Initial import of portsentry into the NetBSD packages collection.

PortSentry is a utility which detects and respond to port scans
against a target host in real-time.

9 files changed, 167 insertions, 0 deletions

diff --git a/security/portsentry/Makefile b/security/portsentry/Makefile
new file mode 100644
index 00000000000..5d23206be1b
--- /dev/null
+++ b/security/portsentry/Makefile
@@ -0,0 +1,27 @@
+# $NetBSD: Makefile,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+#
+
+DISTNAME=       portsentry-1.0
+CATEGORIES=	security
+MASTER_SITES=   http://www.psionic.com/tools/
+
+MAINTAINER=	packages@netbsd.org
+HOMEPAGE=	http://www.psionic.com/abacus/portsentry/
+
+ALL_TARGET=	${LOWER_OPSYS}
+
+post-patch:
+	@cd ${WRKSRC};							\
+	case ${OPSYS} in						\
+	NetBSD)	netbsd=""; solaris="#" ;;				\
+	SunOS)	netbsd="#"; solaris="" ;;				\
+	esac;								\
+	for f in portsentry.conf portsentry_config.h; do		\
+		${MV} $$f $$f.prefix;					\
+		${SED} -e 's|@PREFIX@|${PREFIX}|g' 			\
+			-e 's|@netbsd@|'$$netbsd'|g'			\
+			-e 's|@solaris@|'$$solaris'|g'			\
+						$$f.prefix > $$f;	\
+	done
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/portsentry/files/md5 b/security/portsentry/files/md5
new file mode 100644
index 00000000000..c0148049341
--- /dev/null
+++ b/security/portsentry/files/md5
@@ -0,0 +1,3 @@
+$NetBSD: md5,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+MD5 (portsentry-1.0.tar.gz) = d2d29e614f1604bd62a23e33d7a7564f
diff --git a/security/portsentry/files/patch-sum b/security/portsentry/files/patch-sum
new file mode 100644
index 00000000000..338f44372f5
--- /dev/null
+++ b/security/portsentry/files/patch-sum
@@ -0,0 +1,5 @@
+$NetBSD: patch-sum,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+MD5 (patch-aa) = 5fced6e890860d4a678f1b8d4bbdb330
+MD5 (patch-ab) = 2d723cf48a62f5702dca28e322bd0f08
+MD5 (patch-ac) = 1debce71c2761b402ad652624fea294e
diff --git a/security/portsentry/patches/patch-aa b/security/portsentry/patches/patch-aa
new file mode 100644
index 00000000000..a8c12d38334
--- /dev/null
+++ b/security/portsentry/patches/patch-aa
@@ -0,0 +1,20 @@
+$NetBSD: patch-aa,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- portsentry_config.h	1999/10/26 14:59:29	1.3
++++ portsentry_config.h	2000/02/07 15:08:57
+@@ -31,10 +31,14 @@
+ 
+ /* These are probably ok. Be sure you change the Makefile if you */
+ /* change the path */
+-#define CONFIG_FILE "/usr/local/psionic/portsentry/portsentry.conf"
++#define CONFIG_FILE "@PREFIX@/etc/portsentry.conf"
+ 
+ /* The location of Wietse Venema's TCP Wrapper hosts.deny file */
++#if defined(__svr4__) && defined(__sun__)
++#define WRAPPER_HOSTS_DENY "@PREFIX@/etc/hosts.deny"
++#else
+ #define WRAPPER_HOSTS_DENY "/etc/hosts.deny"
++#endif
+ 
+ /* The default syslog is as daemon.notice. You can also use */
+ /* any of the facilities from syslog.h to send messages to (LOCAL0, etc) */
diff --git a/security/portsentry/patches/patch-ab b/security/portsentry/patches/patch-ab
new file mode 100644
index 00000000000..143c1cd63e6
--- /dev/null
+++ b/security/portsentry/patches/patch-ab
@@ -0,0 +1,32 @@
+$NetBSD: patch-ab,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- portsentry.conf	1999/11/09 02:45:42	1.13
++++ portsentry.conf	2000/02/07 15:11:33
+@@ -80,11 +80,11 @@
+ ######################
+ #
+ # Hosts to ignore
+-IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
++IGNORE_FILE="@PREFIX@/etc/portsentry.ignore"
+ # Hosts that have been denied (running history)
+-HISTORY_FILE="/usr/local/psionic/portsentry/portsentry.history"
++HISTORY_FILE="@PREFIX@/etc/portsentry.history"
+ # Hosts that have been denied this session only (temporary until next restart)
+-BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
++BLOCKED_FILE="@PREFIX@/etc/portsentry.blocked"
+ 
+ ###################
+ # Response Options#
+@@ -158,10 +158,10 @@
+ #KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
+ 
+ # Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD)
+-#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
++@netbsd@KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
+ 
+ # Generic Sun 
+-#KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1"
++@solaris@KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1"
+ 
+ # NEXTSTEP
+ #KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1"
diff --git a/security/portsentry/patches/patch-ac b/security/portsentry/patches/patch-ac
new file mode 100644
index 00000000000..008708a9d48
--- /dev/null
+++ b/security/portsentry/patches/patch-ac
@@ -0,0 +1,53 @@
+$NetBSD: patch-ac,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+
+--- Makefile	2000/02/07 15:16:12	1.1
++++ Makefile	2000/02/07 15:17:47
+@@ -21,9 +21,9 @@
+ #
+ #
+ # Generic compiler
+-CC = cc
++# CC = cc
+ # GNU..
+-#CC = gcc 
++CC = gcc 
+ 
+ # Normal systems flags
+ CFLAGS = -O -Wall
+@@ -35,8 +35,8 @@
+ #CFLAGS = -pg -O -Wall -DNODAEMON
+ #LIBS = /usr/lib/libefence.a
+ 
+-INSTALLDIR = /usr/local/psionic
+-CHILDDIR=/portsentry
++INSTALLDIR = ${PREFIX}
++CHILDDIR=/etc
+ 
+ all:
+ 		@echo "Usage: make <systype>"
+@@ -67,21 +67,17 @@
+ install:	
+ 		@echo "Creating psionic directory $(INSTALLDIR)"
+ 		@if [ ! -d $(INSTALLDIR) ]; then /bin/mkdir $(INSTALLDIR); fi
+-		@echo "Setting directory permissions"
+-		chmod 700 $(INSTALLDIR)
+ 		@echo "Creating portsentry directory $(INSTALLDIR)$(CHILDDIR)"
+ 		@if [ ! -d $(INSTALLDIR)$(CHILDDIR) ]; then /bin/mkdir\
+ 			$(INSTALLDIR)$(CHILDDIR); fi
+-		@echo "Setting directory permissions"
+-		chmod 700 $(INSTALLDIR)$(CHILDDIR)
+ 		@echo "Copying files"
+-		cp ./portsentry.conf $(INSTALLDIR)$(CHILDDIR)
+-		cp ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR)
+-		cp ./portsentry $(INSTALLDIR)$(CHILDDIR)
++		${BSD_INSTALL_DATA} ./portsentry.conf $(INSTALLDIR)$(CHILDDIR)
++		${BSD_INSTALL_DATA} ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR)
++		${BSD_INSTALL_PROGRAM} ./portsentry ${PREFIX}/sbin
+ 		@echo "Setting permissions"
+ 		chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.ignore
+ 		chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.conf
+-		chmod 700 $(INSTALLDIR)$(CHILDDIR)/portsentry
++		chmod 700 ${PREFIX}/sbin/portsentry
+ 		@echo ""
+ 		@echo ""
+ 		@echo "Edit $(INSTALLDIR)$(CHILDDIR)/portsentry.conf and change"
diff --git a/security/portsentry/pkg/COMMENT b/security/portsentry/pkg/COMMENT
new file mode 100644
index 00000000000..afd49f95f51
--- /dev/null
+++ b/security/portsentry/pkg/COMMENT
@@ -0,0 +1 @@
+detects and respond to port scans against a target host in real-time
diff --git a/security/portsentry/pkg/DESCR b/security/portsentry/pkg/DESCR
new file mode 100644
index 00000000000..26d99009009
--- /dev/null
+++ b/security/portsentry/pkg/DESCR
@@ -0,0 +1,22 @@
+PortSentry is designed to detect and respond to port scans against a
+target host in real-time.  Some of the more useful features include: 
+
++ Runs on TCP and UDP sockets to detect port scans against your
+system.  PortSentry is configurable to run on multiple sockets at the
+same time so you only need to start one copy to cover dozens of
+tripwired services. 
++ PortSentry will react to a port scan attempt by blocking the host in
+real-time.  This is done through configured options of either dropping
+the local route back to the attacker, using the Linux ipfwadm/ipchains
+command, *BSD ipfw command, and/or dropping the attacker host IP into
+a TCP Wrappers hosts.deny file automatically. 
++ PortSentry has an internal state engine to remember hosts that
+connected previously.  This allows the setting of a trigger value to
+prevent false alarms and detect "random" port probing. 
++ PortSentry will report all violations to the local or remote syslog
+daemons indicating the system name, time of attack, attacking host IP
+and the TCP or UDP port a connection attempt was made to.  When used
+in conjunction with Logcheck it will provide an alert to
+administrators through e-mail. 
++ Once a scan is detected your system will turn into a blackhole and
+disappear from the attacker.  This feature stops most attacks cold. 
diff --git a/security/portsentry/pkg/PLIST b/security/portsentry/pkg/PLIST
new file mode 100644
index 00000000000..b8bc8b58960
--- /dev/null
+++ b/security/portsentry/pkg/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $
+etc/portsentry.ignore
+etc/portsentry.conf
+sbin/portsentry