homebrew-core/Formula/sshguard.rb
2016-08-09 05:42:27 -07:00

73 lines
2.2 KiB
Ruby

class Sshguard < Formula
desc "Protect from brute force attacks against SSH"
homepage "http://www.sshguard.net/"
url "https://downloads.sourceforge.net/project/sshguard/sshguard/1.7.0/sshguard-1.7.0.tar.gz"
sha256 "5ce784bc25dc9801fbfadc4117669ee02397526c420170ae1145ada96df8cd59"
bottle do
sha256 "52954aab894544db55b011b98fe5fe1b3e32c54e933198d8dfe56da5a8245ae6" => :el_capitan
sha256 "84e797a7ec7778b8fc449f8da2501cd463da83b54899c6a7907275363b7241a4" => :yosemite
sha256 "f4b03d720b38fefe394c2b4e87247080edf3e0b82cbf4e623d3f44c48dd00300" => :mavericks
end
depends_on "automake" => :build
depends_on "autoconf" => :build
def install
system "./configure", "--disable-debug",
"--disable-dependency-tracking",
"--disable-silent-rules",
"--prefix=#{prefix}",
"--with-firewall=#{firewall}"
system "make", "install"
end
def firewall
MacOS.version >= :lion ? "pf" : "ipfw"
end
def log_path
MacOS.version >= :lion ? "/var/log/system.log" : "/var/log/secure.log"
end
def caveats
if MacOS.version >= :lion then <<-EOS.undent
Add the following lines to /etc/pf.conf to block entries in the sshguard
table (replace $ext_if with your WAN interface):
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
Then run sudo pfctl -f /etc/pf.conf to reload the rules.
EOS
end
end
plist_options :startup => true
def plist; <<-EOS.undent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>#{plist_name}</string>
<key>KeepAlive</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>#{opt_sbin}/sshguard</string>
<string>-l</string>
<string>#{log_path}</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOS
end
test do
assert_match version.to_s, shell_output("#{sbin}/sshguard -v 2>&1", 64)
end
end