- After last update, sshit keeps exiting with signal 15 due to wrong

hostname regexp. Fix the regexp for hostname matching. - While fixing that, fix IPv6 regexp, too. - Reduce syslog level from ERROR to INFO for most informational messages. These changes are submitted to author for inclusion in next version. - Grab maintainership as current maintainer does not use it anymore. - Bump PORTREVISION. Approved by: portmgr (linimon), maintainer via irc
author: Rong-En Fan <rafan@FreeBSD.org> 2007-11-07 07:27:10 +0000
committer: Rong-En Fan <rafan@FreeBSD.org> 2007-11-07 07:27:10 +0000
commit: 7a301384b6801728ed25e0d4714633434a53c95a (patch)
tree: be31643e60eb282c125fc1d96f0201b9f37b7f00 /security/sshit
parent: a199ac4a1a789d2134a04352b5d70f44054374e0 (diff)
download: ports-7a301384b6801728ed25e0d4714633434a53c95a.tar.gz
ports-7a301384b6801728ed25e0d4714633434a53c95a.zip
2 files changed, 62 insertions, 5 deletions
diff --git a/security/sshit/Makefile b/security/sshit/Makefile
index c52f2c8c61da..1f87f2c99403 100644
--- a/security/sshit/Makefile
+++ b/security/sshit/Makefile
@@ -7,12 +7,12 @@
 
 PORTNAME=	sshit
 PORTVERSION=	0.6
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	http://anp.ath.cx/sshit/ \
 		${MASTER_SITE_LOCAL}
 
-MAINTAINER=	jnlin@csie.nctu.edu.tw
+MAINTAINER=	rafan@FreeBSD.org
 COMMENT=	Checks for SSH/FTP bruteforce and blocks given IPs
 
 RUN_DEPENDS=	${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \
diff --git a/security/sshit/files/patch-sshit.diff b/security/sshit/files/patch-sshit.diff
index 9d2103cea34e..8f4d7950dea8 100644
--- a/security/sshit/files/patch-sshit.diff
+++ b/security/sshit/files/patch-sshit.diff
@@ -1,11 +1,68 @@
---- sshit.orig	Sun Aug  5 10:56:39 2007
-+++ sshit	Sun Aug  5 10:59:03 2007
+--- sshit.orig	2007-11-07 13:56:13.000000000 +0800
++++ sshit	2007-11-07 13:56:16.000000000 +0800
+@@ -283,7 +283,7 @@
+ 				if ($list{$ip}{n} < $MAX_COUNT) {
+ 					# delete all ip's that hasn't reached $MAX_COUNT within time
+ 					if (time() - $list{$ip}{time} > $WITHIN_TIME) {
+-						syslog(LOG_ERR, "janitor deleted $ip (did not reach $MAX_COUNT attempts within $WITHIN_TIME seconds)\n");
++						syslog(LOG_INFO, "janitor deleted $ip (did not reach $MAX_COUNT attempts within $WITHIN_TIME seconds)\n");
+ 						delete($list{$ip});
+ 					}
+ 				} else {
+@@ -297,7 +297,7 @@
+ 					        } elsif ($FIREWALL_TYPE =~ /^pf$/i) {
+ 						  	system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip");
+ 						}
+-						syslog(LOG_ERR, "janitor removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n");
++						syslog(LOG_INFO, "janitor removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n");
+ 						delete($list{$ip});
+ 					}
+ 				}
 @@ -317,7 +317,7 @@
  
  while (<>) {
  	chomp;
 -	if (/(failed|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|[\da-fA-F:]+)/i ) { # IPv4 & IPv6
-+	if (/(failed|error|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|([a-z-]+\.)+[a-z]{2,4}|[\da-fA-F:]+)/i ) { # IPv4 & IPv6
++	if (/(failed|error|Invalid user) .*from (\d+\.\d+\.\d+\.\d+|[\da-f:]*:[\da-f:]+|([\da-z-]+\.)+[a-z]{2,4})/i ) { # IPv4 & IPv6
  		$ip = $2;
  		if ($list{$ip}{name}) {
  			if ($list{$ip}{n} >= $MAX_COUNT) {
+@@ -339,17 +339,17 @@
+ 						# Assign a rule number and do the actual block
+ 						$list{$ip}{rulenr} = $ipfw_rulenr;
+ 						system("$IPFW_CMD add $ipfw_rulenr deny tcp from $ip to me 21,22 > /dev/null");
+-						syslog(LOG_ERR, "BLOCKING $ip, rule $ipfw_rulenr\n");
++						syslog(LOG_INFO, "BLOCKING $ip, rule $ipfw_rulenr\n");
+ 						$ipfw_rulenr++;
+ 						if ($ipfw_rulenr > $IPFW_RULE_END) { $ipfw_rulenr = $IPFW_RULE_START; }
+ 
+ 					} elsif ($FIREWALL_TYPE =~ /^ipfw2$/i) {
+ 					  	system("$IPFW2_CMD table $IPFW2_TABLE_NO add $ip");
+-						syslog(LOG_ERR, "BLOCKING $ip with ipfw2\n");
++						syslog(LOG_INFO, "BLOCKING $ip with ipfw2\n");
+ 
+ 					} elsif ($FIREWALL_TYPE =~ /^pf$/i) {
+ 					  	system("$PFCTL_CMD -t $PF_TABLE -Tadd $ip");
+-						syslog(LOG_ERR, "BLOCKING $ip with pf\n");
++						syslog(LOG_INFO, "BLOCKING $ip with pf\n");
+ 					}
+ 				}
+ 			}
+@@ -364,7 +364,7 @@
+ 	}
+ }
+ 
+-syslog(LOG_ERR, "fd closed. clean up");
++syslog(LOG_INFO, "fd closed. clean up");
+ foreach $ip (keys %list) {
+ 	if($FIREWALL_TYPE =~ /^ipfw$/i)
+ 	{
+@@ -374,7 +374,7 @@
+ 	} elsif ($FIREWALL_TYPE =~ /^pf$/i) {
+ 		system("$PFCTL_CMD -t $PF_TABLE -Tdelete $ip");
+ 	}
+-	syslog(LOG_ERR, "main removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n");
++	syslog(LOG_INFO, "main removed block rule $list{$ip}{rulenr} for $ip (reset time of $RESET_IP seconds reached)\n");
+ 	delete($list{$ip});
+ }
+
author	Rong-En Fan <rafan@FreeBSD.org>	2007-11-07 07:27:10 +0000
committer	Rong-En Fan <rafan@FreeBSD.org>	2007-11-07 07:27:10 +0000
commit	7a301384b6801728ed25e0d4714633434a53c95a (patch)
tree	be31643e60eb282c125fc1d96f0201b9f37b7f00 /security/sshit
parent	a199ac4a1a789d2134a04352b5d70f44054374e0 (diff)
download	ports-7a301384b6801728ed25e0d4714633434a53c95a.tar.gz ports-7a301384b6801728ed25e0d4714633434a53c95a.zip