wbrawner/homebrew-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New Formula: DenyHosts

Browse source 
DenyHosts is a tool that monitors system logs for unauthorized SSH access
attempts and bans offending IP addresses by adding them to /etc/hosts.deny. A
launchctl plist is provided that runs the tool as a cron job. DenyHosts does
have a "daemon mode" but it is designed for rc.d style scripts and doesn't fit
the idiom that launchctl expects (direct control of the daemon process).

Also see issue Homebrew/homebrew#2955.
This commit is contained in:
Charlie Sharpsteen 2010-11-05 22:43:01 -07:00
parent 0a99d63683
commit 906fa9c9bf
1 changed files with 181 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

181
Formula/denyhosts.rb Normal file
View file

@ -0,0 +1,181 @@
require 'formula'
class Denyhosts < Formula
url 'http://downloads.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz'
homepage 'http://denyhosts.sourceforge.net/'
md5 'fc2365305a9402886a2b0173d1beb7df'
def patches
# The original DenyHosts scripts will be installed to libexec with the
# `-dist` suffixes. The patchfile modifies the copies to set some defaults.
cp 'daemon-control-dist', 'daemon-control'
cp 'denyhosts.cfg-dist', 'denyhosts.cfg'
DATA
end
def install
# If the `libpath` is relative, instead of absolute, we can influence the
# 'data path' via command line arguments to `setup.py`.
inreplace 'setup.py' do |s|
s.change_make_var! 'libpath', "''"
end
# Make it so that all DenyHosts tools have a default path that points at
# our config file.
inreplace 'DenyHosts/constants.py' do |s|
s.change_make_var! 'CONFIG_FILE', etc + 'denyhosts.cfg'
end
# Install mostly into libexec (a la Duplicity)
system "python", "setup.py", "install",
"--prefix=#{prefix}",
"--install-lib=#{libexec}",
"--install-scripts=#{libexec}",
"--install-data=#{libexec}"
libexec.install 'daemon-control'
# Don't overwrite the config file if it exists---the user may have tweaked
# it.
etc.install 'denyhosts.cfg' unless (etc + 'denyhosts.cfg').exist?
sbin.mkpath
ln_s libexec + 'denyhosts.py', sbin + 'denyhosts'
ln_s libexec + 'daemon-control', sbin + 'daemon-control'
plist = prefix + 'org.denyhosts.cron.plist'
plist.write cron_plist
plist.chmod 0644
end
def cron_plist
<<-EOS.undent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.denyhosts.cron</string>
<key>ProgramArguments</key>
<array>
<string>#{HOMEBREW_PREFIX}/sbin/denyhosts</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<false/>
<key>StartInterval</key>
<integer>600</integer>
</dict>
</plist>
EOS
end
def caveats
<<-EOS.undent
Unless it exists already, a denyhosts.cfg file has been written to:
#{etc}/denyhosts.cfg
All DenyHosts scripts will load this file by default unless told to use
a different one.
A launchctl plist has been created that will run DenyHosts to update
/etc/hosts.deny every 10 minutes. It will need to be run by the user that
owns /etc/hosts.deny, usually root, and can be set to load at startup
via:
sudo cp #{prefix}/org.denyhosts.cron.plist /Library/LaunchDaemons/
EOS
end
end
__END__
Set DenyHosts defaults for OS X.
See: http://trac.macports.org/browser/trunk/dports/security/denyhosts/files/patch-denyhosts.cfg-dist.diff
diff --git a/daemon-control b/daemon-control
index dd49315..b2bb838 100755
--- a/daemon-control
+++ b/daemon-control
@@ -11,9 +11,9 @@
#### Edit these to suit your configuration ####
###############################################
-DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
-DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_BIN = "HOMEBREW_PREFIX/sbin/denyhosts"
+DENYHOSTS_LOCK = "HOMEBREW_PREFIX/var/run/denyhosts.pid"
+DENYHOSTS_CFG = "HOMEBREW_PREFIX/etc/denyhosts.cfg"
PYTHON_BIN = "/usr/bin/env python"
diff --git a/denyhosts.cfg b/denyhosts.cfg
index 6551b3f..c95fcb6 100644
--- a/denyhosts.cfg
+++ b/denyhosts.cfg
@@ -9,7 +9,7 @@
# argument
#
# Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
+# SECURE_LOG = /var/log/secure
#
# Mandrake, FreeBSD or OpenBSD:
#SECURE_LOG = /var/log/auth.log
@@ -19,7 +19,7 @@ SECURE_LOG = /var/log/secure
#
# Mac OS X (v10.4 or greater -
# also refer to: http://www.denyhosts.net/faq.html#macos
-#SECURE_LOG = /private/var/log/asl.log
+SECURE_LOG = /private/var/log/secure.log
#
# Mac OS X (v10.3 or earlier):
#SECURE_LOG=/private/var/log/system.log
@@ -88,9 +88,9 @@ PURGE_DENY =
# eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1
#
# To block all services for the offending host:
-#BLOCK_SERVICE = ALL
+BLOCK_SERVICE = ALL
# To block only sshd:
-BLOCK_SERVICE = sshd
+# BLOCK_SERVICE = sshd
# To only record the offending host and nothing else (if using
# an auxilary file to list the hosts). Refer to:
# http://denyhosts.sourceforge.net/faq.html#aux
@@ -150,7 +150,7 @@ DENY_THRESHOLD_RESTRICTED = 1
# Note: it is recommended that you use an absolute pathname
# for this value (eg. /home/foo/denyhosts/data)
#
-WORK_DIR = /usr/share/denyhosts/data
+WORK_DIR = HOMEBREW_PREFIX/var/denyhosts
#
#######################################################################
@@ -192,13 +192,13 @@ HOSTNAME_LOOKUP=YES
# running at a time.
#
# Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
+#LOCK_FILE = /var/lock/subsys/denyhosts
#
# Debian
#LOCK_FILE = /var/run/denyhosts.pid
#
# Misc
-#LOCK_FILE = /tmp/denyhosts.lock
+LOCK_FILE = HOMEBREW_PREFIX/var/run/denyhosts.pid
#
######################################################################
@@ -432,7 +432,7 @@ AGE_RESET_INVALID=10d
# this is the logfile that DenyHosts uses to report it's status.
# To disable logging, leave blank. (default is: /var/log/denyhosts)
#
-DAEMON_LOG = /var/log/denyhosts
+DAEMON_LOG = HOMEBREW_PREFIX/var/log/denyhosts.log
#
# disable logging:
#DAEMON_LOG =