Bug#780800: marked as done (sshguard: add support for syslog-less operation under systemd)

Wed, 13 May 2015 15:51:50 -0700 

Your message dated Wed, 13 May 2015 22:49:59 +0000
with message-id <[email protected]>
and subject line Bug#780800: fixed in sshguard 1.6.0-1
has caused the Debian Bug report #780800,
regarding sshguard: add support for syslog-less operation under systemd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
780800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780800
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: sshguard
Version: 1.5-6
Severity: wishlist

Hi,

please add support to run just with journalctl, here are the files:

(Partly inspired by https://wiki.archlinux.org/index.php/Sshguard)

It works nicely with attached files (you will also want to modify your
init.d script to use /usr/lib/sshguard/firewall, so you have the
firewall script in one place).

Put firewall and sshguard-journalctl in /usr/lib/sshguard/ (+x) and
use dh_systemd to install sshguard.service, that should be it.

Cheers,
Ondrej

-- System Information:
Debian Release: 8.0
  APT prefers testing-proposed-updates
  APT policy: (990, 'testing-proposed-updates'), (990, 'testing'), (500, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-rc4 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

#!/bin/sh
/bin/journalctl -fb --unit=ssh | /usr/sbin/sshguard -l- "$@"

[Unit]
Description=SSHGuard
After=network.service
Before=sshd.service

[Service]
EnvironmentFile=-/etc/default/sshguard
PIDFile=/run/sshguard.pid
ExecStartPre=/usr/lib/sshguard/firewall enable
ExecStopPost=/usr/lib/sshguard/firewall disable
ExecStart=/usr/lib/sshguard/sshguard-journalctl -i /run/sshguard.pid -w 
$WHITELIST $ARGS

[Install]
WantedBy=multi-user.target

#!/bin/sh

OS=$(uname)

if [ "$OS" = "Linux" ]; then
	#
	# Function that enables firewall
	#
	do_enable_firewall()
	{
		# creating sshguard chain
		iptables -N sshguard 2> /dev/null
		ip6tables -N sshguard 2> /dev/null
		# block traffic from abusers
		iptables -I INPUT -j sshguard 2> /dev/null
		ip6tables -I INPUT -j sshguard 2> /dev/null
	}
	#
	# Function that disables firewall
	#
	do_disable_firewall()
	{
		# flushes list of abusers
		iptables -F sshguard 2> /dev/null
		ip6tables -F sshguard 2> /dev/null
		# removes sshguard firewall rules
		iptables -D INPUT -j sshguard 2> /dev/null
		ip6tables -D INPUT -j sshguard 2> /dev/null
		# removing sshguard chain
		iptables -X sshguard 2> /dev/null
		ip6tables -X sshguard 2> /dev/null
	}
else
	# KfreeBSD code
	#
	# Function that enables firewall
	#
	do_enable_firewall()
	{
		# create sshguard firewall rules
		PF_AVAILABLE=$(lsmod |grep pf.ko |awk {'print $5'})
		if [ "$PF_AVAILABLE" != "pf.ko" ]; then
			kldload pf
		fi
		pfctl -e 2> /dev/null # Enable PF
		# Loading sshguard table and rules
		pfctl -f /etc/sshguard/sshguard.conf 2> /dev/null
	}
	#
	# Function that disables firewall
	#
	do_disable_firewall()
	{
		# flushes list of abusers
		pfctl -Tflush -t sshguard 2> /dev/null
		# removes sshguard firewall rules
		pfctl -Tdel -t sshguard 2> /dev/null
		# removing sshguard table
		pfctl -Tkill -t sshguard 2> /dev/null
	}
fi

case "$1" in
    enable)
	do_enable_firewall
	;;
    disable)
	do_disable_firewall
	;;
    restart)
	do_disable_firewall
	do_enable_firewall
	;;
    *)
	exit 1
	;;
esac
	
exit 0

--- End Message ---
--- Begin Message --- 
Source: sshguard
Source-Version: 1.6.0-1

We believe that the bug you reported is fixed in the latest version of
sshguard, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julián Moreno Patiño <[email protected]> (supplier of updated sshguard package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 May 2015 10:51:59 -0500
Source: sshguard
Binary: sshguard
Architecture: source amd64
Version: 1.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Julián Moreno Patiño <[email protected]>
Changed-By: Julián Moreno Patiño <[email protected]>
Description:
 sshguard   - Protects from brute force attacks against ssh
Closes: 693614 775209 780800
Changes:
 sshguard (1.6.0-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #693614)
   * d/patches/01_sshguard_manpage.diff, Remove, merge with upstream.
   * d/patches/02_avoid_ftbfs_kfreebsd.diff, Refresh patch offset.
   * d/patches/03_fix_inode.diff, Remove, merge with upstream.
   * d/control, Bump Standards-Version to 3.9.6 (no changes).
   * Add systemd support. (Closes: #780800)
     + Thanks to Ondřej Surý for it.
   * Add -w parameter to iptables to wait for the xtables
     lock. (Closes: #775209 #780238)
     + Thanks to Joao Luis Meloni Assirati for it.
   * d/copyright, Extend debian copyright holders years.
     + Update short license name.
Checksums-Sha1:
 e235de8127271b7b7cf1665f0b137a28ee9cf559 1878 sshguard_1.6.0-1.dsc
 4411eb34994cdb639e3c410c2bb1963783aee6ae 384376 sshguard_1.6.0.orig.tar.xz
 d4a44d987ef42e6eea0c486410b99cd927bab191 6068 sshguard_1.6.0-1.debian.tar.xz
 32a79af6c844f769ae3928f1433acecfb14d692e 182690 sshguard_1.6.0-1_amd64.deb
Checksums-Sha256:
 2dadd2da9774efd7682bdeac316e9bda702a19afedc38c0a962402fff4689dc8 1878 
sshguard_1.6.0-1.dsc
 dce32b1fc3fb0f8d15b6c56b9822c300434faaa87240e5373c095dc22bfa07e4 384376 
sshguard_1.6.0.orig.tar.xz
 db834017139dddfeaefd312442c45a8783c9215cbb962e57a40d295816ffdcc8 6068 
sshguard_1.6.0-1.debian.tar.xz
 c9373d918f9215ceb8cf7c0dd997e9186044ca253cf00161009379a7619834c2 182690 
sshguard_1.6.0-1_amd64.deb
Files:
 326f6e350308243aeeb6bc74f6c5ce20 1878 net optional sshguard_1.6.0-1.dsc
 ceb012f89d68d2cf69c6ddd5db8bd86a 384376 net optional sshguard_1.6.0.orig.tar.xz
 ab2d0b326a9ca27a7490164328369b12 6068 net optional 
sshguard_1.6.0-1.debian.tar.xz
 840516502a7798db1d0adc5bc7b0a49b 182690 net optional sshguard_1.6.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVU9S7AAoJENX9/BVhaL9g0zEQAIlECyt2aHJc2cQGkJsJH319
gZ0lJoqreuuTBuJSt2EU9D2G3MFf/obUygYle2LnBlm3tbqhyCK4hFlvw+mexHdQ
ejmvHgJ4lFn+q0OBCam0thq+HCXnCLN0Ggzkl5F1jlb0AbLRg/ivZMUloGnQjtEW
gvmcyHg4ozJ4ssheauoSFD9rVm8otL+j7F5Sk2mrLGluOh2C14hS/6dG3ZY3OjuG
NDChNZ//HgCDO/WS0w7A9ZqkVNCeyBEDE8K9F3PAa/wh12/DYWZVYGXE5TmRSiAT
feQeRO4iF02y9MqUBr5UoD634wP2Pj7sEhnMSHhDoIRu3fUxNxW/i3UGcACKlbJX
IOjBf5+UL2xtStcvmBCJJN2Ycrxyi2128s6NepKCZCc2HNFe/sR11BJ1gxqFXBZ3
rkJLDpSoArREOT/3SQ5JpWoAciCqDsbOTYq5eadHLCNk5F/68WDqbRsSzB/m4ysB
VP4VlrsT3rrmov4PtFsvR+9etyYotV5QSaGr6+gDyBdiYbzlpMap/IsAuhkoDUqm
JssRyRjugdgbu2iuFACZtx7uDrLvc/LiJKJRUCnFz9IT7/+nx8Z8J4apM7a2poVA
it3Sss4QsQxrhCElXunB7Er1PCW61ikQjfRIHbmQ6aUu4yoPdvAYEA0gFIOa0Wzi
Il8H6wLazHKrkuj97ywh
=ezbQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to