sshdfilter: initial commit

2007-01-06 10:21:39 -04:00 · 2007-01-06 10:21:39 -04:00 · 7204acfe6b
commit 7204acfe6b
parent 2b41919783
5 changed files with 89 additions and 0 deletions
--- a/sshdfilter/.footprint
+++ b/sshdfilter/.footprint
@ -0,0 +1,12 @@
+drwxr-xr-x	root/root	etc/
+drwxr-xr-x	root/root	etc/rc.d/
+-rwxr-xr-x	root/root	etc/rc.d/sshdfilter
+-rw-------	root/root	etc/sshdfilterrc
+drwxr-xr-x	root/root	usr/
+drwxr-xr-x	root/root	usr/man/
+drwxr-xr-x	root/root	usr/man/man1/
+-rw-r--r--	root/root	usr/man/man1/sshdfilter.1.gz
+drwxr-xr-x	root/root	usr/man/man5/
+-rw-r--r--	root/root	usr/man/man5/sshdfilterrc.5.gz
+drwxr-xr-x	root/root	usr/sbin/
+-rwxr-xr-x	root/root	usr/sbin/sshdfilter
--- a/sshdfilter/.md5sum
+++ b/sshdfilter/.md5sum
@ -0,0 +1,2 @@
+868770ad15031f4cf7deca28ae0cc27a  sshdfilter
+81b1438123138bb9e6a2e2b6c2e42f5d  sshdfilter-1.4.5.tar.gz
--- a/sshdfilter/Pkgfile
+++ b/sshdfilter/Pkgfile
@ -0,0 +1,18 @@
+# Description:	ssh brute force attack blocker
+# URL:		http://www.csc.liv.ac.uk/~greg/sshdfilter/
+# Maintainer:	Alan Mizrahi, alan at mizrahi dot com dot ve
+# Depends on:	openssh, iptables, perl
+
+name=sshdfilter
+version=1.4.5
+release=1
+source=(http://www.csc.liv.ac.uk/~greg/sshdfilter-$version.tar.gz sshdfilter)
+
+build () {
+	cd $name-$version
+	install -m 755 -o root -g root -D sshdfilter.rhFC30 $PKG/usr/sbin/sshdfilter
+	install -m 755 -o root -g root -D $SRC/sshdfilter $PKG/etc/rc.d/sshdfilter
+	install -m 600 -o root -g root -D etc/sshdfilterrc $PKG/etc/sshdfilterrc
+	install -m 644 -o root -g root -D docs/sshdfilter.1 $PKG/usr/man/man1/sshdfilter.1
+	install -m 644 -o root -g root -D docs/sshdfilterrc.5 $PKG/usr/man/man5/sshdfilterrc.5
+}
--- a/sshdfilter/README
+++ b/sshdfilter/README
@ -0,0 +1,20 @@
+REQUIREMENTS
+
+PRE-INSTALL
+
+	* This port depends on having netfilter enabled in the kernel
+
+POST-INSTALL
+
+	* Add the SSHD chain to your firewall setup:
+	iptables -N SSHD
+
+	* Add a jump to SSHD rule:
+	iptables -A INPUT -p tcp -m tcp --dport 22 -j SSHD
+
+	* Store your new iptables rules somewhere persistent
+
+	* To start sshd with filtering, use /etc/rc.d/sshdfilter instead of
+	  /etc/rc.d/sshd
+
+PRECAUTION
--- a/sshdfilter/sshdfilter
+++ b/sshdfilter/sshdfilter
@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# /etc/rc.d/sshd: start/stop ssh daemon with filtering enabled
+#
+
+case $1 in
+start)
+	if [ ! -f /etc/ssh/ssh_host_key ]; then
+		/usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key > /dev/null
+	fi
+	if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+		/usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key > /dev/null
+	fi
+	if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
+		/usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key > /dev/null
+	fi
+	/usr/sbin/sshdfilter
+	;;
+stop)
+	if [ -f /var/run/sshd.pid ]; then
+		kill `cat /var/run/sshd.pid`
+		rm -f /var/run/ssh.pid
+	else
+		killall -q /usr/sbin/sshd
+	fi
+	;;
+restart)
+	$0 stop
+	sleep 2
+	$0 start
+	;;
+*)
+	echo "usage: $0 [start|stop|restart]"
+	;;
+esac
+
+# End of file