---
name: sshguard-pf
version: 1.5_2
origin: security/sshguard-pf
comment: Protect hosts from brute force attacks against ssh and other services using
  pf
arch: freebsd:9:x86:64
www: http://sshguard.sourceforge.net
maintainer: mij@bitchx.it
prefix: /usr/local
licenselogic: single
flatsize: 277750
desc: |
  Sshguard monitors services from their logging activity. It reacts to messages
  about dangerous activity by blocking the source address with the local firewall.

  Sshguard employs a clever parser that can recognize several logging formats at
  once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
  detects attacks for many services out of the box, including SSH, FreeBSD's
  ftpd and dovecot.  It can operate all the major firewalling systems, including
  PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER.

  Sshguard has several relevant features like support for IPv6, whitelisting,
  suspension, log message authentication. It is reliable, easy to set up and
  demands very few resources to the system.

  WWW: http://sshguard.sourceforge.net
categories: [security]
files:
  /usr/local/etc/rc.d/sshguard: 649728b144d8c5c5e8df7a039969720cd106b6030fc9ca349d9ec8c5b06d7b18
  /usr/local/man/man8/sshguard.8.gz: 6ba9aba607b82bf606f662ccacecccc6e4a1ebd76fac30b8a7765834e601ca0f
  /usr/local/sbin/sshguard: 8070b5e83c6b4c576f3cfdae862080f6de1515e0264272fbf265f551bf318c8e
scripts:
  post-install: |
    cd /usr/local
  pre-deinstall: |
    cd /usr/local
  post-deinstall: |
    cd /usr/local
  install: "#!/bin/sh\n\n# If:\n#   1) syslog.conf exists\n#   2) it doesn't already
    contain some (uncommented) sshguard directive\n# then add $SSHGUARDCONFLINE (commented)
    right at the end of the header\n# comments section in syslog.conf\n\n# real syslog.conf
    configuration file path\nSYSLOGCONF=/etc/syslog.conf\n# configuration line to
    add\nSSHGUARDCONFLINE=\"auth.info;authpriv.info     |exec $PKG_PREFIX/sbin/sshguard\"\n\ncase
    \"$2\" in\n    \"POST-INSTALL\")\n        if test \"x$SSHGUARDFW\" = xhosts\n
    \       then\n            touch /etc/hosts.allow\n        fi\n        if (test
    -f \"$SYSLOGCONF\" && ! grep -q sshguard \"$SYSLOGCONF\")\n        then\n            #
    append default sshguard entry in syslog.conf (first line after comments header)\n\t
    \   TMPFILE=`mktemp -q /tmp/syslogcXX`\n\t    # make sure our file has the same
    permissions as the original, since we mv it back\n\t    cp -p $SYSLOGCONF ${TMPFILE}\n\t
    \   echo > ${TMPFILE}\n            inheader=1\n            cat \"$SYSLOGCONF\"
    | while read cline ;\n            do\n                if (test $inheader -eq 1
    && !(echo \"$cline\" | grep -q \"^[[:space:]]*#\"))\n                then\n                    #
    got off of header comments\n                    inheader=0\n                    echo
    \"#$SSHGUARDCONFLINE\" >> $TMPFILE\n                fi\n                echo \"$cline\"
    >> $TMPFILE\n            done\n            mv $TMPFILE \"$SYSLOGCONF\"\n        fi\n;;\nesac\n"
  deinstall: "#!/bin/sh\n\n# If:\n#   1) syslog.conf exists\n#   2) it does contain
    some directive for sshguard\n# then do the following:\n#   @ if the directive
    was the default directive (as installed by pkg-install)\n#       then remove it\n#
    \  @ if the directive is some custom (uncommented) directive, comment it\n# and
    reload syslogd eventually.\n\n# real syslog.conf configuration file path\nSYSLOGCONF=/etc/syslog.conf\n#
    configuration line to add\nSSHGUARDCONFLINE=\"auth.info;authpriv.info     |exec
    $PKG_PREFIX/sbin/sshguard\"\n\ncase \"$2\" in\n\t\"DEINSTALL\")\n\t\tif (test
    -f \"$SYSLOGCONF\" && grep -q '^[^#].*sshguard' \"$SYSLOGCONF\")\n        then\n
    \           TMPFILE=`mktemp -q /tmp/syslogcXX`\n            if grep -qx \"$SSHGUARDCONFLINE\"
    \"$SYSLOGCONF\"\n            then\n                # remove default sshguard entry
    from syslog.conf\n                echo \"I'm removing the default sshguard syslog
    entry for you...\"\n                grep -vx \"$SSHGUARDCONFLINE\" \"$SYSLOGCONF\"
    > $TMPFILE\n            else\n                # comment customized sshguard configuration
    line\n                echo \"I'm commenting your custom sshguard syslog entry
    for you...\"\n                sed \"s/^[^#].*sshguard.*/#&/\" < \"$SYSLOGCONF\"
    > $TMPFILE\n            fi\n            mv $TMPFILE \"$SYSLOGCONF\"\n            /etc/rc.d/syslogd
    reload\n\t\tfi\n\t;;\nesac\n"
message: "##########################################################################\n
  \ Sshguard installed successfully.\n\n  To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html\n\n
  \ Your /etc/syslog.conf has been added a line for sshguard; uncomment it\n  and
  use \"/etc/rc.d/syslogd reload\" for activating it.\n\n  Alternatively, you can
  also start sshguard as a daemon by using the\n  rc.d script installed at /usr/local/etc/rc.d/sshguard
  .\n  \n  See sshguard(8) and http://sshguard.sourceforge.net for additional info.\n##########################################################################\n"
