Bug 221602 - security/sshguard: configuration inconvenience wrt blacklisting
Summary: security/sshguard: configuration inconvenience wrt blacklisting
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs mailing list
URL:
Keywords: needs-patch
Depends on:
Blocks:
 
Reported: 2017-08-18 11:43 UTC by Bengt Ahlgren
Modified: 2019-05-26 20:38 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (dan.mcgregor)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bengt Ahlgren 2017-08-18 11:43:10 UTC
The sshguard rc-script supplied with the FreeBSD port always sets the commandline parameter for blacklisting.  This means that any blacklist configuration in sshguard.conf will never be used.

So, if you want to tweak the blacklisting, you need to do that in rc.conf, and since you anyway need to edit sshguard.conf to set the backend, it means that you have to configure sshguard in two places.  I find that inconvenient.

I therefore propose that the port removes the default setting of sshguard_blacklist from the rc.d script, and changes the default in sshguard.conf instead!

(As this is a simple change, I didn't attach a patch - I would be happy to create one if needed!)
Comment 1 Kevin Zheng 2017-12-06 22:02:18 UTC
The intent in doing that was to make upgrading easier, because then we could just keep the same rc.conf option. Clearly we messed up because you have to set the backend in sshguard.conf anyway.

Would you prefer both options to be set in rc.conf or sshguard.conf?
Comment 2 Bengt Ahlgren 2017-12-07 09:06:11 UTC
Thanks for looking at this!

I have no real preference, other than making the configuration in just one place.
Comment 3 Steve Wills freebsd_committer 2019-05-26 20:38:47 UTC
Please make a patch.