diff options
author | mcrane <mctch@yahoo.com> | 2009-08-01 03:42:04 -0600 |
---|---|---|
committer | mcrane <mctch@yahoo.com> | 2009-08-01 03:42:04 -0600 |
commit | 391e0bad90da42e64f244b979b83167b8acb744b (patch) | |
tree | da518631802df10fdc02c94de2c90398fe493cca | |
parent | 0ea66cc492167c82f313c41a33cb5a886199f27c (diff) | |
download | pfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.tar.gz pfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.tar.bz2 pfsense-packages-391e0bad90da42e64f244b979b83167b8acb744b.zip |
New pfSense package DenyHosts for protecting SSH.
-rw-r--r-- | config/denyhosts/denyhosts.inc | 167 | ||||
-rw-r--r-- | config/denyhosts/denyhosts.xml | 115 | ||||
-rw-r--r-- | config/denyhosts/denyhosts_log.tmp | 166 | ||||
-rwxr-xr-x | pkg_config.7.xml | 14 |
4 files changed, 462 insertions, 0 deletions
diff --git a/config/denyhosts/denyhosts.inc b/config/denyhosts/denyhosts.inc new file mode 100644 index 00000000..d83f2878 --- /dev/null +++ b/config/denyhosts/denyhosts.inc @@ -0,0 +1,167 @@ +<?php +/* $Id$ */ +/* +/* ========================================================================== */ +/* + denyhosts.inc + Copyright (C) 2009 Mark J Crane + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function php_sync_package() +{ + + //global $config; + +} + +// bounty: http://forum.pfsense.org/index.php/topic,15791.0/topicseen.html +// pkg_add -r denyhosts +// python /usr/local/share/denyhosts/denyhosts.py –file=/var/log/auth.log +// /var/run/denyhosts.pid +// http://en.wikipedia.org/wiki/DenyHosts + + +function php_install_command() +{ + + global $config; + + if (!is_dir('/usr/local/www/packages/')) { + exec("mkdir /usr/local/www/packages/"); + } + + if (!is_dir('/usr/local/www/packages/denyhosts/')) { + exec("mkdir /usr/local/www/packages/denyhosts/"); + } + + exec("pkg_delete denyhosts"); + + + + $hosts_allow = "#\n"; + $hosts_allow .= "# hosts.allow access control file for \"tcp wrapped\" applications.\n"; + $hosts_allow .= "#\n; + $hosts_allow .= "sshd : /etc/hosts.deniedssh : deny\n"; + $hosts_allow .= "sshd : ALL : allow\n"; + $hosts_allow .= "ALL : ALL : allow\n"; + $fout = fopen("/etc/hosts.allow","w"); + fwrite($fout, $hosts_allow); + unset($hosts_allow); + fclose($fout); + + exec("touch /etc/hosts.deniedssh"); + exec("chmod 755 /etc/hosts.deniedssh"); + + $download_path = 'http://www.pfsense.com/packages/config/denyhosts/'; + + //rename PHP files from .tmp to .php + chdir('/tmp/'); + exec("cd /tmp/;fetch ".$download_path."denyhosts_log.tmp"); + exec("cp /tmp/denyhosts_log.tmp /usr/local/www/packages/denyhosts/denyhosts_log.php"); + unlink_if_exists("/tmp/denyhosts_log.tmp"); + + + $denyhosts_sh = "\n"; + $denyhosts_sh .= "name=\"denyhosts\"\n"; + $denyhosts_sh .= "rcvar=\${name}_enable\n"; + $denyhosts_sh .= "\n"; + $denyhosts_sh .= "command=\"/usr/local/bin/denyhosts.py\"\n"; + $denyhosts_sh .= "command_interpreter=\"/usr/local/bin/python2.5\"\n"; + $denyhosts_sh .= "command_args=\"--config /usr/local/etc/denyhosts.conf --daemon\"\n"; + $denyhosts_sh .= "pidfile=\"/var/run/\${name}.pid\"\n"; + $denyhosts_sh .= "\n"; + $denyhosts_sh .= "load_rc_config \$name\n"; + $denyhosts_sh .= "\n"; + $denyhosts_sh .= ": \${denyhosts_enable=\"YES\"}\n"; + $denyhosts_sh .= "\n"; + $denyhosts_sh .= "run_rc_command \"\$1\"\n"; + $fout = fopen("/usr/local/etc/rc.d/denyhosts.sh","w"); + fwrite($fout, $denyhosts_sh); + unset($denyhosts_sh); + fclose($fout); + + + $filename = "/usr/local/etc/denyhosts.conf"; + $handle = fopen($filename,"rb"); + $denyhosts_conf = fread($handle, filesize($filename)); + fclose($handle); + $denyhosts_conf = str_replace("SECURE_LOG = /var/log/auth.log", "SECURE_LOG = /var/log/system.log", $denyhosts_conf); + $denyhosts_conf = str_replace("#BLOCK_SERVICE = sshd", "BLOCK_SERVICE = sshd", $denyhosts_conf); + $denyhosts_conf = str_replace("#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911", "SYNC_SERVER = http://xmlrpc.denyhosts.net:9911", $denyhosts_conf); + $fout = fopen($filename,"w"); + fwrite($fout, $denyhosts_conf); + unset($filename); + fclose($fout); + + $filename = "/usr/local/etc/denyhosts.conf-dist"; + $fout = fopen($filename,"w"); + fwrite($fout, $denyhosts_conf); + unset($filename); + unset($denyhosts_conf); + fclose($fout); + + //Error reading file: denyhosts.cfg + //write_rcfile(array( + // "file" => "denyhosts.sh", + // "start" => "start command", + // "stop" => "rm /var/run/nameofservice.pid" + // ) + //); + + + php_sync_package(); + + //start denyhosts + exec("/usr/local/etc/rc.d/denyhosts.sh start"); + + //if (pkg_is_service_running('notes')) { + //documentation purposes + //} + + + +} + + +function deinstall_command() +{ + + $hosts_allow = "#\n"; + $hosts_allow .= "# hosts.allow access control file for \"tcp wrapped\" applications.\n"; + $hosts_allow .= "#\n; + $hosts_allow .= "ALL : ALL : allow\n"; + $fout = fopen("/etc/hosts.allow","w"); + fwrite($fout, $tmp); + unset($tmp); + fclose($fout); + + exec("pkg_delete denyhosts"); + exec("rm -R /usr/local/www/packages/denyhosts/"); + +} + +?>
\ No newline at end of file diff --git a/config/denyhosts/denyhosts.xml b/config/denyhosts/denyhosts.xml new file mode 100644 index 00000000..35878c7a --- /dev/null +++ b/config/denyhosts/denyhosts.xml @@ -0,0 +1,115 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + notes.xml + Copyright (C) 2008 Mark J Crane + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>DenyHosts</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>DenyHosts</name> + <version>0.1</version> + <title>Settings</title> + <include_file>/usr/local/pkg/denyhosts.inc</include_file> + <menu> + <name>DenyHosts</name> + <tooltiptext>DenyHosts.</tooltiptext> + <section>Services</section> + <configfile>denyhosts.xml</configfile> + <url>/packages/denyhosts/denyhosts_log.php</url> + </menu> + <tabs> + <tab> + <text>Settings</text> + <url>/packages/denyhosts/denyhosts_log.php</url> + <active/> + </tab> + </tabs> + <configpath>installedpackages->package->$packagename->configuration->denyhosts</configpath> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>http://www.pfsense.com/packages/config/denyhosts/denyhosts.inc</item> + </additional_files_needed> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Title</fielddescr> + <fieldname>title</fieldname> + </columnitem> + <columnitem> + <fielddescr>Category</fielddescr> + <fieldname>category</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Title</fielddescr> + <fieldname>title</fieldname> + <description>Enter the title.</description> + <type>input</type> + </field> + <field> + <fielddescr>Category</fielddescr> + <fieldname>category</fieldname> + <description>Enter a category.</description> + <type>input</type> + </field> + <field> + <fielddescr><b>zzz</b> <br /> <br /></fielddescr> + <fieldname>zzz</fieldname> + <description></description> + <type>textarea</type> + <encoding>base64</encoding> + <size>30</size> + <cols>70</cols> + <rows>20</rows> + </field> + </fields> + <custom_add_php_command> + </custom_add_php_command> + <custom_php_resync_config_command> + php_sync_package(); + </custom_php_resync_config_command> + <custom_delete_php_command> + php_sync_package(); + </custom_delete_php_command> + <custom_php_install_command> + php_install_command(); + </custom_php_install_command> + <custom_php_deinstall_command> + deinstall_command(); + </custom_php_deinstall_command> +</packagegui>
\ No newline at end of file diff --git a/config/denyhosts/denyhosts_log.tmp b/config/denyhosts/denyhosts_log.tmp new file mode 100644 index 00000000..69d16cce --- /dev/null +++ b/config/denyhosts/denyhosts_log.tmp @@ -0,0 +1,166 @@ +<?php +/* $Id$ */ +/* + denyhosts_log.php + Copyright (C) 2008 Mark J Crane + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("/usr/local/pkg/denyhosts.inc"); + +//$a_extensions = &$config['installedpackages']['profiles']['config']; + +/* +if ($_GET['a'] == "default") { + //conf_mount_rw(); + exec("cp /usr/local/zzz/conf.orig/zzz /usr/local/zzz/conf/zzz"); + $savemsg = "Default Restored"; + //conf_mount_ro(); +} + +if ($_POST['a'] == "save") { + //conf_mount_rw(); + $content = ereg_replace("\r","",$_POST['code']); + $fd = fopen("/usr/local/zzz/conf/zzz", "w"); + fwrite($fd, $content); + fclose($fd); + $savemsg = "Saved"; + //conf_mount_ro(); +} +*/ + +$filename = '/var/log/denyhosts'; +$fd = fopen($filename, "r"); +$content = fread($fd, filesize($filename)); +fclose($fd); + +include("head.inc"); + +?> + + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<script language="Javascript"> +function sf() { document.forms[0].savetopath.focus(); } +</script> +<script language="Javascript" type="text/javascript" src="/edit_area/edit_area_full.js"></script> +<script language="Javascript" type="text/javascript"> + // initialisation + editAreaLoader.init({ + id: "code" // id of the textarea to transform + ,start_highlight: false + ,allow_toggle: false + ,language: "en" + ,syntax: "html" + ,toolbar: "search, go_to_line,|, fullscreen, |, undo, redo, |, select_font, |, syntax_selection, |, change_smooth_selection, highlight, reset_highlight, |, help" + ,syntax_selection_allow: "css,html,js,php,xml,c,cpp,sql" + ,show_line_colors: true + }); +</script> + +<?php +include("fbegin.inc"); +echo "<p class=\"pgtitle\">$v_project_label: Variables</p>\n"; +?> + +<div id="mainlevel"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td class="tabnavtbl"> +<?php + +//display_top_tabs(build_menu()); + +?> +</td></tr> +</table> + + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabcont" > +<!-- +<form action="zzz.php" method="post" name="iform" id="iform"> +--> +<?php + +?> + <table width="98%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width='90%'><p><span class="vexpl"><span class="red"><strong>DenyHosts Log<br> + </strong></span> + <!-- Description --> + </p> + </td> + <td width='10%' align='right' valign='middle'><!--<input type="submit" value="save" />--></td> + </tr> + </table> + <br /> + <br /> + + <textarea style="width:98%" id="code" name="code" rows="30" cols="<?php echo $cols; ?>" name="content"><?php echo htmlentities($content); ?></textarea> + <br /> + <br /> + <!-- + <table width="98%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td>/usr/local/zzz/conf/zzz.xml</td> + <td align='right'> + <input type="hidden" name="f" value="<?php echo $_GET['f']; ?>" /> + <input type="hidden" name="a" value="save" /> + <?php + echo "<input type='button' value='Restore Default' onclick=\"document.location.href='/packages/zzz/zzz.php?a=default&f=zzz';\" />"; + ?> + </td> + </tr> + </table> + --> +<!-- +</form> +--> + +<br> +<br> + +<br> +<br> +<br> +<br> +<br> +<br> +<br> +<br> + +</td> +</tr> +</table> + +</div> + + + +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index d1cfdca6..bd1893ea 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -217,6 +217,20 @@ <configurationfile>shellcmd.xml</configurationfile> </package> <package> + <name>DenyHosts</name> + <website/> + <descr>The DenyHosts utility is used to manage protect SSH.</descr> + <category>Services</category> + <pkginfolink></pkginfolink> + <config_file>http://www.pfsense.com/packages/config/denyhosts/denyhosts.xml</config_file> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> + <version>0.1</version> + <status>Beta</status> + <required_version>1.2.3</required_version> + <maintainer>markjcrane@gmail.com</maintainer> + <configurationfile>denyhosts.xml</configurationfile> + </package> + <package> <name>snort</name> <descr>Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more.</descr> <category>Security</category> |