git: d8973c80a839 - main - security/sshesame: new port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 29 Apr 2025 22:24:00 UTC
The branch main has been updated by skozlov:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d8973c80a839f6a6ddbb68b0bd05e2e8024afcaa
commit d8973c80a839f6a6ddbb68b0bd05e2e8024afcaa
Author: Serhii (Sergey) Kozlov <skozlov@FreeBSD.org>
AuthorDate: 2025-04-29 20:25:34 +0000
Commit: Serhii (Sergey) Kozlov <skozlov@FreeBSD.org>
CommitDate: 2025-04-29 22:23:35 +0000
security/sshesame: new port
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in
and logs their activity. sshesame accepts and logs SSH connections and activity
(channels, requests), without doing anything on the host (e.g. executing
commands, making network requests).
---
GIDs | 2 +-
UIDs | 2 +-
security/sshesame/Makefile | 27 ++++++++++++++++++
security/sshesame/distinfo | 5 ++++
security/sshesame/files/sshesame.in | 55 +++++++++++++++++++++++++++++++++++++
security/sshesame/pkg-descr | 3 ++
6 files changed, 92 insertions(+), 2 deletions(-)
diff --git a/GIDs b/GIDs
index 461c6349c29e..1d5da984eeaf 100644
--- a/GIDs
+++ b/GIDs
@@ -308,7 +308,7 @@ elog:*:364:
gotify:*:365:
opengist:*:366:
velbustcpd:*:367:
-# free: 368
+sshesame:*:368:
# free: 369
_wsdd:*:370:
# free: 371
diff --git a/UIDs b/UIDs
index 0de2ef28aee6..af13787b0237 100644
--- a/UIDs
+++ b/UIDs
@@ -314,7 +314,7 @@ elog:*:364:364::0:0:Elog server:/nonexistent:/usr/sbin/nologin
gotify:*:365:365::0:0:Gotify User:/var/db/gotify:/usr/sbin/nologin
opengist:*:366:366::0:0:OpenGist User:/var/db/opengist:/usr/sbin/nologin
velbustcpd:*:367:367::0:0:Velbustcp Deamon:/nonexistent:/usr/sbin/nologin
-# free: 368
+sshesame:*:368:368::0:0:Sshesame Daemon:/nonexistent:/usr/sbin/nologin
# free: 369
_wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin
# free: 371
diff --git a/security/sshesame/Makefile b/security/sshesame/Makefile
new file mode 100644
index 000000000000..ddba948fae64
--- /dev/null
+++ b/security/sshesame/Makefile
@@ -0,0 +1,27 @@
+PORTNAME= sshesame
+DISTVERSIONPREFIX= v
+DISTVERSION= 0.0.39
+CATEGORIES= security
+
+MAINTAINER= skozlov@FreeBSD.org
+COMMENT= Easy to set up and use SSH honeypot
+WWW= https://github.com/jaksi/sshesame
+
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+USES= go:1.22,modules
+USE_RC_SUBR= ${PORTNAME}
+
+USERS= sshesame
+GROUPS= sshesame
+
+GO_MODULE= github.com/jaksi/sshesame
+
+PLIST_FILES= "@sample etc/${PORTNAME}.yaml.sample" \
+ bin/${PORTNAME}
+
+post-install:
+ ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.yaml ${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample
+
+.include <bsd.port.mk>
diff --git a/security/sshesame/distinfo b/security/sshesame/distinfo
new file mode 100644
index 000000000000..2e9ae7e8a15d
--- /dev/null
+++ b/security/sshesame/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1745923901
+SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = c4f5d9cfa804935307c14fa9a884d83b1732b13bb80529871db5a5394254d33d
+SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = 630
+SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 4dfe91efa8b6d55886d29d9ec18c20ddcef4a828f463c562c1c73d1841e15f04
+SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 63861
diff --git a/security/sshesame/files/sshesame.in b/security/sshesame/files/sshesame.in
new file mode 100644
index 000000000000..593de16821b2
--- /dev/null
+++ b/security/sshesame/files/sshesame.in
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+# PROVIDE: sshesame
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable sshesame:
+#
+# sshesame_enable (bool): Set to "NO" by default.
+# Set to "YES" to enable sshesame.
+# sshesame_user (str): Default to "sshesame".
+# sshesame_group (str): Default to "sshesame".
+# User and group to run sshesame with.
+# sshesame_config (str): Default to "%%PREFIX%%/etc/sshesame.yaml".
+# sshesame config file.
+# sshesame_datadir (str): Default to "/var/db/sshesame".
+# Directory to store automatically generated host keys in
+# sshesame_logdir (str): Default to "/var/log/sshesame".
+# Directory to store sshesame logs
+
+. /etc/rc.subr
+
+name=sshesame
+rcvar=sshesame_enable
+desc="SSH honeypot"
+
+load_rc_config sshesame
+
+: ${sshesame_enable:=NO}
+: ${sshesame_user:=sshesame}
+: ${sshesame_group:=sshesame}
+: ${sshesame_config=%%PREFIX%%/etc/sshesame.yaml}
+: ${sshesame_datadir=/var/db/sshesame}
+: ${sshesame_logdir=/var/log/sshesame}
+
+pidfile=/var/run/${name}/${name}.pid
+start_precmd=sshesame_precmd
+procname="%%PREFIX%%/bin/sshesame"
+required_files="${sshesame_config}"
+command=/usr/sbin/daemon
+command_args="-cf -p ${pidfile} -o ${sshesame_logdir}/sshesame.out ${procname} -config ${sshesame_config} -data_dir ${sshesame_datadir}"
+
+sshesame_precmd()
+{
+ # Create PID file directory
+ install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "$(dirname ${pidfile})"
+
+ install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_datadir}"
+ install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_logdir}"
+
+ # Remove default flags, they're added in `command_args` manually
+ rc_flags=""
+}
+
+run_rc_command "$1"
diff --git a/security/sshesame/pkg-descr b/security/sshesame/pkg-descr
new file mode 100644
index 000000000000..5ea249190458
--- /dev/null
+++ b/security/sshesame/pkg-descr
@@ -0,0 +1,3 @@
+sshesame accepts and logs SSH connections and activity (channels, requests),
+without doing anything on the host (e.g. executing commands, making network
+requests).