diff options
| author | Edwin Groothuis <edwin@FreeBSD.org> | 2003-08-28 09:21:14 +0000 |
|---|---|---|
| committer | Edwin Groothuis <edwin@FreeBSD.org> | 2003-08-28 09:21:14 +0000 |
| commit | efe705504afffc22cf67f69f8c952921caced8cc (patch) | |
| tree | 1602f9328ecef9b116d8c05ad5eaab0b3519be9a /security/hunch | |
| parent | 50fb5a0f3d7306ac0b80878ab4a49ea55ece6e28 (diff) | |
| download | ports-efe705504afffc22cf67f69f8c952921caced8cc.tar.gz ports-efe705504afffc22cf67f69f8c952921caced8cc.zip | |
Notes
Diffstat (limited to 'security/hunch')
| -rw-r--r-- | security/hunch/Makefile | 33 | ||||
| -rw-r--r-- | security/hunch/distinfo | 1 | ||||
| -rw-r--r-- | security/hunch/pkg-deinstall | 97 | ||||
| -rw-r--r-- | security/hunch/pkg-descr | 9 | ||||
| -rw-r--r-- | security/hunch/pkg-install | 229 | ||||
| -rw-r--r-- | security/hunch/pkg-message | 5 | ||||
| -rw-r--r-- | security/hunch/pkg-plist | 3 |
7 files changed, 377 insertions, 0 deletions
diff --git a/security/hunch/Makefile b/security/hunch/Makefile new file mode 100644 index 000000000000..a38d2535da68 --- /dev/null +++ b/security/hunch/Makefile @@ -0,0 +1,33 @@ +# New ports collection makefile for: hunch +# Date created: 26 October 2002 +# Whom: Dan Pelleg <daniel+hunch@pelleg.org> +# +# $FreeBSD$ +# + +PORTNAME= hunch +PORTVERSION= 1.0 +CATEGORIES= security +MASTER_SITES= http://web.cs.cmu.edu/~dpelleg/download/ + +MAINTAINER= daniel+hunch@pelleg.org +COMMENT= Scan httpd log files, find vulnerability probes, mail admins + +RUN_DEPENDS= ${SITE_PERL}/Net/SMTP.pm:${PORTSDIR}/net/p5-Net + +IS_INTERACTIVE= yes +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} +NO_PACKAGE= too interactive +NO_BUILD= true +USE_PERL5= YES + +do-install: + @${ECHO_MSG} "Installing files" + @${INSTALL_DATA} ${WRKSRC}/etc/hunch-special ${PREFIX}/etc + @${INSTALL_SCRIPT} ${WRKSRC}/bin/complain-httpd ${PREFIX}/bin + @${INSTALL_SCRIPT} ${WRKSRC}/bin/contact ${PREFIX}/bin + +post-install: + @PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL + +.include <bsd.port.mk> diff --git a/security/hunch/distinfo b/security/hunch/distinfo new file mode 100644 index 000000000000..512ad4823bc0 --- /dev/null +++ b/security/hunch/distinfo @@ -0,0 +1 @@ +MD5 (hunch-1.0.tar.gz) = a5abf88c516e341cda723aaddfdc6aa6 diff --git a/security/hunch/pkg-deinstall b/security/hunch/pkg-deinstall new file mode 100644 index 000000000000..96e410359c9c --- /dev/null +++ b/security/hunch/pkg-deinstall @@ -0,0 +1,97 @@ +#! /bin/sh + +# +# Adapted from pkg-deinstall in net/cvsup-mirror, +# presumably by jdp@FreeBSD.org +# + +user=hunch +group=hunch + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +delete_account() { + local u g home + + u=$1 + g=$2 + if yesno "Do you want me to remove group \"${g}\"" y; then + pw groupdel -n ${g} + echo "Done." + fi + if yesno "Do you want me to remove user \"${u}\"" y; then + eval home=~${u} + pw userdel -n ${u} + echo "Done." + if [ -d "${home}" ]; then + echo "Please remember to remove the home directory \"${home}\" as" + echo "well as the mirrored files." + fi + fi +} + +if [ x$2 != xDEINSTALL ]; then + exit +fi + +export PATH=/bin:/usr/bin:/usr/sbin + +if ps -axc | grep -q complain-httpd; then + if yesno "There are some complain-httpd processes running. Shall I kill them" y + then + killall complain-httpd + sleep 2 + else + echo "OK ... I hope you know what you are doing." + fi +fi + +tmp="/etc/#hunch$$" +trap "rm -f ${tmp}" 0 1 2 3 15 + +rm -f /var/db/hunch-timestamp + +if yesno "Do you want me to remove scheduled complaints from \"/etc/crontab\"" y +then + sed "/complain-httpd/d" /etc/crontab >${tmp} || exit + chmod 644 ${tmp} + mv ${tmp} /etc/crontab || exit + echo "Done." +fi + +if yesno "Do you want me to remove the hunch log entry from \ +\"/etc/newsyslog.conf\"" y; then + sed "/hunch\.log/d" /etc/newsyslog.conf >${tmp} || exit + chmod 644 ${tmp} + mv ${tmp} /etc/newsyslog.conf || exit + echo "Done." +fi + +delete_account ${user} ${group} diff --git a/security/hunch/pkg-descr b/security/hunch/pkg-descr new file mode 100644 index 000000000000..ae7c9b23ca62 --- /dev/null +++ b/security/hunch/pkg-descr @@ -0,0 +1,9 @@ +Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and +other malicious probes. For each one found, track down the contact email +from WHOIS data and send a notice. Built-in rate controls prevent flooding +an admin even when his machines are scanning at high rates. Runs as a +non-privileged cron job to not interfere with the HTTP daemon's operation. + +-- Dan Pelleg + +daniel+hunch@pelleg.org diff --git a/security/hunch/pkg-install b/security/hunch/pkg-install new file mode 100644 index 000000000000..4201da498933 --- /dev/null +++ b/security/hunch/pkg-install @@ -0,0 +1,229 @@ +#! /bin/sh + +# +# Adapted from pkg-install in net/cvsup-mirror, +# presumably by jdp@FreeBSD.org +# + +user=hunch +group=hunch + +interval=4 + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +make_account() { + local u g gcos homeopt home + + u=$1 + g=$2 + gcos=$3 + homeopt=${4:+"-d $4"} + + if pw group show "${g}" >/dev/null 2>&1; then + echo "You already have a group \"${g}\", so I will use it." + else + echo "You need a group \"${g}\"." + if which -s pw && yesno "Would you like me to create it" y; then + pw groupadd ${g} || exit + echo "Done." + else + echo "Please create it, and try again." + if ! grep -q "^${u}:" /etc/passwd; then + echo "While you're at it, please create a user \"${u}\" too," + echo "with a default group of \"${g}\"." + fi + exit 1 + fi + fi + + if pw user show "${u}" >/dev/null 2>&1; then + echo "You already have a user \"${u}\", so I will use it." + else + echo "You need a user \"${u}\"." + if which -s pw && yesno "Would you like me to create it" y; then + pw useradd ${u} -g ${g} -h - ${homeopt} \ + -s /nonexistent -c "${gcos}" || exit + echo "Done." + else + echo "Please create it, and try again." + exit 1 + fi + fi + + if [ x"$homeopt" = x ]; then + eval home=~${u} + if [ ! -d "${home}" ]; then + if yesno \ + "Would you like me to create ${u}'s home directory (${home})" y + then + (umask 77 && \ + mkdir -p ${home}/) || exit + chown -R ${u}:${g} ${home} || exit + else + echo "Please create it, and try again." + exit 1 + fi + fi + fi +} + +case $2 in + +POST-INSTALL) + # . ${base}/config.sh || exit + + if which -s pw && which -s lockf; then + : + else + cat <<EOF + +This system looks like a pre-2.2 version of FreeBSD. I see that it +is missing the "lockf" and/or "pw" utilities. I need these utilities. +Please get them and install them, and try again. You can get the +sources from: + + ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.bin/lockf.tar.gz + ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz + +EOF + exit 1 + fi + + echo "" + make_account ${user} ${group} "Probe-griping user" "/nonexistent" + + echo "Fixing ownerships and modes" + chown ${user}:${group} ${PREFIX}/etc/hunch-special + misc_files="/var/db/hunch-timestamp /var/log/hunch.log" + touch $misc_files + chown ${user}:${group} $misc_files + chmod 664 ${PREFIX}/etc/hunch-special $misc_files + + echo "" + if grep -q "^[^#]*/var/log/hunch.log" /etc/newsyslog.conf; then + echo -n "It looks like you already have some logging set up, so I " + echo "will use it." + else + if yesno "Would you like me to set up log rotation" y; then + echo "Adding hunch log entry to \"/etc/newsyslog.conf\"." + cat <<EOF >>/etc/newsyslog.conf +/var/log/hunch.log hunch:hunch 644 3 100 * Z +EOF + echo "Done." + else + cat <<EOF +OK, please remember to do it yourself. You should add an entry to +"/etc/newsyslog.conf". +EOF + fi + fi + + echo "" + if grep -q "^[^#]*${PREFIX}/bin/complain-httpd" /etc/crontab; then + echo "It looks like your crontab is already set up, so I'll use that." + else + if [ ${interval} -eq 1 ]; then + updstr="hourly complaints" + else + updstr="complaints every ${interval} hours" + fi + if yesno "Would you like me to set up your crontab for ${updstr}" y + then + echo "Scheduling ${updstr} in \"/etc/crontab\"." + delay=5 + now=$(date "+%s") + start=$((${now} + ${delay}*60)) + hh=$(date -r ${start} "+%H") + mm=$(date -r ${start} "+%M") + h=$((${hh})) + m=$((${mm})) + if [ ${interval} -eq 1 ]; then + hstr="*" + else + h0=$((${h} % ${interval})) + if [ ${interval} -eq 24 ]; then + hstr=${h0} + else + h1=$((${h0} + 24 - ${interval})) + hstr=${h0}-${h1}/${interval} + fi + fi + cat <<EOF >>/etc/crontab +${m} ${hstr} * * * ${user} ${PREFIX}/bin/complain-httpd /var/log/httpd-access.log >> /var/log/hunch.log 2>&1 +EOF + cat <<EOF +Done. +EOF + else + cat <<EOF +OK, please remember to do it yourself. The crontab entry should run +"${PREFIX}/bin/complain-httpd /var/log/htppd-access.log" as user ${user} +EOF + fi + fi + + echo "" + if yesno "Would you like me to set up the sender's address as it appears on outgoing complaints" y; then + host=`hostname` + sender=$(ask "Enter sender's email address" "root@$host" ) + tmp="${PREFIX}/bin/#complain-httpd$$" + trap "rm -f ${tmp}" 0 1 2 3 15 + sed "s/sender = ''/sender = '$sender'/" ${PREFIX}/bin/complain-httpd >${tmp} || exit + chmod 755 ${tmp} + mv ${tmp} ${PREFIX}/bin/complain-httpd || exit + echo "Done." + else + cat <<EOF +OK, please remember to do it yourself. You should modify the "my \$sender=''" +line in "${PREFIX}/bin/complain-httpd". +EOF + fi + + echo "" + echo "I can enable hunch right now, or leave it in parse-only mode" + echo "which will scan the logs and determine the contacts, but" + echo "will not actually send any mail." + if yesno "Would you like me enable hunch in mail-sending mode" y; then + nomail=0 + else + nomail=1 + fi + tmp="${PREFIX}/bin/#complain-httpd$$" + trap "rm -f ${tmp}" 0 1 2 3 15 + sed "s/no_mailing = .*;/no_mailing = $nomail;/" ${PREFIX}/bin/complain-httpd >${tmp} || exit + chmod 755 ${tmp} + mv ${tmp} ${PREFIX}/bin/complain-httpd || exit + echo "OK." + + echo "" + echo "You are now hunch-enabled" + ;; +esac diff --git a/security/hunch/pkg-message b/security/hunch/pkg-message new file mode 100644 index 000000000000..d2058969cbdb --- /dev/null +++ b/security/hunch/pkg-message @@ -0,0 +1,5 @@ +Note that some WHOIS servers have specific +terms of use, which they assume you to have +accepted by issuing a query. Do not use +this package if you do not agree to those +licenses. diff --git a/security/hunch/pkg-plist b/security/hunch/pkg-plist new file mode 100644 index 000000000000..6d8726cf961c --- /dev/null +++ b/security/hunch/pkg-plist @@ -0,0 +1,3 @@ +bin/complain-httpd +bin/contact +etc/hunch-special |