freebsd-ports/security/hunch/pkg-deinstall
Edwin Groothuis efe705504a New port: hunch - Scan httpd log files, find vulnerability probes,
mail admins

	Scan Apache log files for CodeRed, Nimda, FormMail, proxy
	scanners and other malicious probes. For each one found,
	track down the contact email from WHOIS data and send a
	notice. Built-in rate controls prevent flooding an admin
	even when his machines are scanning at high rates. Runs as
	a non-privileged cron job to not interfere with the HTTP
	daemon's operation.

	Notes to committer:
	 1. This port installs a user and a group "hunch". It doesn't
	 meet the conditions listed in the handbook for a "reserved"
	 uid/gid.
	 2. portlint will complain about the port. A lot. To the
	 best of my judgment all of the warnings can be ignored
	 with the exception of the one about BATCH which I could
	 find no documentation for. Therefore it is setting
	 IS_INTERACTIVE.

PR:		ports/44836
Submitted by:	Dan Pelleg <daniel+hunch@pelleg.org>
2003-08-28 09:21:14 +00:00

97 lines
1.9 KiB
Bash

#! /bin/sh
#
# Adapted from pkg-deinstall in net/cvsup-mirror,
# presumably by jdp@FreeBSD.org
#
user=hunch
group=hunch
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" ]; then
read -p "${question} [${default}]? " answer
fi
if [ x${answer} = x ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local dflt question answer
question=$1
dflt=$2
while :; do
answer=$(ask "${question}" "${dflt}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
delete_account() {
local u g home
u=$1
g=$2
if yesno "Do you want me to remove group \"${g}\"" y; then
pw groupdel -n ${g}
echo "Done."
fi
if yesno "Do you want me to remove user \"${u}\"" y; then
eval home=~${u}
pw userdel -n ${u}
echo "Done."
if [ -d "${home}" ]; then
echo "Please remember to remove the home directory \"${home}\" as"
echo "well as the mirrored files."
fi
fi
}
if [ x$2 != xDEINSTALL ]; then
exit
fi
export PATH=/bin:/usr/bin:/usr/sbin
if ps -axc | grep -q complain-httpd; then
if yesno "There are some complain-httpd processes running. Shall I kill them" y
then
killall complain-httpd
sleep 2
else
echo "OK ... I hope you know what you are doing."
fi
fi
tmp="/etc/#hunch$$"
trap "rm -f ${tmp}" 0 1 2 3 15
rm -f /var/db/hunch-timestamp
if yesno "Do you want me to remove scheduled complaints from \"/etc/crontab\"" y
then
sed "/complain-httpd/d" /etc/crontab >${tmp} || exit
chmod 644 ${tmp}
mv ${tmp} /etc/crontab || exit
echo "Done."
fi
if yesno "Do you want me to remove the hunch log entry from \
\"/etc/newsyslog.conf\"" y; then
sed "/hunch\.log/d" /etc/newsyslog.conf >${tmp} || exit
chmod 644 ${tmp}
mv ${tmp} /etc/newsyslog.conf || exit
echo "Done."
fi
delete_account ${user} ${group}