# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id: Portfile 92194 2012-04-21 18:16:16Z pixilla@macports.org $

PortSystem 1.0

name                sshguard
version             1.5
revision            1
categories          net security
platforms           darwin
maintainers         otherware.org:nefar pixilla openmaintainer
license             BSD

description         Sshguard protects networked hosts from brute force attacks.

long_description    Sshguard monitors servers from their logging activity. When logs convey \
                    that someone is doing a Bad Thing, sshguard reacts by blocking he/she/it \
                    for a bit. Sshguard has a touchy personality: when a naughty tyke \
                    insists disturbing your host, it reacts firmer and firmer.

homepage            http://www.sshguard.net/
master_sites        sourceforge:sshguard

distname            sshguard-${version}

# Patched to revision 231 from here:
# http://sshguard.svn.sourceforge.net/viewvc/sshguard/trunk/
patch.pre_args      -p1
patchfiles          patch-Changes.diff \
                    patch-configure.diff \
                    patch-configure.ac.diff \
                    patch-man-sshguard.8.diff \
                    patch-src-Makefile.am.diff \
                    patch-src-Makefile.in.diff \
                    patch-src-fwalls-hosts.c.diff \
                    patch-src-fwalls-ipfw.c.diff \
                    patch-src-parser-attack_scanner.c.diff \
                    patch-src-parser-attack_scanner.l.diff \
                    patch-src-sshguard.c.diff \
                    patch-src-sshguard_blacklist.c.diff \
                    patch-src-sshguard_logsuck.c.diff \
                    patch-src-sshguard_options.c.diff

checksums           rmd160  7b4625b3b2e0cf974bc935d868b89bd0d8c189e8 \
                    sha256  b537f8765455fdf8424f87d4bd695e5b675b88e5d164865452137947093e7e19

use_bzip2           yes

# Before Lion firewall is ipfw, afterwards pf.
if {${os.major} < 11} {

    configure.args-append \
                    --with-ipfw=/sbin/ipfw --with-firewall=ipfw
} else {

    configure.args-append \
                    --with-pfctl=/sbin/pfctl --with-firewall=pf
}

post-extract {

    copy ${filespath}/sshguard-options-wrapper \
        ${worksrcpath}/sshguard-options-wrapper
    copy ${filespath}/options.example \
        ${worksrcpath}/options.example
    reinplace "s|@PREFIX@|${prefix}|" \
        ${worksrcpath}/sshguard-options-wrapper \
        ${worksrcpath}/options.example
    reinplace "s|@NAME@|${name}|" \
        ${worksrcpath}/sshguard-options-wrapper \
        ${worksrcpath}/options.example
}

post-destroot {

    xinstall -d ${destroot}${prefix}/etc/${name}
    xinstall -d ${destroot}${prefix}/libexec/${name}
    xinstall -d ${destroot}${prefix}/share/${name}
    xinstall -d ${destroot}${prefix}/var/db/${name}
    xinstall -m 644 ${worksrcpath}/options.example \
        ${destroot}${prefix}/etc/${name}/options.example
    xinstall -m 755 ${worksrcpath}/sshguard-options-wrapper \
        ${destroot}${prefix}/libexec/${name}/sshguard-options-wrapper
    xinstall -m 544 ${worksrcpath}/README \
        ${destroot}${prefix}/share/${name}/README
    touch ${destroot}${prefix}/var/db/${name}/keepdir
}

post-activate {

    if {![file exists ${prefix}/etc/${name}/options]} {
        xinstall -m 644 ${prefix}/etc/${name}/options.example \
            ${prefix}/etc/${name}/options
    }
    if {![file exists ${prefix}/etc/${name}/whitelist]} {
        touch ${prefix}/etc/${name}/whitelist
    }
}

startupitem.create      yes
startupitem.executable  "${prefix}/libexec/${name}/sshguard-options-wrapper"

livecheck.type      regex
livecheck.url       http://sourceforge.net/projects/sshguard/files/sshguard/
livecheck.regex     "/sshguard-(\\d+(?:\\.\\d+)*)/"

notes "

* This port installs a wrapper script \"sshguard-options-wrapper\" to
facilitate the use of an options file with launchd.

* You can add log files to monitor by adding '-l /path/to/file.log'
lines to ${prefix}/etc/${name}/options.

* You can white list ip addresses and hostnames by editing
${prefix}/etc/${name}/whitelist.
Example:
    # comment line (a '#' as very first character)
    #   a single ip address
    1.2.3.4
    #   address blocks in CIDR notation
    127.0.0.0/8
    10.11.128.0/17
    192.168.0.0/24
    #   hostnames
    rome-fw.enterprise.com
    hosts.friends.com

* You can load ${name} with this command:
$ sudo port load ${name}

"
