ports/101254: [NEW PORT] security/bruteblock Software for blocking bruteforce attacks with ipfw

Dmitry Marakasov amdmi3 at mail.ru
Wed Aug 2 10:50:15 UTC 2006 

>Number:         101254
>Category:       ports
>Synopsis:       [NEW PORT] security/bruteblock Software for blocking bruteforce attacks with ipfw
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 02 10:50:13 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Marakasov
>Release:        FreeBSD 6.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD hades.panopticon 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Thu May 11 15:07:32 MSD 2006 amdmi3 at hades.panopticon:/usr/obj/usr/src/sys/HADES i386

>Description:
Bruteblock allows system administrators to block various bruteforce
attacks on UNIX services. The program analyzes system logs and adds
attacker's IP address into ipfw2 table effectively blocking them.
Addresses are automatically removed from the table after specified
amount of time. Bruteblock uses regular expressions to parse logs,
which provides flexibility allowing it to be used with almost any
network service.  Bruteblock is written in pure C, doesn't use any
external programs and work with ipfw2 tables via raw sockets API.

WWW: http://samm.kiev.ua/bruteblock/index.html.en
WWW: http://samm.kiev.ua/bruteblock/ (Russian)

>How-To-Repeat:
>Fix:

--- bruteblock-0.0.2.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	bruteblock
#	bruteblock/Makefile
#	bruteblock/pkg-plist
#	bruteblock/pkg-descr
#	bruteblock/distinfo
#	bruteblock/files
#	bruteblock/files/bruteblockd.sh.in
#
echo c - bruteblock
mkdir -p bruteblock > /dev/null 2>&1
echo x - bruteblock/Makefile
sed 's/^X//' >bruteblock/Makefile << 'END-of-bruteblock/Makefile'
X# New ports collection makefile for:	bruteblock
X# Date created:		30 Jul 2006
X# Whom:			Dmitry Marakasov <amdmi3 at mail.ru>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	bruteblock
XPORTVERSION=	0.0.2
XCATEGORIES=	security
XMASTER_SITES=	http://samm.kiev.ua/bruteblock/
X
XMAINTAINER=	amdmi3 at mail.ru
XCOMMENT=	Software for blocking bruteforce attacks with ipfw
X
XLIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
X
XUSE_RC_SUBR=	bruteblockd.sh
XMAN8=		bruteblock.8
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 503000
XIGNORE=		requires FreeBSD >= 5.3
X.endif
X
Xdo-install:
X	${INSTALL_PROGRAM} ${WRKSRC}/bruteblock ${PREFIX}/sbin/
X	${INSTALL_PROGRAM} ${WRKSRC}/bruteblockd ${PREFIX}/sbin/
X	${MKDIR} ${PREFIX}/etc/bruteblock
X.for file in ssh	# more configs are planned to be added
X	${INSTALL_DATA} ${WRKSRC}/etc/bruteblock-${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf.dist
X	if [ ! -f ${PREFIX}/etc/bruteblock/${file}.conf ]; then \
X		${INSTALL_DATA} ${WRKSRC}/etc/bruteblock-${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf; \
X	fi
X.endfor
X	${INSTALL_MAN} ${WRKSRC}/doc/bruteblock.8 ${PREFIX}/man/man8/
X
X.include <bsd.port.post.mk>
END-of-bruteblock/Makefile
echo x - bruteblock/pkg-plist
sed 's/^X//' >bruteblock/pkg-plist << 'END-of-bruteblock/pkg-plist'
Xsbin/bruteblock
Xsbin/bruteblockd
X at unexec if cmp -s %D/etc/bruteblock/ssh.conf %D/etc/bruteblock/ssh.conf.dist; then rm -f %D/etc/bruteblock/ssh.conf; fi
Xetc/bruteblock/ssh.conf.dist
X at exec if [ ! -f %D/etc/bruteblock/ssh.conf ]; then cp -p %D/etc/bruteblock/ssh.conf.dist %D/etc/bruteblock/ssh.conf; fi
X at dirrmtry etc/bruteblock
END-of-bruteblock/pkg-plist
echo x - bruteblock/pkg-descr
sed 's/^X//' >bruteblock/pkg-descr << 'END-of-bruteblock/pkg-descr'
XBruteblock allows system administrators to block various bruteforce
Xattacks on UNIX services. The program analyzes system logs and adds
Xattacker's IP address into ipfw2 table effectively blocking them.
XAddresses are automatically removed from the table after specified
Xamount of time. Bruteblock uses regular expressions to parse logs,
Xwhich provides flexibility allowing it to be used with almost any
Xnetwork service.  Bruteblock is written in pure C, doesn't use any
Xexternal programs and work with ipfw2 tables via raw sockets API.
X
XWWW: http://samm.kiev.ua/bruteblock/index.html.en
XWWW: http://samm.kiev.ua/bruteblock/ (Russian)
END-of-bruteblock/pkg-descr
echo x - bruteblock/distinfo
sed 's/^X//' >bruteblock/distinfo << 'END-of-bruteblock/distinfo'
XMD5 (bruteblock-0.0.2.tar.gz) = dcf676b29c108b4b9417c145c918b6aa
XSHA256 (bruteblock-0.0.2.tar.gz) = 2f8e2860d04a02f31d001d22bafc8a8490809d864c93743b55b190089a0f9fd8
XSIZE (bruteblock-0.0.2.tar.gz) = 21255
END-of-bruteblock/distinfo
echo c - bruteblock/files
mkdir -p bruteblock/files > /dev/null 2>&1
echo x - bruteblock/files/bruteblockd.sh.in
sed 's/^X//' >bruteblock/files/bruteblockd.sh.in << 'END-of-bruteblock/files/bruteblockd.sh.in'
X#!/bin/sh
X
X# PROVIDE: bruteblockd
X# REQUIRE: NETWORKING syslogd
X# KEYWORD: nojail
X
X. %%RC_SUBR%%
X
Xname="bruteblockd"
Xrcvar=`set_rcvar`
X
Xload_rc_config $name
X
X: ${bruteblockd_enable="NO"}
X
Xpidfile="/var/run/${name}.pid"
Xcommand=%%PREFIX%%/sbin/${name}
Xcommand_args="-p ${pidfile} -t ${bruteblockd_table}"
Xstart_precmd="bruteblockd_precmd"
X
Xbruteblockd_precmd()
X{
X	if [ -z "${bruteblockd_table}" ]; then
X		err 1 "Please specify ipfw table number with bruteblockd_table parameter in /etc/rc.conf (see bruteblock(8))"
X	fi
X}
X
Xrun_rc_command "$1"
END-of-bruteblock/files/bruteblockd.sh.in
exit
--- bruteblock-0.0.2.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list