network/sshguard: Updated for version 2.4.2.

Signed-off-by: Andrew Clemons <andrew.clemons@gmail.com>

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

7 files changed, 149 insertions, 67 deletions

diff --git a/network/sshguard/README b/network/sshguard/README
index 9e31763a3282..fd59f1d8b665 100644
--- a/network/sshguard/README
+++ b/network/sshguard/README
@@ -1,17 +1,23 @@
-SSHGuard protects hosts from brute-force attacks against SSH and
-other services. It has been written entirely in C and has no external
-dependencies and no configuration file. SSHGuard aggregates system
-logs and blocks repeat offenders. It can read log messages from
-standard input (suitable for piping from syslog) or monitor one or
-more log files. Log messages are parsed, line-by-line, for recognized
-patterns. If an attack, such as several login failures within a few
-seconds, is detected, the offending IP is blocked. Offenders are
-unblocked after a set interval, but can be semi-permanently banned
-using the blacklist option.
+sshguard protects hosts from brute-force attacks against SSH and other
+services. It aggregates system logs and blocks repeat offenders using
+one of several firewall backends, including iptables, ipfw, and pf.
+
+sshguard can read log messages from standard input (suitable for piping
+from syslog) or monitor one or more log files. Log messages are parsed,
+line-by-line, for recognized patterns. If an attack, such as several
+login failures within a few seconds, is detected, the offending IP is
+blocked. Offenders are unblocked after a set interval, but can be semi-
+permanently banned using the blacklist option.
 
 IMPORTANT:
 
-You will need to properly set up "sshguard" chain in iptables. For
-further information PLEASE CONSULT MAN PAGE, installed together with
-this package. The information available on the website tends to be
-outdated, (it is well worth reading anyway).
+1. You will need to properly set up an "sshguard" chain in your firewall
+   backend. For further information consult `sshguard-setup(7)`.
+
+2. Starting with version 2.0.0, SSHGuard **requires** a config file
+   to start. `sshguard.conf` as shipped with this SlackBuild provides
+   defaults such that they reassemble the values that were previously
+   specified on the command line in the `rc.sshguard` script.
+
+   See `examples/sshguard.conf.sample` in the doc directory for
+   additional config options.
diff --git a/network/sshguard/doinst.sh b/network/sshguard/doinst.sh
index 8e1f8328313b..ff3107fbc3ee 100644
--- a/network/sshguard/doinst.sh
+++ b/network/sshguard/doinst.sh
@@ -19,4 +19,5 @@ preserve_perms() {
   config $NEW
 }
 
+config etc/sshguard.conf.new
 preserve_perms etc/rc.d/rc.sshguard.new
diff --git a/network/sshguard/rc.sshguard b/network/sshguard/rc.sshguard
index 24c4f29d88a7..c08033b3c7d0 100644
--- a/network/sshguard/rc.sshguard
+++ b/network/sshguard/rc.sshguard
@@ -1,45 +1,105 @@
-#!/bin/sh
+#!/bin/bash
+
+declare -r daemon_name=sshguard
+declare -r daemon_prog=/usr/sbin/sshguard
+
+################################################################################
+the_daemon()
+################################################################################
+{
+    daemon --name "${daemon_name}" "${@}"
+}
 
 ################################################################################
-sshguard_start() {
+the_damon_start()
 ################################################################################
-  if [ -n "$(pidof sshguard)" ]; then
-    echo "sshguard seems to be already running."
-    return
-  fi
+{
+    if ! the_daemon --running; then
+        echo "Starting ${daemon_name}:  ${daemon_prog}"
 
-  /usr/sbin/sshguard -l /var/log/messages 1>/dev/null &
+        the_daemon -- ${daemon_prog}
+    else
+        echo "${daemon_name} seems to be already running."
+    fi
 }
 
 ################################################################################
-sshguard_stop() {
+the_damon_stop()
 ################################################################################
-  if [ -z "$(pidof sshguard)" ]; then
-    echo "sshguard does not seem to be running."
-    return
-  fi
+{
+    if the_daemon --running; then
+        echo "Stopping ${daemon_name}."
 
-  kill $(pidof sshguard)
+        the_daemon --stop
+    else
+        echo "${daemon_name} does not seem to be running."
+    fi
 }
 
 ################################################################################
-sshguard_restart() {
+the_damon_restart()
 ################################################################################
-  sshguard_stop
-  sleep 1
-  sshguard_start
+{
+    if the_daemon --running; then
+        the_damon_stop
+        the_daemon_wait_stopped
+        the_damon_start
+    else
+        echo "${daemon_name} does not seem to be running."
+    fi
 }
 
-case "$1" in
-'start')
-  sshguard_start
-  ;;
-'stop')
-  sshguard_stop
-  ;;
-'restart')
-  sshguard_restart
-  ;;
+################################################################################
+the_daemon_wait_stopped()
+################################################################################
+{
+    # All time values given in a unit of 0.1 second.
+
+    local -r timeout=50
+    local delay=1
+    local delay_sum=0
+    local -r test_expr=(the_daemon --running)
+
+    # Poll (with timeout) for the daemon to exit.
+
+    while "${test_expr[@]}" && [[ ${delay_sum} -lt ${timeout} ]]; do
+        sleep $(echo "${delay} / 10.0" | bc -l)
+        delay_sum=$((delay_sum + delay))
+
+        # Double the delay in each iteration to lower the CPU use.
+
+        delay=$((delay * 2))
+
+        # Adjust next's iteration delay prevent waiting longer than _timeout_
+        # in case the time already waited and the delay to be waited in
+        # the next iteration would be greater than the requested _timeout_.
+
+        if [[ $((delay_sum + delay)) -gt ${timeout} ]]; then
+            delay=$((timeout - delay_sum))
+        fi
+    done
+
+    if "${test_expr[@]}"; then
+        echo "Timeout waiting for ${daemon_name} to stop."
+
+        exit 1
+    fi
+}
+
+case "${1}" in
+start)
+    the_damon_start
+;;
+
+stop)
+    the_damon_stop
+;;
+
+restart)
+    the_damon_restart
+;;
+
 *)
-  echo "usage: $0 start|stop|restart"
+    echo "usage: ${0} start|stop|restart"
+;;
 esac
diff --git a/network/sshguard/slack-desc b/network/sshguard/slack-desc
index 2747ed724170..3ff04458b1e0 100644
--- a/network/sshguard/slack-desc
+++ b/network/sshguard/slack-desc
@@ -8,12 +8,12 @@
         |-----handy-ruler------------------------------------------------------|
 sshguard: sshguard (SSH brute-force attack protection)
 sshguard:
-sshguard: SSHGuard protects hosts from brute-force attacks against SSH and
-sshguard: other services. It aggregates system logs and blocks repeat
-sshguard: offenders. SSHGuard can read log messages from standard input
-sshguard: (suitable for piping from syslog) or monitor one or more log files.
-sshguard: If an attack, such as several login failures within a few seconds,
-sshguard: is detected, the offending IP is blocked.
+sshguard: sshguard protects hosts from brute-force attacks against SSH and other
+sshguard: services. It aggregates system logs and blocks repeat offenders using
+sshguard: one of several firewall backends, including iptables, ipfw, and pf.
 sshguard:
 sshguard: Homepage: https://www.sshguard.net/
 sshguard:
+sshguard:
+sshguard:
+sshguard:
diff --git a/network/sshguard/sshguard.SlackBuild b/network/sshguard/sshguard.SlackBuild
index 790c51dc1ead..45b565d94a6d 100644
--- a/network/sshguard/sshguard.SlackBuild
+++ b/network/sshguard/sshguard.SlackBuild
@@ -2,7 +2,7 @@
 
 # Slackware build script for sshguard
 
-# Copyright 2016 Andrzej Telszewski, Banie
+# Copyright 2022 Andrzej Telszewski, Koszalin
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@
 cd $(dirname $0) ; CWD=$(pwd)
 
 PRGNAM=sshguard
-VERSION=${VERSION:-1.7.0}
+VERSION=${VERSION:-2.4.2}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}
@@ -38,9 +38,6 @@ if [ -z "$ARCH" ]; then
   esac
 fi
 
-# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
-# the name of the created package would be, and then exit. This information
-# could be useful to other scripts.
 if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
   echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
   exit 0
@@ -64,27 +61,25 @@ else
   LIBDIRSUFFIX=""
 fi
 
-set -e
+set -eu
 
 rm -rf $PKG
 mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
+
 rm -rf $PRGNAM-$VERSION
 tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
 cd $PRGNAM-$VERSION
+
 chown -R root:root .
-find -L . \
- \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
-  -o -perm 511 \) -exec chmod 755 {} \; -o \
- \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+chmod -R a-st,u+rwX,go-w+rX .
 
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
 ./configure \
   --prefix=/usr \
+  --sysconfdir=/etc \
   --mandir=/usr/man \
-  --with-firewall=iptables \
   --build=$ARCH-slackware-linux
 
 make
@@ -93,6 +88,9 @@ make install DESTDIR=$PKG
 find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
   | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
 
+mkdir -p $PKG/etc
+cat $CWD/${PRGNAM}.conf > $PKG/etc/${PRGNAM}.conf.new
+
 mkdir -p $PKG/etc/rc.d
 cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new
 
@@ -100,13 +98,13 @@ find $PKG/usr/man -type f -exec gzip -9 {} \;
 for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
 
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a doc/{developers,setup,sshguard.8}.rst examples CHANGELOG.rst COPYING \
-  README.rst $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a doc/{sshguard-setup.7,sshguard.8}.rst examples COPYING \
+  {CHANGELOG,CONTRIBUTING,README}.rst $PKG/usr/doc/$PRGNAM-$VERSION
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
 
 mkdir -p $PKG/install
 cat $CWD/slack-desc > $PKG/install/slack-desc
-cat $CWD/doinst.sh  > $PKG/install/doinst.sh
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
 
 cd $PKG
 /sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/network/sshguard/sshguard.conf b/network/sshguard/sshguard.conf
new file mode 100644
index 000000000000..07c13b3e45c6
--- /dev/null
+++ b/network/sshguard/sshguard.conf
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# sshguard.conf -- SSHGuard configuration
+# Based on /usr/doc/sshguard-2.4.2/examples/sshguard.conf.sample
+
+# Full path to backend executable.
+
+BACKEND="/usr/libexec/sshg-fw-iptables"
+
+# Space-separated list of log files to monitor.
+
+FILES="/var/log/messages"
+
+# Do not provide PID file path.
+# It is handled by daemon(1).
+
+PID_FILE=
diff --git a/network/sshguard/sshguard.info b/network/sshguard/sshguard.info
index 06a268516c15..efdd417d4ba9 100644
--- a/network/sshguard/sshguard.info
+++ b/network/sshguard/sshguard.info
@@ -1,10 +1,10 @@
 PRGNAM="sshguard"
-VERSION="1.7.0"
+VERSION="2.4.2"
 HOMEPAGE="https://www.sshguard.net/"
-DOWNLOAD="https://download.sourceforge.net/project/sshguard/sshguard/1.7.0/sshguard-1.7.0.tar.gz"
-MD5SUM="db251a2e31cb5af203d10c42be33ea9c"
+DOWNLOAD="https://download.sourceforge.net/project/sshguard/sshguard/2.4.2/sshguard-2.4.2.tar.gz"
+MD5SUM="0f83f5e7e1b197fb3bd4e9dfe9e601e6"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES=""
 MAINTAINER="Andrzej Telszewski"
-EMAIL="atelszewski@gmail.com"
+EMAIL="andrzej@telszewski.com"