ports/90811: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields
Robert Archer
freebsd at deathbeforedecaf.net
Thu Dec 22 15:00:39 UTC 2005
>Number: 90811
>Category: ports
>Synopsis: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 22 15:00:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Robert Archer <freebsd at deathbeforedecaf.net>
>Release: FreeBSD 4.11-RELEASE i386
>Organization:
>Environment:
System: FreeBSD gir.0x7e.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Wed Sep 14 12:55:17 CST 2005 rob at goo.0x7e.net:/tmp/GIR i386
>Description:
ipfcount reads ipf(8) logs and extracts the following fields:
iface group rule action shost sport dhost dport proto flags type dir
You can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts',
or 'incoming connections sorted by interface and protocol'.
For more sophisticated lists, you can filter the entries using Perl expressions.
WWW: http://deathbeforedecaf.net/misc/ports
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# ipfcount
# ipfcount/Makefile
# ipfcount/distinfo
# ipfcount/files
# ipfcount/files/pkg-message.in
# ipfcount/pkg-descr
#
echo c - ipfcount
mkdir -p ipfcount > /dev/null 2>&1
echo x - ipfcount/Makefile
sed 's/^X//' >ipfcount/Makefile << 'END-of-ipfcount/Makefile'
X# New ports collection makefile for: ipfcount
X# Date created: 22 December 2005
X# Whom: Robert Archer <freebsd at deathbeforedecaf.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= ipfcount
XPORTVERSION= 0.1
XCATEGORIES= security
XMASTER_SITES= http://deathbeforedecaf.net/misc/ports/ \
X http://users.netleader.com.au/~rob/
X
XMAINTAINER= freebsd at deathbeforedecaf.net
XCOMMENT= Summarise ipf logs by counting and sorting the fields
X
XPLIST_FILES= bin/ipfcount \
X %%EXAMPLESDIR%%/100.ipfcount
XPLIST_DIRS= %%EXAMPLESDIR%%
X
XMAN1= ipfcount.1
X
XSUB_FILES= pkg-message
X
XUSE_PERL5= yes
XUSE_REINPLACE= yes
X
X.include <bsd.port.pre.mk>
X
X.if ${PERL_LEVEL} < 5006
XIGNORE= requires perl 5.6 or higher - see the lang/perl5.8 port
X.endif
X
Xpost-patch:
X ${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount
X
Xdo-build:
X cd ${WRKSRC} && pod2man ipfcount > ipfcount.1
X
Xdo-install:
X ${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin
X ${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1
X ${MKDIR} ${EXAMPLESDIR}
X ${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR}
X
Xpost-install:
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-ipfcount/Makefile
echo x - ipfcount/distinfo
sed 's/^X//' >ipfcount/distinfo << 'END-of-ipfcount/distinfo'
XMD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7
XSIZE (ipfcount-0.1.tar.gz) = 3757
END-of-ipfcount/distinfo
echo c - ipfcount/files
mkdir -p ipfcount/files > /dev/null 2>&1
echo x - ipfcount/files/pkg-message.in
sed 's/^X//' >ipfcount/files/pkg-message.in << 'END-of-ipfcount/files/pkg-message.in'
X
X To summarise ipf(8) logs in your daily security check:
X
X * Copy %%EXAMPLESDIR%%/100.ipfcount to
X %%PREFIX%%/etc/periodic/security
X
X * Add the line
X
X daily_status_security_ipfcount_enable="YES"
X
X to /etc/periodic.conf
X
END-of-ipfcount/files/pkg-message.in
echo x - ipfcount/pkg-descr
sed 's/^X//' >ipfcount/pkg-descr << 'END-of-ipfcount/pkg-descr'
Xipfcount reads ipf(8) logs and extracts the following fields:
X
X iface group rule action shost sport dhost dport proto flags type dir
X
XYou can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts',
Xor 'incoming connections sorted by interface and protocol'.
X
XFor more sophisticated lists, you can filter the entries using Perl expressions.
X
XWWW: http://deathbeforedecaf.net/misc/ports
END-of-ipfcount/pkg-descr
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list