diff options
Diffstat (limited to 'config/portsentry')
| -rw-r--r-- | config/portsentry/portsentry.inc | 292 | ||||
| -rw-r--r-- | config/portsentry/portsentry.xml | 120 |
2 files changed, 0 insertions, 412 deletions
diff --git a/config/portsentry/portsentry.inc b/config/portsentry/portsentry.inc deleted file mode 100644 index d51f9035..00000000 --- a/config/portsentry/portsentry.inc +++ /dev/null @@ -1,292 +0,0 @@ -<?php - -function portsentry_custom_php_deinstall_command() { - global $config; - - conf_mount_rw(); - exec("killall portsentry"); - exec("rm -rf /usr/local/etc/portsentry*"); -} - -function portsentry_custom_php_install_command() { - global $config; - - if($config['installedpackages']['portsentry']['config'][0]['blocktcp']) - $blocktcp = "1"; - else - $blocktcp = "0"; - - if($config['installedpackages']['portsentry']['config'][0]['blockudp']) - $blockudp = "1"; - else - $blockudp = "0"; - - if($config['installedpackages']['portsentry']['config'][0]['portbanner']) - $portbanner = $config['installedpackages']['portsentry']['config'][0]['portbanner']; - else - $portbanner = "You have connected to an invalid port. Your connection has been logged."; - - if($config['installedpackages']['portsentry']['config'][0]['scantrigger']) - $scantrigger = $config['installedpackages']['portsentry']['config'][0]['scantrigger']; - else - $scantrigger = "0"; - - $isfirst = true; - - $ports = "1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320"; - if($config['installedpackages']['portsentry']['config'][0]['row']) { - $ports = ""; - foreach($config['installedpackages']['portsentry']['config'][0]['row'] as $ps) { - if(!$isfirst) - $ports .= ","; - if($ps['listenport']) - $ports .= $ps['listenport']; - $isfirst = false; - } - } - $tcp_ports = $ports; - $udp_ports = $ports; - - $config = <<<EOF -# PortSentry Configuration - -####################### -# Port Configurations # -####################### -# -# -# Some example port configs for classic and basic Stealth modes -# -# I like to always keep some ports at the "low" end of the spectrum. -# This will detect a sequential port sweep really quickly and usually -# these ports are not in use (i.e. tcpmux port 1) -# -# ** X-Windows Users **: If you are running X on your box, you need to be sure -# you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows users). -# Doing so will prevent the X-client from starting properly. -# -# These port bindings are *ignored* for Advanced Stealth Scan Detection Mode. -# - -# Un-comment these if you are really anal: -TCP_PORTS="$tcp_ports" -UDP_PORTS="$udp_ports" - -########################################### -# Advanced Stealth Scan Detection Options # -########################################### -# -# This is the number of ports you want PortSentry to monitor in Advanced mode. -# Any port *below* this number will be monitored. Right now it watches -# everything below 1024. -# -# On many Linux systems you cannot bind above port 61000. This is because -# these ports are used as part of IP masquerading. I don't recommend you -# bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR -# OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've been -# warned! Don't write me if you have have a problem because I'll only tell -# you to RTFM and don't run above the first 1024 ports. -# -# -#ADVANCED_PORTS_TCP="1024" -#ADVANCED_PORTS_UDP="1024" -# -# This field tells PortSentry what ports (besides listening daemons) to -# ignore. This is helpful for services like ident that services such -# as FTP, SMTP, and wrappers look for but you may not run (and probably -# *shouldn't* IMHO). -# -# By specifying ports here PortSentry will simply not respond to -# incoming requests, in effect PortSentry treats them as if they are -# actual bound daemons. The default ports are ones reported as -# problematic false alarms and should probably be left alone for -# all but the most isolated systems/networks. -# -# Default TCP ident and NetBIOS service -ADVANCED_EXCLUDE_TCP="113,139" -# Default UDP route (RIP), NetBIOS, bootp broadcasts. -ADVANCED_EXCLUDE_UDP="520,138,137,67" - - -###################### -# Configuration Files# -###################### -# -# Hosts to ignore -IGNORE_FILE="/usr/local/etc/portsentry.ignore" -# Hosts that have been denied (running history) -HISTORY_FILE="/var/db/portsentry.history" -# Hosts that have been denied this session only (temporary until next restart) -BLOCKED_FILE="/var/db/portsentry.blocked" - -############################## -# Misc. Configuration Options# -############################## -# -# DNS Name resolution - Setting this to "1" will turn on DNS lookups -# for attacking hosts. Setting it to "0" (or any other value) will shut -# it off. -RESOLVE_HOST = "1" - -################### -# Response Options# -################### -# Options to dispose of attacker. Each is an action that will -# be run if an attack is detected. If you don't want a particular -# option then comment it out and it will be skipped. -# -# The variable $TARGET$ will be substituted with the target attacking -# host when an attack is detected. The variable $PORT$ will be substituted -# with the port that was scanned. -# -################## -# Ignore Options # -################## -# These options allow you to enable automatic response -# options for UDP/TCP. This is useful if you just want -# warnings for connections, but don't want to react for -# a particular protocol (i.e. you want to block TCP, but -# not UDP). To prevent a possible Denial of service attack -# against UDP and stealth scan detection for TCP, you may -# want to disable blocking, but leave the warning enabled. -# I personally would wait for this to become a problem before -# doing though as most attackers really aren't doing this. -# The third option allows you to run just the external command -# in case of a scan to have a pager script or such execute -# but not drop the route. This may be useful for some admins -# who want to block TCP, but only want pager/e-mail warnings -# on UDP, etc. -# -# -# 0 = Do not block UDP/TCP scans. -# 1 = Block UDP/TCP scans. -# 2 = Run external command only (KILL_RUN_CMD) - -BLOCK_UDP="$block_udp" -BLOCK_TCP="$block_tcp" - -############### -# TCP Wrappers# -############### -# This text will be dropped into the hosts.deny file for wrappers -# to use. There are two formats for TCP wrappers: -# -# Format One: Old Style - The default when extended host processing -# options are not enabled. -# -KILL_HOSTS_DENY="ALL: \$TARGET\$" - -# Format Two: New Style - The format used when extended option -# processing is enabled. You can drop in extended processing -# options, but be sure you escape all '%' symbols with a backslash -# to prevent problems writing out (i.e. \%c \%h ) -# -#KILL_HOSTS_DENY="ALL: \$TARGET\$ : DENY" - -################### -# External Command# -################### -# This is a command that is run when a host connects, it can be whatever -# you want it to be (pager, etc.). This command is executed before the -# route is dropped or after depending on the KILL_RUN_CMD_FIRST option below -# -# -# I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING -# YOU! -# -# TCP/IP is an *unauthenticated protocol* and people can make scans appear out -# of thin air. The only time it is reasonably safe (and I *never* think it is -# reasonable) to run reverse probe scripts is when using the "classic" -tcp mode. -# This mode requires a full connect and is very hard to spoof. -# -# The KILL_RUN_CMD_FIRST value should be set to "1" to force the command -# to run *before* the blocking occurs and should be set to "0" to make the -# command run *after* the blocking has occurred. -# -#KILL_RUN_CMD_FIRST = "0" -# -# \$PORT\$ -KILL_RUN_CMD="pfctl -k \$TARGET\$ ; pfctl -t virusprot -T add \$TARGET\$" - -##################### -# Scan trigger value# -##################### -# Enter in the number of port connects you will allow before an -# alarm is given. The default is 0 which will react immediately. -# A value of 1 or 2 will reduce false alarms. Anything higher is -# probably not necessary. This value must always be specified, but -# generally can be left at 0. -# -# NOTE: If you are using the advanced detection option you need to -# be careful that you don't make a hair trigger situation. Because -# Advanced mode will react for *any* host connecting to a non-used -# below your specified range, you have the opportunity to really -# break things. (i.e someone innocently tries to connect to you via -# SSL [TCP port 443] and you immediately block them). Some of you -# may even want this though. Just be careful. -# -SCAN_TRIGGER="$scan_trigger" - -###################### -# Port Banner Section# -###################### -# -# Enter text in here you want displayed to a person tripping the PortSentry. -# I *don't* recommend taunting the person as this will aggravate them. -# Leave this commented out to disable the feature -# -# Stealth scan detection modes don't use this feature -# -PORT_BANNER="$port_banner" - -EOF; - - conf_mount_rw(); - // Write out configuration - $fd = fopen("/usr/local/etc/portsentry.conf", "w"); - fwrite($fd, $config); - fclose($fd); - - $svscan = <<<EOD -#!/bin/sh - -# PROVIDE: portsentry -# REQUIRE: LOGIN -# KEYWORD: FreeBSD - -. /etc/rc.subr - -name="portsentry" -rcvar=`set_rcvar` -command="/usr/local/bin/portsentry" -portsentry_enable=\${portsentry_enable-"YES"} - -start_cmd="portsentry_start" -stop_postcmd="portsentry_stop_post" - -load_rc_config \$name - -portsentry_start () { - echo "Starting svscan." - /usr/bin/env \ - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ - portsentry -} - -portsentry_stop_post () { - echo "Stopping portsentry." - killall portsentry -} - -run_rc_command "\$1" - -EOD; - - $fd = fopen("/usr/local/etc/rc.d/portsentry.sh", "w"); - fwrite($fd, $svscan); - fclose($fd); - exec("chmod a+rx /usr/local/etc/rc.d/portsentry.sh"); - conf_mount_ro(); -} - -?>
\ No newline at end of file diff --git a/config/portsentry/portsentry.xml b/config/portsentry/portsentry.xml deleted file mode 100644 index 3220c8ff..00000000 --- a/config/portsentry/portsentry.xml +++ /dev/null @@ -1,120 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - portsentry.xml - Copyright (C) 2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <name>portsentry</name> - <version>1.0</version> - <title>Portsentry</title> - <aftersaveredirect><![CDATA[/pkg_edit.php?xml=portsentry.xml&id=1]]></aftersaveredirect> - <include_file>/usr/local/pkg/portsentry.inc</include_file> - <menu> - <name>Portsentry</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <url>http://sourceforge.net/projects/sentrytools/</url> - </menu> - <service> - <name>Portsentry</name> - <rcfile>portsentry.sh</rcfile> - <executable>portsentry</executable> - <description>The Sentry tools provide host-level security services for the Unix platform. PortSentry protect against portscans, and detect suspicious login activity on a continuous basis.</description> - </service> - <configpath>installedpackages->portsentry->config</configpath> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/portsentry/portsentry.inc</item> - </additional_files_needed> - <fields> - <field> - <type>rowhelper</type> - <rowhelper> - <rowhelperfield> - <fielddescr>Listen on port</fielddescr> - <fieldname>listenport</fieldname> - <description>Instructs portsentry to look for bogus activity on port</description> - <type>input</type> - <size>25</size> - </rowhelperfield> - </rowhelper> - </field> - <field> - <fielddescr>Scan trigger value</fielddescr> - <fieldname>scantrigger</fieldname> - <description>Enter in the number of port connects you will allow before an alarm is given. The default is 0 which will react immediately.A value of 1 or 2 will reduce false alarms. Anything higher is probably not necessary. This value must always be specified, but generally can be left at 0.</description> - <type>input</type> - <size>80</size> - <required/> - </field> - <field> - <fielddescr>Block TCP</fielddescr> - <fieldname>blocktcp</fieldname> - <description>Determines if portsentry will listen on defined ports using the TCP protocol.</description> - <type>checkbox</type> - <required/> - </field> - <field> - <fielddescr>Block UDP</fielddescr> - <fieldname>blockudp</fieldname> - <description>Determines if portsentry will listen on defined ports using the UDP protocol.</description> - <type>checkbox</type> - <required/> - </field> - <field> - <fielddescr>Port Banner</fielddescr> - <fieldname>portbanner</fieldname> - <description>Text to ouput when client connects to a portsentry port.</description> - <type>checkbox</type> - <required/> - </field> - </fields> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_php_install_command> - portsentry_custom_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - portsentry_custom_php_deinstall_command(); - </custom_php_deinstall_command> - <custom_php_command_before_form> - </custom_php_command_before_form> -</packagegui>
\ No newline at end of file |