denyhost: 2.9 -> 2.10; marked unmaintained; updated README

This commit is contained in:
John McQuah 2023-03-04 17:42:13 -05:00
parent 93d6cce372
commit a44fddfa07
4 changed files with 30 additions and 39 deletions

View File

@ -7,7 +7,7 @@ drwxr-xr-x root/root usr/
drwxr-xr-x root/root usr/lib/
drwxr-xr-x root/root usr/lib/python2.7/
drwxr-xr-x root/root usr/lib/python2.7/site-packages/
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHost-2.9-py2.7.egg-info
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts-2.10-py2.7.egg-info
drwxr-xr-x root/root usr/lib/python2.7/site-packages/DenyHosts/
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.py
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.pyc
@ -29,8 +29,6 @@ drwxr-xr-x root/root usr/lib/python2.7/site-packages/DenyHosts/
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/lockfile.pyc
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.py
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.pyc
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/old-daemon.py
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/old-daemon.pyc
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.py
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.pyc
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/prefs.py

View File

@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/contrib.pub
RWSagIOpLGJF3ysRuA9ybjfxHnzEzstngRQFdr2WEtvpAbTyDVVZD8Er+Q4BEWla3duFnY3j7I2aya2s9IItcc0jTT9+wz67qAI=
SHA256 (Pkgfile) = 4e84f8238667e827e8ab5ddce7afa5d8515a9e4423652c934c09cf5d8f140d2f
SHA256 (.footprint) = 48ef6504c01463750eed603c63c5c8dd654bbf8dc8bd0cdb246e1c3a4511b691
SHA256 (denyhosts-2.9.tar.gz) = a1e6d14525e519ff92ea2f71bc7ae4586ee1dc76827b935e323a133fda73ed5b
RWSagIOpLGJF3wBRPc5qbk1WtTnRoiPnTqcEJiLn2TbjqWmVZLMz97CkYwC0j8Ane1SFKXqBuV79VTDq6DvAB5gcG9lhIjFFXAk=
SHA256 (Pkgfile) = c3b440e2ce95e033fcddff90b127770b48f2477467784883bd1f12f4e1f148e7
SHA256 (.footprint) = 5b97cd5229e9dd4f3409cc100f4f67aee0bc6f4b52cf8d3d840f04b546cbe8c7
SHA256 (denyhost-2.10.tar.gz) = 2f519f39e8d00258ba0b6d4ce2a55501fdc08b52c5b5f8881c098b4460c89c26

View File

@ -1,19 +1,21 @@
# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks. (fork of denyhosts)
# URL: http://denyhost.sourceforge.net/
# Maintainer: Danny Rawlins, crux at romster dot me
# Packager: Danny Rawlins, crux at romster dot me
# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks.
# URL: https://github.com/denyhosts/denyhosts
# Maintainer: unmaintained
# Depends on: python
name=denyhost
version=2.9
version=2.10
release=1
source=(http://downloads.sourceforge.net/project/$name/$name-$version/denyhosts-$version.tar.gz)
source=(https://github.com/denyhosts/denyhosts/archive/v$version/$name-$version.tar.gz)
build() {
cd DenyHosts-$version
cd denyhosts-$version
/usr/bin/python setup.py install --root=$PKG
chmod g-w $PKG/usr/share/man/man8/$name* \
$PKG/etc/denyhosts.conf
install -d $PKG/etc/{denyhosts,rc.d} $PKG/usr/sbin
mv $PKG/etc/denyhosts.conf \

View File

@ -1,37 +1,28 @@
This is a fork of denyhosts, it'll run the same with a few small changes. I
expect more code cleanup and a total shift to iptables in future.
NOTES:
The denyhost fork merged back with the original denyhosts, so this port name
is an anachronism.
The nftables project is featureful enough to make this port obsolete anyway,
so it's being marked unmaintained to give current users a chance to
replace their denyhosts setup with the nftables equivalent (dynamically
updated sets).
REQUIREMENTS:
PRECAUTION:
PRE-INSTALL:
python2, for now. There's an open pull request that promises python3
compatibility, but it hasn't received enough code review compared to the
easier alternative: replicate the desired functionality using nftables.
POST-INSTALL:
Edit /etc/denyhosts/denyhosts.conf as needed.
Edit /etc/inetd.conf, I added:
Edit /etc/inetd.conf, for example:
#<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
sshd stream tcp nowait root /usr/sbin/sshd in.sshd
Add inetd and denyhosts to services array on /etc/rc.conf, after net and before sshd is loaded (and any other services used by denyhost and inetd (not sure if this is necessary but i believe its good to allow protection before the services start).
PRE-REMOVE:
POST-REMOVE:
NOTES:
To protect sshd.
Edit /etc/hosts.allow and comment out everything, everything will have access by default.
Edit /etc/hosts.deny and comment out the "ALL: ALL: DENY" part, also the "#End of file" bit will be useless as denyhosts appends to the file.
(note the config in inetd.conf doesn't seem to be right or needed? see
messages upon boot up, any corrections email me :) )
Danny Rawlins, <contact at romster dot me
Add inetd and denyhosts to services array on /etc/rc.conf, after net and
before all the services supervised by denyhost and inetd (not sure if this
is necessary but it might be wise to allow protection before the services
start).