5 files changed, 96 insertions, 0 deletions

diff --git a/security/bruteforceblocker/Makefile b/security/bruteforceblocker/Makefile
new file mode 100644
index 000000000000..0452b970432e
--- /dev/null
+++ b/security/bruteforceblocker/Makefile
@@ -0,0 +1,43 @@
+# New ports collection makefile for:	bruteforceblocker
+# Date created:				20 April 2005
+# Whom:					Daniel Gerzo <danger@rulez.sk>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	bruteforceblocker
+PORTVERSION=	1.0
+CATEGORIES=	security
+MASTER_SITES=	http://danger.rulez.sk/projects/bruteforceblocker/ \
+		${MASTER_SITE_LOCAL}
+MASTER_SITE_SUBDIR=	pav
+
+MAINTAINER=	danger@rulez.sk
+COMMENT=	Checks for failed login attempts and blocks given IPs
+
+RUN_DEPENDS=	${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail
+
+NO_BUILD=	yes
+USE_PERL5_RUN=	yes
+USE_RC_SUBR=	${PORTNAME}.sh
+
+WRKSRC=		${WRKDIR}
+PLIST_FILES=	bin/${PORTNAME}.pl
+PKGMESSAGE=	${WRKDIR}/pkg-message
+SUB_FILES=	pkg-message
+
+.include <bsd.port.pre.mk>
+
+.if ${PERL_LEVEL} < 500600
+IGNORE=		Perl 5.6 or newer required. Install lang/perl5 or lang/perl5.8 and try again.
+.endif
+
+.if ${OSVERSION} < 502106
+IGNORE=		requires at least FreeBSD 5.2
+.endif
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME}.pl ${PREFIX}/bin/${PORTNAME}.pl
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/bruteforceblocker/distinfo b/security/bruteforceblocker/distinfo
new file mode 100644
index 000000000000..1fd785da9093
--- /dev/null
+++ b/security/bruteforceblocker/distinfo
@@ -0,0 +1,2 @@
+MD5 (bruteforceblocker-1.0.tar.gz) = e82fc32fe3fbde2a4291cbdeada188c7
+SIZE (bruteforceblocker-1.0.tar.gz) = 1845
diff --git a/security/bruteforceblocker/files/bruteforceblocker.sh.in b/security/bruteforceblocker/files/bruteforceblocker.sh.in
new file mode 100644
index 000000000000..86e76655df4f
--- /dev/null
+++ b/security/bruteforceblocker/files/bruteforceblocker.sh.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# PROVIDE: bruteforceblocker
+# REQUIRE: LOGIN
+# KEYWORD: FreeBSD shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable bruteforceblocker:
+#
+# bruteforceblocker_enable="YES"
+#
+
+. %%RC_SUBR%%
+
+name="bruteforceblocker"
+rcvar=`set_rcvar`
+load_rc_config $name
+
+command="%%PREFIX%%/bin/bruteforceblocker.pl"
+pidfile="/var/run/bruteforceblocker.pid"
+procname="/usr/bin/perl"
+
+stop_postcmd=stop_postcmd
+
+stop_postcmd()
+{
+	rm -f $pidfile
+}
+
+# set defaults
+bruteforceblocker_enable=${bruteforceblocker_enable:-"NO"}
+
+run_rc_command "$1"
diff --git a/security/bruteforceblocker/files/pkg-message.in b/security/bruteforceblocker/files/pkg-message.in
new file mode 100644
index 000000000000..5dadbe11c672
--- /dev/null
+++ b/security/bruteforceblocker/files/pkg-message.in
@@ -0,0 +1,8 @@
+===>  CONFIGURATION NOTE:
+
+To setup bruteforceblocker, you should check main script
+located at %%PREFIX%%/bin/bruteforceblocker.pl
+
+when you are done, you will also need to add to /etc/rc.conf
+bruteforceblocker_enable="YES", so you will be able to start
+bruteforceblocker via rcNG script.
diff --git a/security/bruteforceblocker/pkg-descr b/security/bruteforceblocker/pkg-descr
new file mode 100644
index 000000000000..2a4d5ba8322b
--- /dev/null
+++ b/security/bruteforceblocker/pkg-descr
@@ -0,0 +1,10 @@
+BruteForceBlocker is a script, that works along with pf - OpenBSD's firewall.
+When this script is running, it checks sshd's auth log for Failed Password
+attempts and counts it's number. When given IP reaches specified number of
+fails, script adds this IP to the pf's table and block any other traffic to
+the given box. If you are bored of those automated auth tries, you will be
+happy with this script. It also includes a simple rc script.
+
+WWW: http://danger.rulez.sk/projects/bruteforceblocker/
+
+- Daniel Gerzo <danger@rulez.sk>