshguard
+
+ and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add
+ additional arguments to the sshguard command if you so desire.
Alternatively, you can also start sshguard as a daemon by using the
rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in Thu May 22 13:16:37 2014 (r354835)
+++ head/security/sshguard/files/sshguard.in Thu May 22 13:17:34 2014 (r354836)
@@ -61,25 +61,25 @@
. /etc/rc.subr
-name="sshguard"
-rcvar="sshguard_enable"
+name=sshguard
+rcvar=sshguard_enable
load_rc_config sshguard
-: ${sshguard_enable:="NO"}
-: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
-: ${sshguard_safety_thresh="40"}
-: ${sshguard_pardon_min_interval="1200"}
-: ${sshguard_prescribe_interval="420"}
+: ${sshguard_enable:=NO}
+: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db}
+: ${sshguard_safety_thresh=40}
+: ${sshguard_pardon_min_interval=1200}
+: ${sshguard_prescribe_interval=420}
: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
-: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
+: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}
-pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"}
+pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
-command="/usr/sbin/daemon"
+command=/usr/sbin/daemon
actual_command="%%PREFIX%%/sbin/sshguard"
procname="${actual_command}"
-start_precmd="sshguard_prestart"
+start_precmd=sshguard_prestart
command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
sshguard_prestart()
More information about the svn-ports-head
mailing list