ports/90811: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields

Thu Dec 22 15:00:39 UTC 2005

>Number:         90811
>Category:       ports
>Synopsis:       New port: security/ipfcount Summarise ipf logs by counting and sorting the fields
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 22 15:00:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Robert Archer <freebsd at deathbeforedecaf.net>
>Release:        FreeBSD 4.11-RELEASE i386
>Organization:
>Environment:
System: FreeBSD gir.0x7e.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Wed Sep 14 12:55:17 CST 2005 rob at goo.0x7e.net:/tmp/GIR i386

>Description:
ipfcount reads ipf(8) logs and extracts the following fields:

  iface group rule action shost sport dhost dport proto flags type dir

You can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts',
or 'incoming connections sorted by interface and protocol'.

For more sophisticated lists, you can filter the entries using Perl expressions.

WWW: http://deathbeforedecaf.net/misc/ports

>How-To-Repeat:

>Fix:
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	ipfcount
#	ipfcount/Makefile
#	ipfcount/distinfo
#	ipfcount/files
#	ipfcount/files/pkg-message.in
#	ipfcount/pkg-descr
#
echo c - ipfcount
mkdir -p ipfcount > /dev/null 2>&1
echo x - ipfcount/Makefile
sed 's/^X//' >ipfcount/Makefile << 'END-of-ipfcount/Makefile'
X# New ports collection makefile for:	ipfcount
X# Date created:				22 December 2005
X# Whom:					Robert Archer <freebsd at deathbeforedecaf.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	ipfcount
XPORTVERSION=	0.1
XCATEGORIES=	security
XMASTER_SITES=	http://deathbeforedecaf.net/misc/ports/ \
X		http://users.netleader.com.au/~rob/
X
XMAINTAINER=	freebsd at deathbeforedecaf.net
XCOMMENT=	Summarise ipf logs by counting and sorting the fields
X
XPLIST_FILES=	bin/ipfcount \
X		%%EXAMPLESDIR%%/100.ipfcount
XPLIST_DIRS=	%%EXAMPLESDIR%%
X
XMAN1=		ipfcount.1
X
XSUB_FILES=	pkg-message
X
XUSE_PERL5=	yes
XUSE_REINPLACE=	yes
X
X.include <bsd.port.pre.mk>
X
X.if ${PERL_LEVEL} < 5006
XIGNORE=		requires perl 5.6 or higher - see the lang/perl5.8 port
X.endif
X
Xpost-patch:
X	${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount
X
Xdo-build:
X	cd ${WRKSRC} && pod2man ipfcount > ipfcount.1
X
Xdo-install:
X	${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin
X	${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1
X	${MKDIR} ${EXAMPLESDIR}
X	${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR}
X
Xpost-install:
X	@${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-ipfcount/Makefile
echo x - ipfcount/distinfo
sed 's/^X//' >ipfcount/distinfo << 'END-of-ipfcount/distinfo'
XMD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7
XSIZE (ipfcount-0.1.tar.gz) = 3757
END-of-ipfcount/distinfo
echo c - ipfcount/files
mkdir -p ipfcount/files > /dev/null 2>&1
echo x - ipfcount/files/pkg-message.in
sed 's/^X//' >ipfcount/files/pkg-message.in << 'END-of-ipfcount/files/pkg-message.in'
X
X  To summarise ipf(8) logs in your daily security check:
X
X  * Copy %%EXAMPLESDIR%%/100.ipfcount to
X    %%PREFIX%%/etc/periodic/security
X
X  * Add the line
X
X      daily_status_security_ipfcount_enable="YES"
X
X    to /etc/periodic.conf
X
END-of-ipfcount/files/pkg-message.in
echo x - ipfcount/pkg-descr
sed 's/^X//' >ipfcount/pkg-descr << 'END-of-ipfcount/pkg-descr'
Xipfcount reads ipf(8) logs and extracts the following fields:
X
X  iface group rule action shost sport dhost dport proto flags type dir
X
XYou can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts',
Xor 'incoming connections sorted by interface and protocol'.
X
XFor more sophisticated lists, you can filter the entries using Perl expressions.
X
XWWW: http://deathbeforedecaf.net/misc/ports
END-of-ipfcount/pkg-descr
exit

>Release-Note:
>Audit-Trail:
>Unformatted: