diff options
author | Mike Pagano <mpagano@gentoo.org> | 2006-07-24 19:45:21 +0000 |
---|---|---|
committer | Mike Pagano <mpagano@gentoo.org> | 2006-07-24 19:45:21 +0000 |
commit | 29776e4d8ac5c0cc96ddbd857233d83080c4a039 (patch) | |
tree | 161bebdced81e4e896e479ba0d5452bd57f7be83 | |
parent | add two missing bug IDs (diff) | |
download | sunrise-29776e4d8ac5c0cc96ddbd857233d83080c4a039.tar.gz sunrise-29776e4d8ac5c0cc96ddbd857233d83080c4a039.tar.bz2 sunrise-29776e4d8ac5c0cc96ddbd857233d83080c4a039.zip |
Initial revision of blocksshd. Reviewed by genstef
svn path=/sunrise/; revision=695
-rw-r--r-- | net-misc/blocksshd/ChangeLog | 10 | ||||
-rw-r--r-- | net-misc/blocksshd/blocksshd-0.6.ebuild | 58 | ||||
-rwxr-xr-x | net-misc/blocksshd/files/blocksshd-0.6.conf-dir-change.patch | 26 | ||||
-rwxr-xr-x | net-misc/blocksshd/files/blocksshd-0.6.etc-dir-change.patch | 11 | ||||
-rwxr-xr-x | net-misc/blocksshd/files/blocksshd.init | 30 | ||||
-rw-r--r-- | net-misc/blocksshd/metadata.xml | 5 |
6 files changed, 140 insertions, 0 deletions
diff --git a/net-misc/blocksshd/ChangeLog b/net-misc/blocksshd/ChangeLog new file mode 100644 index 000000000..cd36b5e76 --- /dev/null +++ b/net-misc/blocksshd/ChangeLog @@ -0,0 +1,10 @@ +# ChangeLog for net-misc/blocksshd +# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + + 24 Jul 2006; Michael Pagano <mpagano@gmail.com> +blocksshd-0.6.ebuild, + +files/blocksshd-0.6.conf-dir-change.patch, + +files/blocksshd-0.6.etc-dir-change.patch, +files/blocksshd.init, + +metadata.xml: + New ebuild for bug 141347. Reviewed by genstef. + diff --git a/net-misc/blocksshd/blocksshd-0.6.ebuild b/net-misc/blocksshd/blocksshd-0.6.ebuild new file mode 100644 index 000000000..96da64d51 --- /dev/null +++ b/net-misc/blocksshd/blocksshd-0.6.ebuild @@ -0,0 +1,58 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +inherit eutils + +DESCRIPTION="Protects computers from SSH brute force attacks by dynamically blocking IP addresses by adding iptables rules." +HOMEPAGE="http://sourceforge.net/projects/blocksshd" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-1" +SLOT="0" + +KEYWORDS="~x86" +IUSE="" + +DEPEND="" +RDEPEND=">=perl-core/Sys-Syslog-0.16 + >=dev-perl/Sys-Hostname-Long-1.2 + >=dev-perl/File-Tail-0.99.1 + >=dev-perl/Net-DNS-0.53-r1 + >=dev-perl/Proc-Daemon-0.03 + >=dev-perl/Proc-PID-File-1.24 + >=perl-core/Getopt-Long-2.34 + >=net-firewall/iptables-1.3.5-r1" + +src_unpack() { + unpack ${A} + cd "${S}" + + # convert CRLF to LF + edos2unix blocksshd blocksshd.conf + + #apply patches + epatch ${FILESDIR}/blocksshd-0.6.conf-dir-change.patch + epatch ${FILESDIR}/blocksshd-0.6.etc-dir-change.patch +} + +src_install() { + dosbin blocksshd || die "dosbin failed" + dodoc CHANGELOG CREDITS INSTALL README VERSION blocksshd.conf + + newinitd ${FILESDIR}/blocksshd.init blocksshd + + insinto /etc/blocksshd + newins blocksshd.conf blocksshd.conf.sample +} + +pkg_postinst() { + echo + einfo + ewarn "The configuration file ${ROOT}etc/blocksshd/blocksshd.conf.sample" + ewarn "must be renamed before blocksshd will run." + ewarn "Please review this configuration file for settings that might" + ewarn "be appropiate for your setup." + einfo +} + diff --git a/net-misc/blocksshd/files/blocksshd-0.6.conf-dir-change.patch b/net-misc/blocksshd/files/blocksshd-0.6.conf-dir-change.patch new file mode 100755 index 000000000..f2b11a5da --- /dev/null +++ b/net-misc/blocksshd/files/blocksshd-0.6.conf-dir-change.patch @@ -0,0 +1,26 @@ +--- blocksshd.conf.org 2006-07-19 06:57:06.000000000 -0400 ++++ blocksshd.conf 2006-07-21 14:31:43.000000000 -0400 +@@ -3,18 +3,18 @@ + $cfg = { + os => 'linux', # Target OS - either linux or bsd + chain => 'blocksshd', # Name of iptables or pf chain +- logfile => '/var/log/secure', # Log file to monitor ++ logfile => '/var/log/messages', # Log file to monitor + logcheck => '10', # How often to check the log file + max_attempts => '4', # Max number of failures + timeout => '360', # Reset IP count if no activity after time out in seconds +- unblock => '1', # Enable unblocking ++ unblock => '0', # Enable unblocking + unblock_timeout => '43200', # Time in seconds after which to unblock a blocked IP address + restore_blocked => '0', # Turn on checking for previously blocked IPs +- log_ips => '/usr/local/etc/blocksshd.list', # Log file for blocked IPs ++ log_ips => '/etc/blocksshd/blocksshd.list', # Log file for blocked IPs + pid_file => '/var/run/blocksshd.pid', # Location of PID file +- send_email => '1', # Enable the sending of email notifications ++ send_email => '0', # Enable the sending of email notifications + email => 'root', # Email address to send notifications +- mail => '/bin/mail', # Location of mail binary ++ mail => '/bin/mail', # Location of mail binary + iptables => '/sbin/iptables', # Location of iptables binary - only for Linux + pfctl => '/sbin/pfctl', # Location of pfctl binary - only for BSD + whitelist => [qw{ diff --git a/net-misc/blocksshd/files/blocksshd-0.6.etc-dir-change.patch b/net-misc/blocksshd/files/blocksshd-0.6.etc-dir-change.patch new file mode 100755 index 000000000..f8067af60 --- /dev/null +++ b/net-misc/blocksshd/files/blocksshd-0.6.etc-dir-change.patch @@ -0,0 +1,11 @@ +--- blocksshd.org 2006-07-19 06:13:39.000000000 -0400 ++++ blocksshd 2006-07-20 20:12:06.000000000 -0400 +@@ -41,7 +41,7 @@ + our $cfg; + + # this is where configuration file is located +-require '/usr/local/etc/blocksshd.conf'; ++require '/etc/blocksshd/blocksshd.conf'; + + my $work = { + ipv4 => '(?:\d{1,3}\.){3}\d{1,3}', # regexp to match ipv4 address diff --git a/net-misc/blocksshd/files/blocksshd.init b/net-misc/blocksshd/files/blocksshd.init new file mode 100755 index 000000000..7f55803ae --- /dev/null +++ b/net-misc/blocksshd/files/blocksshd.init @@ -0,0 +1,30 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header:$ + +depend() { + need net +} + +checkconfig() { + if [ ! -e /etc/blocksshd/blocksshd.conf ] ; then + eerror "You need a /etc/blocksshd/blocksshd.conf file to run blocksshd" + eerror "There is a sample file in /etc/blocksshd/" + return 1 + fi + +} + +start() { + checkconfig || return 1 + ebegin "Starting BlockSSHD" + /usr/sbin/blocksshd --start + eend $? +} + +stop() { + ebegin "Stopping BlockSSHD" + start-stop-daemon --verbose --stop --pidfile /var/run/blocksshd.pid + eend $? +} diff --git a/net-misc/blocksshd/metadata.xml b/net-misc/blocksshd/metadata.xml new file mode 100644 index 000000000..7e3286984 --- /dev/null +++ b/net-misc/blocksshd/metadata.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>maintainer-wanted</herd> +</pkgmetadata> |