sshguard >1.5 does not parse ssh invalid user logins like : Dec 18 06:23:27 redacted sshd[6294]: Invalid user aaron from 1.1.1.1 because it matches the lowercase invalid word only. The bug has been reported on sshguard-users mailing-list in june 2012 [1] and I submitted a patch [2] today. [1] http://sourceforge.net/mailarchive/forum.php?thread_name=20120625040417.GD4130%40nntp.AegisInfoSys.com&forum_name=sshguard-users [2] https://sourceforge.net/tracker/?func=detail&aid=3597444&group_id=188282&atid=924687 Fix: See attached patch Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->crees crees@ wants this submitter's PRs (via the GNATS Auto Assign Tool)
Maintainer of security/sshguard, Please note that PR ports/174571 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/174571 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
State Changed From-To: feedback->open Hi Mij, is this patch OK?
Author: crees Date: Tue Apr 8 19:03:02 2014 New Revision: 350643 URL: http://svnweb.freebsd.org/changeset/ports/350643 QAT: https://qat.redports.org/buildarchive/r350643/ Log: Fix old sshguard bug; does not detect ssh invalid users logins PR: ports/174571 Submitted by: Francois Charlier <fcharlier@ploup.net> Reset maintainer after 16 month timeout While here, stage, remove some insanity and fixup rc script Added: head/security/sshguard/files/patch-src-parser-attack_scanner.l (contents, props changed) Modified: head/security/sshguard/Makefile head/security/sshguard/files/sshguard.in head/security/sshguard/pkg-install Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Tue Apr 8 18:54:10 2014 (r350642) +++ head/security/sshguard/Makefile Tue Apr 8 19:03:02 2014 (r350643) @@ -3,40 +3,30 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} -MAINTAINER= mij@bitchx.it +MAINTAINER= ports@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* -PLIST_FILES= sbin/sshguard +USES= tar:bzip2 + +PLIST_FILES= sbin/sshguard man/man8/sshguard.8.gz -MAN8= sshguard.8 -MANCOMPRESSED= no -USE_BZIP2= yes USE_RC_SUBR= sshguard MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" -HAS_CONFIGURE= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} -# sublist will be set afterward +SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message # backend type in { hosts, ipfw, pf } SSHGUARDFW?= hosts -NO_STAGE= yes -.include <bsd.port.pre.mk> - -.if defined(PREFIX) -CONFIGURE_ARGS+= --prefix=${PREFIX} -.endif - -# set path for manpages -CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man - .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html" .elif ${SSHGUARDFW} == ipfw @@ -47,16 +37,4 @@ PKGMSG_FWBLOCK=" Sshguard is going to u PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .endif -# for substitution in subfiles -SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} - -CONFIGURE_ARGS+= --with-firewall=${SSHGUARDFW} - -post-install: - @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL - @${CAT} ${PKGMESSAGE} - -pre-deinstall: - @PKG_PREFIX=${PREFIX} ${SH} ${PKGDEINSTALL} ${PKGNAME} DEINSTALL - -.include <bsd.port.post.mk> +.include <bsd.port.mk> Added: head/security/sshguard/files/patch-src-parser-attack_scanner.l ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sshguard/files/patch-src-parser-attack_scanner.l Tue Apr 8 19:03:02 2014 (r350643) @@ -0,0 +1,11 @@ +--- src/parser/attack_scanner.l.orig 2012-12-19 10:58:02.992356246 +0000 ++++ src/parser/attack_scanner.l 2012-12-19 10:58:22.407356894 +0000 +@@ -127,7 +127,7 @@ + + + /* SSH: invalid or rejected user (cross platform [generated by openssh]) */ +-"Invalid user ".+" from " { return SSH_INVALUSERPREF; } ++[Ii]"nvalid user ".+" from " { return SSH_INVALUSERPREF; } + /* match disallowed user (not in AllowUsers/AllowGroups or in DenyUsers/DenyGroups) on Linux Ubuntu/FreeBSD */ + /* "User tinydns from 1.2.3.4 not allowed because not listed in AllowUsers" */ + "User ".+" from " { BEGIN(ssh_notallowed); return SSH_NOTALLOWEDPREF; } Modified: head/security/sshguard/files/sshguard.in ============================================================================== --- head/security/sshguard/files/sshguard.in Tue Apr 8 18:54:10 2014 (r350642) +++ head/security/sshguard/files/sshguard.in Tue Apr 8 19:03:02 2014 (r350643) @@ -31,6 +31,7 @@ # PROVIDE: sshguard # REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown # # Add the following lines to /etc/rc.conf to enable sshguard: @@ -62,14 +63,10 @@ name="sshguard" rcvar="sshguard_enable" -command="/usr/sbin/daemon" -actual_command="%%PREFIX%%/sbin/${name}" -procname="${actual_command}" load_rc_config $name -: ${sshguard_enable="NO"} -: ${sshguard_pidfile="/var/run/${name}.pid"} +: ${sshguard_enable:="NO"} : ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} : ${sshguard_safety_thresh="40"} : ${sshguard_pardon_min_interval="1200"} @@ -77,8 +74,11 @@ load_rc_config $name : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} : ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} -pidfile="${sshguard_pidfile}" -sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ` +pidfile=${sshguard_pidfile:-"/var/run/${name}.pid"} + +command="/usr/sbin/daemon" +actual_command="%%PREFIX%%/sbin/${name}" +procname="${actual_command}" start_precmd="${name}_prestart" command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}" @@ -87,6 +87,7 @@ sshguard_prestart() { mkdir -p `dirname ${sshguard_blacklist##*:}` [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} + sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ` } run_rc_command "$1" Modified: head/security/sshguard/pkg-install ============================================================================== --- head/security/sshguard/pkg-install Tue Apr 8 18:54:10 2014 (r350642) +++ head/security/sshguard/pkg-install Tue Apr 8 19:03:02 2014 (r350643) @@ -13,7 +13,7 @@ SSHGUARDCONFLINE="auth.info;authpriv.inf case "$2" in "POST-INSTALL") - if test "x$SSHGUARDFW" = xhosts + if test "$SSHGUARDFW" = hosts then touch /etc/hosts.allow fi @@ -23,7 +23,7 @@ case "$2" in TMPFILE=`mktemp -q /tmp/syslogcXX` # make sure our file has the same permissions as the original, since we mv it back cp -p $SYSLOGCONF ${TMPFILE} - echo > ${TMPFILE} + : > ${TMPFILE} inheader=1 cat "$SYSLOGCONF" | while read cline ; do _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Sorry for the really long wait-- the maintainer was unresponsive and has been reset.