diff options
| author | Daniel Ehlers <sargon@toppoint.de> | 2017-03-07 16:50:33 +0100 |
|---|---|---|
| committer | Daniel Ehlers <danielehlers@mindeye.net> | 2017-03-26 14:46:22 +0200 |
| commit | 20a5b5beadeffa7a8c1a5f1f7520db560247305f (patch) | |
| tree | 7593e5286d4de83cd5cf63465da97dc1a092bdd3 /pkgs/tools/security/sshguard | |
| parent | 0a7673d2029ef69175b8e3ce41677965edde371b (diff) | |
| download | nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar.gz nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar.bz2 nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar.lz nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar.xz nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.tar.zst nixlib-20a5b5beadeffa7a8c1a5f1f7520db560247305f.zip | |
sshguard: new package
Diffstat (limited to 'pkgs/tools/security/sshguard')
| -rw-r--r-- | pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch | 27 | ||||
| -rw-r--r-- | pkgs/tools/security/sshguard/default.nix | 32 |
2 files changed, 59 insertions, 0 deletions
diff --git a/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch b/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch new file mode 100644 index 000000000000..f1233a04b7a6 --- /dev/null +++ b/pkgs/tools/security/sshguard/0001-Remove-the-unnecessary-from-ipset-cmds.patch @@ -0,0 +1,27 @@ +From 11f0d238d3149c31c4440b8f6a58fe6a00b82d3a Mon Sep 17 00:00:00 2001 +From: Daniel Aleksandersen <code@daniel.priv.no> +Date: Mon, 13 Mar 2017 16:29:33 +0100 +Subject: [PATCH 1/3] Remove the unnecessary = from ipset cmds + +--- + src/fw/sshg-fw-ipset.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/fw/sshg-fw-ipset.sh b/src/fw/sshg-fw-ipset.sh +index 510bc2c..dc7f86b 100644 +--- a/src/fw/sshg-fw-ipset.sh ++++ b/src/fw/sshg-fw-ipset.sh +@@ -3,8 +3,8 @@ + # This file is part of SSHGuard. + + fw_init() { +- ipset -quiet create -exist sshguard4 hash:ip family=inet +- ipset -quiet create -exist sshguard6 hash:ip family=inet6 ++ ipset -quiet create -exist sshguard4 hash:ip family inet ++ ipset -quiet create -exist sshguard6 hash:ip family inet6 + } + + fw_block() { +-- +2.10.0 + diff --git a/pkgs/tools/security/sshguard/default.nix b/pkgs/tools/security/sshguard/default.nix new file mode 100644 index 000000000000..bb165e53c73d --- /dev/null +++ b/pkgs/tools/security/sshguard/default.nix @@ -0,0 +1,32 @@ +{ stdenv, fetchurl, autoreconfHook, yacc, flex}: + + +stdenv.mkDerivation rec { + version = "2.0.0"; + name = "sshguard-${version}"; + + src = fetchurl { + url = "mirror://sourceforge/sshguard/sshguard-2.0.0.tar.gz"; + sha256 = "e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06"; + }; + + doCheck = true; + + nativeBuildInputs = [ autoreconfHook yacc flex ]; + + configureFlags = [ "--sysconfdir=/etc" ]; + + patches = [ ./0001-Remove-the-unnecessary-from-ipset-cmds.patch ]; + + meta = with stdenv.lib; { + description = "SSHGuard protects hosts from brute-force attacks"; + longDescription = '' + SSHGuard can read log messages from various input sources. Log messages are parsed, line-by-line, for recognized patterns. + If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. + ''; + homepage = https://sshguard.net; + license = licenses.bsd3; + maintainers = with maintainers; [ sargon ]; + platforms = with platforms; linux ++ darwin ++ freebsd ++ netbsd ++ openbsd; + }; +} |