|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Todd C. Miller (Todd.Miller
courtesan.com)
Date: Tue Aug 31 2010 - 17:16:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <20100831211644.GB15287symphytum.spacehopper.org>
so spake Stuart Henderson (stu):
> there was a previous port of this which was never imported, I think
> most things have been incorporated upstream but it had some useful
> information in MESSAGE about setting up syslogd/pf.conf to work with
> which is probably worth incorporating somewhere.
There is no need to change syslog.conf for the current version of
sshguard--you just tell it which log files to follow. I've
incorporated the rest of your suggestions.
- todd
Index: security/sshguard/Makefile
===================================================================
RCS file: security/sshguard/Makefile
diff -N security/sshguard/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/Makefile 31 Aug 2010 22:03:17 -0000
-0,0 +1,25
+# $OpenBSD$
+
+COMMENT= protect against brute force attacks on sshd and others
+
+DISTNAME= sshguard-1.5rc4
+CATEGORIES= security
+
+# BSD
+PERMIT_PACKAGE_CDROM= Yes
+PERMIT_PACKAGE_FTP= Yes
+PERMIT_DISTFILES_CDROM= Yes
+PERMIT_DISTFILES_FTP= Yes
+
+WANTLIB+= c pthread
+
+HOMEPAGE= http://www.sshguard.net/
+MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/}
+EXTRACT_SUFX= .tar.bz2
+
+CONFIGURE_STYLE=gnu
+CONFIGURE_ARGS= --with-firewall=pf
+
+NO_REGRESS= Yes
+
+.include <bsd.port.mk>
Index: security/sshguard/distinfo
===================================================================
RCS file: security/sshguard/distinfo
diff -N security/sshguard/distinfo
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/distinfo 30 Aug 2010 16:50:49 -0000
-0,0 +1,5
+MD5 (sshguard-1.5rc4.tar.bz2) = sl2kawJUh5YJ+qmEGhReug==
+RMD160 (sshguard-1.5rc4.tar.bz2) = 0aHYO8dZEDWQywBzPC0z6S9siIM=
+SHA1 (sshguard-1.5rc4.tar.bz2) = AFhTvNIEVmqr4zwXkybjFF+NQsA=
+SHA256 (sshguard-1.5rc4.tar.bz2) = opAocT5cc54BYa91AXq11GvX2kkFaw7aiTwP/tP9bTU=
+SIZE (sshguard-1.5rc4.tar.bz2) = 296447
Index: security/sshguard/patches/patch-src_sshguard_logsuck_c
===================================================================
RCS file: security/sshguard/patches/patch-src_sshguard_logsuck_c
diff -N security/sshguard/patches/patch-src_sshguard_logsuck_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/patches/patch-src_sshguard_logsuck_c 30 Aug 2010 17:06:24 -0000
-0,0 +1,12
+$OpenBSD$
+--- src/sshguard_logsuck.c.orig Mon Aug 9 02:44:15 2010
++++ src/sshguard_logsuck.c Mon Aug 30 13:06:02 2010
+ -242,7 +242,7 int logsuck_getline(char *restrict buf, size_t buflen,
+ if (ret > 0) {
+ if (kevs[0].filter == EVFILT_READ) {
+ /* got data on this one. Read from it */
+- sshguard_log(LOG_DEBUG, "Searching for fd %lu in list.", kevs[0].ident);
++ sshguard_log(LOG_DEBUG, "Searching for fd %u in list.", kevs[0].ident);
+ readentry = list_seek(& sources_list, & kevs[0].ident);
+ assert(readentry != NULL);
+ assert(readentry->active);
Index: security/sshguard/patches/patch-src_sshguard_procauth_c
===================================================================
RCS file: security/sshguard/patches/patch-src_sshguard_procauth_c
diff -N security/sshguard/patches/patch-src_sshguard_procauth_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/patches/patch-src_sshguard_procauth_c 30 Aug 2010 17:06:24 -0000
-0,0 +1,12
+$OpenBSD$
+--- src/sshguard_procauth.c.orig Mon Aug 9 02:44:15 2010
++++ src/sshguard_procauth.c Mon Aug 30 13:05:40 2010
+ -192,7 +192,7 static int procauth_ischildof(pid_t child, pid_t paren
+ dup2(ps2me[1], 1);
+
+ sshguard_log(LOG_DEBUG, "Running 'ps axo pid,ppid'.");
+- execlp("ps", "ps", "axo", "pid,ppid", NULL);
++ execlp("ps", "ps", "axo", "pid,ppid", (char *)0);
+
+ sshguard_log(LOG_ERR, "Unable to run 'ps axo pid,ppid': %s.", strerror(errno));
+ exit(-1);
Index: security/sshguard/pkg/DESCR
===================================================================
RCS file: security/sshguard/pkg/DESCR
diff -N security/sshguard/pkg/DESCR
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/pkg/DESCR 30 Aug 2010 16:52:04 -0000
-0,0 +1,4
+sshguard protects hosts from brute force attacks. It supports IPv6,
+whitelists and log authentication, interfaces with all the major
+firewalling systems, has a remarkably clever log analyzer, and is
+independent, fast and lightweight as it's written in C.
Index: security/sshguard/pkg/MESSAGE
===================================================================
RCS file: security/sshguard/pkg/MESSAGE
diff -N security/sshguard/pkg/MESSAGE
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/pkg/MESSAGE 31 Aug 2010 22:09:09 -0000
-0,0 +1,6
+To use sshguard you must add the following to /etc/pf.conf:
+
+table <sshguard> persist
+
+block in quick on egress proto tcp from <sshguard> \
+ to any port ssh label "ssh bruteforce"
Index: security/sshguard/pkg/PLIST
===================================================================
RCS file: security/sshguard/pkg/PLIST
diff -N security/sshguard/pkg/PLIST
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/sshguard/pkg/PLIST 30 Aug 2010 16:54:04 -0000
-0,0 +1,3
+comment $OpenBSD$
+man man/man8/sshguard.8
+bin sbin/sshguard
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]