FreeBSD Bugzilla – Attachment 184580 Details for
Bug 220906
security/sshguard: Fix rc.d script, add UPDATING entry
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix up rc script
0001-sshguard-clean-up-rc-script.patch (text/plain), 6.61 KB, created by
Dan McGregor
on 2017-07-21 17:59:23 UTC
(
hide
)
Description:
Fix up rc script
Filename:
MIME Type:
Creator:
Dan McGregor
Created:
2017-07-21 17:59:23 UTC
Size:
6.61 KB
patch
obsolete
>From 79e50d32f9d235224b0b4e6c21a9cd92d354de9b Mon Sep 17 00:00:00 2001 >From: Dan McGregor <dan.mcgregor@usask.ca> >Date: Fri, 21 Jul 2017 11:56:10 -0600 >Subject: [PATCH] sshguard: clean up rc script > >Stop always overriding values stored in the configuration file. > >Add UPDATING entry for 2.0.0 >--- > UPDATING | 17 ++++++++ > security/sshguard/Makefile | 2 + > .../files/patch-examples-sshguard.conf.sample | 2 +- > security/sshguard/files/sshguard.in | 46 ++++++++++++++-------- > 4 files changed, 50 insertions(+), 17 deletions(-) > >diff --git a/UPDATING b/UPDATING >index 1fda45191868..1b73f14b9eef 100644 >--- a/UPDATING >+++ b/UPDATING >@@ -5,6 +5,23 @@ they are unavoidable. > You should get into the habit of checking this file for changes each time > you update your ports collection, before attempting any port upgrades. > >+20170721: >+ AFFECTS: users of security/sshguard* >+ AUTHOR: dan.mcgregir@usask.ca >+ >+ security/sshguard was updated to 2.0.0, and security/sshguard-pf, >+ security/sshguard-ipfw, and security/sshguard-null have been merged into >+ security/sshguard. >+ >+ Configuration of the service is now handled in ${PREFIX}/etc/sshguard.conf. >+ Please select the desired backend, -null is selected by default. >+ >+ In order to upgrade from 1.7.1 change the origin to security/sshguard >+ >+ # pkg set -o security/sshguard-ipfw:security/sshguard >+ # pkg set -o security/sshguard-null:security/sshguard >+ # pkg set -o security/sshguard-pf:security/sshguard >+ > 20170717: > AFFECTS: users of devel/p5-Log-Any and devel/p5-Log-Any-Adapter-Syslog > AUTHOR: eugen@FreeBSD.org >diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile >index 0ffc54e8b405..df17ee6dd507 100644 >--- a/security/sshguard/Makefile >+++ b/security/sshguard/Makefile >@@ -3,6 +3,7 @@ > > PORTNAME= sshguard > PORTVERSION= 2.0.0 >+PORTREVISION= 1 > CATEGORIES= security > MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} > >@@ -21,6 +22,7 @@ SUB_FILES= pkg-message > > post-patch: > @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst >+ @${REINPLACE_CMD} -e 's|/usr/local|${PREFIX}|' ${WRKSRC}/examples/sshguard.conf.sample > > post-install: > ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc >diff --git a/security/sshguard/files/patch-examples-sshguard.conf.sample b/security/sshguard/files/patch-examples-sshguard.conf.sample >index 65428e87047f..314631c06043 100644 >--- a/security/sshguard/files/patch-examples-sshguard.conf.sample >+++ b/security/sshguard/files/patch-examples-sshguard.conf.sample >@@ -14,7 +14,7 @@ index d881e51..87b7acc 100644 > # Space-separated list of log files to monitor. Ignored if LOGREADER is set. > # (optional, no default) > -#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" >-+#FILES="/var/log/auth.log /var/log/maillog" >++FILES="/var/log/auth.log /var/log/maillog" > > # Shell command that provides logs on standard output. Takes precedence over > # FILES. (optional, no default) >diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in >index 71431e95a202..fb81d592b030 100644 >--- a/security/sshguard/files/sshguard.in >+++ b/security/sshguard/files/sshguard.in >@@ -40,24 +40,21 @@ > # sshguard_pidfile (str): Path to PID file. > # Set to "/var/run/sshguard.pid" by default > # sshguard_watch_logs (str): Colon splitted list of logs to watch. >-# Set to "/var/log/auth.log:/var/log/maillog" >-# by default. >+# Unset by default. Overrides the configuration file. > # The following options directly maps to their command line options, >-# please read manual page sshguard(8) for detailed information: >+# and override the configuration file, so most are unset by default. >+# Please read manual page sshguard(8) for detailed information: > # sshguard_blacklist (str): [thr:]/path/to/blacklist. > # Set to "30:/var/db/sshguard/blacklist.db" > # by default. >-# sshguard_danger_thresh (int): Danger threshold. Set to "30" by default. >+# sshguard_danger_thresh (int): Danger threshold. > # sshguard_release_interval (int): > # Minimum interval an address remains >-# blocked. Set to "120" by default. >+# blocked. > # sshguard_reset_interval (int): > # Interval before a suspected attack is > # forgotten and danger is reset to 0. >-# Set to "1800" by default. > # sshguard_whitelistfile (str): Path to the whitelist. >-# Set to "%%PREFIX%%/etc/sshguard.whitelist" >-# by default. > # sshguard_flags (str): Set additional command line arguments. > # > >@@ -71,11 +68,11 @@ load_rc_config sshguard > > : ${sshguard_enable:=NO} > : ${sshguard_blacklist=30:/var/db/sshguard/blacklist.db} >-: ${sshguard_danger_thresh=30} >-: ${sshguard_release_interval=120} >-: ${sshguard_reset_interval=1800} >-: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} >-: ${sshguard_watch_logs=/var/log/auth.log:/var/log/maillog} >+: ${sshguard_danger_thresh=} >+: ${sshguard_release_interval=} >+: ${sshguard_reset_interval=} >+: ${sshguard_whitelistfile=} >+: ${sshguard_watch_logs=} > > pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} > >@@ -83,7 +80,7 @@ command=/usr/sbin/daemon > actual_command="%%PREFIX%%/sbin/sshguard" > procname="%%PREFIX%%/libexec/sshg-blocker" > start_precmd=sshguard_prestart >-command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" >+command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} \${sshguard_danger_params} \${sshguard_release_params} \${sshguard_reset_params} \${sshguard_whitelist_params} -i ${pidfile}" > > sshguard_prestart() > { >@@ -96,9 +93,26 @@ sshguard_prestart() > sshguard_blacklist_params="-b ${sshguard_blacklist}" > fi > >- [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} >+ if [ ! -z ${sshguard_whitelistfile} ]; then >+ [ -e "${sshguard_whitelistfile}" ] || touch ${sshguard_whitelistfile} >+ sshguard_whitelist_params="-w ${sshguard_whitelistfile}" >+ fi >+ >+ if [ ! -z ${sshguard_danger_thresh} ]; then >+ sshguard_danger_params="-a ${sshguard_danger_thresh}" >+ fi >+ >+ if [ ! -z ${sshguard_release_interval} ]; then >+ sshguard_release_params="-p ${sshguard_release_interval}" >+ fi > >- sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ) >+ if [ ! -z ${sshguard_reset_interval} ]; then >+ sshguard_reset_params="-s ${sshguard_reset_interval}" >+ fi >+ >+ if [ ! -z "${sshguard_watch_logs}" ]; then >+ sshguard_watch_params=$(echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ) >+ fi > } > > run_rc_command "$1" >-- >2.14.0.rc0.26.g981adb928 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184580">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
koobs
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 220906
: 184580