Add bruteblock 0.0.4, software for blocking bruteforce attacks with

ipfw.

PR:		ports/101254
Submitted by:	Dmitry Marakasov <amdmi3 at mail.ru>

7 files changed, 123 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 7fa4d2ea75a8..1e0560b34a18 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -39,6 +39,7 @@
     SUBDIR += borzoi
     SUBDIR += botan
     SUBDIR += bro
+    SUBDIR += bruteblock
     SUBDIR += bruteforceblocker
     SUBDIR += bsdsfv
     SUBDIR += bsp_upektfmess
diff --git a/security/bruteblock/Makefile b/security/bruteblock/Makefile
new file mode 100644
index 000000000000..4caa2634e74f
--- /dev/null
+++ b/security/bruteblock/Makefile
@@ -0,0 +1,49 @@
+# New ports collection makefile for:	bruteblock
+# Date created:		30 Jul 2006
+# Whom:			Dmitry Marakasov <amdmi3@mail.ru>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	bruteblock
+PORTVERSION=	0.0.4
+CATEGORIES=	security
+MASTER_SITES=	http://samm.kiev.ua/bruteblock/
+
+MAINTAINER=	amdmi3@mail.ru
+COMMENT=	Software for blocking bruteforce attacks with ipfw
+
+LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
+
+PKGMESSAGE=	${WRKDIR}/pkg-message
+SUB_FILES=	pkg-message
+
+USE_RC_SUBR=	bruteblockd.sh
+MAN8=		bruteblock.8
+
+CONFDIR=	${PREFIX}/etc/${PORTNAME}
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 503000
+IGNORE=		requires FreeBSD >= 5.3
+.endif
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/bruteblock ${PREFIX}/sbin/
+	${INSTALL_PROGRAM} ${WRKSRC}/bruteblockd ${PREFIX}/sbin/
+	${MKDIR} ${PREFIX}/etc/bruteblock
+.for file in ssh	# more configs are planned to be added
+	${INSTALL_DATA} ${WRKSRC}/etc/${file}.conf ${CONFDIR}/${file}.conf.dist
+	if [ ! -f ${CONFDIR}/${file}.conf ]; then \
+		${INSTALL_DATA} ${CONFDIR}/${file}.conf.dist ${CONFDIR}/${file}.conf; \
+	fi
+.endfor
+	${INSTALL_MAN} ${WRKSRC}/doc/bruteblock.8 ${PREFIX}/man/man8/
+
+post-install:
+.if !defined(BATCH)
+	@${CAT} ${PKGMESSAGE}
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/bruteblock/distinfo b/security/bruteblock/distinfo
new file mode 100644
index 000000000000..cbf9a686bff1
--- /dev/null
+++ b/security/bruteblock/distinfo
@@ -0,0 +1,3 @@
+MD5 (bruteblock-0.0.4.tar.gz) = 01f2a300dd4abb28fc377de5848aa80e
+SHA256 (bruteblock-0.0.4.tar.gz) = f13df7f866842c4f32b7d6b13df0fac3250a41f646602581452af623c790159b
+SIZE (bruteblock-0.0.4.tar.gz) = 24170
diff --git a/security/bruteblock/files/bruteblockd.sh.in b/security/bruteblock/files/bruteblockd.sh.in
new file mode 100644
index 000000000000..a673c5b1a3cb
--- /dev/null
+++ b/security/bruteblock/files/bruteblockd.sh.in
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# PROVIDE: bruteblockd
+# REQUIRE: NETWORKING syslogd
+# KEYWORD: nojail
+
+. %%RC_SUBR%%
+
+name="bruteblockd"
+rcvar=`set_rcvar`
+
+load_rc_config $name
+
+: ${bruteblockd_enable="NO"}
+
+pidfile="/var/run/${name}.pid"
+command=%%PREFIX%%/sbin/${name}
+command_args="-p ${pidfile} -t ${bruteblockd_table}"
+start_precmd="bruteblockd_precmd"
+
+bruteblockd_precmd()
+{
+	if [ -z "${bruteblockd_table}" ]; then
+		err 1 "Please specify ipfw table number with bruteblockd_table parameter in /etc/rc.conf (see bruteblock(8))"
+	fi
+}
+
+run_rc_command "$1"
diff --git a/security/bruteblock/files/pkg-message.in b/security/bruteblock/files/pkg-message.in
new file mode 100644
index 000000000000..9ba1c6390b65
--- /dev/null
+++ b/security/bruteblock/files/pkg-message.in
@@ -0,0 +1,26 @@
+===>  CONFIGURATION NOTE:
+
+  Configuration of the bruteblock is done via configuration files
+  located at %%PREFIX%%/etc/bruteblock/
+
+  To run the script, add a line in /etc/syslog.conf:
+
+auth.info;authpriv.info                         |exec %%PREFIX%%/sbin/bruteblock -f %%PREFIX%%/etc/bruteblock/ssh.conf
+
+  and restart syslogd.
+
+  Also you should add ipfw2 table and the corresponding deny rule.
+  For example,
+
+# ipfw add deny ip from table(1) to any  
+
+  Next, you'll want to setup periodical cleanup of ipfw2 table.  Add following 
+  lines to /etc/rc.conf:
+
+     bruteblockd_enable="YES"
+     bruteblockd_table="1"
+     bruteblockd_flags="-s 5"
+ 
+  and start bruteblockd: %%PREFIX%%/etc/rc.d/bruteblockd.sh start
+
+See bruteblock(8) for more detailts.
diff --git a/security/bruteblock/pkg-descr b/security/bruteblock/pkg-descr
new file mode 100644
index 000000000000..57338d2d1f29
--- /dev/null
+++ b/security/bruteblock/pkg-descr
@@ -0,0 +1,10 @@
+Bruteblock allows system administrators to block various bruteforce
+attacks on UNIX services. The program analyzes system logs and adds
+attacker's IP address into ipfw2 table effectively blocking them.
+Addresses are automatically removed from the table after specified
+amount of time. Bruteblock uses regular expressions to parse logs,
+which provides flexibility allowing it to be used with almost any
+network service.  Bruteblock is written in pure C, doesn't use any
+external programs and work with ipfw2 tables via raw sockets API.
+
+WWW: http://samm.kiev.ua/bruteblock/
diff --git a/security/bruteblock/pkg-plist b/security/bruteblock/pkg-plist
new file mode 100644
index 000000000000..9a292b14bb6e
--- /dev/null
+++ b/security/bruteblock/pkg-plist
@@ -0,0 +1,6 @@
+sbin/bruteblock
+sbin/bruteblockd
+@unexec if cmp -s %D/etc/bruteblock/ssh.conf.dist %D/etc/bruteblock/ssh.conf; then rm -f %D/etc/bruteblock/ssh.conf; fi
+etc/bruteblock/ssh.conf.dist
+@exec if [ ! -f %D/etc/bruteblock/ssh.conf ]; then cp -p %D/%F %B/bruteblock/ssh.conf; fi
+@dirrmtry etc/bruteblock