From nobody Sat Apr 08 14:16:33 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Pty3D4hnRz44V3F for ; Sat, 8 Apr 2023 14:16:40 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Pty3D4Gxtz4NNx; Sat, 8 Apr 2023 14:16:40 +0000 (UTC) (envelope-from bofh@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680963400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HV5dyNyBgUj/XB8Nqv+wheW10ZlMA9ivaP/ebBVOhJ0=; b=VD6vuFGNoGgp08c4IfeGk8QJC3KQ1vjnaqdcfqzEE4EqhOS80rfHH7a8F1wcK3czRY2yZe GQ+35k/Ix5XA45rLVsFw8odBrCpgN5+EJXL3Wc0eQcWVf/eX+3/oxkgMN6U++LhBQKskr4 bnT+d1isxFBNKKwQ8xeCOf7IhQt5Nfn/tBlauED6AcLvX395QEF9IRuf9w8hx8hqKmPMcz fCNUx3kBRQ4nGyoc091rbaD/p08o31o/WKcKMlqEl+WZNI8DeZJE+PDDTRwdJDATBLvfjS 6Fl3mVXrZvQslwxhbTxJF818v2rzZJoz5t+3lE7ApZ/ci8PjJyvG85QXFZzitQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1680963400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HV5dyNyBgUj/XB8Nqv+wheW10ZlMA9ivaP/ebBVOhJ0=; b=c7cI0Y455Fe+o1bH4QkOOdhIgIn2T0H7/zEZCRdrgmGj8CJVkxtpqOqdPfzot7qDMKwE0d V9Or+4cZSnqdF8csibvheSl1EPfYkS3sXk3MMLQ4rECJxk09HkJUPBYlWreObdJTdG6Xi1 C7XFV3fPXZqDK5j8zkSusk1NTndQKnPA1IkEIM7790l8200NPhDyvsKZ6T+K+FcO3X+bk8 sx0zz6WvGcvTxdNPxzbLacW07gChEqexDRUVAHqWBh+RjzTf6VjIDxPgdiwJpaBV/X5Hnb k6z14rus3K9jPGu8O+XXMMtdgEdn1sce2BtWlDuvrAsvRuoL14cgw42ZduRb+g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1680963400; a=rsa-sha256; cv=none; b=T8DtLeNNrjc2LYGygFuRKfPu8CQoDT0npcC53LWcrWbDcCZ6spFZ6rAo9uyB2gRZeTU08Y PdsBvGbhbUKB+E4qlNlBEkSdyXGtFeurqT6mRgzbgu8zdz0gmP/ig/w04supbnUfjiD6LB x/gCa8L5NHQ3qNTgRoTpGbWzzuLxI5pzfKEucFh4mreUqyEipbo1Cr4lt0ZuporXRuyU4d 6h+ofpNahWsLS76R3jTdpEum9OZzAdMa0E4E+8xc1A/n0SnIXvd81eXSlwbOG4sY8J65tp xG6yKGqWhKlNFMdycR8PgjKt0LKrqbBN/WAOJ+JlUAGGs07n1LJl99z0JGIsAg== Received: from mx.bofh.network (mx.bofh.network [IPv6:2a01:4f8:261:25de::227]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mx.bofh.network", Issuer "R3" (verified OK)) (Authenticated sender: bofh/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4Pty3D0SFZzZML; Sat, 8 Apr 2023 14:16:39 +0000 (UTC) (envelope-from bofh@freebsd.org) Received: from smtpclient.apple ( [80.113.232.31]) by mx.bofh.network (OpenSMTPD) with ESMTPSA id 05797a61 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Sat, 8 Apr 2023 14:16:36 +0000 (UTC) Content-Type: multipart/signed; boundary="Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827"; protocol="application/pgp-signature"; micalg=pgp-sha512 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\)) Subject: Re: security/portsentry removal From: Moin Rahman In-Reply-To: Date: Sat, 8 Apr 2023 16:16:33 +0200 Cc: ports@freebsd.org Message-Id: <23E20653-1D31-40F6-91DA-3797475379E1@freebsd.org> References: <0bfd94dd-5be3-6461-cb98-db1a1664e220@netfence.it> <3d779c56-236d-f18b-5ac0-71f6580bb498@bluerosetech.com> To: Pete Wright X-Mailer: Apple Mail (2.3696.120.41.1.3) X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Apr 8, 2023, at 3:55 PM, Pete Wright wrote: >=20 >=20 > On 4/8/23 12:47 AM, Andrea Venturoli wrote: >> On 4/8/23 04:56, Mel Pilgrim wrote: >>=20 >>>> Can anyone suggest something equivalent in the port tree? >>>=20 >>> Have a look at fail2ban. It's design intent is monitoring running = services, but really it's just a set of log file regex filters. Anything = that logs network activity can feed it. >>=20 >> Hello and thanks for answering. >> In fact I'm already using fail2ban for "running" services. >>=20 >> Portsenty is a bit different, in that it's conceived to listen on = ports used by non-running services. >> I.e. >> Got a SMTP server? Let fail2ban check its logs. >> No? Let portsentry listen on port 25. >>=20 >> I thought about writing regexes for fail2ban to check if ipfw denied = access to ports where portsentry used to listen. >> So far it's the best idea I've come up with, but I hoped for = something simpler (i.e. more close to how portsentry worked). >>=20 >=20 > would blacklistd(8) meet your requirements? i use it to block ssh = login spammers with decent success. its part of the base system as = well, but does require pf. >=20 > -p >=20 >=20 blacklistd is a good product as it's available out of the box however = from my experience fail2ban does a better job. So far I recall = blacklistd is supported only by ssh and postfix. One more thing is = blacklistd does not detect brute for attack of invalid users in ssh. Kind regards, Moin(with all hats off) --Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEETfdREoUGjQZKBS+fvbm1phfAvJEFAmQxd0FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRE Rjc1MTEyODUwNjhEMDY0QTA1MkY5RkJEQjlCNUE2MTdDMEJDOTEACgkQvbm1phfA vJEiaw/9FiFr3//8bJdHid7KS20PpwhbnY03mSiRJcH2PZkqhJgAxCfaVTdWeKPE pLnXrMrEnSPEIj/lcx8426GMYVbvCe6W+Fj1GRHwiLzKEZP7PTnLuZlBg6tnhk3j g4LpAOJ53/8n8DAoN4fuxmlx4NyvHP8/UzP5/n9/wQAkP23P1yk0ADlL6FFllEsd Z6DCjiaTb9sOdjffnOSR4NMMuC5oVzlCFaNAudghze/Q7hpIjNBCKLEBhTcEhDQM 8gxwO0jGnHv6KX/N5g6UdVjRwC6xlgwekGesb4psE4MZrW/GCYQ7pDeKjR/4KZeP y/WrDs4ovsnUVwq/CVwZsJSzd6RfovnJMUf+S731Gms/QvDGseiG4WYtRkC4Ayb4 UGOurGJZU+HglvYmJpCgTBLnQnFW8fKXNHD9Fw2As7zTw/bASluusmjlf2gMUpiB DwpwqYsNOnQcPrQq5VjvPG5g4ckwAfux1/6dVJjjf0VeJfoDJaev5QcdMElnTGGt DME1i+NdLTCqhfowDvEuihhhFkFmtb0tB5nslEYolbze8akylubWFE6gcAjVOZ/s dVOj8aHF+Q/E2IFMHKaWaQMHG/Yst//nPseTGascF7YNIpEanMQchj/iaacwFVx8 Ofn8rppJaEcV8GpITpgN21iFmBbhryGAQ+ZYb9rlSZf3dD/6pJ0= =Sr0G -----END PGP SIGNATURE----- --Apple-Mail=_CAD2382A-C577-4535-B3AC-52899AF2D827--