Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 4 Jul 2004 19:15:43 +0200 (CEST)
From:      fbsd_user@a1poweruser.com
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        fbsd_user@a1poweruser.com
Subject:   ports/68662: New port: security/ppars (Proactive Probing Abuse Reporting System)
Message-ID:  <200407041715.i64HFhYL002033@achilles.tractrix.org>
Resent-Message-ID: <200407041720.i64HK86g089589@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         68662
>Category:       ports
>Synopsis:       New port: security/ppars (Proactive Probing Abuse Reporting System)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 04 17:20:08 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Joe Barbish
>Release:        FreeBSD 4.9-RELEASE i386
>Organization:
none
>Environment:
System: FreeBSD achilles.tractrix.org 4.9-RELEASE FreeBSD 4.9-RELEASE #5: Wed Jun 2 17:28:48 CEST 2004 root@achilles.tractrix.org:/usr/src/sys/compile/ACHILLES i386


>Description:
	In an effort to be proactive in doing my part to stop the massive 
	quantities of internet traffic probing for open ports or more 
	specifically the probing for known ports that ms/windows spy ware, 
	Trojans, and what ever other ms/windows ports are commonly probed 
	which result in increasing my bandwidth usage changes, I wrote this 
	perl application for reporting that abuse to the senders ISP, with 
	the hopes they will monitor the abuser and terminate the abuser's 
	internet account and or take legal action.

>How-To-Repeat:

>Fix:

--- ppars-1.0.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	security/ppars
#	security/ppars/Makefile
#	security/ppars/pkg-descr
#	security/ppars/pkg-plist
#	security/ppars/distinfo
#	security/ppars/pkg-message
#	security/ppars/files
#	security/ppars/files/patch-Makefile
#	security/ppars/pkg-deinstall
#
echo c - security/ppars
mkdir -p security/ppars > /dev/null 2>&1
echo x - security/ppars/Makefile
sed 's/^X//' >security/ppars/Makefile << 'END-of-security/ppars/Makefile'
X# New ports collection makefile for:	ppars
X# Date created:		29 June 2004
X# Whom:			Frank W. Josellis <frank@dynamical-systems.org>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	ppars
XPORTVERSION=	1.0
XCATEGORIES=	security
XMASTER_SITES=	http://www.dshield.org/clients/
XDISTNAME=	ppars
X
XMAINTAINER=	fbsd_user@a1poweruser.com
XCOMMENT=	Proactive Probing Abuse Reporting System
X
XRUN_DEPENDS=	${SITE_PERL}/Net/Netmask.pm:${PORTSDIR}/net-mgmt/p5-Net-Netmask
X
XUSE_PERL5=	yes
X
XWRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
XPKGMESSAGE=	${WRKSRC}/pkg-message
XPKGDEINSTALL=	${WRKSRC}/pkg-deinstall
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 490000
XIGNORE=		"Not supported on releases prior to 4.9"
X.endif
X
Xpre-install:
X	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X		pkg-message > ${PKGMESSAGE}
X	@${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \
X		-e "s=%%PORTNAME%%=${PORTNAME}=g" \
X		pkg-deinstall > ${PKGDEINSTALL}
X
Xpost-install:
X	${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-security/ppars/Makefile
echo x - security/ppars/pkg-descr
sed 's/^X//' >security/ppars/pkg-descr << 'END-of-security/ppars/pkg-descr'
XWelcome to the Proactive Abuse Reporting System.
X
XIn an effort to be proactive in doing my part to stop the massive 
Xquantities of internet traffic probing for open ports or more 
Xspecifically the probing for known ports that ms/windows spy ware, 
XTrojans, and what ever other ms/windows ports are commonly probed 
Xwhich result in increasing my bandwidth usage changes, I wrote this 
Xperl application for reporting that abuse to the senders ISP, with 
Xthe hopes they will monitor the abuser and terminate the abuser's 
Xinternet account and or take legal action.
X
XScript is installed into /usr/local/sbin where you can edit the 
Xdefaults to meet your requirements. Issue rehash command to enable.
XRun abuse.Reporting.system.pl script for complete overview description
Xof system.
X
X6/1/2004 Author: Joe Barbish, I bequeath these perl scripts to public
Xdomain. It can be copied and distributed for free by anyone to anyone 
Xby any manner.
X
XWWW: http://www.dshield.org/linux_clients.php#freebsd
X
XJoe Barbish
Xfbsd_user@a1poweruser.com
END-of-security/ppars/pkg-descr
echo x - security/ppars/pkg-plist
sed 's/^X//' >security/ppars/pkg-plist << 'END-of-security/ppars/pkg-plist'
Xetc/ppars/abuse.Reporting.system.pl.dist
Xetc/ppars/abuse.dshield.pl.dist
Xetc/ppars/abuse.ipflog.rotate.pl.dist
Xetc/ppars/abuse.myisp.pl.dist
Xetc/ppars/abuse.public.ISP0.pl.dist
Xetc/ppars/abuse.public.ISP1.pl.dist
Xsbin/abuse.Reporting.system.pl
Xsbin/abuse.dshield.pl
Xsbin/abuse.ipflog.rotate.pl
Xsbin/abuse.myisp.pl
Xsbin/abuse.public.ISP0.pl
Xsbin/abuse.public.ISP1.pl
X@dirrm etc/ppars
END-of-security/ppars/pkg-plist
echo x - security/ppars/distinfo
sed 's/^X//' >security/ppars/distinfo << 'END-of-security/ppars/distinfo'
XMD5 (ppars.tar.gz) = f7bc273d85dd28e71d2efa8a2551c05a
XSIZE (ppars.tar.gz) = 13219
END-of-security/ppars/distinfo
echo x - security/ppars/pkg-message
sed 's/^X//' >security/ppars/pkg-message << 'END-of-security/ppars/pkg-message'
X***************************************************************************
X
XInstaller instructions.  This port has installed the following six
Xscripts into %%PREFIX%%/sbin directory.
X                                 abuse.dshield.pl
X                                 abuse.ipflog.rotate.pl
X                                 abuse.myisp.pl
X                                 abuse.public.ISP0.pl
X                                 abuse.public.ISP1.pl
X                                 abuse.Reporting.system.pl
X
XYou have to edit the scripts and change the default email address in
Xthe script source. Script contains comments explaining what needs to
Xbe changed. In some cases you also have to create an exclude file,
Xfollow instructions in the individual scripts about the syntax of
Xthe exclude file contents.
X
XTo receive feedback reports and see your abuse.dshield.pl submitted
Xlog data online at dshield.org you have to sign up for free
Xmembership. See www.dshield.org for details.
X
XFirst issue rehash command and then run  abuse.Reporting.system.pl
Xit contains an overview of how the system works and how to setup the
Xipfilter log so when it's rotated all the scripts will be auto
Xlaunched.
X
X***************************************************************************
END-of-security/ppars/pkg-message
echo c - security/ppars/files
mkdir -p security/ppars/files > /dev/null 2>&1
echo x - security/ppars/files/patch-Makefile
sed 's/^X//' >security/ppars/files/patch-Makefile << 'END-of-security/ppars/files/patch-Makefile'
X--- Makefile.orig	Tue Jun 29 22:00:00 2004
X+++ Makefile	Sat Jul  3 22:57:14 2004
X@@ -5,9 +5,11 @@
X ###########################################################################
X RMCMD	= rm -f
X INSTALL = install
X+MKDIR	= mkdir -p
X 
X prefix	= /usr/local
X sbindir	= $(prefix)/sbin
X+etcdir	= $(prefix)/etc/ppars
X 
X SCRIPTS	= \
X 	abuse.Reporting.system.pl \
X@@ -21,9 +23,11 @@
X all:
X 
X install: 
X+	@[ -d $(etcdir) ] || $(MKDIR) $(etcdir)
X 	@for i in $(SCRIPTS); do \
X 	echo "Installing: $(sbindir)/$$i" ; \
X 	$(INSTALL) -o root -g wheel -m 700 $$i $(sbindir) ; \
X+	$(INSTALL) -o root -g wheel -m 644 $$i $(etcdir)/$$i.dist ; \
X 	done	
X 
X uninstall:
X@@ -35,3 +39,5 @@
X 		echo "No such file: $(sbindir)/$$i" ; \
X 	fi \
X 	done
X+	-$(RMCMD) $(etcdir)/*
X+	-rmdir $(etcdir)
END-of-security/ppars/files/patch-Makefile
echo x - security/ppars/pkg-deinstall
sed 's/^X//' >security/ppars/pkg-deinstall << 'END-of-security/ppars/pkg-deinstall'
X#!/bin/sh
X
XPREFIX=%%PREFIX%%
XPORTNAME=%%PORTNAME%%
X
XSCRIPTS="Reporting.system dshield ipflog.rotate myisp public.ISP0 public.ISP1"
X
X# Restore the original scripts to undo any customization and thus
X# to allow clean deinstallation.
X#
Xfor i in ${SCRIPTS}; do
X    SCRIPT=abuse.${i}.pl
X    if [ -f ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ]; then
X	install -o root -g wheel -m 700 \
X	    ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ${PREFIX}/sbin/${SCRIPT}
X    fi
Xdone
X
Xexit 0
END-of-security/ppars/pkg-deinstall
exit
--- ppars-1.0.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407041715.i64HFhYL002033>