Hello community, here is the log from the commit of package sshguard for openSUSE:Factory checked in at 2015-10-19 22:52:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sshguard (Old) and /work/SRC/openSUSE:Factory/.sshguard.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sshguard" Changes: -------- --- /work/SRC/openSUSE:Factory/sshguard/sshguard.changes 2015-10-02 09:23:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sshguard.new/sshguard.changes 2015-10-20 00:05:57.000000000 +0200 @@ -1,0 +2,28 @@ +Fri Oct 16 12:15:24 UTC 2015 - [email protected] + +- Corrected a iptables error, that prevented sshguard + from functioning correctly + +------------------------------------------------------------------- +Thu Oct 15 13:51:15 UTC 2015 - [email protected] + +- Moved blacklist.db to /var/lib/sshguard/db/blacklist.db analog + most SUSE packages + +------------------------------------------------------------------- +Thu Oct 15 07:52:48 UTC 2015 - [email protected] + +- Corrected the blacklist as it's auto generated +- Improved sysconfig + +------------------------------------------------------------------- +Wed Oct 14 11:56:49 UTC 2015 - [email protected] + +- Build version 1.6.2 + + Make '-w' option backwards-compatible for iptables (James Harris) + + Remove support for ip6fw and 'ipfw-range' option + + Rewrite ipfw backend using command framework +- The white and black list now initially reside in files + /etc/sshguard/whitelist|blacklist + +------------------------------------------------------------------- Old: ---- sshguard-1.6.1.tar.xz sysconfig.sshguard New: ---- sshguard-1.6.2.tar.xz sshguard.sysconfig sshguard.whitelist ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sshguard.spec ++++++ --- /var/tmp/diff_new_pack.YDSjyX/_old 2015-10-20 00:05:58.000000000 +0200 +++ /var/tmp/diff_new_pack.YDSjyX/_new 2015-10-20 00:05:58.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package sshguard # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,16 +17,17 @@ Name: sshguard -Version: 1.6.1 +Version: 1.6.2 Release: 0 Summary: Protect hosts from brute force attacks against ssh License: ISC Group: Productivity/Networking/Security Url: http://www.sshguard.net Source0: http://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.xz -Source1: sysconfig.sshguard +Source1: sshguard.sysconfig Source2: sshguard.service Source3: sshguard.init +Source4: sshguard.whitelist # PATCH-FEATURE-UPSTREAM sshguard-gcc5.patch Patch0: sshguard-gcc5.patch %if 0%{?suse_version} < 1210 @@ -61,14 +62,17 @@ %install make DESTDIR=%{buildroot} install -install -D -m 644 %{SOURCE1} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.sshguard +install -D -m0644 %{SOURCE1} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.sshguard %if 0%{?has_systemd} ln -sf service %{buildroot}/%{_sbindir}/rc%{name} -install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/sshguard.service +install -D -m0644 %{SOURCE2} %{buildroot}%{_unitdir}/sshguard.service %else -install -D -m 744 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/sshguard +install -D -m0744 %{SOURCE3} %{buildroot}%{_sysconfdir}/init.d/sshguard ln -s ../..%{_sysconfdir}/init.d/sshguard %{buildroot}%{_sbindir}/rcsshguard %endif +install -d -m0755 %{buildroot}%{_sysconfdir}/%{name} +install -D -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}/whitelist +install -d -m0755 %{buildroot}%{_localstatedir}/lib/%{name}/db %fillup_and_insserv %pre @@ -110,5 +114,9 @@ %else %config %{_sysconfdir}/init.d/sshguard %endif +%dir %{_sysconfdir}/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/whitelist +%dir %{_localstatedir}/lib/%{name} +%attr(755,root,root) %{_localstatedir}/lib/%{name}/db %changelog ++++++ sshguard-1.6.1.tar.xz -> sshguard-1.6.2.tar.xz ++++++ ++++ 3857 lines of diff (skipped) ++++++ sshguard.init ++++++ --- /var/tmp/diff_new_pack.YDSjyX/_old 2015-10-20 00:05:58.000000000 +0200 +++ /var/tmp/diff_new_pack.YDSjyX/_new 2015-10-20 00:05:58.000000000 +0200 @@ -48,11 +48,12 @@ test -n $RELEASE_TIMEOUT && cmdline="$cmdline -p $RELEASE_TIMEOUT" test -n $FORGET_TIMEOUT && cmdline="$cmdline -s $FORGET_TIMEOUT" test -n "$WHITELIST" && cmdline="$cmdline -w $WHITELIST" + test -n "$BLACKLIST" && cmdline="$cmdline -b $BLACKLIST" } iptables_start() { /usr/sbin/iptables -N sshguard - /usr/sbin/iptables -A INPUT -p tcp --dport $PORTS -j sshguard + /usr/sbin/iptables -I INPUT 1 -p tcp --dport $PORTS -j sshguard } iptables_stop() { ++++++ sshguard.service ++++++ --- /var/tmp/diff_new_pack.YDSjyX/_old 2015-10-20 00:05:58.000000000 +0200 +++ /var/tmp/diff_new_pack.YDSjyX/_new 2015-10-20 00:05:58.000000000 +0200 @@ -5,8 +5,8 @@ [Service] EnvironmentFile=-/etc/sysconfig/sshguard ExecStartPre=/usr/sbin/iptables -N sshguard -ExecStartPre=/usr/sbin/iptables -A INPUT -p tcp --dport $PORTS -j sshguard -ExecStart=/usr/sbin/sshguard -a $ATTACK_ATTEMPTS -p $RELEASE_TIMEOUT -s $FORGET_TIMEOUT -w $WHITELIST -l $MONITORED_LOGS +ExecStartPre=/usr/sbin/iptables -I INPUT 1 -p tcp --dport $PORTS -j sshguard +ExecStart=/usr/sbin/sshguard -a $ATTACK_ATTEMPTS -p $RELEASE_TIMEOUT -s $FORGET_TIMEOUT -w $WHITELIST -b $BLACKLIST -l $MONITORED_LOGS ExecReload=/bin/kill -HUP $MAINPID ExecStopPost=/usr/sbin/iptables -F sshguard ExecStopPost=/usr/sbin/iptables -D INPUT -p tcp --dport $PORTS -j sshguard ++++++ sshguard.sysconfig ++++++ ## Path: Network/Firewall/SSHGuard ## Description: SSHGuard configuration ## ServiceRestart: sshguard ## Type: string ## Default: "" # Whitespace separated list of logfiles which will be # monitored from SSHGUARD for break in attempts. MONITORED_LOGS="/var/log/messages" ## Type: string ## Default: "22" # Protected TCP ports/services # comma separated PORTS="22" ## Type: integer ## Default: 4 # Number of attacks before IP gets blocked ATTACK_ATTEMPTS="4" ## Type: integer ## Default: 420 # Seconds until a blocked IP gets removed RELEASE_TIMEOUT="420" ## Type: integer ## Default: 1200 # Seconds until a IP is "cleared" FORGET_TIMEOUT="1200" ## Type: string ## Default: "/etc/sshguard/whitelist" # see man page for format WHITELIST="/etc/sshguard/whitelist" ## Type: string ## Default: "100:/var/lib/sshguard/db/blacklist.db" # see man page for format BLACKLIST="100:/var/lib/sshguard/db/blacklist.db" ++++++ sshguard.whitelist ++++++ # comment line (a '#' as very first character) # a single ip address #1.2.3.4 # address blocks in CIDR notation #127.0.0.0/8 #10.11.128.0/17 #192.168.0.0/24 # hostnames #rome-fw.enterprise.com #hosts.friends.com #
