Basic doas(1) instructions for sshlockout

sshlockout needs root privileges to modify pf tables. If running as _syslogd (the default for syslogd children), the failure is silent. Requested by sunil@
2017-11-01 13:23:46 +00:00 · 2017-11-01 13:23:46 +00:00 · d1be9be935
commit d1be9be935
parent f918d27a4f
3 changed files with 15 additions and 2 deletions
--- a/security/sshlockout/Makefile
+++ b/security/sshlockout/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2017/07/27 00:08:17 jca Exp $
+# $OpenBSD: Makefile,v 1.2 2017/11/01 13:23:46 jca Exp $

 COMMENT =	protect against brute force attacks on sshd(8)

 DISTNAME =	sshlockout-0.20170726
+REVISION =	0

 CATEGORIES =	security

--- a/security/sshlockout/pkg/PLIST
+++ b/security/sshlockout/pkg/PLIST
@ -1,3 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2017/07/27 00:08:17 jca Exp $
+@comment $OpenBSD: PLIST,v 1.2 2017/11/01 13:23:46 jca Exp $
@man man/man8/sshlockout.8
@bin sbin/sshlockout
+share/doc/pkg-readmes/${FULLPKGNAME}
--- a/security/sshlockout/pkg/README
+++ b/security/sshlockout/pkg/README
@ -0,0 +1,11 @@
+$OpenBSD: README,v 1.1 2017/11/01 13:23:46 jca Exp $
+
+-------------------------------------------------------------------------------
+| Running ${FULLPKGNAME} on OpenBSD
+-------------------------------------------------------------------------------
+
+syslogd(8) children run under the _syslogd user, but sshlockout(8)
+should be run as root in order to modify its pf(4) table.  doas(1) can
+be used to gain back root privileges:
+
+  permit nopass _syslogd as root cmd ${TRUEPREFIX}/sbin/sshlockout