diff options
author | agc <agc@pkgsrc.org> | 2000-02-07 16:20:19 +0000 |
---|---|---|
committer | agc <agc@pkgsrc.org> | 2000-02-07 16:20:19 +0000 |
commit | 84af64ad7d16de54704323f4b6959adaf2c390f6 (patch) | |
tree | 5e9dcebec05585eacd957b8c00a8693a7df65e22 /security/portsentry | |
parent | 298523f569a6a5f09bc0f4f7acb993139e747190 (diff) | |
download | pkgsrc-84af64ad7d16de54704323f4b6959adaf2c390f6.tar.gz |
Initial import of portsentry into the NetBSD packages collection.
PortSentry is a utility which detects and respond to port scans
against a target host in real-time.
Diffstat (limited to 'security/portsentry')
-rw-r--r-- | security/portsentry/Makefile | 27 | ||||
-rw-r--r-- | security/portsentry/files/md5 | 3 | ||||
-rw-r--r-- | security/portsentry/files/patch-sum | 5 | ||||
-rw-r--r-- | security/portsentry/patches/patch-aa | 20 | ||||
-rw-r--r-- | security/portsentry/patches/patch-ab | 32 | ||||
-rw-r--r-- | security/portsentry/patches/patch-ac | 53 | ||||
-rw-r--r-- | security/portsentry/pkg/COMMENT | 1 | ||||
-rw-r--r-- | security/portsentry/pkg/DESCR | 22 | ||||
-rw-r--r-- | security/portsentry/pkg/PLIST | 4 |
9 files changed, 167 insertions, 0 deletions
diff --git a/security/portsentry/Makefile b/security/portsentry/Makefile new file mode 100644 index 00000000000..5d23206be1b --- /dev/null +++ b/security/portsentry/Makefile @@ -0,0 +1,27 @@ +# $NetBSD: Makefile,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ +# + +DISTNAME= portsentry-1.0 +CATEGORIES= security +MASTER_SITES= http://www.psionic.com/tools/ + +MAINTAINER= packages@netbsd.org +HOMEPAGE= http://www.psionic.com/abacus/portsentry/ + +ALL_TARGET= ${LOWER_OPSYS} + +post-patch: + @cd ${WRKSRC}; \ + case ${OPSYS} in \ + NetBSD) netbsd=""; solaris="#" ;; \ + SunOS) netbsd="#"; solaris="" ;; \ + esac; \ + for f in portsentry.conf portsentry_config.h; do \ + ${MV} $$f $$f.prefix; \ + ${SED} -e 's|@PREFIX@|${PREFIX}|g' \ + -e 's|@netbsd@|'$$netbsd'|g' \ + -e 's|@solaris@|'$$solaris'|g' \ + $$f.prefix > $$f; \ + done + +.include "../../mk/bsd.pkg.mk" diff --git a/security/portsentry/files/md5 b/security/portsentry/files/md5 new file mode 100644 index 00000000000..c0148049341 --- /dev/null +++ b/security/portsentry/files/md5 @@ -0,0 +1,3 @@ +$NetBSD: md5,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ + +MD5 (portsentry-1.0.tar.gz) = d2d29e614f1604bd62a23e33d7a7564f diff --git a/security/portsentry/files/patch-sum b/security/portsentry/files/patch-sum new file mode 100644 index 00000000000..338f44372f5 --- /dev/null +++ b/security/portsentry/files/patch-sum @@ -0,0 +1,5 @@ +$NetBSD: patch-sum,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ + +MD5 (patch-aa) = 5fced6e890860d4a678f1b8d4bbdb330 +MD5 (patch-ab) = 2d723cf48a62f5702dca28e322bd0f08 +MD5 (patch-ac) = 1debce71c2761b402ad652624fea294e diff --git a/security/portsentry/patches/patch-aa b/security/portsentry/patches/patch-aa new file mode 100644 index 00000000000..a8c12d38334 --- /dev/null +++ b/security/portsentry/patches/patch-aa @@ -0,0 +1,20 @@ +$NetBSD: patch-aa,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ + +--- portsentry_config.h 1999/10/26 14:59:29 1.3 ++++ portsentry_config.h 2000/02/07 15:08:57 +@@ -31,10 +31,14 @@ + + /* These are probably ok. Be sure you change the Makefile if you */ + /* change the path */ +-#define CONFIG_FILE "/usr/local/psionic/portsentry/portsentry.conf" ++#define CONFIG_FILE "@PREFIX@/etc/portsentry.conf" + + /* The location of Wietse Venema's TCP Wrapper hosts.deny file */ ++#if defined(__svr4__) && defined(__sun__) ++#define WRAPPER_HOSTS_DENY "@PREFIX@/etc/hosts.deny" ++#else + #define WRAPPER_HOSTS_DENY "/etc/hosts.deny" ++#endif + + /* The default syslog is as daemon.notice. You can also use */ + /* any of the facilities from syslog.h to send messages to (LOCAL0, etc) */ diff --git a/security/portsentry/patches/patch-ab b/security/portsentry/patches/patch-ab new file mode 100644 index 00000000000..143c1cd63e6 --- /dev/null +++ b/security/portsentry/patches/patch-ab @@ -0,0 +1,32 @@ +$NetBSD: patch-ab,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ + +--- portsentry.conf 1999/11/09 02:45:42 1.13 ++++ portsentry.conf 2000/02/07 15:11:33 +@@ -80,11 +80,11 @@ + ###################### + # + # Hosts to ignore +-IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore" ++IGNORE_FILE="@PREFIX@/etc/portsentry.ignore" + # Hosts that have been denied (running history) +-HISTORY_FILE="/usr/local/psionic/portsentry/portsentry.history" ++HISTORY_FILE="@PREFIX@/etc/portsentry.history" + # Hosts that have been denied this session only (temporary until next restart) +-BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked" ++BLOCKED_FILE="@PREFIX@/etc/portsentry.blocked" + + ################### + # Response Options# +@@ -158,10 +158,10 @@ + #KILL_ROUTE="/sbin/route add -host $TARGET$ reject" + + # Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD) +-#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" ++@netbsd@KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" + + # Generic Sun +-#KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1" ++@solaris@KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1" + + # NEXTSTEP + #KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1" diff --git a/security/portsentry/patches/patch-ac b/security/portsentry/patches/patch-ac new file mode 100644 index 00000000000..008708a9d48 --- /dev/null +++ b/security/portsentry/patches/patch-ac @@ -0,0 +1,53 @@ +$NetBSD: patch-ac,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ + +--- Makefile 2000/02/07 15:16:12 1.1 ++++ Makefile 2000/02/07 15:17:47 +@@ -21,9 +21,9 @@ + # + # + # Generic compiler +-CC = cc ++# CC = cc + # GNU.. +-#CC = gcc ++CC = gcc + + # Normal systems flags + CFLAGS = -O -Wall +@@ -35,8 +35,8 @@ + #CFLAGS = -pg -O -Wall -DNODAEMON + #LIBS = /usr/lib/libefence.a + +-INSTALLDIR = /usr/local/psionic +-CHILDDIR=/portsentry ++INSTALLDIR = ${PREFIX} ++CHILDDIR=/etc + + all: + @echo "Usage: make <systype>" +@@ -67,21 +67,17 @@ + install: + @echo "Creating psionic directory $(INSTALLDIR)" + @if [ ! -d $(INSTALLDIR) ]; then /bin/mkdir $(INSTALLDIR); fi +- @echo "Setting directory permissions" +- chmod 700 $(INSTALLDIR) + @echo "Creating portsentry directory $(INSTALLDIR)$(CHILDDIR)" + @if [ ! -d $(INSTALLDIR)$(CHILDDIR) ]; then /bin/mkdir\ + $(INSTALLDIR)$(CHILDDIR); fi +- @echo "Setting directory permissions" +- chmod 700 $(INSTALLDIR)$(CHILDDIR) + @echo "Copying files" +- cp ./portsentry.conf $(INSTALLDIR)$(CHILDDIR) +- cp ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR) +- cp ./portsentry $(INSTALLDIR)$(CHILDDIR) ++ ${BSD_INSTALL_DATA} ./portsentry.conf $(INSTALLDIR)$(CHILDDIR) ++ ${BSD_INSTALL_DATA} ./portsentry.ignore $(INSTALLDIR)$(CHILDDIR) ++ ${BSD_INSTALL_PROGRAM} ./portsentry ${PREFIX}/sbin + @echo "Setting permissions" + chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.ignore + chmod 600 $(INSTALLDIR)$(CHILDDIR)/portsentry.conf +- chmod 700 $(INSTALLDIR)$(CHILDDIR)/portsentry ++ chmod 700 ${PREFIX}/sbin/portsentry + @echo "" + @echo "" + @echo "Edit $(INSTALLDIR)$(CHILDDIR)/portsentry.conf and change" diff --git a/security/portsentry/pkg/COMMENT b/security/portsentry/pkg/COMMENT new file mode 100644 index 00000000000..afd49f95f51 --- /dev/null +++ b/security/portsentry/pkg/COMMENT @@ -0,0 +1 @@ +detects and respond to port scans against a target host in real-time diff --git a/security/portsentry/pkg/DESCR b/security/portsentry/pkg/DESCR new file mode 100644 index 00000000000..26d99009009 --- /dev/null +++ b/security/portsentry/pkg/DESCR @@ -0,0 +1,22 @@ +PortSentry is designed to detect and respond to port scans against a +target host in real-time. Some of the more useful features include: + ++ Runs on TCP and UDP sockets to detect port scans against your +system. PortSentry is configurable to run on multiple sockets at the +same time so you only need to start one copy to cover dozens of +tripwired services. ++ PortSentry will react to a port scan attempt by blocking the host in +real-time. This is done through configured options of either dropping +the local route back to the attacker, using the Linux ipfwadm/ipchains +command, *BSD ipfw command, and/or dropping the attacker host IP into +a TCP Wrappers hosts.deny file automatically. ++ PortSentry has an internal state engine to remember hosts that +connected previously. This allows the setting of a trigger value to +prevent false alarms and detect "random" port probing. ++ PortSentry will report all violations to the local or remote syslog +daemons indicating the system name, time of attack, attacking host IP +and the TCP or UDP port a connection attempt was made to. When used +in conjunction with Logcheck it will provide an alert to +administrators through e-mail. ++ Once a scan is detected your system will turn into a blackhole and +disappear from the attacker. This feature stops most attacks cold. diff --git a/security/portsentry/pkg/PLIST b/security/portsentry/pkg/PLIST new file mode 100644 index 00000000000..b8bc8b58960 --- /dev/null +++ b/security/portsentry/pkg/PLIST @@ -0,0 +1,4 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2000/02/07 16:20:19 agc Exp $ +etc/portsentry.ignore +etc/portsentry.conf +sbin/portsentry |