Attachment #184549 for bug #219409

View | Details | Raw Unified | Return to bug 219409
Collapse All | Expand All

Lines 9466-9468 dns/opendnssec13\|dns/opendnssec14\|2017-07-13\|Has expired: Approaching EOL, upgra Link Here

(-)b/MOVED (+3 lines)
9466	multimedia/banshee\|\|2017-07-13\|Has expired: Project is not being actively maintained upstream anymore	9466	multimedia/banshee\|\|2017-07-13\|Has expired: Project is not being actively maintained upstream anymore
9467	www/libhtp-suricata\|\|2017-07-16\|No longer required. security/suricata now uses official (not forked) libhtp	9467	www/libhtp-suricata\|\|2017-07-16\|No longer required. security/suricata now uses official (not forked) libhtp
9468	databases/py-odbc\|databases/py-pyodbc\|2017-07-18\|Rename to comply with PyPI scheme	9468	databases/py-odbc\|databases/py-pyodbc\|2017-07-18\|Rename to comply with PyPI scheme
		9469	security/sshguard-ipfw\|security/sshguard\|2017-07-18\|Merged with security/sshguard
		9470	security/sshguard-pf\|security/sshguard\|2017-07-18\|Merged with security/sshguard
		9471	security/sshguard-null\|security/sshguard\|2017-07-18\|Merged with security/sshguard




# Created by: Mij <mij@bitchx.it>
# $FreeBSD$

PKGNAMESUFFIX=	-ipfw

COMMENT=	Protect hosts from brute force attacks against ssh and other services using ipfw

CONFLICTS=	sshguard-pf-1.* sshguard-null-1.*

SSHGUARDFW=	ipfw
MASTERDIR=	${.CURDIR}/../sshguard

.include "${MASTERDIR}/Makefile"




# Created by: Mij <mij@bitchx.it>
# $FreeBSD$

PKGNAMESUFFIX=	-null

COMMENT=	Protect hosts from brute force attacks against ssh and other services

CONFLICTS=	sshguard-ipfw-1.* sshguard-pf-1.*

SSHGUARDFW=	null
MASTERDIR=	${.CURDIR}/../sshguard

.include "${MASTERDIR}/Makefile"




# Created by: Mij <mij@bitchx.it>
# $FreeBSD$

PKGNAMESUFFIX=	-pf

COMMENT=	Protect hosts from brute force attacks against ssh and other services using pf

CONFLICTS=	sshguard-ipfw-1.* sshguard-null-1.*

SSHGUARDFW=	pf
MASTERDIR=	${.CURDIR}/../sshguard

.include "${MASTERDIR}/Makefile"




# $FreeBSD$

PORTNAME=	sshguard
PORTVERSION=	2.0.0
PORTREVISION=	0
CATEGORIES=	security
MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}

MAINTAINER=	ports@FreeBSD.org
COMMENT=	Protect hosts from brute force attacks against ssh and other services

SSHGUARDFW?=	none

# If SSHGUARDFW is not set by a slave port, then we only use the
# following which makes this a metaport to choose a backend
.if ${SSHGUARDFW} == none
NO_BUILD=YES
NO_INSTALL=YES
NO_ARCH=YES

OPTIONS_SINGLE=	BACKEND
OPTIONS_SINGLE_BACKEND=	IPFW NULL PF
OPTIONS_DEFAULT=	IPFW

IPFW_DESC=	IPFW firewall backend
NULL_DESC=	null firewall backend (detection only)
PF_DESC=	pf firewall backend

IPFW_RUN_DEPENDS=	sshguard-ipfw>0:security/sshguard-ipfw
NULL_RUN_DEPENDS=	sshguard-null>0:security/sshguard-null
PF_RUN_DEPENDS=		sshguard-pf>0:security/sshguard-pf

.include <bsd.port.options.mk>

# The remaining settings are used by the slave ports
.else

LICENSE=	BSD2CLAUSE

USES=		autoreconf

PLIST_FILES=	libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \
		sbin/sshguard man/man8/sshguard.8.gz

USE_RC_SUBR=	sshguard
MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
GNU_CONFIGURE=	yes

post-patch:
	@${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst

post-install:
	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
	${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc
PKGMSG_FWBLOCK="  To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
.elif ${SSHGUARDFW} == ipfw
PKGMSG_FWBLOCK="  IPFW support has been rewritten. Sshguard will now add entries to table 22."
.elif ${SSHGUARDFW} == null
PKGMSG_FWBLOCK="  Sshguard null backend does detection only. It does not take action."
.endif

.include <bsd.port.mk>

Lines 1-3 Link Here

(-)b/security/sshguard/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1483998292	1	TIMESTAMP = 1500391750
2	SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195	2	SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
3	SIZE (sshguard-1.7.1.tar.gz) = 832220	3	SIZE (sshguard-2.0.0.tar.gz) = 886995




diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
index d881e51..87b7acc 100644
--- examples/sshguard.conf.sample
+++ examples/sshguard.conf.sample
@@ -6,11 +6,13 @@
 
 #### REQUIRED CONFIGURATION ####
 # Full path to backend executable (required, no default)
-#BACKEND="/usr/local/libexec/sshg-fw-hosts"
+BACKEND="/usr/local/libexec/sshg-fw-null"
+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
+#BACKEND="/usr/local/libexec/sshg-fw-pf"
 
 # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
 # (optional, no default)
-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
+#FILES="/var/log/auth.log /var/log/maillog"
 
 # Shell command that provides logs on standard output. Takes precedence over
 # FILES. (optional, no default)
@@ -36,12 +38,12 @@ DETECTION_TIME=1800
 # !! Warning: These features may not work correctly with sandboxing. !!
 
 # Full path to PID file (optional, no default)
-#PID_FILE=/run/sshguard.pid
+#PID_FILE=/var/run/sshguard.pid
 
 # Colon-separated blacklist threshold and full path to blacklist file.
 # (optional, no default)
-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
+#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db
 
 # IP addresses listed in the WHITELIST_FILE are considered to be
 # friendlies and will never be blocked.
-#WHITELIST_FILE=/etc/friends
+#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist

Added Link Here

(-)b/security/sshguard/files/patch-src-sshguard.in (+10 lines)
1	diff --git src/sshguard.in src/sshguard.in
2	index 40c864b..249ddb5 100644
3	--- src/sshguard.in
4	+++ src/sshguard.in
5	@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then
6	fi
7
8	eval $tailcmd \| $libexec/sshg-parser \| \
9	- $libexec/sshg-blocker $flags \| ($BACKEND; kill -PIPE $$)
10	+ $libexec/sshg-blocker $flags \| ($BACKEND ; pkill -PIPE -P $$)

Lines 81-87 pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} Link Here

(-)b/security/sshguard/files/sshguard.in (-1 / +1 lines)
81		81
82	command=/usr/sbin/daemon	82	command=/usr/sbin/daemon
83	actual_command="%%PREFIX%%/sbin/sshguard"	83	actual_command="%%PREFIX%%/sbin/sshguard"
84	procname="${actual_command}"	84	procname="%%PREFIX%%/libexec/sshg-blocker"
85	start_precmd=sshguard_prestart	85	start_precmd=sshguard_prestart
86	command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"	86	command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
87		87




##########################################################################
  Sshguard installed successfully.

  Sshguard now installs all supported backends (null, ipfw, pf, hosts)

  You can start sshguard as a daemon by using the
  rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .

  See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.

  Please note that a few rc script parameters have been renamed to
  better reflect the documentation:




etc/sshguard.conf.sample
@sample etc/sshguard.conf.sample
etc/rc.d/sshguard
sbin/sshguard
libexec/sshg-blocker
libexec/sshg-fw-hosts
libexec/sshg-fw-ipfw
libexec/sshg-fw-null
libexec/sshg-fw-pf
libexec/sshg-logtail
libexec/sshg-parser
%%PORTDOCS%%man/man8/sshguard.8.gz
%%PORTDOCS%%man/man7/sshguard-setup.7.gz

Return to bug 219409

Removed Link Here

(-)a/security/sshguard-ipfw/Makefile (-13 lines)
1	# Created by: Mij <mij@bitchx.it>
2	# $FreeBSD$
3
4	PKGNAMESUFFIX= -ipfw
5
6	COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw
7
8	CONFLICTS= sshguard-pf-1.* sshguard-null-1.*
9
10	SSHGUARDFW= ipfw
11	MASTERDIR= ${.CURDIR}/../sshguard
12
13	.include "${MASTERDIR}/Makefile"

Removed Link Here

(-)a/security/sshguard-null/Makefile (-13 lines)
1	# Created by: Mij <mij@bitchx.it>
2	# $FreeBSD$
3
4	PKGNAMESUFFIX= -null
5
6	COMMENT= Protect hosts from brute force attacks against ssh and other services
7
8	CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.*
9
10	SSHGUARDFW= null
11	MASTERDIR= ${.CURDIR}/../sshguard
12
13	.include "${MASTERDIR}/Makefile"

Removed Link Here

(-)a/security/sshguard-pf/Makefile (-13 lines)
1	# Created by: Mij <mij@bitchx.it>
2	# $FreeBSD$
3
4	PKGNAMESUFFIX= -pf
5
6	COMMENT= Protect hosts from brute force attacks against ssh and other services using pf
7
8	CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.*
9
10	SSHGUARDFW= pf
11	MASTERDIR= ${.CURDIR}/../sshguard
12
13	.include "${MASTERDIR}/Makefile"

Lines 2-63 Link Here

(-)b/security/sshguard/Makefile (-45 / +9 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= sshguard	4	PORTNAME= sshguard
5	PORTVERSION= 1.7.1	5	PORTVERSION= 2.0.0
6	PORTREVISION= 0
7	CATEGORIES= security	6	CATEGORIES= security
8	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}	7	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
9		8
10	MAINTAINER= ports@FreeBSD.org	9	MAINTAINER= ports@FreeBSD.org
11	COMMENT?= Protect hosts from brute force attacks against ssh and other services	10	COMMENT= Protect hosts from brute force attacks against ssh and other services
12
13	SSHGUARDFW?= none
14
15	# If SSHGUARDFW is not set by a slave port, then we only use the
16	# following which makes this a metaport to choose a backend
17	.if ${SSHGUARDFW} == none
18	NO_BUILD=YES
19	NO_INSTALL=YES
20	NO_ARCH=YES
21
22	OPTIONS_SINGLE= BACKEND
23	OPTIONS_SINGLE_BACKEND= IPFW NULL PF
24	OPTIONS_DEFAULT= IPFW
25
26	IPFW_DESC= IPFW firewall backend
27	NULL_DESC= null firewall backend (detection only)
28	PF_DESC= pf firewall backend
29
30	IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw
31	NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null
32	PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf
33
34	.include <bsd.port.options.mk>
35
36	# The remaining settings are used by the slave ports
37	.else
38		11
39	LICENSE= BSD2CLAUSE	12	LICENSE= BSD2CLAUSE
40		13
41	USES= autoreconf	14	USES= autoreconf
42		15
43	PLIST_FILES= libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \
44	sbin/sshguard man/man8/sshguard.8.gz
45
46	USE_RC_SUBR= sshguard	16	USE_RC_SUBR= sshguard
47	MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"	17	MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
48	GNU_CONFIGURE= yes	18	GNU_CONFIGURE= yes
49	CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}	19
50		20	post-patch:
51	SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}	21	@${REINPLACE_CMD} -e 's\|%PREFIX%\|${PREFIX}\|' ${WRKSRC}/doc/sshguard.8.rst
52	SUB_FILES= pkg-message	22
53	.endif	23	post-install:
54		24	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
55	.if ${SSHGUARDFW} == pf	25	${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc
56	PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
57	.elif ${SSHGUARDFW} == ipfw
58	PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22."
59	.elif ${SSHGUARDFW} == null
60	PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action."
61	.endif
62		26
63	.include <bsd.port.mk>	27	.include <bsd.port.mk>

Added Link Here

(-)b/security/sshguard/files/patch-examples-sshguard.conf.sample (+36 lines)
1	diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
2	index d881e51..87b7acc 100644
3	--- examples/sshguard.conf.sample
4	+++ examples/sshguard.conf.sample
5	@@ -6,11 +6,13 @@
6
7	#### REQUIRED CONFIGURATION ####
8	# Full path to backend executable (required, no default)
9	-#BACKEND="/usr/local/libexec/sshg-fw-hosts"
10	+BACKEND="/usr/local/libexec/sshg-fw-null"
11	+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
12	+#BACKEND="/usr/local/libexec/sshg-fw-pf"
13
14	# Space-separated list of log files to monitor. Ignored if LOGREADER is set.
15	# (optional, no default)
16	-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
17	+#FILES="/var/log/auth.log /var/log/maillog"
18
19	# Shell command that provides logs on standard output. Takes precedence over
20	# FILES. (optional, no default)
21	@@ -36,12 +38,12 @@ DETECTION_TIME=1800
22	# !! Warning: These features may not work correctly with sandboxing. !!
23
24	# Full path to PID file (optional, no default)
25	-#PID_FILE=/run/sshguard.pid
26	+#PID_FILE=/var/run/sshguard.pid
27
28	# Colon-separated blacklist threshold and full path to blacklist file.
29	# (optional, no default)
30	-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
31	+#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db
32
33	# IP addresses listed in the WHITELIST_FILE are considered to be
34	# friendlies and will never be blocked.
35	-#WHITELIST_FILE=/etc/friends
36	+#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist

Lines 1-12 Link Here

(-)b/security/sshguard/pkg-message (-2 / +2 lines)
1	##########################################################################	1	##########################################################################
2	Sshguard installed successfully.	2	Sshguard installed successfully.
3		3
4	%%PKGMSG_FWBLOCK%%	4	Sshguard now installs all supported backends (null, ipfw, pf, hosts)
5		5
6	You can start sshguard as a daemon by using the	6	You can start sshguard as a daemon by using the
7	rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .	7	rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
8		8
9	See sshguard(8) and http://www.sshguard.net/docs/setup for additional info.	9	See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.
10		10
11	Please note that a few rc script parameters have been renamed to	11	Please note that a few rc script parameters have been renamed to
12	better reflect the documentation:	12	better reflect the documentation:

Added Link Here

(-)b/security/sshguard/pkg-plist (-1 / +13 lines)
0	-	1	etc/sshguard.conf.sample
		2	@sample etc/sshguard.conf.sample
		3	etc/rc.d/sshguard
		4	sbin/sshguard
		5	libexec/sshg-blocker
		6	libexec/sshg-fw-hosts
		7	libexec/sshg-fw-ipfw
		8	libexec/sshg-fw-null
		9	libexec/sshg-fw-pf
		10	libexec/sshg-logtail
		11	libexec/sshg-parser
		12	%%PORTDOCS%%man/man8/sshguard.8.gz
		13	%%PORTDOCS%%man/man7/sshguard-setup.7.gz