From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Jul 4 17:20:17 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 967D716A4D1 for ; Sun, 4 Jul 2004 17:20:17 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6ADD43D2D for ; Sun, 4 Jul 2004 17:20:08 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i64HK8Di089590 for ; Sun, 4 Jul 2004 17:20:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i64HK86g089589; Sun, 4 Jul 2004 17:20:08 GMT (envelope-from gnats) Resent-Date: Sun, 4 Jul 2004 17:20:08 GMT Resent-Message-Id: <200407041720.i64HK86g089589@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, fbsd_user@a1poweruser.com Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 195AE16A4CE for ; Sun, 4 Jul 2004 17:15:52 +0000 (GMT) Received: from mout2.freenet.de (mout2.freenet.de [194.97.50.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6A5D43D45 for ; Sun, 4 Jul 2004 17:15:51 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from [194.97.50.144] (helo=mx1.freenet.de) by mout2.freenet.de with asmtp (Exim 4.34) id 1BhAal-00026L-1g; Sun, 04 Jul 2004 19:15:51 +0200 Received: from a1bd8.a.pppool.de ([213.6.27.216] helo=achilles.tractrix.org) (TLSv1:AES256-SHA:256) (Exim 4.34 #3) id 1BhAah-0005hk-SB; Sun, 04 Jul 2004 19:15:51 +0200 Received: from achilles.tractrix.org (localhost.tractrix.org [127.0.0.1]) i64HFheM002034; Sun, 4 Jul 2004 19:15:43 +0200 (CEST) (envelope-from fbsd_user@a1poweruser.com) Received: (from root@localhost) by achilles.tractrix.org (8.12.10/8.12.10/Submit) id i64HFhYL002033; Sun, 4 Jul 2004 19:15:43 +0200 (CEST) (envelope-from fbsd_user@a1poweruser.com) Message-Id: <200407041715.i64HFhYL002033@achilles.tractrix.org> Date: Sun, 4 Jul 2004 19:15:43 +0200 (CEST) From: fbsd_user@a1poweruser.com To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: fbsd_user@a1poweruser.com Subject: ports/68662: New port: security/ppars (Proactive Probing Abuse Reporting System) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Jul 2004 17:20:18 -0000 >Number: 68662 >Category: ports >Synopsis: New port: security/ppars (Proactive Probing Abuse Reporting System) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jul 04 17:20:08 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Joe Barbish >Release: FreeBSD 4.9-RELEASE i386 >Organization: none >Environment: System: FreeBSD achilles.tractrix.org 4.9-RELEASE FreeBSD 4.9-RELEASE #5: Wed Jun 2 17:28:48 CEST 2004 root@achilles.tractrix.org:/usr/src/sys/compile/ACHILLES i386 >Description: In an effort to be proactive in doing my part to stop the massive quantities of internet traffic probing for open ports or more specifically the probing for known ports that ms/windows spy ware, Trojans, and what ever other ms/windows ports are commonly probed which result in increasing my bandwidth usage changes, I wrote this perl application for reporting that abuse to the senders ISP, with the hopes they will monitor the abuser and terminate the abuser's internet account and or take legal action. >How-To-Repeat: >Fix: --- ppars-1.0.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # security/ppars # security/ppars/Makefile # security/ppars/pkg-descr # security/ppars/pkg-plist # security/ppars/distinfo # security/ppars/pkg-message # security/ppars/files # security/ppars/files/patch-Makefile # security/ppars/pkg-deinstall # echo c - security/ppars mkdir -p security/ppars > /dev/null 2>&1 echo x - security/ppars/Makefile sed 's/^X//' >security/ppars/Makefile << 'END-of-security/ppars/Makefile' X# New ports collection makefile for: ppars X# Date created: 29 June 2004 X# Whom: Frank W. Josellis X# X# $FreeBSD$ X# X XPORTNAME= ppars XPORTVERSION= 1.0 XCATEGORIES= security XMASTER_SITES= http://www.dshield.org/clients/ XDISTNAME= ppars X XMAINTAINER= fbsd_user@a1poweruser.com XCOMMENT= Proactive Probing Abuse Reporting System X XRUN_DEPENDS= ${SITE_PERL}/Net/Netmask.pm:${PORTSDIR}/net-mgmt/p5-Net-Netmask X XUSE_PERL5= yes X XWRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} XPKGMESSAGE= ${WRKSRC}/pkg-message XPKGDEINSTALL= ${WRKSRC}/pkg-deinstall X X.include X X.if ${OSVERSION} < 490000 XIGNORE= "Not supported on releases prior to 4.9" X.endif X Xpre-install: X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \ X pkg-message > ${PKGMESSAGE} X @${SED} -e "s=%%PREFIX%%=${PREFIX}=g" \ X -e "s=%%PORTNAME%%=${PORTNAME}=g" \ X pkg-deinstall > ${PKGDEINSTALL} X Xpost-install: X ${CAT} ${PKGMESSAGE} X X.include END-of-security/ppars/Makefile echo x - security/ppars/pkg-descr sed 's/^X//' >security/ppars/pkg-descr << 'END-of-security/ppars/pkg-descr' XWelcome to the Proactive Abuse Reporting System. X XIn an effort to be proactive in doing my part to stop the massive Xquantities of internet traffic probing for open ports or more Xspecifically the probing for known ports that ms/windows spy ware, XTrojans, and what ever other ms/windows ports are commonly probed Xwhich result in increasing my bandwidth usage changes, I wrote this Xperl application for reporting that abuse to the senders ISP, with Xthe hopes they will monitor the abuser and terminate the abuser's Xinternet account and or take legal action. X XScript is installed into /usr/local/sbin where you can edit the Xdefaults to meet your requirements. Issue rehash command to enable. XRun abuse.Reporting.system.pl script for complete overview description Xof system. X X6/1/2004 Author: Joe Barbish, I bequeath these perl scripts to public Xdomain. It can be copied and distributed for free by anyone to anyone Xby any manner. X XWWW: http://www.dshield.org/linux_clients.php#freebsd X XJoe Barbish Xfbsd_user@a1poweruser.com END-of-security/ppars/pkg-descr echo x - security/ppars/pkg-plist sed 's/^X//' >security/ppars/pkg-plist << 'END-of-security/ppars/pkg-plist' Xetc/ppars/abuse.Reporting.system.pl.dist Xetc/ppars/abuse.dshield.pl.dist Xetc/ppars/abuse.ipflog.rotate.pl.dist Xetc/ppars/abuse.myisp.pl.dist Xetc/ppars/abuse.public.ISP0.pl.dist Xetc/ppars/abuse.public.ISP1.pl.dist Xsbin/abuse.Reporting.system.pl Xsbin/abuse.dshield.pl Xsbin/abuse.ipflog.rotate.pl Xsbin/abuse.myisp.pl Xsbin/abuse.public.ISP0.pl Xsbin/abuse.public.ISP1.pl X@dirrm etc/ppars END-of-security/ppars/pkg-plist echo x - security/ppars/distinfo sed 's/^X//' >security/ppars/distinfo << 'END-of-security/ppars/distinfo' XMD5 (ppars.tar.gz) = f7bc273d85dd28e71d2efa8a2551c05a XSIZE (ppars.tar.gz) = 13219 END-of-security/ppars/distinfo echo x - security/ppars/pkg-message sed 's/^X//' >security/ppars/pkg-message << 'END-of-security/ppars/pkg-message' X*************************************************************************** X XInstaller instructions. This port has installed the following six Xscripts into %%PREFIX%%/sbin directory. X abuse.dshield.pl X abuse.ipflog.rotate.pl X abuse.myisp.pl X abuse.public.ISP0.pl X abuse.public.ISP1.pl X abuse.Reporting.system.pl X XYou have to edit the scripts and change the default email address in Xthe script source. Script contains comments explaining what needs to Xbe changed. In some cases you also have to create an exclude file, Xfollow instructions in the individual scripts about the syntax of Xthe exclude file contents. X XTo receive feedback reports and see your abuse.dshield.pl submitted Xlog data online at dshield.org you have to sign up for free Xmembership. See www.dshield.org for details. X XFirst issue rehash command and then run abuse.Reporting.system.pl Xit contains an overview of how the system works and how to setup the Xipfilter log so when it's rotated all the scripts will be auto Xlaunched. X X*************************************************************************** END-of-security/ppars/pkg-message echo c - security/ppars/files mkdir -p security/ppars/files > /dev/null 2>&1 echo x - security/ppars/files/patch-Makefile sed 's/^X//' >security/ppars/files/patch-Makefile << 'END-of-security/ppars/files/patch-Makefile' X--- Makefile.orig Tue Jun 29 22:00:00 2004 X+++ Makefile Sat Jul 3 22:57:14 2004 X@@ -5,9 +5,11 @@ X ########################################################################### X RMCMD = rm -f X INSTALL = install X+MKDIR = mkdir -p X X prefix = /usr/local X sbindir = $(prefix)/sbin X+etcdir = $(prefix)/etc/ppars X X SCRIPTS = \ X abuse.Reporting.system.pl \ X@@ -21,9 +23,11 @@ X all: X X install: X+ @[ -d $(etcdir) ] || $(MKDIR) $(etcdir) X @for i in $(SCRIPTS); do \ X echo "Installing: $(sbindir)/$$i" ; \ X $(INSTALL) -o root -g wheel -m 700 $$i $(sbindir) ; \ X+ $(INSTALL) -o root -g wheel -m 644 $$i $(etcdir)/$$i.dist ; \ X done X X uninstall: X@@ -35,3 +39,5 @@ X echo "No such file: $(sbindir)/$$i" ; \ X fi \ X done X+ -$(RMCMD) $(etcdir)/* X+ -rmdir $(etcdir) END-of-security/ppars/files/patch-Makefile echo x - security/ppars/pkg-deinstall sed 's/^X//' >security/ppars/pkg-deinstall << 'END-of-security/ppars/pkg-deinstall' X#!/bin/sh X XPREFIX=%%PREFIX%% XPORTNAME=%%PORTNAME%% X XSCRIPTS="Reporting.system dshield ipflog.rotate myisp public.ISP0 public.ISP1" X X# Restore the original scripts to undo any customization and thus X# to allow clean deinstallation. X# Xfor i in ${SCRIPTS}; do X SCRIPT=abuse.${i}.pl X if [ -f ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ]; then X install -o root -g wheel -m 700 \ X ${PREFIX}/etc/${PORTNAME}/${SCRIPT}.dist ${PREFIX}/sbin/${SCRIPT} X fi Xdone X Xexit 0 END-of-security/ppars/pkg-deinstall exit --- ppars-1.0.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: