diff --git a/security/Makefile b/security/Makefile index 6805db227d0c..4f599b9ee8c6 100644 --- a/security/Makefile +++ b/security/Makefile @@ -167,6 +167,7 @@ SUBDIR += ifd-slb_rf60 SUBDIR += ike-scan SUBDIR += integrit + SUBDIR += ipfcount SUBDIR += ipfilter2dshield SUBDIR += ipfmeta SUBDIR += ipfw2dshield diff --git a/security/ipfcount/Makefile b/security/ipfcount/Makefile new file mode 100644 index 000000000000..b4a1e44c0777 --- /dev/null +++ b/security/ipfcount/Makefile @@ -0,0 +1,49 @@ +# New ports collection makefile for: ipfcount +# Date created: 22 December 2005 +# Whom: Robert Archer +# +# $FreeBSD$ +# + +PORTNAME= ipfcount +PORTVERSION= 0.1 +CATEGORIES= security +MASTER_SITES= http://deathbeforedecaf.net/misc/ports/ \ + http://users.netleader.com.au/~rob/ + +MAINTAINER= freebsd@deathbeforedecaf.net +COMMENT= Summarise ipf logs by counting and sorting the fields + +PLIST_FILES= bin/ipfcount \ + %%EXAMPLESDIR%%/100.ipfcount +PLIST_DIRS= %%EXAMPLESDIR%% + +MAN1= ipfcount.1 + +SUB_FILES= pkg-message + +USE_PERL5= yes +USE_REINPLACE= yes + +.include + +.if ${PERL_LEVEL} < 5006 +IGNORE= requires perl 5.6 or higher - see the lang/perl5.8 port +.endif + +post-patch: + ${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount + +do-build: + cd ${WRKSRC} && pod2man ipfcount > ipfcount.1 + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin + ${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1 + ${MKDIR} ${EXAMPLESDIR} + ${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR} + +post-install: + @${CAT} ${PKGMESSAGE} + +.include diff --git a/security/ipfcount/distinfo b/security/ipfcount/distinfo new file mode 100644 index 000000000000..69f73fab03e4 --- /dev/null +++ b/security/ipfcount/distinfo @@ -0,0 +1,2 @@ +MD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7 +SIZE (ipfcount-0.1.tar.gz) = 3757 diff --git a/security/ipfcount/files/pkg-message.in b/security/ipfcount/files/pkg-message.in new file mode 100644 index 000000000000..6dc0290082d3 --- /dev/null +++ b/security/ipfcount/files/pkg-message.in @@ -0,0 +1,12 @@ + + To summarise ipf(8) logs in your daily security check: + + * Copy %%EXAMPLESDIR%%/100.ipfcount to + %%PREFIX%%/etc/periodic/security + + * Add the line + + daily_status_security_ipfcount_enable="YES" + + to /etc/periodic.conf + diff --git a/security/ipfcount/pkg-descr b/security/ipfcount/pkg-descr new file mode 100644 index 000000000000..a00a3e9a81fa --- /dev/null +++ b/security/ipfcount/pkg-descr @@ -0,0 +1,10 @@ +ipfcount reads ipf(8) logs and extracts the following fields: + + iface group rule action shost sport dhost dport proto flags type dir + +You can then print lists like 'top blocked ports', 'top blocked hosts', +or 'incoming connections sorted by interface and protocol'. + +For more sophisticated lists, you can filter the entries using Perl expressions. + +WWW: http://deathbeforedecaf.net/misc/ports