class Sshguard < Formula desc "Protect from brute force attacks against SSH" homepage "http://www.sshguard.net/" url "https://downloads.sourceforge.net/project/sshguard/sshguard/1.7.0/sshguard-1.7.0.tar.gz" sha256 "5ce784bc25dc9801fbfadc4117669ee02397526c420170ae1145ada96df8cd59" bottle do sha256 "eafc23ae542d22103ed6750185e78d48c75c9db7d16b2d528c0e55f9b3cd0be4" => :sierra sha256 "52954aab894544db55b011b98fe5fe1b3e32c54e933198d8dfe56da5a8245ae6" => :el_capitan sha256 "84e797a7ec7778b8fc449f8da2501cd463da83b54899c6a7907275363b7241a4" => :yosemite sha256 "f4b03d720b38fefe394c2b4e87247080edf3e0b82cbf4e623d3f44c48dd00300" => :mavericks end depends_on "automake" => :build depends_on "autoconf" => :build def install system "./configure", "--disable-debug", "--disable-dependency-tracking", "--disable-silent-rules", "--prefix=#{prefix}", "--with-firewall=#{firewall}" system "make", "install" end def firewall MacOS.version >= :lion ? "pf" : "ipfw" end def log_path MacOS.version >= :lion ? "/var/log/system.log" : "/var/log/secure.log" end def caveats if MacOS.version >= :lion then <<-EOS.undent Add the following lines to /etc/pf.conf to block entries in the sshguard table (replace $ext_if with your WAN interface): table persist block in quick on $ext_if proto tcp from to any port 22 label "ssh bruteforce" Then run sudo pfctl -f /etc/pf.conf to reload the rules. EOS end end plist_options :startup => true def plist; <<-EOS.undent Label #{plist_name} KeepAlive ProgramArguments #{opt_sbin}/sshguard -l #{log_path} RunAtLoad EOS end test do assert_match version.to_s, shell_output("#{sbin}/sshguard -v 2>&1", 64) end end