freebsd-ports/security/hunch/pkg-descr

Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and
other malicious probes. For each one found, track down the contact email
from WHOIS data and send a notice. Built-in rate controls prevent flooding
an admin even when his machines are scanning at high rates. Runs as a
non-privileged cron job to not interfere with the HTTP daemon's operation.

WWW: http://www.cs.cmu.edu/~dpelleg/hunch.html

-- Dan Pelleg

daniel+hunch@pelleg.org
New port: hunch - Scan httpd log files, find vulnerability probes, mail admins Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and other malicious probes. For each one found, track down the contact email from WHOIS data and send a notice. Built-in rate controls prevent flooding an admin even when his machines are scanning at high rates. Runs as a non-privileged cron job to not interfere with the HTTP daemon's operation. Notes to committer: 1. This port installs a user and a group "hunch". It doesn't meet the conditions listed in the handbook for a "reserved" uid/gid. 2. portlint will complain about the port. A lot. To the best of my judgment all of the warnings can be ignored with the exception of the one about BATCH which I could find no documentation for. Therefore it is setting IS_INTERACTIVE. PR: ports/44836 Submitted by: Dan Pelleg <daniel+hunch@pelleg.org> 2003-08-28 11:21:14 +02:00			`Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and`
			`other malicious probes. For each one found, track down the contact email`
			`from WHOIS data and send a notice. Built-in rate controls prevent flooding`
			`an admin even when his machines are scanning at high rates. Runs as a`
			`non-privileged cron job to not interfere with the HTTP daemon's operation.`

Chase URLs per distfile survey. 2005-11-25 07:02:46 +01:00			`WWW: http://www.cs.cmu.edu/~dpelleg/hunch.html`
update security/hunch: 1.1 -> 1.1.1 PR: 57917 Submitted by: Dan Pelleg <daniel+hunch@pelleg.org> (maintainer) 2003-10-14 14:31:30 +02:00
New port: hunch - Scan httpd log files, find vulnerability probes, mail admins Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and other malicious probes. For each one found, track down the contact email from WHOIS data and send a notice. Built-in rate controls prevent flooding an admin even when his machines are scanning at high rates. Runs as a non-privileged cron job to not interfere with the HTTP daemon's operation. Notes to committer: 1. This port installs a user and a group "hunch". It doesn't meet the conditions listed in the handbook for a "reserved" uid/gid. 2. portlint will complain about the port. A lot. To the best of my judgment all of the warnings can be ignored with the exception of the one about BATCH which I could find no documentation for. Therefore it is setting IS_INTERACTIVE. PR: ports/44836 Submitted by: Dan Pelleg <daniel+hunch@pelleg.org> 2003-08-28 11:21:14 +02:00			`-- Dan Pelleg`

			`daniel+hunch@pelleg.org`