Add sshblock, a tool to block abusive SSH login attempts.

5 files changed, 92 insertions, 0 deletions

diff --git a/security/sshblock/Makefile b/security/sshblock/Makefile
new file mode 100644
index 000000000000..4eb7be0d0c40
--- /dev/null
+++ b/security/sshblock/Makefile
@@ -0,0 +1,42 @@
+# New ports collection makefile for:	sshblock
+# Date created:				03 December 2006
+# Whom:					Anders Nordby <anders@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	sshblock
+PORTVERSION=	1.0
+CATEGORIES=	security
+MASTER_SITES=	http://www.bsdconsulting.no/tools/
+EXTRACT_SUFX=	.pl
+
+MAINTAINER=	anders@FreeBSD.org
+COMMENT=	Block abusive SSH login attempts
+
+RUN_DEPENDS=	${SITE_PERL}/File/Tail.pm:${PORTSDIR}/devel/p5-File-Tail
+
+NO_BUILD=	yes
+NO_WRKSUBDIR=	yes
+PLIST_FILES=	sbin/sshblock
+USE_PERL5=	yes
+USE_RC_SUBR=	sshblock
+SUB_LIST=	PERL=${PERL}
+EXTRACT_CMD=	${CP}
+EXTRACT_BEFORE_ARGS=
+EXTRACT_AFTER_ARGS=	${WRKDIR}
+SUB_FILES+=	pkg-message
+#SUB_FILES=	sshblock.sh
+
+do-patch:
+	@${REINPLACE_CMD} -e "s@/usr/bin/perl@${PERL}@" \
+		${WRKSRC}/sshblock-${PORTVERSION}.pl
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/sshblock-${PORTVERSION}.pl \
+		${PREFIX}/sbin/sshblock
+
+post-install:
+	${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/sshblock/distinfo b/security/sshblock/distinfo
new file mode 100644
index 000000000000..d754d53de5b0
--- /dev/null
+++ b/security/sshblock/distinfo
@@ -0,0 +1,3 @@
+MD5 (sshblock-1.0.pl) = 1e6f76d359d1dff528be96eaab66422b
+SHA256 (sshblock-1.0.pl) = 92a3be2ebc41456d5a69fea86f51f9e04ed199dd7a564148b1552441b6ee4667
+SIZE (sshblock-1.0.pl) = 6926
diff --git a/security/sshblock/files/pkg-message.in b/security/sshblock/files/pkg-message.in
new file mode 100644
index 000000000000..ad13d219486b
--- /dev/null
+++ b/security/sshblock/files/pkg-message.in
@@ -0,0 +1,16 @@
+===========================================================================
+
+To enable and use the sshblock daemon, use the following in /etc/rc.conf or
+/etc/rc.conf.local:
+
+sshblock_enable="YES"
+
+To set flags/options (optional), add:
+
+sshblock_flags="<flags>"
+
+See %%PREFIX%%/sbin/sshblock -h for possible command line options.
+
+Use %%PREFIX%%/etc/rc.d/sshblock to stop and start it.
+
+===========================================================================
diff --git a/security/sshblock/files/sshblock.in b/security/sshblock/files/sshblock.in
new file mode 100644
index 000000000000..13e3b184f1e1
--- /dev/null
+++ b/security/sshblock/files/sshblock.in
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+#
+# Add the following lines to /etc/rc.conf to enable sshblock:
+# sshblock_enable (bool):	Set to "NO" by default.
+#				Set it to "YES" to enable sshblock
+# sshblock_flags (string):	Set sshblock flags (optional)
+#
+
+. %%RC_SUBR%%
+
+name="sshblock"
+rcvar=`set_rcvar`
+
+command_interpreter=%%PERL%%
+command="%%PREFIX%%/sbin/sshblock"
+
+load_rc_config $name
+: ${sshblock_enable="NO"}
+: ${sshblock_flags=""}
+
+run_rc_command "$1"
diff --git a/security/sshblock/pkg-descr b/security/sshblock/pkg-descr
new file mode 100644
index 000000000000..791b7ffbafb7
--- /dev/null
+++ b/security/sshblock/pkg-descr
@@ -0,0 +1,6 @@
+SSHBlock is a daemon to monitor a syslog log for break-in attempts using
+SSH, and to automatically block bad hosts by adding lines to /etc/hosts.allow
+(TCP Wrappers). Several thresholds are pre-defined, to be able to block those
+trying many attempts within a longer or shorter period.
+
+WWW: http://www.bsdconsulting.no/tools/