I had the following build failure when I merged this:
sshguard_whitelist.c:350:87: error: dereferencing pointer to incomplete type
'struct addrinfo'
for (numaddresses = 0, addriter = hostaddrs; addriter != NULL; addriter
= addriter->ai_next, ++numaddresses) {I put the contents of the logfile here: http://pastebin.com/g1dCJcGY Can you take a look at this? Thanks, -J. [[oe] [meta-networking][PATCH] sshguard 1.6.1+git: add recipe] On 15.09.03 (Thu 19:39) Koen Kooi wrote: > SSHguard protects hosts from brute-force attacks against SSH and other > services. > > This recipe uses iptables as blocker backend and journald as log backend. > > When it's working it will look like this in syslog: > > Sep 03 19:35:29 soekris sshguard[27044]: Started with danger threshold=40 ; > minimum block=420 seconds > Sep 03 19:35:29 soekris sshguard[27044]: Blocking 24.234.171.90:4 for > >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over > 0s). > Sep 03 19:35:29 soekris sshguard[27044]: Blocking 61.182.15.194:4 for > >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over > 0s). > Sep 03 19:35:29 soekris sshguard[27044]: Blocking 115.58.38.53:4 for > >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over > 0s). > > And the iptable rules: > > root@soekris:~# iptables -L sshguard --line-numbers > Chain sshguard (1 references) > num target prot opt source destination > 1 DROP all -- hn.kd.ny.adsl anywhere > 2 DROP all -- 61.182.15.194 anywhere > 3 DROP all -- wsip-24-234-171-90.lv.lv.cox.net anywhere > > Signed-off-by: Koen Kooi <[email protected]> > --- > .../recipes-support/sshguard/sshguard/firewall | 48 > ++++++++++++++++++++++ > .../sshguard/sshguard/sshguard-journalctl | 2 + > .../sshguard/sshguard/sshguard.service | 12 ++++++ > .../recipes-support/sshguard/sshguard_git.bb | 38 +++++++++++++++++ > 4 files changed, 100 insertions(+) > create mode 100644 meta-networking/recipes-support/sshguard/sshguard/firewall > create mode 100644 > meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl > create mode 100644 > meta-networking/recipes-support/sshguard/sshguard/sshguard.service > create mode 100644 meta-networking/recipes-support/sshguard/sshguard_git.bb > > diff --git a/meta-networking/recipes-support/sshguard/sshguard/firewall > b/meta-networking/recipes-support/sshguard/sshguard/firewall > new file mode 100644 > index 0000000..b683368 > --- /dev/null > +++ b/meta-networking/recipes-support/sshguard/sshguard/firewall > @@ -0,0 +1,48 @@ > +#!/bin/sh > + > +# > +# Function that enables firewall > +# > +do_enable_firewall() > +{ > + # creating sshguard chain > + iptables -N sshguard 2> /dev/null > + ip6tables -N sshguard 2> /dev/null > + # block traffic from abusers > + iptables -I INPUT -j sshguard 2> /dev/null > + ip6tables -I INPUT -j sshguard 2> /dev/null > +} > +# > +# Function that disables firewall > +# > +do_disable_firewall() > +{ > + # flushes list of abusers > + iptables -F sshguard 2> /dev/null > + ip6tables -F sshguard 2> /dev/null > + # removes sshguard firewall rules > + iptables -D INPUT -j sshguard 2> /dev/null > + ip6tables -D INPUT -j sshguard 2> /dev/null > + # removing sshguard chain > + iptables -X sshguard 2> /dev/null > + ip6tables -X sshguard 2> /dev/null > +} > + > +case "$1" in > + enable) > + do_enable_firewall > + ;; > + disable) > + do_disable_firewall > + ;; > + restart) > + do_disable_firewall > + do_enable_firewall > + ;; > + *) > + exit 1 > + ;; > +esac > + > +exit 0 > + > diff --git > a/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl > b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl > new file mode 100644 > index 0000000..e7c615b > --- /dev/null > +++ b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl > @@ -0,0 +1,2 @@ > +#!/bin/sh > +/bin/journalctl -fb -t sshd -n100 | /usr/sbin/sshguard -l- "$@" > diff --git > a/meta-networking/recipes-support/sshguard/sshguard/sshguard.service > b/meta-networking/recipes-support/sshguard/sshguard/sshguard.service > new file mode 100644 > index 0000000..e2590fa > --- /dev/null > +++ b/meta-networking/recipes-support/sshguard/sshguard/sshguard.service > @@ -0,0 +1,12 @@ > +[Unit] > +Description=SSHGuard > +After=network.service > + > +[Service] > +PIDFile=/run/sshguard.pid > +ExecStartPre=/usr/lib/sshguard/firewall enable > +ExecStopPost=/usr/lib/sshguard/firewall disable > +ExecStart=/usr/lib/sshguard/sshguard-journalctl -i /run/sshguard.pid > + > +[Install] > +WantedBy=multi-user.target > diff --git a/meta-networking/recipes-support/sshguard/sshguard_git.bb > b/meta-networking/recipes-support/sshguard/sshguard_git.bb > new file mode 100644 > index 0000000..04435e8 > --- /dev/null > +++ b/meta-networking/recipes-support/sshguard/sshguard_git.bb > @@ -0,0 +1,38 @@ > +SUMMARY = "SSHguard protects hosts from brute-force attacks against SSH and > other services." > + > +LICENSE = "ISC" > +LIC_FILES_CHKSUM = "file://COPYING;md5=47a33fc98cd20713882c4d822a57bf4d" > + > +PV = "1.6.1+git${SRCPV}" > + > +SRCREV = "019a0406811a536faf3f90cdd7a0a538ee24d789" > +SRC_URI = > "git://bitbucket.org/sshguard/sshguard.git;protocol=https;branch=1.6 \ > + file://firewall \ > + file://sshguard.service \ > + file://sshguard-journalctl \ > + " > + > +S = "${WORKDIR}/git" > + > +DEPENDS = "flex-native" > + > +inherit autotools-brokensep systemd > + > +EXTRA_OECONF += " --with-firewall=iptables \ > + --with-iptables=${sbindir}/iptables \ > + " > + > +do_install_append() { > + install -d ${D}${libdir}/sshguard > + install -m 0755 ${WORKDIR}/firewall ${D}${libdir}/sshguard > + install -m 0755 ${WORKDIR}/sshguard-journalctl ${D}${libdir}/sshguard > + > + sed -i -e s:/bin:${base_bindir}:g -e s:/usr/sbin:${sbindir}:g > ${D}${libdir}/sshguard/sshguard-journalctl > + > + install -d ${D}${systemd_unitdir}/system > + install -m 0644 ${WORKDIR}/sshguard.service ${D}${systemd_unitdir}/system > + sed -i -e s:/usr/lib:${libdir}:g > ${D}${systemd_unitdir}/system/sshguard.service > +} > + > +FILES_${PN} += "${systemd_unitdir}" > +RDEPENDS_${PN} += "iptables" > -- > 2.0.1 > -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
