homebrew-core/Formula/sshguard.rb

76 lines
2.2 KiB
Ruby

class Sshguard < Formula
desc "Protect from brute force attacks against SSH"
homepage "http://www.sshguard.net/"
url "https://downloads.sourceforge.net/project/sshguard/sshguard/1.7.1/sshguard-1.7.1.tar.gz"
sha256 "2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195"
version_scheme 1
bottle do
rebuild 2
sha256 "53632d2d0342927a1a7f03333db69ba4c48959d06397588485c170839530711f" => :sierra
sha256 "66170f748cb7f94d4d6f85b6e9a5caca4dfba074641587614c948f1feccf4031" => :el_capitan
sha256 "ac7d61e2bf2adb13185b55c5afdc8647c3842328b8ec379995acdfa99105f46c" => :yosemite
end
depends_on "automake" => :build
depends_on "autoconf" => :build
def install
system "./configure", "--disable-debug",
"--disable-dependency-tracking",
"--disable-silent-rules",
"--prefix=#{prefix}",
"--with-firewall=#{firewall}"
system "make", "install"
end
def firewall
MacOS.version >= :lion ? "pf" : "ipfw"
end
def log_path
MacOS.version >= :lion ? "/var/log/system.log" : "/var/log/secure.log"
end
def caveats
if MacOS.version >= :lion then <<-EOS.undent
Add the following lines to /etc/pf.conf to block entries in the sshguard
table (replace $ext_if with your WAN interface):
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
Then run sudo pfctl -f /etc/pf.conf to reload the rules.
EOS
end
end
plist_options :startup => true
def plist; <<-EOS.undent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>#{plist_name}</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>#{opt_sbin}/sshguard</string>
<string>-l</string>
<string>#{log_path}</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOS
end
test do
assert_match version.to_s, shell_output("#{sbin}/sshguard -v 2>&1", 64)
end
end