From 7204acfe6b8c948c2af9c021d512b6330be21251 Mon Sep 17 00:00:00 2001 From: Alan Mizrahi Date: Sat, 6 Jan 2007 10:21:39 -0400 Subject: [PATCH] sshdfilter: initial commit --- sshdfilter/.footprint | 12 ++++++++++++ sshdfilter/.md5sum | 2 ++ sshdfilter/Pkgfile | 18 ++++++++++++++++++ sshdfilter/README | 20 ++++++++++++++++++++ sshdfilter/sshdfilter | 37 +++++++++++++++++++++++++++++++++++++ 5 files changed, 89 insertions(+) create mode 100644 sshdfilter/.footprint create mode 100644 sshdfilter/.md5sum create mode 100644 sshdfilter/Pkgfile create mode 100644 sshdfilter/README create mode 100755 sshdfilter/sshdfilter diff --git a/sshdfilter/.footprint b/sshdfilter/.footprint new file mode 100644 index 000000000..f0b184b35 --- /dev/null +++ b/sshdfilter/.footprint @@ -0,0 +1,12 @@ +drwxr-xr-x root/root etc/ +drwxr-xr-x root/root etc/rc.d/ +-rwxr-xr-x root/root etc/rc.d/sshdfilter +-rw------- root/root etc/sshdfilterrc +drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/man/ +drwxr-xr-x root/root usr/man/man1/ +-rw-r--r-- root/root usr/man/man1/sshdfilter.1.gz +drwxr-xr-x root/root usr/man/man5/ +-rw-r--r-- root/root usr/man/man5/sshdfilterrc.5.gz +drwxr-xr-x root/root usr/sbin/ +-rwxr-xr-x root/root usr/sbin/sshdfilter diff --git a/sshdfilter/.md5sum b/sshdfilter/.md5sum new file mode 100644 index 000000000..82d04a495 --- /dev/null +++ b/sshdfilter/.md5sum @@ -0,0 +1,2 @@ +868770ad15031f4cf7deca28ae0cc27a sshdfilter +81b1438123138bb9e6a2e2b6c2e42f5d sshdfilter-1.4.5.tar.gz diff --git a/sshdfilter/Pkgfile b/sshdfilter/Pkgfile new file mode 100644 index 000000000..7d1b6c51f --- /dev/null +++ b/sshdfilter/Pkgfile @@ -0,0 +1,18 @@ +# Description: ssh brute force attack blocker +# URL: http://www.csc.liv.ac.uk/~greg/sshdfilter/ +# Maintainer: Alan Mizrahi, alan at mizrahi dot com dot ve +# Depends on: openssh, iptables, perl + +name=sshdfilter +version=1.4.5 +release=1 +source=(http://www.csc.liv.ac.uk/~greg/sshdfilter-$version.tar.gz sshdfilter) + +build () { + cd $name-$version + install -m 755 -o root -g root -D sshdfilter.rhFC30 $PKG/usr/sbin/sshdfilter + install -m 755 -o root -g root -D $SRC/sshdfilter $PKG/etc/rc.d/sshdfilter + install -m 600 -o root -g root -D etc/sshdfilterrc $PKG/etc/sshdfilterrc + install -m 644 -o root -g root -D docs/sshdfilter.1 $PKG/usr/man/man1/sshdfilter.1 + install -m 644 -o root -g root -D docs/sshdfilterrc.5 $PKG/usr/man/man5/sshdfilterrc.5 +} diff --git a/sshdfilter/README b/sshdfilter/README new file mode 100644 index 000000000..52804ff71 --- /dev/null +++ b/sshdfilter/README @@ -0,0 +1,20 @@ +REQUIREMENTS + +PRE-INSTALL + + * This port depends on having netfilter enabled in the kernel + +POST-INSTALL + + * Add the SSHD chain to your firewall setup: + iptables -N SSHD + + * Add a jump to SSHD rule: + iptables -A INPUT -p tcp -m tcp --dport 22 -j SSHD + + * Store your new iptables rules somewhere persistent + + * To start sshd with filtering, use /etc/rc.d/sshdfilter instead of + /etc/rc.d/sshd + +PRECAUTION diff --git a/sshdfilter/sshdfilter b/sshdfilter/sshdfilter new file mode 100755 index 000000000..fba4c5942 --- /dev/null +++ b/sshdfilter/sshdfilter @@ -0,0 +1,37 @@ +#!/bin/sh +# +# /etc/rc.d/sshd: start/stop ssh daemon with filtering enabled +# + +case $1 in +start) + if [ ! -f /etc/ssh/ssh_host_key ]; then + /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key > /dev/null + fi + if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then + /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key > /dev/null + fi + if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then + /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key > /dev/null + fi + /usr/sbin/sshdfilter + ;; +stop) + if [ -f /var/run/sshd.pid ]; then + kill `cat /var/run/sshd.pid` + rm -f /var/run/ssh.pid + else + killall -q /usr/sbin/sshd + fi + ;; +restart) + $0 stop + sleep 2 + $0 start + ;; +*) + echo "usage: $0 [start|stop|restart]" + ;; +esac + +# End of file