From dcb1a4b46061163259cd91f8569606e1c68cb8a8 Mon Sep 17 00:00:00 2001 From: David Holm Date: Tue, 15 Jan 2013 20:47:23 +0100 Subject: sshguard: fixes to run on 10.7+ Closes #17100. Signed-off-by: Jack Nagel --- Library/Formula/sshguard.rb | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) (limited to 'Library') diff --git a/Library/Formula/sshguard.rb b/Library/Formula/sshguard.rb index 52de534dc..6a8f848a1 100644 --- a/Library/Formula/sshguard.rb +++ b/Library/Formula/sshguard.rb @@ -13,15 +13,37 @@ class Sshguard < Formula end def install - system "./configure", "--disable-debug", "--disable-dependency-tracking", + system "./configure", "--disable-debug", + "--disable-dependency-tracking", "--prefix=#{prefix}", - "--with-firewall=ipfw" + "--with-firewall=#{firewall}" system "make install" end + def firewall + MacOS.version >= :lion ? "pf" : "ipfw" + end + + def log_path + MacOS.version >= :lion ? "/var/log/system.log" : "/var/log/secure.log" + end + + def caveats + if MacOS.version >= :lion then <<-EOS.undent + Add the following lines to /etc/pf.conf to block entries in the sshguard + table (replace $ext_if with your WAN interface): + + table persist + block in quick on $ext_if proto tcp from any to any port 22 label "ssh bruteforce" + + Then run sudo pfctl -f /etc/pf.conf to reload the rules. + EOS + end + end + plist_options :startup => true - def plist; <<-EOS + def plist; <<-EOS.undent @@ -34,7 +56,7 @@ class Sshguard < Formula #{opt_prefix}/sbin/sshguard -l - /var/log/secure.log + #{log_path} RunAtLoad -- cgit v1.2.3