aboutsummaryrefslogtreecommitdiffstats
path: root/security/sshguard
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2012-06-27 08:22:55 +0800
committerdelphij <delphij@FreeBSD.org>2012-06-27 08:22:55 +0800
commit50998617f5258c06dbec6f831ff2ba6d2d9f3b92 (patch)
tree5e0c0cb7e84fb0ea4a74403ecdf8452eb8fb2316 /security/sshguard
parentb718bdaa10b96d4830683d704d33ec02a42b2e42 (diff)
downloadfreebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.tar.gz
freebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.tar.zst
freebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.zip
Add a rc.d script to daemonize sshguard.
Submitted by: delphij PR: ports/166471 Approved by: maintainer timeout (~3 months)
Diffstat (limited to 'security/sshguard')
-rw-r--r--security/sshguard/Makefile3
-rw-r--r--security/sshguard/files/pkg-message.in3
-rw-r--r--security/sshguard/files/sshguard.in92
3 files changed, 97 insertions, 1 deletions
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index 53e3c053105e..d09341625bc3 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -7,7 +7,7 @@
PORTNAME= sshguard
PORTVERSION= 1.5
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION}
@@ -21,6 +21,7 @@ PLIST_FILES= sbin/sshguard
MAN8= sshguard.8
MANCOMPRESSED= no
USE_BZIP2= yes
+USE_RC_SUBR= sshguard
MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
HAS_CONFIGURE= yes
diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in
index 635f459c5200..98c1093c2232 100644
--- a/security/sshguard/files/pkg-message.in
+++ b/security/sshguard/files/pkg-message.in
@@ -5,6 +5,9 @@
Your /etc/syslog.conf has been added a line for sshguard; uncomment it
and use "/etc/rc.d/syslogd reload" for activating it.
+
+ Alternatively, you can also start sshguard as a daemon by using the
+ rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
See sshguard(8) and http://sshguard.sourceforge.net for additional info.
##########################################################################
diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in
new file mode 100644
index 000000000000..660ce2d2f324
--- /dev/null
+++ b/security/sshguard/files/sshguard.in
@@ -0,0 +1,92 @@
+#!/bin/sh
+#-
+# Copyright (c) 2012 iXsystems, Inc.
+# All rights reserved.
+#
+# Written by: Xin Li <delphij@FreeBSD.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sshguard
+# REQUIRE: LOGIN cleanvar
+
+#
+# Add the following lines to /etc/rc.conf to enable sshguard:
+# sshguard_enable (bool): Set to "NO" by default.
+# Set it to "YES" to enable sshguard
+# sshguard_pidfile (str): Path to PID file.
+# Set to "/var/run/sshguard.pid" by default
+# sshguard_watch_logs (str): Colon splitted list of logs to watch.
+# Set to "/var/log/auth.log:/var/log/maillog"
+# by default.
+# The following options directly maps to their command line options,
+# please read manual page sshguard(8) for detailed information:
+# sshguard_blacklist (str): [thr:]/path/to/blacklist.
+# Set to "40:/var/db/sshguard/blacklist.db"
+# by default.
+# sshguard_safety_thresh (int): Safety threshold. Set to "40" by default.
+# sshguard_pardon_min_interval (int):
+# Minimum pardon interval. Set to "1200"
+# by default.
+# sshguard_prescribe_interval (int):
+# Prescribe interval. Set to "420" by
+# default.
+# sshguard_whitelistfile (str): Path to the whitelist.
+# Set to "%%PREFIX%%/etc/sshguard.whitelist"
+# by default.
+
+
+. /etc/rc.subr
+
+name="sshguard"
+rcvar="sshguard_enable"
+command="/usr/sbin/daemon"
+actual_command="%%PREFIX%%/sbin/${name}"
+procname="${actual_command}"
+
+load_rc_config $name
+
+: ${sshguard_enable="NO"}
+: ${sshguard_pidfile="/var/run/${name}.pid"}
+: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
+: ${sshguard_safety_thresh="40"}
+: ${sshguard_pardon_min_interval="1200"}
+: ${sshguard_prescribe_interval="420"}
+: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
+: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
+
+pidfile="${sshguard_pidfile}"
+sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ `
+start_precmd="${name}_prestart"
+
+command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}"
+
+sshguard_prestart()
+{
+ mkdir -p `dirname ${sshguard_blacklist##*:}`
+ [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile}
+}
+
+run_rc_command "$1" \ No newline at end of file