Bug 227016

Summary: security/sshguard blacklist timeout too short
Product: Ports & Packages Reporter: Dan McGregor <dan.mcgregor>
Component: Individual Port(s)Assignee: Adam Weinberger <adamw>
Status: Closed FIXED    
Severity: Affects Only Me CC: adamw
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Change blacklist values none

Description Dan McGregor 2018-03-27 22:05:52 UTC
Created attachment 191885 [details]
Change blacklist values

Our blacklist timeout is too short, so update it to 120, the upstream recommended value.

I'm considering Adam's suggestion of disabling it completely by default, I may post a patch to do that too soon.

Reported by Adam Weinberger
Comment 1 Adam Weinberger freebsd_committer freebsd_triage 2018-05-28 01:23:08 UTC
Sorry Dan, I didn't realize you'd submitted this so long ago!
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-28 01:30:53 UTC
A commit references this bug:

Author: adamw
Date: Mon May 28 01:30:40 UTC 2018
New revision: 471012
URL: https://svnweb.freebsd.org/changeset/ports/471012

Log:
  Increase the default blacklist threshold from 30 to 120, which is the upstream
  default. 30 makes it far too easy to get locked out of your own server. 120 is
  simply a safer starting point.

  PR:		227016
  Submitted by:	Dan McGregor (maintainer)
  MFH:		2018Q2

Changes:
  head/security/sshguard/Makefile
  head/security/sshguard/files/patch-examples-sshguard.conf.sample
  head/security/sshguard/files/sshguard.in
Comment 3 Adam Weinberger freebsd_committer freebsd_triage 2018-05-28 01:42:17 UTC
Committed. Thanks, Dan!

I've requested an MFH for this as well.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-05-29 13:04:21 UTC
A commit references this bug:

Author: adamw
Date: Tue May 29 13:04:06 UTC 2018
New revision: 471092
URL: https://svnweb.freebsd.org/changeset/ports/471092

Log:
  MFH: r471012

  Increase the default blacklist threshold from 30 to 120, which is the upstream
  default. 30 makes it far too easy to get locked out of your own server. 120 is
  simply a safer starting point.

  PR:		227016
  Submitted by:	Dan McGregor (maintainer)

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/security/sshguard/Makefile
  branches/2018Q2/security/sshguard/files/patch-examples-sshguard.conf.sample
  branches/2018Q2/security/sshguard/files/sshguard.in