Menu
▾
▴
Re: [Sshguard-users] Needed configuration file sshguard.conf for daemon script
|
From: Colin K. <col...@gm...> - 2010-07-20 15:32:58
|
I set this up on my setup:
[/etc/sysconfig/sshguard]
SSHGUARD_WHITELIST="-w /etc/sysconfig/sshguard_friends"
# SSHGUARD_BLACKLIST="-b 40:/var/log/sshguard_blacklist"
SSHGUARD_BLACKLIST=""
SSHGUARD_LOGFILES="/var/log/ftp.log /var/log/secure /var/log/pop3.log"
SSHGUARD_PIDFILES=""
# SSHGUARD_PIDFILES="-f 100:/var/run/sshd.pid -f 310:/var/run/proftpd.pid"
if [ "X$SSHGUARD_LOGFILES" != "X" ]; then
for log in $SSHGUARD_LOGFILES;
do
SSHGUARD_OPTS="-l $log $SSHGUARD_OPTS";
done
fi
SSHGUARD_OPTS="$SSHGUARD_OPTS $SSHGUARD_WHITELIST $SSHGUARD_BLACKLIST
$SSHGUARD_PIDFILES"
Then /etc/init.d/sshguard is a copy of some other init file that was
tweaked. Feel free to borrow/copy/ignore as any one wants. It works
for me it isn't guaranteed to work for anyone else. Of course it needs
S* and K* symlinks in /etc/rc3.d/
thor# ls -l /etc/rc3.d/*sshguard*
lrwxrwxrwx 1 root root 20 Jun 3 10:27 /etc/rc3.d/K85sshguard ->
/etc/init.d/sshguard
lrwxrwxrwx 1 root root 18 Jun 19 2009 /etc/rc3.d/S11sshguard ->
../init.d/sshguard
-------------------- [/etc/init.d/sshguard] ------------------
#! /bin/bash
# processname: sshguard
# config: /etc/ssh/sshguard_config
# pidfile: /var/run/sshguard.pid
# Source function library.
. /etc/init.d/functions
. /etc/sysconfig/sshguard
# See how we were called.
prog="sshguard"
start() {
if [ ! -S $SOCK ]; then
rm -f $SOCK
mkfifo -m 0700 $SOCK
fi
echo -n $"Starting $prog: "
/usr/local/sbin/sshguard $SSHGUARD_OPTS &
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshguard;
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc sshguard
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshguard;
return $RETVAL
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/sshguard ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
exit 1
esac
--------------------
Colin.
On Sun, Jul 4, 2010 at 7:07 PM, Mij <mi...@ss...> wrote:
> I've been considering this. There are some thought holding it back, like
> - one parser is already incumbent in the code, combining two parsers is some pain
> - parsing has a terrible code/functionality ratio, it's a pity to deploy it for
> something as ancillary as configuration files
> - having configuration files would finally mark sshguard a "serious" daemon :)
> rather than a tool
>
> I've found the "envdir" configuration style (that's "configuration directory"es rather than
> files) tremendously lean and convenient from both the user and the programmer; how
> would that fit in your daemon script frame?
>
>
> On Jun 1, 2010, at 06:57 , Julián Moreno Patiño wrote:
>
>> Hi Mij,
>>
>> It would be nice to implement a configuration file sshguard.conf to enable options such as log sucker, whitelisting, blacklisting, port service and use them in different services (sshd, sendmail, exim, dovecot, etc), it's more easier and I can create more generic daemon script to Debian Distribution.
>>
>> Thank you very much, see you.
>>
>> Kind Regards,
>>
>> --
>> Julián Moreno Patiño
>> Registered GNU Linux User ID 488513
>> PGP KEY ID 6168BF60
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> Sshguard-users mailing list
>> Ssh...@li...
>> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
--
Colin Keith
Systems Administrator
Hagen Software Inc.
|
