Bug 227016 - security/sshguard blacklist timeout too short
Summary: security/sshguard blacklist timeout too short
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Adam Weinberger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-27 22:05 UTC by Dan McGregor
Modified: 2018-05-29 13:04 UTC (History)
1 user (show)

See Also:


Attachments
Change blacklist values (1.76 KB, text/plain)
2018-03-27 22:05 UTC, Dan McGregor
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dan McGregor 2018-03-27 22:05:52 UTC
Created attachment 191885 [details]
Change blacklist values

Our blacklist timeout is too short, so update it to 120, the upstream recommended value.

I'm considering Adam's suggestion of disabling it completely by default, I may post a patch to do that too soon.

Reported by Adam Weinberger
Comment 1 Adam Weinberger freebsd_committer freebsd_triage 2018-05-28 01:23:08 UTC
Sorry Dan, I didn't realize you'd submitted this so long ago!
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-28 01:30:53 UTC
A commit references this bug:

Author: adamw
Date: Mon May 28 01:30:40 UTC 2018
New revision: 471012
URL: https://svnweb.freebsd.org/changeset/ports/471012

Log:
  Increase the default blacklist threshold from 30 to 120, which is the upstream
  default. 30 makes it far too easy to get locked out of your own server. 120 is
  simply a safer starting point.

  PR:		227016
  Submitted by:	Dan McGregor (maintainer)
  MFH:		2018Q2

Changes:
  head/security/sshguard/Makefile
  head/security/sshguard/files/patch-examples-sshguard.conf.sample
  head/security/sshguard/files/sshguard.in
Comment 3 Adam Weinberger freebsd_committer freebsd_triage 2018-05-28 01:42:17 UTC
Committed. Thanks, Dan!

I've requested an MFH for this as well.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-05-29 13:04:21 UTC
A commit references this bug:

Author: adamw
Date: Tue May 29 13:04:06 UTC 2018
New revision: 471092
URL: https://svnweb.freebsd.org/changeset/ports/471092

Log:
  MFH: r471012

  Increase the default blacklist threshold from 30 to 120, which is the upstream
  default. 30 makes it far too easy to get locked out of your own server. 120 is
  simply a safer starting point.

  PR:		227016
  Submitted by:	Dan McGregor (maintainer)

  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/security/sshguard/Makefile
  branches/2018Q2/security/sshguard/files/patch-examples-sshguard.conf.sample
  branches/2018Q2/security/sshguard/files/sshguard.in