summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoragc <agc@pkgsrc.org>2000-02-07 16:20:19 +0000
committeragc <agc@pkgsrc.org>2000-02-07 16:20:19 +0000
commit84af64ad7d16de54704323f4b6959adaf2c390f6 (patch)
tree5e9dcebec05585eacd957b8c00a8693a7df65e22
parent298523f569a6a5f09bc0f4f7acb993139e747190 (diff)
downloadpkgsrc-84af64ad7d16de54704323f4b6959adaf2c390f6.tar.gz
Initial import of portsentry into the NetBSD packages collection.
PortSentry is a utility which detects and respond to port scans against a target host in real-time.
-rw-r--r--security/portsentry/Makefile27
-rw-r--r--security/portsentry/files/md53
-rw-r--r--security/portsentry/files/patch-sum5
-rw-r--r--security/portsentry/patches/patch-aa20
-rw-r--r--security/portsentry/patches/patch-ab32
-rw-r--r--security/portsentry/patches/patch-ac53
-rw-r--r--security/portsentry/pkg/COMMENT1
-rw-r--r--security/portsentry/pkg/DESCR22
-rw-r--r--security/portsentry/pkg/PLIST4
9 files changed, 167 insertions, 0 deletions
diff --git a/security/portsentry/Makefile b/security/portsentry/Makefile
new file mode 100644
index 00000000000..5d23206be1b
--- /dev/null
+++ b/security/portsentry/Makefile
@@ -0,0 +1,27 @@
+# $NetBSD: Makefile,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+#
+
+DISTNAME= portsentry-1.0
+CATEGORIES= security
+MASTER_SITES= http://www.psionic.com/tools/
+
+MAINTAINER= packages@netbsd.org
+HOMEPAGE= http://www.psionic.com/abacus/portsentry/
+
+ALL_TARGET= ${LOWER_OPSYS}
+
+post-patch:
+ @cd ${WRKSRC}; \
+ case ${OPSYS} in \
+ NetBSD) netbsd=""; solaris="#" ;; \
+ SunOS) netbsd="#"; solaris="" ;; \
+ esac; \
+ for f in portsentry.conf portsentry_config.h; do \
+ ${MV} $$f $$f.prefix; \
+ ${SED} -e 's|@PREFIX@|${PREFIX}|g' \
+ -e 's|@netbsd@|'$$netbsd'|g' \
+ -e 's|@solaris@|'$$solaris'|g' \
+ $$f.prefix > $$f; \
+ done
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/portsentry/files/md5 b/security/portsentry/files/md5
new file mode 100644
index 00000000000..c0148049341
--- /dev/null
+++ b/security/portsentry/files/md5
@@ -0,0 +1,3 @@
+$NetBSD: md5,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+MD5 (portsentry-1.0.tar.gz) = d2d29e614f1604bd62a23e33d7a7564f
diff --git a/security/portsentry/files/patch-sum b/security/portsentry/files/patch-sum
new file mode 100644
index 00000000000..338f44372f5
--- /dev/null
+++ b/security/portsentry/files/patch-sum
@@ -0,0 +1,5 @@
+$NetBSD: patch-sum,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+MD5 (patch-aa) = 5fced6e890860d4a678f1b8d4bbdb330
+MD5 (patch-ab) = 2d723cf48a62f5702dca28e322bd0f08
+MD5 (patch-ac) = 1debce71c2761b402ad652624fea294e
diff --git a/security/portsentry/patches/patch-aa b/security/portsentry/patches/patch-aa
new file mode 100644
index 00000000000..a8c12d38334
--- /dev/null
+++ b/security/portsentry/patches/patch-aa
@@ -0,0 +1,20 @@
+$NetBSD: patch-aa,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- portsentry_config.h 1999/10/26 14:59:29 1.3
++++ portsentry_config.h 2000/02/07 15:08:57
+@@ -31,10 +31,14 @@
+
+ /* These are probably ok. Be sure you change the Makefile if you */
+ /* change the path */
+-#define CONFIG_FILE "/usr/local/psionic/portsentry/portsentry.conf"
++#define CONFIG_FILE "@PREFIX@/etc/portsentry.conf"
+
+ /* The location of Wietse Venema's TCP Wrapper hosts.deny file */
++#if defined(__svr4__) && defined(__sun__)
++#define WRAPPER_HOSTS_DENY "@PREFIX@/etc/hosts.deny"
++#else
+ #define WRAPPER_HOSTS_DENY "/etc/hosts.deny"
++#endif
+
+ /* The default syslog is as daemon.notice. You can also use */
+ /* any of the facilities from syslog.h to send messages to (LOCAL0, etc) */
diff --git a/security/portsentry/patches/patch-ab b/security/portsentry/patches/patch-ab
new file mode 100644
index 00000000000..143c1cd63e6
--- /dev/null
+++ b/security/portsentry/patches/patch-ab
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- portsentry.conf 1999/11/09 02:45:42 1.13
++++ portsentry.conf 2000/02/07 15:11:33
+@@ -80,11 +80,11 @@
+ ######################
+ #
+ # Hosts to ignore
+-IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
++IGNORE_FILE="@PREFIX@/etc/portsentry.ignore"
+ # Hosts that have been denied (running history)
+-HISTORY_FILE="/usr/local/psionic/portsentry/portsentry.history"
++HISTORY_FILE="@PREFIX@/etc/portsentry.history"
+ # Hosts that have been denied this session only (temporary until next restart)
+-BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
++BLOCKED_FILE="@PREFIX@/etc/portsentry.blocked"
+
+ ###################
+ # Response Options#
+@@ -158,10 +158,10 @@
+ #KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
+
+ # Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD)
+-#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
++@netbsd@KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
+
+ # Generic Sun
+-#KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1"
++@solaris@KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1"
+
+ # NEXTSTEP
+ #KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1"
diff --git a/security/portsentry/patches/patch-ac b/security/portsentry/patches/patch-ac
new file mode 100644
index 00000000000..008708a9d48
--- /dev/null
+++ b/security/portsentry/patches/patch-ac
@@ -0,0 +1,53 @@
+$NetBSD: patch-ac,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- Makefile 2000/02/07 15:16:12 1.1
++++ Makefile 2000/02/07 15:17:47
+@@ -21,9 +21,9 @@
+ #
+ #
+ # Generic compiler
+-CC = cc
++# CC = cc
+ # GNU..
+-#CC = gcc
++CC = gcc
+
+ # Normal systems flags
+ CFLAGS = -O -Wall
+@@ -35,8 +35,8 @@
+ #CFLAGS = -pg -O -Wall -DNODAEMON
+ #LIBS = /usr/lib/libefence.a
+
+-INSTALLDIR = /usr/local/psionic
+-CHILDDIR=/portsentry
++INSTALLDIR = ${PREFIX}
++CHILDDIR=/etc
+
+ all:
+ @echo "Usage: make <systype>"
+@@ -67,21 +67,17 @@
+ install:
+ @echo "Creating psionic directory $(INSTALLDIR)"
+ @if [ ! -d $(INSTALLDIR) ]; then /bin/mkdir $(INSTALLDIR); fi
+- @echo "Setting directory permissions"
+- chmod 700 $(INSTALLDIR)
+ @echo "Creating portsentry directory $(INSTALLDIR)$(CHILDDIR)"
+ @if [ ! -d $(INSTALLDIR)$(CHILDDIR) ]; then /bin/mkdir\
+ $(INSTALLDIR)$(CHILDDIR); fi
+- @echo "Setting directory permissions"
+- chmod 700 $(INSTALLDIR)$(CHILDDIR)
+ @echo "Copying files"
+- cp ./portsentry.conf $(INSTALLDIR)$(CHILDDIR)
+- cp ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR)
+- cp ./portsentry $(INSTALLDIR)$(CHILDDIR)
++ ${BSD_INSTALL_DATA} ./portsentry.conf $(INSTALLDIR)$(CHILDDIR)
++ ${BSD_INSTALL_DATA} ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR)
++ ${BSD_INSTALL_PROGRAM} ./portsentry ${PREFIX}/sbin
+ @echo "Setting permissions"
+ chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.ignore
+ chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.conf
+- chmod 700 $(INSTALLDIR)$(CHILDDIR)/portsentry
++ chmod 700 ${PREFIX}/sbin/portsentry
+ @echo ""
+ @echo ""
+ @echo "Edit $(INSTALLDIR)$(CHILDDIR)/portsentry.conf and change"
diff --git a/security/portsentry/pkg/COMMENT b/security/portsentry/pkg/COMMENT
new file mode 100644
index 00000000000..afd49f95f51
--- /dev/null
+++ b/security/portsentry/pkg/COMMENT
@@ -0,0 +1 @@
+detects and respond to port scans against a target host in real-time
diff --git a/security/portsentry/pkg/DESCR b/security/portsentry/pkg/DESCR
new file mode 100644
index 00000000000..26d99009009
--- /dev/null
+++ b/security/portsentry/pkg/DESCR
@@ -0,0 +1,22 @@
+PortSentry is designed to detect and respond to port scans against a
+target host in real-time. Some of the more useful features include:
+
++ Runs on TCP and UDP sockets to detect port scans against your
+system. PortSentry is configurable to run on multiple sockets at the
+same time so you only need to start one copy to cover dozens of
+tripwired services.
++ PortSentry will react to a port scan attempt by blocking the host in
+real-time. This is done through configured options of either dropping
+the local route back to the attacker, using the Linux ipfwadm/ipchains
+command, *BSD ipfw command, and/or dropping the attacker host IP into
+a TCP Wrappers hosts.deny file automatically.
++ PortSentry has an internal state engine to remember hosts that
+connected previously. This allows the setting of a trigger value to
+prevent false alarms and detect "random" port probing.
++ PortSentry will report all violations to the local or remote syslog
+daemons indicating the system name, time of attack, attacking host IP
+and the TCP or UDP port a connection attempt was made to. When used
+in conjunction with Logcheck it will provide an alert to
+administrators through e-mail.
++ Once a scan is detected your system will turn into a blackhole and
+disappear from the attacker. This feature stops most attacks cold.
diff --git a/security/portsentry/pkg/PLIST b/security/portsentry/pkg/PLIST
new file mode 100644
index 00000000000..b8bc8b58960
--- /dev/null
+++ b/security/portsentry/pkg/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+etc/portsentry.ignore
+etc/portsentry.conf
+sbin/portsentry