Date: Wed, 2 Aug 2006 14:45:19 +0400 (MSD) From: Dmitry Marakasov <amdmi3@mail.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/101254: [NEW PORT] security/bruteblock Software for blocking bruteforce attacks with ipfw Message-ID: <20060802104519.CC0FC417F@hades.panopticon> Resent-Message-ID: <200608021050.k72AoEV8037979@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 101254 >Category: ports >Synopsis: [NEW PORT] security/bruteblock Software for blocking bruteforce attacks with ipfw >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 02 10:50:13 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Dmitry Marakasov >Release: FreeBSD 6.1-RELEASE i386 >Organization: >Environment: System: FreeBSD hades.panopticon 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu May 11 15:07:32 MSD 2006 amdmi3@hades.panopticon:/usr/obj/usr/src/sys/HADES i386 >Description: Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP address into ipfw2 table effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which provides flexibility allowing it to be used with almost any network service. Bruteblock is written in pure C, doesn't use any external programs and work with ipfw2 tables via raw sockets API. WWW: http://samm.kiev.ua/bruteblock/index.html.en WWW: http://samm.kiev.ua/bruteblock/ (Russian) >How-To-Repeat: >Fix: --- bruteblock-0.0.2.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # bruteblock # bruteblock/Makefile # bruteblock/pkg-plist # bruteblock/pkg-descr # bruteblock/distinfo # bruteblock/files # bruteblock/files/bruteblockd.sh.in # echo c - bruteblock mkdir -p bruteblock > /dev/null 2>&1 echo x - bruteblock/Makefile sed 's/^X//' >bruteblock/Makefile << 'END-of-bruteblock/Makefile' X# New ports collection makefile for: bruteblock X# Date created: 30 Jul 2006 X# Whom: Dmitry Marakasov <amdmi3@mail.ru> X# X# $FreeBSD$ X# X XPORTNAME= bruteblock XPORTVERSION= 0.0.2 XCATEGORIES= security XMASTER_SITES= http://samm.kiev.ua/bruteblock/ X XMAINTAINER= amdmi3@mail.ru XCOMMENT= Software for blocking bruteforce attacks with ipfw X XLIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre X XUSE_RC_SUBR= bruteblockd.sh XMAN8= bruteblock.8 X X.include <bsd.port.pre.mk> X X.if ${OSVERSION} < 503000 XIGNORE= requires FreeBSD >= 5.3 X.endif X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/bruteblock ${PREFIX}/sbin/ X ${INSTALL_PROGRAM} ${WRKSRC}/bruteblockd ${PREFIX}/sbin/ X ${MKDIR} ${PREFIX}/etc/bruteblock X.for file in ssh # more configs are planned to be added X ${INSTALL_DATA} ${WRKSRC}/etc/bruteblock-${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf.dist X if [ ! -f ${PREFIX}/etc/bruteblock/${file}.conf ]; then \ X ${INSTALL_DATA} ${WRKSRC}/etc/bruteblock-${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf; \ X fi X.endfor X ${INSTALL_MAN} ${WRKSRC}/doc/bruteblock.8 ${PREFIX}/man/man8/ X X.include <bsd.port.post.mk> END-of-bruteblock/Makefile echo x - bruteblock/pkg-plist sed 's/^X//' >bruteblock/pkg-plist << 'END-of-bruteblock/pkg-plist' Xsbin/bruteblock Xsbin/bruteblockd X@unexec if cmp -s %D/etc/bruteblock/ssh.conf %D/etc/bruteblock/ssh.conf.dist; then rm -f %D/etc/bruteblock/ssh.conf; fi Xetc/bruteblock/ssh.conf.dist X@exec if [ ! -f %D/etc/bruteblock/ssh.conf ]; then cp -p %D/etc/bruteblock/ssh.conf.dist %D/etc/bruteblock/ssh.conf; fi X@dirrmtry etc/bruteblock END-of-bruteblock/pkg-plist echo x - bruteblock/pkg-descr sed 's/^X//' >bruteblock/pkg-descr << 'END-of-bruteblock/pkg-descr' XBruteblock allows system administrators to block various bruteforce Xattacks on UNIX services. The program analyzes system logs and adds Xattacker's IP address into ipfw2 table effectively blocking them. XAddresses are automatically removed from the table after specified Xamount of time. Bruteblock uses regular expressions to parse logs, Xwhich provides flexibility allowing it to be used with almost any Xnetwork service. Bruteblock is written in pure C, doesn't use any Xexternal programs and work with ipfw2 tables via raw sockets API. X XWWW: http://samm.kiev.ua/bruteblock/index.html.en XWWW: http://samm.kiev.ua/bruteblock/ (Russian) END-of-bruteblock/pkg-descr echo x - bruteblock/distinfo sed 's/^X//' >bruteblock/distinfo << 'END-of-bruteblock/distinfo' XMD5 (bruteblock-0.0.2.tar.gz) = dcf676b29c108b4b9417c145c918b6aa XSHA256 (bruteblock-0.0.2.tar.gz) = 2f8e2860d04a02f31d001d22bafc8a8490809d864c93743b55b190089a0f9fd8 XSIZE (bruteblock-0.0.2.tar.gz) = 21255 END-of-bruteblock/distinfo echo c - bruteblock/files mkdir -p bruteblock/files > /dev/null 2>&1 echo x - bruteblock/files/bruteblockd.sh.in sed 's/^X//' >bruteblock/files/bruteblockd.sh.in << 'END-of-bruteblock/files/bruteblockd.sh.in' X#!/bin/sh X X# PROVIDE: bruteblockd X# REQUIRE: NETWORKING syslogd X# KEYWORD: nojail X X. %%RC_SUBR%% X Xname="bruteblockd" Xrcvar=`set_rcvar` X Xload_rc_config $name X X: ${bruteblockd_enable="NO"} X Xpidfile="/var/run/${name}.pid" Xcommand=%%PREFIX%%/sbin/${name} Xcommand_args="-p ${pidfile} -t ${bruteblockd_table}" Xstart_precmd="bruteblockd_precmd" X Xbruteblockd_precmd() X{ X if [ -z "${bruteblockd_table}" ]; then X err 1 "Please specify ipfw table number with bruteblockd_table parameter in /etc/rc.conf (see bruteblock(8))" X fi X} X Xrun_rc_command "$1" END-of-bruteblock/files/bruteblockd.sh.in exit --- bruteblock-0.0.2.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060802104519.CC0FC417F>