package/sshguard: new package
sshguard protects hosts from brute-force attacks against SSH and other services. Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> [Peter: cleanup, start init script at S49, correct license, select iptables] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
645f434169
commit
d335e44d91
@ -177,6 +177,7 @@ F: package/python-can/
|
||||
F: package/python-pillow/
|
||||
F: package/python-pydal/
|
||||
F: package/python-web2py/
|
||||
F: package/sshguard/
|
||||
F: package/sysdig/
|
||||
|
||||
N: Anisse Astier <anisse@astier.eu>
|
||||
|
@ -2055,6 +2055,7 @@ endif
|
||||
source "package/spice/Config.in"
|
||||
source "package/spice-protocol/Config.in"
|
||||
source "package/squid/Config.in"
|
||||
source "package/sshguard/Config.in"
|
||||
source "package/sshpass/Config.in"
|
||||
source "package/sslh/Config.in"
|
||||
source "package/strongswan/Config.in"
|
||||
|
10
package/sshguard/Config.in
Normal file
10
package/sshguard/Config.in
Normal file
@ -0,0 +1,10 @@
|
||||
config BR2_PACKAGE_SSHGUARD
|
||||
bool "sshguard"
|
||||
select BR2_PACKAGE_IPTABLES # runtime
|
||||
help
|
||||
sshguard protects hosts from brute-force attacks against SSH
|
||||
and other services. It aggregates system logs and blocks
|
||||
repeat offenders using one of several firewall backends,
|
||||
including iptables, ipfw, and pf.
|
||||
|
||||
https://www.sshguard.net
|
49
package/sshguard/S49sshguard
Normal file
49
package/sshguard/S49sshguard
Normal file
@ -0,0 +1,49 @@
|
||||
#!/bin/sh
|
||||
|
||||
DAEMON="sshguard"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
iptables -L sshguard > /dev/null 2>&1 || \
|
||||
(iptables -N sshguard && iptables -A INPUT -j sshguard)
|
||||
start-stop-daemon -S -q -b -p /run/sshguard.pid \
|
||||
-x /usr/sbin/sshguard -- -i /run/sshguard.pid
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
4
package/sshguard/sshguard.hash
Normal file
4
package/sshguard/sshguard.hash
Normal file
@ -0,0 +1,4 @@
|
||||
# sha256 from https://sourceforge.net/projects/sshguard/files/sshguard/2.4.0/sshguard-2.4.0.sha256
|
||||
sha256 065ca4091b3a96802714b560dbbc3d9f0e67574e99e2b6e8857aa1027d17d6c0 sshguard-2.4.0.tar.gz
|
||||
# Locally calculated
|
||||
sha256 c3ae64f12153a1bc55bc234d09f40a08ab0e0149fffc972c0b7f02d5a12c1a5c COPYING
|
33
package/sshguard/sshguard.mk
Normal file
33
package/sshguard/sshguard.mk
Normal file
@ -0,0 +1,33 @@
|
||||
################################################################################
|
||||
#
|
||||
# sshguard
|
||||
#
|
||||
################################################################################
|
||||
|
||||
SSHGUARD_VERSION = 2.4.0
|
||||
SSHGUARD_SITE = https://sourceforge.net/projects/sshguard/files/sshguard/$(SSHGUARD_VERSION)
|
||||
SSHGUARD_LICENSE = ISC, Public Domain (fnv hash), BSD-3-Clause (SimCList)
|
||||
SSHGUARD_LICENSE_FILES = COPYING
|
||||
|
||||
define SSHGUARD_INSTALL_CONFIG
|
||||
$(INSTALL) -D -m 0644 $(@D)/examples/sshguard.conf.sample \
|
||||
$(TARGET_DIR)/etc/sshguard.conf
|
||||
$(SED) '/^#BACKEND/c\BACKEND="/usr/libexec/sshg-fw-iptables"' \
|
||||
-e '/^#FILES/c\FILES="/var/log/messages"' $(TARGET_DIR)/etc/sshguard.conf
|
||||
endef
|
||||
SSHGUARD_POST_INSTALL_TARGET_HOOKS += SSHGUARD_INSTALL_CONFIG
|
||||
|
||||
define SSHGUARD_INSTALL_INIT_SYSV
|
||||
$(INSTALL) -D -m 755 package/sshguard/S49sshguard \
|
||||
$(TARGET_DIR)/etc/init.d/S49sshguard
|
||||
endef
|
||||
|
||||
define SSHGUARD_INSTALL_INIT_SYSTEMD
|
||||
$(INSTALL) -D -m 0644 $(@D)/examples/sshguard.service \
|
||||
$(TARGET_DIR)/usr/lib/systemd/system/sshguard.service
|
||||
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
|
||||
ln -fs ../../../../usr/lib/systemd/system/sshguard.service \
|
||||
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshguard.service
|
||||
endef
|
||||
|
||||
$(eval $(autotools-package))
|
Loading…
Reference in New Issue
Block a user