[pkgsrc/trunk]: pkgsrc/security/sshguard Add new "sshguard" package:

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/sshguard Add new "sshguard" package:
From: tron <tron%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 16:12:29 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/82546fcc53ca
branches:  trunk
changeset: 637300:82546fcc53ca
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Jul 26 19:57:44 2014 +0000

description:
Add new "sshguard" package:
Sshguard is a small program that monitors services running on your
machine from the log files. When it detects that someone is doing
something bad to a service, sshguard blocks the IP address of the bad
guy with a firewall rule.

Sshguard was started in 2006 to mitigate the growing brute force
attacks to SSH servers. Because of the generality of its infrastructure,
however, it was soon extended to monitor and protect more and more services.

diffstat:

 security/sshguard/DESCR                        |   8 +++
 security/sshguard/Makefile                     |  25 +++++++++++
 security/sshguard/PLIST                        |   3 +
 security/sshguard/distinfo                     |   6 ++
 security/sshguard/files/sshguard.sh            |  59 ++++++++++++++++++++++++++
 security/sshguard/options.mk                   |  55 ++++++++++++++++++++++++
 security/sshguard/patches/patch-man_sshguard.8 |  42 ++++++++++++++++++
 7 files changed, 198 insertions(+), 0 deletions(-)

diffs (226 lines):

diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/DESCR   Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,8 @@
+Sshguard is a small program that monitors services running on your
+machine from the log files. When it detects that someone is doing
+something bad to a service, sshguard blocks the IP address of the bad
+guy with a firewall rule.
+
+Sshguard was started in 2006 to mitigate the growing brute force
+attacks to SSH servers. Because of the generality of its infrastructure,
+however, it was soon extended to monitor and protect more and more services.
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/Makefile        Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,25 @@
+# $NetBSD: Makefile,v 1.1 2014/07/26 19:57:44 tron Exp $
+
+DISTNAME=      sshguard-1.5
+CATEGORIES=    security
+MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=sshguard/}
+EXTRACT_SUFX=  .tar.bz2
+
+MAINTAINER=    tron%NetBSD.org@localhost
+HOMEPAGE=      http://www.sshguard.net/
+COMMENT=       Protect networked hosts from brute force attacks
+LICENSE=       modified-bsd
+
+GNU_CONFIGURE= yes
+
+RCD_SCRIPTS=   sshguard
+
+.include "options.mk"
+
+# Claiming to be an X/Open applications hides inet_pton(3) under NetBSD
+# which this application needs.
+.if ${OPSYS} == "NetBSD"
+BUILDLINK_TRANSFORM+=  rm:-D_XOPEN_SOURCE
+.endif
+
+.include "../../mk/bsd.pkg.mk"
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/PLIST   Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1 2014/07/26 19:57:44 tron Exp $
+man/man8/sshguard.8
+sbin/sshguard
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/distinfo        Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1 2014/07/26 19:57:44 tron Exp $
+
+SHA1 (sshguard-1.5.tar.bz2) = f8f713bfb3f5c9877b34f6821426a22a7eec8df3
+RMD160 (sshguard-1.5.tar.bz2) = 7b4625b3b2e0cf974bc935d868b89bd0d8c189e8
+Size (sshguard-1.5.tar.bz2) = 303767 bytes
+SHA1 (patch-man_sshguard.8) = f907d23f5fe3db16dd44128c821f2fe6f94fcb03
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/files/sshguard.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/files/sshguard.sh       Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,59 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: sshguard.sh,v 1.1 2014/07/26 19:57:44 tron Exp $
+#
+# PROVIDE: sshguard
+# REQUIRE: DAEMON
+
+if [ -f /etc/rc.subr ]
+then
+       . /etc/rc.subr
+fi
+
+name=sshguard
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+pidfile="@VARBASE@/run/${name}.pid"
+sshguard_flags="-f 100:@VARBASE@/run/sshd.pid -l /var/log/authlog"
+command_args="-i $pidfile"
+start_cmd=sshguard_start
+
+sshguard_start()
+{
+       @ECHO@ "Starting ${name}."
+       nohup ${command} ${sshguard_flags} ${command_args} </dev/null >/dev/null 2>&1 &
+}
+
+if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
+then
+       load_rc_config $name
+       run_rc_command "$1"
+else
+       case ${1:-start} in
+       start)
+               sshguard_start
+               ;;
+       stop)
+               if [ -f ${pidfile} ]; then
+                       pid=`@HEAD@ -1 ${pidfile}`
+                       @ECHO@ "Stopping ${name}."
+                       kill -TERM ${pid}
+               else
+                       @ECHO@ "${name} not running?"
+               fi
+               ;;
+       restart)
+               $0 stop
+               sleep 1
+               $0 start
+               ;;
+       status)
+               if [ -f ${pidfile} ]; then
+                       pid=`@HEAD@ -1 ${pidfile}`
+                       @ECHO@ "${name} is running as pid ${pid}."
+               else
+                       @ECHO@ "${name} is not running."
+               fi
+               ;;
+       esac
+fi
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/options.mk
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/options.mk      Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,55 @@
+# $NetBSD: options.mk,v 1.1 2014/07/26 19:57:44 tron Exp $
+
+PKG_OPTIONS_VAR=               PKG_OPTIONS.sshguard
+PKG_OPTIONS_REQUIRED_GROUPS=   firewall
+PKG_OPTIONS_GROUP.firewall=    sshguard-aix sshguard-hosts sshguard-ipfilter \
+                               sshguard-ipfw sshguard-iptables sshguard-null \
+                               sshguard-pf
+
+.include "../../mk/bsd.prefs.mk"
+
+# Pick an appropriate default firewall depending on the platform. We however
+# don't restrict the firewall types. You can e.g. use "iptables" under NetBSD
+# to remotely manage a Linux firewall.
+.if ${OPSYS} == "AIX"
+PKG_SUGGESTED_OPTIONS=         sshguard-aix
+.elif ${OPSYS} == "Darwin"
+PKG_SUGGESTED_OPTIONS=         sshguard-ipfw
+.elif ${OPSYS} == "DragonFly"
+PKG_SUGGESTED_OPTIONS=         sshguard-pf
+.elif ${OPSYS} == "Linux"
+PKG_SUGGESTED_OPTIONS=         sshguard-iptables
+.elif ${OPSYS} == "FreeBSD"
+PKG_SUGGESTED_OPTIONS=         sshguard-ipfw
+.elif ${OPSYS} == "NetBSD"
+PKG_SUGGESTED_OPTIONS=         sshguard-ipfilter
+.elif ${OPSYS} == "OpenBSD"
+PKG_SUGGESTED_OPTIONS=         sshguard-pf
+.elif ${OPSYS} == "SunOS"
+PKG_SUGGESTED_OPTIONS=         sshguard-ipfilter
+.else
+PKG_SUGGESTED_OPTIONS=         sshguard-hosts
+.endif
+
+.include "../../mk/bsd.options.mk"
+
+# Pick the desire firewall backend
+.if !empty(PKG_OPTIONS:Msshguard-aix)
+CONFIGURE_ARGS+=       --with-firewall=aix
+.elif !empty(PKG_OPTIONS:Msshguard-hosts)
+CONFIGURE_ARGS+=       --with-firewall=hosts
+.elif !empty(PKG_OPTIONS:Msshguard-ipfilter)
+CONFIGURE_ARGS+=       --with-firewall=ipfilter
+# Set correct location of IPFilter configuration file under NetBSD.
+.  if ${OPSYS} == "NetbSD"
+CONFIGURE_ARGS+=       --with-ipfilterconf=/etc/ipf.conf
+.  endif
+.elif !empty(PKG_OPTIONS:Msshguard-ipfw)
+CONFIGURE_ARGS+=       --with-firewall=ipfw
+.elif !empty(PKG_OPTIONS:Msshguard-iptables)
+CONFIGURE_ARGS+=       --with-firewall=iptables
+.elif !empty(PKG_OPTIONS:Msshguard-null)
+CONFIGURE_ARGS+=       --with-firewall=null
+.elif !empty(PKG_OPTIONS:Msshguard-pf)
+CONFIGURE_ARGS+=       --with-firewall=pf
+.endif
diff -r 6421f7048f04 -r 82546fcc53ca security/sshguard/patches/patch-man_sshguard.8
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/sshguard/patches/patch-man_sshguard.8    Sat Jul 26 19:57:44 2014 +0000
@@ -0,0 +1,42 @@
+$NetBSD: patch-man_sshguard.8,v 1.1 2014/07/26 19:57:44 tron Exp $
+
+Patches by wizd(8). Without these changes NetBSD's man(1) refuses to
+render this manual page.
+
+--- man/sshguard.8.orig        2011-02-09 12:01:47.000000000 +0000
++++ man/sshguard.8     2014-07-23 23:37:05.000000000 +0100
+@@ -15,6 +15,7 @@
+ .\"
+ .Dd Mar 31, 2010
+ .Dt SSHGUARD 8
++.Os
+ .Sh NAME
+ .Nm sshguard
+ .Nd monitors daemon activity 
+@@ -55,7 +56,7 @@
+ .Pp
+ .Nm
+ supports the following firewalls:
+-.Bl -tag -width
++.Bl -tag -width 20n
+ .It AIX native firewall
+ for IBM AIX operating systems
+ .It netfilter/iptables
+@@ -204,7 +205,7 @@
+ .Fl w
+ command-line option. This option can add explicit addresses, host names and
+ address blocks:
+-.Bl -tag -width
++.Bl -tag -width 30n
+ .It addresses
+ specify the numeric IPv4 or IPv6 address directly, like:
+ .Dl -w 192.168.1.10
+@@ -292,7 +293,7 @@
+ policy (all of their log messages are accepted by default).
+ .Pp
+ PIDs are checked with the following policy:
+-.Bl -enum -width
++.Bl -enum
+ .It
+ the logging service is searched in the list of services configured for
+ validation. If not found, the entry is accepted.
Prev by Date: [pkgsrc/trunk]: pkgsrc/mail/rss2email Provide slightly more correct upgrade i...
Next by Date: [pkgsrc/trunk]: pkgsrc/databases/postgresql93 Fix CONFLICTS line.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/mail/rss2email Provide slightly more correct upgrade i...
Next by Thread: [pkgsrc/trunk]: pkgsrc/databases/postgresql93 Fix CONFLICTS line.
Indexes:
Home | Main Index | Thread Index | Old Index