Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jul 2017 22:10:17 -0600
From:      Adam Weinberger <adamw@adamw.org>
To:        Mark Felder <feld@FreeBSD.org>, dan.mcgregor@usask.ca
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r446263 - in head: . security security/sshguard security/sshguard/files
Message-ID:  <A031266C-7CDE-45BB-9BAA-1B60AC049FDE@adamw.org>
In-Reply-To: <201707201534.v6KFY9S4093093@repo.freebsd.org>
References:  <201707201534.v6KFY9S4093093@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On 20 Jul, 2017, at 9:34, Mark Felder <feld@FreeBSD.org> wrote:
>=20
> Author: feld
> Date: Thu Jul 20 15:34:08 2017
> New Revision: 446263
> URL: https://svnweb.freebsd.org/changeset/ports/446263
>=20
> Log:
>  security/sshguard: Update to 2.0.0
>=20
>  PR:		219409

Dan,

Something for UPDATING would be pretty reasonable here, given that (a) =
people will have to manually uninstall sshguard-* and install sshguard, =
(b) user intervention is required to reconfigure sshguard in a new =
sshguard.conf file, and (c) "service sshguard ..." is broken unless =
PID_FILE is uncommented in that sshguard.conf.

Can you write up some UPDATING text, and take a look at the PID_FILE =
issue?

# Adam


--=20
Adam Weinberger
adamw@adamw.org
https://www.adamw.org



>=20
> Added:
>  head/security/sshguard/files/patch-examples-sshguard.conf.sample   =
(contents, props changed)
>  head/security/sshguard/files/patch-src-sshguard.in   (contents, props =
changed)
>  head/security/sshguard/pkg-plist   (contents, props changed)
> Modified:
>  head/MOVED
>  head/security/Makefile
>  head/security/sshguard/Makefile
>  head/security/sshguard/distinfo
>  head/security/sshguard/files/pkg-message.in
>  head/security/sshguard/files/sshguard.in
>=20
> Modified: head/MOVED
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/MOVED	Thu Jul 20 15:30:52 2017	(r446262)
> +++ head/MOVED	Thu Jul 20 15:34:08 2017	(r446263)
> @@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has =
expir
> multimedia/banshee||2017-07-13|Has expired: Project is not being =
actively maintained upstream anymore
> www/libhtp-suricata||2017-07-16|No longer required. security/suricata =
now uses official (not forked) libhtp=20
> databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with =
PyPI scheme
> +security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with =
security/sshguard
> +security/sshguard-pf|security/sshguard|2017-07-20|Merged with =
security/sshguard
> +security/sshguard-null|security/sshguard|2017-07-20|Merged with =
security/sshguard
>=20
> Modified: head/security/Makefile
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/Makefile	Thu Jul 20 15:30:52 2017	=
(r446262)
> +++ head/security/Makefile	Thu Jul 20 15:34:08 2017	=
(r446263)
> @@ -1153,9 +1153,6 @@
>     SUBDIR +=3D ssh_askpass_gtk2
>     SUBDIR +=3D sshblock
>     SUBDIR +=3D sshguard
> -    SUBDIR +=3D sshguard-ipfw
> -    SUBDIR +=3D sshguard-null
> -    SUBDIR +=3D sshguard-pf
>     SUBDIR +=3D sshpass
>     SUBDIR +=3D ssl-admin
>     SUBDIR +=3D sslscan
>=20
> Modified: head/security/sshguard/Makefile
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/sshguard/Makefile	Thu Jul 20 15:30:52 2017	=
(r446262)
> +++ head/security/sshguard/Makefile	Thu Jul 20 15:34:08 2017	=
(r446263)
> @@ -2,62 +2,28 @@
> # $FreeBSD$
>=20
> PORTNAME=3D	sshguard
> -PORTVERSION=3D	1.7.1
> -PORTREVISION=3D	0
> +PORTVERSION=3D	2.0.0
> CATEGORIES=3D	security
> MASTER_SITES=3D	SF/sshguard/sshguard/${PORTVERSION}
>=20
> -MAINTAINER=3D	ports@FreeBSD.org
> -COMMENT?=3D	Protect hosts from brute force attacks against ssh and =
other services
> +MAINTAINER=3D	dan.mcgregor@usask.ca
> +COMMENT=3D	Protect hosts from brute force attacks against ssh and =
other services
>=20
> -SSHGUARDFW?=3D	none
> -
> -# If SSHGUARDFW is not set by a slave port, then we only use the
> -# following which makes this a metaport to choose a backend
> -.if ${SSHGUARDFW} =3D=3D none
> -NO_BUILD=3DYES
> -NO_INSTALL=3DYES
> -NO_ARCH=3DYES
> -
> -OPTIONS_SINGLE=3D	BACKEND
> -OPTIONS_SINGLE_BACKEND=3D	IPFW NULL PF
> -OPTIONS_DEFAULT=3D	IPFW
> -
> -IPFW_DESC=3D	IPFW firewall backend
> -NULL_DESC=3D	null firewall backend (detection only)
> -PF_DESC=3D	pf firewall backend
> -
> -IPFW_RUN_DEPENDS=3D	sshguard-ipfw>0:security/sshguard-ipfw
> -NULL_RUN_DEPENDS=3D	sshguard-null>0:security/sshguard-null
> -PF_RUN_DEPENDS=3D		sshguard-pf>0:security/sshguard-pf
> -
> -.include <bsd.port.options.mk>
> -
> -# The remaining settings are used by the slave ports
> -.else
> -
> LICENSE=3D	BSD2CLAUSE
>=20
> USES=3D		autoreconf
>=20
> -PLIST_FILES=3D	libexec/sshg-fw libexec/sshg-logtail =
libexec/sshg-parser \
> -		sbin/sshguard man/man8/sshguard.8.gz
> -
> USE_RC_SUBR=3D	sshguard
> MAKE_ARGS+=3D	ACLOCAL=3D"${TRUE}" AUTOCONF=3D"${TRUE}" =
AUTOMAKE=3D"${TRUE}"
> GNU_CONFIGURE=3D	yes
> -CONFIGURE_ARGS+=3D--with-firewall=3D${SSHGUARDFW}
>=20
> -SUB_LIST+=3D	PKGMSG_FWBLOCK=3D${PKGMSG_FWBLOCK}
> SUB_FILES=3D	pkg-message
> -.endif
>=20
> -.if ${SSHGUARDFW} =3D=3D pf
> -PKGMSG_FWBLOCK=3D"  To activate or configure PF see =
http://www.sshguard.net/docs/setup/firewall/pf/"
> -.elif ${SSHGUARDFW} =3D=3D ipfw
> -PKGMSG_FWBLOCK=3D"  IPFW support has been rewritten. Sshguard will =
now add entries to table 22."
> -.elif ${SSHGUARDFW} =3D=3D null
> -PKGMSG_FWBLOCK=3D"  Sshguard null backend does detection only. It =
does not take action."
> -.endif
> +post-patch:
> +	@${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' =
${WRKSRC}/doc/sshguard.8.rst
> +
> +post-install:
> +	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
> +	${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample =
${STAGEDIR}${PREFIX}/etc
>=20
> .include <bsd.port.mk>
>=20
> Modified: head/security/sshguard/distinfo
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/sshguard/distinfo	Thu Jul 20 15:30:52 2017	=
(r446262)
> +++ head/security/sshguard/distinfo	Thu Jul 20 15:34:08 2017	=
(r446263)
> @@ -1,3 +1,3 @@
> -TIMESTAMP =3D 1483998292
> -SHA256 (sshguard-1.7.1.tar.gz) =3D =
2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195
> -SIZE (sshguard-1.7.1.tar.gz) =3D 832220
> +TIMESTAMP =3D 1500391750
> +SHA256 (sshguard-2.0.0.tar.gz) =3D =
e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
> +SIZE (sshguard-2.0.0.tar.gz) =3D 886995
>=20
> Added: =
head/security/sshguard/files/patch-examples-sshguard.conf.sample
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/sshguard/files/patch-examples-sshguard.conf.sample	=
Thu Jul 20 15:34:08 2017	(r446263)
> @@ -0,0 +1,36 @@
> +diff --git examples/sshguard.conf.sample =
examples/sshguard.conf.sample
> +index d881e51..87b7acc 100644
> +--- examples/sshguard.conf.sample
> ++++ examples/sshguard.conf.sample
> +@@ -6,11 +6,13 @@
> +=20
> + #### REQUIRED CONFIGURATION ####
> + # Full path to backend executable (required, no default)
> +-#BACKEND=3D"/usr/local/libexec/sshg-fw-hosts"
> ++BACKEND=3D"/usr/local/libexec/sshg-fw-null"
> ++#BACKEND=3D"/usr/local/libexec/sshg-fw-ipfw"
> ++#BACKEND=3D"/usr/local/libexec/sshg-fw-pf"
> +=20
> + # Space-separated list of log files to monitor. Ignored if LOGREADER =
is set.
> + # (optional, no default)
> +-#FILES=3D"/var/log/auth.log /var/log/authlog /var/log/maillog"
> ++#FILES=3D"/var/log/auth.log /var/log/maillog"
> +=20
> + # Shell command that provides logs on standard output. Takes =
precedence over
> + # FILES. (optional, no default)
> +@@ -36,12 +38,12 @@ DETECTION_TIME=3D1800
> + # !! Warning: These features may not work correctly with sandboxing. =
!!
> +=20
> + # Full path to PID file (optional, no default)
> +-#PID_FILE=3D/run/sshguard.pid
> ++#PID_FILE=3D/var/run/sshguard.pid
> +=20
> + # Colon-separated blacklist threshold and full path to blacklist =
file.
> + # (optional, no default)
> +-#BLACKLIST_FILE=3D90:/var/lib/sshguard/enemies
> ++#BLACKLIST_FILE=3D30:/var/db/sshguard/blacklist.db
> +=20
> + # IP addresses listed in the WHITELIST_FILE are considered to be
> + # friendlies and will never be blocked.
> +-#WHITELIST_FILE=3D/etc/friends
> ++#WHITELIST_FILE=3D/usr/local/etc/sshguard.whitelist
>=20
> Added: head/security/sshguard/files/patch-src-sshguard.in
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/sshguard/files/patch-src-sshguard.in	Thu Jul =
20 15:34:08 2017	(r446263)
> @@ -0,0 +1,10 @@
> +diff --git src/sshguard.in src/sshguard.in
> +index 40c864b..249ddb5 100644
> +--- src/sshguard.in
> ++++ src/sshguard.in
> +@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then
> + fi
> +=20
> + eval $tailcmd | $libexec/sshg-parser | \
> +-    $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$)
> ++    $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$)
>=20
> Modified: head/security/sshguard/files/pkg-message.in
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/sshguard/files/pkg-message.in	Thu Jul 20 =
15:30:52 2017	(r446262)
> +++ head/security/sshguard/files/pkg-message.in	Thu Jul 20 =
15:34:08 2017	(r446263)
> @@ -1,12 +1,10 @@
> =
##########################################################################=

>   Sshguard installed successfully.
>=20
> -%%PKGMSG_FWBLOCK%%
> -
>   You can start sshguard as a daemon by using the
>   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
>=20
> -  See sshguard(8) and http://www.sshguard.net/docs/setup for =
additional info.
> +  See sshguard-setup(7) and http://www.sshguard.net/docs/setup for =
additional info.
>=20
>   Please note that a few rc script parameters have been renamed to
>   better reflect the documentation:
>=20
> Modified: head/security/sshguard/files/sshguard.in
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/security/sshguard/files/sshguard.in	Thu Jul 20 15:30:52 2017	=
(r446262)
> +++ head/security/sshguard/files/sshguard.in	Thu Jul 20 15:34:08 2017	=
(r446263)
> @@ -81,7 +81,7 @@ pidfile=3D${sshguard_pidfile:=3D"/var/run/sshguard.pid=
"}
>=20
> command=3D/usr/sbin/daemon
> actual_command=3D"%%PREFIX%%/sbin/sshguard"
> -procname=3D"${actual_command}"
> +procname=3D"%%PREFIX%%/libexec/sshg-blocker"
> start_precmd=3Dsshguard_prestart
> command_args=3D"-c ${actual_command} \${sshguard_flags} =
\${sshguard_blacklist_params} \${sshguard_watch_params} -a =
${sshguard_danger_thresh} -p ${sshguard_release_interval} -s =
${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
>=20
>=20
> Added: head/security/sshguard/pkg-plist
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/sshguard/pkg-plist	Thu Jul 20 15:34:08 2017	=
(r446263)
> @@ -0,0 +1,15 @@
> +@sample etc/sshguard.conf.sample
> +sbin/sshguard
> +libexec/sshg-blocker
> +libexec/sshg-fw-firewalld
> +libexec/sshg-fw-hosts
> +libexec/sshg-fw-ipfilter
> +libexec/sshg-fw-ipfw
> +libexec/sshg-fw-ipset
> +libexec/sshg-fw-iptables
> +libexec/sshg-fw-null
> +libexec/sshg-fw-pf
> +libexec/sshg-logtail
> +libexec/sshg-parser
> +man/man7/sshguard-setup.7.gz
> +man/man8/sshguard.8.gz
>=20

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A031266C-7CDE-45BB-9BAA-1B60AC049FDE>