diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/bruteforceblocker/Makefile | 27 | ||||
| -rw-r--r-- | security/bruteforceblocker/distinfo | 4 | ||||
| -rw-r--r-- | security/bruteforceblocker/files/pkg-message.in | 4 | ||||
| -rw-r--r-- | security/bruteforceblocker/pkg-descr | 15 | ||||
| -rw-r--r-- | security/bruteforceblocker/pkg-plist | 8 |
5 files changed, 43 insertions, 15 deletions
diff --git a/security/bruteforceblocker/Makefile b/security/bruteforceblocker/Makefile index 8b986ec1c29c..e2e46f4e76aa 100644 --- a/security/bruteforceblocker/Makefile +++ b/security/bruteforceblocker/Makefile @@ -6,20 +6,23 @@ # PORTNAME= bruteforceblocker -PORTVERSION= 1.1 +PORTVERSION= 1.2 CATEGORIES= security MASTER_SITES= http://danger.rulez.sk/projects/bruteforceblocker/ \ ${MASTER_SITE_LOCAL} MASTER_SITE_SUBDIR= pav MAINTAINER= danger@rulez.sk -COMMENT= Checks for failed login attempts and blocks given IPs +COMMENT= Checks for SSH bruteforce and blocks given IPs + +RUN_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \ + ${SITE_PERL}/Sys/Hostname/Long.pm:${PORTSDIR}/sysutils/p5-Sys-Hostname-Long \ + ${SITE_PERL}/LWP/UserAgent.pm:${PORTSDIR}/www/p5-libwww NO_BUILD= yes USE_PERL5_RUN= yes -WRKSRC= ${WRKDIR} -PLIST_FILES= bin/${PORTNAME}.pl +WRKSRC= ${WRKDIR}/${PORTNAME} PKGMESSAGE= ${WRKDIR}/pkg-message SUB_FILES= pkg-message @@ -34,7 +37,21 @@ IGNORE= requires at least FreeBSD 5.2 .endif do-install: - ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME}.pl ${PREFIX}/bin/${PORTNAME}.pl + ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME}.pl ${PREFIX}/sbin/${PORTNAME} + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf-dist +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} +.for FILE in INSTALL CHANGELOG CREDITS + ${INSTALL_DATA} ${WRKSRC}/${FILE} ${DOCSDIR} +.endfor +.endif + +post-install: + @if [ ! -f ${PREFIX}/etc/${PORTNAME}.conf ]; then \ + ${CP} -p ${PREFIX}/etc/${PORTNAME}.conf-dist ${PREFIX}/etc/${PORTNAME}.conf ; \ + fi +.if !defined(BATCH) @${CAT} ${PKGMESSAGE} +.endif .include <bsd.port.post.mk> diff --git a/security/bruteforceblocker/distinfo b/security/bruteforceblocker/distinfo index 217aa5d1f65a..d555fef46eb1 100644 --- a/security/bruteforceblocker/distinfo +++ b/security/bruteforceblocker/distinfo @@ -1,2 +1,2 @@ -MD5 (bruteforceblocker-1.1.tar.gz) = 98f1c8bebd445b06b414b52931d0df93 -SIZE (bruteforceblocker-1.1.tar.gz) = 1451 +MD5 (bruteforceblocker-1.2.tar.gz) = cd17bc33fb0743bc64409c77ae4a7c1d +SIZE (bruteforceblocker-1.2.tar.gz) = 4390 diff --git a/security/bruteforceblocker/files/pkg-message.in b/security/bruteforceblocker/files/pkg-message.in index 9b3a75aabfda..d809360b671c 100644 --- a/security/bruteforceblocker/files/pkg-message.in +++ b/security/bruteforceblocker/files/pkg-message.in @@ -1,5 +1,5 @@ ===> CONFIGURATION NOTE: -To setup bruteforceblocker, you should check main script -located at %%PREFIX%%/bin/bruteforceblocker.pl +Configuration of BruteForceBlocker is done via main configuration file +located at %%PREFIX%%/etc/bruteforceblocker.conf diff --git a/security/bruteforceblocker/pkg-descr b/security/bruteforceblocker/pkg-descr index 93ad7cbcfe02..1eb01b993f4b 100644 --- a/security/bruteforceblocker/pkg-descr +++ b/security/bruteforceblocker/pkg-descr @@ -1,9 +1,12 @@ -BruteForceBlocker is a script, that works along with pf - OpenBSD's firewall. -When this script is running, it checks sshd's auth log for Failed Password -attempts and counts it's number. When given IP reaches specified number of -fails, script adds this IP to the pf's table and block any other traffic to -the given box. If you are bored of those automated auth tries, you will be -happy with this script. +BruteForceBlocker is a perl script, that works along with pf - OpenBSD's +firewall (Which is also available on FreeBSD since version 5.2 is out). +It's main purpose is to block SSH bruteforce attacks via firewall. +When this script is running, it checks sshd logs from syslog and looks +for Failed Login attempts - mostly some annoying script attacks, and +counts number of such attempts. When given IP reaches configured limit +of fails, script puts this IP to the pf's table and blocks any further +traffic to the that box from given IP (This also depends on +configuration done in pf.conf). WWW: http://danger.rulez.sk/projects/bruteforceblocker/ diff --git a/security/bruteforceblocker/pkg-plist b/security/bruteforceblocker/pkg-plist new file mode 100644 index 000000000000..1b3e0c5a8028 --- /dev/null +++ b/security/bruteforceblocker/pkg-plist @@ -0,0 +1,8 @@ +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CREDITS +%%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%@dirrm %%DOCSDIR%% +@unexec if cmp -s %D/etc/bruteforceblocker.conf %D/etc/bruteforceblocker.conf-dist; then rm -f %D/etc/bruteforceblocker.conf; fi +etc/bruteforceblocker.conf-dist +@exec if [ ! -f %D/etc/bruteforceblocker.conf ] ; then cp -p %D/%F %B/bruteforceblocker.conf; fi +sbin/bruteforceblocker |