Date: Sun, 4 Jul 2004 19:15:36 +0200 (CEST) From: fbsd_user@a1poweruser.com To: FreeBSD-gnats-submit@FreeBSD.org Cc: fbsd_user@a1poweruser.com Subject: ports/68661: New port: security/ipfilterDshield, a dshield clent for ipfilter logs Message-ID: <200407041715.i64HFaiR002002@achilles.tractrix.org> Resent-Message-ID: <200407041720.i64HK85g089576@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 68661 >Category: ports >Synopsis: New port: security/ipfilterDshield, a dshield clent for ipfilter logs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jul 04 17:20:08 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Joe Barbish >Release: FreeBSD 4.9-RELEASE i386 >Organization: none >Environment: System: FreeBSD achilles.tractrix.org 4.9-RELEASE FreeBSD 4.9-RELEASE #5: Wed Jun 2 17:28:48 CEST 2004 root@achilles.tractrix.org:/usr/src/sys/compile/ACHILLES i386 >Description: This perl script is an official DShield client who's purpose is to read your FreeBSD ipfilter firewall ipmon log file and convert the log records to the standard DShield reporting record format, and imbed the converted log records into the body of an email that gets sent to DShield for automatic addition to their database and abuse reporting to the offenders ISP if you are an subscribed DShield member. Script contains user customable defaults which can be overridden with command line flags. (visit http://www.dshield.org for details). >How-To-Repeat: >Fix: --- ipfilterDshield-1.0.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # security/ipfilterDshield # security/ipfilterDshield/Makefile # security/ipfilterDshield/pkg-descr # security/ipfilterDshield/pkg-plist # security/ipfilterDshield/distinfo # security/ipfilterDshield/pkg-message # security/ipfilterDshield/pkg-deinstall # echo c - security/ipfilterDshield mkdir -p security/ipfilterDshield > /dev/null 2>&1 echo x - security/ipfilterDshield/Makefile sed 's/^X//' >security/ipfilterDshield/Makefile << 'END-of-security/ipfilterDshield/Makefile' X# New ports collection makefile for: ipfilterDshield X# Date created: 18 June 2004 X# Whom: Frank W. Josellis <frank@dynamical-systems.org> X# X# $FreeBSD$ X# X XPORTNAME= ipfilterDshield XPORTVERSION= 1.0 XCATEGORIES= security XMASTER_SITES= http://www.dshield.org/clients/ XDISTNAME= dshield-freebsd.pl XEXTRACT_SUFX= .txt X XMAINTAINER= fbsd_user@a1poweruser.com XCOMMENT= Official DShield client, based on ipfilter firewall log data X XRUN_DEPENDS= ${SITE_PERL}/Net/Netmask.pm:${PORTSDIR}/net-mgmt/p5-Net-Netmask X XUSE_PERL5= yes X XPKGMESSAGE= ${WRKDIR}/pkg-message XPKGDEINSTALL= ${WRKDIR}/pkg-deinstall X X.include <bsd.port.pre.mk> X X.if ${OSVERSION} < 490000 XIGNORE= "Not supported on releases prior to 4.9" X.endif X Xdo-extract: X [ -d ${WRKDIR} ] || ${MKDIR} ${WRKDIR} X ${CP} ${DISTDIR}/${DISTFILES} ${WRKDIR}/${DISTNAME} X Xdo-build: X Xpre-install: X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \ X -e "s=%%DISTNAME%%=${DISTNAME}=g" \ X pkg-message > ${PKGMESSAGE} X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \ X -e "s=%%PORTNAME%%=${PORTNAME}=g" \ X -e "s=%%DISTNAME%%=${DISTNAME}=g" \ X pkg-deinstall > ${PKGDEINSTALL} X Xdo-install: X [ -d ${PREFIX}/etc/${PORTNAME} ] || ${MKDIR} ${PREFIX}/etc/${PORTNAME} X ${INSTALL} -o root -g wheel -m 644 ${WRKDIR}/${DISTNAME} \ X ${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist X ${INSTALL} -o root -g wheel -m 760 ${WRKDIR}/${DISTNAME} ${PREFIX}/sbin X Xpost-install: X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.post.mk> END-of-security/ipfilterDshield/Makefile echo x - security/ipfilterDshield/pkg-descr sed 's/^X//' >security/ipfilterDshield/pkg-descr << 'END-of-security/ipfilterDshield/pkg-descr' XThis perl script is an official DShield client who's purpose is to Xread your FreeBSD ipfilter firewall ipmon log file and convert the Xlog records to the standard DShield reporting record format, and Ximbed the converted log records into the body of an email that gets Xsent to DShield for automatic addition to their database and abuse Xreporting to the offenders ISP if you are an subscribed DShield member. X XScript contains user customable defaults which can be overridden with Xcommand line flags. (visit http://www.dshield.org for details). X XScript is installed into /usr/local/sbin where you can edit the Xdefaults to meet your requirements. Issue rehash command to enable. X XWWW: http://www.dshield.org/linux_clients.php#freebsd X XJoe Barbish Xfbsd_user@a1poweruser.com END-of-security/ipfilterDshield/pkg-descr echo x - security/ipfilterDshield/pkg-plist sed 's/^X//' >security/ipfilterDshield/pkg-plist << 'END-of-security/ipfilterDshield/pkg-plist' Xetc/ipfilterDshield/dshield-freebsd.pl.dist Xsbin/dshield-freebsd.pl X@dirrm etc/ipfilterDshield END-of-security/ipfilterDshield/pkg-plist echo x - security/ipfilterDshield/distinfo sed 's/^X//' >security/ipfilterDshield/distinfo << 'END-of-security/ipfilterDshield/distinfo' XMD5 (dshield-freebsd.pl.txt) = 883d9f1516dfefe3ec01c0dab9df9917 XSIZE (dshield-freebsd.pl.txt) = 15458 END-of-security/ipfilterDshield/distinfo echo x - security/ipfilterDshield/pkg-message sed 's/^X//' >security/ipfilterDshield/pkg-message << 'END-of-security/ipfilterDshield/pkg-message' X*************************************************************************** X XInstaller instructions. This port has installed the X%%DISTNAME%% script into %%PREFIX%%/sbin directory. X XYou have to edit the script and change the default email address in Xthe script source. Script contains comments explaining what needs to Xbe changed. You also have to create an exclude file, follow Xinstructions in the script about the syntax of the exclude file Xcontent. X XTo receive feedback reports and see your submitted log data online Xat dshield.org you have to sign up for free membership. See Xwww.dshield.org for details. X XThis script is part of the "proactive probing abuse reporting Xsystem" port ppars-1.0 which has scripts that report abuse to your XISP and to the owning ISP from which the probe packets came from. XAlso contained in the ppars-1.0 port is instructions on how to auto Xlaunch the scripts only when the ipfilter log is rotated by Xnewsyslog, which you may find useful for launching the dshield Xscript installed by this port. X X*************************************************************************** END-of-security/ipfilterDshield/pkg-message echo x - security/ipfilterDshield/pkg-deinstall sed 's/^X//' >security/ipfilterDshield/pkg-deinstall << 'END-of-security/ipfilterDshield/pkg-deinstall' X#!/bin/sh X XPREFIX=%%PREFIX%% XPORTNAME=%%PORTNAME%% XDISTNAME=%%DISTNAME%% X X# Restore the original script to undo any customization and thus X# to allow clean deinstallation. X# Xif [ -f ${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist ]; then X install -o root -g wheel -m 760 \ X ${PREFIX}/etc/${PORTNAME}/${DISTNAME}.dist ${PREFIX}/sbin/${DISTNAME} Xfi X Xexit 0 END-of-security/ipfilterDshield/pkg-deinstall exit --- ipfilterDshield-1.0.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407041715.i64HFaiR002002>