Date: Tue, 6 Mar 2007 16:51:04 GMT From: Roger Gujord<roger@gujord.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/110000: security/bruteblock Package does not install correctly Message-ID: <200703061651.l26Gp4Wt008693@www.freebsd.org> Resent-Message-ID: <200703061700.l26H0BMO080648@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 110000 >Category: ports >Synopsis: security/bruteblock Package does not install correctly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Mar 06 17:00:11 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Roger Gujord >Release: FreeBSD 6.2-RELEASE >Organization: >Environment: FreeBSD XXX.XXXX.XXX 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: # pkg_add -r bruteblock Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/Latest/bruteblock.tbz... Done. Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/All/pcre-6.7.tbz... Done. cp: /usr/local/etc/bruteblock/bruteblock/proftpd.conf: No such file or directory pkg_add: command 'if [ ! -f /usr/local/etc/bruteblock/proftpd.conf ]; then cp -p /usr/local/etc/bruteblock/proftpd.conf.dist /usr/local/etc/bruteblock/bruteblock/proftpd.conf; fi' failed cp: /usr/local/etc/bruteblock/bruteblock/ssh.conf: No such file or directory pkg_add: command 'if [ ! -f /usr/local/etc/bruteblock/ssh.conf ]; then cp -p /usr/local/etc/bruteblock/ssh.conf.dist /usr/local/etc/bruteblock/bruteblock/ssh.conf; fi' failed ===> CONFIGURATION NOTE: Configuration of the bruteblock is done via configuration files located at /usr/local/etc/bruteblock/ To run the script, append following lines to /etc/syslog.conf: !* auth.info;authpriv.info |exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf and restart syslogd. Also you should add ipfw2 table and the corresponding deny rule. For example, # ipfw add deny ip from table(1) to any Next, you'll want to setup periodical cleanup of ipfw2 table. Add following lines to /etc/rc.conf: bruteblockd_enable="YES" bruteblockd_table="1" bruteblockd_flags="-s 5" and start bruteblockd: /usr/local/etc/rc.d/bruteblockd.sh start See bruteblock(8) for more detailts. >How-To-Repeat: DO: pkg_add -r bruteblock without having proftpd installed >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703061651.l26Gp4Wt008693>