Bruteblock allows system administrators to block various bruteforce attacks on UNIX services. The program analyzes system logs and adds attacker's IP address into ipfw2 table effectively blocking them. Addresses are automatically removed from the table after specified amount of time. Bruteblock uses regular expressions to parse logs, which provides flexibility allowing it to be used with almost any network service. Bruteblock is written in pure C, doesn't use any external programs and work with ipfw2 tables via raw sockets API. WWW: http://samm.kiev.ua/bruteblock/index.html.en WWW: http://samm.kiev.ua/bruteblock/ (Russian)
Responsible Changed From-To: freebsd-ports-bugs->rafan Eat.
Hi. I am developer of the bruteblock. Today i found a problem which prevent security/bruteblock from building on FreeBSD <=6.0. The problem is in pidfile_* functions, which was not present on 5.xx and 6.0. I`ll correct code at evening and will release 0.0.3 version with bugfix. I think that the best solution is to wait for 0.0.3 version and submit it then. With best regards, Alex Samorukov
State Changed From-To: open->feedback According to author, please submit a new port that uses 0.0.3 and having a pkg-message is nice for users.
I attached 0.0.3 version of the port. -- Best regards, Alex Samorukov, SAMM1-RIPE Zend Certified PHP Engineer
* Rong-En Fan (rafan@FreeBSD.org) wrote: > According to author, please submit a new port that uses 0.0.3 > and having a pkg-message is nice for users. Fixed version of a port. --- bruteblock-0.0.3.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # bruteblock # bruteblock/Makefile # bruteblock/pkg-plist # bruteblock/pkg-descr # bruteblock/distinfo # bruteblock/files # bruteblock/files/bruteblockd.sh.in # bruteblock/files/pkg-message.in # echo c - bruteblock mkdir -p bruteblock > /dev/null 2>&1 echo x - bruteblock/Makefile sed 's/^X//' >bruteblock/Makefile << 'END-of-bruteblock/Makefile' X# New ports collection makefile for: bruteblock X# Date created: 30 Jul 2006 X# Whom: Dmitry Marakasov <amdmi3@mail.ru> X# X# $FreeBSD$ X# X XPORTNAME= bruteblock XPORTVERSION= 0.0.3 XCATEGORIES= security XMASTER_SITES= http://samm.kiev.ua/bruteblock/ X XMAINTAINER= amdmi3@mail.ru XCOMMENT= Software for blocking bruteforce attacks with ipfw X XLIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre X XPKGMESSAGE= ${WRKDIR}/pkg-message XSUB_FILES= pkg-message X XUSE_RC_SUBR= bruteblockd.sh XMAN8= bruteblock.8 X X.include <bsd.port.pre.mk> X X.if ${OSVERSION} < 503000 XIGNORE= requires FreeBSD >= 5.3 X.endif X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/bruteblock ${PREFIX}/sbin/ X ${INSTALL_PROGRAM} ${WRKSRC}/bruteblockd ${PREFIX}/sbin/ X ${MKDIR} ${PREFIX}/etc/bruteblock X.for file in ssh # more configs are planned to be added X ${INSTALL_DATA} ${WRKSRC}/etc/${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf.dist X if [ ! -f ${PREFIX}/etc/bruteblock/${file}.conf ]; then \ X ${INSTALL_DATA} ${WRKSRC}/etc/${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf; \ X fi X.endfor X ${INSTALL_MAN} ${WRKSRC}/doc/bruteblock.8 ${PREFIX}/man/man8/ X Xpost-install: X.if !defined(BATCH) X @${CAT} ${PKGMESSAGE} X.endif X X.include <bsd.port.post.mk> END-of-bruteblock/Makefile echo x - bruteblock/pkg-plist sed 's/^X//' >bruteblock/pkg-plist << 'END-of-bruteblock/pkg-plist' Xsbin/bruteblock Xsbin/bruteblockd X@unexec if cmp -s %D/etc/bruteblock/ssh.conf %D/etc/bruteblock/ssh.conf.dist; then rm -f %D/etc/bruteblock/ssh.conf; fi Xetc/bruteblock/ssh.conf.dist X@exec if [ ! -f %D/etc/bruteblock/ssh.conf ]; then cp -p %D/etc/bruteblock/ssh.conf.dist %D/etc/bruteblock/ssh.conf; fi X@dirrmtry etc/bruteblock END-of-bruteblock/pkg-plist echo x - bruteblock/pkg-descr sed 's/^X//' >bruteblock/pkg-descr << 'END-of-bruteblock/pkg-descr' XBruteblock allows system administrators to block various bruteforce Xattacks on UNIX services. The program analyzes system logs and adds Xattacker's IP address into ipfw2 table effectively blocking them. XAddresses are automatically removed from the table after specified Xamount of time. Bruteblock uses regular expressions to parse logs, Xwhich provides flexibility allowing it to be used with almost any Xnetwork service. Bruteblock is written in pure C, doesn't use any Xexternal programs and work with ipfw2 tables via raw sockets API. X XWWW: http://samm.kiev.ua/bruteblock/ END-of-bruteblock/pkg-descr echo x - bruteblock/distinfo sed 's/^X//' >bruteblock/distinfo << 'END-of-bruteblock/distinfo' XMD5 (bruteblock-0.0.3.tar.gz) = 21b7843d6ca17ffd942e06ab63060c2e XSHA256 (bruteblock-0.0.3.tar.gz) = 6c43d1789b15762896787f266999a3eccec38fae23b2c9f3f8342ad3d7d2e4ca XSIZE (bruteblock-0.0.3.tar.gz) = 23796 END-of-bruteblock/distinfo echo c - bruteblock/files mkdir -p bruteblock/files > /dev/null 2>&1 echo x - bruteblock/files/bruteblockd.sh.in sed 's/^X//' >bruteblock/files/bruteblockd.sh.in << 'END-of-bruteblock/files/bruteblockd.sh.in' X#!/bin/sh X X# PROVIDE: bruteblockd X# REQUIRE: NETWORKING syslogd X# KEYWORD: nojail X X. %%RC_SUBR%% X Xname="bruteblockd" Xrcvar=`set_rcvar` X Xload_rc_config $name X X: ${bruteblockd_enable="NO"} X Xpidfile="/var/run/${name}.pid" Xcommand=%%PREFIX%%/sbin/${name} Xcommand_args="-p ${pidfile} -t ${bruteblockd_table}" Xstart_precmd="bruteblockd_precmd" X Xbruteblockd_precmd() X{ X if [ -z "${bruteblockd_table}" ]; then X err 1 "Please specify ipfw table number with bruteblockd_table parameter in /etc/rc.conf (see bruteblock(8))" X fi X} X Xrun_rc_command "$1" END-of-bruteblock/files/bruteblockd.sh.in echo x - bruteblock/files/pkg-message.in sed 's/^X//' >bruteblock/files/pkg-message.in << 'END-of-bruteblock/files/pkg-message.in' X===> CONFIGURATION NOTE: X X Configuration of the bruteblock is done via configuration files X located at %%PREFIX%%/etc/bruteblock/ X X To run the script, add a line in /etc/syslog.conf: X Xauth.info;authpriv.info |exec %%PREFIX%%/sbin/bruteblock -f %%PREFIX%%/etc/bruteblock/ssh.conf X X and restart syslogd. X X Also you should add ipfw2 table and the corresponding deny rule. X For example, X X# ipfw add deny ip from table(1) to any X X Next, you'll want to setup periodical cleanup of ipfw2 table. Add following X lines to /etc/rc.conf: X X bruteblockd_enable="YES" X bruteblockd_table="1" X bruteblockd_flags="-s 5" X X and start bruteblockd: %%PREFIX%%/etc/rc.d/bruteblockd.sh start X XSee bruteblock(8) for more detailts. END-of-bruteblock/files/pkg-message.in exit --- bruteblock-0.0.3.shar ends here --- -- Best regards, Dmitry mailto:amdmi3@mail.ru
Dear submitter, ${INSTALL_DATA} ${WRKSRC}/etc/${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf.dist if [ ! -f ${PREFIX}/etc/bruteblock/${file}.conf ]; then \ ${INSTALL_DATA} ${WRKSRC}/etc/bruteblock-${file}.conf ${PREFIX}/etc/bruteblock/${file}.conf; \ fi These two files are not equal. So it will left etc/bruteblock/ssh.conf after removal. Also, I noticed that you use some different way to handling default configuration file than what in Porter's Handbook? Could you please address these issues and send me a new shar? After that, I'll add this port. Thanks, Rong-En Fan
* Rong-En Fan (rafan@FreeBSD.org) wrote: > Eat. May I ask why the port isn't being committed? I've submitted required canges for 0.0.3 and pkg-message. -- Best regards, Dmitry mailto:amdmi3@mail.ru
State Changed From-To: feedback->closed New port added. Thanks!