Attachment #184580 for bug #220906

View | Details | Raw Unified | Return to bug 220906
Collapse All | Expand All




You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.

20170721:
  AFFECTS: users of security/sshguard*
  AUTHOR: dan.mcgregir@usask.ca

  security/sshguard was updated to 2.0.0, and security/sshguard-pf,
  security/sshguard-ipfw, and security/sshguard-null have been merged into
  security/sshguard.

  Configuration of the service is now handled in ${PREFIX}/etc/sshguard.conf.
  Please select the desired backend, -null is selected by default.

  In order to upgrade from 1.7.1 change the origin to security/sshguard

  # pkg set -o security/sshguard-ipfw:security/sshguard
  # pkg set -o security/sshguard-null:security/sshguard
  # pkg set -o security/sshguard-pf:security/sshguard

20170717:
  AFFECTS: users of devel/p5-Log-Any and devel/p5-Log-Any-Adapter-Syslog
  AUTHOR: eugen@FreeBSD.org

Lines 3-8 Link Here

(-)b/security/sshguard/Makefile (+2 lines)
3		3
4	PORTNAME= sshguard	4	PORTNAME= sshguard
5	PORTVERSION= 2.0.0	5	PORTVERSION= 2.0.0
		6	PORTREVISION= 1
6	CATEGORIES= security	7	CATEGORIES= security
7	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}	8	MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
8		9
Lines 21-26 SUB_FILES= pkg-message Link Here
21		22
22	post-patch:	23	post-patch:
23	@${REINPLACE_CMD} -e 's\|%PREFIX%\|${PREFIX}\|' ${WRKSRC}/doc/sshguard.8.rst	24	@${REINPLACE_CMD} -e 's\|%PREFIX%\|${PREFIX}\|' ${WRKSRC}/doc/sshguard.8.rst
		25	@${REINPLACE_CMD} -e 's\|/usr/local\|${PREFIX}\|' ${WRKSRC}/examples/sshguard.conf.sample
24		26
25	post-install:	27	post-install:
26	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc	28	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc

Lines 14-20 index d881e51..87b7acc 100644 Link Here

(-)b/security/sshguard/files/patch-examples-sshguard.conf.sample (-1 / +1 lines)
14	# Space-separated list of log files to monitor. Ignored if LOGREADER is set.	14	# Space-separated list of log files to monitor. Ignored if LOGREADER is set.
15	# (optional, no default)	15	# (optional, no default)
16	-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"	16	-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
17	+#FILES="/var/log/auth.log /var/log/maillog"	17	+FILES="/var/log/auth.log /var/log/maillog"
18		18
19	# Shell command that provides logs on standard output. Takes precedence over	19	# Shell command that provides logs on standard output. Takes precedence over
20	# FILES. (optional, no default)	20	# FILES. (optional, no default)




# sshguard_pidfile (str):	Path to PID file.
#				Set to "/var/run/sshguard.pid" by default
# sshguard_watch_logs (str):	Colon splitted list of logs to watch.
#				Unset by default. Overrides the configuration file.
#				by default.
# The following options directly maps to their command line options,
# and override the configuration file, so most are unset by default.
# Please read manual page sshguard(8) for detailed information:
# sshguard_blacklist (str):	[thr:]/path/to/blacklist.
#				Set to "30:/var/db/sshguard/blacklist.db"
#				by default.
# sshguard_danger_thresh (int):	Danger threshold.
# sshguard_release_interval (int):
#				Minimum interval an address remains
#				blocked.
# sshguard_reset_interval (int):
#				Interval before a suspected attack is
#				forgotten and danger is reset to 0.
#				Set to "1800" by default.
# sshguard_whitelistfile (str):	Path to the whitelist.
#				Set to "%%PREFIX%%/etc/sshguard.whitelist"
#				by default.
# sshguard_flags (str):		Set additional command line arguments.
#



: ${sshguard_enable:=NO}
: ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db}
: ${sshguard_danger_thresh=}
: ${sshguard_release_interval=}
: ${sshguard_reset_interval=}
: ${sshguard_whitelistfile=}
: ${sshguard_watch_logs=}

pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}


actual_command="%%PREFIX%%/sbin/sshguard"
procname="%%PREFIX%%/libexec/sshg-blocker"
start_precmd=sshguard_prestart
command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}"

sshguard_prestart()
{

	    sshguard_blacklist_params="-b ${sshguard_blacklist}"
	fi

	if [ ! -z ${sshguard_whitelistfile} ]; then
		[ -e "${sshguard_whitelistfile}" ] || touch ${sshguard_whitelistfile}
		sshguard_whitelist_params="-w ${sshguard_whitelistfile}"
	fi

	if [ ! -z ${sshguard_danger_thresh} ]; then
		sshguard_danger_params="-a ${sshguard_danger_thresh}"
	fi

	if [ ! -z ${sshguard_release_interval} ]; then
		sshguard_release_params="-p ${sshguard_release_interval}"
	fi

	if [ ! -z ${sshguard_reset_interval} ]; then
		sshguard_reset_params="-s ${sshguard_reset_interval}"
	fi

	if [ ! -z "${sshguard_watch_logs}" ]; then
		sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ )
	fi
}

run_rc_command "$1"
- 

Return to bug 220906

Lines 40-63 Link Here

(-)b/security/sshguard/files/sshguard.in (-17 / +30 lines)
40	# sshguard_pidfile (str): Path to PID file.	40	# sshguard_pidfile (str): Path to PID file.
41	# Set to "/var/run/sshguard.pid" by default	41	# Set to "/var/run/sshguard.pid" by default
42	# sshguard_watch_logs (str): Colon splitted list of logs to watch.	42	# sshguard_watch_logs (str): Colon splitted list of logs to watch.
43	# Set to "/var/log/auth.log:/var/log/maillog"	43	# Unset by default. Overrides the configuration file.
44	# by default.
45	# The following options directly maps to their command line options,	44	# The following options directly maps to their command line options,
46	# please read manual page sshguard(8) for detailed information:	45	# and override the configuration file, so most are unset by default.
		46	# Please read manual page sshguard(8) for detailed information:
47	# sshguard_blacklist (str): [thr:]/path/to/blacklist.	47	# sshguard_blacklist (str): [thr:]/path/to/blacklist.
48	# Set to "30:/var/db/sshguard/blacklist.db"	48	# Set to "30:/var/db/sshguard/blacklist.db"
49	# by default.	49	# by default.
50	# sshguard_danger_thresh (int): Danger threshold. Set to "30" by default.	50	# sshguard_danger_thresh (int): Danger threshold.
51	# sshguard_release_interval (int):	51	# sshguard_release_interval (int):
52	# Minimum interval an address remains	52	# Minimum interval an address remains
53	# blocked. Set to "120" by default.	53	# blocked.
54	# sshguard_reset_interval (int):	54	# sshguard_reset_interval (int):
55	# Interval before a suspected attack is	55	# Interval before a suspected attack is
56	# forgotten and danger is reset to 0.	56	# forgotten and danger is reset to 0.
57	# Set to "1800" by default.
58	# sshguard_whitelistfile (str): Path to the whitelist.	57	# sshguard_whitelistfile (str): Path to the whitelist.
59	# Set to "%%PREFIX%%/etc/sshguard.whitelist"
60	# by default.
61	# sshguard_flags (str): Set additional command line arguments.	58	# sshguard_flags (str): Set additional command line arguments.
62	#	59	#
63		60
Lines 71-81 load_rc_config sshguard Link Here
71		68
72	: ${sshguard_enable:=NO}	69	: ${sshguard_enable:=NO}
73	: ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db}	70	: ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db}
74	: ${sshguard_danger_thresh=30}	71	: ${sshguard_danger_thresh=}
75	: ${sshguard_release_interval=120}	72	: ${sshguard_release_interval=}
76	: ${sshguard_reset_interval=1800}	73	: ${sshguard_reset_interval=}
77	: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}	74	: ${sshguard_whitelistfile=}
78	: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog}	75	: ${sshguard_watch_logs=}
79		76
80	pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}	77	pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
81		78
Lines 83-89 command=/usr/sbin/daemon Link Here
83	actual_command="%%PREFIX%%/sbin/sshguard"	80	actual_command="%%PREFIX%%/sbin/sshguard"
84	procname="%%PREFIX%%/libexec/sshg-blocker"	81	procname="%%PREFIX%%/libexec/sshg-blocker"
85	start_precmd=sshguard_prestart	82	start_precmd=sshguard_prestart
86	command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"	83	command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}"
87		84
88	sshguard_prestart()	85	sshguard_prestart()
89	{	86	{
Lines 96-104 sshguard_prestart() Link Here
96	sshguard_blacklist_params="-b ${sshguard_blacklist}"	93	sshguard_blacklist_params="-b ${sshguard_blacklist}"
97	fi	94	fi
98		95
99	[ -e ${sshguard_whitelistfile} ] \|\| touch ${sshguard_whitelistfile}	96	if [ ! -z ${sshguard_whitelistfile} ]; then
		97	[ -e "${sshguard_whitelistfile}" ] \|\| touch ${sshguard_whitelistfile}
		98	sshguard_whitelist_params="-w ${sshguard_whitelistfile}"
		99	fi
		100
		101	if [ ! -z ${sshguard_danger_thresh} ]; then
		102	sshguard_danger_params="-a ${sshguard_danger_thresh}"
		103	fi
		104
		105	if [ ! -z ${sshguard_release_interval} ]; then
		106	sshguard_release_params="-p ${sshguard_release_interval}"
		107	fi
100		108
101	sshguard_watch_params=$(echo ${sshguard_watch_logs} \| tr : \\\n \| sed -e s/^/-l\ /g \| tr \\\n \ )	109	if [ ! -z ${sshguard_reset_interval} ]; then
		110	sshguard_reset_params="-s ${sshguard_reset_interval}"
		111	fi
		112
		113	if [ ! -z "${sshguard_watch_logs}" ]; then
		114	sshguard_watch_params=$(echo ${sshguard_watch_logs} \| tr : \\\n \| sed -e s/^/-l\ /g \| tr \\\n \ )
		115	fi
102	}	116	}
103		117
104	run_rc_command "$1"	118	run_rc_command "$1"
105	-

Lines 5-10 they are unavoidable. Link Here

(-)b/UPDATING (+17 lines)
5	You should get into the habit of checking this file for changes each time	5	You should get into the habit of checking this file for changes each time
6	you update your ports collection, before attempting any port upgrades.	6	you update your ports collection, before attempting any port upgrades.
7		7
		8	20170721:
		9	AFFECTS: users of security/sshguard*
		10	AUTHOR: dan.mcgregir@usask.ca
		11
		12	security/sshguard was updated to 2.0.0, and security/sshguard-pf,
		13	security/sshguard-ipfw, and security/sshguard-null have been merged into
		14	security/sshguard.
		15
		16	Configuration of the service is now handled in ${PREFIX}/etc/sshguard.conf.
		17	Please select the desired backend, -null is selected by default.
		18
		19	In order to upgrade from 1.7.1 change the origin to security/sshguard
		20
		21	# pkg set -o security/sshguard-ipfw:security/sshguard
		22	# pkg set -o security/sshguard-null:security/sshguard
		23	# pkg set -o security/sshguard-pf:security/sshguard
		24
8	20170717:	25	20170717:
9	AFFECTS: users of devel/p5-Log-Any and devel/p5-Log-Any-Adapter-Syslog	26	AFFECTS: users of devel/p5-Log-Any and devel/p5-Log-Any-Adapter-Syslog
10	AUTHOR: eugen@FreeBSD.org	27	AUTHOR: eugen@FreeBSD.org