# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$

PortSystem          1.0
PortGroup           bitbucket 1.0

bitbucket.setup     sshguard sshguard 1.6.4 v

categories          net security
platforms           darwin
maintainers         pixilla openmaintainer
license             BSD

description         Sshguard protects networked hosts from brute force attacks.

long_description    Sshguard monitors servers from their logging activity. When logs convey \
                    that someone is doing a Bad Thing, sshguard reacts by blocking he/she/it \
                    for a bit. Sshguard has a touchy personality: when a naughty tyke \
                    insists disturbing your host, it reacts firmer and firmer.

homepage            http://www.sshguard.net/

checksums           rmd160  0d9e9f80c52d3d9cdce1191c70e879c19bfe3af5 \
                    sha256  76a2c6f365e417b1ae1dfc12fd20ac2b7e4d428cab0764eeebac45786840ea6e

use_autoreconf      yes

# Before Lion firewall is ipfw, afterwards pf.
if {${os.major} < 11} {

    configure.args-append \
                    --with-ipfw=/sbin/ipfw --with-firewall=ipfw
} else {

    configure.args-append \
                    --with-pfctl=/sbin/pfctl --with-firewall=pf
}

post-extract {

    copy ${filespath}/sshguard-options-wrapper \
        ${worksrcpath}/sshguard-options-wrapper
    copy ${filespath}/options.example \
        ${worksrcpath}/options.example
    reinplace "s|@PREFIX@|${prefix}|" \
        ${worksrcpath}/sshguard-options-wrapper \
        ${worksrcpath}/options.example
    reinplace "s|@NAME@|${name}|" \
        ${worksrcpath}/sshguard-options-wrapper \
        ${worksrcpath}/options.example
}

post-destroot {

    xinstall -d ${destroot}${prefix}/etc/${name}
    xinstall -d ${destroot}${prefix}/libexec/${name}
    xinstall -d ${destroot}${prefix}/share/${name}
    xinstall -d ${destroot}${prefix}/var/db/${name}
    xinstall -m 644 ${worksrcpath}/options.example \
        ${destroot}${prefix}/etc/${name}/options.example
    xinstall -m 755 ${worksrcpath}/sshguard-options-wrapper \
        ${destroot}${prefix}/libexec/${name}/sshguard-options-wrapper
    xinstall -m 544 ${worksrcpath}/README.rst \
        ${destroot}${prefix}/share/${name}/README.rst
    touch ${destroot}${prefix}/var/db/${name}/keepdir
}

post-activate {

    if {![file exists ${prefix}/etc/${name}/options]} {
        xinstall -m 644 ${prefix}/etc/${name}/options.example \
            ${prefix}/etc/${name}/options
    }
    if {![file exists ${prefix}/etc/${name}/whitelist]} {
        touch ${prefix}/etc/${name}/whitelist
    }
}

startupitem.create      yes
startupitem.executable  "${prefix}/libexec/${name}/sshguard-options-wrapper"

livecheck.type      regex
livecheck.url       http://sourceforge.net/projects/sshguard/files/sshguard/
livecheck.regex     "/sshguard-(\\d+(?:\\.\\d+)*)/"

notes "

* This port installs a wrapper script \"sshguard-options-wrapper\" to
facilitate the use of an options file with launchd.

* You can add log files to monitor by adding '-l /path/to/file.log'
lines to ${prefix}/etc/${name}/options.

* You can white list ip addresses and hostnames by editing
${prefix}/etc/${name}/whitelist.
Example:
    # comment line (a '#' as very first character)
    #   a single ip address
    1.2.3.4
    #   address blocks in CIDR notation
    127.0.0.0/8
    10.11.128.0/17
    192.168.0.0/24
    #   hostnames
    rome-fw.enterprise.com
    hosts.friends.com

* You can load ${name} with this command:
$ sudo port load ${name}

"