diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/sshit/Makefile | 46 | ||||
-rw-r--r-- | security/sshit/distinfo | 3 | ||||
-rw-r--r-- | security/sshit/files/pkg-message.in | 24 | ||||
-rw-r--r-- | security/sshit/pkg-descr | 7 | ||||
-rw-r--r-- | security/sshit/pkg-plist | 4 |
6 files changed, 85 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 83cdb7f374cc..6e61362cf558 100644 --- a/security/Makefile +++ b/security/Makefile @@ -536,6 +536,7 @@ SUBDIR += ssh2 SUBDIR += ssh2-nox11 SUBDIR += ssh_askpass_gtk2 + SUBDIR += sshit SUBDIR += sslproxy SUBDIR += sslsniffer SUBDIR += sslwrap diff --git a/security/sshit/Makefile b/security/sshit/Makefile new file mode 100644 index 000000000000..623f37de90cb --- /dev/null +++ b/security/sshit/Makefile @@ -0,0 +1,46 @@ +# New ports collection makefile for: sshit +# Date created: 18 December 2005 +# Whom: Jui-Nan Lin <jnlin@csie.nctu.edu.tw> +# +# $FreeBSD$ +# + +PORTNAME= sshit +PORTVERSION= 0.5 +CATEGORIES= security +MASTER_SITES= http://anp.ath.cx/sshit/ \ + ${MASTER_SITE_LOCAL} + +MAINTAINER= jnlin@csie.nctu.edu.tw +COMMENT= Checks for SSH/FTP bruteforce and blocks given IPs + +RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \ + ${SITE_PERL}/IPC/Shareable.pm:${PORTSDIR}/devel/p5-IPC-Shareable \ + ${SITE_PERL}/Proc/PID/File.pm:${PORTSDIR}/devel/p5-Proc-PID-File + +NO_BUILD= yes +USE_PERL5_RUN= yes + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} +PKGMESSAGE= ${WRKDIR}/pkg-message +SUB_FILES= pkg-message + +.include <bsd.port.pre.mk> + +.if ${PERL_LEVEL} < 500600 +IGNORE= perl 5.6 or newer required. Install lang/perl5 or lang/perl5.8 and try again +.endif + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME}.pl ${PREFIX}/sbin/${PORTNAME} + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf-dist + +post-install: + @if [ ! -f ${PREFIX}/etc/${PORTNAME}.conf ]; then \ + ${CP} -p ${PREFIX}/etc/${PORTNAME}.conf-dist ${PREFIX}/etc/${PORTNAME}.conf ; \ + fi +.if !defined(BATCH) + @${CAT} ${PKGMESSAGE} +.endif + +.include <bsd.port.post.mk> diff --git a/security/sshit/distinfo b/security/sshit/distinfo new file mode 100644 index 000000000000..011dbbd2825a --- /dev/null +++ b/security/sshit/distinfo @@ -0,0 +1,3 @@ +MD5 (sshit-0.5.tar.gz) = 1b3f40e08a10919820eb5ecbfa3bc34b +SHA256 (sshit-0.5.tar.gz) = eb65e94820fbfbd75d8227de9cd7f42b8b497c1bfac350fbb9d4ef51d85b442d +SIZE (sshit-0.5.tar.gz) = 4065 diff --git a/security/sshit/files/pkg-message.in b/security/sshit/files/pkg-message.in new file mode 100644 index 000000000000..ad453524ab58 --- /dev/null +++ b/security/sshit/files/pkg-message.in @@ -0,0 +1,24 @@ +===> CONFIGURATION NOTE: + + Configuration of sshit is done via main configuration file + located at %%PREFIX%%/etc/sshit.conf + + To run the script, add a line in /etc/syslog.conf: + +auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshit + + and restart syslogd. + + If you want to use pf as the firewall, you should add a table and the + corresponding deny rule. For example, + (In /etc/pf.conf) + +table <badhosts> persist +block on $extdev from <badhosts> to any + + and reload the pf rules. + + If you want to use ipfw2 (with table) as the firewall, you should add a + table and the corresponding deny rule. For example, + +# ipfw add deny ip from table(0) to any diff --git a/security/sshit/pkg-descr b/security/sshit/pkg-descr new file mode 100644 index 000000000000..aed2ed154601 --- /dev/null +++ b/security/sshit/pkg-descr @@ -0,0 +1,7 @@ +sshit is a perl script, which works along with ipfw, ipfw2, and pf. +It parses the output of syslogd, find out SSH/FTP bruteforce attacks. +If the number of failed login is more than a threshold that administarator +set, sshit will block the source IP via firewall for a while +(administrators can set the period of blocking). + +WWW: http://anp.ath.cx/sshit/ diff --git a/security/sshit/pkg-plist b/security/sshit/pkg-plist new file mode 100644 index 000000000000..35eacea9b940 --- /dev/null +++ b/security/sshit/pkg-plist @@ -0,0 +1,4 @@ +@unexec if cmp -s %D/etc/sshit.conf %D/etc/sshit.conf-dist; then rm -f %D/etc/sshit.conf; fi +etc/sshit.conf-dist +@exec if [ ! -f %D/etc/sshit.conf ] ; then cp -p %D/%F %B/sshit.conf; fi +sbin/sshit |