Date: Thu, 10 Nov 2005 10:42:46 +0100 (CET) From: <mohacsi@niif.hu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/88781: [NEW PORT] security/denyhosts: Script to thwart ssh attacks Message-ID: <200511100942.jAA9gkrk067054@skye.ki.iif.hu> Resent-Message-ID: <200511100950.jAA9oDd3040256@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88781 >Category: ports >Synopsis: [NEW PORT] security/denyhosts: Script to thwart ssh attacks >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Nov 10 09:50:13 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Charlie & >Release: FreeBSD 5.4-STABLE i386 >Organization: >Environment: System: FreeBSD skye.ki.iif.hu 5.4-STABLE FreeBSD 5.4-STABLE #1: Tue Apr 19 16:41:38 CEST 2005 >Description: DenyHosts is a script intended to be run by *ix system administrators to help thwart ssh server attacks. If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed to see how many hackers attempted to gain access to your server. Denyhosts helps you: - Parses /var/log/auth.log to find all login attempts - Can be run from the command line, cron or as a daemon (new in 0.9) - Records all failed login attempts for the user and offending host - For each host that exceeds a threshold count, records the evil host - Keeps track of each non-existent user (eg. sdada) when a login attempt failed. - Keeps track of each existing user (eg. root) when a login attempt failed. - Keeps track of each offending host (hosts can be purged ) - Keeps track of suspicious logins - Keeps track of the file offset, so that you can reparse the same file - When the log file is rotated, the script will detect it - Appends /etc/hosts.allow - Optionally sends an email of newly banned hosts and suspicious logins. - Resolves IP addresses to hostnames, if you want WWW: http://denyhosts.sourceforge.net/ Generated with FreeBSD Port Tools 0.63 >How-To-Repeat: >Fix: --- denyhosts-1.1.2.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # denyhosts # denyhosts/pkg-plist # denyhosts/pkg-descr # denyhosts/distinfo # denyhosts/Makefile # denyhosts/files # denyhosts/files/patch-daemon-control-dist # denyhosts/files/patch-denyhosts.cfg-dist # denyhosts/files/patch-setup.py # echo c - denyhosts mkdir -p denyhosts > /dev/null 2>&1 echo x - denyhosts/pkg-plist sed 's/^X//' >denyhosts/pkg-plist << 'END-of-denyhosts/pkg-plist' Xbin/denyhosts.py X%%DATADIR%%/denyhosts.cfg-dist X%%DATADIR%%/setup.py X%%DATADIR%%/daemon-control-dist X@dirrm %%DATADIR%% X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.py X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/version.py X%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.py X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.py X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/util.py X%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.py X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.py X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.py X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.py X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.py X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/report.py X%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.py X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.py X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.py X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.py X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.py X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.py X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyo X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.py X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyc X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyo X@dirrm %%PYTHON_SITELIBDIR%%/DenyHosts X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.txt X%%PORTDOCS%%%%DOCSDIR%%/LICENSE.txt X%%PORTDOCS%%%%DOCSDIR%%/README.txt X%%PORTDOCS%%@dirrm %%DOCSDIR%% END-of-denyhosts/pkg-plist echo x - denyhosts/pkg-descr sed 's/^X//' >denyhosts/pkg-descr << 'END-of-denyhosts/pkg-descr' XDenyHosts is a script intended to be run by *ix system administrators to Xhelp thwart ssh server attacks. X XIf you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed Xto see how many hackers attempted to gain access to your server. XDenyhosts helps you: X- Parses /var/log/auth.log to find all login attempts X- Can be run from the command line, cron or as a daemon (new in 0.9) X- Records all failed login attempts for the user and offending host X- For each host that exceeds a threshold count, records the evil host X- Keeps track of each non-existent user (eg. sdada) when a login attempt failed. X- Keeps track of each existing user (eg. root) when a login attempt failed. X- Keeps track of each offending host (hosts can be purged ) X- Keeps track of suspicious logins X- Keeps track of the file offset, so that you can reparse the same file X- When the log file is rotated, the script will detect it X- Appends /etc/hosts.allow X- Optionally sends an email of newly banned hosts and suspicious logins. X- Resolves IP addresses to hostnames, if you want X XWWW: http://denyhosts.sourceforge.net/ END-of-denyhosts/pkg-descr echo x - denyhosts/distinfo sed 's/^X//' >denyhosts/distinfo << 'END-of-denyhosts/distinfo' XMD5 (DenyHosts-1.1.2.tar.gz) = d2c6f00243c0fcd0f4498c3c71a1074e XSHA256 (DenyHosts-1.1.2.tar.gz) = e570af443d87a1b6cc4262c2e4f769e07ba5de7d75f9980f8f914160ed9c1a04 XSIZE (DenyHosts-1.1.2.tar.gz) = 31000 END-of-denyhosts/distinfo echo x - denyhosts/Makefile sed 's/^X//' >denyhosts/Makefile << 'END-of-denyhosts/Makefile' X# New ports collection makefile for: denyhosts X# Date created: 04 November 2005 X# Whom: Janos Mohacsi <janos.mohacsi@bsd.hu> X# X# $FreeBSD$ X# X XPORTNAME= denyhosts XPORTVERSION= 1.1.2 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE} XMASTER_SITE_SUBDIR= ${PORTNAME} XDISTNAME= DenyHosts-${PORTVERSION} X XMAINTAINER= janos.mohacsi@bsd.hu XCOMMENT= Script to thwart ssh attacks X XUSE_REINPLACE= yes XUSE_PYTHON= yes XUSE_PYDISTUTILS= yes X XDOC_FILES= CHANGELOG.txt LICENSE.txt README.txt X Xpre-configure: X ${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \ X ${WRKSRC}/daemon-control-dist \ X ${WRKSRC}/denyhosts.cfg-dist \ X ${WRKSRC}/setup.py X Xpost-install: X.ifndef(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X.for file in ${DOC_FILES} X @${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR} X.endfor X.endif X X.include <bsd.port.mk> END-of-denyhosts/Makefile echo c - denyhosts/files mkdir -p denyhosts/files > /dev/null 2>&1 echo x - denyhosts/files/patch-daemon-control-dist sed 's/^X//' >denyhosts/files/patch-daemon-control-dist << 'END-of-denyhosts/files/patch-daemon-control-dist' X X$FreeBSD$ X X--- daemon-control-dist.orig X+++ daemon-control-dist X@@ -11,9 +11,9 @@ X #### Edit these to suit your configuration #### X ############################################### X X-DENYHOSTS_BIN = "/usr/bin/denyhosts.py" X-DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" X-DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" X+DENYHOSTS_BIN = "%%PREFIX%%/bin/denyhosts.py" X+DENYHOSTS_LOCK = "/var/run/denyhosts" X+DENYHOSTS_CFG = "%%PREFIX%%/share/denyhosts/denyhosts.cfg" X X X ############################################### END-of-denyhosts/files/patch-daemon-control-dist echo x - denyhosts/files/patch-denyhosts.cfg-dist sed 's/^X//' >denyhosts/files/patch-denyhosts.cfg-dist << 'END-of-denyhosts/files/patch-denyhosts.cfg-dist' X X$FreeBSD$ X X--- denyhosts.cfg-dist.orig X+++ denyhosts.cfg-dist X@@ -9,10 +9,10 @@ X # argument X # X # Redhat: X-SECURE_LOG = /var/log/secure X+#SECURE_LOG = /var/log/secure X # X # Mandrake or FreeBSD: X-#SECURE_LOG = /var/log/auth.log X+SECURE_LOG = /var/log/auth.log X # X # SuSE: X #SECURE_LOG = /var/log/messages X@@ -23,10 +23,10 @@ X # HOSTS_DENY: the file which contains restricted host access information X # X # Most operating systems: X-HOSTS_DENY = /etc/hosts.deny X+#HOSTS_DENY = /etc/hosts.deny X # X # Some BSD (FreeBSD) Unixes: X-#HOSTS_DENY = /etc/hosts.allow X+HOSTS_DENY = /etc/hosts.allow X # X # Another possibility (also see the next option): X #HOSTS_DENY = /etc/hosts.evil X@@ -157,10 +157,10 @@ X # running at a time. X # X # Redhat/Fedora: X-LOCK_FILE = /var/lock/subsys/denyhosts X+#LOCK_FILE = /var/lock/subsys/denyhosts X # X-# Debian X-#LOCK_FILE = /var/run/denyhosts.pid X+# Debian (and FreeBSD) X+LOCK_FILE = /var/run/denyhosts.pid X # X # Misc X #LOCK_FILE = /tmp/denyhosts.lock END-of-denyhosts/files/patch-denyhosts.cfg-dist echo x - denyhosts/files/patch-setup.py sed 's/^X//' >denyhosts/files/patch-setup.py << 'END-of-denyhosts/files/patch-setup.py' X X$FreeBSD$ X X--- setup.py.orig X+++ setup.py X@@ -7,7 +7,7 @@ X from glob import glob X X X-libpath = "/usr/share/denyhosts" X+libpath = "%%PREFIX%%/share/denyhosts" X X ######################################################################### X X@@ -24,10 +24,7 @@ X data_files=[(libpath, glob("denyhosts.cfg-dist")), X (libpath, glob("denyhosts-daemon-initscript")), X (libpath, glob("setup.py")), X- (libpath, glob("daemon-control-dist")), X- (libpath, glob("CHANGELOG.txt")), X- (libpath, glob("README.txt")), X- (libpath, glob("LICENSE.txt"))], X+ (libpath, glob("daemon-control-dist"))], X license="GPL", X ##extra_path='denyhosts', X long_description=""" END-of-denyhosts/files/patch-setup.py exit --- denyhosts-1.1.2.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511100942.jAA9gkrk067054>