Add ipfcount 0.1, summarise ipf logs by counting and sorting the fields.

PR: ports/90811 Submitted by: Robert Archer <freebsd@deathbeforedecaf.net>
svn path=/head/; revision=151853
2025-02-07 11:49:40 +00:00 · 2005-12-22 15:52:43 +00:00 · 2005-12-22 15:52:43 +00:00 · dbf9464889 · 2021-03-31 03:12:20 +00:00
commit dbf9464889
parent 8880c44cdc
5 changed files with 74 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -167,6 +167,7 @@
    SUBDIR += ifd-slb_rf60
    SUBDIR += ike-scan
    SUBDIR += integrit
+    SUBDIR += ipfcount
    SUBDIR += ipfilter2dshield
    SUBDIR += ipfmeta
    SUBDIR += ipfw2dshield
--- a/security/ipfcount/Makefile
+++ b/security/ipfcount/Makefile
@ -0,0 +1,49 @@
+# New ports collection makefile for:	ipfcount
+# Date created:				22 December 2005
+# Whom:					Robert Archer <freebsd@deathbeforedecaf.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	ipfcount
+PORTVERSION=	0.1
+CATEGORIES=	security
+MASTER_SITES=	http://deathbeforedecaf.net/misc/ports/ \
+		http://users.netleader.com.au/~rob/
+
+MAINTAINER=	freebsd@deathbeforedecaf.net
+COMMENT=	Summarise ipf logs by counting and sorting the fields
+
+PLIST_FILES=	bin/ipfcount \
+		%%EXAMPLESDIR%%/100.ipfcount
+PLIST_DIRS=	%%EXAMPLESDIR%%
+
+MAN1=		ipfcount.1
+
+SUB_FILES=	pkg-message
+
+USE_PERL5=	yes
+USE_REINPLACE=	yes
+
+.include <bsd.port.pre.mk>
+
+.if ${PERL_LEVEL} < 5006
+IGNORE=		requires perl 5.6 or higher - see the lang/perl5.8 port
+.endif
+
+post-patch:
+	${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount
+
+do-build:
+	cd ${WRKSRC} && pod2man ipfcount > ipfcount.1
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin
+	${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1
+	${MKDIR} ${EXAMPLESDIR}
+	${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR}
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
--- a/security/ipfcount/distinfo
+++ b/security/ipfcount/distinfo
@ -0,0 +1,2 @@
+MD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7
+SIZE (ipfcount-0.1.tar.gz) = 3757
--- a/security/ipfcount/files/pkg-message.in
+++ b/security/ipfcount/files/pkg-message.in
@ -0,0 +1,12 @@
+
+  To summarise ipf(8) logs in your daily security check:
+
+  * Copy %%EXAMPLESDIR%%/100.ipfcount to
+    %%PREFIX%%/etc/periodic/security
+
+  * Add the line
+
+      daily_status_security_ipfcount_enable="YES"
+
+    to /etc/periodic.conf
+
--- a/security/ipfcount/pkg-descr
+++ b/security/ipfcount/pkg-descr
@ -0,0 +1,10 @@
+ipfcount reads ipf(8) logs and extracts the following fields:
+
+  iface group rule action shost sport dhost dport proto flags type dir
+
+You can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts',
+or 'incoming connections sorted by interface and protocol'.
+
+For more sophisticated lists, you can filter the entries using Perl expressions.
+
+WWW: http://deathbeforedecaf.net/misc/ports