diff --git a/security/denyhosts/Makefile b/security/denyhosts/Makefile index bdf963e0fd0c..03c874819b37 100644 --- a/security/denyhosts/Makefile +++ b/security/denyhosts/Makefile @@ -2,30 +2,33 @@ # $FreeBSD$ PORTNAME= denyhosts -PORTVERSION= 2.6 -PORTREVISION= 7 +PORTVERSION= 3.1 +DISTVERSIONPREFIX= v CATEGORIES= security -MASTER_SITES= SF -DISTNAME= DenyHosts-${PORTVERSION} +PKGNAMESUFFIX= ${PYTHON_PKGNAMESUFFIX} MAINTAINER= sunpoet@FreeBSD.org -COMMENT= Script to thwart ssh attacks +COMMENT= Script to thwart ssh and imap attacks LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE.txt -OPTIONS_DEFINE= DOCS +BUILD_DEPENDS= ${RUN_DEPENDS} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ipaddr>=0:devel/py-ipaddr@${PY_FLAVOR} + +USES= cpe python shebangfix +USE_PYTHON= autoplist concurrent distutils -USES= cpe python:2.7 shebangfix -REINPLACE_ARGS= -i '' -USE_PYTHON= autoplist distutils -USE_RC_SUBR= denyhosts -CPE_VENDOR= phil_schwartz NO_ARCH= yes +REINPLACE_ARGS= -i '' +USE_RC_SUBR= denyhosts -PORTDOCS= CHANGELOG.txt LICENSE.txt README.txt +PLIST_FILES= "@sample etc/denyhosts.conf.sample" SUB_FILES= pkg-message SUB_LIST= PYTHON=${PYTHON_CMD} +USE_GITHUB= yes + SHEBANG_LANG= env SHEBANG_FILES= daemon-control-dist \ plugins/test_deny.py \ @@ -35,12 +38,11 @@ env_OLD_CMD= /bin/env env_CMD= ${SETENV} post-patch: - @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/daemon-control-dist ${WRKSRC}/denyhosts.cfg-dist ${WRKSRC}/setup.py + @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/daemon-control-dist ${WRKSRC}/denyhosts.conf ${WRKSRC}/setup.py + @${REINPLACE_CMD} -e 's|%%PYTHON_CMD%%|${PYTHON_CMD}|' ${WRKSRC}/daemon-control-dist @${FIND} ${WRKSRC} -type f -name '*.bak' -o -name '*.orig' -delete post-install: - ${INSTALL_DATA} ${WRKSRC}/denyhosts.cfg-dist ${STAGEDIR}${PREFIX}/etc/denyhosts.conf.sample - ${MKDIR} ${STAGEDIR}${DOCSDIR}/ - cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}/ + ${INSTALL_DATA} ${WRKSRC}/denyhosts.conf ${STAGEDIR}${PREFIX}/etc/denyhosts.conf.sample .include diff --git a/security/denyhosts/distinfo b/security/denyhosts/distinfo index d1f87732891c..8c8e9398c16c 100644 --- a/security/denyhosts/distinfo +++ b/security/denyhosts/distinfo @@ -1,2 +1,3 @@ -SHA256 (DenyHosts-2.6.tar.gz) = 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d -SIZE (DenyHosts-2.6.tar.gz) = 42667 +TIMESTAMP = 1567007893 +SHA256 (denyhosts-denyhosts-v3.1_GH0.tar.gz) = 7a6aee5934a56473ad54d373715da1e715ff2ffd19b9dceb54b0297fe8c3a965 +SIZE (denyhosts-denyhosts-v3.1_GH0.tar.gz) = 57160 diff --git a/security/denyhosts/files/patch-DenyHosts__regex.py b/security/denyhosts/files/patch-DenyHosts__regex.py deleted file mode 100644 index cd61c58e218b..000000000000 --- a/security/denyhosts/files/patch-DenyHosts__regex.py +++ /dev/null @@ -1,44 +0,0 @@ -# Patch shaped from http://seclists.org/oss-sec/2013/q4/535 -=================================================================== ---- ./DenyHosts/regex.py.orig 2006-12-07 20:47:04.000000000 +0100 -+++ ./DenyHosts/regex.py 2013-12-23 17:17:42.000000000 +0100 -@@ -6,22 +6,22 @@ - - #DATE_FORMAT_REGEX = re.compile(r"""(?P[A-z]{3,3})\s*(?P\d+)""") - --SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P.*)""") -+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P.*)""") - #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P.*)""") - --FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P.*) for (?Pinvalid user |illegal user )?(?P.*?) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P\S*) for (?Pinvalid user |illegal user )?(?P.*) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX2 = re.compile(r"""(?P(Illegal|Invalid)) user (?P.*?) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P(Illegal|Invalid)) user (?P.*) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P.*) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX3 = None - --FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) .*from (?P.*)""") -+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) from (::ffff:)?(?P\S+)$""") - --FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) .*from (?P.*) not allowed because none of user's groups are listed in AllowGroups""") -+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) from (::ffff:)?(?P\S+) not allowed because none of user's groups are listed in AllowGroups$""") - --FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) not allowed because not listed in AllowUsers""") -+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) from (::ffff:)?(?P\S+) not allowed because not listed in AllowUsers$""") - - - # these are reserved for future versions -@@ -42,7 +42,7 @@ - FAILED_ENTRY_REGEX_MAP[i] = rx - - --SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P.*) for (?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P\S+) for (?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - - TIME_SPEC_REGEX = re.compile(r"""(?P\d*)\s*(?P[smhdwy])?""") - diff --git a/security/denyhosts/files/patch-daemon-control-dist b/security/denyhosts/files/patch-daemon-control-dist index 1b429f405e9b..35ffc7a07c11 100644 --- a/security/denyhosts/files/patch-daemon-control-dist +++ b/security/denyhosts/files/patch-daemon-control-dist @@ -1,15 +1,18 @@ ---- daemon-control-dist.orig +--- daemon-control-dist.orig 2015-09-16 19:40:15 UTC +++ daemon-control-dist -@@ -11,9 +11,9 @@ +@@ -11,11 +11,11 @@ #### Edit these to suit your configuration #### ############################################### --DENYHOSTS_BIN = "/usr/bin/denyhosts.py" --DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" --DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" +-DENYHOSTS_BIN = "/usr/sbin/denyhosts" +-DENYHOSTS_LOCK = "/run/denyhosts.pid" +-DENYHOSTS_CFG = "/etc/denyhosts.conf" +DENYHOSTS_BIN = "%%PREFIX%%/bin/denyhosts.py" -+DENYHOSTS_LOCK = "/var/run/denyhosts" -+DENYHOSTS_CFG = "%%PREFIX%%/share/denyhosts/denyhosts.cfg" ++DENYHOSTS_LOCK = "/var/run/denyhosts.pid" ++DENYHOSTS_CFG = "%%PREFIX%%/etc/denyhosts.conf" +-PYTHON_BIN = "/usr/bin/env python" ++PYTHON_BIN = "%%PYTHON_CMD%%" ############################################### + #### Do not edit below #### diff --git a/security/denyhosts/files/patch-denyhosts.cfg-dist b/security/denyhosts/files/patch-denyhosts.conf similarity index 56% rename from security/denyhosts/files/patch-denyhosts.cfg-dist rename to security/denyhosts/files/patch-denyhosts.conf index ef7fa1ec4524..e237a090a203 100644 --- a/security/denyhosts/files/patch-denyhosts.cfg-dist +++ b/security/denyhosts/files/patch-denyhosts.conf @@ -1,28 +1,34 @@ ---- denyhosts.cfg-dist.orig -+++ denyhosts.cfg-dist -@@ -9,10 +9,10 @@ - # argument - # - # Redhat or Fedora Core: --SECURE_LOG = /var/log/secure -+#SECURE_LOG = /var/log/secure +--- denyhosts.conf.orig 2015-09-16 19:40:15 UTC ++++ denyhosts.conf +@@ -12,7 +12,7 @@ + #SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: -#SECURE_LOG = /var/log/auth.log +SECURE_LOG = /var/log/auth.log # - # SuSE: + # SuSE or Gentoo: #SECURE_LOG = /var/log/messages -@@ -31,7 +31,7 @@ +@@ -25,7 +25,7 @@ + #SECURE_LOG=/private/var/log/system.log + # + # Debian and Ubuntu +-SECURE_LOG = /var/log/auth.log ++#SECURE_LOG = /var/log/auth.log + ######################################################################## + + ######################################################################## +@@ -33,7 +33,8 @@ SECURE_LOG = /var/log/auth.log # HOSTS_DENY: the file which contains restricted host access information # # Most operating systems: -HOSTS_DENY = /etc/hosts.deny ++#HOSTS_DENY = /etc/hosts.deny +HOSTS_DENY = /etc/hosts.deniedssh # # Some BSD (FreeBSD) Unixes: #HOSTS_DENY = /etc/hosts.allow -@@ -90,7 +90,7 @@ +@@ -92,7 +93,7 @@ PURGE_DENY = # To block all services for the offending host: #BLOCK_SERVICE = ALL # To block only sshd: @@ -30,47 +36,32 @@ +#BLOCK_SERVICE = sshd # To only record the offending host and nothing else (if using # an auxilary file to list the hosts). Refer to: - # http://denyhosts.sourceforge.net/faq.html#aux -@@ -150,7 +150,7 @@ + # http://denyhost.sourceforge.net/faq.html#aux +@@ -162,7 +163,8 @@ DETECT_DOVECOT_LOGIN_ATTEMPTS = NO # Note: it is recommended that you use an absolute pathname - # for this value (eg. /home/foo/denyhosts/data) + # for this value (eg. /home/foo/denyhost/data) # --WORK_DIR = /usr/share/denyhosts/data +-WORK_DIR = /var/lib/denyhosts ++#WORK_DIR = /var/lib/denyhosts +WORK_DIR = %%PREFIX%%/share/denyhosts/data # ####################################################################### -@@ -176,7 +176,7 @@ - # the corresponding hostname will be looked up and reported as well - # (if available). - # --HOSTNAME_LOOKUP=YES -+HOSTNAME_LOOKUP=NO - # - ###################################################################### - -@@ -192,10 +192,10 @@ - # running at a time. - # +@@ -220,7 +222,7 @@ HOSTNAME_LOOKUP=NO # Redhat/Fedora: --LOCK_FILE = /var/lock/subsys/denyhosts -+#LOCK_FILE = /var/lock/subsys/denyhosts + #LOCK_FILE = /var/lock/subsys/denyhosts # --# Debian --#LOCK_FILE = /var/run/denyhosts.pid -+# Debian (and FreeBSD) -+LOCK_FILE = /var/run/denyhosts.pid +-# Debian or Gentoo ++# FreeBSD, Debian or Gentoo + LOCK_FILE = /var/run/denyhosts.pid # # Misc - #LOCK_FILE = /tmp/denyhosts.lock -@@ -414,7 +414,9 @@ - # See this faq entry for more details: - # http://denyhosts.sf.net/faq.html#userdef_regex +@@ -502,6 +504,8 @@ AGE_RESET_INVALID=10d + # http://denyhost.sf.net/faq.html#userdef_regex # --#USERDEF_FAILED_ENTRY_REGEX= + #USERDEF_FAILED_ENTRY_REGEX= +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?Pinvalid user |illegal user )?(?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?Pinvalid user |illegal user )?(?P.*?) from (?P.*) -+# sorry no entries for IPv6 address yet :( # # ###################################################################### diff --git a/security/denyhosts/files/patch-scripts__restricted_from_passwd.py b/security/denyhosts/files/patch-scripts__restricted_from_passwd.py deleted file mode 100644 index c977d714fbb8..000000000000 --- a/security/denyhosts/files/patch-scripts__restricted_from_passwd.py +++ /dev/null @@ -1,10 +0,0 @@ ---- ./scripts/restricted_from_passwd.py.orig 2013-12-28 18:51:41.000000000 +0100 -+++ ./scripts/restricted_from_passwd.py 2013-12-28 18:51:41.000000000 +0100 -@@ -12,6 +12,7 @@ - ############################################################################ - - RESTRICTED_SHELLS = ("/sbin/nologin", -+ "/usr/sbin/nologin", - "/sbin/shutdown", - "/sbin/halt") - diff --git a/security/denyhosts/files/patch-setup.py b/security/denyhosts/files/patch-setup.py index 9feafea812bb..fc7f031912a5 100644 --- a/security/denyhosts/files/patch-setup.py +++ b/security/denyhosts/files/patch-setup.py @@ -1,24 +1,21 @@ ---- setup.py.orig +--- setup.py.orig 2015-09-16 19:40:15 UTC +++ setup.py -@@ -8,7 +8,7 @@ - from glob import glob - +@@ -11,8 +11,8 @@ from DenyHosts.util import normalize_whi + from DenyHosts.version import VERSION + etcpath = "/etc" +-manpath = "/usr/share/man/man8" -libpath = "/usr/share/denyhosts" ++manpath = "%%PREFIX%%/man/man8" +libpath = "%%PREFIX%%/share/denyhosts" - scriptspath = "%s/scripts" % libpath - pluginspath = "%s/plugins" % libpath + scriptspath = ospj("scripts", libpath) + pluginspath = ospj("plugins", libpath) -@@ -26,11 +26,8 @@ - data_files=[(libpath, glob("denyhosts.cfg-dist")), - (libpath, glob("setup.py")), - (libpath, glob("daemon-control-dist")), -- (libpath, glob("CHANGELOG.txt")), -- (libpath, glob("README.txt")), - (scriptspath, glob("scripts/*")), -- (pluginspath, glob("plugins/*")), -- (libpath, glob("LICENSE.txt"))], -+ (pluginspath, glob("plugins/*"))], - license="GPL v2", - ##extra_path='denyhosts', - long_description=""" +@@ -28,7 +28,6 @@ setup( + packages=["DenyHosts"], + requires=["ipaddr"], + data_files=[ +- (etcpath, glob("denyhosts.conf")), + (manpath, glob("denyhosts.8")), + ], + license="GPL v2", diff --git a/security/denyhosts/pkg-descr b/security/denyhosts/pkg-descr index ac7d932a85ca..7b16fdfde6e3 100644 --- a/security/denyhosts/pkg-descr +++ b/security/denyhosts/pkg-descr @@ -1,5 +1,5 @@ -DenyHosts is a script intended to be run by *ix system administrators to -help thwart ssh server attacks. +DenyHosts is a utility developed by Phil Schwartz and maintained by a number of +developers which aims to thwart sshd (ssh server) brute force attacks. If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed to see how many hackers attempted to gain access to your server. @@ -18,4 +18,4 @@ Denyhosts helps you: - Optionally sends an email of newly banned hosts and suspicious logins. - Resolves IP addresses to hostnames, if you want -WWW: http://denyhosts.sourceforge.net/ +WWW: https://github.com/denyhosts/denyhosts diff --git a/security/denyhosts/pkg-plist b/security/denyhosts/pkg-plist deleted file mode 100644 index 9ce9700762fe..000000000000 --- a/security/denyhosts/pkg-plist +++ /dev/null @@ -1 +0,0 @@ -@sample etc/denyhosts.conf.sample