I'm not sure if Fedora still needs it, we already have denyhosts, fail2ban.

BUT, why not use 1.6.1 just release a month ago?

http://sourceforge.net/p/sshguard/mailman/message/34336780/

(In reply to Christopher Meng from comment #1)
> I'm not sure if Fedora still needs it, we already have denyhosts, fail2ban.

Another doesn't hurt. :)
 
> BUT, why not use 1.6.1 just release a month ago?
> 
> http://sourceforge.net/p/sshguard/mailman/message/34336780/

Sorry.  1.5 was the latest I found on the website.  I'll go ahead and update it to 1.6.1.

Updated to 1.6.1.  Rpmlint is still clean.  Seems ok on my system.

Spec URL: https://konradm.fedorapeople.org/fedora/SPECS/sshguard.spec
SRPM URL: https://konradm.fedorapeople.org/fedora/SRPMS/sshguard-1.6.1-1.fc22.src.rpm

williamjmorenor's scratch build of sshguard-1.6.1-1.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12186641

This spec is not building in Rawhide, please check for missinb buildrequires and update the spec and src.rpm

It's missing the addrinfo header include:

sshguard_whitelist.c:350:87: error: dereferencing pointer to incomplete type 'struct addrinfo'

Odd that it built locally.

Created attachment 1109179 [details]
rawhide build fix

Addrinfo is unconditionally available in the 2001 spec. Patch attached, builds fine with mock on armhfp.

Added rdvn@'s patch to compiled with POSIX_C_SOURCE:

Spec: https://konradm.fedorapeople.org/fedora/SPECS/sshguard.spec
SRPM: https://konradm.fedorapeople.org/fedora/SRPMS/sshguard-1.6.1-2.fc22.src.rpm

williamjmorenor's scratch build of sshguard-1.6.1-2.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12335109

Same issue:
sshguard_whitelist.c:350:87: error: dereferencing pointer to incomplete type 'struct addrinfo'
     for (numaddresses = 0, addriter = hostaddrs; addriter != NULL; addriter = addriter->ai_next, ++numaddresses) {
                                                                                       ^

Added V=1 so compilation flags are logged.  Noticed that POSIX_C_SOURCE wasn't getting applied on the only files it mattered on; dropped the patch from -2 and instead append the define to CFLAGS before `configure.'  Verified the define is being applied to the important files, e.g., sshguard_whitelist.c.

Spec: https://konradm.fedorapeople.org/fedora/SPECS/sshguard.spec
SRPM: https://konradm.fedorapeople.org/fedora/SRPMS/sshguard-1.6.1-3.fc22.src.rpm

Scratch build kicked off here: http://koji.fedoraproject.org/koji/taskinfo?taskID=12335400

konradm's scratch build of sshguard-1.6.1-3.fc22.src.rpm for rawhide failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12335400

Now it builds (at least, where -m64 isn't required), but it isn't quite right -- the system CFLAGS are dropped on the floor.

I am sorry but my builds are still falingin:

https://copr.fedorainfracloud.org/coprs/williamjmorenor/fedora-review-test/build/173473/

The epel7 build pass but f24 and f25 fails

I’d really like to see this included in Fedora as currently Fail2Ban lacks IPv6 support, and sshguard has excellent IPv6 support and a smaller memory footprint.

Some comments on the spec file:

* Should require `iptables` rather than `firewalld`
* Should not require rsyslog; pipe output from journalctl into sshguard in the service file instead (reference [how arch does it](https://git.archlinux.org/svntogit/community.git/tree/trunk/sshguard-journalctl?h=packages/sshguard))

This package is still failing to build:

https://copr.fedorainfracloud.org/coprs/williamjmorenor/fedora-review-test/build/341237/

checking for gawk... (cached) gawk
checking for x86_64-redhat-linux-gnu-gcc... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... configure: error: in `/builddir/build/BUILD/sshguard-1.6.1':
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
error: Bad exit status from /var/tmp/rpm-tmp.z7oE7A (%build)
RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.z7oE7A (%build)
Child return code was: 1
EXCEPTION: [Error()]
Traceback (most recent call last):
  File "/usr/lib/python3.4/site-packages/mockbuild/trace_decorator.py", line 88, in trace
    result = func(*args, **kw)
  File "/usr/lib/python3.4/site-packages/mockbuild/util.py", line 551, in do
    raise exception.Error("Command failed. See logs for output.\n # %s" % (command,), child.returncode)
mockbuild.exception.Error: Command failed. See logs for output.
 # bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps /builddir/build/SPECS/sshguard.spec

ping

For build to succeed, -fPIC has to be added to flags.
Specs changes for latest version:

--- a/sshguard.spec     2015-12-28 23:50:15.000000000 +0100
+++ b/sshguard.spec     2016-10-27 10:38:21.778660447 +0200
@@ -1,11 +1,10 @@
 Name:           sshguard
-Version:        1.6.1
-Release:        3%{?dist}
+Version:        1.7.1
+Release:        1%{?dist}
 Summary:        Protect hosts from brute-force attacks
 License:        ISC and BSD and Public Domain
 URL:            http://www.sshguard.net/
 Source0:        http://downloads.sourceforge.net/project/sshguard/sshguard/%{version}/sshguard-%{version}.tar.xz
-Source1:        sshguard.service
 
 BuildRequires:  systemd
 Requires:       firewalld
@@ -29,12 +28,11 @@
 %prep
 %setup -q
 find src \( -name '*.h' -o -name '*.c' \) -exec chmod -x {} +
-cp -a %{SOURCE1} .
 
 
 %build
 # glibc headers need POSIX_C_SOURCE:
-export CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112L"
+export CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112L -fPIC"
 %configure --with-firewall=iptables
 make %{?_smp_mflags} V=1
 
@@ -44,7 +42,7 @@
 %make_install
 
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}/
-install -m 644 sshguard.service $RPM_BUILD_ROOT%{_unitdir}/
+install -m 644 examples/sshguard.service $RPM_BUILD_ROOT%{_unitdir}/
 
 
 %post
@@ -60,13 +58,17 @@
 
 
 %files
-%doc README.rst COPYING examples
+%doc README.rst examples
+%license COPYING
+%{_libexecdir}/sshg-*
 %{_mandir}/man8/sshguard.8*
 %{_sbindir}/sshguard
 %{_unitdir}/sshguard.service

SSHGuard 2.0.0 has been released.
https://www.sshguard.net/litenewz/feeds/14

SSHGuard 2 introduced a new configuration scheme (changed from piped commands and runtime flags in the init script to a configuration file) and a FirewallD backend that should be of interest to Fedora.

I wrote up a tutorial for users showing how to install and configure SSHGuard on Fedora that might help the packaging effort.
https://ctrl.blog/entry/how-to-sshguard-firewalld

I’m not all that familiar with RPM packages or Fedora’s packaging infrastructure, but please let me know if I can help in any way getting SSHGuard packaged for Fedora.

I've just noticed this is languishing (as I've got a requirement to use sshguard on some systems). If the original proposed maintainers aren't interested in the 2.0 tree, I'll work the spec and get this rolling again.

Andrew

I'm happy to hand it off to you, Andrew.

OK - don't run away as I may need it reviewing :-)

I have recently created a RPM of this as well (Gitlab: https://gitlab.com/lcts/sshguard-rpm - COPR: https://copr.fedorainfracloud.org/coprs/lcts/sshguard ), feel free to fork that. Currently builds on everything except epel6 (no systemd).

Chris

I've continued maintaining sshguard on COPR [1] since September and I'd be happy to do so in the main repo. If Andrew doesn't object, I'd submit that package for review.