Browse Source

New upstream version 2.2.0

suites/unstable
Julián Moreno Patiño 3 years ago
parent
commit
0edaaae47f
  1. 111
      CHANGELOG.rst
  2. 84
      CONTRIBUTING.rst
  3. 65
      INSTALL.rst
  4. 10
      Makefile.am
  5. 151
      Makefile.in
  6. 46
      README.rst
  7. 231
      aclocal.m4
  8. 4
      ar-lib
  9. 13
      compile
  10. 563
      configure
  11. 78
      configure.ac
  12. 10
      depcomp
  13. BIN
      doc/.developers.rst.swp
  14. 53
      doc/developers.rst
  15. 360
      doc/sshguard-setup.7
  16. 120
      doc/sshguard-setup.7.rst
  17. 297
      doc/sshguard.8
  18. 227
      doc/sshguard.8.rst
  19. 7
      examples/net.sshguard.plist
  20. 51
      examples/sshguard.conf.sample
  21. 4
      examples/sshguard.service
  22. 47
      install-sh
  23. 16
      missing
  24. 59
      src/Makefile.am
  25. 568
      src/Makefile.in
  26. 19
      src/blocker/Makefile.am
  27. 642
      src/blocker/Makefile.in
  28. 31
      src/blocker/attack.c
  29. 243
      src/blocker/blocker.c
  30. 137
      src/blocker/blocklist.c
  31. 13
      src/blocker/blocklist.h
  32. 0
      src/blocker/fnv.h
  33. 0
      src/blocker/hash_32a.c
  34. 8
      src/blocker/sshguard_blacklist.c
  35. 5
      src/blocker/sshguard_blacklist.h
  36. 16
      src/blocker/sshguard_log.h
  37. 52
      src/blocker/sshguard_options.c
  38. 8
      src/blocker/sshguard_options.h
  39. 2
      src/blocker/sshguard_whitelist.c
  40. 5
      src/blocker/sshguard_whitelist.h
  41. 5
      src/common/address.h
  42. 14
      src/common/attack.h
  43. 20
      src/common/config.h.in
  44. 26
      src/common/sandbox.h
  45. 0
      src/common/simclist.c
  46. 0
      src/common/simclist.h
  47. 30
      src/fw/Makefile.am
  48. 690
      src/fw/Makefile.in
  49. 7
      src/fw/fw.h
  50. 120
      src/fw/hosts.c
  51. 31
      src/fw/sshg-fw-firewalld.sh
  52. 36
      src/fw/sshg-fw-ipfilter.sh
  53. 27
      src/fw/sshg-fw-ipfw.sh
  54. 25
      src/fw/sshg-fw-ipset.sh
  55. 8
      src/fw/sshg-fw-iptables.sh
  56. 56
      src/fw/sshg-fw-nft-sets.sh
  57. 8
      src/fw/sshg-fw-null.sh
  58. 8
      src/fw/sshg-fw-pf.sh
  59. 32
      src/fw/sshg-fw.in
  60. 73
      src/fwalls/fw.c
  61. 21
      src/fwalls/ipfw.sh
  62. 37
      src/fwalls/sshg-fw.in
  63. 19
      src/parser/Makefile.am
  64. 1010
      src/parser/Makefile.in
  65. 26
      src/parser/attack.c
  66. 2487
      src/parser/attack_parser.c
  67. 293
      src/parser/attack_parser.h
  68. 196
      src/parser/attack_parser.y
  69. 133226
      src/parser/attack_scanner.c
  70. 119
      src/parser/attack_scanner.l
  71. 142
      src/parser/parser.c
  72. 9
      src/parser/parser.h
  73. 49
      src/parser/sshg_parser.c
  74. 2
      src/parser/test-sshg-parser
  75. 365
      src/parser/tests.txt
  76. 32
      src/sshguard.h
  77. 99
      src/sshguard.in
  78. 41
      src/sshguard_log.c
  79. 304
      src/sshguard_logsuck.c
  80. 59
      src/sshguard_logsuck.h
  81. 225
      src/sshguard_procauth.c
  82. 52
      src/sshguard_procauth.h
  83. 651
      tap-driver.sh
  84. 148
      test-driver
  85. 10
      ylwrap

111
CHANGELOG.rst

@ -10,13 +10,90 @@ un-deprecated, contact the project mailing list.
.. contents::
1.7.1
2.2.0
=====
**Added**
- Add '--disable-maintainer-mode' in configure for package maintainers
- BusyBox log banner detection
- Match Exim "auth mechanism not supported"
- Match Exim "auth when not advertised"
- Match Postfix greylist early retry
- OpenSMTPD monitoring support
- Recognize IPv6 addresses with interface name
**Changed**
- Ignore CR in addition to LF
- Only log attacks if not already blocked or whitelisted
**Fixed**
- Use correct signal names in driver shell script
2.1.0
=====
2017-10-08
**Added**
- Add **nftables** backend
- Add monitoring support for new service: Cockpit, Linux server dashboard
- Match "maximum authentication attempts" for SSH
- Match Debian-style "Failed password for invalid user" for SSH
- Add monitoring support for new service: Common webserver probes, in Common Log Format
- Match 'Disconnecting invalid user' for SSH
- Add monitoring support for new service: WordPress, in Common Log Format
- Add monitoring support for new service: SSHGuard
- Firewall backends now support blocking subnets.
- Add new IPV6_SUBNET and IPV4_SUBNET configuration options. Defaults to traditional single-address blocking.
- Add monitoring support for new service: OpenSMTPD
**Changed**
- Log whitelist matches with higher priority
**Fixed**
- Match port number in "invalid user" attack
- FirewallD backend reloads firewall configuration less often.
2.0.0
=====
October 2016
2017-03-06
**Added**
- Add sample Mac OS X 10.12 style launchd.plist
- Add **firewalld** backend
- Add **ipset** backend
- Annotate logs using **-a** flag to **sshg-parser**
- Match "no matching cipher" for SSH
- Preliminary support for Capsicum and pledge()
- Resurrect **ipfilter** backend
- Support reading from os_log on macOS 10.12 and systemd journal
**Changed**
- Add warning when reading from standard input
- Build and install all backends by default
- Improve log messages and tweak logging priorities
- Runtime flags now configurable in the configuration file
- SSHGuard *requires* a configuration file to start
**Removed**
- Remove process validation (**-f** option)
**Fixed**
- Fix **ipfw** backend on FreeBSD 11
- Fix initial block time
- Update Dovecot pattern for macOS
- Use standard score for Sendmail auth attack
1.7.1
=====
2016-10-25
**Changed**
@ -36,7 +113,7 @@ October 2016
1.7.0
=====
August 2016
2016-08-08
**Added**
@ -64,7 +141,7 @@ August 2016
1.6.4
=====
April 2016
2016-04-28
- Match Postfix pre-authentication disconnects
- Fix bashisms in iptables backend
@ -78,7 +155,7 @@ April 2016
1.6.3
=====
January 2016
2016-01-04
- Add sample systemd(8) unit file
- Disable blacklisting by default
@ -96,7 +173,7 @@ January 2016
1.6.2
=====
October 2015
2015-10-12
- Make '-w' option backwards-compatible for iptables (James Harris)
- Remove support for ip6fw and 'ipfw-range' option
@ -104,7 +181,7 @@ October 2015
1.6.1
=====
July 2015
2015-07-20
- Accept "Received disconnect" with optional prefix
- Add support for socklog entries
@ -115,7 +192,7 @@ July 2015
1.6.0
=====
May 2015
2015-05-02
- Add rules for Postfix SASL login attempts
- Add support for ISO 8601 timestamps (David Caldwell)
@ -137,7 +214,7 @@ May 2015
1.5
===
Feb 2011
2011-02-10
- logsucker: sshguard polls multiple log files at once
- recognize syslog's "last message repeated N times" contextually and per-source
@ -159,7 +236,7 @@ Feb 2011
1.4
===
Aug 2009
2009-09-23
- add touchiness: block repeated abusers for longer
- add blacklisting: store frequent abusers for permanent blocking
@ -185,7 +262,7 @@ Aug 2009
1.3
===
Oct 2008
2008-10
- fix autoconf problem
- automatically detect when ipfw supports IPv6 (thanks David Horn)
@ -194,7 +271,7 @@ Oct 2008
1.2
===
Sep 2008
2008-09
- support for Cyrus IMAP
- support for SSH "possible break-in attempt" messages
@ -205,7 +282,7 @@ Sep 2008
1.1
===
Jul 2008 (midway releases from Jul 2007 to Jun 2008)
2008-07
- support suspension
- support debug mode at runtime (-d) for helping users in problem solving
@ -226,7 +303,7 @@ Jul 2008 (midway releases from Jul 2007 to Jun 2008)
1.0
===
May 2007
2007-05
- address whitelisting for protecting friend addressess
- support for IPv6
@ -239,12 +316,12 @@ May 2007
0.91
====
Mar 2007
2007-03
- run away from scons and use autotools as building system
0.9
===
Feb 2007
2007-02
- first public release

84
CONTRIBUTING.rst

@ -0,0 +1,84 @@
=================
How to Contribute
=================
.. contents::
For Users
=========
Your feedback on how you use SSHGuard, what you like, and what annoys you,
helps us improve SSHGuard.
- Subscribe to the `users mailing list
<https://sourceforge.net/projects/sshguard/lists/sshguard-users>`_ and
contribute to discussions on issues you care about.
- Vote for issues on the `issue tracker`_.
- Report log messages that should or should not be identified as attacks on
the `issue tracker`_.
- Consider maintaining a package for SSHGuard on your operating system.
If there's any part of the code you'd like to dive into, post on the list and
we'll show you where to get started.
.. _issue tracker: https://bitbucket.org/sshguard/sshguard/issues?status=new&status=open
For Committers
==============
Commit Guidelines
-----------------
- **Merge via fast-forward and rebase**. Where possible, merge pull requests
and branches by rebasing on top of master and fast-forwarding, without
creating a separate merge commit. Linear history makes it possible for us to
bisect regressions.
- **50 character subject line**, followed by a blank and more details in the
body if needed, in the commit message.
- **Work in topic branches as needed**. For changes big or small, feel free to
use public topic branches in the SSHGuard repository. After review, they go
in by rebasing master. Topic branches are usually deleted after merging.
Force pushes are welcome in topic branches but not allowed in master.
Issue Tracker Workflow
----------------------
An explanation of workflow states that aren't self-explanatory:
Open
Issue analyzed, fair game for someone to fix
On hold
Issue analyzed, fix deferred (e.g. due to coming architectural changes)
Resolved
Action taken, issue resolved
Invalid
Not an issue (e.g. external bugs, spam)
Wontfix
Intentional behavior or rejected feature requests
Closed
No action taken, issue resolved (e.g. already fixed in ``master``)
Release Checklist
-----------------
Before release, make sure that:
- Building and installing work from source tarball: ``make distcheck``
- Change log and documentation are up-to-date
- Version number is consistent in *configure.ac* and man pages
Then:
1. Tag release: ``git tag -s -m "Tag <version> release" v<version>``
#. Build source tarball: ``autoreconf -i && ./configure && make dist``
#. Sign source tarball ``./distsign <tarball>``
#. Push tags: ``git push --tags``
#. Upload release files to SourceForge.
#. Send release announcement to mailing lists.
#. Announce release on website.

65
INSTALL.rst

@ -0,0 +1,65 @@
===================
Installing SSHGuard
===================
From a package repository
=========================
SSHGuard is available as a package from several package repositories,
usually under the name ``sshguard``.
Building from source
====================
Obtain a source distribution from http://www.sshguard.net/. Extract the
archive and run::
./configure
make && make install
Alternatively, if you are building from the source repository::
git clone https://bitbucket.org/sshguard/sshguard.git
cd sshguard/
autoreconf -i
./configure
make && make install
Build dependencies
------------------
- C compiler with support for the C99 standard
- lex and yacc (or compatible variant)
If you are building from the source repository, you also need:
- Autoconf/Automake
- Docutils
Debian and Ubuntu
~~~~~~~~~~~~~~~~~
::
apt install autoconf automake byacc flex gcc python-docutils
Fedora
~~~~~~
::
dnf install autoconf automake byacc flex gcc python-docutils
FreeBSD
~~~~~~~
::
pkg install autotools byacc clang flex py27-docutils
macOS
~~~~~
Requires Xcode_ with command line utilities and Homebrew_.
::
brew install autoconf automake byacc docutils flex
.. _Xcode: https://itunes.apple.com/app/xcode/id497799835
.. _Homebrew: http://brew.sh/

10
Makefile.am

@ -1,4 +1,10 @@
SUBDIRS = src
EXTRA_DIST = doc/ examples/ CHANGELOG.rst README.rst
man_MANS = doc/sshguard.8
EXTRA_DIST = doc/ examples/ CHANGELOG.rst CONTRIBUTING.rst INSTALL.rst README.rst
dist_man_MANS = doc/sshguard-setup.7 doc/sshguard.8
if BUILD_MAN
SUFFIXES=.rst
.rst:
$(RST2MAN_PROG) $< $@
endif

151
Makefile.in

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -95,8 +95,8 @@ DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/src/config.h
CONFIG_CLEAN_FILES = src/fwalls/sshg-fw
CONFIG_HEADER = $(top_builddir)/src/common/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@ -152,10 +152,11 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man7dir = $(mandir)/man7
am__installdirs = "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"
man8dir = $(mandir)/man8
am__installdirs = "$(DESTDIR)$(man8dir)"
NROFF = nroff
MANS = $(man_MANS)
MANS = $(dist_man_MANS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
@ -163,7 +164,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
cscope distdir dist dist-all distcheck
cscope distdir distdir-am dist dist-all distcheck
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@ -185,9 +186,9 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in \
$(top_srcdir)/src/fwalls/sshg-fw.in COPYING ar-lib compile \
install-sh missing
am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
$(top_srcdir)/src/common/config.h.in COPYING ar-lib compile \
depcomp install-sh missing tap-driver.sh ylwrap
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -264,6 +265,7 @@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
@ -276,6 +278,7 @@ PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@
RST2MAN_PROG = @RST2MAN_PROG@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
@ -326,14 +329,16 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = src
EXTRA_DIST = doc/ examples/ CHANGELOG.rst README.rst
man_MANS = doc/sshguard.8
EXTRA_DIST = doc/ examples/ CHANGELOG.rst CONTRIBUTING.rst INSTALL.rst README.rst
dist_man_MANS = doc/sshguard-setup.7 doc/sshguard.8
@BUILD_MAN_TRUE@SUFFIXES = .rst
all: all-recursive
.SUFFIXES:
.SUFFIXES: .rst
am--refresh: Makefile
@:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@ -352,24 +357,80 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(top_srcdir)/configure: $(am__configure_deps)
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
$(am__cd) $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__aclocal_m4_deps):
src/fwalls/sshg-fw: $(top_builddir)/config.status $(top_srcdir)/src/fwalls/sshg-fw.in
cd $(top_builddir) && $(SHELL) ./config.status $@
install-man8: $(man_MANS)
src/common/config.h: src/common/stamp-h1
@test -f $@ || rm -f src/common/stamp-h1
@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) src/common/stamp-h1
src/common/stamp-h1: $(top_srcdir)/src/common/config.h.in $(top_builddir)/config.status
@rm -f src/common/stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status src/common/config.h
$(top_srcdir)/src/common/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
($(am__cd) $(top_srcdir) && $(AUTOHEADER))
rm -f src/common/stamp-h1
touch $@
distclean-hdr:
-rm -f src/common/config.h src/common/stamp-h1
install-man7: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(dist_man_MANS)'; \
test -n "$(man7dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.7[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \
done; }
uninstall-man7:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man7dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.7[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir)
install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
list2='$(man_MANS)'; \
list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@ -404,7 +465,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@ -516,7 +577,10 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(DISTFILES)
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@ -581,7 +645,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@ -607,7 +671,7 @@ dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@ -625,7 +689,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@ -635,7 +699,7 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac
@ -709,7 +773,7 @@ check: check-recursive
all-am: Makefile $(MANS)
installdirs: installdirs-recursive
installdirs-am:
for dir in "$(DESTDIR)$(man8dir)"; do \
for dir in "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
@ -749,7 +813,7 @@ clean-am: clean-generic mostlyclean-am
distclean: distclean-recursive
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-tags
distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
dvi: dvi-recursive
@ -779,7 +843,7 @@ install-info: install-info-recursive
install-info-am:
install-man: install-man8
install-man: install-man7 install-man8
install-pdf: install-pdf-recursive
@ -811,7 +875,7 @@ ps-am:
uninstall-am: uninstall-man
uninstall-man: uninstall-man8
uninstall-man: uninstall-man7 uninstall-man8
.MAKE: $(am__recursive_targets) install-am install-strip
@ -819,20 +883,23 @@ uninstall-man: uninstall-man8
am--refresh check check-am clean clean-cscope clean-generic \
cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
distcheck distclean distclean-generic distclean-tags \
distcleancheck distdir distuninstallcheck dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-man8 install-pdf \
install-pdf-am install-ps install-ps-am install-strip \
installcheck installcheck-am installdirs installdirs-am \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-man uninstall-man8
distcheck distclean distclean-generic distclean-hdr \
distclean-tags distcleancheck distdir distuninstallcheck dvi \
dvi-am html html-am info info-am install install-am \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-man7 \
install-man8 install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags tags-am uninstall uninstall-am \
uninstall-man uninstall-man7 uninstall-man8
.PRECIOUS: Makefile
@BUILD_MAN_TRUE@.rst:
@BUILD_MAN_TRUE@ $(RST2MAN_PROG) $< $@
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.

46
README.rst

@ -1,21 +1,43 @@
========
SSHGuard
========
**sshguard** protects hosts from brute-force attacks against SSH and other
services. It aggregates system logs and blocks repeat offenders using one of
several firewall backends, including ``iptables``, ``ipfw``, and ``pf``.
**sshguard** can read log messages from standard input (suitable for piping
from ``syslog``) or monitor one or more log files. Log messages are parsed,
line-by-line, for recognized patterns. If an attack, such as several login
failures within a few seconds, is detected, the offending IP is blocked.
Offenders are unblocked after a set interval, but can be semi-permanently
banned using the blacklist option.
several firewall backends.
- http://www.sshguard.net/
- http://bitbucket.org/sshguard/sshguard/
Documentation
=============
See the man pages in *doc/* and the examples in *examples/*. This
documentation can also be found online at http://www.sshguard.net/docs/.
Installation
============
See *INSTALL.rst*. Briefly, if you are building from Git::
autoreconf -i
./configure
make && make install
Otherwise::
./configure
make && make install
License
=======
**sshguard** is available under the terms of the `OpenBSD license
<http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD>`_,
which is based on the ISC License. See *COPYING* for details.
Authors
-------
- Mij <mij@bitchx.it>
- T.J. Jones <tjjones03@gmail.com>
- Kevin Zheng <kevinz5000@gmail.com>
=======
* Michele Mazzucchi <mij@bitchx.it>,
* T.J. Jones <tjjones03@gmail.com>,
* Kevin Zheng <kevinz5000@gmail.com>

231
aclocal.m4

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
# Copyright (C) 2002-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.15'
[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.15], [],
m4_if([$1], [1.16.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -51,12 +51,12 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.15])dnl
[AM_AUTOMAKE_VERSION([1.16.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
# Copyright (C) 2011-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -118,7 +118,7 @@ AC_SUBST([AR])dnl
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -170,7 +170,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -201,7 +201,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -392,13 +392,12 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
@ -406,49 +405,41 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
case $CONFIG_FILES in
*\'*) eval set x "$CONFIG_FILES" ;;
*) set x $CONFIG_FILES ;;
esac
# TODO: see whether this extra hack can be removed once we start
# requiring Autoconf 2.70 or later.
AS_CASE([$CONFIG_FILES],
[*\'*], [eval set x "$CONFIG_FILES"],
[*], [set x $CONFIG_FILES])
shift
for mf
# Used to flag and report bootstrapping failures.
am_rc=0
for am_mf
do
# Strip MF so we end up with the name of the file.
mf=`echo "$mf" | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile or not.
# We used to match only the files named 'Makefile.in', but
# some people rename them; so instead we look at the file content.
# Grep'ing the first line is not enough: some people post-process
# each Makefile.in and add a new line on top of each file to say so.
# Grep'ing the whole file is not good either: AIX grep has a line
am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
# Check whether this is an Automake generated Makefile which includes
# dependency-tracking related rules and includes.
# Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
dirpart=`AS_DIRNAME("$mf")`
else
continue
fi
# Extract the definition of DEPDIR, am__include, and am__quote
# from the Makefile without running 'make'.
DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
test -z "$DEPDIR" && continue
am__include=`sed -n 's/^am__include = //p' < "$mf"`
test -z "$am__include" && continue
am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
# Find all dependency output files, they are included files with
# $(DEPDIR) in their names. We invoke sed twice because it is the
# simplest approach to changing $(DEPDIR) to its actual value in the
# expansion.
for file in `sed -n "
s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
# Make sure the directory exists.
test -f "$dirpart/$file" && continue
fdir=`AS_DIRNAME(["$file"])`
AS_MKDIR_P([$dirpart/$fdir])
# echo "creating $dirpart/$file"
echo '# dummy' > "$dirpart/$file"
done
sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
|| continue
am_dirpart=`AS_DIRNAME(["$am_mf"])`
am_filepart=`AS_BASENAME(["$am_mf"])`
AM_RUN_LOG([cd "$am_dirpart" \
&& sed -e '/# am--include-marker/d' "$am_filepart" \
| $MAKE -f - am--depfiles]) || am_rc=$?
done
if test $am_rc -ne 0; then
AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
for automatic dependency tracking. Try re-running configure with the
'--disable-dependency-tracking' option to at least be able to build
the package (albeit without support for automatic dependency tracking).])
fi
AS_UNSET([am_dirpart])
AS_UNSET([am_filepart])
AS_UNSET([am_mf])
AS_UNSET([am_rc])
rm -f conftest-deps.mk
}
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
@ -457,18 +448,17 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# -----------------------------
# This macro should only be invoked once -- use via AC_REQUIRE.
#
# This code is only required when automatic dependency tracking
# is enabled. FIXME. This creates each '.P' file that we will
# need in order to bootstrap the dependency handling code.
# This code is only required when automatic dependency tracking is enabled.
# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
# order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
[AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
])
[AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -555,8 +545,8 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
@ -623,7 +613,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
that behaves properly: <http://www.gnu.org/software/coreutils/>.
that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@ -665,7 +655,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -686,7 +676,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
# Copyright (C) 2003-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -705,7 +695,7 @@ fi
rmdir .tst 2>/dev/null
AC_SUBST([am__leading_dot])])
# Copyright (C) 1998-2014 Free Software Foundation, Inc.
# Copyright (C) 1998-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -723,9 +713,45 @@ if test "$LEX" = :; then
LEX=${am_missing_run}flex
fi])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# AM_MAINTAINER_MODE([DEFAULT-MODE])
# ----------------------------------
# Control maintainer-specific portions of Makefiles.
# Default is to disable them, unless 'enable' is passed literally.
# For symmetry, 'disable' may be passed as well. Anyway, the user
# can override the default with the --enable/--disable switch.
AC_DEFUN([AM_MAINTAINER_MODE],
[m4_case(m4_default([$1], [disable]),
[enable], [m4_define([am_maintainer_other], [disable])],
[disable], [m4_define([am_maintainer_other], [enable])],
[m4_define([am_maintainer_other], [enable])
m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
dnl maintainer-mode's default is 'disable' unless 'enable' is passed
AC_ARG_ENABLE([maintainer-mode],
[AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode],
am_maintainer_other[ make rules and dependencies not useful
(and sometimes confusing) to the casual installer])],
[USE_MAINTAINER_MODE=$enableval],
[USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
AC_MSG_RESULT([$USE_MAINTAINER_MODE])
AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
MAINT=$MAINTAINER_MODE_TRUE
AC_SUBST([MAINT])dnl
]
)
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -733,49 +759,42 @@ fi])
# AM_MAKE_INCLUDE()
# -----------------
# Check to see how make treats includes.
# Check whether make has an 'include' directive that can support all
# the idioms we need for our automatic dependency tracking code.
AC_DEFUN([AM_MAKE_INCLUDE],
[am_make=${MAKE-make}
cat > confinc << 'END'
[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
cat > confinc.mk << 'END'
am__doit:
@echo this is the am__doit target
@echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
# Ignore all kinds of additional output from 'make'.
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=include
am__quote=
_am_result=GNU
;;
esac
# Now try BSD make style include.
if test "$am__include" = "#"; then
echo '.include "confinc"' > confmf
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=.include
am__quote="\""
_am_result=BSD
;;
esac
fi
AC_SUBST([am__include])
AC_SUBST([am__quote])
AC_MSG_RESULT([$_am_result])
rm -f confinc confmf
])
# BSD make does it like this.
echo '.include "confinc.mk" # ignored' > confmf.BSD
# Other make implementations (GNU, Solaris 10, AIX) do it like this.
echo 'include confinc.mk # ignored' > confmf.GNU
_am_result=no
for s in GNU BSD; do
AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
AS_CASE([$?:`cat confinc.out 2>/dev/null`],
['0:this is the am__doit target'],
[AS_CASE([$s],
[BSD], [am__include='.include' am__quote='"'],
[am__include='include' am__quote=''])])
if test "$am__include" != "#"; then
_am_result="yes ($s style)"
break
fi
done
rm -f confinc.* confmf.*
AC_MSG_RESULT([${_am_result}])
AC_SUBST([am__include])])
AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -816,7 +835,7 @@ fi
# Obsolete and "removed" macros, that must however still report explicit
# error messages when used, to smooth transition.
#
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -843,7 +862,7 @@ AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -872,7 +891,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -919,7 +938,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -938,7 +957,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1019,7 +1038,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
# Copyright (C) 2009-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1079,7 +1098,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1107,7 +1126,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
# Copyright (C) 2006-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -1126,7 +1145,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
# Copyright (C) 2004-2018 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

4
ar-lib

@ -4,7 +4,7 @@
me=ar-lib
scriptversion=2012-03-01.08; # UTC
# Copyright (C) 2010-2014 Free Software Foundation, Inc.
# Copyright (C) 2010-2018 Free Software Foundation, Inc.
# Written by Peter Rosin <peda@lysator.liu.se>.
#
# This program is free software; you can redistribute it and/or modify
@ -18,7 +18,7 @@ scriptversion=2012-03-01.08; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a

13
compile

@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
scriptversion=2018-03-07.03; # UTC
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2018 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@ -17,7 +17,7 @@ scriptversion=2012-10-14.11; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -255,7 +255,8 @@ EOF
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@ -339,9 +340,9 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

563
configure

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for sshguard 1.7.1.
# Generated by GNU Autoconf 2.69 for sshguard 2.2.0.
#
# Report bugs to <sshguard-users@lists.sourceforge.net>.
#
@ -580,12 +580,12 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='sshguard'
PACKAGE_TARNAME='sshguard'
PACKAGE_VERSION='1.7.1'
PACKAGE_STRING='sshguard 1.7.1'
PACKAGE_VERSION='2.2.0'
PACKAGE_STRING='sshguard 2.2.0'
PACKAGE_BUGREPORT='sshguard-users@lists.sourceforge.net'
PACKAGE_URL=''
ac_unique_file="src/simclist.c"
ac_unique_file="src/sshguard.in"
# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
@ -626,8 +626,9 @@ ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
LIBOBJS
FWALL_HOSTS_FALSE
FWALL_HOSTS_TRUE
BUILD_MAN_FALSE
BUILD_MAN_TRUE
RST2MAN_PROG
LEXLIB
LEX_OUTPUT_ROOT
LEX
@ -646,7 +647,6 @@ am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
AMDEP_TRUE
am__quote
am__include
DEPDIR
OBJEXT
@ -683,6 +683,9 @@ am__isrc
INSTALL_DATA
INSTALL_SCRIPT
INSTALL_PROGRAM
MAINT
MAINTAINER_MODE_FALSE
MAINTAINER_MODE_TRUE
target_alias
host_alias
build_alias
@ -720,13 +723,13 @@ PACKAGE_VERSION
PACKAGE_TARNAME
PACKAGE_NAME
PATH_SEPARATOR
SHELL'
ac_subst_files='sshg_fw_subr'
SHELL
am__quote'
ac_subst_files=''
ac_user_opts='
enable_option_checking
enable_maintainer_mode
enable_silent_rules
with_firewall
with_hosts
enable_dependency_tracking
'
ac_precious_vars='build_alias
@ -1280,7 +1283,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures sshguard 1.7.1 to adapt to many kinds of systems.
\`configure' configures sshguard 2.2.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1346,7 +1349,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of sshguard 1.7.1:";;
short | recursive ) echo "Configuration of sshguard 2.2.0:";;
esac
cat <<\_ACEOF
@ -1354,6 +1357,9 @@ Optional Features:
--disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-maintainer-mode
disable make rules and dependencies not useful (and
sometimes confusing) to the casual installer
--enable-silent-rules less verbose build output (undo: "make V=1")
--disable-silent-rules verbose build output (undo: "make V=0")
--enable-dependency-tracking
@ -1361,14 +1367,6 @@ Optional Features:
--disable-dependency-tracking
speeds up one-time build
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-firewall=fw Firewall backend (one of pf, ipfw, iptables, hosts,
or null)
--with-hosts=file Path to allowed hosts file (default
/etc/hosts.allow)
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
@ -1451,7 +1449,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
sshguard configure 1.7.1
sshguard configure 2.2.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -1753,7 +1751,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by sshguard $as_me 1.7.1, which was
It was created by sshguard $as_me 2.2.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2102,9 +2100,32 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
ac_config_headers="$ac_config_headers src/config.h"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
# Check whether --enable-maintainer-mode was given.
if test "${enable_maintainer_mode+set}" = set; then :
enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
else
USE_MAINTAINER_MODE=yes
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
$as_echo "$USE_MAINTAINER_MODE" >&6; }
if test $USE_MAINTAINER_MODE = yes; then
MAINTAINER_MODE_TRUE=
MAINTAINER_MODE_FALSE='#'
else
MAINTAINER_MODE_TRUE='#'
MAINTAINER_MODE_FALSE=
fi
MAINT=$MAINTAINER_MODE_TRUE
am__api_version='1.15'
ac_config_headers="$ac_config_headers src/common/config.h"
am__api_version='1.16'
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@ -2619,7 +2640,7 @@ fi
# Define the identity of the package.
PACKAGE='sshguard'
VERSION='1.7.1'
VERSION='2.2.0'
cat >>confdefs.h <<_ACEOF
@ -2649,8 +2670,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
# We need awk for the "check" target (and possibly the TAP driver). The
@ -2701,7 +2722,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
that behaves properly: <http://www.gnu.org/software/coreutils/>.
that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@ -2752,103 +2773,51 @@ fi
AM_BACKSLASH='\'
##############################################################################
# Configuration Options
# Check whether --with-firewall was given.
if test "${with_firewall+set}" = set; then :
withval=$with_firewall;
# Substitute the correct commands into the firewall script.
sshg_fw_subr=src/fwalls/$withval.sh
case "$withval" in
hosts)
usehosts=true
;;
ipfw)
useipfw=true
;;
iptables)
useiptables=true
;;
pf)
usepf=true
;;
null)
usenull=true
;;
*)
as_fn_error $? "Invalid firewall backend (see help)" "$LINENO" 5
;;
esac
else
as_fn_error $? "Please choose a firewall backend (see help)" "$LINENO" 5
fi
# Check whether --with-hosts was given.
if test "${with_hosts+set}" = set; then :
withval=$with_hosts; hostsfilepath=$withval
else
hostsfilepath=/etc/hosts.allow
fi
##############################################################################
$as_echo "## -------------- ##
## Program Checks ##
## -------------- ##"
# Enable POSIX extensions on hosts that normally disable them.
DEPDIR="${am__leading_dot}deps"
ac_config_commands="$ac_config_commands depfiles"
am_make=${MAKE-make}
cat > confinc << 'END'
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; }
cat > confinc.mk << 'END'
am__doit:
@echo this is the am__doit target
@echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
# If we don't find an include directive, just comment out the code.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
$as_echo_n "checking for style of include used by $am_make... " >&6; }
am__include="#"
am__quote=
_am_result=none
# First try GNU make style include.
echo "include confinc" > confmf
# Ignore all kinds of additional output from 'make'.
case `$am_make -s -f confmf 2> /dev/null` in #(
*the\ am__doit\ target*)
am__include=include
am__quote=