Menu
▾
▴
sshguard-maintainers
|
From: Kevin Z. <kev...@gm...> - 2016-01-02 01:36:25
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Greetings,
I am pleased to announce the release of SSHGuard 1.6.3 [1]. This
release brings stability and usability improvements, along with many
bug fixes and documentation updates. Highlights in this release include:
- Add sample systemd(8) unit file
- Disable blacklisting by default
- Fix `pfctl` command syntax with OpenBSD 5.8
- Implement logging as wrappers around syslog(2)
- Improve log and error messages
- Match sendmail authentication failures
- Remove PID file option
- Remove SIGTSTP and SIGCONT handler
- Remove reverse mapping attack signature
- Remove safe_fgets() and exit on interrupt
- Terminate state entries for hosts blocked with pf
- Update and shorten command-line usage
- Use 'configure' to set feature-test macros
As usual, please report any bugs, build failures, or other issues to
the mailing list or the Bitbucket tracker [2].
Happy 2016,
Kevin
[1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.3/
[2] https://bitbucket.org/sshguard/sshguard/issues/
- --
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWhymOAAoJEOrPD3bCLhCQoEUIAI9lPTjbJ7WQ1dx/AQc8qLoL
dzbt3ZfxhC2QQLLU1OWYtrn3JVaVWSE3lm0+n9HPXfEDzxlU+e7h3wINFQWzFzfs
haVcbgAhIzKZgie0SMx2zwCJIIyLDdXOHEUc/gh2ribh15Wo8FmfsMfh2jg48yf4
j8dvVnw4NuTlQcRMlVcadtKFrz7dGsFOXuJPnrE+cePhyOl3k1FtHFdtx+5hz9QQ
RUuNPblOLy/ozstSfn7hC78UwVPxr3s+ULiNDeA4UoPmZRzGq2V7AdansuQossJk
mJ8KxK5Qb7lJr5j1oHC6XoGB1mFkGxC9A8GWxZRxw1iYuVwtUMJQEgV0gAPhO+A=
=bCg1
-----END PGP SIGNATURE-----
|
|
From: Mark F. <fe...@Fr...> - 2016-01-04 18:13:10
|
On Fri, Jan 1, 2016, at 19:36, Kevin Zheng wrote: > > - Fix `pfctl` command syntax with OpenBSD 5.8 Does this in any way affect pf on FreeBSD? > - Remove PID file option ... Why? The rc scripts on FreeBSD heavily rely on pidfiles. It ensures that the process name and pidfile contents match what it finds in the process list to be sure it's not going to kill the wrong process. I can alter sshguard's rc script to launch via daemon(8) so I can get a pidfile again, but that seems silly. -- Mark Felder ports-secteam member fe...@Fr... |
|
From: Kevin Z. <kev...@gm...> - 2016-01-04 20:33:32
|
On 01/04/2016 12:13, Mark Felder wrote: >> - Fix `pfctl` command syntax with OpenBSD 5.8 > > Does this in any way affect pf on FreeBSD? No. This patch simply changes the order of the flags on the command line to match the order documented in the `pf` man page, which is the same on both FreeBSD and OpenBSD. OpenBSD 5.8 stopped accepting the flags in the wrong order, but the right order works on both. >> - Remove PID file option > > ... Why? The rc scripts on FreeBSD heavily rely on pidfiles. It ensures > that the process name and pidfile contents match what it finds in the > process list to be sure it's not going to kill the wrong process. I can > alter sshguard's rc script to launch via daemon(8) so I can get a > pidfile again, but that seems silly. I removed it thinking that I was duplicating what daemon(8) does. The original PID file code did not properly lock the PID file, so I thought to delegate to daemon(8) instead of rolling my own pidfile(3). Best, Kevin -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Willem J. W. <wj...@di...> - 2016-01-04 22:36:29
|
On 01/04/2016 12:13, Mark Felder wrote: On 4-1-2016 21:33, Kevin Zheng wrote: >>> - Remove PID file option >> >> ... Why? The rc scripts on FreeBSD heavily rely on pidfiles. It ensures >> that the process name and pidfile contents match what it finds in the >> process list to be sure it's not going to kill the wrong process. I can >> alter sshguard's rc script to launch via daemon(8) so I can get a >> pidfile again, but that seems silly. > > I removed it thinking that I was duplicating what daemon(8) does. The > original PID file code did not properly lock the PID file, so I thought > to delegate to daemon(8) instead of rolling my own pidfile(3). I did not have time to react to the release notes before, but I have to concur with Mark that it is a pitty that this feature was removed. Does not make FreeBSD life much easier. And I'm not sure that the PIDfile needs to be locked. Why should it be? --WjW |
|
From: Kevin Z. <kev...@gm...> - 2016-01-04 23:00:59
|
On 01/04/2016 16:19, Willem Jan Withagen wrote: > I did not have time to react to the release notes before, but I have to > concur with Mark that it is a pitty that this feature was removed. > Does not make FreeBSD life much easier. > > And I'm not sure that the PIDfile needs to be locked. > Why should it be? To prevent a second process from starting if one is already running. I believe daemon(8) accomplishes this using pidfile(3). Granted, the '-i' option is probably only used by init daemons, in which case the existence of the file is checked before anything is started, so this is really a non-issue. If this option makes things substantially easier, I can resurrect it. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Willem J. W. <wj...@di...> - 2016-01-05 09:02:58
|
On 5-1-2016 00:00, Kevin Zheng wrote: > On 01/04/2016 16:19, Willem Jan Withagen wrote: >> I did not have time to react to the release notes before, but I have to >> concur with Mark that it is a pitty that this feature was removed. >> Does not make FreeBSD life much easier. >> >> And I'm not sure that the PIDfile needs to be locked. >> Why should it be? > > To prevent a second process from starting if one is already running. I > believe daemon(8) accomplishes this using pidfile(3). > > Granted, the '-i' option is probably only used by init daemons, in which > case the existence of the file is checked before anything is started, so > this is really a non-issue. > > If this option makes things substantially easier, I can resurrect it. I cannot speak for everybody, but it would allow for sshguard to get the "standard" rc.d script treatment. Which is well known, and straight forward. Going thru deamon just is a bit more convoluted and uses more resources. So if it is not a great pain, I think it is appreciated. --WjW |
|
From: Kevin Z. <kev...@gm...> - 2016-01-08 02:43:03
|
On 01/05/2016 03:02, Willem Jan Withagen wrote: > I cannot speak for everybody, but it would allow for sshguard to get the > "standard" rc.d script treatment. Which is well known, and straight forward. > Going thru deamon just is a bit more convoluted and uses more resources. > > So if it is not a great pain, I think it is appreciated. This option was resurrected in 9b94e0f and is available from 'master'. Note that this option functions as it did before; it does not use pidfile(3) and therefore doesn't check the PID file before starting. Sorry for the trouble of taking it out in the first place. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
|
From: Willem J. W. <wj...@di...> - 2016-01-08 08:18:59
|
On 8-1-2016 03:42, Kevin Zheng wrote: > On 01/05/2016 03:02, Willem Jan Withagen wrote: >> I cannot speak for everybody, but it would allow for sshguard to get the >> "standard" rc.d script treatment. Which is well known, and straight forward. >> Going thru deamon just is a bit more convoluted and uses more resources. >> >> So if it is not a great pain, I think it is appreciated. > > This option was resurrected in 9b94e0f and is available from 'master'. > Note that this option functions as it did before; it does not use > pidfile(3) and therefore doesn't check the PID file before starting. > > Sorry for the trouble of taking it out in the first place. Thanx Kevin. And just in case nobody else said it: I really appreciate the work you are doing for this project. --WjW |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X