ports/68662: New port: security/ppars (Proactive Probing Abuse Reporting System)
fbsd_user at a1poweruser.com
fbsd_user at a1poweruser.com
Sun Jul 4 17:20:18 UTC 2004
>Number: 68662
>Category: ports
>Synopsis: New port: security/ppars (Proactive Probing Abuse Reporting System)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Jul 04 17:20:08 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Joe Barbish
>Release: FreeBSD 4.9-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD achilles.tractrix.org 4.9-RELEASE FreeBSD 4.9-RELEASE #5: Wed Jun 2 17:28:48 CEST 2004 root at achilles.tractrix.org:/usr/src/sys/compile/ACHILLES i386
>Description:
In an effort to be proactive in doing my part to stop the massive
quantities of internet traffic probing for open ports or more
specifically the probing for known ports that ms/windows spy ware,
Trojans, and what ever other ms/windows ports are commonly probed
which result in increasing my bandwidth usage changes, I wrote this
perl application for reporting that abuse to the senders ISP, with
the hopes they will monitor the abuser and terminate the abuser's
internet account and or take legal action.
>How-To-Repeat:
>Fix:
--- ppars-1.0.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# security/ppars
# security/ppars/Makefile
# security/ppars/pkg-descr
# security/ppars/pkg-plist
# security/ppars/distinfo
# security/ppars/pkg-message
# security/ppars/files
# security/ppars/files/patch-Makefile
# security/ppars/pkg-deinstall
#
echo c - security/ppars
mkdir -p security/ppars > /dev/null 2>&1
echo x - security/ppars/Makefile
sed 's/^X//' >security/ppars/Makefile << 'END-of-security/ppars/Makefile'
X# New ports collection makefile for: ppars
X# Date created: 29 June 2004
X# Whom: Frank W. Josellis <frank at dynamical-systems.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME= ppars
XPORTVERSION= 1.0
XCATEGORIES= security
XMASTER_SITES= http://www.dshield.org/clients/
XDISTNAME= ppars
X
XMAINTAINER= fbsd_user at a1poweruser.com
XCOMMENT= Proactive Probing Abuse Reporting System
X
XRUN_DEPENDS= ${SITE_PERL}/Net/Netmask.pm:${PORTSDIR}/net-mgmt/p5-Net-Netmask
X
XUSE_PERL5= yes
X
XWRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
XPKGMESSAGE= ${WRKSRC}/pkg-message
XPKGDEINSTALL= ${WRKSRC}/pkg-deinstall
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 490000
XIGNORE= "Not supported on releases prior to 4.9"
X.endif
X
Xpre-install:
X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X pkg-message > ${PKGMESSAGE}
X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X -e "s=%%PORTNAME%%=${PORTNAME}=g" \
X pkg-deinstall > ${PKGDEINSTALL}
X
Xpost-install:
X ${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-security/ppars/Makefile
echo x - security/ppars/pkg-descr
sed 's/^X//' >security/ppars/pkg-descr << 'END-of-security/ppars/pkg-descr'
XWelcome to the Proactive Abuse Reporting System.
X
XIn an effort to be proactive in doing my part to stop the massive
Xquantities of internet traffic probing for open ports or more
Xspecifically the probing for known ports that ms/windows spy ware,
XTrojans, and what ever other ms/windows ports are commonly probed
Xwhich result in increasing my bandwidth usage changes, I wrote this
Xperl application for reporting that abuse to the senders ISP, with
Xthe hopes they will monitor the abuser and terminate the abuser's
Xinternet account and or take legal action.
X
XScript is installed into /usr/local/sbin where you can edit the
Xdefaults to meet your requirements. Issue rehash command to enable.
XRun abuse.Reporting.system.pl script for complete overview description
Xof system.
X
X6/1/2004 Author: Joe Barbish, I bequeath these perl scripts to public
Xdomain. It can be copied and distributed for free by anyone to anyone
Xby any manner.
X
XWWW: http://www.dshield.org/linux_clients.php#freebsd
X
XJoe Barbish
Xfbsd_user at a1poweruser.com
END-of-security/ppars/pkg-descr
echo x - security/ppars/pkg-plist
sed 's/^X//' >security/ppars/pkg-plist << 'END-of-security/ppars/pkg-plist'
Xetc/ppars/abuse.Reporting.system.pl.dist
Xetc/ppars/abuse.dshield.pl.dist
Xetc/ppars/abuse.ipflog.rotate.pl.dist
Xetc/ppars/abuse.myisp.pl.dist
Xetc/ppars/abuse.public.ISP0.pl.dist
Xetc/ppars/abuse.public.ISP1.pl.dist
Xsbin/abuse.Reporting.system.pl
Xsbin/abuse.dshield.pl
Xsbin/abuse.ipflog.rotate.pl
Xsbin/abuse.myisp.pl
Xsbin/abuse.public.ISP0.pl
Xsbin/abuse.public.ISP1.pl
X at dirrm etc/ppars
END-of-security/ppars/pkg-plist
echo x - security/ppars/distinfo
sed 's/^X//' >security/ppars/distinfo << 'END-of-security/ppars/distinfo'
XMD5 (ppars.tar.gz) = f7bc273d85dd28e71d2efa8a2551c05a
XSIZE (ppars.tar.gz) = 13219
END-of-security/ppars/distinfo
echo x - security/ppars/pkg-message
sed 's/^X//' >security/ppars/pkg-message << 'END-of-security/ppars/pkg-message'
X***************************************************************************
X
XInstaller instructions. This port has installed the following six
Xscripts into %%PREFIX%%/sbin directory.
X abuse.dshield.pl
X abuse.ipflog.rotate.pl
X abuse.myisp.pl
X abuse.public.ISP0.pl
X abuse.public.ISP1.pl
X abuse.Reporting.system.pl
X
XYou have to edit the scripts and change the default email address in
Xthe script source. Script contains comments explaining what needs to
Xbe changed. In some cases you also have to create an exclude file,
Xfollow instructions in the individual scripts about the syntax of
Xthe exclude file contents.
X
XTo receive feedback reports and see your abuse.dshield.pl submitted
Xlog data online at dshield.org you have to sign up for free
Xmembership. See www.dshield.org for details.
X
XFirst issue rehash command and then run abuse.Reporting.system.pl
Xit contains an overview of how the system works and how to setup the
Xipfilter log so when it's rotated all the scripts will be auto
Xlaunched.
X
X***************************************************************************
END-of-security/ppars/pkg-message
echo c - security/ppars/files
mkdir -p security/ppars/files > /dev/null 2>&1
echo x - security/ppars/files/patch-Makefile
sed 's/^X//' >security/ppars/files/patch-Makefile << 'END-of-security/ppars/files/patch-Makefile'
X--- Makefile.orig Tue Jun 29 22:00:00 2004
X+++ Makefile Sat Jul 3 22:57:14 2004
X@@ -5,9 +5,11 @@
X ###########################################################################
X RMCMD = rm -f
X INSTALL = install
X+MKDIR = mkdir -p
X
X prefix = /usr/local
X sbindir = $(prefix)/sbin
X+etcdir = $(prefix)/etc/ppars
X
X SCRIPTS = \
X abuse.Reporting.system.pl \
X@@ -21,9 +23,11 @@
X all:
X
X install:
X+ @[ -d $(etcdir) ] || $(MKDIR) $(etcdir)
X @for i in $(SCRIPTS); do \
X echo "Installing: $(sbindir)/$$i" ; \
X $(INSTALL) -o root -g wheel -m 700 $$i $(sbindir) ; \
X+ $(INSTALL) -o root -g wheel -m 644 $$i $(etcdir)/$$i.dist ; \
X done
X
X uninstall:
X@@ -35,3 +39,5 @@
X echo "No such file: $(sbindir)/$$i" ; \
X fi \
X done
X+ -$(RMCMD) $(etcdir)/*
X+ -rmdir $(etcdir)
END-of-security/ppars/files/patch-Makefile
echo x - security/ppars/pkg-deinstall
sed 's/^X//' >security/ppars/pkg-deinstall << 'END-of-security/ppars/pkg-deinstall'
X#!/bin/sh
X
XPREFIX=%%PREFIX%%
XPORTNAME=%%PORTNAME%%
X
XSCRIPTS="Reporting.system dshield ipflog.rotate myisp public.ISP0 public.ISP1"
X
X# Restore the original scripts to undo any customization and thus
X# to allow clean deinstallation.
X#
Xfor i in ${SCRIPTS}; do
X SCRIPT=abuse.${i}.pl
X if [ -f ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ]; then
X install -o root -g wheel -m 700 \
X ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ${PREFIX}/sbin/${SCRIPT}
X fi
Xdone
X
Xexit 0
END-of-security/ppars/pkg-deinstall
exit
--- ppars-1.0.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list