sshguard 2.0 requires /usr/local/etc/sshguard.conf to exist to be able to start sshguard. My /etc/rc.conf contains: sshguard_enable="YES" sshguard_watch_logs="/var/log/auth.log:/var/log/maillog:/var/log/xferlog" sshguard_blacklist="" I remove the last 2 lines and keep only: sshguard_enable="YES" Then I edit sshguard.conf and replace: #FILES="/var/log/auth.log /var/log/maillog" with: FILES="/var/log/auth.log /var/log/maillog /var/log/xferlog" The problem is that it ignores all changes in sshguard.conf and I think the only change it works is the BACKEND option. I think the /usr/local/etc/rc.d/sshguard script needs changes to remove the /etc/rc.conf options and the configuration to be done using /usr/local/etc/sshguard.conf
This is the reply from the SSGuard developer Kevin Zheng: "I took a look at the rc.d script in ports. SSHGuard usually looks at sshguard.conf for a list of files to monitor, but lets you override it via the command line using -l arguments. Here, the rc.d script is *always* setting the '-l' arguments even if you don't have SSHGUARD_WATCH_LOGS set in your rc.conf. The right thing to do might be to change the rc.d script to avoid setting '-l' arguments if the user left SSHGUARD_WATCH_LOGS empty. Or, if easing the transition isn't important, axing it in favor of the configuration file."
Yes, I missed this when I did the update, I'll post a fix shortly.
Thank you for your help :-)
Created attachment 184580 [details] Fix up rc script Patch to fix the rc.d issues of always overriding the config file. Also sets the defaults in the config file to match the former defaults in the rc script. Add UPDATING entry.
A commit references this bug: Author: woodsb02 Date: Mon Jul 24 10:56:17 UTC 2017 New revision: 446517 URL: https://svnweb.freebsd.org/changeset/ports/446517 Log: security/sshguard: Fix rc script, add UPDATING entry sshguard usually looks at sshguard.conf for a list of files to monitor, but lets you override it via the command line using -l arguments. This change fixes an issue with the previous rc script which was *always* setting the '-l' arguments even if sshguard_watch_logs wasn't set in rc.conf. This change also sets the defaults in the config file to match the former defaults in the rc script, and adds an UPDATING entry to warn of the change from default configuration via rc.conf the config file. PR: 220906 Submitted by: Dan McGregor (maintainer) Reported by: chris@cretaforce.gr Changes: head/UPDATING head/security/sshguard/Makefile head/security/sshguard/files/patch-examples-sshguard.conf.sample head/security/sshguard/files/sshguard.in
Committed - thanks for reporting it Chris, and for the fix Dan!