From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Dec 22 15:00:39 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B420916A420 for ; Thu, 22 Dec 2005 15:00:39 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0939243D8E for ; Thu, 22 Dec 2005 15:00:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id jBMF0KTh093585 for ; Thu, 22 Dec 2005 15:00:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id jBMF0K0J093584; Thu, 22 Dec 2005 15:00:20 GMT (envelope-from gnats) Resent-Date: Thu, 22 Dec 2005 15:00:20 GMT Resent-Message-Id: <200512221500.jBMF0K0J093584@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Robert Archer Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF30E16A41F for ; Thu, 22 Dec 2005 14:58:57 +0000 (GMT) (envelope-from freebsd@deathbeforedecaf.net) Received: from mail.0x7e.net (ppp251-46.static.internode.on.net [203.122.251.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4995B43D5C for ; Thu, 22 Dec 2005 14:58:56 +0000 (GMT) (envelope-from freebsd@deathbeforedecaf.net) Received: from zim.0x7e.net ([10.10.10.3] helo=gir.0x7e.net) by zim.0x7e.net with smtp (Exim 4.43 (FreeBSD)) id 1EpRMJ-00009C-2P for FreeBSD-gnats-submit@freebsd.org; Fri, 23 Dec 2005 00:53:55 +1030 Received: by gir.0x7e.net (sSMTP sendmail emulation); Fri, 23 Dec 2005 00:53:55 +1030 Message-Id: <20051222145856.4995B43D5C@mx1.FreeBSD.org> Date: Fri, 23 Dec 2005 00:53:55 +1030 From: Robert Archer To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/90811: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2005 15:00:39 -0000 >Number: 90811 >Category: ports >Synopsis: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Dec 22 15:00:20 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Robert Archer >Release: FreeBSD 4.11-RELEASE i386 >Organization: >Environment: System: FreeBSD gir.0x7e.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Wed Sep 14 12:55:17 CST 2005 rob@goo.0x7e.net:/tmp/GIR i386 >Description: ipfcount reads ipf(8) logs and extracts the following fields: iface group rule action shost sport dhost dport proto flags type dir You can then print lists like 'top blocked ports', 'top blocked hosts', or 'incoming connections sorted by interface and protocol'. For more sophisticated lists, you can filter the entries using Perl expressions. WWW: http://deathbeforedecaf.net/misc/ports >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ipfcount # ipfcount/Makefile # ipfcount/distinfo # ipfcount/files # ipfcount/files/pkg-message.in # ipfcount/pkg-descr # echo c - ipfcount mkdir -p ipfcount > /dev/null 2>&1 echo x - ipfcount/Makefile sed 's/^X//' >ipfcount/Makefile << 'END-of-ipfcount/Makefile' X# New ports collection makefile for: ipfcount X# Date created: 22 December 2005 X# Whom: Robert Archer X# X# $FreeBSD$ X# X XPORTNAME= ipfcount XPORTVERSION= 0.1 XCATEGORIES= security XMASTER_SITES= http://deathbeforedecaf.net/misc/ports/ \ X http://users.netleader.com.au/~rob/ X XMAINTAINER= freebsd@deathbeforedecaf.net XCOMMENT= Summarise ipf logs by counting and sorting the fields X XPLIST_FILES= bin/ipfcount \ X %%EXAMPLESDIR%%/100.ipfcount XPLIST_DIRS= %%EXAMPLESDIR%% X XMAN1= ipfcount.1 X XSUB_FILES= pkg-message X XUSE_PERL5= yes XUSE_REINPLACE= yes X X.include X X.if ${PERL_LEVEL} < 5006 XIGNORE= requires perl 5.6 or higher - see the lang/perl5.8 port X.endif X Xpost-patch: X ${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount X Xdo-build: X cd ${WRKSRC} && pod2man ipfcount > ipfcount.1 X Xdo-install: X ${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin X ${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1 X ${MKDIR} ${EXAMPLESDIR} X ${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR} X Xpost-install: X @${CAT} ${PKGMESSAGE} X X.include END-of-ipfcount/Makefile echo x - ipfcount/distinfo sed 's/^X//' >ipfcount/distinfo << 'END-of-ipfcount/distinfo' XMD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7 XSIZE (ipfcount-0.1.tar.gz) = 3757 END-of-ipfcount/distinfo echo c - ipfcount/files mkdir -p ipfcount/files > /dev/null 2>&1 echo x - ipfcount/files/pkg-message.in sed 's/^X//' >ipfcount/files/pkg-message.in << 'END-of-ipfcount/files/pkg-message.in' X X To summarise ipf(8) logs in your daily security check: X X * Copy %%EXAMPLESDIR%%/100.ipfcount to X %%PREFIX%%/etc/periodic/security X X * Add the line X X daily_status_security_ipfcount_enable="YES" X X to /etc/periodic.conf X END-of-ipfcount/files/pkg-message.in echo x - ipfcount/pkg-descr sed 's/^X//' >ipfcount/pkg-descr << 'END-of-ipfcount/pkg-descr' Xipfcount reads ipf(8) logs and extracts the following fields: X X iface group rule action shost sport dhost dport proto flags type dir X XYou can then print lists like 'top blocked ports', 'top blocked hosts', Xor 'incoming connections sorted by interface and protocol'. X XFor more sophisticated lists, you can filter the entries using Perl expressions. X XWWW: http://deathbeforedecaf.net/misc/ports END-of-ipfcount/pkg-descr exit >Release-Note: >Audit-Trail: >Unformatted: