diff options
| author | delphij <delphij@FreeBSD.org> | 2012-06-27 08:22:55 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2012-06-27 08:22:55 +0800 |
| commit | 50998617f5258c06dbec6f831ff2ba6d2d9f3b92 (patch) | |
| tree | 5e0c0cb7e84fb0ea4a74403ecdf8452eb8fb2316 /security | |
| parent | b718bdaa10b96d4830683d704d33ec02a42b2e42 (diff) | |
| download | freebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.tar.gz freebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.tar.zst freebsd-ports-gnome-50998617f5258c06dbec6f831ff2ba6d2d9f3b92.zip | |
Add a rc.d script to daemonize sshguard.
Submitted by: delphij
PR: ports/166471
Approved by: maintainer timeout (~3 months)
Diffstat (limited to 'security')
| -rw-r--r-- | security/sshguard/Makefile | 3 | ||||
| -rw-r--r-- | security/sshguard/files/pkg-message.in | 3 | ||||
| -rw-r--r-- | security/sshguard/files/sshguard.in | 92 |
3 files changed, 97 insertions, 1 deletions
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile index 53e3c053105e..d09341625bc3 100644 --- a/security/sshguard/Makefile +++ b/security/sshguard/Makefile @@ -7,7 +7,7 @@ PORTNAME= sshguard PORTVERSION= 1.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/sshguard-${PORTVERSION} @@ -21,6 +21,7 @@ PLIST_FILES= sbin/sshguard MAN8= sshguard.8 MANCOMPRESSED= no USE_BZIP2= yes +USE_RC_SUBR= sshguard MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" HAS_CONFIGURE= yes diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in index 635f459c5200..98c1093c2232 100644 --- a/security/sshguard/files/pkg-message.in +++ b/security/sshguard/files/pkg-message.in @@ -5,6 +5,9 @@ Your /etc/syslog.conf has been added a line for sshguard; uncomment it and use "/etc/rc.d/syslogd reload" for activating it. + + Alternatively, you can also start sshguard as a daemon by using the + rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . See sshguard(8) and http://sshguard.sourceforge.net for additional info. ########################################################################## diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in new file mode 100644 index 000000000000..660ce2d2f324 --- /dev/null +++ b/security/sshguard/files/sshguard.in @@ -0,0 +1,92 @@ +#!/bin/sh +#- +# Copyright (c) 2012 iXsystems, Inc. +# All rights reserved. +# +# Written by: Xin Li <delphij@FreeBSD.org> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: sshguard +# REQUIRE: LOGIN cleanvar + +# +# Add the following lines to /etc/rc.conf to enable sshguard: +# sshguard_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable sshguard +# sshguard_pidfile (str): Path to PID file. +# Set to "/var/run/sshguard.pid" by default +# sshguard_watch_logs (str): Colon splitted list of logs to watch. +# Set to "/var/log/auth.log:/var/log/maillog" +# by default. +# The following options directly maps to their command line options, +# please read manual page sshguard(8) for detailed information: +# sshguard_blacklist (str): [thr:]/path/to/blacklist. +# Set to "40:/var/db/sshguard/blacklist.db" +# by default. +# sshguard_safety_thresh (int): Safety threshold. Set to "40" by default. +# sshguard_pardon_min_interval (int): +# Minimum pardon interval. Set to "1200" +# by default. +# sshguard_prescribe_interval (int): +# Prescribe interval. Set to "420" by +# default. +# sshguard_whitelistfile (str): Path to the whitelist. +# Set to "%%PREFIX%%/etc/sshguard.whitelist" +# by default. + + +. /etc/rc.subr + +name="sshguard" +rcvar="sshguard_enable" +command="/usr/sbin/daemon" +actual_command="%%PREFIX%%/sbin/${name}" +procname="${actual_command}" + +load_rc_config $name + +: ${sshguard_enable="NO"} +: ${sshguard_pidfile="/var/run/${name}.pid"} +: ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"} +: ${sshguard_safety_thresh="40"} +: ${sshguard_pardon_min_interval="1200"} +: ${sshguard_prescribe_interval="420"} +: ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"} +: ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"} + +pidfile="${sshguard_pidfile}" +sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ ` +start_precmd="${name}_prestart" + +command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}" + +sshguard_prestart() +{ + mkdir -p `dirname ${sshguard_blacklist##*:}` + [ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile} +} + +run_rc_command "$1"
\ No newline at end of file |