[Buildroot] [PATCH v2] package/sshguard: new package

Angelo Compagnucci angelo at amarulasolutions.com
Tue Jul 16 19:56:52 UTC 2019 

sshguard protects hosts from brute-force attacks against SSH and other
services.

Signed-off-by: Angelo Compagnucci <angelo at amarulasolutions.com>
---
CHANGELOG:
v1->v2:
* Fixed license (suggested by Thomas)
* Fixed sysv script (suggested by Thomas)
* Moved from using git to use tarball

 DEVELOPERS                     |  1 +
 package/Config.in              |  1 +
 package/sshguard/Config.in     | 10 +++++++++
 package/sshguard/S39sshguard   | 50 ++++++++++++++++++++++++++++++++++++++++++
 package/sshguard/sshguard.hash |  3 +++
 package/sshguard/sshguard.mk   | 34 ++++++++++++++++++++++++++++
 6 files changed, 99 insertions(+)
 create mode 100644 package/sshguard/Config.in
 create mode 100644 package/sshguard/S39sshguard
 create mode 100644 package/sshguard/sshguard.hash
 create mode 100644 package/sshguard/sshguard.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 4ab4e36..61e11b5 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -175,6 +175,7 @@ F:	package/python-can/
 F:	package/python-pillow/
 F:	package/python-pydal/
 F:	package/python-web2py/
+F:	package/sshguard/
 F:	package/sysdig/
 
 N:	Anisse Astier <anisse at astier.eu>
diff --git a/package/Config.in b/package/Config.in
index 90dddfd..03b86f6 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2052,6 +2052,7 @@ endif
 	source "package/spice/Config.in"
 	source "package/spice-protocol/Config.in"
 	source "package/squid/Config.in"
+	source "package/sshguard/Config.in"
 	source "package/sshpass/Config.in"
 	source "package/sslh/Config.in"
 	source "package/strongswan/Config.in"
diff --git a/package/sshguard/Config.in b/package/sshguard/Config.in
new file mode 100644
index 0000000..6bf1800
--- /dev/null
+++ b/package/sshguard/Config.in
@@ -0,0 +1,10 @@
+config BR2_PACKAGE_SSHGUARD
+	bool "sshguard"
+	depends on BR2_PACKAGE_IPTABLES
+	help
+	  sshguard protects hosts from brute-force attacks against SSH and
+	  other services. It aggregates system logs and blocks repeat offenders
+	  using one of several firewall backends, including iptables, ipfw,
+	  and pf.
+
+	  https://www.sshguard.net
diff --git a/package/sshguard/S39sshguard b/package/sshguard/S39sshguard
new file mode 100644
index 0000000..d277b9a
--- /dev/null
+++ b/package/sshguard/S39sshguard
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+DAEMON="sshguard"
+PIDFILE="/var/run/$DAEMON.pid"
+
+start() {
+	printf 'Starting %s: ' "$DAEMON"
+	iptables -L sshguard > /dev/null 2>&1 || \
+	(iptables -N sshguard && \
+	iptables -A INPUT -j sshguard)
+	start-stop-daemon -S -q -b -p /run/sshguard.pid \
+		-x /usr/sbin/sshguard -- -i /run/sshguard.pid
+	status=$?
+	if [ "$status" -eq 0 ]; then
+		echo "OK"
+	else
+		echo "FAIL"
+	fi
+	return "$status"
+}
+
+stop() {
+	printf 'Stopping %s: ' "$DAEMON"
+	start-stop-daemon -K -q -p "$PIDFILE"
+	status=$?
+	if [ "$status" -eq 0 ]; then
+		rm -f "$PIDFILE"
+		echo "OK"
+	else
+		echo "FAIL"
+	fi
+	return "$status"
+}
+
+restart() {
+	stop
+	sleep 1
+	start
+}
+
+case "$1" in
+	start|stop|restart)
+		"$1";;
+	reload)
+		# Restart, since there is no true "reload" feature.
+		restart;;
+	*)
+		echo "Usage: $0 {start|stop|restart|reload}"
+		exit 1
+esac
diff --git a/package/sshguard/sshguard.hash b/package/sshguard/sshguard.hash
new file mode 100644
index 0000000..5b9a0f0
--- /dev/null
+++ b/package/sshguard/sshguard.hash
@@ -0,0 +1,3 @@
+# sha256 from https://sourceforge.net/projects/sshguard/files/sshguard/2.4.0/sshguard-2.4.0.sha256
+sha256  065ca4091b3a96802714b560dbbc3d9f0e67574e99e2b6e8857aa1027d17d6c0  sshguard-2.4.0.tar.gz
+sha256  c3ae64f12153a1bc55bc234d09f40a08ab0e0149fffc972c0b7f02d5a12c1a5c  COPYING
diff --git a/package/sshguard/sshguard.mk b/package/sshguard/sshguard.mk
new file mode 100644
index 0000000..1ec137e
--- /dev/null
+++ b/package/sshguard/sshguard.mk
@@ -0,0 +1,34 @@
+################################################################################
+#
+# sshguard
+#
+################################################################################
+
+SSHGUARD_VERSION = 2.4.0
+SSHGUARD_SOURCE = sshguard-$(SSHGUARD_VERSION).tar.gz
+SSHGUARD_SITE = https://sourceforge.net/projects/sshguard/files/sshguard/$(SSHGUARD_VERSION)
+SSHGUARD_LICENSE = MIT, X11, GPL-2.0+, Public Domain, ISC
+SSHGUARD_LICENSE_FILES = COPYING
+
+define SSHGUARD_INSTALL_CONFIG
+	$(INSTALL) -D -m 0644 $(@D)/examples/sshguard.conf.sample \
+		$(TARGET_DIR)/etc/sshguard.conf
+	$(SED) '/^#BACKEND/c\BACKEND="/usr/libexec/sshg-fw-iptables"' $(TARGET_DIR)/etc/sshguard.conf
+	$(SED) '/^#FILES/c\FILES="/var/log/messages"' $(TARGET_DIR)/etc/sshguard.conf
+endef
+SSHGUARD_POST_INSTALL_TARGET_HOOKS += SSHGUARD_INSTALL_CONFIG
+
+define SSHGUARD_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 755 package/sshguard/S39sshguard \
+		$(TARGET_DIR)/etc/init.d/S39sshguard
+endef
+
+define SSHGUARD_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 0644 $(@D)/examples/sshguard.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/sshguard.service
+	mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+	ln -fs ../../../../usr/lib/systemd/system/sshguard.service \
+		$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshguard.service
+endef
+
+$(eval $(autotools-package))
-- 
2.7.4

More information about the buildroot mailing list