[oe] [meta-networking][PATCH] sshguard 1.6.1+git: add recipe

Joe MacDonald Joe_MacDonald at mentor.com
Fri Sep 11 18:57:45 UTC 2015 

[Re: [oe] [meta-networking][PATCH] sshguard 1.6.1+git: add recipe] On 15.09.11 (Fri 20:20) Koen Kooi wrote:

> 
> > Op 11 sep. 2015, om 19:46 heeft Joe MacDonald <Joe_MacDonald at mentor.com> het volgende geschreven:
> > 
> > I had the following build failure when I merged this:
> > 
> >   sshguard_whitelist.c:350:87: error: dereferencing pointer to incomplete type 'struct addrinfo'
> >        for (numaddresses = 0, addriter = hostaddrs; addriter != NULL; addriter = addriter->ai_next, ++numaddresses) {
> > 
> > 
> > I put the contents of the logfile here:
> > 
> >   http://pastebin.com/g1dCJcGY
> > 
> > Can you take a look at this?
> 
> Certainly, thanks for the report! I’ll be away for the next 2 weeks, so don’t hold your breath :)

No problem, thanks for the quick follow-up!

Thanks,
-J.

> 
> > 
> > Thanks,
> > -J.
> > 
> > [[oe] [meta-networking][PATCH] sshguard 1.6.1+git: add recipe] On 15.09.03 (Thu 19:39) Koen Kooi wrote:
> > 
> >> SSHguard protects hosts from brute-force attacks against SSH and other
> >> services.
> >> 
> >> This recipe uses iptables as blocker backend and journald as log backend.
> >> 
> >> When it's working it will look like this in syslog:
> >> 
> >> Sep 03 19:35:29 soekris sshguard[27044]: Started with danger threshold=40 ; minimum block=420 seconds
> >> Sep 03 19:35:29 soekris sshguard[27044]: Blocking 24.234.171.90:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
> >> Sep 03 19:35:29 soekris sshguard[27044]: Blocking 61.182.15.194:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
> >> Sep 03 19:35:29 soekris sshguard[27044]: Blocking 115.58.38.53:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
> >> 
> >> And the iptable rules:
> >> 
> >> root at soekris:~# iptables -L sshguard --line-numbers
> >> Chain sshguard (1 references)
> >> num  target     prot opt source               destination
> >> 1    DROP       all  --  hn.kd.ny.adsl        anywhere
> >> 2    DROP       all  --  61.182.15.194        anywhere
> >> 3    DROP       all  --  wsip-24-234-171-90.lv.lv.cox.net  anywhere
> >> 
> >> Signed-off-by: Koen Kooi <koen at dominion.thruhere.net>
> >> ---
> >> .../recipes-support/sshguard/sshguard/firewall     | 48 ++++++++++++++++++++++
> >> .../sshguard/sshguard/sshguard-journalctl          |  2 +
> >> .../sshguard/sshguard/sshguard.service             | 12 ++++++
> >> .../recipes-support/sshguard/sshguard_git.bb       | 38 +++++++++++++++++
> >> 4 files changed, 100 insertions(+)
> >> create mode 100644 meta-networking/recipes-support/sshguard/sshguard/firewall
> >> create mode 100644 meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl
> >> create mode 100644 meta-networking/recipes-support/sshguard/sshguard/sshguard.service
> >> create mode 100644 meta-networking/recipes-support/sshguard/sshguard_git.bb
> >> 
> >> diff --git a/meta-networking/recipes-support/sshguard/sshguard/firewall b/meta-networking/recipes-support/sshguard/sshguard/firewall
> >> new file mode 100644
> >> index 0000000..b683368
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-support/sshguard/sshguard/firewall
> >> @@ -0,0 +1,48 @@
> >> +#!/bin/sh
> >> +
> >> +#
> >> +# Function that enables firewall
> >> +#
> >> +do_enable_firewall()
> >> +{
> >> +	# creating sshguard chain
> >> +	iptables -N sshguard 2> /dev/null
> >> +	ip6tables -N sshguard 2> /dev/null
> >> +	# block traffic from abusers
> >> +	iptables -I INPUT -j sshguard 2> /dev/null
> >> +	ip6tables -I INPUT -j sshguard 2> /dev/null
> >> +}
> >> +#
> >> +# Function that disables firewall
> >> +#
> >> +do_disable_firewall()
> >> +{
> >> +	# flushes list of abusers
> >> +	iptables -F sshguard 2> /dev/null
> >> +	ip6tables -F sshguard 2> /dev/null
> >> +	# removes sshguard firewall rules
> >> +	iptables -D INPUT -j sshguard 2> /dev/null
> >> +	ip6tables -D INPUT -j sshguard 2> /dev/null
> >> +	# removing sshguard chain
> >> +	iptables -X sshguard 2> /dev/null
> >> +	ip6tables -X sshguard 2> /dev/null
> >> +}
> >> +
> >> +case "$1" in
> >> +    enable)
> >> +	do_enable_firewall
> >> +	;;
> >> +    disable)
> >> +	do_disable_firewall
> >> +	;;
> >> +    restart)
> >> +	do_disable_firewall
> >> +	do_enable_firewall
> >> +	;;
> >> +    *)
> >> +	exit 1
> >> +	;;
> >> +esac
> >> +	
> >> +exit 0
> >> +
> >> diff --git a/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl
> >> new file mode 100644
> >> index 0000000..e7c615b
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl
> >> @@ -0,0 +1,2 @@
> >> +#!/bin/sh
> >> +/bin/journalctl -fb -t sshd -n100 | /usr/sbin/sshguard -l- "$@"
> >> diff --git a/meta-networking/recipes-support/sshguard/sshguard/sshguard.service b/meta-networking/recipes-support/sshguard/sshguard/sshguard.service
> >> new file mode 100644
> >> index 0000000..e2590fa
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-support/sshguard/sshguard/sshguard.service
> >> @@ -0,0 +1,12 @@
> >> +[Unit]
> >> +Description=SSHGuard
> >> +After=network.service
> >> +
> >> +[Service]
> >> +PIDFile=/run/sshguard.pid
> >> +ExecStartPre=/usr/lib/sshguard/firewall enable
> >> +ExecStopPost=/usr/lib/sshguard/firewall disable
> >> +ExecStart=/usr/lib/sshguard/sshguard-journalctl -i /run/sshguard.pid
> >> +
> >> +[Install]
> >> +WantedBy=multi-user.target
> >> diff --git a/meta-networking/recipes-support/sshguard/sshguard_git.bb b/meta-networking/recipes-support/sshguard/sshguard_git.bb
> >> new file mode 100644
> >> index 0000000..04435e8
> >> --- /dev/null
> >> +++ b/meta-networking/recipes-support/sshguard/sshguard_git.bb
> >> @@ -0,0 +1,38 @@
> >> +SUMMARY = "SSHguard protects hosts from brute-force attacks against SSH and other services."
> >> +
> >> +LICENSE = "ISC"
> >> +LIC_FILES_CHKSUM = "file://COPYING;md5=47a33fc98cd20713882c4d822a57bf4d"
> >> +
> >> +PV = "1.6.1+git${SRCPV}"
> >> +
> >> +SRCREV = "019a0406811a536faf3f90cdd7a0a538ee24d789"
> >> +SRC_URI = "git://bitbucket.org/sshguard/sshguard.git;protocol=https;branch=1.6 \
> >> +           file://firewall \
> >> +           file://sshguard.service \
> >> +           file://sshguard-journalctl \
> >> +          "
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +DEPENDS = "flex-native"
> >> +
> >> +inherit autotools-brokensep systemd
> >> +
> >> +EXTRA_OECONF += " --with-firewall=iptables \
> >> +                  --with-iptables=${sbindir}/iptables \
> >> +                "
> >> +
> >> +do_install_append() {
> >> +    install -d ${D}${libdir}/sshguard
> >> +    install -m 0755 ${WORKDIR}/firewall ${D}${libdir}/sshguard
> >> +    install -m 0755 ${WORKDIR}/sshguard-journalctl ${D}${libdir}/sshguard
> >> +
> >> +    sed -i -e s:/bin:${base_bindir}:g -e s:/usr/sbin:${sbindir}:g ${D}${libdir}/sshguard/sshguard-journalctl
> >> +
> >> +    install -d ${D}${systemd_unitdir}/system
> >> +    install -m 0644 ${WORKDIR}/sshguard.service ${D}${systemd_unitdir}/system
> >> +    sed -i -e s:/usr/lib:${libdir}:g ${D}${systemd_unitdir}/system/sshguard.service 
> >> +}
> >> +
> >> +FILES_${PN} += "${systemd_unitdir}"
> >> +RDEPENDS_${PN} += "iptables"
> >> -- 
> >> 2.0.1
> >> 
> > -- 
> > -Joe MacDonald.
> > :wq
> 

-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20150911/cee0a92c/attachment-0002.sig>

More information about the Openembedded-devel mailing list