ports/68661: New port: security/ipfilterDshield, a dshield clent for ipfilter logs

fbsd_user at a1poweruser.com fbsd_user at a1poweruser.com
Sun Jul 4 17:20:17 UTC 2004 

>Number:         68661
>Category:       ports
>Synopsis:       New port: security/ipfilterDshield, a dshield clent for ipfilter logs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 04 17:20:08 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Joe Barbish
>Release:        FreeBSD 4.9-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD achilles.tractrix.org 4.9-RELEASE FreeBSD 4.9-RELEASE #5: Wed Jun 2 17:28:48 CEST 2004 root at achilles.tractrix.org:/usr/src/sys/compile/ACHILLES i386


>Description:
	This perl script is an official DShield client who's purpose is to
	read your FreeBSD ipfilter firewall ipmon log file and convert the 
	log records to the standard DShield reporting record format, and 
	imbed the converted log records into the body of an email that gets 
	sent to DShield for automatic addition to their database and abuse 
	reporting to the offenders ISP if you are an subscribed DShield member.

	Script contains user customable defaults which can be overridden with
	command line flags. (visit http://www.dshield.org for details).

>How-To-Repeat:

>Fix:

--- ipfilterDshield-1.0.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	security/ipfilterDshield
#	security/ipfilterDshield/Makefile
#	security/ipfilterDshield/pkg-descr
#	security/ipfilterDshield/pkg-plist
#	security/ipfilterDshield/distinfo
#	security/ipfilterDshield/pkg-message
#	security/ipfilterDshield/pkg-deinstall
#
echo c - security/ipfilterDshield
mkdir -p security/ipfilterDshield > /dev/null 2>&1
echo x - security/ipfilterDshield/Makefile
sed 's/^X//' >security/ipfilterDshield/Makefile << 'END-of-security/ipfilterDshield/Makefile'
X# New ports collection makefile for:	ipfilterDshield
X# Date created:		18 June 2004
X# Whom:			Frank W. Josellis <frank at dynamical-systems.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	ipfilterDshield
XPORTVERSION=	1.0
XCATEGORIES=	security
XMASTER_SITES=	http://www.dshield.org/clients/
XDISTNAME=	dshield-freebsd.pl
XEXTRACT_SUFX=	.txt
X
XMAINTAINER=	fbsd_user at a1poweruser.com
XCOMMENT=	Official DShield client, based on ipfilter firewall log data
X
XRUN_DEPENDS=	${SITE_PERL}/Net/Netmask.pm:${PORTSDIR}/net-mgmt/p5-Net-Netmask
X
XUSE_PERL5=	yes
X
XPKGMESSAGE=	${WRKDIR}/pkg-message
XPKGDEINSTALL=	${WRKDIR}/pkg-deinstall
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 490000
XIGNORE=		"Not supported on releases prior to 4.9"
X.endif
X
Xdo-extract:
X	[ -d ${WRKDIR} ] || ${MKDIR} ${WRKDIR}
X	${CP} ${DISTDIR}/${DISTFILES} ${WRKDIR}/${DISTNAME}
X
Xdo-build:
X
Xpre-install:
X	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X		-e "s=%%DISTNAME%%=${DISTNAME}=g" \
X		pkg-message > ${PKGMESSAGE}
X	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X		-e "s=%%PORTNAME%%=${PORTNAME}=g" \
X		-e "s=%%DISTNAME%%=${DISTNAME}=g" \
X		pkg-deinstall > ${PKGDEINSTALL}
X
Xdo-install:
X	[ -d ${PREFIX}/etc/${PORTNAME} ] || ${MKDIR} ${PREFIX}/etc/${PORTNAME}
X	${INSTALL} -o root -g wheel -m 644 ${WRKDIR}/${DISTNAME} \
X		${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist
X	${INSTALL} -o root -g wheel -m 760 ${WRKDIR}/${DISTNAME} ${PREFIX}/sbin
X
Xpost-install:
X	@${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-security/ipfilterDshield/Makefile
echo x - security/ipfilterDshield/pkg-descr
sed 's/^X//' >security/ipfilterDshield/pkg-descr << 'END-of-security/ipfilterDshield/pkg-descr'
XThis perl script is an official DShield client who's purpose is to 
Xread your FreeBSD ipfilter firewall ipmon log file and convert the
Xlog records to the standard DShield reporting record format, and 
Ximbed the converted log records into the body of an email that gets 
Xsent to DShield for automatic addition to their database and abuse 
Xreporting to the offenders ISP if you are an subscribed DShield member.
X
XScript contains user customable defaults which can be overridden with
Xcommand line flags. (visit http://www.dshield.org for details).
X
XScript is installed into /usr/local/sbin where you can edit the
Xdefaults to meet your requirements. Issue rehash command to enable.
X
XWWW: http://www.dshield.org/linux_clients.php#freebsd
X
XJoe Barbish
Xfbsd_user at a1poweruser.com
END-of-security/ipfilterDshield/pkg-descr
echo x - security/ipfilterDshield/pkg-plist
sed 's/^X//' >security/ipfilterDshield/pkg-plist << 'END-of-security/ipfilterDshield/pkg-plist'
Xetc/ipfilterDshield/dshield-freebsd.pl.dist
Xsbin/dshield-freebsd.pl
X at dirrm etc/ipfilterDshield
END-of-security/ipfilterDshield/pkg-plist
echo x - security/ipfilterDshield/distinfo
sed 's/^X//' >security/ipfilterDshield/distinfo << 'END-of-security/ipfilterDshield/distinfo'
XMD5 (dshield-freebsd.pl.txt) = 883d9f1516dfefe3ec01c0dab9df9917
XSIZE (dshield-freebsd.pl.txt) = 15458
END-of-security/ipfilterDshield/distinfo
echo x - security/ipfilterDshield/pkg-message
sed 's/^X//' >security/ipfilterDshield/pkg-message << 'END-of-security/ipfilterDshield/pkg-message'
X***************************************************************************
X
XInstaller instructions.  This port has installed the
X%%DISTNAME%% script into %%PREFIX%%/sbin directory.
X
XYou have to edit the script and change the default email address in
Xthe script source. Script contains comments explaining what needs to
Xbe changed. You also have to create an exclude file, follow
Xinstructions in the script about the syntax of the exclude file
Xcontent.
X
XTo receive feedback reports and see your submitted log data online
Xat dshield.org you have to sign up for free membership. See
Xwww.dshield.org for details.
X
XThis script is part of the "proactive probing abuse reporting
Xsystem"  port ppars-1.0 which has scripts that report abuse to your
XISP and to the owning ISP from which the probe packets came from.
XAlso contained in the ppars-1.0 port is instructions on how to auto
Xlaunch the scripts only when the ipfilter log is rotated by
Xnewsyslog, which you may find useful for launching the dshield
Xscript installed by this port.
X
X***************************************************************************
END-of-security/ipfilterDshield/pkg-message
echo x - security/ipfilterDshield/pkg-deinstall
sed 's/^X//' >security/ipfilterDshield/pkg-deinstall << 'END-of-security/ipfilterDshield/pkg-deinstall'
X#!/bin/sh
X
XPREFIX=%%PREFIX%%
XPORTNAME=%%PORTNAME%%
XDISTNAME=%%DISTNAME%%
X
X# Restore the original script to undo any customization and thus 
X# to allow clean deinstallation. 
X# 
Xif [ -f ${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist ]; then
X    install -o root -g wheel -m 760 \
X	${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist ${PREFIX}/sbin/${DISTNAME}
Xfi
X
Xexit 0
END-of-security/ipfilterDshield/pkg-deinstall
exit
--- ipfilterDshield-1.0.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list