denyhost: 2.9 -> 2.10; marked unmaintained; updated README
This commit is contained in:
parent
93d6cce372
commit
a44fddfa07
@ -7,7 +7,7 @@ drwxr-xr-x root/root usr/
|
|||||||
drwxr-xr-x root/root usr/lib/
|
drwxr-xr-x root/root usr/lib/
|
||||||
drwxr-xr-x root/root usr/lib/python2.7/
|
drwxr-xr-x root/root usr/lib/python2.7/
|
||||||
drwxr-xr-x root/root usr/lib/python2.7/site-packages/
|
drwxr-xr-x root/root usr/lib/python2.7/site-packages/
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHost-2.9-py2.7.egg-info
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts-2.10-py2.7.egg-info
|
||||||
drwxr-xr-x root/root usr/lib/python2.7/site-packages/DenyHosts/
|
drwxr-xr-x root/root usr/lib/python2.7/site-packages/DenyHosts/
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.py
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.py
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.pyc
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/__init__.pyc
|
||||||
@ -29,8 +29,6 @@ drwxr-xr-x root/root usr/lib/python2.7/site-packages/DenyHosts/
|
|||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/lockfile.pyc
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/lockfile.pyc
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.py
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.py
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.pyc
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/loginattempt.pyc
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/old-daemon.py
|
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/old-daemon.pyc
|
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.py
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.py
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.pyc
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/plugin.pyc
|
||||||
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/prefs.py
|
-rw-r--r-- root/root usr/lib/python2.7/site-packages/DenyHosts/prefs.py
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
untrusted comment: verify with /etc/ports/contrib.pub
|
untrusted comment: verify with /etc/ports/contrib.pub
|
||||||
RWSagIOpLGJF3ysRuA9ybjfxHnzEzstngRQFdr2WEtvpAbTyDVVZD8Er+Q4BEWla3duFnY3j7I2aya2s9IItcc0jTT9+wz67qAI=
|
RWSagIOpLGJF3wBRPc5qbk1WtTnRoiPnTqcEJiLn2TbjqWmVZLMz97CkYwC0j8Ane1SFKXqBuV79VTDq6DvAB5gcG9lhIjFFXAk=
|
||||||
SHA256 (Pkgfile) = 4e84f8238667e827e8ab5ddce7afa5d8515a9e4423652c934c09cf5d8f140d2f
|
SHA256 (Pkgfile) = c3b440e2ce95e033fcddff90b127770b48f2477467784883bd1f12f4e1f148e7
|
||||||
SHA256 (.footprint) = 48ef6504c01463750eed603c63c5c8dd654bbf8dc8bd0cdb246e1c3a4511b691
|
SHA256 (.footprint) = 5b97cd5229e9dd4f3409cc100f4f67aee0bc6f4b52cf8d3d840f04b546cbe8c7
|
||||||
SHA256 (denyhosts-2.9.tar.gz) = a1e6d14525e519ff92ea2f71bc7ae4586ee1dc76827b935e323a133fda73ed5b
|
SHA256 (denyhost-2.10.tar.gz) = 2f519f39e8d00258ba0b6d4ce2a55501fdc08b52c5b5f8881c098b4460c89c26
|
||||||
|
@ -1,19 +1,21 @@
|
|||||||
# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks. (fork of denyhosts)
|
# Description: A script intended to be run by Linux system administrators to help thwart ssh server attacks.
|
||||||
# URL: http://denyhost.sourceforge.net/
|
# URL: https://github.com/denyhosts/denyhosts
|
||||||
# Maintainer: Danny Rawlins, crux at romster dot me
|
# Maintainer: unmaintained
|
||||||
# Packager: Danny Rawlins, crux at romster dot me
|
|
||||||
# Depends on: python
|
# Depends on: python
|
||||||
|
|
||||||
name=denyhost
|
name=denyhost
|
||||||
version=2.9
|
version=2.10
|
||||||
release=1
|
release=1
|
||||||
source=(http://downloads.sourceforge.net/project/$name/$name-$version/denyhosts-$version.tar.gz)
|
source=(https://github.com/denyhosts/denyhosts/archive/v$version/$name-$version.tar.gz)
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
cd DenyHosts-$version
|
cd denyhosts-$version
|
||||||
|
|
||||||
/usr/bin/python setup.py install --root=$PKG
|
/usr/bin/python setup.py install --root=$PKG
|
||||||
|
|
||||||
|
chmod g-w $PKG/usr/share/man/man8/$name* \
|
||||||
|
$PKG/etc/denyhosts.conf
|
||||||
|
|
||||||
install -d $PKG/etc/{denyhosts,rc.d} $PKG/usr/sbin
|
install -d $PKG/etc/{denyhosts,rc.d} $PKG/usr/sbin
|
||||||
|
|
||||||
mv $PKG/etc/denyhosts.conf \
|
mv $PKG/etc/denyhosts.conf \
|
||||||
|
@ -1,37 +1,28 @@
|
|||||||
This is a fork of denyhosts, it'll run the same with a few small changes. I
|
NOTES:
|
||||||
expect more code cleanup and a total shift to iptables in future.
|
|
||||||
|
The denyhost fork merged back with the original denyhosts, so this port name
|
||||||
|
is an anachronism.
|
||||||
|
The nftables project is featureful enough to make this port obsolete anyway,
|
||||||
|
so it's being marked unmaintained to give current users a chance to
|
||||||
|
replace their denyhosts setup with the nftables equivalent (dynamically
|
||||||
|
updated sets).
|
||||||
|
|
||||||
REQUIREMENTS:
|
REQUIREMENTS:
|
||||||
|
|
||||||
PRECAUTION:
|
python2, for now. There's an open pull request that promises python3
|
||||||
|
compatibility, but it hasn't received enough code review compared to the
|
||||||
PRE-INSTALL:
|
easier alternative: replicate the desired functionality using nftables.
|
||||||
|
|
||||||
POST-INSTALL:
|
POST-INSTALL:
|
||||||
|
|
||||||
Edit /etc/denyhosts/denyhosts.conf as needed.
|
Edit /etc/denyhosts/denyhosts.conf as needed.
|
||||||
|
|
||||||
Edit /etc/inetd.conf, I added:
|
Edit /etc/inetd.conf, for example:
|
||||||
|
|
||||||
#<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
|
#<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
|
||||||
sshd stream tcp nowait root /usr/sbin/sshd in.sshd
|
sshd stream tcp nowait root /usr/sbin/sshd in.sshd
|
||||||
|
|
||||||
Add inetd and denyhosts to services array on /etc/rc.conf, after net and before sshd is loaded (and any other services used by denyhost and inetd (not sure if this is necessary but i believe its good to allow protection before the services start).
|
Add inetd and denyhosts to services array on /etc/rc.conf, after net and
|
||||||
|
before all the services supervised by denyhost and inetd (not sure if this
|
||||||
PRE-REMOVE:
|
is necessary but it might be wise to allow protection before the services
|
||||||
|
start).
|
||||||
POST-REMOVE:
|
|
||||||
|
|
||||||
NOTES:
|
|
||||||
|
|
||||||
To protect sshd.
|
|
||||||
|
|
||||||
Edit /etc/hosts.allow and comment out everything, everything will have access by default.
|
|
||||||
|
|
||||||
Edit /etc/hosts.deny and comment out the "ALL: ALL: DENY" part, also the "#End of file" bit will be useless as denyhosts appends to the file.
|
|
||||||
|
|
||||||
(note the config in inetd.conf doesn't seem to be right or needed? see
|
|
||||||
messages upon boot up, any corrections email me :) )
|
|
||||||
|
|
||||||
Danny Rawlins, <contact at romster dot me
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user