ports/88781: [NEW PORT] security/denyhosts: Script to thwart ssh attacks

Thu Nov 10 09:50:16 UTC 2005

>Number:         88781
>Category:       ports
>Synopsis:       [NEW PORT] security/denyhosts: Script to thwart ssh attacks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 10 09:50:13 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Charlie &
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD skye.ki.iif.hu 5.4-STABLE FreeBSD 5.4-STABLE #1: Tue Apr 19 16:41:38 CEST 2005
>Description:
DenyHosts is a script intended to be run by *ix system administrators to 
help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed 
to see how many hackers attempted to gain access to your server. 
Denyhosts helps you:
- Parses /var/log/auth.log to find all login attempts
- Can be run from the command line, cron or as a daemon (new in 0.9)
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host (hosts can be purged )
- Keeps track of suspicious logins 
- Keeps track of the file offset, so that you can reparse the same file
- When the log file is rotated, the script will detect it 
- Appends /etc/hosts.allow
- Optionally sends an email of newly banned hosts and suspicious logins.
- Resolves IP addresses to hostnames, if you want

WWW:	http://denyhosts.sourceforge.net/

Generated with FreeBSD Port Tools 0.63
>How-To-Repeat:
>Fix:

--- denyhosts-1.1.2.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	denyhosts
#	denyhosts/pkg-plist
#	denyhosts/pkg-descr
#	denyhosts/distinfo
#	denyhosts/Makefile
#	denyhosts/files
#	denyhosts/files/patch-daemon-control-dist
#	denyhosts/files/patch-denyhosts.cfg-dist
#	denyhosts/files/patch-setup.py
#
echo c - denyhosts
mkdir -p denyhosts > /dev/null 2>&1
echo x - denyhosts/pkg-plist
sed 's/^X//' >denyhosts/pkg-plist << 'END-of-denyhosts/pkg-plist'
Xbin/denyhosts.py
X%%DATADIR%%/denyhosts.cfg-dist
X%%DATADIR%%/setup.py
X%%DATADIR%%/daemon-control-dist
X at dirrm %%DATADIR%%
X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/version.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/util.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/report.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyo
X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.py
X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyc
X%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyo
X at dirrm %%PYTHON_SITELIBDIR%%/DenyHosts
X%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.txt
X%%PORTDOCS%%%%DOCSDIR%%/LICENSE.txt
X%%PORTDOCS%%%%DOCSDIR%%/README.txt
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
END-of-denyhosts/pkg-plist
echo x - denyhosts/pkg-descr
sed 's/^X//' >denyhosts/pkg-descr << 'END-of-denyhosts/pkg-descr'
XDenyHosts is a script intended to be run by *ix system administrators to 
Xhelp thwart ssh server attacks.
X
XIf you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed 
Xto see how many hackers attempted to gain access to your server. 
XDenyhosts helps you:
X- Parses /var/log/auth.log to find all login attempts
X- Can be run from the command line, cron or as a daemon (new in 0.9)
X- Records all failed login attempts for the user and offending host
X- For each host that exceeds a threshold count, records the evil host
X- Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
X- Keeps track of each existing user (eg. root) when a login attempt failed.
X- Keeps track of each offending host (hosts can be purged )
X- Keeps track of suspicious logins 
X- Keeps track of the file offset, so that you can reparse the same file
X- When the log file is rotated, the script will detect it 
X- Appends /etc/hosts.allow
X- Optionally sends an email of newly banned hosts and suspicious logins.
X- Resolves IP addresses to hostnames, if you want
X
XWWW:	http://denyhosts.sourceforge.net/
END-of-denyhosts/pkg-descr
echo x - denyhosts/distinfo
sed 's/^X//' >denyhosts/distinfo << 'END-of-denyhosts/distinfo'
XMD5 (DenyHosts-1.1.2.tar.gz) = d2c6f00243c0fcd0f4498c3c71a1074e
XSHA256 (DenyHosts-1.1.2.tar.gz) = e570af443d87a1b6cc4262c2e4f769e07ba5de7d75f9980f8f914160ed9c1a04
XSIZE (DenyHosts-1.1.2.tar.gz) = 31000
END-of-denyhosts/distinfo
echo x - denyhosts/Makefile
sed 's/^X//' >denyhosts/Makefile << 'END-of-denyhosts/Makefile'
X# New ports collection makefile for:    denyhosts
X# Date created:         		04 November 2005
X# Whom:                 		Janos Mohacsi <janos.mohacsi at bsd.hu>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	denyhosts
XPORTVERSION=	1.1.2
XCATEGORIES=	security
XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR=	${PORTNAME}
XDISTNAME=	DenyHosts-${PORTVERSION}
X
XMAINTAINER=	janos.mohacsi at bsd.hu
XCOMMENT=	Script to thwart ssh attacks
X
XUSE_REINPLACE=	yes
XUSE_PYTHON=	yes
XUSE_PYDISTUTILS=	yes
X
XDOC_FILES=	CHANGELOG.txt LICENSE.txt README.txt
X
Xpre-configure:
X	${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
X		${WRKSRC}/daemon-control-dist \
X		${WRKSRC}/denyhosts.cfg-dist \
X		${WRKSRC}/setup.py
X
Xpost-install:
X.ifndef(NOPORTDOCS)
X	@${MKDIR} ${DOCSDIR}
X.for file in ${DOC_FILES}
X	@${INSTALL_DATA} ${WRKSRC}/${file} ${DOCSDIR}
X.endfor
X.endif
X
X.include <bsd.port.mk>
END-of-denyhosts/Makefile
echo c - denyhosts/files
mkdir -p denyhosts/files > /dev/null 2>&1
echo x - denyhosts/files/patch-daemon-control-dist
sed 's/^X//' >denyhosts/files/patch-daemon-control-dist << 'END-of-denyhosts/files/patch-daemon-control-dist'
X
X$FreeBSD$
X
X--- daemon-control-dist.orig
X+++ daemon-control-dist
X@@ -11,9 +11,9 @@
X #### Edit these to suit your configuration ####
X ###############################################
X 
X-DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
X-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
X-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
X+DENYHOSTS_BIN   = "%%PREFIX%%/bin/denyhosts.py"
X+DENYHOSTS_LOCK  = "/var/run/denyhosts"
X+DENYHOSTS_CFG   = "%%PREFIX%%/share/denyhosts/denyhosts.cfg"
X 
X 
X ###############################################
END-of-denyhosts/files/patch-daemon-control-dist
echo x - denyhosts/files/patch-denyhosts.cfg-dist
sed 's/^X//' >denyhosts/files/patch-denyhosts.cfg-dist << 'END-of-denyhosts/files/patch-denyhosts.cfg-dist'
X
X$FreeBSD$
X
X--- denyhosts.cfg-dist.orig
X+++ denyhosts.cfg-dist
X@@ -9,10 +9,10 @@
X # argument
X #
X # Redhat:
X-SECURE_LOG = /var/log/secure
X+#SECURE_LOG = /var/log/secure
X #
X # Mandrake or FreeBSD: 
X-#SECURE_LOG = /var/log/auth.log
X+SECURE_LOG = /var/log/auth.log
X #
X # SuSE:
X #SECURE_LOG = /var/log/messages
X@@ -23,10 +23,10 @@
X # HOSTS_DENY: the file which contains restricted host access information
X #
X # Most operating systems:
X-HOSTS_DENY = /etc/hosts.deny
X+#HOSTS_DENY = /etc/hosts.deny
X #
X # Some BSD (FreeBSD) Unixes:
X-#HOSTS_DENY = /etc/hosts.allow
X+HOSTS_DENY = /etc/hosts.allow
X #
X # Another possibility (also see the next option):
X #HOSTS_DENY = /etc/hosts.evil
X@@ -157,10 +157,10 @@
X # running at a time.
X #
X # Redhat/Fedora:
X-LOCK_FILE = /var/lock/subsys/denyhosts
X+#LOCK_FILE = /var/lock/subsys/denyhosts
X #
X-# Debian
X-#LOCK_FILE = /var/run/denyhosts.pid
X+# Debian (and FreeBSD)
X+LOCK_FILE = /var/run/denyhosts.pid
X #
X # Misc
X #LOCK_FILE = /tmp/denyhosts.lock
END-of-denyhosts/files/patch-denyhosts.cfg-dist
echo x - denyhosts/files/patch-setup.py
sed 's/^X//' >denyhosts/files/patch-setup.py << 'END-of-denyhosts/files/patch-setup.py'
X
X$FreeBSD$
X
X--- setup.py.orig
X+++ setup.py
X@@ -7,7 +7,7 @@
X from glob import glob
X 
X 
X-libpath = "/usr/share/denyhosts"
X+libpath = "%%PREFIX%%/share/denyhosts"
X 
X #########################################################################
X 
X@@ -24,10 +24,7 @@
X       data_files=[(libpath, glob("denyhosts.cfg-dist")),
X                   (libpath, glob("denyhosts-daemon-initscript")),
X                   (libpath, glob("setup.py")),
X-                  (libpath, glob("daemon-control-dist")),
X-                  (libpath, glob("CHANGELOG.txt")),
X-                  (libpath, glob("README.txt")),
X-                  (libpath, glob("LICENSE.txt"))],
X+                  (libpath, glob("daemon-control-dist"))],
X       license="GPL",
X       ##extra_path='denyhosts',
X       long_description="""
END-of-denyhosts/files/patch-setup.py
exit
--- denyhosts-1.1.2.shar ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted: