From owner-freebsd-ports@FreeBSD.ORG Mon Apr 14 08:26:04 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 26B8A35E; Mon, 14 Apr 2014 08:26:04 +0000 (UTC) Received: from ben.sh (ben.sh [IPv6:2a03:4000:6:a9::42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE1BC12C6; Mon, 14 Apr 2014 08:26:03 +0000 (UTC) Received: from localhost (unknown [IPv6:2a02:908:e873:1a80:2677:3ff:fe7d:f00c]) by ben.sh (Postfix) with ESMTPSA id 2B64950855; Mon, 14 Apr 2014 10:25:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darklajid.de; s=default; t=1397463953; bh=iQYJQF2FfC3gtv9lG7zoWmF0JbdMJnBADVjxlCCjA+U=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=i2Zq7AkJsWjPWR4tj+hq9R6cGyLwlKvYH2Jv2PD9U8zrPOqc7EcP6soPY3QJacDtP EEr8TFZVBC4CVoCa7uZSmdV0WtODGzaApUV/S/RysTDSlz6Ck57qB0WIz//1Iyap2o g9fnvDua8ILOo9twfLaOwas+TorIioi8AAr0CKp8= From: Benjamin Podszun To: Subject: Re: FreeBSD Port: security/sshguard-pf Date: Mon, 14 Apr 2014 10:25:50 +0200 User-Agent: trojita/v0.3.93-272-g6b1b2aa; Qt/4.8.5; X11; Linux; Arch Linux MIME-Version: 1.0 Message-ID: In-Reply-To: <53453547.2070307@uni-bielefeld.de> References: <53453547.2070307@uni-bielefeld.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Cc: crees@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2014 08:26:04 -0000 On Wednesday, April 9, 2014 1:55:51 PM CEST, Dr. Michael Letzgus wrote: > Hi all, > > sshguard-pf won't start any more after the ports update to=20 > 1.5_3. There are no messages in auth.log. > > A manual start via command line of "sshguard" is successful -=20 > so maybe there is a problem with the > rc script? Hi. Ran into the same issue. So - what are my next steps? Filing a PR against=20 ports@ seems good, but .. probably the slow route.. :) CC'd crees@ as last committer/potentially most familiar with that stuff? Tracking down the issue: Same issue here: # service sshguard start Starting sshguard. # service sshguard status sshguard is not running. Thanks, Sergey. Good start, but no error: # sh -x /usr/local/etc/rc.d/sshguard start + eval '/usr/sbin/daemon -cf /usr/local/sbin/sshguard -b=20 40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20 /usr/local/etc/sshguard.whitelist -i ' + /usr/sbin/daemon -cf /usr/local/sbin/sshguard -b=20 40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20 /usr/local/etc/sshguard.whitelist -i Let's remove the input/output redirection (-f) # /usr/sbin/daemon -c /usr/local/sbin/sshguard -b=20 40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20 /usr/local/etc/sshguard.whitelist -i sshguard: option requires an argument -- i Usage: sshguard [-b ] [-w ]{0,n} [-a num] [-p sec] [-s sec] =09[-l ] [-f ]{0,n} [-i ] [-v] =09-b=09Blacklist: thr =3D number of abuses before blacklisting, file =3D bla= cklist=20 filename. =09-a=09Number of hits after which blocking an address (40) =09-p=09Seconds after which unblocking a blocked address (420) =09-w=09Whitelisting of addr/host/block, or take from file if starts with "/"= =20 or "." (repeatable) =09-s=09Seconds after which forgetting about a cracker candidate (1200) =09-l=09Add the given log source to Log Sucker's monitored sources (off) =09-f=09"authenticate" service's logs through its process pid, as in pidfile =09-i=09When started, save PID in the given file; useful for startup scripts=20= (off) =09-v=09Dump version message to stderr, supply this when reporting bugs =09The SSHGUARD_DEBUG environment variable enables debugging mode (verbosity=20= + interactivity). I'd say this is a bug in sshguard: Failing to start shouldn't exit with 0. That said, it first and foremost is a bug in the port. Looking at the rc script and the diff [1] the problem's easy enough:=20 ${sshguard_pidfile} is passed as parameter to -i, but isn't set in the=20 script/has no default value. Either the related line from the previous=20 revision should be revived or the substitution should change to use=20 ${pidfile}, which _is_ set. What now? To PR or not? Regards, Ben 1:=20 http://svnweb.freebsd.org/ports/head/security/sshguard/files/sshguard.in?r1=3D= 311381&r2=3D350643