require 'formula' class Denyhosts < Formula homepage 'http://denyhosts.sourceforge.net/' url 'http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz' md5 'fc2365305a9402886a2b0173d1beb7df' def patches # The original DenyHosts scripts will be installed to libexec with the # `-dist` suffixes. The patchfile modifies the copies to set some defaults. cp 'daemon-control-dist', 'daemon-control' cp 'denyhosts.cfg-dist', 'denyhosts.cfg' DATA end def install # If the `libpath` is relative, instead of absolute, we can influence the # 'data path' via command line arguments to `setup.py`. inreplace 'setup.py' do |s| s.change_make_var! 'libpath', "''" s.change_make_var! 'scriptspath', "''" s.change_make_var! 'pluginspath', "''" end # Make it so that all DenyHosts tools have a default path that points at # our config file. inreplace 'DenyHosts/constants.py' do |s| s.change_make_var! 'CONFIG_FILE', "'#{etc}/denyhosts.cfg'" end # Install mostly into libexec (a la Duplicity) system "python", "setup.py", "install", "--prefix=#{prefix}", "--install-lib=#{libexec}", "--install-scripts=#{libexec}", "--install-data=#{libexec}" libexec.install 'daemon-control' # Don't overwrite the config file; the user may have tweaked it. etc.install 'denyhosts.cfg' unless (etc + 'denyhosts.cfg').exist? sbin.install_symlink libexec+'daemon-control' sbin.install_symlink libexec+'denyhosts.py' => 'denyhosts' plist_path.write cron_plist plist_path.chmod 0644 end def cron_plist <<-EOS.undent Label #{plist_name} ProgramArguments #{HOMEBREW_PREFIX}/sbin/denyhosts RunAtLoad KeepAlive StartInterval 600 EOS end def caveats <<-EOS.undent Unless it exists already, a denyhosts.cfg file has been written to: #{etc}/denyhosts.cfg All DenyHosts scripts will load this file by default unless told to use a different one. A launchctl plist has been created that will run DenyHosts to update /etc/hosts.deny every 10 minutes. It will need to be run by the user that owns /etc/hosts.deny, usually root, and can be set to load at startup via: sudo cp #{plist_path} /Library/LaunchDaemons/ EOS end end __END__ Set DenyHosts defaults for OS X. See: http://trac.macports.org/browser/trunk/dports/security/denyhosts/files/patch-denyhosts.cfg-dist.diff diff --git a/daemon-control b/daemon-control index dd49315..b2bb838 100755 --- a/daemon-control +++ b/daemon-control @@ -11,9 +11,9 @@ #### Edit these to suit your configuration #### ############################################### -DENYHOSTS_BIN = "/usr/bin/denyhosts.py" -DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" -DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" +DENYHOSTS_BIN = "HOMEBREW_PREFIX/sbin/denyhosts" +DENYHOSTS_LOCK = "HOMEBREW_PREFIX/var/run/denyhosts.pid" +DENYHOSTS_CFG = "HOMEBREW_PREFIX/etc/denyhosts.cfg" PYTHON_BIN = "/usr/bin/env python" diff --git a/denyhosts.cfg b/denyhosts.cfg index 6551b3f..c95fcb6 100644 --- a/denyhosts.cfg +++ b/denyhosts.cfg @@ -9,7 +9,7 @@ # argument # # Redhat or Fedora Core: -SECURE_LOG = /var/log/secure +# SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: #SECURE_LOG = /var/log/auth.log @@ -19,7 +19,7 @@ SECURE_LOG = /var/log/secure # # Mac OS X (v10.4 or greater - # also refer to: http://www.denyhosts.net/faq.html#macos -#SECURE_LOG = /private/var/log/asl.log +SECURE_LOG = /private/var/log/secure.log # # Mac OS X (v10.3 or earlier): #SECURE_LOG=/private/var/log/system.log @@ -88,9 +88,9 @@ PURGE_DENY = # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 # # To block all services for the offending host: -#BLOCK_SERVICE = ALL +BLOCK_SERVICE = ALL # To block only sshd: -BLOCK_SERVICE = sshd +# BLOCK_SERVICE = sshd # To only record the offending host and nothing else (if using # an auxilary file to list the hosts). Refer to: # http://denyhosts.sourceforge.net/faq.html#aux @@ -150,7 +150,7 @@ DENY_THRESHOLD_RESTRICTED = 1 # Note: it is recommended that you use an absolute pathname # for this value (eg. /home/foo/denyhosts/data) # -WORK_DIR = /usr/share/denyhosts/data +WORK_DIR = HOMEBREW_PREFIX/var/denyhosts # ####################################################################### @@ -192,13 +192,13 @@ HOSTNAME_LOOKUP=YES # running at a time. # # Redhat/Fedora: -LOCK_FILE = /var/lock/subsys/denyhosts +#LOCK_FILE = /var/lock/subsys/denyhosts # # Debian #LOCK_FILE = /var/run/denyhosts.pid # # Misc -#LOCK_FILE = /tmp/denyhosts.lock +LOCK_FILE = HOMEBREW_PREFIX/var/run/denyhosts.pid # ###################################################################### @@ -432,7 +432,7 @@ AGE_RESET_INVALID=10d # this is the logfile that DenyHosts uses to report it's status. # To disable logging, leave blank. (default is: /var/log/denyhosts) # -DAEMON_LOG = /var/log/denyhosts +DAEMON_LOG = HOMEBREW_PREFIX/var/log/denyhosts.log # # disable logging: #DAEMON_LOG =