6 files changed, 28 insertions, 44 deletions

diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index df17ee6dd507..52ec5ecead39 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -2,20 +2,16 @@
 # $FreeBSD$
 
 PORTNAME=	sshguard
-PORTVERSION=	2.0.0
-PORTREVISION=	1
+PORTVERSION=	2.1.0
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 
 MAINTAINER=	dan.mcgregor@usask.ca
-COMMENT=	Protect hosts from brute force attacks against ssh and other services
+COMMENT=	Protect hosts from brute-force attacks against SSH and other services
 
 LICENSE=	BSD2CLAUSE
 
-USES=		autoreconf
-
 USE_RC_SUBR=	sshguard
-MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
 GNU_CONFIGURE=	yes
 
 SUB_FILES=	pkg-message
diff --git a/security/sshguard/distinfo b/security/sshguard/distinfo
index 76b0428c3c3a..c003b0bf78b7 100644
--- a/security/sshguard/distinfo
+++ b/security/sshguard/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1500391750
-SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
-SIZE (sshguard-2.0.0.tar.gz) = 886995
+TIMESTAMP = 1512597921
+SHA256 (sshguard-2.1.0.tar.gz) = 21252a4834ad8408df384ee4ddf468624aa9de9cead5afde1c77380a48cf028a
+SIZE (sshguard-2.1.0.tar.gz) = 1117466
diff --git a/security/sshguard/files/patch-examples-sshguard.conf.sample b/security/sshguard/files/patch-examples-sshguard.conf.sample
index 314631c06043..403b21c4706b 100644
--- a/security/sshguard/files/patch-examples-sshguard.conf.sample
+++ b/security/sshguard/files/patch-examples-sshguard.conf.sample
@@ -1,24 +1,21 @@
-diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
-index d881e51..87b7acc 100644
---- examples/sshguard.conf.sample
+--- examples/sshguard.conf.sample.orig	2017-12-06 22:18:20 UTC
 +++ examples/sshguard.conf.sample
-@@ -6,11 +6,13 @@
+@@ -6,10 +6,12 @@
  
  #### REQUIRED CONFIGURATION ####
  # Full path to backend executable (required, no default)
--#BACKEND="/usr/local/libexec/sshg-fw-hosts"
-+BACKEND="/usr/local/libexec/sshg-fw-null"
+-#BACKEND="/usr/local/libexec/sshg-fw-iptables"
++#BACKEND="/usr/local/libexec/sshg-fw-hosts"
 +#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
 +#BACKEND="/usr/local/libexec/sshg-fw-pf"
  
- # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
- # (optional, no default)
+ # Space-separated list of log files to monitor. (optional, no default)
 -#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
 +FILES="/var/log/auth.log /var/log/maillog"
  
- # Shell command that provides logs on standard output. Takes precedence over
- # FILES. (optional, no default)
-@@ -36,12 +38,12 @@ DETECTION_TIME=1800
+ # Shell command that provides logs on standard output. (optional, no default)
+ # Example 1: ssh and sendmail from systemd journal:
+@@ -40,12 +42,12 @@ DETECTION_TIME=1800
  # !! Warning: These features may not work correctly with sandboxing. !!
  
  # Full path to PID file (optional, no default)
diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in
index b81a99a04e72..6ec069d3fcca 100644
--- a/security/sshguard/files/pkg-message.in
+++ b/security/sshguard/files/pkg-message.in
@@ -1,15 +1,14 @@
-##########################################################################
-  Sshguard installed successfully.
+To enable SSHGuard at startup, add the following line to your 'rc.conf':
+sshguard_enable="YES"
 
-  You can start sshguard as a daemon by using the
-  rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
+Starting SSHGuard through syslogd(8) is discouraged and not supported.
 
-  See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.
+Configure SSHGuard by editing BACKEND in '%%PREFIX%%/etc/sshguard.conf'. See
+sshguard-setup(7) for instructions on setting up your firewall.
 
-  Please note that a few rc script parameters have been renamed to
-  better reflect the documentation:
+Please note that a few rc script parameters have been renamed to
+better reflect the documentation:
 
-  sshguard_safety_thresh -> sshguard_danger_thresh
-  sshguard_pardon_min_interval -> sshguard_release_interval
-  sshguard_prescribe_interval -> sshguard_reset_interval
-##########################################################################
+sshguard_safety_thresh -> sshguard_danger_thresh
+sshguard_pardon_min_interval -> sshguard_release_interval
+sshguard_prescribe_interval -> sshguard_reset_interval
diff --git a/security/sshguard/pkg-descr b/security/sshguard/pkg-descr
index e94a4d26c54a..f19849f0208b 100644
--- a/security/sshguard/pkg-descr
+++ b/security/sshguard/pkg-descr
@@ -1,14 +1,5 @@
-Sshguard monitors services from their logging activity. It reacts to messages
-about dangerous activity by blocking the source address with the local firewall.
+SSHGuard protects hosts from brute-force attacks against SSH and other
+services. It aggregates system logs and blocks repeat offenders using one of
+several firewall backends.
 
-Sshguard employs a clever parser that can recognize several logging formats at
-once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
-detects attacks for many services out of the box, including SSH, FreeBSD's
-ftpd and dovecot.  It can operate all the major firewalling systems, including
-PF, netfilter/iptables, and IPFIREWALL/ipfw.
-
-Sshguard has several relevant features like support for IPv6, whitelisting,
-suspension, log message authentication. It is reliable, easy to set up and
-demands very few resources to the system.
-
-WWW: http://sshguard.sourceforge.net
+WWW: https://www.sshguard.net/
diff --git a/security/sshguard/pkg-plist b/security/sshguard/pkg-plist
index 2bbd20c9ffaa..46f6c84a146b 100644
--- a/security/sshguard/pkg-plist
+++ b/security/sshguard/pkg-plist
@@ -7,6 +7,7 @@ libexec/sshg-fw-ipfilter
 libexec/sshg-fw-ipfw
 libexec/sshg-fw-ipset
 libexec/sshg-fw-iptables
+libexec/sshg-fw-nft-sets
 libexec/sshg-fw-null
 libexec/sshg-fw-pf
 libexec/sshg-logtail