diff options
author | Rene Ladan <rene@FreeBSD.org> | 2022-01-15 13:15:52 +0000 |
---|---|---|
committer | Rene Ladan <rene@FreeBSD.org> | 2022-01-15 13:15:52 +0000 |
commit | 18a4c3574d8faad5936830be46ca5c14faaa7cc3 (patch) | |
tree | cdff8cd30be83e85618910062bf169f4d1383b94 /security/crowdsec-firewall-bouncer | |
parent | b5e5323a99359716c9cf94ba241a481aace80dec (diff) | |
download | ports-18a4c3574d8faad5936830be46ca5c14faaa7cc3.tar.gz ports-18a4c3574d8faad5936830be46ca5c14faaa7cc3.zip |
security/crowdsec*: update to their latest releases
security/crowdsec:
- update to version 1.2.3
security/crowdsec-firewall-bouncer:
- update to version 0.0.20
- update pkg-message
Add log rotation to both ports, and other small improvements.
PR: 260262
Diffstat (limited to 'security/crowdsec-firewall-bouncer')
7 files changed, 55 insertions, 29 deletions
diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 36a868801a50..6f9b4c3b9649 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,5 +1,5 @@ PORTNAME= crowdsec-firewall-bouncer -PORTVERSION= 0.0.17 # NOTE: change BUILD_VERSION and BUILD_TAG as well +PORTVERSION= 0.0.20 # NOTE: change BUILD_VERSION and BUILD_TAG as well DISTVERSIONPREFIX= v CATEGORIES= security @@ -19,6 +19,7 @@ RUN_DEPENDS= crowdsec>0:security/crowdsec USE_GITHUB= yes GH_ACCOUNT= crowdsecurity GH_PROJECT= cs-firewall-bouncer +GH_TAGNAME= v0.0.20-freebsd #GH_TAGNAME is automatically set from DISTVERSION USE_RC_SUBR= crowdsec_firewall @@ -28,14 +29,11 @@ SUB_FILES= pkg-message \ # BUILD_VERSION=$(git describe --tags $(git rev-list --tags --max-count=1)) # BUILD_TAG=$(git rev-parse HEAD) -MAKE_ENV= BUILD_VERSION="v0.0.17" \ - BUILD_TAG="b330209afcdefd0046fd6790999bbb342c02f1b3" +MAKE_ENV= BUILD_VERSION="v0.0.20" \ + BUILD_TAG="a456a4debdf3d3551c89b8490bb942f626027310" ETCDIR= ${PREFIX}/etc/crowdsec/bouncers -do-patch: - cd ${WRKSRC} && go mod download github.com/mattn/go-sqlite3 - post-patch: ${REINPLACE_CMD} 's,$${BACKEND},pf,g' \ ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml @@ -56,4 +54,10 @@ do-install: ${INSTALL_DATA} ${WRKSRC}/config/crowdsec-firewall-bouncer.yaml \ ${STAGEDIR}${ETCDIR}/crowdsec-firewall-bouncer.yaml.sample + # + # Log rotation + # + + ${INSTALL_DATA} ${FILESDIR}/crowdsec-firewall-bouncer.conf-newsyslog ${STAGEDIR}${PREFIX}/etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample + .include <bsd.port.mk> diff --git a/security/crowdsec-firewall-bouncer/distinfo b/security/crowdsec-firewall-bouncer/distinfo index 001ca177529b..1548b93d6c60 100644 --- a/security/crowdsec-firewall-bouncer/distinfo +++ b/security/crowdsec-firewall-bouncer/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1637702397 -SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 53af239b86c6b554da3711e3686d7d3036d33b2e561bfb00e195b6c8a06918c8 -SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.17_GH0.tar.gz) = 143037 +TIMESTAMP = 1640213523 +SHA256 (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 95f8abf5f44e700e7f0a41edf5367715ce06918cb0de7a5d084bdca277563171 +SIZE (crowdsecurity-cs-firewall-bouncer-v0.0.20-v0.0.20-freebsd_GH0.tar.gz) = 3018717 diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog new file mode 100644 index 000000000000..b26fae25b5ce --- /dev/null +++ b/security/crowdsec-firewall-bouncer/files/crowdsec-firewall-bouncer.conf-newsyslog @@ -0,0 +1,2 @@ +# logfilename [owner:group] mode count size(kb) when flags [/pid_file] [sig_num] +/var/log/crowdsec-firewall-bouncer.log root:wheel 644 10 5120 * JC /var/run/crowdsec_firewall.pid diff --git a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in index ee3dcc9f7325..6a0f96f26f8f 100755 --- a/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in +++ b/security/crowdsec-firewall-bouncer/files/crowdsec_firewall.in @@ -1,7 +1,7 @@ #!/bin/sh # # PROVIDE: crowdsec_firewall -# REQUIRE: LOGIN DAEMON NETWORKING +# REQUIRE: LOGIN DAEMON NETWORKING crowdsec # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf @@ -41,6 +41,15 @@ crowdsec_firewall_precmd() { fi fi fi + + # needs real tabs + cat <<-EOT | /sbin/pfctl -f /dev/fd/0 + table <crowdsec-blacklists> persist + table <crowdsec6-blacklists> persist + block drop in quick from <crowdsec-blacklists> to any + block drop in quick from <crowdsec6-blacklists> to any + EOT + } crowdsec_firewall_start() { diff --git a/security/crowdsec-firewall-bouncer/files/patch-Makefile b/security/crowdsec-firewall-bouncer/files/patch-Makefile index 6d9e9a2e2f42..df450e5e1b27 100644 --- a/security/crowdsec-firewall-bouncer/files/patch-Makefile +++ b/security/crowdsec-firewall-bouncer/files/patch-Makefile @@ -1,11 +1,11 @@ ---- Makefile.orig 2021-12-07 09:00:17 UTC +--- Makefile.orig 2021-12-22 22:57:23 UTC +++ Makefile -@@ -11,7 +11,7 @@ GOGET=$(GOCMD) get - BUILD_VERSION?="$(shell git describe --tags `git rev-list --tags --max-count=1`)" +@@ -11,7 +11,7 @@ BUILD_VERSION?="$(shell git describe --tags `git rev-l BUILD_GOVERSION="$(shell go version | cut -d " " -f3 | sed -r 's/[go]+//g')" BUILD_TIMESTAMP=$(shell date +%F"_"%T) --BUILD_TAG="$(shell git rev-parse HEAD)" -+BUILD_TAG?="$(shell git rev-parse HEAD)" - export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ + BUILD_TAG?="$(shell git rev-parse HEAD)" +-export LD_OPTS=-ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ ++export LD_OPTS=-mod vendor -modcacherw --ldflags "-s -w -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Version=$(BUILD_VERSION) \ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.BuildDate=$(BUILD_TIMESTAMP) \ -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.Tag=$(BUILD_TAG) \ + -X github.com/crowdsecurity/cs-firewall-bouncer/pkg/version.GoVersion=$(BUILD_GOVERSION)" diff --git a/security/crowdsec-firewall-bouncer/files/pkg-message.in b/security/crowdsec-firewall-bouncer/files/pkg-message.in index 3929d468efd0..8bcdc8d1d9d6 100644 --- a/security/crowdsec-firewall-bouncer/files/pkg-message.in +++ b/security/crowdsec-firewall-bouncer/files/pkg-message.in @@ -11,27 +11,35 @@ configuration file, which is now in %%ETCDIR%%/crowdsec-firewall-bouncer.yaml In previous versions, the configuration was in /usr/local/etc/crowdsec-firewall-bouncer, you may need to check if you made any changes there. -If it's the first time, you need to edit your Packet Filter configuration. -Add the following in /etc/pf.conf to create the tables: +This package depends on the Packet Filter service. +To make sure it's active: ---------- -# create crowdsec ipv4 table -table <crowdsec-blacklists> persist +# sysrc pf_enable=YES +pf_enable: NO -> YES +# service pf start +Enabling pf. +---------- -# create crowdsec ipv6 table -table <crowdsec6-blacklists> persist +Then activate the bouncer via sysrc: -block drop in quick from <crowdsec-blacklists> to any -block drop in quick from <crowdsec6-blacklists> to any +---------- +# sysrc crowdsec_firewall_enable="YES" +crowdsec_firewall_enable: NO -> YES +# service crowdsec_firewall start ---------- -To apply the file: - -# pfctl -f /etc/pf.conf +After a few seconds, the bouncer should have created the tables and rules: -Then activate the bouncer via sysrc: +---------- +# pfctl -s Tables +crowdsec-blacklists +crowdsec6-blacklists +# pfctl -s Tables -s rules +block drop in quick from <crowdsec-blacklists> to any +block drop in quick from <crowdsec6-blacklists> to any +---------- -# sysrc crowdsec_firewall_enable="YES" EOM } ] diff --git a/security/crowdsec-firewall-bouncer/pkg-plist b/security/crowdsec-firewall-bouncer/pkg-plist index 6a41287c1e57..ecbf8e901981 100644 --- a/security/crowdsec-firewall-bouncer/pkg-plist +++ b/security/crowdsec-firewall-bouncer/pkg-plist @@ -1,4 +1,7 @@ @mode 0755 bin/crowdsec-firewall-bouncer +@dir etc/newsyslog.conf.d @mode 0600 @sample %%ETCDIR%%/crowdsec-firewall-bouncer.yaml.sample +@mode 0644 +@sample etc/newsyslog.conf.d/crowdsec-firewall-bouncer.conf.sample |