Update of /cvsroot/leaf/src/bering-uclibc/apps/portsentry
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19167
Added Files:
buildtool.cfg buildtool.mk portsentry.conf portsentry.default
portsentry.ignore portsentry.init portsentry.mk
portsentry_1.2-4.diff.gz portsentry_1.2.orig.tar.gz
Log Message:
add buildtool setup for portsentry
--- NEW FILE: portsentry.mk ---
#!/usr/bin/make -f
# MAde with the aid of dh_make, by Craig Small
# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
# Some lines taken from debmake, by Cristoph Lameter.
# modified for portsentry by Guido Guenther
#
# $Id: portsentry.mk,v 1.1 2004/12/19 21:04:49 espakman Exp $
CFLAGS=-Wall -g
CFLAGS += -O2
build: build-stamp
build-stamp:
# Add here commands to compile the package.
$(MAKE) CFLAGS="$(CFLAGS)" -f Makefile debian-linux
touch build-stamp
clean:
rm -f build-stamp
# Add here commands to clean up after the build process.
-$(MAKE) -f Makefile clean
.PHONY: build clean
--- NEW FILE: portsentry_1.2-4.diff.gz ---
(This appears to be a binary file; contents omitted.)
--- NEW FILE: buildtool.mk ---
# makefile for portsentry
include $(MASTERMAKEFILE)
PORTSENTRY_DIR:=portsentry_beta
PORTSENTRY_TARGET_DIR:=$(BT_BUILD_DIR)/portsentry
$(PORTSENTRY_DIR)/.source:
zcat $(PORTSENTRY_SOURCE) | tar -xvf -
zcat $(PORTSENTRY_PATCH) | patch -d $(PORTSENTRY_DIR) -p1
touch $(PORTSENTRY_DIR)/.source
source: $(PORTSENTRY_DIR)/.source
$(PORTSENTRY_DIR)/.build: $(PORTSENTRY_DIR)/.source
mkdir -p $(PORTSENTRY_TARGET_DIR)
mkdir -p $(PORTSENTRY_TARGET_DIR)/usr/sbin
mkdir -p $(PORTSENTRY_TARGET_DIR)/etc/portsentry
mkdir -p $(PORTSENTRY_TARGET_DIR)/etc/default
mkdir -p $(PORTSENTRY_TARGET_DIR)/etc/init.d
make CC=$(TARGET_CC) CFLAGS="$(BT_COPT_FLAGS) -Wall -g" -f Makefile
debian-linux -C $(PORTSENTRY_DIR)
-$(BT_STRIP) -s --remove-section=.note --remove-section=.comment
$(PORTSENTRY_DIR)/portsentry
cp -a $(PORTSENTRY_DIR)/portsentry $(PORTSENTRY_TARGET_DIR)/usr/sbin
cp -a portsentry.conf $(PORTSENTRY_TARGET_DIR)/etc/portsentry
cp -a portsentry.ignore $(PORTSENTRY_TARGET_DIR)/etc/portsentry
cp -a portsentry.default $(PORTSENTRY_TARGET_DIR)/etc/default/portsentry
cp -a portsentry.init $(PORTSENTRY_TARGET_DIR)/etc/init.d/portsentry
cp -a $(PORTSENTRY_TARGET_DIR)/* $(BT_STAGING_DIR)
touch $(PORTSENTRY_DIR)/.build
build: $(PORTSENTRY_DIR)/.build
clean:
make -C $(PORTSENTRY_DIR) -f Makefile clean
rm -rf $(PORTSENTRY_TARGET_DIR)
rm -f $(PORTSENTRY_DIR)/.build
srcclean: clean
rm -rf $(PORTSENTRY_DIR)
rm -f $(PORTSENTRY_DIR)/.source
--- NEW FILE: buildtool.cfg ---
<File buildtool.mk>
Server = cvs-sourceforge
Revision = HEAD
Directory = portsentry
</File>
<File portsentry_1.2.orig.tar.gz>
Server = cvs-sourceforge
Revision = HEAD
envname = PORTSENTRY_SOURCE
Directory = portsentry
</File>
<File portsentry_1.2-4.diff.gz>
Server = cvs-sourceforge
Revision = HEAD
envname = PORTSENTRY_PATCH
Directory = portsentry
</File>
<Package>
<psentry>
Version = 1.2-4
Revision = 1
Help <<EOF
Portsentry port scan detection and active defense
Homepage: http://sourceforge.net/projects/sentrytools/
LEAF package by __PACKAGER__, __BUILDDATE__
The blocking of hosts is disabled by default. Change BLOCK_UDP
& BLOCK_TCP
in portsentry.conf to enable blocking.
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = usr/sbin/portsentry
Source = usr/sbin/portsentry
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/portsentry/portsentry.conf
Source = etc/portsentry/portsentry.conf
Description = portsentry config file
Type = conf
Type = binary
Permissions = 644
</File>
<File>
Filename =
etc/portsentry/portsentry.ignore
Source =
etc/portsentry/portsentry.ignore
Description = define hosts you don't want
to block
Type = conf
Type = binary
Permissions = 644
</File>
<File>
Filename = etc/default/portsentry
Source = etc/default/portsentry
Description = portsentry system config
Type = conf
Type = binary
Permissions = 644
</File>
<File>
Filename = etc/init.d/portsentry
Source = etc/init.d/portsentry
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/portsentry
Type = list
</File>
<File>
Filename = /var/lib/portsentry
Type = directory
</File>
<File>
Filename = /var/lib/portsentry
Type = list
</File>
<File>
Filename = /var/lib/portsentry/*
Type = exclude
</File>
</Contents>
</psentry>
</Package>
--- NEW FILE: portsentry.ignore ---
# /etc/portsentry/portsentry.ignore
#
# Put hosts in here you never want blocked. This includes the IP addresses
# of all local interfaces on the protected host (i.e virtual host, multi-home)
# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games.
#
# PortSentry can support full netmasks for networks as well. Format is:
#
# <IP Address>/<Netmask>
#
# Example:
#
# 192.168.2.0/24
# 192.168.0.0/16
# 192.168.2.1/32
# Etc.
#
# If you don't supply a netmask it is assumed to be 32 bits.
#
#
127.0.0.1/32
0.0.0.0
192.168.1.0/24
--- NEW FILE: portsentry_1.2.orig.tar.gz ---
(This appears to be a binary file; contents omitted.)
--- NEW FILE: portsentry.conf ---
# PortSentry Configuration
#
# $Id: portsentry.conf,v 1.1 2004/12/19 21:04:49 espakman Exp $
#
# Original portsentry.conf by Craig H. Rowland <[EMAIL PROTECTED]>
# modified for Debian by Guido Guenther <[EMAIL PROTECTED]>
#
# IMPORTANT NOTE: You CAN NOT put spaces between your port arguments.
#
# The default ports will catch a large number of common probes
#
# All entries must be in quotes.
#######################
# Port Configurations #
#######################
#
#
# Some example port configs for classic and basic Stealth modes
#
# I like to always keep some ports at the "low" end of the spectrum.
# This will detect a sequential port sweep really quickly and usually
# these ports are not in use (i.e. tcpmux port 1)
#
# ** X-Windows Users **: If you are running X on your box, you need to be sure
# you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows
users).
# Doing so will prevent the X-client from starting properly.
#
# These port bindings are *ignored* for Advanced Stealth Scan Detection Mode.
#
# Un-comment these if you are really anal:
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
#
# Use these if you just want to be aware:
TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320"
UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321"
#
# Use these for just bare-bones
#TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320"
#UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321"
###########################################
# Advanced Stealth Scan Detection Options #
###########################################
#
# This is the number of ports you want PortSentry to monitor in Advanced mode.
# Any port *below* this number will be monitored. Right now it watches
# everything below 1024.
#
# On many Linux systems you cannot bind above port 61000. This is because
# these ports are used as part of IP masquerading. I don't recommend you
# bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR
# OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've
been
# warned! Don't write me if you have have a problem because I'll only tell
# you to RTFM and don't run above the first 1024 ports.
#
#
ADVANCED_PORTS_TCP="1024"
ADVANCED_PORTS_UDP="1024"
#
# This field tells PortSentry what ports (besides listening daemons) to
# ignore. This is helpful for services like ident that services such
# as FTP, SMTP, and wrappers look for but you may not run (and probably
# *shouldn't* IMHO).
#
# By specifying ports here PortSentry will simply not respond to
# incoming requests, in effect PortSentry treats them as if they are
# actual bound daemons. The default ports are ones reported as
# problematic false alarms and should probably be left alone for
# all but the most isolated systems/networks.
#
# Default TCP ident and NetBIOS service
ADVANCED_EXCLUDE_TCP="113,139"
# Default UDP route (RIP), NetBIOS, bootp broadcasts.
ADVANCED_EXCLUDE_UDP="520,138,137,67"
######################
# Configuration Files#
######################
#
# Hosts to ignore
IGNORE_FILE="/etc/portsentry/portsentry.ignore"
# Hosts that have been denied (running history)
HISTORY_FILE="/var/lib/portsentry/portsentry.history"
# Hosts that have been denied this session only (temporary until next restart)
BLOCKED_FILE="/var/lib/portsentry/portsentry.blocked"
##############################
# Misc. Configuration Options#
##############################
#
# DNS Name resolution - Setting this to "1" will turn on DNS lookups
# for attacking hosts. Setting it to "0" (or any other value) will shut
# it off.
RESOLVE_HOST = "0"
###################
# Response Options#
###################
# Options to dispose of attacker. Each is an action that will
# be run if an attack is detected. If you don't want a particular
# option then comment it out and it will be skipped.
#
# The variable $TARGET$ will be substituted with the target attacking
# host when an attack is detected. The variable $PORT$ will be substituted
# with the port that was scanned.
#
##################
# Ignore Options #
##################
# These options allow you to enable automatic response
# options for UDP/TCP. This is useful if you just want
# warnings for connections, but don't want to react for
# a particular protocol (i.e. you want to block TCP, but
# not UDP). To prevent a possible Denial of service attack
# against UDP and stealth scan detection for TCP, you may
# want to disable blocking, but leave the warning enabled.
# I personally would wait for this to become a problem before
# doing though as most attackers really aren't doing this.
# The third option allows you to run just the external command
# in case of a scan to have a pager script or such execute
# but not drop the route. This may be useful for some admins
# who want to block TCP, but only want pager/e-mail warnings
# on UDP, etc.
#
#
# 0 = Do not block UDP/TCP scans.
# 1 = Block UDP/TCP scans.
# 2 = Run external command only (KILL_RUN_CMD)
BLOCK_UDP="0"
BLOCK_TCP="0"
###################
# Dropping Routes:#
###################
# This command is used to drop the route or add the host into
# a local filter table.
#
# The gateway (333.444.555.666) should ideally be a dead host on
# the *local* subnet. On some hosts you can also point this at
# localhost (127.0.0.1) and get the same effect. NOTE THAT
# 333.444.555.66 WILL *NOT* WORK. YOU NEED TO CHANGE IT!!
#
# ALL KILL ROUTE OPTIONS ARE COMMENTED OUT INITIALLY. Make sure you
# uncomment the correct line for your OS. If you OS is not listed
# here and you have a route drop command that works then please
# mail it to me so I can include it. ONLY ONE KILL_ROUTE OPTION
# CAN BE USED AT A TIME SO DON'T UNCOMMENT MULTIPLE LINES.
#
# NOTE: The route commands are the least optimal way of blocking
# and do not provide complete protection against UDP attacks and
# will still generate alarms for both UDP and stealth scans. I
# always recommend you use a packet filter because they are made
# for this purpose.
#
# Generic
#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666"
# Generic Linux
#KILL_ROUTE="/sbin/route add -host $TARGET$ gw 333.444.555.666"
# Newer versions of Linux support the reject flag now. This
# is cleaner than the above option.
#KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
##
# Using a packet filter is the PREFERRED. The below lines
# work well on many OS's. Remember, you can only uncomment *one*
# KILL_ROUTE option.
##
# iptables support for Linux
#KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP"
#
# iptables support for Linux with limit and LOG support. Logs only
# a limited number of packets to avoid a denial of service attack.
KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP && /sbin/iptables -I
INPUT -s $TARGET$ -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level
DEBUG --log-prefix 'Portsentry: dropping: '"
###############
# TCP Wrappers#
###############
# This text will be dropped into the hosts.deny file for wrappers
# to use. There are two formats for TCP wrappers:
#
# Format One: Old Style - The default when extended host processing
# options are not enabled.
#
#KILL_HOSTS_DENY="ALL: $TARGET$"
# Format Two: New Style - The format used when extended option
# processing is enabled. You can drop in extended processing
# options, but be sure you escape all '%' symbols with a backslash
# to prevent problems writing out (i.e. \%c \%h )
#
KILL_HOSTS_DENY="ALL: $TARGET$ : DENY"
###################
# External Command#
###################
# This is a command that is run when a host connects, it can be whatever
# you want it to be (pager, etc.). This command is executed before the
# route is dropped or after depending on the KILL_RUN_CMD_FIRST option below
#
#
# I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING
# YOU!
#
# TCP/IP is an *unauthenticated protocol* and people can make scans appear out
# of thin air. The only time it is reasonably safe (and I *never* think it is
# reasonable) to run reverse probe scripts is when using the "classic" -tcp
mode.
# This mode requires a full connect and is very hard to spoof.
#
# The KILL_RUN_CMD_FIRST value should be set to "1" to force the command
# to run *before* the blocking occurs and should be set to "0" to make the
# command run *after* the blocking has occurred.
#
#KILL_RUN_CMD_FIRST = "0"
#
#
#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$ $MODE$"
# for examples see /usr/share/doc/portsentry/examples/
#####################
# Scan trigger value#
#####################
# Enter in the number of port connects you will allow before an
# alarm is given. The default is 0 which will react immediately.
# A value of 1 or 2 will reduce false alarms. Anything higher is
# probably not necessary. This value must always be specified, but
# generally can be left at 0.
#
# NOTE: If you are using the advanced detection option you need to
# be careful that you don't make a hair trigger situation. Because
# Advanced mode will react for *any* host connecting to a non-used
# port below your specified range, you have the opportunity to
# really break things. (i.e someone innocently tries to connect to
# you via SSL [TCP port 443] and you immediately block them). Some
# of you may even want this though. Just be careful.
#
SCAN_TRIGGER="0"
######################
# Port Banner Section#
######################
#
# Enter text in here you want displayed to a person tripping the PortSentry.
# I *don't* recommend taunting the person as this will aggravate them.
# Leave this commented out to disable the feature
#
# Stealth scan detection modes don't use this feature
#
#PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS
BEEN LOGGED. GO AWAY."
# EOF
--- NEW FILE: portsentry.init ---
#! /bin/sh
# start and stop portsentry
#
# $Id: portsentry.init,v 1.1 2004/12/19 21:04:49 espakman Exp $
RCDLINKS="2,S99 3,S99 4,S99 5,S99 0,K99 1,K99 6,K99"
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/portsentry
CONFIG=/etc/default/portsentry
test -f $DAEMON || exit 0
test -f $CONFIG || exit 0
# source the config file
. $CONFIG
startup () {
if [ \( ! "$TCP_MODE" \) -a \( ! "$UDP_MODE" \) ]; then
echo "Not starting anti portscan daemon (no modes in $CONFIG)."
exit 0
fi
echo -n "Starting anti portscan daemon: "
case "$TCP_MODE" in
"tcp"|"stcp"|"atcp")
# Make sure we're not already listening for tcp scans
if ! ps awx | grep -q "$DAEMON -[as]*tcp"
then
$DAEMON -$TCP_MODE
echo -n "portsentry in $TCP_MODE"
else
TCP_MODE=""
fi
;;
# do nothing if TCP_MODE is not set
"")
;;
*)
echo "$TCP_MODE is not a valid mode."
exit 1;
;;
esac
case "$UDP_MODE" in
"udp"|"sudp"|"audp")
if ! ps awx | grep -q "$DAEMON -[as]*udp"
then
$DAEMON -$UDP_MODE
if [ "$TCP_MODE" ]; then
echo -n " &"
else
echo -n "portsentry in"
fi
echo -n " $UDP_MODE"
else
UDP_MODE=""
fi
;;
# do nothing if UDP_MODE is not set
"")
;;
*)
echo "$UDP_MODE is not a valid mode."
exit 1;
;;
esac
if [ "$TCP_MODE" -o "$UDP_MODE" ]; then
echo " mode."
fi
}
case "$1" in
start)
startup
;;
stop)
echo -n "Stopping anti portscan daemon: portsentry"
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
echo "."
;;
restart|force-reload)
echo -n "Stopping anti portscan daemon: portsentry"
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON
echo "."
startup
;;
*)
echo "Usage: /etc/init.d/portsentry {start|stop|restart|force-reload}"
exit 1
;;
esac
exit 0
--- NEW FILE: portsentry.default ---
# /etc/default/portsentry
#
# This file is read by /etc/init.d/portsentry. See the portsentry.8
# manpage for details.
#
# The options in this file refer to commandline arguments (all in lowercase)
# of portsentry. Use only one tcp and udp mode at a time.
#
TCP_MODE=tcp
UDP_MODE=udp
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
leaf-cvs-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
