Add denyhosts 1.1.2, script to thwart ssh attacks.

PR:		ports/88781
Submitted by:	Janos Mohacsi <janos.mohacsi.at.bsd.hu>

7 files changed, 215 insertions, 0 deletions

diff --git a/security/denyhosts/Makefile b/security/denyhosts/Makefile
new file mode 100644
index 000000000000..e4ba941658a7
--- /dev/null
+++ b/security/denyhosts/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:    denyhosts
+# Date created:         		04 November 2005
+# Whom:                 		Janos Mohacsi <janos.mohacsi@bsd.hu>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	denyhosts
+PORTVERSION=	1.1.2
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	${PORTNAME}
+DISTNAME=	DenyHosts-${PORTVERSION}
+
+MAINTAINER=	janos.mohacsi@bsd.hu
+COMMENT=	Script to thwart ssh attacks
+
+USE_REINPLACE=	yes
+USE_PYTHON=	yes
+USE_PYDISTUTILS=	yes
+
+DOC_FILES=	CHANGELOG.txt LICENSE.txt README.txt
+
+pre-configure:
+	${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
+		${WRKSRC}/daemon-control-dist \
+		${WRKSRC}/denyhosts.cfg-dist \
+		${WRKSRC}/setup.py
+
+post-install:
+.ifndef(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.for file in ${DOC_FILES}
+	@${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR}
+.endfor
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/denyhosts/distinfo b/security/denyhosts/distinfo
new file mode 100644
index 000000000000..9ccba8302cae
--- /dev/null
+++ b/security/denyhosts/distinfo
@@ -0,0 +1,3 @@
+MD5 (DenyHosts-1.1.2.tar.gz) = d2c6f00243c0fcd0f4498c3c71a1074e
+SHA256 (DenyHosts-1.1.2.tar.gz) = e570af443d87a1b6cc4262c2e4f769e07ba5de7d75f9980f8f914160ed9c1a04
+SIZE (DenyHosts-1.1.2.tar.gz) = 31000
diff --git a/security/denyhosts/files/patch-daemon-control-dist b/security/denyhosts/files/patch-daemon-control-dist
new file mode 100644
index 000000000000..7f9363ff2cb7
--- /dev/null
+++ b/security/denyhosts/files/patch-daemon-control-dist
@@ -0,0 +1,18 @@
+
+$FreeBSD$
+
+--- daemon-control-dist.orig
++++ daemon-control-dist
+@@ -11,9 +11,9 @@
+ #### Edit these to suit your configuration ####
+ ###############################################
+ 
+-DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
+-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
+-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
++DENYHOSTS_BIN   = "%%PREFIX%%/bin/denyhosts.py"
++DENYHOSTS_LOCK  = "/var/run/denyhosts"
++DENYHOSTS_CFG   = "%%PREFIX%%/share/denyhosts/denyhosts.cfg"
+ 
+ 
+ ###############################################
diff --git a/security/denyhosts/files/patch-denyhosts.cfg-dist b/security/denyhosts/files/patch-denyhosts.cfg-dist
new file mode 100644
index 000000000000..49f7b56fb701
--- /dev/null
+++ b/security/denyhosts/files/patch-denyhosts.cfg-dist
@@ -0,0 +1,45 @@
+
+$FreeBSD$
+
+--- denyhosts.cfg-dist.orig
++++ denyhosts.cfg-dist
+@@ -9,10 +9,10 @@
+ # argument
+ #
+ # Redhat:
+-SECURE_LOG = /var/log/secure
++#SECURE_LOG = /var/log/secure
+ #
+ # Mandrake or FreeBSD: 
+-#SECURE_LOG = /var/log/auth.log
++SECURE_LOG = /var/log/auth.log
+ #
+ # SuSE:
+ #SECURE_LOG = /var/log/messages
+@@ -23,10 +23,10 @@
+ # HOSTS_DENY: the file which contains restricted host access information
+ #
+ # Most operating systems:
+-HOSTS_DENY = /etc/hosts.deny
++#HOSTS_DENY = /etc/hosts.deny
+ #
+ # Some BSD (FreeBSD) Unixes:
+-#HOSTS_DENY = /etc/hosts.allow
++HOSTS_DENY = /etc/hosts.allow
+ #
+ # Another possibility (also see the next option):
+ #HOSTS_DENY = /etc/hosts.evil
+@@ -157,10 +157,10 @@
+ # running at a time.
+ #
+ # Redhat/Fedora:
+-LOCK_FILE = /var/lock/subsys/denyhosts
++#LOCK_FILE = /var/lock/subsys/denyhosts
+ #
+-# Debian
+-#LOCK_FILE = /var/run/denyhosts.pid
++# Debian (and FreeBSD)
++LOCK_FILE = /var/run/denyhosts.pid
+ #
+ # Misc
+ #LOCK_FILE = /tmp/denyhosts.lock
diff --git a/security/denyhosts/files/patch-setup.py b/security/denyhosts/files/patch-setup.py
new file mode 100644
index 000000000000..0e959b394b81
--- /dev/null
+++ b/security/denyhosts/files/patch-setup.py
@@ -0,0 +1,26 @@
+
+$FreeBSD$
+
+--- setup.py.orig
++++ setup.py
+@@ -7,7 +7,7 @@
+ from glob import glob
+ 
+ 
+-libpath = "/usr/share/denyhosts"
++libpath = "%%PREFIX%%/share/denyhosts"
+ 
+ #########################################################################
+ 
+@@ -24,10 +24,7 @@
+       data_files=[(libpath, glob("denyhosts.cfg-dist")),
+                   (libpath, glob("denyhosts-daemon-initscript")),
+                   (libpath, glob("setup.py")),
+-                  (libpath, glob("daemon-control-dist")),
+-                  (libpath, glob("CHANGELOG.txt")),
+-                  (libpath, glob("README.txt")),
+-                  (libpath, glob("LICENSE.txt"))],
++                  (libpath, glob("daemon-control-dist"))],
+       license="GPL",
+       ##extra_path='denyhosts',
+       long_description="""
diff --git a/security/denyhosts/pkg-descr b/security/denyhosts/pkg-descr
new file mode 100644
index 000000000000..659ff077df94
--- /dev/null
+++ b/security/denyhosts/pkg-descr
@@ -0,0 +1,21 @@
+DenyHosts is a script intended to be run by *ix system administrators to 
+help thwart ssh server attacks.
+
+If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed 
+to see how many hackers attempted to gain access to your server. 
+Denyhosts helps you:
+- Parses /var/log/auth.log to find all login attempts
+- Can be run from the command line, cron or as a daemon (new in 0.9)
+- Records all failed login attempts for the user and offending host
+- For each host that exceeds a threshold count, records the evil host
+- Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
+- Keeps track of each existing user (eg. root) when a login attempt failed.
+- Keeps track of each offending host (hosts can be purged )
+- Keeps track of suspicious logins 
+- Keeps track of the file offset, so that you can reparse the same file
+- When the log file is rotated, the script will detect it 
+- Appends /etc/hosts.allow
+- Optionally sends an email of newly banned hosts and suspicious logins.
+- Resolves IP addresses to hostnames, if you want
+
+WWW:	http://denyhosts.sourceforge.net/
diff --git a/security/denyhosts/pkg-plist b/security/denyhosts/pkg-plist
new file mode 100644
index 000000000000..1916a1637304
--- /dev/null
+++ b/security/denyhosts/pkg-plist
@@ -0,0 +1,64 @@
+bin/denyhosts.py
+%%DATADIR%%/denyhosts.cfg-dist
+%%DATADIR%%/setup.py
+%%DATADIR%%/daemon-control-dist
+%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/version.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/util.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/constants.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/report.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/counter.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyo
+%%PYTHON_SITELIBDIR%%/DenyHosts/regex.py
+%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyc
+%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyo
+%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.txt
+%%PORTDOCS%%%%DOCSDIR%%/LICENSE.txt
+%%PORTDOCS%%%%DOCSDIR%%/README.txt
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+@dirrm %%PYTHON_SITELIBDIR%%/DenyHosts
+@dirrm %%DATADIR%%