Bug 1931237 - sshguard package doesn't have config file and example is broken
Summary: sshguard package doesn't have config file and example is broken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: sshguard
Version: epel8
Hardware: Unspecified
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Christopher Engelhard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-02-21 20:56 UTC by kazakevichilya
Modified: 2021-03-19 19:54 UTC (History)
1 user (show)

Fixed In Version: sshguard-2.4.1-5.fc33 sshguard-2.4.1-5.el8 sshguard-2.4.1-5.fc34
Clone Of:
Environment:
Last Closed: 2021-03-04 20:09:31 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description kazakevichilya 2021-02-21 20:56:33 UTC
Description of problem:

``sshguard`` package lacks of ``sshguard.conf``, so it doesn't start by default.

It has example (I was able to find it using ``rpm -q -l sshguard``) but it
contains wrong path to the backend.

I understand that we can't configure sshguard automatically since we do not know
if user prefers firewall-cmd, iptables or ipset, but could we please have
``sshguard.conf`` with at least one backend configured (others could be simply
commented)?


Steps to Reproduce:
# dnf install sshguard
# systemctl start sshguard

use journalctl to see errors.


Actual results:
You should see error saying no ``sshguard.conf`` exist

Comment 1 Christopher Engelhard 2021-02-22 16:24:45 UTC
Thanks for reporting.

On Fedora & EPEL8, configuration is contained in packages sshguard-<backend>, which are pulled in via weak dependencies depending on which firewall the user has installed. The error is that right now the package doesn't require any of those config packages, so if people can end up with no config at all. I'll fix that.

In the meantime, as a workaround you can
- remove the example config file from /etc & install the sshguard-<backend> package for your firewall
or
- uninstall sshguard and reinstall it with weak dependencies enabled.

Comment 2 kazakevichilya 2021-02-22 17:02:23 UTC
Hello.
Thank you.

I cant find any separate package for backend, by the way.

```
$ cat /etc/redhat-release 
CentOS Linux release 8.3.2011
$ dnf search sshguard\*
Last metadata expiration check: 0:03:00 ago on Mon 22 Feb 2021 07:51:06 PM MSK.
======================================================================== Name Matched: sshguard* =========================================================================
sshguard.x86_64 : Protects hosts from brute-force attacks against SSH and other services
$
$ dnf list  | grep sshgu
sshguard.x86_64                                        2.4.1-1.el8                                      epel
```

All files are in ``sshguard`` package instead

```
$ rpm -q -l sshguard | grep sshg-
/usr/libexec/sshguard/sshg-blocker
/usr/libexec/sshguard/sshg-fw-firewalld
/usr/libexec/sshguard/sshg-fw-hosts
/usr/libexec/sshguard/sshg-fw-ipfilter
/usr/libexec/sshguard/sshg-fw-ipfw
/usr/libexec/sshguard/sshg-fw-ipset
/usr/libexec/sshguard/sshg-fw-iptables
/usr/libexec/sshguard/sshg-fw-nft-sets
/usr/libexec/sshguard/sshg-fw-null
/usr/libexec/sshguard/sshg-fw-pf
/usr/libexec/sshguard/sshg-logtail
/usr/libexec/sshguard/sshg-parser
```

I tried to install it with ``dnf --setopt=install_weak_deps=True`` but obviously got nothing

Comment 3 Christopher Engelhard 2021-02-22 17:06:01 UTC
That backends are always included, it's just the corresponding config that is split out.

OK, I'll see why those other packages are missing in the repos. That is very weird.

Comment 4 Fedora Update System 2021-02-24 08:34:23 UTC
FEDORA-2021-24fe20bf97 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-24fe20bf97

Comment 5 Fedora Update System 2021-02-24 08:34:23 UTC
FEDORA-EPEL-2021-2e7114e329 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-2e7114e329

Comment 6 Christopher Engelhard 2021-02-24 08:46:42 UTC
I've pushed an update that should fix this issue.

Sshguard should automatically pull in one of it's config packages (the one matching your installed firewall, if you have weak dependencies enabled).

Let me know if you have any problems.

Comment 7 Fedora Update System 2021-02-24 19:18:01 UTC
FEDORA-2021-24fe20bf97 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-24fe20bf97`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-24fe20bf97

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2021-02-24 20:54:59 UTC
FEDORA-EPEL-2021-2e7114e329 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-2e7114e329

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2021-02-24 21:57:31 UTC
FEDORA-2021-116ac896ae has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-116ac896ae`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-116ac896ae

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2021-03-04 20:09:31 UTC
FEDORA-2021-116ac896ae has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2021-03-10 21:40:39 UTC
FEDORA-EPEL-2021-2e7114e329 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2021-03-19 17:36:35 UTC
FEDORA-2021-24fe20bf97 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2021-03-19 19:54:20 UTC
FEDORA-2021-24fe20bf97 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.