diff options
Diffstat (limited to 'security/sshit')
| -rw-r--r-- | security/sshit/Makefile | 4 | ||||
| -rw-r--r-- | security/sshit/files/patch-sshit.diff | 63 |
2 files changed, 62 insertions, 5 deletions
diff --git a/security/sshit/Makefile b/security/sshit/Makefile index c52f2c8c61da..1f87f2c99403 100644 --- a/security/sshit/Makefile +++ b/security/sshit/Makefile @@ -7,12 +7,12 @@ PORTNAME= sshit PORTVERSION= 0.6 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= http://anp.ath.cx/sshit/ \ ${MASTER_SITE_LOCAL} -MAINTAINER= jnlin@csie.nctu.edu.tw +MAINTAINER= rafan@FreeBSD.org COMMENT= Checks for SSH/FTP bruteforce and blocks given IPs RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \ diff --git a/security/sshit/files/patch-sshit.diff b/security/sshit/files/patch-sshit.diff index 9d2103cea34e..8f4d7950dea8 100644 --- a/security/sshit/files/patch-sshit.diff +++ b/security/sshit/files/patch-sshit.diff @@ -1,11 +1,68 @@ ---- sshit.orig Sun Aug 5 10:56:39 2007 -+++ sshit Sun Aug 5 10:59:03 2007 +--- sshit.orig 2007-11-07 13:56:13.000000000 +0800 ++++ sshit 2007-11-07 13:56:16.000000000 +0800 +@@ -283,7 +283,7 @@ + if ($list{$ip}{n} < $MAX_COUNT) { + # delete all ip's that hasn't reached $MAX_COUNT within time + if (time() - $list{$ip}{time} > $WITHIN_TIME) { +- syslog(LOG_ERR, "janitor deleted $ip (did not reach $MAX_COUNT attempts within $WITHIN_TIME seconds)\n"); ++ syslog(LOG_INFO, "janitor deleted $ip (did not reach $MAX_COUNT attempts within $WITHIN_TIME seconds)\n"); + delete($list{$ip}); + } + } else { +@@ -297,7 +297,7 @@ + } elsif ($FIREWALL_TYPE =~ /^pf$/i) { + system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip"); + } +- syslog(LOG_ERR, "janitor removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n"); ++ syslog(LOG_INFO, "janitor removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n"); + delete($list{$ip}); + } + } @@ -317,7 +317,7 @@ while (<>) { chomp; - if (/(failed|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|[\da-fA-F:]+)/i ) { # IPv4 & IPv6 -+ if (/(failed|error|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|([a-z-]+\.)+[a-z]{2,4}|[\da-fA-F:]+)/i ) { # IPv4 & IPv6 ++ if (/(failed|error|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|[\da-f:]*:[\da-f:]+|([\da-z-]+\.)+[a-z]{2,4})/i ) { # IPv4 & IPv6 $ip = $2; if ($list{$ip}{name}) { if ($list{$ip}{n} >= $MAX_COUNT) { +@@ -339,17 +339,17 @@ + # Assign a rule number and do the actual block + $list{$ip}{rulenr} = $ipfw_rulenr; + system("$IPFW_CMD add $ipfw_rulenr deny tcp from $ip to me 21,22 > /dev/null"); +- syslog(LOG_ERR, "BLOCKING $ip, rule $ipfw_rulenr\n"); ++ syslog(LOG_INFO, "BLOCKING $ip, rule $ipfw_rulenr\n"); + $ipfw_rulenr++; + if ($ipfw_rulenr > $IPFW_RULE_END) { $ipfw_rulenr = $IPFW_RULE_START; } + + } elsif ($FIREWALL_TYPE =~ /^ipfw2$/i) { + system("$IPFW2_CMD table $IPFW2_TABLE_NO add $ip"); +- syslog(LOG_ERR, "BLOCKING $ip with ipfw2\n"); ++ syslog(LOG_INFO, "BLOCKING $ip with ipfw2\n"); + + } elsif ($FIREWALL_TYPE =~ /^pf$/i) { + system("$PFCTL_CMD -t $PF_TABLE -Tadd $ip"); +- syslog(LOG_ERR, "BLOCKING $ip with pf\n"); ++ syslog(LOG_INFO, "BLOCKING $ip with pf\n"); + } + } + } +@@ -364,7 +364,7 @@ + } + } + +-syslog(LOG_ERR, "fd closed. clean up"); ++syslog(LOG_INFO, "fd closed. clean up"); + foreach $ip (keys %list) { + if($FIREWALL_TYPE =~ /^ipfw$/i) + { +@@ -374,7 +374,7 @@ + } elsif ($FIREWALL_TYPE =~ /^pf$/i) { + system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip"); + } +- syslog(LOG_ERR, "main removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n"); ++ syslog(LOG_INFO, "main removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n"); + delete($list{$ip}); + } + |