Index: head/security/sshguard/pkg-deinstall =================================================================== --- head/security/sshguard/pkg-deinstall (revision 354835) +++ head/security/sshguard/pkg-deinstall (nonexistent) @@ -1,39 +0,0 @@ -#!/bin/sh - -# If: -# 1) syslog.conf exists -# 2) it does contain some directive for sshguard -# then do the following: -# @ if the directive was the default directive (as installed by pkg-install) -# then remove it -# @ if the directive is some custom (uncommented) directive, comment it -# and reload syslogd eventually. - -# real syslog.conf configuration file path -SYSLOGCONF=/etc/syslog.conf -# configuration line to add -SSHGUARDCONFLINE="auth.info;authpriv.info |exec $PKG_PREFIX/sbin/sshguard" - -case "$2" in - "DEINSTALL") - if test -f "$SYSLOGCONF" && grep -q '^[^#].*sshguard' "$SYSLOGCONF" - then - if ! TMPFILE=`mktemp -q /tmp/syslogcXX`; then - echo "Couldn't create temporary file" - exit 1 - fi - if grep -qx "$SSHGUARDCONFLINE" "$SYSLOGCONF" - then - # remove default sshguard entry from syslog.conf - echo "I'm removing the default sshguard syslog entry for you..." - grep -vx "$SSHGUARDCONFLINE" "$SYSLOGCONF" > $TMPFILE - else - # comment customized sshguard configuration line - echo "I'm commenting your custom sshguard syslog entry for you..." - sed "s/^[^#].*sshguard.*/#&/" < "$SYSLOGCONF" > $TMPFILE - fi - mv $TMPFILE "$SYSLOGCONF" - /etc/rc.d/syslogd reload - fi - ;; -esac Property changes on: head/security/sshguard/pkg-deinstall ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/sshguard/pkg-install =================================================================== --- head/security/sshguard/pkg-install (revision 354835) +++ head/security/sshguard/pkg-install (nonexistent) @@ -1,41 +0,0 @@ -#!/bin/sh - -# If: -# 1) syslog.conf exists -# 2) it doesn't already contain some (uncommented) sshguard directive -# then add $SSHGUARDCONFLINE (commented) right at the end of the header -# comments section in syslog.conf - -# real syslog.conf configuration file path -SYSLOGCONF=/etc/syslog.conf -# configuration line to add -SSHGUARDCONFLINE="auth.info;authpriv.info |exec $PKG_PREFIX/sbin/sshguard" - -case "$2" in - "POST-INSTALL") - if test "$SSHGUARDFW" = hosts - then - touch /etc/hosts.allow - fi - if (test -f "$SYSLOGCONF" && ! grep -q sshguard "$SYSLOGCONF") - then - # append default sshguard entry in syslog.conf (first line after comments header) - TMPFILE=`mktemp -q /tmp/syslogcXX` - # make sure our file has the same permissions as the original, since we mv it back - cp -p $SYSLOGCONF ${TMPFILE} - : > ${TMPFILE} - inheader=1 - cat "$SYSLOGCONF" | while read cline ; - do - if (test $inheader -eq 1 && !(echo "$cline" | grep -q "^[[:space:]]*#")) - then - # got off of header comments - inheader=0 - echo "#$SSHGUARDCONFLINE" >> $TMPFILE - fi - echo "$cline" >> $TMPFILE - done - mv $TMPFILE "$SYSLOGCONF" - fi -;; -esac Property changes on: head/security/sshguard/pkg-install ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/sshguard/Makefile =================================================================== --- head/security/sshguard/Makefile (revision 354835) +++ head/security/sshguard/Makefile (revision 354836) @@ -1,40 +1,40 @@ # Created by: Mij # $FreeBSD$ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} -MAINTAINER= ports@FreeBSD.org +MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* USES= tar:bzip2 PLIST_FILES= sbin/sshguard man/man8/sshguard.8.gz USE_RC_SUBR= sshguard MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message # backend type in { hosts, ipfw, pf } SSHGUARDFW?= hosts .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html" .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" Verify that IPFW is active with \"ipfw show\"." .elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow, I have touched it for you." +PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" .elif ${SSHGUARDFW} == ipfilter PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .endif .include Index: head/security/sshguard/files/pkg-message.in =================================================================== --- head/security/sshguard/files/pkg-message.in (revision 354835) +++ head/security/sshguard/files/pkg-message.in (revision 354836) @@ -1,13 +1,18 @@ ########################################################################## Sshguard installed successfully. %%PKGMSG_FWBLOCK%% - Your /etc/syslog.conf has been added a line for sshguard; uncomment it - and use "/etc/rc.d/syslogd reload" for activating it. + If you would like to use sshguard via syslogd, add an entry to your + /etc/syslog.conf like the following: + + auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshguard + + and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add + additional arguments to the sshguard command if you so desire. Alternatively, you can also start sshguard as a daemon by using the rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . See sshguard(8) and http://sshguard.sourceforge.net for additional info. ########################################################################## Index: head/security/sshguard/files/sshguard.in =================================================================== --- head/security/sshguard/files/sshguard.in (revision 354835) +++ head/security/sshguard/files/sshguard.in (revision 354836) @@ -1,92 +1,92 @@ #!/bin/sh #- # Copyright (c) 2012 iXsystems, Inc. # All rights reserved. # # Written by: Xin Li # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # PROVIDE: sshguard # REQUIRE: LOGIN cleanvar # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable sshguard: # sshguard_enable (bool): Set to "NO" by default. # Set it to "YES" to enable sshguard # sshguard_pidfile (str): Path to PID file. # Set to "/var/run/sshguard.pid" by default # sshguard_watch_logs (str): Colon splitted list of logs to watch. # Set to "/var/log/auth.log:/var/log/maillog" # by default. # The following options directly maps to their command line options, # please read manual page sshguard(8) for detailed information: # sshguard_blacklist (str): [thr:]/path/to/blacklist. # Set to "40:/var/db/sshguard/blacklist.db" # by default. # sshguard_safety_thresh (int): Safety threshold. Set to "40" by default. # sshguard_pardon_min_interval (int): # Minimum pardon interval. Set to "1200" # by default. # sshguard_prescribe_interval (int): # Prescribe interval. Set to "420" by # default. # sshguard_whitelistfile (str): Path to the whitelist. # Set to "%%PREFIX%%/etc/sshguard.whitelist" # by default. . /etc/rc.subr -name="sshguard" -rcvar="sshguard_enable" +name=sshguard +rcvar=sshguard_enable load_rc_config sshguard -: ${sshguard_enable:="NO"} -: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} -: ${sshguard_safety_thresh="40"} -: ${sshguard_pardon_min_interval="1200"} -: ${sshguard_prescribe_interval="420"} +: ${sshguard_enable:=NO} +: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db} +: ${sshguard_safety_thresh=40} +: ${sshguard_pardon_min_interval=1200} +: ${sshguard_prescribe_interval=420} : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} -: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} +: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog} -pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"} +pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} -command="/usr/sbin/daemon" +command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" procname="${actual_command}" -start_precmd="sshguard_prestart" +start_precmd=sshguard_prestart command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" sshguard_prestart() { mkdir -p `dirname ${sshguard_blacklist##*:}` [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ` } run_rc_command "$1"