aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormcrane <mctch@yahoo.com>2009-08-01 03:42:04 -0600
committermcrane <mctch@yahoo.com>2009-08-01 03:42:04 -0600
commit391e0bad90da42e64f244b979b83167b8acb744b (patch)
treeda518631802df10fdc02c94de2c90398fe493cca
parent0ea66cc492167c82f313c41a33cb5a886199f27c (diff)
downloadpfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.tar.gz
pfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.tar.bz2
pfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.zip
New pfSense package DenyHosts for protecting SSH.
-rw-r--r--config/denyhosts/denyhosts.inc167
-rw-r--r--config/denyhosts/denyhosts.xml115
-rw-r--r--config/denyhosts/denyhosts_log.tmp166
-rwxr-xr-xpkg_config.7.xml14
4 files changed, 462 insertions, 0 deletions
diff --git a/config/denyhosts/denyhosts.inc b/config/denyhosts/denyhosts.inc
new file mode 100644
index 00000000..d83f2878
--- /dev/null
+++ b/config/denyhosts/denyhosts.inc
@@ -0,0 +1,167 @@
+<?php
+/* $Id$ */
+/*
+/* ========================================================================== */
+/*
+ denyhosts.inc
+ Copyright (C) 2009 Mark J Crane
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function php_sync_package()
+{
+
+ //global $config;
+
+}
+
+// bounty: http://forum.pfsense.org/index.php/topic,15791.0/topicseen.html
+// pkg_add -r denyhosts
+// python /usr/local/share/denyhosts/denyhosts.py –file=/var/log/auth.log
+// /var/run/denyhosts.pid
+// http://en.wikipedia.org/wiki/DenyHosts
+
+
+function php_install_command()
+{
+
+ global $config;
+
+ if (!is_dir('/usr/local/www/packages/')) {
+ exec("mkdir /usr/local/www/packages/");
+ }
+
+ if (!is_dir('/usr/local/www/packages/denyhosts/')) {
+ exec("mkdir /usr/local/www/packages/denyhosts/");
+ }
+
+ exec("pkg_delete denyhosts");
+
+
+
+ $hosts_allow = "#\n";
+ $hosts_allow .= "# hosts.allow access control file for \"tcp wrapped\" applications.\n";
+ $hosts_allow .= "#\n;
+ $hosts_allow .= "sshd : /etc/hosts.deniedssh : deny\n";
+ $hosts_allow .= "sshd : ALL : allow\n";
+ $hosts_allow .= "ALL : ALL : allow\n";
+ $fout = fopen("/etc/hosts.allow","w");
+ fwrite($fout, $hosts_allow);
+ unset($hosts_allow);
+ fclose($fout);
+
+ exec("touch /etc/hosts.deniedssh");
+ exec("chmod 755 /etc/hosts.deniedssh");
+
+ $download_path = 'http://www.pfsense.com/packages/config/denyhosts/';
+
+ //rename PHP files from .tmp to .php
+ chdir('/tmp/');
+ exec("cd /tmp/;fetch ".$download_path."denyhosts_log.tmp");
+ exec("cp /tmp/denyhosts_log.tmp /usr/local/www/packages/denyhosts/denyhosts_log.php");
+ unlink_if_exists("/tmp/denyhosts_log.tmp");
+
+
+ $denyhosts_sh = "\n";
+ $denyhosts_sh .= "name=\"denyhosts\"\n";
+ $denyhosts_sh .= "rcvar=\${name}_enable\n";
+ $denyhosts_sh .= "\n";
+ $denyhosts_sh .= "command=\"/usr/local/bin/denyhosts.py\"\n";
+ $denyhosts_sh .= "command_interpreter=\"/usr/local/bin/python2.5\"\n";
+ $denyhosts_sh .= "command_args=\"--config /usr/local/etc/denyhosts.conf --daemon\"\n";
+ $denyhosts_sh .= "pidfile=\"/var/run/\${name}.pid\"\n";
+ $denyhosts_sh .= "\n";
+ $denyhosts_sh .= "load_rc_config \$name\n";
+ $denyhosts_sh .= "\n";
+ $denyhosts_sh .= ": \${denyhosts_enable=\"YES\"}\n";
+ $denyhosts_sh .= "\n";
+ $denyhosts_sh .= "run_rc_command \"\$1\"\n";
+ $fout = fopen("/usr/local/etc/rc.d/denyhosts.sh","w");
+ fwrite($fout, $denyhosts_sh);
+ unset($denyhosts_sh);
+ fclose($fout);
+
+
+ $filename = "/usr/local/etc/denyhosts.conf";
+ $handle = fopen($filename,"rb");
+ $denyhosts_conf = fread($handle, filesize($filename));
+ fclose($handle);
+ $denyhosts_conf = str_replace("SECURE_LOG = /var/log/auth.log", "SECURE_LOG = /var/log/system.log", $denyhosts_conf);
+ $denyhosts_conf = str_replace("#BLOCK_SERVICE = sshd", "BLOCK_SERVICE = sshd", $denyhosts_conf);
+ $denyhosts_conf = str_replace("#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911", "SYNC_SERVER = http://xmlrpc.denyhosts.net:9911", $denyhosts_conf);
+ $fout = fopen($filename,"w");
+ fwrite($fout, $denyhosts_conf);
+ unset($filename);
+ fclose($fout);
+
+ $filename = "/usr/local/etc/denyhosts.conf-dist";
+ $fout = fopen($filename,"w");
+ fwrite($fout, $denyhosts_conf);
+ unset($filename);
+ unset($denyhosts_conf);
+ fclose($fout);
+
+ //Error reading file: denyhosts.cfg
+ //write_rcfile(array(
+ // "file" => "denyhosts.sh",
+ // "start" => "start command",
+ // "stop" => "rm /var/run/nameofservice.pid"
+ // )
+ //);
+
+
+ php_sync_package();
+
+ //start denyhosts
+ exec("/usr/local/etc/rc.d/denyhosts.sh start");
+
+ //if (pkg_is_service_running('notes')) {
+ //documentation purposes
+ //}
+
+
+
+}
+
+
+function deinstall_command()
+{
+
+ $hosts_allow = "#\n";
+ $hosts_allow .= "# hosts.allow access control file for \"tcp wrapped\" applications.\n";
+ $hosts_allow .= "#\n;
+ $hosts_allow .= "ALL : ALL : allow\n";
+ $fout = fopen("/etc/hosts.allow","w");
+ fwrite($fout, $tmp);
+ unset($tmp);
+ fclose($fout);
+
+ exec("pkg_delete denyhosts");
+ exec("rm -R /usr/local/www/packages/denyhosts/");
+
+}
+
+?> \ No newline at end of file
diff --git a/config/denyhosts/denyhosts.xml b/config/denyhosts/denyhosts.xml
new file mode 100644
index 00000000..35878c7a
--- /dev/null
+++ b/config/denyhosts/denyhosts.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ notes.xml
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>DenyHosts</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>DenyHosts</name>
+ <version>0.1</version>
+ <title>Settings</title>
+ <include_file>/usr/local/pkg/denyhosts.inc</include_file>
+ <menu>
+ <name>DenyHosts</name>
+ <tooltiptext>DenyHosts.</tooltiptext>
+ <section>Services</section>
+ <configfile>denyhosts.xml</configfile>
+ <url>/packages/denyhosts/denyhosts_log.php</url>
+ </menu>
+ <tabs>
+ <tab>
+ <text>Settings</text>
+ <url>/packages/denyhosts/denyhosts_log.php</url>
+ <active/>
+ </tab>
+ </tabs>
+ <configpath>installedpackages->package->$packagename->configuration->denyhosts</configpath>
+ <additional_files_needed>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ <item>http://www.pfsense.com/packages/config/denyhosts/denyhosts.inc</item>
+ </additional_files_needed>
+ <adddeleteeditpagefields>
+ <columnitem>
+ <fielddescr>Title</fielddescr>
+ <fieldname>title</fieldname>
+ </columnitem>
+ <columnitem>
+ <fielddescr>Category</fielddescr>
+ <fieldname>category</fieldname>
+ </columnitem>
+ </adddeleteeditpagefields>
+ <fields>
+ <field>
+ <fielddescr>Title</fielddescr>
+ <fieldname>title</fieldname>
+ <description>Enter the title.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>Category</fielddescr>
+ <fieldname>category</fieldname>
+ <description>Enter a category.</description>
+ <type>input</type>
+ </field>
+ <field>
+ <fielddescr>&lt;b&gt;zzz&lt;/b&gt; &lt;br /&gt; &lt;br /&gt;</fielddescr>
+ <fieldname>zzz</fieldname>
+ <description></description>
+ <type>textarea</type>
+ <encoding>base64</encoding>
+ <size>30</size>
+ <cols>70</cols>
+ <rows>20</rows>
+ </field>
+ </fields>
+ <custom_add_php_command>
+ </custom_add_php_command>
+ <custom_php_resync_config_command>
+ php_sync_package();
+ </custom_php_resync_config_command>
+ <custom_delete_php_command>
+ php_sync_package();
+ </custom_delete_php_command>
+ <custom_php_install_command>
+ php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ deinstall_command();
+ </custom_php_deinstall_command>
+</packagegui> \ No newline at end of file
diff --git a/config/denyhosts/denyhosts_log.tmp b/config/denyhosts/denyhosts_log.tmp
new file mode 100644
index 00000000..69d16cce
--- /dev/null
+++ b/config/denyhosts/denyhosts_log.tmp
@@ -0,0 +1,166 @@
+<?php
+/* $Id$ */
+/*
+ denyhosts_log.php
+ Copyright (C) 2008 Mark J Crane
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+require("/usr/local/pkg/denyhosts.inc");
+
+//$a_extensions = &$config['installedpackages']['profiles']['config'];
+
+/*
+if ($_GET['a'] == "default") {
+ //conf_mount_rw();
+ exec("cp /usr/local/zzz/conf.orig/zzz /usr/local/zzz/conf/zzz");
+ $savemsg = "Default Restored";
+ //conf_mount_ro();
+}
+
+if ($_POST['a'] == "save") {
+ //conf_mount_rw();
+ $content = ereg_replace("\r","",$_POST['code']);
+ $fd = fopen("/usr/local/zzz/conf/zzz", "w");
+ fwrite($fd, $content);
+ fclose($fd);
+ $savemsg = "Saved";
+ //conf_mount_ro();
+}
+*/
+
+$filename = '/var/log/denyhosts';
+$fd = fopen($filename, "r");
+$content = fread($fd, filesize($filename));
+fclose($fd);
+
+include("head.inc");
+
+?>
+
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<script language="Javascript">
+function sf() { document.forms[0].savetopath.focus(); }
+</script>
+<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script>
+<script language="Javascript" type="text/javascript">
+ // initialisation
+ editAreaLoader.init({
+ id: "code" // id of the textarea to transform
+ ,start_highlight: false
+ ,allow_toggle: false
+ ,language: "en"
+ ,syntax: "html"
+ ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help"
+ ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql"
+ ,show_line_colors: true
+ });
+</script>
+
+<?php
+include("fbegin.inc");
+echo "<p class=\"pgtitle\">$v_project_label: Variables</p>\n";
+?>
+
+<div id="mainlevel">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td class="tabnavtbl">
+<?php
+
+//display_top_tabs(build_menu());
+
+?>
+</td></tr>
+</table>
+
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+<!--
+<form action="zzz.php" method="post" name="iform" id="iform">
+-->
+<?php
+
+?>
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width='90%'><p><span class="vexpl"><span class="red"><strong>DenyHosts Log<br>
+ </strong></span>
+ <!-- Description -->
+ </p>
+ </td>
+ <td width='10%' align='right' valign='middle'><!--<input type="submit" value="save" />--></td>
+ </tr>
+ </table>
+ <br />
+ <br />
+
+ <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea>
+ <br />
+ <br />
+ <!--
+ <table width="98%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td>/usr/local/zzz/conf/zzz.xml</td>
+ <td align='right'>
+ <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" />
+ <input type="hidden" name="a" value="save" />
+ <?php
+ echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/zzz/zzz.php?a=default&f=zzz';\" />";
+ ?>
+ </td>
+ </tr>
+ </table>
+ -->
+<!--
+</form>
+-->
+
+<br>
+<br>
+
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+<br>
+
+</td>
+</tr>
+</table>
+
+</div>
+
+
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/pkg_config.7.xml b/pkg_config.7.xml
index d1cfdca6..bd1893ea 100755
--- a/pkg_config.7.xml
+++ b/pkg_config.7.xml
@@ -217,6 +217,20 @@
<configurationfile>shellcmd.xml</configurationfile>
</package>
<package>
+ <name>DenyHosts</name>
+ <website/>
+ <descr>The DenyHosts utility is used to manage protect SSH.</descr>
+ <category>Services</category>
+ <pkginfolink></pkginfolink>
+ <config_file>http://www.pfsense.com/packages/config/denyhosts/denyhosts.xml</config_file>
+ <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url>
+ <version>0.1</version>
+ <status>Beta</status>
+ <required_version>1.2.3</required_version>
+ <maintainer>markjcrane@gmail.com</maintainer>
+ <configurationfile>denyhosts.xml</configurationfile>
+ </package>
+ <package>
<name>snort</name>
<descr>Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr>
<category>Security</category>