sshit 0.6_4 security =7

Checks for SSH/FTP bruteforce and blocks given IPs
Maintained by: rafan@FreeBSD.org
Port Added: 18 Dec 2005 16:05:26

---

---

sshit is a perl script, which works along with ipfw, ipfw2, and pf.
It parses the output of syslogd, find out SSH/FTP bruteforce attacks.
If the number of failed login is more than a threshold that administarator
set, sshit will block the source IP via firewall for a while 
(administrators can set the period of blocking). 

WWW: http://anp.ath.cx/sshit/

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Run: sysutils/p5-Unix-Syslog, devel/p5-IPC-Shareable, devel/p5-Proc-PID-File, lang/perl5.8

---

To install the port: cd /usr/ports/security/sshit/ && make install clean
To add the package: pkg_add -r sshit

---

Configuration Options

     No options to configure

---

Master Sites:

http://anp.ath.cx/sshit/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.cn.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

- Always refer to perl by ${PERL}
- Bump PORTREVISION

- After last update, sshit keeps exiting with signal 15 due to wrong
  hostname regexp. Fix the regexp for hostname matching.
- While fixing that, fix IPv6 regexp, too.
- Reduce syslog level from ERROR to INFO for most informational messages.

These changes are submitted to author for inclusion in next version.

- Grab maintainership as current maintainer does not use it anymore.
- Bump PORTREVISION.

Approved by:    portmgr (linimon), maintainer via irc

- make work with fqdn
- bump PORTREVISION

PR:             ports/115210
Submitted by:   Alex Keda <admin_AT_lissyara.su>
Approved by:    Jui-Nan Lin (maintainer), clsung (mentor)

Welcome bsd.perl.mk.  Add support for constructs such as USE_PERL5=5.8.0+.
Drop support for antique perl.

Work done by:   gabor
Sponsored by:   Google Summer of Code 2007
Hat:            portmgr

- Make sshit catch this type of error login:

PAM: authentication error for lissyara from 192.168.254.193

PR:             ports/114194
Submitted by:   Alex Keda <admin at lissyara.su>
Approved by:    maintainer via irc

- Update to 0.6

PR:             ports/104770
Submitted by:   Joe Horn <joehorn_AT_leobbs dot net>
Approved by:    maintainer (Jui-Nan Lin)

(c) Rong-En Fan's, http://rafan.infor.org/patch/sshit.diff

In the code, the author uses two level hash, and IPC::Shareable
will create a share memory for those anonymouse object (the second
level hash). Those share memory will not be removed when sshit exists
or when the rule is removed. Running sshit for a period of time,
the number of share memory and semaphore will reach the limit for
one process, then sshit.pl can not get more share memory, thus it
quits. The only solution is to manually remove all share memory and
semaphore.

This is somehow the limitation of using IPC::Shareable. To workaround
this problem. The patch will removes associated firewall rules when
syslogd closes the fd [1], and use IPC::Shareable->clean_up
to remove all shm/sem created by this process. I also set 'destroy'

Add sshit 0.5, checks for SSH/FTP bruteforce and blocks given IPs.

PR:             ports/90603
Submitted by:   Jui-Nan Lin <jnlin@csie.nctu.edu.tw>

5 vulnerabilities affecting 16 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities