diff options
author | Mark Felder <feld@FreeBSD.org> | 2016-08-29 19:55:47 +0000 |
---|---|---|
committer | Mark Felder <feld@FreeBSD.org> | 2016-08-29 19:55:47 +0000 |
commit | 8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f (patch) | |
tree | d79d6a496de5d89e7bb3540788e80f77fd1fbbdd /security/sshguard | |
parent | 1c6c8e6f8830f08a2b04e1bcea285fe12948e22c (diff) | |
download | ports-8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f.tar.gz ports-8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f.zip |
Notes
Diffstat (limited to 'security/sshguard')
-rw-r--r-- | security/sshguard/Makefile | 40 | ||||
-rw-r--r-- | security/sshguard/pkg-descr | 2 |
2 files changed, 30 insertions, 12 deletions
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile index 778233c14cff..382ffcfa9899 100644 --- a/security/sshguard/Makefile +++ b/security/sshguard/Makefile @@ -3,16 +3,40 @@ PORTNAME= sshguard PORTVERSION= 1.7.0 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services -LICENSE= BSD2CLAUSE +SSHGUARDFW?= none + +# If SSHGUARDFW is not set by a slave port, then we only use the +# following which makes this a metaport to choose a backend +.if ${SSHGUARDFW} == none +NO_BUILD=YES +NO_INSTALL=YES +NO_ARCH=YES + +OPTIONS_SINGLE= BACKEND +OPTIONS_SINGLE_BACKEND= IPFW NULL PF +OPTIONS_DEFAULT= IPFW + +IPFW_DESC= IPFW firewall backend +NULL_DESC= null firewall backend (detection only) +PF_DESC= pf firewall backend + +IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw +NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null +PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf -CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.* +.include <bsd.port.options.mk> + +# The remaining settings are used by the slave ports +.else + +LICENSE= BSD2CLAUSE USES= autoreconf @@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message - -# backend type in { hosts, ipfw, null, pf } -SSHGUARDFW?= hosts +.endif .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." -.elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" -.elif ${SSHGUARDFW} == ipfilter -PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .elif ${SSHGUARDFW} == null -PKGMSG_FWBLOCK=" Sshguard null backend requires you provide your own script with the \"-e\" argument." +PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." .endif .include <bsd.port.mk> diff --git a/security/sshguard/pkg-descr b/security/sshguard/pkg-descr index e10cb4081a63..e94a4d26c54a 100644 --- a/security/sshguard/pkg-descr +++ b/security/sshguard/pkg-descr @@ -5,7 +5,7 @@ Sshguard employs a clever parser that can recognize several logging formats at once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, FreeBSD's ftpd and dovecot. It can operate all the major firewalling systems, including -PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER. +PF, netfilter/iptables, and IPFIREWALL/ipfw. Sshguard has several relevant features like support for IPv6, whitelisting, suspension, log message authentication. It is reliable, easy to set up and |