Date: Mon, 14 Apr 2014 10:25:50 +0200 From: Benjamin Podszun <dar@darklajid.de> To: <freebsd-ports@freebsd.org> Cc: crees@freebsd.org Subject: Re: FreeBSD Port: security/sshguard-pf Message-ID: <fe85c5ec-65aa-425d-9e58-f70f277ad491@darklajid.de> In-Reply-To: <53453547.2070307@uni-bielefeld.de> References: <53453547.2070307@uni-bielefeld.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, April 9, 2014 1:55:51 PM CEST, Dr. Michael Letzgus wrote:
> Hi all,
>
> sshguard-pf won't start any more after the ports update to=20
> 1.5_3. There are no messages in auth.log.
>
> A manual start via command line of "sshguard" is successful -=20
> so maybe there is a problem with the
> rc script?
Hi.
Ran into the same issue. So - what are my next steps? Filing a PR against=20
ports@ seems good, but .. probably the slow route.. :)
CC'd crees@ as last committer/potentially most familiar with that stuff?
Tracking down the issue:
Same issue here:
# service sshguard start
Starting sshguard.
# service sshguard status
sshguard is not running.
Thanks, Sergey. Good start, but no error:
# sh -x /usr/local/etc/rc.d/sshguard start
<snip>
+ eval '/usr/sbin/daemon -cf /usr/local/sbin/sshguard -b=20
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20
/usr/local/etc/sshguard.whitelist -i '
+ /usr/sbin/daemon -cf /usr/local/sbin/sshguard -b=20
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20
/usr/local/etc/sshguard.whitelist -i
Let's remove the input/output redirection (-f)
# /usr/sbin/daemon -c /usr/local/sbin/sshguard -b=20
40:/var/db/sshguard/blacklist.db -a 40 -p 1200 -s 420 -w=20
/usr/local/etc/sshguard.whitelist -i
sshguard: option requires an argument -- i
Usage:
sshguard [-b <thr:file>] [-w <whlst>]{0,n} [-a num] [-p sec] [-s sec]
=09[-l <source>] [-f <srv:pidfile>]{0,n} [-i <pidfile>] [-v]
=09-b=09Blacklist: thr =3D number of abuses before blacklisting, file =3D bla=
cklist=20
filename.
=09-a=09Number of hits after which blocking an address (40)
=09-p=09Seconds after which unblocking a blocked address (420)
=09-w=09Whitelisting of addr/host/block, or take from file if starts with "/"=
=20
or "." (repeatable)
=09-s=09Seconds after which forgetting about a cracker candidate (1200)
=09-l=09Add the given log source to Log Sucker's monitored sources (off)
=09-f=09"authenticate" service's logs through its process pid, as in pidfile
=09-i=09When started, save PID in the given file; useful for startup scripts=20=
(off)
=09-v=09Dump version message to stderr, supply this when reporting bugs
=09The SSHGUARD_DEBUG environment variable enables debugging mode (verbosity=20=
+ interactivity).
I'd say this is a bug in sshguard: Failing to start shouldn't exit with 0.
That said, it first and foremost is a bug in the port.
Looking at the rc script and the diff [1] the problem's easy enough:=20
${sshguard_pidfile} is passed as parameter to -i, but isn't set in the=20
script/has no default value. Either the related line from the previous=20
revision should be revived or the substitution should change to use=20
${pidfile}, which _is_ set.
What now? To PR or not?
Regards,
Ben
1:=20
http://svnweb.freebsd.org/ports/head/security/sshguard/files/sshguard.in?r1=3D=
311381&r2=3D350643
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fe85c5ec-65aa-425d-9e58-f70f277ad491>