hey, debian does it; so should we :-) Attached is a stab at init/conf pair as well as an updated ebuild. syslog-ng integration no more, this version has an external log file scanner (basically checks for changes with declining intervals). Edit conf.d/sshguard and add logfiles
Created attachment 259846 [details] sshguard-1.5_rc4.ebuild
Created attachment 259848 [details] sshguard.init
Created attachment 259849 [details] sshguard.conf
Created attachment 260217 [details] sshguard.conf Typo in sshguard.conf - should be /var/run , not /var/log. Also comment out pid in conf since we already default in init (double the action, triple the fun)
Created attachment 267485 [details] sshguard-1.5_rc4.ebuild Small fix: - dodoc README Changes examples/ || die "dodoc failed" + dodoc README Changes examples/* || die "dodoc failed"
Created attachment 267487 [details] sshguard.conf More flexible configuration file.
Created attachment 267493 [details] sshguard.init
sshguard 1.5 final was released 2/14/2011: This is a milestone release, coming after 18 months of development and testing and a long list of beta and RC releases. Two major features are introduced: the LogSucker, to monitor... many log sources at once, and attack dangerousness, to punish attacks with fine-tuned severity. Along with these comes a long list of further minor features, signatures, and fixes. All users are strongly recommended to update to this version, and report missing signatures to http://sshguard.net/newsignature/ Thanks for your ebuilds - I will test them soon.
1.5 is in the tree, with the init.d and conf.d files submitted last. Thanks for reporting and for the work and patience.
Not quite happy yet. Is there any way we can have the init.d script determine whether startup was successful? astrid ~ # /etc/init.d/sshguard status * status: stopped astrid ~ # /etc/init.d/sshguard start * Starting sshguard ... [ ok ] astrid ~ # pgrep sshguard [nothing] astrid ~ # /etc/init.d/sshguard status * status: crashed astrid ~ # grep sshguard /var/log/messages Apr 23 17:01:31 astrid sshguard[15223]: Could not init firewall. Terminating.
23 Apr 2011; Jeroen Roovers <jer@gentoo.org> files/sshguard.confd, files/sshguard.initd: Add --wait option to s-s-d to measure success or failure better. Should be good now, fails nicely with a default of 999 milliseconds: astrid ~ # /etc/init.d/sshguard status * status: stopped astrid ~ # /etc/init.d/sshguard start * Caching service dependencies ... [ ok ] * Starting sshguard ... * start-stop-daemon: caught an interrupt * start-stop-daemon: /usr/sbin/sshguard died [ !! ] * ERROR: sshguard failed to start
Hey, looks like the initd still uses my old style LOGS-loop and omits ${SSHGUARD_OPTS}. Also, --wait is only baselayout-2, right?
Looks like I used attachment #259848 [details] by mistake. Fixed that now. I also set an RDEPEND on sys-apps/openrc, which provides the newer s-s-d that supports --wait. Fixed in 1.5-r1.
It would be preferable from my perspective to be able to install 1.5-r1 without being forced to also install openrc. I run a stable system with sshguard in package.accept_keywords using the "old" syslog-ng configuration. Could a syslog USE flag be added so that I can continue running sshguard without installing openrc? See sshguard-1.5-r1_syslog.patch.
Created attachment 271631 [details, diff] Add syslog USE flag to conditionally remove runtime dep on openrc
Comment on attachment 271631 [details, diff] Add syslog USE flag to conditionally remove runtime dep on openrc There is no relation at all between USE=syslog and having a dep on openrc. The openrc dep was added because the init.d script uses start-stop-daemon's --wait option, which baselayout-1's s-s-d does not provide. The dep is thus correct, and I strongly feel we should not support system configurations that mix the stable and unstable branches of the tree. A mitigating circumstance might be that baselayout-2 and openrc will go stable soon.