aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/sshit/Makefile46
-rw-r--r--security/sshit/distinfo3
-rw-r--r--security/sshit/files/pkg-message.in24
-rw-r--r--security/sshit/pkg-descr7
-rw-r--r--security/sshit/pkg-plist4
6 files changed, 85 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 83cdb7f374cc..6e61362cf558 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -536,6 +536,7 @@
SUBDIR += ssh2
SUBDIR += ssh2-nox11
SUBDIR += ssh_askpass_gtk2
+ SUBDIR += sshit
SUBDIR += sslproxy
SUBDIR += sslsniffer
SUBDIR += sslwrap
diff --git a/security/sshit/Makefile b/security/sshit/Makefile
new file mode 100644
index 000000000000..623f37de90cb
--- /dev/null
+++ b/security/sshit/Makefile
@@ -0,0 +1,46 @@
+# New ports collection makefile for: sshit
+# Date created: 18 December 2005
+# Whom: Jui-Nan Lin <jnlin@csie.nctu.edu.tw>
+#
+# $FreeBSD$
+#
+
+PORTNAME= sshit
+PORTVERSION= 0.5
+CATEGORIES= security
+MASTER_SITES= http://anp.ath.cx/sshit/ \
+ ${MASTER_SITE_LOCAL}
+
+MAINTAINER= jnlin@csie.nctu.edu.tw
+COMMENT= Checks for SSH/FTP bruteforce and blocks given IPs
+
+RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \
+ ${SITE_PERL}/IPC/Shareable.pm:${PORTSDIR}/devel/p5-IPC-Shareable \
+ ${SITE_PERL}/Proc/PID/File.pm:${PORTSDIR}/devel/p5-Proc-PID-File
+
+NO_BUILD= yes
+USE_PERL5_RUN= yes
+
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
+PKGMESSAGE= ${WRKDIR}/pkg-message
+SUB_FILES= pkg-message
+
+.include <bsd.port.pre.mk>
+
+.if ${PERL_LEVEL} < 500600
+IGNORE= perl 5.6 or newer required. Install lang/perl5 or lang/perl5.8 and try again
+.endif
+
+do-install:
+ ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME}.pl ${PREFIX}/sbin/${PORTNAME}
+ ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf-dist
+
+post-install:
+ @if [ ! -f ${PREFIX}/etc/${PORTNAME}.conf ]; then \
+ ${CP} -p ${PREFIX}/etc/${PORTNAME}.conf-dist ${PREFIX}/etc/${PORTNAME}.conf ; \
+ fi
+.if !defined(BATCH)
+ @${CAT} ${PKGMESSAGE}
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/sshit/distinfo b/security/sshit/distinfo
new file mode 100644
index 000000000000..011dbbd2825a
--- /dev/null
+++ b/security/sshit/distinfo
@@ -0,0 +1,3 @@
+MD5 (sshit-0.5.tar.gz) = 1b3f40e08a10919820eb5ecbfa3bc34b
+SHA256 (sshit-0.5.tar.gz) = eb65e94820fbfbd75d8227de9cd7f42b8b497c1bfac350fbb9d4ef51d85b442d
+SIZE (sshit-0.5.tar.gz) = 4065
diff --git a/security/sshit/files/pkg-message.in b/security/sshit/files/pkg-message.in
new file mode 100644
index 000000000000..ad453524ab58
--- /dev/null
+++ b/security/sshit/files/pkg-message.in
@@ -0,0 +1,24 @@
+===> CONFIGURATION NOTE:
+
+ Configuration of sshit is done via main configuration file
+ located at %%PREFIX%%/etc/sshit.conf
+
+ To run the script, add a line in /etc/syslog.conf:
+
+auth.info;authpriv.info |exec %%PREFIX%%/sbin/sshit
+
+ and restart syslogd.
+
+ If you want to use pf as the firewall, you should add a table and the
+ corresponding deny rule. For example,
+ (In /etc/pf.conf)
+
+table <badhosts> persist
+block on $extdev from <badhosts> to any
+
+ and reload the pf rules.
+
+ If you want to use ipfw2 (with table) as the firewall, you should add a
+ table and the corresponding deny rule. For example,
+
+# ipfw add deny ip from table(0) to any
diff --git a/security/sshit/pkg-descr b/security/sshit/pkg-descr
new file mode 100644
index 000000000000..aed2ed154601
--- /dev/null
+++ b/security/sshit/pkg-descr
@@ -0,0 +1,7 @@
+sshit is a perl script, which works along with ipfw, ipfw2, and pf.
+It parses the output of syslogd, find out SSH/FTP bruteforce attacks.
+If the number of failed login is more than a threshold that administarator
+set, sshit will block the source IP via firewall for a while
+(administrators can set the period of blocking).
+
+WWW: http://anp.ath.cx/sshit/
diff --git a/security/sshit/pkg-plist b/security/sshit/pkg-plist
new file mode 100644
index 000000000000..35eacea9b940
--- /dev/null
+++ b/security/sshit/pkg-plist
@@ -0,0 +1,4 @@
+@unexec if cmp -s %D/etc/sshit.conf %D/etc/sshit.conf-dist; then rm -f %D/etc/sshit.conf; fi
+etc/sshit.conf-dist
+@exec if [ ! -f %D/etc/sshit.conf ] ; then cp -p %D/%F %B/sshit.conf; fi
+sbin/sshit