# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 # $Id$ PortSystem 1.0 name sshguard version 1.5 revision 1 categories net security platforms darwin maintainers otherware.org:nefar pixilla openmaintainer license BSD description Sshguard protects networked hosts from brute force attacks. long_description Sshguard monitors servers from their logging activity. When logs convey \ that someone is doing a Bad Thing, sshguard reacts by blocking he/she/it \ for a bit. Sshguard has a touchy personality: when a naughty tyke \ insists disturbing your host, it reacts firmer and firmer. homepage http://www.sshguard.net/ master_sites sourceforge:sshguard distname sshguard-${version} # Patched to revision 231 from here: # http://sshguard.svn.sourceforge.net/viewvc/sshguard/trunk/ patch.pre_args -p1 patchfiles patch-Changes.diff \ patch-configure.diff \ patch-configure.ac.diff \ patch-man-sshguard.8.diff \ patch-src-Makefile.am.diff \ patch-src-Makefile.in.diff \ patch-src-fwalls-hosts.c.diff \ patch-src-fwalls-ipfw.c.diff \ patch-src-parser-attack_scanner.c.diff \ patch-src-parser-attack_scanner.l.diff \ patch-src-sshguard.c.diff \ patch-src-sshguard_blacklist.c.diff \ patch-src-sshguard_logsuck.c.diff \ patch-src-sshguard_options.c.diff checksums rmd160 7b4625b3b2e0cf974bc935d868b89bd0d8c189e8 \ sha256 b537f8765455fdf8424f87d4bd695e5b675b88e5d164865452137947093e7e19 use_bzip2 yes # Before Lion firewall is ipfw, afterwards pf. if {${os.major} < 11} { configure.args-append \ --with-ipfw=/sbin/ipfw --with-firewall=ipfw } else { configure.args-append \ --with-pfctl=/sbin/pfctl --with-firewall=pf } post-extract { copy ${filespath}/sshguard-options-wrapper \ ${worksrcpath}/sshguard-options-wrapper copy ${filespath}/options.example \ ${worksrcpath}/options.example reinplace "s|@PREFIX@|${prefix}|" \ ${worksrcpath}/sshguard-options-wrapper \ ${worksrcpath}/options.example reinplace "s|@NAME@|${name}|" \ ${worksrcpath}/sshguard-options-wrapper \ ${worksrcpath}/options.example } post-destroot { xinstall -d ${destroot}${prefix}/etc/${name} xinstall -d ${destroot}${prefix}/libexec/${name} xinstall -d ${destroot}${prefix}/share/${name} xinstall -d ${destroot}${prefix}/var/db/${name} xinstall -m 644 ${worksrcpath}/options.example \ ${destroot}${prefix}/etc/${name}/options.example xinstall -m 755 ${worksrcpath}/sshguard-options-wrapper \ ${destroot}${prefix}/libexec/${name}/sshguard-options-wrapper xinstall -m 544 ${worksrcpath}/README \ ${destroot}${prefix}/share/${name}/README touch ${destroot}${prefix}/var/db/${name}/keepdir } post-activate { if {![file exists ${prefix}/etc/${name}/options]} { xinstall -m 644 ${prefix}/etc/${name}/options.example \ ${prefix}/etc/${name}/options } if {![file exists ${prefix}/etc/${name}/whitelist]} { touch ${prefix}/etc/${name}/whitelist } } startupitem.create yes startupitem.executable "${prefix}/libexec/${name}/sshguard-options-wrapper" livecheck.type regex livecheck.url http://sourceforge.net/projects/sshguard/files/sshguard/ livecheck.regex "/sshguard-(\\d+(?:\\.\\d+)*)/" notes " * This port installs a wrapper script \"sshguard-options-wrapper\" to facilitate the use of an options file with launchd. * You can add log files to monitor by adding '-l /path/to/file.log' lines to ${prefix}/etc/${name}/options. * You can white list ip addresses and hostnames by editing ${prefix}/etc/${name}/whitelist. Example: # comment line (a '#' as very first character) # a single ip address 1.2.3.4 # address blocks in CIDR notation 127.0.0.0/8 10.11.128.0/17 192.168.0.0/24 # hostnames rome-fw.enterprise.com hosts.friends.com * You can load ${name} with this command: $ sudo port load ${name} "