svn commit: r414461 - in head/security/sshguard: . files

Mark Felder feld at FreeBSD.org
Mon May 2 16:26:06 UTC 2016 

Author: feld
Date: Mon May  2 16:26:04 2016
New Revision: 414461
URL: https://svnweb.freebsd.org/changeset/ports/414461

Log:
  security/sshguard: Update to 1.6.4
  
  - Add PID file support back to rc script
  - Rename some rc script parameters to better align with sshguard(8)
  
    sshguard_safety_thresh -> sshguard_danger_thresh
    sshguard_pardon_min_interval -> sshguard_release_interval
    sshguard_prescribe_interval -> sshguard_reset_interval
  
  Release notes:
  
  This release brings updated signatures, usability improvements, and bug
  fixes. Highlights in this release include:
  
      - Match Postfix pre-authentication disconnects
      - Fix bashisms in iptables backend
      - Fix size argument in inet_ntop() call
      - Remove excessive logging when polling from files
      - Keep looking for unreadable files while polling
      - Update Dovecot signature for POP3
      - Match "Connection reset" message for SSH
      - Resurrect PID file option by popular demand
      - Adjust default abuse threshold
  
  Most notably, some default options have changed. The abuse threshold has
  been reduced to 30 (3 attacks) and the initial block time has been
  lowered to 2 minutes (from 7). These settings can be overridden from the
  command line. Package maintainers should check their scripts.
  
  The PID file option (-p) has been resurrected.

Added:
  head/security/sshguard/files/patch-man_sshguard.8   (contents, props changed)
Deleted:
  head/security/sshguard/files/patch-src_sshguard__logsuck.c
Modified:
  head/security/sshguard/Makefile
  head/security/sshguard/distinfo
  head/security/sshguard/files/pkg-message.in
  head/security/sshguard/files/sshguard.in

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Mon May  2 16:14:46 2016	(r414460)
+++ head/security/sshguard/Makefile	Mon May  2 16:26:04 2016	(r414461)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	sshguard
-PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTVERSION=	1.6.4
+PORTREVISION=	0
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 

Modified: head/security/sshguard/distinfo
==============================================================================
--- head/security/sshguard/distinfo	Mon May  2 16:14:46 2016	(r414460)
+++ head/security/sshguard/distinfo	Mon May  2 16:26:04 2016	(r414461)
@@ -1,2 +1,2 @@
-SHA256 (sshguard-1.6.3.tar.gz) = 6c4d3be2acf6349b4ac5d6fff4bbcd8fa988c82876d848cbbd0c7c99bc0438c7
-SIZE (sshguard-1.6.3.tar.gz) = 540130
+SHA256 (sshguard-1.6.4.tar.gz) = 654d5412ed010e500e2715ddeebfda57ab23c47a2bd30dfdc1e68c4f04c912a9
+SIZE (sshguard-1.6.4.tar.gz) = 546934

Added: head/security/sshguard/files/patch-man_sshguard.8
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sshguard/files/patch-man_sshguard.8	Mon May  2 16:26:04 2016	(r414461)
@@ -0,0 +1,20 @@
+--- man/sshguard.8.orig	2016-05-02 15:44:01 UTC
++++ man/sshguard.8
+@@ -84,7 +84,7 @@ at \fI\%http://www.sshguard.net/\fP\&.
+ .SH OPTIONS
+ .INDENT 0.0
+ .TP
+-.B \fB\-a\fP \fIthresh\fP (default 40)
++.B \fB\-a\fP \fIthresh\fP (default 30)
+ Block an attacker when its dangerousness exceeds \fIthresh\fP\&. Each attack
+ pattern that is matched contributes a fixed dangerousness of 10.
+ .TP
+@@ -112,7 +112,7 @@ monitor instead. \fBsshguard\fP transpar
+ using this option, standard input is ignored, but can be re\-added by
+ giving \(aq\fB\-l\fP \-\(aq.
+ .TP
+-.B \fB\-p\fP \fIinterval\fP (default 420 secs, or 7 minutes)
++.B \fB\-p\fP \fIinterval\fP (default 120 secs, or 2 minutes)
+ Wait at least \fIinterval\fP seconds before releasing a blocked address.
+ Repeat attackers are blocked for 1.5 times longer after each attack.
+ Because \fBsshguard\fP unblocks attackers only at infrequent intervals,

Modified: head/security/sshguard/files/pkg-message.in
==============================================================================
--- head/security/sshguard/files/pkg-message.in	Mon May  2 16:14:46 2016	(r414460)
+++ head/security/sshguard/files/pkg-message.in	Mon May  2 16:26:04 2016	(r414461)
@@ -7,4 +7,11 @@
   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
   
   See sshguard(8) and http://www.sshguard.net/docs/setup for additional info.
+
+  Please note that a few rc script parameters have been renamed to
+  better reflect the documentation:
+  
+  sshguard_safety_thresh -> sshguard_danger_thresh
+  sshguard_pardon_min_interval -> sshguard_release_interval
+  sshguard_prescribe_interval -> sshguard_reset_interval
 ##########################################################################

Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in	Mon May  2 16:14:46 2016	(r414460)
+++ head/security/sshguard/files/sshguard.in	Mon May  2 16:26:04 2016	(r414461)
@@ -37,21 +37,24 @@
 # Add the following lines to /etc/rc.conf to enable sshguard:
 # sshguard_enable (bool):	Set to "NO" by default.
 #				Set it to "YES" to enable sshguard
+# sshguard_pidfile (str):	Path to PID file.
+#				Set to "/var/run/sshguard.pid" by default
 # sshguard_watch_logs (str):	Colon splitted list of logs to watch.
 #				Set to "/var/log/auth.log:/var/log/maillog"
 #				by default.
 # The following options directly maps to their command line options,
 # please read manual page sshguard(8) for detailed information:
 # sshguard_blacklist (str):	[thr:]/path/to/blacklist.
-#				Set to "40:/var/db/sshguard/blacklist.db"
+#				Set to "30:/var/db/sshguard/blacklist.db"
 #				by default.
-# sshguard_safety_thresh (int):	Safety threshold.  Set to "40" by default.
-# sshguard_pardon_min_interval (int):
-#				Minimum pardon interval.  Set to "420"
-#				by default.
-# sshguard_prescribe_interval (int):
-#				Prescribe interval.  Set to "1200" by
-#				default.
+# sshguard_danger_thresh (int):	Danger threshold.  Set to "30" by default.
+# sshguard_release_interval (int):
+#				Minimum interval an address remains
+#				blocked.  Set to "120" by default.
+# sshguard_reset_interval (int):
+#				Interval before a suspected attack is
+#				forgotten and danger is reset to 0.
+#				Set to "1200" by default.
 # sshguard_whitelistfile (str):	Path to the whitelist.
 #				Set to "%%PREFIX%%/etc/sshguard.whitelist"
 #				by default.
@@ -67,18 +70,20 @@ rcvar=sshguard_enable
 load_rc_config sshguard
 
 : ${sshguard_enable:=NO}
-: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db}
-: ${sshguard_safety_thresh=40}
-: ${sshguard_pardon_min_interval=420}
-: ${sshguard_prescribe_interval=1200}
+: ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db}
+: ${sshguard_danger_thresh=30}
+: ${sshguard_release_interval=120}
+: ${sshguard_reset_interval=1200}
 : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
 : ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}
 
+pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
+
 command=/usr/sbin/daemon
 actual_command="%%PREFIX%%/sbin/sshguard"
 procname="${actual_command}"
 start_precmd=sshguard_prestart
-command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile}"
+command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
 
 sshguard_prestart()
 {

More information about the svn-ports-head mailing list