update to sshguard-2.3.1, from Andreas Kusalananda Kahari (taking maintainer),
tests by Markus Lude
This commit is contained in:
sthen
parent
107c700fa2
commit
4c79c9ca3e
@ -1,23 +1,30 @@
|
||||
# $OpenBSD: Makefile,v 1.13 2018/09/04 12:46:21 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.14 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
COMMENT= protect against brute force attacks on sshd and others
|
||||
|
||||
DISTNAME= sshguard-1.5
|
||||
REVISION= 6
|
||||
DISTNAME= sshguard-2.3.1
|
||||
CATEGORIES= security
|
||||
|
||||
HOMEPAGE= https://www.sshguard.net/
|
||||
|
||||
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/}
|
||||
|
||||
MAINTAINER= Andreas Kusalananda Kahari <andreas.kahari@abc.se>
|
||||
|
||||
# BSD
|
||||
PERMIT_PACKAGE_CDROM= Yes
|
||||
|
||||
WANTLIB+= c pthread
|
||||
|
||||
HOMEPAGE= https://www.sshguard.net/
|
||||
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/}
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
|
||||
CONFIGURE_STYLE=gnu
|
||||
CONFIGURE_ARGS= --with-firewall=pf
|
||||
|
||||
NO_TEST= Yes
|
||||
post-patch:
|
||||
${SUBST_CMD} ${WRKSRC}/doc/sshguard.8 \
|
||||
${WRKSRC}/examples/sshguard.conf.sample
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sshguard
|
||||
${INSTALL_DATA} ${WRKSRC}/examples/*.{example,sample} \
|
||||
${PREFIX}/share/examples/sshguard
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (sshguard-1.5.tar.bz2) = tTf4dlRV/fhCT4fUvWleW2dbiOXRZIZUUhN5Rwk+fhk=
|
||||
SIZE (sshguard-1.5.tar.bz2) = 303767
|
||||
SHA256 (sshguard-2.3.1.tar.gz) = dpBV4m33j0vKNMmnrPJl36IkwFWzPO1H9T1Vv2WdIKI=
|
||||
SIZE (sshguard-2.3.1.tar.gz) = 765330
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
$OpenBSD: patch-configure,v 1.1 2018/06/24 10:54:19 kn Exp $
|
||||
|
||||
Index: configure
|
||||
--- configure.orig
|
||||
+++ configure
|
||||
@@ -5949,7 +5949,6 @@ then
|
||||
STD99_CFLAGS="-xc99"
|
||||
else
|
||||
# other compiler (assume gcc-compatibile :( )
|
||||
- OPTIMIZER_CFLAGS="-O2"
|
||||
WARNING_CFLAGS="-Wall"
|
||||
STD99_CFLAGS="-std=c99"
|
||||
fi
|
||||
16
security/sshguard/patches/patch-doc_sshguard_8
Normal file
16
security/sshguard/patches/patch-doc_sshguard_8
Normal file
@ -0,0 +1,16 @@
|
||||
$OpenBSD: patch-doc_sshguard_8,v 1.1 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
Index: doc/sshguard.8
|
||||
--- doc/sshguard.8.orig
|
||||
+++ doc/sshguard.8
|
||||
@@ -119,8 +119,8 @@ Set to enable verbose output from sshg\-blocker.
|
||||
.SH FILES
|
||||
.INDENT 0.0
|
||||
.TP
|
||||
-.B %PREFIX%/etc/sshguard.conf
|
||||
-See sample configuration file.
|
||||
+.B ${SYSCONFDIR}/sshguard.conf
|
||||
+See sample configuration file in ${PREFIX}/share/examples/sshguard/sshguard.conf.sample
|
||||
.UNINDENT
|
||||
.SH WHITELISTING
|
||||
.sp
|
||||
@ -0,0 +1,17 @@
|
||||
$OpenBSD: patch-examples_sshguard_conf_sample,v 1.1 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
Index: examples/sshguard.conf.sample
|
||||
--- examples/sshguard.conf.sample.orig
|
||||
+++ examples/sshguard.conf.sample
|
||||
@@ -7,9 +7,11 @@
|
||||
#### REQUIRED CONFIGURATION ####
|
||||
# Full path to backend executable (required, no default)
|
||||
#BACKEND="/usr/local/libexec/sshg-fw-iptables"
|
||||
+BACKEND="${TRUEPREFIX}/libexec/sshg-fw-pf"
|
||||
|
||||
# Space-separated list of log files to monitor. (optional, no default)
|
||||
#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
|
||||
+FILES=/var/log/authlog
|
||||
|
||||
# Shell command that provides logs on standard output. (optional, no default)
|
||||
# Example 1: ssh and sendmail from systemd journal:
|
||||
15
security/sshguard/patches/patch-src_blocker_blocker_c
Normal file
15
security/sshguard/patches/patch-src_blocker_blocker_c
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-src_blocker_blocker_c,v 1.1 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
Index: src/blocker/blocker.c
|
||||
--- src/blocker/blocker.c.orig
|
||||
+++ src/blocker/blocker.c
|
||||
@@ -139,7 +139,8 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
/* termination signals */
|
||||
signal(SIGTERM, sigfin_handler);
|
||||
- signal(SIGHUP, sigfin_handler);
|
||||
+ /* Don't install handler for HUP */
|
||||
+ /* signal(SIGHUP, sigfin_handler); */
|
||||
signal(SIGINT, sigfin_handler);
|
||||
atexit(finishup);
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_fwalls_command_c,v 1.1 2011/09/09 20:13:28 naddy Exp $
|
||||
|
||||
Allow building with gcc3.
|
||||
|
||||
--- src/fwalls/command.c.orig Fri Sep 9 22:07:56 2011
|
||||
+++ src/fwalls/command.c Fri Sep 9 22:08:12 2011
|
||||
@@ -59,7 +59,7 @@ int fw_block(const char *restrict addr, int addrkind,
|
||||
return (run_command(COMMAND_BLOCK, addr, addrkind, service) == 0 ? FWALL_OK : FWALL_ERR);
|
||||
}
|
||||
|
||||
-int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]) {
|
||||
+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]) {
|
||||
/* block each address individually */
|
||||
int i;
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_sshguard_fw_h,v 1.1 2011/09/09 20:13:28 naddy Exp $
|
||||
|
||||
Allow building with gcc3.
|
||||
|
||||
--- src/sshguard_fw.h.orig Fri Sep 9 22:07:03 2011
|
||||
+++ src/sshguard_fw.h Fri Sep 9 22:07:20 2011
|
||||
@@ -85,7 +85,7 @@ int fw_block(const char *restrict addr, int addrkind,
|
||||
*
|
||||
* @return FWALL_OK or FWALL_ERR
|
||||
*/
|
||||
-int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]);
|
||||
+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]);
|
||||
|
||||
|
||||
/**
|
||||
15
security/sshguard/patches/patch-src_sshguard_in
Normal file
15
security/sshguard/patches/patch-src_sshguard_in
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-src_sshguard_in,v 1.1 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
Index: src/sshguard.in
|
||||
--- src/sshguard.in.orig
|
||||
+++ src/sshguard.in
|
||||
@@ -5,6 +5,9 @@
|
||||
# entire process group (subshell) on exit/interrupts.
|
||||
trap "trap - TERM && kill 0" INT TERM EXIT
|
||||
|
||||
+# Ignore HUP
|
||||
+trap "" HUP
|
||||
+
|
||||
libexec="@libexecdir@"
|
||||
version="@sshguardversion@"
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_sshguard_logsuck_c,v 1.2 2011/03/07 17:44:16 rpointel Exp $
|
||||
--- src/sshguard_logsuck.c.orig Wed Feb 9 13:01:47 2011
|
||||
+++ src/sshguard_logsuck.c Sat Mar 5 19:27:53 2011
|
||||
@@ -242,7 +242,7 @@ int logsuck_getline(char *restrict buf, size_t buflen,
|
||||
if (ret > 0) {
|
||||
if (kevs[0].filter == EVFILT_READ) {
|
||||
/* got data on this one. Read from it */
|
||||
- sshguard_log(LOG_DEBUG, "Searching for fd %lu in list.", kevs[0].ident);
|
||||
+ sshguard_log(LOG_DEBUG, "Searching for fd %u in list.", kevs[0].ident);
|
||||
readentry = list_seek(& sources_list, & kevs[0].ident);
|
||||
assert(readentry != NULL);
|
||||
assert(readentry->active);
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_sshguard_procauth_c,v 1.1.1.1 2010/09/07 12:23:43 millert Exp $
|
||||
--- src/sshguard_procauth.c.orig Mon Aug 9 02:44:15 2010
|
||||
+++ src/sshguard_procauth.c Mon Aug 30 13:05:40 2010
|
||||
@@ -192,7 +192,7 @@ static int procauth_ischildof(pid_t child, pid_t paren
|
||||
dup2(ps2me[1], 1);
|
||||
|
||||
sshguard_log(LOG_DEBUG, "Running 'ps axo pid,ppid'.");
|
||||
- execlp("ps", "ps", "axo", "pid,ppid", NULL);
|
||||
+ execlp("ps", "ps", "axo", "pid,ppid", (char *)0);
|
||||
|
||||
sshguard_log(LOG_ERR, "Unable to run 'ps axo pid,ppid': %s.", strerror(errno));
|
||||
exit(-1);
|
||||
@ -1,6 +1,23 @@
|
||||
@comment $OpenBSD: PLIST,v 1.5 2018/09/04 12:46:21 espie Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.6 2019/03/29 15:54:24 sthen Exp $
|
||||
@pkgpath security/sshguard,tcpd
|
||||
@man man/man8/sshguard.8
|
||||
@bin sbin/sshguard
|
||||
share/doc/pkg-readmes/${PKGSTEM}
|
||||
@rcscript ${RCDIR}/sshguard
|
||||
@bin libexec/sshg-blocker
|
||||
libexec/sshg-fw-firewalld
|
||||
@bin libexec/sshg-fw-hosts
|
||||
libexec/sshg-fw-ipfilter
|
||||
libexec/sshg-fw-ipfw
|
||||
libexec/sshg-fw-ipset
|
||||
libexec/sshg-fw-iptables
|
||||
libexec/sshg-fw-nft-sets
|
||||
libexec/sshg-fw-null
|
||||
libexec/sshg-fw-pf
|
||||
libexec/sshg-logtail
|
||||
@bin libexec/sshg-parser
|
||||
@man man/man7/sshguard-setup.7
|
||||
@man man/man8/sshguard.8
|
||||
sbin/sshguard
|
||||
share/doc/pkg-readmes/${PKGSTEM}
|
||||
share/examples/sshguard/
|
||||
share/examples/sshguard/sshguard.conf.sample
|
||||
@sample ${SYSCONFDIR}/sshguard.conf
|
||||
share/examples/sshguard/whitelistfile.example
|
||||
|
||||
@ -1,10 +1,11 @@
|
||||
$OpenBSD: README,v 1.3 2018/09/04 12:46:21 espie Exp $
|
||||
$OpenBSD: README,v 1.4 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
+-----------------------------------------------------------------------
|
||||
| Running ${PKGSTEM} on OpenBSD
|
||||
+-----------------------------------------------------------------------
|
||||
|
||||
To use sshguard with pf(4), add the following to /etc/pf.conf:
|
||||
To use ${PKGSTEM} with pf(4), add something similar to the following to
|
||||
${SYSCONFDIR}/pf.conf:
|
||||
|
||||
table <sshguard> persist
|
||||
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
#!/bin/ksh
|
||||
#
|
||||
# $OpenBSD: sshguard.rc,v 1.4 2018/01/11 19:27:09 rpe Exp $
|
||||
# $OpenBSD: sshguard.rc,v 1.5 2019/03/29 15:54:24 sthen Exp $
|
||||
|
||||
daemon="${TRUEPREFIX}/sbin/sshguard"
|
||||
daemon_flags="-l /var/log/authlog"
|
||||
|
||||
. /etc/rc.d/rc.subr
|
||||
|
||||
pexp="${TRUEPREFIX}/libexec/sshg-blocker .*"
|
||||
|
||||
rc_bg=YES
|
||||
rc_reload=NO
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user