diff options
| author | Vlad Glagolev | 2019-02-27 21:09:13 +0000 |
|---|---|---|
| committer | Vlad Glagolev | 2019-02-27 21:09:13 +0000 |
| commit | 89e10acb7f6cd65ff6c24456591d2a97797333f7 (patch) | |
| tree | e75e41fbc0047d1695850b8305e069e26297e26d /security | |
| parent | 0620dcf136a2b32bc69e9211d6aae795da17be48 (diff) | |
sshguard: new spell, protect against brute force attacks on sshd and others
Diffstat (limited to 'security')
| -rwxr-xr-x | security/sshguard/DEPENDS | 6 | ||||
| -rwxr-xr-x | security/sshguard/DETAILS | 19 | ||||
| -rw-r--r-- | security/sshguard/HISTORY | 2 | ||||
| -rwxr-xr-x | security/sshguard/INSTALL | 9 | ||||
| -rwxr-xr-x | security/sshguard/init.d/sshguard | 29 | ||||
| -rw-r--r-- | security/sshguard/init.d/sshguard.conf | 3 |
6 files changed, 68 insertions, 0 deletions
diff --git a/security/sshguard/DEPENDS b/security/sshguard/DEPENDS new file mode 100755 index 0000000000..c3eeee67d1 --- /dev/null +++ b/security/sshguard/DEPENDS @@ -0,0 +1,6 @@ +runtime_depends iptables && +runtime_depends SYSTEM-LOGGER && + +optional_depends docutils "" "" "to re-generate documentation" && + +suggest_depends ipset "" "" "for efficient IP storage" diff --git a/security/sshguard/DETAILS b/security/sshguard/DETAILS new file mode 100755 index 0000000000..375fe70fae --- /dev/null +++ b/security/sshguard/DETAILS @@ -0,0 +1,19 @@ + SPELL=sshguard + VERSION=2.3.1 + SOURCE=${SPELL}-${VERSION}.tar.gz + SOURCE_URL[0]=https://downloads.sourceforge.net/sourceforge/${SPELL}/files/${SOURCE} + SOURCE_HASH=sha256:769055e26df78f4bca34c9a7acf265dfa224c055b33ced47f53d55bf659d20a2:UPSTREAM_HASH +SOURCE_DIRECTORY="${BUILD_DIRECTORY}/${SPELL}-${VERSION}" + DOC_DIRS="" + DOCS="examples/whitelistfile.example" + WEB_SITE=https://www.sshguard.net/ + ENTERED=20190227 + LICENSE[0]=ISC + KEYWORDS="security ssh" + SHORT="protect against brute force attacks on sshd and others" +cat << EOF +sshguard protects hosts from brute force attacks. It supports IPv6, +whitelists and log authentication, interfaces with all the major +firewalling systems, has a remarkably clever log analyzer, and is +independent, fast and lightweight as it's written in C. +EOF diff --git a/security/sshguard/HISTORY b/security/sshguard/HISTORY new file mode 100644 index 0000000000..3481810d26 --- /dev/null +++ b/security/sshguard/HISTORY @@ -0,0 +1,2 @@ +2019-02-27 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS, DEPENDS, INSTALL, init.d: spell created, version 2.3.1 diff --git a/security/sshguard/INSTALL b/security/sshguard/INSTALL new file mode 100755 index 0000000000..62d076112a --- /dev/null +++ b/security/sshguard/INSTALL @@ -0,0 +1,9 @@ +default_install && + +install_config_file "${SOURCE_DIRECTORY}/examples/sshguard.conf.sample" \ + "${INSTALL_ROOT}/etc/sshguard.conf" && + +if [[ $INIT_INSTALLED ]]; then + install_config_file "${SPELL_DIRECTORY}/init.d/sshguard.conf" \ + "${INSTALL_ROOT}/etc/sysconfig/sshguard" +fi diff --git a/security/sshguard/init.d/sshguard b/security/sshguard/init.d/sshguard new file mode 100755 index 0000000000..a3c78466fc --- /dev/null +++ b/security/sshguard/init.d/sshguard @@ -0,0 +1,29 @@ +#!/bin/bash + +. /etc/sysconfig/sshguard + +PROGRAM=/usr/sbin/sshguard +PIDFILE="/var/run/sshguard.pid" +ARGS="-i ${PIDFILE} ${SSHGUARD_ARGS}" +RUNLEVEL=3 +NEEDS="+network" + +. /etc/init.d/smgl_init + +start() { + echo "Starting ${NAME}..." + ${PROGRAM} ${ARGS} > /dev/null & + + evaluate_retval +} + +stop() { + echo "Stopping ${NAME}..." + kill -TERM `cat ${PIDFILE}` + + evaluate_retval +} + +reload() { + _restart +} diff --git a/security/sshguard/init.d/sshguard.conf b/security/sshguard/init.d/sshguard.conf new file mode 100644 index 0000000000..e8110b9847 --- /dev/null +++ b/security/sshguard/init.d/sshguard.conf @@ -0,0 +1,3 @@ +# For arguments and description see sshguard(8) + +SSHGUARD_ARGS="" |