From patchwork Tue Jul 16 19:56:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Angelo Compagnucci X-Patchwork-Id: 1132927 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amarulasolutions.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amarulasolutions.com header.i=@amarulasolutions.com header.b="jjPSXASp"; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 45pB4m5Qnfz9sBt for ; Wed, 17 Jul 2019 05:57:12 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 698BA22201; Tue, 16 Jul 2019 19:57:08 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYPXqK3+lMXt; Tue, 16 Jul 2019 19:57:05 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 316D82221F; Tue, 16 Jul 2019 19:57:05 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 90CC31BF360 for ; Tue, 16 Jul 2019 19:57:04 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 8DC9B2221F for ; Tue, 16 Jul 2019 19:57:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esfOkRnbffoe for ; Tue, 16 Jul 2019 19:57:03 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f65.google.com (mail-ed1-f65.google.com [209.85.208.65]) by silver.osuosl.org (Postfix) with ESMTPS id 1BE9422201 for ; Tue, 16 Jul 2019 19:57:02 +0000 (UTC) Received: by mail-ed1-f65.google.com with SMTP id v15so21785734eds.9 for ; Tue, 16 Jul 2019 12:57:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; h=from:to:cc:subject:date:message-id; bh=wXJOmtN73w51jrNPrvKxxSalghFYyt3F7++3+Vp2Yuw=; b=jjPSXASpnQospUllR7fQEUISLK4Q3RdPw+AiBFIrQ2LW2O5W3Nulil19kGU2LTor1C n/7nih9s6A10sZ473OoUj9rcNWhl/8q38vJHoo+vr6vx5A/+abw7/DwL+m53q4K4vqme 5OL1JJ59o3bwCdlgSffKisvAKyt+fFp+IKSUY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=wXJOmtN73w51jrNPrvKxxSalghFYyt3F7++3+Vp2Yuw=; b=otNJsccLkb6mNJLQmvjAGPXO8lWbH4+A1x3ck+J1zRf0E6V6mDIGJFoVrBV7rPBqj/ PbxeAI4r+KgdzWZW0E4smi7bB4h9L9ab7LH2BsPOlCPhuwQkkoEKyTuhC9sWFmr13cqD /rFqZDUKdnOGe3nag6hjnLd1P4IZzlySKGK2vDYoC6gTBLoKDfm6wC/A7CnmfwlGQT3V xKwh3C4X8U8fLNkZ64XUkFRycXMSzwhHEUBPz1ffIWIy+ffsaUf4PqIKRAk3Hnm9VYKy BUvNJFpEGArBK9CgCvo3ghGzx1CnCu98ffqp7mGOTEocXG4xEE1y1Oez/7ucs3P6t/lI C4Ng== X-Gm-Message-State: APjAAAV/aRSpkkRbzfpDg1MBCpU6ZpCwoBaWFFudIhmOPDn8RYvmb+dG 1P2us5RtFXavcMsul9gT4DGVxEbnhGE= X-Google-Smtp-Source: APXvYqydp/Oxkg27DtGAfayEMFEeR/49kuZ/TBqGDmANXZnHAeyq+UJwQ+9z8AlvwVv8UVS52aY8tA== X-Received: by 2002:a50:9153:: with SMTP id f19mr31639596eda.70.1563307018798; Tue, 16 Jul 2019 12:56:58 -0700 (PDT) Received: from localhost.localdomain ([37.161.214.115]) by smtp.gmail.com with ESMTPSA id o18sm6239783edq.18.2019.07.16.12.56.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 16 Jul 2019 12:56:58 -0700 (PDT) From: Angelo Compagnucci To: buildroot@buildroot.org Date: Tue, 16 Jul 2019 21:56:52 +0200 Message-Id: <1563307012-3724-1-git-send-email-angelo@amarulasolutions.com> X-Mailer: git-send-email 2.7.4 Subject: [Buildroot] [PATCH v2] package/sshguard: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Angelo Compagnucci MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" sshguard protects hosts from brute-force attacks against SSH and other services. Signed-off-by: Angelo Compagnucci --- CHANGELOG: v1->v2: * Fixed license (suggested by Thomas) * Fixed sysv script (suggested by Thomas) * Moved from using git to use tarball DEVELOPERS | 1 + package/Config.in | 1 + package/sshguard/Config.in | 10 +++++++++ package/sshguard/S39sshguard | 50 ++++++++++++++++++++++++++++++++++++++++++ package/sshguard/sshguard.hash | 3 +++ package/sshguard/sshguard.mk | 34 ++++++++++++++++++++++++++++ 6 files changed, 99 insertions(+) create mode 100644 package/sshguard/Config.in create mode 100644 package/sshguard/S39sshguard create mode 100644 package/sshguard/sshguard.hash create mode 100644 package/sshguard/sshguard.mk diff --git a/DEVELOPERS b/DEVELOPERS index 4ab4e36..61e11b5 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -175,6 +175,7 @@ F: package/python-can/ F: package/python-pillow/ F: package/python-pydal/ F: package/python-web2py/ +F: package/sshguard/ F: package/sysdig/ N: Anisse Astier diff --git a/package/Config.in b/package/Config.in index 90dddfd..03b86f6 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2052,6 +2052,7 @@ endif source "package/spice/Config.in" source "package/spice-protocol/Config.in" source "package/squid/Config.in" + source "package/sshguard/Config.in" source "package/sshpass/Config.in" source "package/sslh/Config.in" source "package/strongswan/Config.in" diff --git a/package/sshguard/Config.in b/package/sshguard/Config.in new file mode 100644 index 0000000..6bf1800 --- /dev/null +++ b/package/sshguard/Config.in @@ -0,0 +1,10 @@ +config BR2_PACKAGE_SSHGUARD + bool "sshguard" + depends on BR2_PACKAGE_IPTABLES + help + sshguard protects hosts from brute-force attacks against SSH and + other services. It aggregates system logs and blocks repeat offenders + using one of several firewall backends, including iptables, ipfw, + and pf. + + https://www.sshguard.net diff --git a/package/sshguard/S39sshguard b/package/sshguard/S39sshguard new file mode 100644 index 0000000..d277b9a --- /dev/null +++ b/package/sshguard/S39sshguard @@ -0,0 +1,50 @@ +#!/bin/sh + +DAEMON="sshguard" +PIDFILE="/var/run/$DAEMON.pid" + +start() { + printf 'Starting %s: ' "$DAEMON" + iptables -L sshguard > /dev/null 2>&1 || \ + (iptables -N sshguard && \ + iptables -A INPUT -j sshguard) + start-stop-daemon -S -q -b -p /run/sshguard.pid \ + -x /usr/sbin/sshguard -- -i /run/sshguard.pid + status=$? + if [ "$status" -eq 0 ]; then + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +stop() { + printf 'Stopping %s: ' "$DAEMON" + start-stop-daemon -K -q -p "$PIDFILE" + status=$? + if [ "$status" -eq 0 ]; then + rm -f "$PIDFILE" + echo "OK" + else + echo "FAIL" + fi + return "$status" +} + +restart() { + stop + sleep 1 + start +} + +case "$1" in + start|stop|restart) + "$1";; + reload) + # Restart, since there is no true "reload" feature. + restart;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/package/sshguard/sshguard.hash b/package/sshguard/sshguard.hash new file mode 100644 index 0000000..5b9a0f0 --- /dev/null +++ b/package/sshguard/sshguard.hash @@ -0,0 +1,3 @@ +# sha256 from https://sourceforge.net/projects/sshguard/files/sshguard/2.4.0/sshguard-2.4.0.sha256 +sha256 065ca4091b3a96802714b560dbbc3d9f0e67574e99e2b6e8857aa1027d17d6c0 sshguard-2.4.0.tar.gz +sha256 c3ae64f12153a1bc55bc234d09f40a08ab0e0149fffc972c0b7f02d5a12c1a5c COPYING diff --git a/package/sshguard/sshguard.mk b/package/sshguard/sshguard.mk new file mode 100644 index 0000000..1ec137e --- /dev/null +++ b/package/sshguard/sshguard.mk @@ -0,0 +1,34 @@ +################################################################################ +# +# sshguard +# +################################################################################ + +SSHGUARD_VERSION = 2.4.0 +SSHGUARD_SOURCE = sshguard-$(SSHGUARD_VERSION).tar.gz +SSHGUARD_SITE = https://sourceforge.net/projects/sshguard/files/sshguard/$(SSHGUARD_VERSION) +SSHGUARD_LICENSE = MIT, X11, GPL-2.0+, Public Domain, ISC +SSHGUARD_LICENSE_FILES = COPYING + +define SSHGUARD_INSTALL_CONFIG + $(INSTALL) -D -m 0644 $(@D)/examples/sshguard.conf.sample \ + $(TARGET_DIR)/etc/sshguard.conf + $(SED) '/^#BACKEND/c\BACKEND="/usr/libexec/sshg-fw-iptables"' $(TARGET_DIR)/etc/sshguard.conf + $(SED) '/^#FILES/c\FILES="/var/log/messages"' $(TARGET_DIR)/etc/sshguard.conf +endef +SSHGUARD_POST_INSTALL_TARGET_HOOKS += SSHGUARD_INSTALL_CONFIG + +define SSHGUARD_INSTALL_INIT_SYSV + $(INSTALL) -D -m 755 package/sshguard/S39sshguard \ + $(TARGET_DIR)/etc/init.d/S39sshguard +endef + +define SSHGUARD_INSTALL_INIT_SYSTEMD + $(INSTALL) -D -m 0644 $(@D)/examples/sshguard.service \ + $(TARGET_DIR)/usr/lib/systemd/system/sshguard.service + mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants + ln -fs ../../../../usr/lib/systemd/system/sshguard.service \ + $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshguard.service +endef + +$(eval $(autotools-package))