Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
%define debug_packages %{nil}
%define debug_package %{nil}
%define name sshguard
%define ver 1.4rc4
%define rel 1
%define _docdir /usr/local/share/doc
%define _mandir /usr/local/share/man
%define _bindir /usr/local/bin
%define _sbindir /usr/local/sbin
Name: %{name}
Summary: %{name}, an iptables-based SSH-port blocker
Version: %{ver}
Release: %{rel}
License: GPL
Group: Utilities/System
Source0: %{name}-%{ver}.tar.bz2
Prereq: /sbin/iptables
Provides: %{name}
Vendor: mij@bitchx.it
URL: http://sshguard.sourceforge.net
BuildRoot: %{_tmppath}/%{name}-%{version}
%description
%{name} is an iptables-based SSH-port blocker.
%prep
%setup -n %{name}-%{ver}
%build
%configure --with-firewall=iptables
make
%install
if [ "$RPM_BUILD_ROOT" = "%{_tmppath}/%{name}-%{version}" ]; then
rm -rf $RPM_BUILD_ROOT; make DESTDIR=$RPM_BUILD_ROOT install
else
echo "Invalid Build root "${RPM_BUILD_ROOT}"."; exit 1
fi
%clean
if [ "$RPM_BUILD_ROOT" = "%{_tmppath}/%{name}-%{version}" ]; then
rm -rf $RPM_BUILD_ROOT
else
echo "Invalid Build root "${RPM_BUILD_ROOT}"."; exit 1
fi
%postun
if [ "$1" = "0" ]; then
if [ `/sbin/iptables -n -L %{name}|wc -l)` -ne 0 ]; then
echo "iptables chain %{name} still contains rules."
echo "Please review, remove chain and contents manually."
fi
fi
%files
%defattr(-,root,root)
%doc examples/* scripts/* README Changes
%attr(755,root,root) %{_sbindir}/%{name}
%attr(644,root,root) %{_mandir}/man8/%{name}.8
%changelog
* Sat Jun 12 2009 unSpawn -
- Create minimal .spec.
then tried three options: syslog pipe, FIFO and tailing a logfile.
The syslog pipe needs
Code:
module sshguard 1.0;
require {
type syslogd_t;
type sbin_t;
class dir search;
class file { read write ioctl };
}
#============= syslogd_t ==============
allow syslogd_t sbin_t:dir search;
allow syslogd_t sbin_t:file { read write ioctl };
but still fails to work as the pipe dies w/o debug output.
FIFO and tail work OK but when you use a FIFO as the docs suggest no auth* messages will end up in the syslog.conf configured logfile, and loss of auditing caps leaves only tailing a logfile as input method.
[EDIT]
Since you were the first to note problems with the package I'd like to add the developer has a user mailing list at http://lists.sourceforge.net/lists/l...sshguard-users, so please feel free to at least tell him it's not working as advertised. Thanks in advance.
[/EDIT]
Last edited by unSpawn; 06-13-2009 at 07:51 AM.
Reason: Add developer FUP
Unfortunately, I was working with a production box so I can't use it as a test case to help developer fix the problem. If you have time to provide him additional details, please send the message. I should have time next week to set up a virtual machine to play with SSHGuard and I will then reply to or start the discussion on the mailing list.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.