Menu
▾
▴
Re: [Sshguard-users] Needed configuration file sshguard.conf for daemon script
|
From: Mij <mi...@ss...> - 2010-07-21 06:45:54
|
thanks!
On Jul 20, 2010, at 17:32 , Colin Keith wrote:
> I set this up on my setup:
>
> [/etc/sysconfig/sshguard]
> SSHGUARD_WHITELIST="-w /etc/sysconfig/sshguard_friends"
> # SSHGUARD_BLACKLIST="-b 40:/var/log/sshguard_blacklist"
> SSHGUARD_BLACKLIST=""
> SSHGUARD_LOGFILES="/var/log/ftp.log /var/log/secure /var/log/pop3.log"
> SSHGUARD_PIDFILES=""
> # SSHGUARD_PIDFILES="-f 100:/var/run/sshd.pid -f 310:/var/run/proftpd.pid"
>
> if [ "X$SSHGUARD_LOGFILES" != "X" ]; then
> for log in $SSHGUARD_LOGFILES;
> do
> SSHGUARD_OPTS="-l $log $SSHGUARD_OPTS";
> done
> fi
>
> SSHGUARD_OPTS="$SSHGUARD_OPTS $SSHGUARD_WHITELIST $SSHGUARD_BLACKLIST
> $SSHGUARD_PIDFILES"
>
>
> Then /etc/init.d/sshguard is a copy of some other init file that was
> tweaked. Feel free to borrow/copy/ignore as any one wants. It works
> for me it isn't guaranteed to work for anyone else. Of course it needs
> S* and K* symlinks in /etc/rc3.d/
>
> thor# ls -l /etc/rc3.d/*sshguard*
> lrwxrwxrwx 1 root root 20 Jun 3 10:27 /etc/rc3.d/K85sshguard ->
> /etc/init.d/sshguard
> lrwxrwxrwx 1 root root 18 Jun 19 2009 /etc/rc3.d/S11sshguard ->
> ../init.d/sshguard
>
>
> -------------------- [/etc/init.d/sshguard] ------------------
>
> #! /bin/bash
> # processname: sshguard
> # config: /etc/ssh/sshguard_config
> # pidfile: /var/run/sshguard.pid
>
> # Source function library.
> . /etc/init.d/functions
> . /etc/sysconfig/sshguard
>
> # See how we were called.
>
> prog="sshguard"
>
> start() {
> if [ ! -S $SOCK ]; then
> rm -f $SOCK
> mkfifo -m 0700 $SOCK
> fi
>
> echo -n $"Starting $prog: "
> /usr/local/sbin/sshguard $SSHGUARD_OPTS &
> RETVAL=$?
> echo
> [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshguard;
> return $RETVAL
> }
>
> stop() {
> echo -n $"Stopping $prog: "
> killproc sshguard
> RETVAL=$?
> echo
> [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshguard;
> return $RETVAL
> }
>
> restart() {
> stop
> start
> }
>
> case "$1" in
> start)
> start
> ;;
> stop)
> stop
> ;;
> restart)
> restart
> ;;
> reload)
> reload
> ;;
> status)
> rhstatus
> ;;
> condrestart)
> [ -f /var/lock/subsys/sshguard ] && restart || :
> ;;
> *)
> echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
> exit 1
> esac
>
> --------------------
>
>
> Colin.
>
> On Sun, Jul 4, 2010 at 7:07 PM, Mij <mi...@ss...> wrote:
>> I've been considering this. There are some thought holding it back, like
>> - one parser is already incumbent in the code, combining two parsers is some pain
>> - parsing has a terrible code/functionality ratio, it's a pity to deploy it for
>> something as ancillary as configuration files
>> - having configuration files would finally mark sshguard a "serious" daemon :)
>> rather than a tool
>>
>> I've found the "envdir" configuration style (that's "configuration directory"es rather than
>> files) tremendously lean and convenient from both the user and the programmer; how
>> would that fit in your daemon script frame?
>>
>>
>> On Jun 1, 2010, at 06:57 , Julián Moreno Patiño wrote:
>>
>>> Hi Mij,
>>>
>>> It would be nice to implement a configuration file sshguard.conf to enable options such as log sucker, whitelisting, blacklisting, port service and use them in different services (sshd, sendmail, exim, dovecot, etc), it's more easier and I can create more generic daemon script to Debian Distribution.
>>>
>>> Thank you very much, see you.
>>>
>>> Kind Regards,
>>>
>>> --
>>> Julián Moreno Patiño
>>> Registered GNU Linux User ID 488513
>>> PGP KEY ID 6168BF60
>>> ------------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Sshguard-users mailing list
>>> Ssh...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by Sprint
>> What will you do first with EVO, the first 4G phone?
>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
>> _______________________________________________
>> Sshguard-users mailing list
>> Ssh...@li...
>> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>>
>
>
>
> --
> Colin Keith
> Systems Administrator
> Hagen Software Inc.
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
