diff options
| author | Ben Woods <woodsb02@FreeBSD.org> | 2017-07-24 10:56:16 +0000 |
|---|---|---|
| committer | Ben Woods <woodsb02@FreeBSD.org> | 2017-07-24 10:56:16 +0000 |
| commit | 98b51fd000fd2e88e46ec238464c7663344ff4f7 (patch) | |
| tree | f198c6b6b918718285cbd94d60dfc009183344c6 /security/sshguard | |
| parent | 97ef4d0df50803eb2dd6d7e5f65ef1bdce5ac8e5 (diff) | |
| download | ports-98b51fd000fd2e88e46ec238464c7663344ff4f7.tar.gz ports-98b51fd000fd2e88e46ec238464c7663344ff4f7.zip | |
Notes
Diffstat (limited to 'security/sshguard')
| -rw-r--r-- | security/sshguard/Makefile | 2 | ||||
| -rw-r--r-- | security/sshguard/files/patch-examples-sshguard.conf.sample | 2 | ||||
| -rw-r--r-- | security/sshguard/files/sshguard.in | 46 |
3 files changed, 33 insertions, 17 deletions
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile index 0ffc54e8b405..df17ee6dd507 100644 --- a/security/sshguard/Makefile +++ b/security/sshguard/Makefile @@ -3,6 +3,7 @@ PORTNAME= sshguard PORTVERSION= 2.0.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} @@ -21,6 +22,7 @@ SUB_FILES= pkg-message post-patch: @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst + @${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|' ${WRKSRC}/examples/sshguard.conf.sample post-install: ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc diff --git a/security/sshguard/files/patch-examples-sshguard.conf.sample b/security/sshguard/files/patch-examples-sshguard.conf.sample index 65428e87047f..314631c06043 100644 --- a/security/sshguard/files/patch-examples-sshguard.conf.sample +++ b/security/sshguard/files/patch-examples-sshguard.conf.sample @@ -14,7 +14,7 @@ index d881e51..87b7acc 100644 # Space-separated list of log files to monitor. Ignored if LOGREADER is set. # (optional, no default) -#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" -+#FILES="/var/log/auth.log /var/log/maillog" ++FILES="/var/log/auth.log /var/log/maillog" # Shell command that provides logs on standard output. Takes precedence over # FILES. (optional, no default) diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in index 71431e95a202..fb81d592b030 100644 --- a/security/sshguard/files/sshguard.in +++ b/security/sshguard/files/sshguard.in @@ -40,24 +40,21 @@ # sshguard_pidfile (str): Path to PID file. # Set to "/var/run/sshguard.pid" by default # sshguard_watch_logs (str): Colon splitted list of logs to watch. -# Set to "/var/log/auth.log:/var/log/maillog" -# by default. +# Unset by default. Overrides the configuration file. # The following options directly maps to their command line options, -# please read manual page sshguard(8) for detailed information: +# and override the configuration file, so most are unset by default. +# Please read manual page sshguard(8) for detailed information: # sshguard_blacklist (str): [thr:]/path/to/blacklist. # Set to "30:/var/db/sshguard/blacklist.db" # by default. -# sshguard_danger_thresh (int): Danger threshold. Set to "30" by default. +# sshguard_danger_thresh (int): Danger threshold. # sshguard_release_interval (int): # Minimum interval an address remains -# blocked. Set to "120" by default. +# blocked. # sshguard_reset_interval (int): # Interval before a suspected attack is # forgotten and danger is reset to 0. -# Set to "1800" by default. # sshguard_whitelistfile (str): Path to the whitelist. -# Set to "%%PREFIX%%/etc/sshguard.whitelist" -# by default. # sshguard_flags (str): Set additional command line arguments. # @@ -71,11 +68,11 @@ load_rc_config sshguard : ${sshguard_enable:=NO} : ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db} -: ${sshguard_danger_thresh=30} -: ${sshguard_release_interval=120} -: ${sshguard_reset_interval=1800} -: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} -: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog} +: ${sshguard_danger_thresh=} +: ${sshguard_release_interval=} +: ${sshguard_reset_interval=} +: ${sshguard_whitelistfile=} +: ${sshguard_watch_logs=} pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} @@ -83,7 +80,7 @@ command=/usr/sbin/daemon actual_command="%%PREFIX%%/sbin/sshguard" procname="%%PREFIX%%/libexec/sshg-blocker" start_precmd=sshguard_prestart -command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" +command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}" sshguard_prestart() { @@ -96,9 +93,26 @@ sshguard_prestart() sshguard_blacklist_params="-b ${sshguard_blacklist}" fi - [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} + if [ ! -z ${sshguard_whitelistfile} ]; then + [ -e "${sshguard_whitelistfile}" ] || touch ${sshguard_whitelistfile} + sshguard_whitelist_params="-w ${sshguard_whitelistfile}" + fi + + if [ ! -z ${sshguard_danger_thresh} ]; then + sshguard_danger_params="-a ${sshguard_danger_thresh}" + fi + + if [ ! -z ${sshguard_release_interval} ]; then + sshguard_release_params="-p ${sshguard_release_interval}" + fi - sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ) + if [ ! -z ${sshguard_reset_interval} ]; then + sshguard_reset_params="-s ${sshguard_reset_interval}" + fi + + if [ ! -z "${sshguard_watch_logs}" ]; then + sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ) + fi } run_rc_command "$1" |