Attachment #188601 for bug #224153

View | Details | Raw Unified | Return to bug 224153
Collapse All | Expand All




# $FreeBSD$

PORTNAME=	sshguard
PORTVERSION=	2.1.0
PORTREVISION=	1
CATEGORIES=	security
MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}

MAINTAINER=	dan.mcgregor@usask.ca
COMMENT=	Protect hosts from brute-force attacks against SSH and other services

LICENSE=	BSD2CLAUSE

USES=		autoreconf

USE_RC_SUBR=	sshguard
MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
GNU_CONFIGURE=	yes

SUB_FILES=	pkg-message

Lines 1-3 Link Here

(-)b/security/sshguard/distinfo (-3 / +3 lines)
1	TIMESTAMP = 1500391750	1	TIMESTAMP = 1512597921
2	SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06	2	SHA256 (sshguard-2.1.0.tar.gz) = 21252a4834ad8408df384ee4ddf468624aa9de9cead5afde1c77380a48cf028a
3	SIZE (sshguard-2.0.0.tar.gz) = 886995	3	SIZE (sshguard-2.1.0.tar.gz) = 1117466




--- examples/sshguard.conf.sample.orig	2017-12-06 22:18:20 UTC
index d881e51..87b7acc 100644
--- examples/sshguard.conf.sample
+++ examples/sshguard.conf.sample
@@ -6,10 +6,12 @@
 
 #### REQUIRED CONFIGURATION ####
 # Full path to backend executable (required, no default)
-#BACKEND="/usr/local/libexec/sshg-fw-iptables"
+#BACKEND="/usr/local/libexec/sshg-fw-hosts"
+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
+#BACKEND="/usr/local/libexec/sshg-fw-pf"
 
 # Space-separated list of log files to monitor. (optional, no default)
 # (optional, no default)
-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
+FILES="/var/log/auth.log /var/log/maillog"
 
 # Shell command that provides logs on standard output. (optional, no default)
 # Example 1: ssh and sendmail from systemd journal:
@@ -40,12 +42,12 @@ DETECTION_TIME=1800
 # !! Warning: These features may not work correctly with sandboxing. !!
 
 # Full path to PID file (optional, no default)




To enable SSHGuard at startup, add the following line to your 'rc.conf':
sshguard_enable="YES"

Starting SSHGuard through syslogd(8) is discouraged and not supported.
  rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .

Configure SSHGuard by editing BACKEND in '%%PREFIX%%/etc/sshguard.conf'. See
sshguard-setup(7) for instructions on setting up your firewall.

Please note that a few rc script parameters have been renamed to
better reflect the documentation:

sshguard_safety_thresh -> sshguard_danger_thresh
sshguard_pardon_min_interval -> sshguard_release_interval
sshguard_prescribe_interval -> sshguard_reset_interval
##########################################################################




SSHGuard protects hosts from brute-force attacks against SSH and other
services. It aggregates system logs and blocks repeat offenders using one of
several firewall backends.

WWW: http://www.sshguard.net/
once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
detects attacks for many services out of the box, including SSH, FreeBSD's
ftpd and dovecot.  It can operate all the major firewalling systems, including
PF, netfilter/iptables, and IPFIREWALL/ipfw.

Sshguard has several relevant features like support for IPv6, whitelisting,
suspension, log message authentication. It is reliable, easy to set up and
demands very few resources to the system.

WWW: http://sshguard.sourceforge.net

Lines 7-12 libexec/sshg-fw-ipfilter Link Here

(-)b/security/sshguard/pkg-plist (+1 lines)
7	libexec/sshg-fw-ipfw	7	libexec/sshg-fw-ipfw
8	libexec/sshg-fw-ipset	8	libexec/sshg-fw-ipset
9	libexec/sshg-fw-iptables	9	libexec/sshg-fw-iptables
		10	libexec/sshg-fw-nft-sets
10	libexec/sshg-fw-null	11	libexec/sshg-fw-null
11	libexec/sshg-fw-pf	12	libexec/sshg-fw-pf
12	libexec/sshg-logtail	13	libexec/sshg-logtail

Return to bug 224153

Lines 2-21 Link Here

(-)b/security/sshguard/Makefile (-6 / +2 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= sshguard	4	PORTNAME= sshguard
5	PORTVERSION= 2.0.0	5	PORTVERSION= 2.1.0
6	PORTREVISION= 1
7	CATEGORIES= security	6	CATEGORIES= security
8	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}	7	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
9		8
10	MAINTAINER= dan.mcgregor@usask.ca	9	MAINTAINER= dan.mcgregor@usask.ca
11	COMMENT= Protect hosts from brute force attacks against ssh and other services	10	COMMENT= Protect hosts from brute-force attacks against SSH and other services
12		11
13	LICENSE= BSD2CLAUSE	12	LICENSE= BSD2CLAUSE
14		13
15	USES= autoreconf
16
17	USE_RC_SUBR= sshguard	14	USE_RC_SUBR= sshguard
18	MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
19	GNU_CONFIGURE= yes	15	GNU_CONFIGURE= yes
20		16
21	SUB_FILES= pkg-message	17	SUB_FILES= pkg-message

Lines 1-24 Link Here

(-)b/security/sshguard/files/patch-examples-sshguard.conf.sample (-11 / +8 lines)
1	diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample	1	--- examples/sshguard.conf.sample.orig 2017-12-06 22:18:20 UTC
2	index d881e51..87b7acc 100644
3	--- examples/sshguard.conf.sample
4	+++ examples/sshguard.conf.sample	2	+++ examples/sshguard.conf.sample
5	@@ -6,11 +6,13 @@	3	@@ -6,10 +6,12 @@
6		4
7	#### REQUIRED CONFIGURATION ####	5	#### REQUIRED CONFIGURATION ####
8	# Full path to backend executable (required, no default)	6	# Full path to backend executable (required, no default)
9	-#BACKEND="/usr/local/libexec/sshg-fw-hosts"	7	-#BACKEND="/usr/local/libexec/sshg-fw-iptables"
10	+BACKEND="/usr/local/libexec/sshg-fw-null"	8	+#BACKEND="/usr/local/libexec/sshg-fw-hosts"
11	+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"	9	+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
12	+#BACKEND="/usr/local/libexec/sshg-fw-pf"	10	+#BACKEND="/usr/local/libexec/sshg-fw-pf"
13		11
14	# Space-separated list of log files to monitor. Ignored if LOGREADER is set.	12	# Space-separated list of log files to monitor. (optional, no default)
15	# (optional, no default)
16	-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"	13	-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
17	+FILES="/var/log/auth.log /var/log/maillog"	14	+FILES="/var/log/auth.log /var/log/maillog"
18		15
19	# Shell command that provides logs on standard output. Takes precedence over	16	# Shell command that provides logs on standard output. (optional, no default)
20	# FILES. (optional, no default)	17	# Example 1: ssh and sendmail from systemd journal:
21	@@ -36,12 +38,12 @@ DETECTION_TIME=1800	18	@@ -40,12 +42,12 @@ DETECTION_TIME=1800
22	# !! Warning: These features may not work correctly with sandboxing. !!	19	# !! Warning: These features may not work correctly with sandboxing. !!
23		20
24	# Full path to PID file (optional, no default)	21	# Full path to PID file (optional, no default)

Lines 1-15 Link Here

(-)b/security/sshguard/files/pkg-message.in (-11 / +10 lines)
1	##########################################################################	1	To enable SSHGuard at startup, add the following line to your 'rc.conf':
2	Sshguard installed successfully.	2	sshguard_enable="YES"
3		3
4	You can start sshguard as a daemon by using the	4	Starting SSHGuard through syslogd(8) is discouraged and not supported.
5	rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
6		5
7	See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.	6	Configure SSHGuard by editing BACKEND in '%%PREFIX%%/etc/sshguard.conf'. See
		7	sshguard-setup(7) for instructions on setting up your firewall.
8		8
9	Please note that a few rc script parameters have been renamed to	9	Please note that a few rc script parameters have been renamed to
10	better reflect the documentation:	10	better reflect the documentation:
11		11
12	sshguard_safety_thresh -> sshguard_danger_thresh	12	sshguard_safety_thresh -> sshguard_danger_thresh
13	sshguard_pardon_min_interval -> sshguard_release_interval	13	sshguard_pardon_min_interval -> sshguard_release_interval
14	sshguard_prescribe_interval -> sshguard_reset_interval	14	sshguard_prescribe_interval -> sshguard_reset_interval
15	##########################################################################

Lines 1-14 Link Here

(-)b/security/sshguard/pkg-descr (-13 / +4 lines)
1	Sshguard monitors services from their logging activity. It reacts to messages	1	SSHGuard protects hosts from brute-force attacks against SSH and other
2	about dangerous activity by blocking the source address with the local firewall.	2	services. It aggregates system logs and blocks repeat offenders using one of
		3	several firewall backends.
3		4
4	Sshguard employs a clever parser that can recognize several logging formats at	5	WWW: http://www.sshguard.net/
5	once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
6	detects attacks for many services out of the box, including SSH, FreeBSD's
7	ftpd and dovecot. It can operate all the major firewalling systems, including
8	PF, netfilter/iptables, and IPFIREWALL/ipfw.
9
10	Sshguard has several relevant features like support for IPv6, whitelisting,
11	suspension, log message authentication. It is reliable, easy to set up and
12	demands very few resources to the system.
13
14	WWW: http://sshguard.sourceforge.net