author: Mark Felder <feld@FreeBSD.org> 2014-05-22 13:17:34 +0000
committer: Mark Felder <feld@FreeBSD.org> 2014-05-22 13:17:34 +0000
commit: a58f460dfc2402985a95291fcd09f91d5b1ec492 (patch)
tree: 96b3fb74bc260c74a9a12bf7ee15e8e649e5016a /security
parent: 831d81bc332d70b3f8b1535cce5ebbbe1c111ca7 (diff)
download: ports-a58f460dfc2402985a95291fcd09f91d5b1ec492.tar.gz
ports-a58f460dfc2402985a95291fcd09f91d5b1ec492.zip
5 files changed, 21 insertions, 96 deletions
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index 831c8aa59487..c0a594c04ea1 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -3,11 +3,11 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.5
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/sshguard-${PORTVERSION}
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	feld@FreeBSD.org
 COMMENT?=	Protect hosts from brute force attacks against ssh and other services
 
 CONFLICTS?=	sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
@@ -32,7 +32,7 @@ PKGMSG_FWBLOCK="  To activate or configure PF see http://sshguard.sf.net/doc/set
 .elif ${SSHGUARDFW} == ipfw
 PKGMSG_FWBLOCK="  Verify that IPFW is active with \"ipfw show\"."
 .elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow, I have touched it for you."
+PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
 .elif ${SSHGUARDFW} == ipfilter
 PKGMSG_FWBLOCK="  Sshguard will use /etc/ipf.rules as ruleset."
 .endif
diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in
index 98c1093c2232..1410db47fdde 100644
--- a/security/sshguard/files/pkg-message.in
+++ b/security/sshguard/files/pkg-message.in
@@ -3,8 +3,13 @@
 
 %%PKGMSG_FWBLOCK%%
 
-  Your /etc/syslog.conf has been added a line for sshguard; uncomment it
-  and use "/etc/rc.d/syslogd reload" for activating it.
+  If you would like to use sshguard via syslogd, add an entry to your
+  /etc/syslog.conf like the following:
+
+    auth.info;authpriv.info     |exec %%PREFIX%%/sbin/sshguard
+
+  and use "/etc/rc.d/syslogd reload" to activate it. Note, you can add
+  additional arguments to the sshguard command if you so desire.
 
   Alternatively, you can also start sshguard as a daemon by using the
   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in
index 334fcd6e4592..3ba64337f71e 100644
--- a/security/sshguard/files/sshguard.in
+++ b/security/sshguard/files/sshguard.in
@@ -61,25 +61,25 @@
 
 . /etc/rc.subr
 
-name="sshguard"
-rcvar="sshguard_enable"
+name=sshguard
+rcvar=sshguard_enable
 
 load_rc_config sshguard
 
-: ${sshguard_enable:="NO"}
-: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
-: ${sshguard_safety_thresh="40"}
-: ${sshguard_pardon_min_interval="1200"}
-: ${sshguard_prescribe_interval="420"}
+: ${sshguard_enable:=NO}
+: ${sshguard_blacklist=40:/var/db/sshguard/blacklist.db}
+: ${sshguard_safety_thresh=40}
+: ${sshguard_pardon_min_interval=1200}
+: ${sshguard_prescribe_interval=420}
 : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
-: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
+: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}
 
-pidfile=${sshguard_pidfile:-"/var/run/sshguard.pid"}
+pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
 
-command="/usr/sbin/daemon"
+command=/usr/sbin/daemon
 actual_command="%%PREFIX%%/sbin/sshguard"
 procname="${actual_command}"
-start_precmd="sshguard_prestart"
+start_precmd=sshguard_prestart
 command_args="-cf ${actual_command} -b ${sshguard_blacklist} \${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
 
 sshguard_prestart()
diff --git a/security/sshguard/pkg-deinstall b/security/sshguard/pkg-deinstall
deleted file mode 100644
index ff6aa3c6f36a..000000000000
--- a/security/sshguard/pkg-deinstall
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# If:
-#   1) syslog.conf exists
-#   2) it does contain some directive for sshguard
-# then do the following:
-#   @ if the directive was the default directive (as installed by pkg-install)
-#       then remove it
-#   @ if the directive is some custom (uncommented) directive, comment it
-# and reload syslogd eventually.
-
-# real syslog.conf configuration file path
-SYSLOGCONF=/etc/syslog.conf
-# configuration line to add
-SSHGUARDCONFLINE="auth.info;authpriv.info     |exec $PKG_PREFIX/sbin/sshguard"
-
-case "$2" in
-	"DEINSTALL")
-	    if test -f "$SYSLOGCONF" && grep -q '^[^#].*sshguard' "$SYSLOGCONF"
-        then
-            if ! TMPFILE=`mktemp -q /tmp/syslogcXX`; then
-		echo "Couldn't create temporary file"
-		exit 1
-	    fi
-            if grep -qx "$SSHGUARDCONFLINE" "$SYSLOGCONF"
-            then
-                # remove default sshguard entry from syslog.conf
-                echo "I'm removing the default sshguard syslog entry for you..."
-                grep -vx "$SSHGUARDCONFLINE" "$SYSLOGCONF" > $TMPFILE
-            else
-                # comment customized sshguard configuration line
-                echo "I'm commenting your custom sshguard syslog entry for you..."
-                sed "s/^[^#].*sshguard.*/#&/" < "$SYSLOGCONF" > $TMPFILE
-            fi
-            mv $TMPFILE "$SYSLOGCONF"
-            /etc/rc.d/syslogd reload
-		fi
-	;;
-esac
diff --git a/security/sshguard/pkg-install b/security/sshguard/pkg-install
deleted file mode 100644
index ee494443d191..000000000000
--- a/security/sshguard/pkg-install
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-
-# If:
-#   1) syslog.conf exists
-#   2) it doesn't already contain some (uncommented) sshguard directive
-# then add $SSHGUARDCONFLINE (commented) right at the end of the header
-# comments section in syslog.conf
-
-# real syslog.conf configuration file path
-SYSLOGCONF=/etc/syslog.conf
-# configuration line to add
-SSHGUARDCONFLINE="auth.info;authpriv.info     |exec $PKG_PREFIX/sbin/sshguard"
-
-case "$2" in
-    "POST-INSTALL")
-        if test "$SSHGUARDFW" = hosts
-        then
-            touch /etc/hosts.allow
-        fi
-        if (test -f "$SYSLOGCONF" && ! grep -q sshguard "$SYSLOGCONF")
-        then
-            # append default sshguard entry in syslog.conf (first line after comments header)
-	    TMPFILE=`mktemp -q /tmp/syslogcXX`
-	    # make sure our file has the same permissions as the original, since we mv it back
-	    cp -p $SYSLOGCONF ${TMPFILE}
-	    : > ${TMPFILE}
-            inheader=1
-            cat "$SYSLOGCONF" | while read cline ;
-            do
-                if (test $inheader -eq 1 && !(echo "$cline" | grep -q "^[[:space:]]*#"))
-                then
-                    # got off of header comments
-                    inheader=0
-                    echo "#$SSHGUARDCONFLINE" >> $TMPFILE
-                fi
-                echo "$cline" >> $TMPFILE
-            done
-            mv $TMPFILE "$SYSLOGCONF"
-        fi
-;;
-esac
author	Mark Felder <feld@FreeBSD.org>	2014-05-22 13:17:34 +0000
committer	Mark Felder <feld@FreeBSD.org>	2014-05-22 13:17:34 +0000
commit	a58f460dfc2402985a95291fcd09f91d5b1ec492 (patch)
tree	96b3fb74bc260c74a9a12bf7ee15e8e649e5016a /security
parent	831d81bc332d70b3f8b1535cce5ebbbe1c111ca7 (diff)
download	ports-a58f460dfc2402985a95291fcd09f91d5b1ec492.tar.gz ports-a58f460dfc2402985a95291fcd09f91d5b1ec492.zip