--- portsentry-1.2.orig/Makefile +++ portsentry-1.2/Makefile @@ -26,7 +26,7 @@ #CC = gcc # Normal systems flags -CFLAGS = -O -Wall +CFLAGS = -g -O -Wall # Debug mode for portsentry #CFLAGS = -Wall -g -DNODAEMON -DDEBUG @@ -60,7 +60,7 @@ @echo "Any existing files will be overwritten." clean: - /bin/rm ./portsentry + /bin/rm -f ./portsentry uninstall: /bin/rm $(INSTALLDIR)$(CHILDDIR)/* --- portsentry-1.2.orig/debian/examples/kill_cmd +++ portsentry-1.2/debian/examples/kill_cmd @@ -0,0 +1,27 @@ +#!/bin/bash +# Example for a KILL_RUN_CMD in /etc/portsentry/portsentry.conf +# by Peter Gerhardt +# and Guido Guenther +# +# $Id: kill_cmd,v 1.3 2001/07/19 21:02:34 agx Exp $ + +# grep into /etc/services to check which port was scanned +MODE=${3/[sa]/} # get rid of s and a +SERVICEINFO=`grep "[[:space:]]$2/$MODE" /etc/services` + +# can we get some info about the attacker? +FINGERINFO=`/usr/sbin/safe_finger -l @$1 2>/dev/null` + +cat < +# This work is released under the GNU GPL, version 2 or later. + +use Sys::Hostname; + +die "Usage: $0 host port\n" if (@ARGV != 2); + +my ($target, $port) = @ARGV; + +my $to = 'root'; + +my $subject = "WARNING: portscan from $target:$port"; + +open MAIL, qq(|mail -s "$subject" $to) or die "Couldn't open pipe to mail: $!\n"; + +my $time = scalar localtime; +my $hostname = hostname; + +print MAIL <<"__EOF__"; +This is a mail from $0 on $hostname. + +portsentry has detected a portscan at $time +from the host `$target' and the port `$port'. + +If portsentry has been configured to do so, incoming packets from +`$target' will now be dropped automatically. If this is not what you +wish, you may want to make sure there are no routes, ipchains rules, +or ipfwadm rules dropping traffic from that host. + +__EOF__ + +close MAIL or die "Couldn't close pipe to mail: $!\n"; + --- portsentry-1.2.orig/debian/README.Debian +++ portsentry-1.2/debian/README.Debian @@ -0,0 +1,19 @@ +portsentry for Debian +---------------------- + +See README.install for the various detection modes. + +Note: if you use dynamic IPs (e.g. dhcp), be sure to restart the daemon, after +you received your IP using "/etc/init.d/portsentry restart". The +portsentry.ignore file is then rebuild using "ifconfig -a". If you use ppp +there is no need to do so, since scripts in /etc/ppp/ip-*.d/ handle this for +you. + +PCMCIA users should add "/etc/init.d/portsentry restart" to their +/etc/pcmcia/network.opt's {start,stop}_fn to make sure portsentry's +idea about local interfaces gets updated. + +The blocking of hosts is disabled by default. Change BLOCK_UDP & BLOCK_TCP +in portsentry.conf to enable blocking. + +Guido Guenther , Sun, 1 Jul 2001 04:31:56 +0200 --- portsentry-1.2.orig/debian/TODO +++ portsentry-1.2/debian/TODO @@ -0,0 +1,6 @@ +* portsentry should use pid-files(portsentry.tcp.pid/portsentry.udp.pid) + (patch submitted upstream) +* make portsentry aware of SIGHUP to reread configuration files +* get rid of explicit db_stop in postinst +* debconf: ipchains || iptables, tcp || stcp || atcp +* update portsentry-* scripts to better support netmasks --- portsentry-1.2.orig/debian/changelog +++ portsentry-1.2/debian/changelog @@ -0,0 +1,256 @@ +portsentry (1.2-5) unstable; urgency=low + + * add brasilian translation by Tiago Bortoletto Vaz, thanks! + (Closes: #267409) + * fix perl warning in portsentry-build-ignore-file and 'use strict;' + + -- Guido Guenther Mon, 23 Aug 2004 08:44:33 +0200 + +portsentry (1.2-4) unstable; urgency=low + + * add japanese translation by Hideki Yamane, thanks! (Closes: #224173) + * fix portsentry.8 manpage to display properly in UTF8 locales + + -- Guido Guenther Sat, 27 Dec 2003 18:12:30 +0100 + +portsentry (1.2-3) unstable; urgency=low + + * fix URL in copyright file (Closes: #211378) + * us dh_installppp to install ip-{up,down} scripts, thanks to Thomas + Hood for pointing this out (Closes: #212907) + + -- Guido Guenther Sun, 26 Oct 2003 19:10:04 +0100 + +portsentry (1.2-2) unstable; urgency=low + + * echo 4 > debian/compat + * use invoke-rc.d when possible + * add french translation by Michel Grentzinger , + thanks! (Closes: #207110) + * remove obsolete /etc/portsentry/startup.conf from debconf message + * bump Standards-Version to 3.6.1 + * properly match IPs if portsentry.ignore.static doesn't end with a newline + (Closes: #209222) + * use '-e' in the ppp scripts + + -- Guido Guenther Mon, 8 Sep 2003 19:20:45 +0200 + +portsentry (1.2-1) unstable; urgency=low + + * new upstream version + * upstream license change to "common public license 1.0", so we can finally + move to main - yay! (Closes: #201730) + * upstream homepage has moved (Closes: #196397) + * fix upstream email in manpages + * remove multiline strings to make gcc-3.3 happy + * honor DEB_BUILD_OPTIONS + * bump standards version to 3.6.0 + * move to po-debconf (and therefore build-depend on debhelper >=4.1.16) + * finally add catalan translation (Closes: #139738) + * postinst: don't create /usr/doc/portsentry symlink anymore + * debian/copyright: remove (s) from Author(s) to shut up lintian + + -- Guido Guenther Wed, 6 Aug 2003 22:14:38 +0200 + +portsentry (1.1-3) unstable; urgency=low + + * make init.d script more consistent with other startup scripts + (Closes: #121943) + + -- Guido Guenther Sun, 16 Dec 2001 03:12:03 +0100 + +portsentry (1.1-2) unstable; urgency=low + + * move - don't rename - portsentry.ignore (Closes: #112801) + * only restart portsentry if it's already running, when bringing + up ppp + + -- Guido Guenther Wed, 31 Oct 2001 22:41:32 +0100 + +portsentry (1.1-1) unstable; urgency=low + + * new upstream version (Closes: #83858, #89162, #96627, #92946) + * synced manpages + * update kill_cmd-example to honor $MODE$ + * "/e/init.d/portsentry start" gave a confusing message when + portsentry was already running - fixed + * compile with -g as per policy + + -- Guido Guenther Thu, 19 Jul 2001 22:45:41 +0200 + +portsentry (1.0-2) unstable; urgency=low + + * readded proper prerm-script to avoid long downtimes(see #70756) + * got rid of old(<0.99.1-0.40) cruft in preinst + * fixed alignment in debconf templates + * moved startup.conf to /etc/default/portsentry and added a + debconf dialog to explain what's happening + * bumped standards version to 3.5.5 + + -- Guido Guenther Thu, 12 Jul 2001 01:04:28 +0200 + +portsentry (1.0-1.9) unstable; urgency=low + + * moved to debhelper v3 (this handles all conffiles in /etc + automagically) + * cleanup of perl scripts in /u/l/portsentry thereby added + better temp file handling + * added german debconf translation(thanks to Sebastian Feltel) + (Closes: #100516) + * fixed problem in portsentry-build-ignore-file when $LANG!=C + * changed ADVANCED_PORTS_* to 1024. This mostly fixes + #92946 but I leave it open since there is still a bug + in portsentry.c(patch submitted upstream) + * added support for iptables to portsentry.conf(thanks to Dan + Christensen) (Closes: #93244) + * clarified comments in /etc/portsentry.ignore.static + + -- Guido Guenther Sun, 1 Jul 2001 23:54:11 +0200 + +portsentry (1.0-1.8) unstable; urgency=low + + * remove dh_suidregister call in debian/rules + * change references from /usr/doc to /usr/share/doc in manpages + (Closes: #92945) + * fix typo in portsentry-build-ignore-file + * fix wrong filename in first line of portsentry.ignore + * use /var/lib/portsentry instead of /tmp for temporary files + * remove empty subdirs on purge (Closes: #96626) + * install missing credits file + + -- Guido Guenther Sun, 10 Jun 2001 14:01:25 +0200 + +portsentry (1.0-1.7) unstable; urgency=low + + * fix dependencies (Closes: #76878) + + -- Guido Guenther Mon, 13 Nov 2000 00:25:13 +0100 + +portsentry (1.0-1.6) unstable; urgency=low + + * made init.d-script more verbose + * checked policy and bumped standards version to 3.2.1 + * removed various .ex files from debian directory + * do not stop portsentry on upgrades to avoid long downtimes + (see prerm & postinst) (Closes #70756). + + -- Guido Guenther Sat, 16 Sep 2000 09:35:58 +0200 + +portsentry (1.0-1.5) unstable; urgency=low + + * display debconf message only upon first install + * fixed typos and changed maintainer address + + -- Guido Guenther Sun, 13 Aug 2000 22:58:30 +0200 + +portsentry (1.0-1.4) unstable; urgency=low + + * fixed preinst to shut up lintian complaining about missing debhelper token + * the package now uses debconf to display messages during installation + * the kill_cmd example created an unsafe tmpfile - fixed. + + -- Guido Guenther (agx) Sun, 26 Mar 2000 17:33:49 +0200 + +portsentry (1.0-1.3) unstable; urgency=low + + * removed unnecessary echo-calls from postinst + * portsentry-build-ignore-file unsafely created a file in /tmp - fixed. + * debian/rules now uses install instead of cp/chown + * fixed various typos in manpages, scripts, etc. + + -- Guido Guenther (agx) Fri, 24 Mar 2000 08:18:58 +0100 + +portsentry (1.0-1.2) unstable; urgency=low + + * removed "shouldn't" from package description. Closes: #58591 + * renamed portsentry-built-ignore-file to portsentry-build-ignore-file + * postrm did not remove portsentry.ignore upon purge, fixed. + + -- Guido Guenther (agx) Mon, 28 Feb 2000 01:34:54 +0100 + +portsentry (1.0-1.1) unstable; urgency=low + + * fixed the copyright file + + -- Guido Guenther (agx) Tue, 11 Jan 2000 05:44:27 +0100 + +portsentry (1.0-1) unstable; urgency=low + + * moved Build-Depends to source section in control file + * removed perl-base from dependencies since it's an essential package + * changed portsentry.conf.Debian to not block any hosts by default + + -- Guido Guenther (agx) Wed, 8 Dec 1999 21:10:44 +0000 + +portsentry (1.0-0.1) unstable; urgency=low + + * new upstream version + + -- Guido Guenther (agx) Fri, 3 Dec 1999 10:13:57 +0100 + +portsentry (0.99.1-0.42) unstable; urgency=low + + * Makefile.Debian is now obsolete + * cleaned up portsentry-built-ignore-file a bit + + -- Guido Guenther (agx) Wed, 24 Nov 1999 23:28:00 +0100 + +portsentry (0.99.1-0.41) unstable; urgency=low + + * fixed wrong dependency on netstd + * fixed postrm script to also remove dynamically build portsentry.ignore + * added ppp scripts + * changed rules script to set permissions correctly + * switched to cvs + * moved debian specific installation part from Makefile to rules script + * added scan_detect script by Ben Gertzfield to examples + + -- Guido Guenther (agx) Sat, 20 Nov 1999 11:00:48 +0100 + +portsentry (0.99.1-0.40) unstable; urgency=low + + * /etc/init.d/portsentry now checks for dynamic IPs. + * moved to non-free/net + * added /usr/lib/portsentry/portsentry-* scripts + * made startup.conf's format similar to portsentry.conf & logcheck.conf + * adapted manpages to reflect these changes + * again fixed some typos in the manpage :-) + + -- Guido Guenther (agx) Wed, 10 Nov 1999 21:29:56 +0100 + +portsentry (0.99.1-0.32) unstable; urgency=low + + * first build for potato + * switched to gnupg + * fixed some more typos + + -- Guido Guenther (agx) Thu, 30 Sep 1999 22:44:06 +0200 + +portsentry (0.99.1-0.31) unstable; urgency=low + + * Fixed a bad(stupid) link in /usr/doc/portsentry + + -- Guido Guenther Wed, 22 Sep 1999 18:44:54 +0200 + +portsentry (0.99.1-0.3) unstable; urgency=low + + * Fixes typos in the manual page + * renamed portd.conf to startup.conf + * added portsentry.conf(5) manual page + + -- Guido Guenther Wed, 22 Sep 1999 13:18:00 +0200 + +portsentry (0.99.1-0.2) unstable; urgency=low + + * Fixed a bad typo(affecting atcp-mode) in init.d script and portd.conf + + -- Guido Guenther Mon, 20 Sep 1999 11:44:24 +0200 + +portsentry (0.99.1-0.1) unstable; urgency=low + + * Initial Release. + * made Makefile.Debian and portsentry.conf.Debian from original ones + and changed portsentry_config.h to meet debians directory structure + + -- Guido Guenther Wed, 8 Sep 1999 16:28:02 +0200 + --- portsentry-1.2.orig/debian/compat +++ portsentry-1.2/debian/compat @@ -0,0 +1 @@ +4 --- portsentry-1.2.orig/debian/config +++ portsentry-1.2/debian/config @@ -0,0 +1,20 @@ +#!/bin/sh -e +#$Id: config,v 1.4 2001/07/11 23:12:55 agx Exp $ + +# Source debconf library. +. /usr/share/debconf/confmodule + +# location of startup.conf moved in 1.0-2 +# to /etc/default/portsentry +if [ -n "$2" ] && dpkg --compare-versions $2 lt 1.0-2 ; then + if [ -e /etc/portsentry/startup.conf -a ! -e /etc/default/portsentry ]; then + db_input high portsentry/startup_conf_obsolete || true + db_go + fi +fi + +# show no_block message only upon first installation +if [ "$1" = "configure" -a -z "$2" ]; then + db_input high portsentry/warn_no_block || true + db_go +fi --- portsentry-1.2.orig/debian/control +++ portsentry-1.2/debian/control @@ -0,0 +1,22 @@ +Source: portsentry +Section: net +Priority: optional +Maintainer: Guido Guenther +Build-Depends: debhelper (>=4.1.16) +Standards-Version: 3.6.1 + +Package: portsentry +Architecture: any +Depends: ${shlibs:Depends}, net-tools, procps, debconf, libfile-temp-perl +Recommends: tcpd +Suggests: logcheck +Description: Portscan detection daemon + PortSentry has the ability to detect portscans(including stealth scans) on + the network interfaces of your machine. Upon alarm it can block the attacker + via hosts.deny, dropped route or firewall rule. It is part of the Abacus + program suite. + . + Note: If you have no idea what a port/stealth scan is, I recommend to have a + look at http://sf.net/projects/sentrytools/ before installing this package. + Otherwise you might easily block hosts you'd better not (e.g. your NFS-server, + name-server, ...). --- portsentry-1.2.orig/debian/copyright +++ portsentry-1.2/debian/copyright @@ -0,0 +1,310 @@ +This package was debianized by Guido Guenther guido.guenther@uni-konstanz.de on +Wed, 8 Sep 1999 16:28:02 +0200. + +It was downloaded from http://sf.net/projects/sentrytools + +Upstream Author: Craig H. Rowland + + Common Public License - v 1.0 + + + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF + THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, + REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES + RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + + + 1. DEFINITIONS + + + "Contribution" means: + + + a) in the case of the initial Contributor, the + initial code and documentation distributed under + this Agreement, and + + b) in the case of each subsequent Contributor: + + + i) changes to the Program, and + + + ii) additions to the Program; + + + where such changes and/or additions to the Program + originate from and are distributed by that + particular Contributor. A Contribution 'originates' + + from a Contributor if it was added to the Program + by such Contributor itself or anyone acting on such + Contributor's behalf. Contributions do not include + + additions to the Program which: (i) are separate + modules of software distributed in conjunction with + + the Program under their own license agreement, and + (ii) are not derivative works of the Program. + + "Contributor" means any person or entity that distributes + the Program. + + "Licensed Patents " mean patent claims licensable by a + Contributor which are necessarily infringed by the use or + sale of its Contribution alone or when combined with the + Program. + + "Program" means the Contributions distributed in + accordance with this Agreement. + + "Recipient" means anyone who receives the Program under + this Agreement, including all Contributors. + + + 2. GRANT OF RIGHTS + + + a) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare derivative works of, + publicly display, publicly perform, distribute and + sublicense the Contribution of such Contributor, if + any, and such derivative works, in source code and + object code form. + + b) Subject to the terms of this Agreement, each + Contributor hereby grants Recipient a + non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, + offer to sell, import and otherwise transfer the + Contribution of such Contributor, if any, in source + code and object code form. This patent license + shall apply to the combination of the Contribution + and the Program if, at the time the Contribution is + added by the Contributor, such addition of the + Contribution causes such combination to be covered + by the Licensed Patents. The patent license shall + not apply to any other combinations which include + the Contribution. No hardware per se is licensed + hereunder. + + c) Recipient understands that although each + Contributor grants the licenses to its + Contributions set forth herein, no assurances are + provided by any Contributor that the Program does + not infringe the patent or other intellectual + property rights of any other entity. Each + Contributor disclaims any liability to Recipient + for claims brought by any other entity based on + infringement of intellectual property rights or + otherwise. As a condition to exercising the rights + and licenses granted hereunder, each Recipient + hereby assumes sole responsibility to secure any + other intellectual property rights needed, if any. + + For example, if a third party patent license is + required to allow Recipient to distribute the + Program, it is Recipient's responsibility to + acquire that license before distributing the + Program. + + d) Each Contributor represents that to its + knowledge it has sufficient copyright rights in its + Contribution, if any, to grant the copyright + license set forth in this Agreement. + + + 3. REQUIREMENTS + + + A Contributor may choose to distribute the Program in + object code form under its own license agreement, provided + that: + + a) it complies with the terms and conditions of + this Agreement; and + + b) its license agreement: + + i) effectively disclaims on behalf of all + + Contributors all warranties and conditions, express + and implied, including warranties or conditions of + title and non-infringement, and implied warranties + or conditions of merchantability and fitness for a + particular purpose; + + ii) effectively excludes on behalf of all + Contributors all liability for damages, including + direct, indirect, special, incidental and + consequential damages, such as lost profits; + + iii) states that any provisions which differ from + this Agreement are offered by that Contributor + alone and not by any other party; and + + iv) states that source code for the Program is + available from such Contributor, and informs + licensees how to obtain it in a reasonable manner + on or through a medium customarily used for + software exchange. + + When the Program is made available in source code form: + + a) it must be made available under this Agreement; + and + + b) a copy of this Agreement must be included with + each copy of the Program. + + Contributors may not remove or alter any copyright notices + contained within the Program. + + Each Contributor must identify itself as the originator of + its Contribution, if any, in a manner that reasonably + allows subsequent Recipients to identify the originator of + the Contribution. + + + 4. COMMERCIAL DISTRIBUTION + + + Commercial distributors of software may accept certain + responsibilities with respect to end users, business + partners and the like. While this license is intended to + facilitate the commercial use of the Program, the + Contributor who includes the Program in a commercial + product offering should do so in a manner which does not + create potential liability for other Contributors. + Therefore, if a Contributor includes the Program in a + commercial product offering, such Contributor ("Commercial + Contributor") hereby agrees to defend and indemnify every + other Contributor ("Indemnified Contributor") against any + losses, damages and costs (collectively "Losses") arising + from claims, lawsuits and other legal actions brought by a + third party against the Indemnified Contributor to the + extent caused by the acts or omissions of such Commercial + Contributor in connection with its distribution of the + + Program in a commercial product offering. The obligations + in this section do not apply to any claims or Losses + relating to any actual or alleged intellectual property + infringement. In order to qualify, an Indemnified + Contributor must: a) promptly notify the Commercial + Contributor in writing of such claim, and b) allow the + + Commercial Contributor to control, and cooperate with the + Commercial Contributor in, the defense and any related + settlement negotiations. The Indemnified Contributor may + participate in any such claim at its own expense. + + For example, a Contributor might include the Program in a + commercial product offering, Product X. That Contributor + is then a Commercial Contributor. If that Commercial + Contributor then makes performance claims, or offers + warranties related to Product X, those performance claims + and warranties are such Commercial Contributor's + responsibility alone. Under this section, the Commercial + Contributor would have to defend claims against the other + Contributors related to those performance claims and + warranties, and if a court requires any other Contributor + to pay any damages as a result, the Commercial Contributor + must pay those damages. + + 5. NO WARRANTY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE + PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR + IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR + CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely + responsible for determining the appropriateness of using + and distributing the Program and assumes all risks + associated with its exercise of rights under this + Agreement, including but not limited to the risks and + costs of program errors, compliance with applicable laws, + damage to or loss of data, programs or equipment, and + unavailability or interruption of operations. + + 6. DISCLAIMER OF LIABILITY + + EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER + RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION + LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE + OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + + 7. GENERAL + + If any provision of this Agreement is invalid or + unenforceable under applicable law, it shall not affect + the validity or enforceability of the remainder of the + terms of this Agreement, and without further action by the + parties hereto, such provision shall be reformed to the + minimum extent necessary to make such provision valid and + enforceable. + + If Recipient institutes patent litigation against a + Contributor with respect to a patent applicable to + software (including a cross-claim or counterclaim in a + lawsuit), then any patent licenses granted by that + Contributor to such Recipient under this Agreement shall + terminate as of the date such litigation is filed. In + addition, if Recipient institutes patent litigation + against any entity (including a cross-claim or + counterclaim in a lawsuit) alleging that the Program + itself (excluding combinations of the Program with other + software or hardware) infringes such Recipient's + patent(s), then such Recipient's rights granted under + Section 2(b) shall terminate as of the date such + litigation is filed. + + All Recipient's rights under this Agreement shall + terminate if it fails to comply with any of the material + terms or conditions of this Agreement and does not cure + such failure in a reasonable period of time after becoming + aware of such noncompliance. If all Recipient's rights + under this Agreement terminate, Recipient agrees to cease + use and distribution of the Program as soon as reasonably + practicable. However, Recipient's obligations under this + Agreement and any licenses granted by Recipient relating + to the Program shall continue and survive. + + Everyone is permitted to copy and distribute copies of + this Agreement, but in order to avoid inconsistency the + Agreement is copyrighted and may only be modified in the + following manner. The Agreement Steward reserves the right + to publish new versions (including revisions) of this + Agreement from time to time. No one other than the + Agreement Steward has the right to modify this Agreement. + IBM is the initial Agreement Steward. IBM may assign the + responsibility to serve as the Agreement Steward to a + suitable separate entity. Each new version of the + Agreement will be given a distinguishing version number. + The Program (including Contributions) may always be + distributed subject to the version of the Agreement under + which it was received. In addition, after a new version of + the Agreement is published, Contributor may elect to + distribute the Program (including its Contributions) under + the new version. Except as expressly stated in Sections + 2(a) and 2(b) above, Recipient receives no rights or + licenses to the intellectual property of any Contributor + under this Agreement, whether expressly, by implication, + estoppel or otherwise. All rights in the Program not + expressly granted under this Agreement are reserved. + + This Agreement is governed by the laws of the State of New + York and the intellectual property laws of the United + States of America. No party to this Agreement will bring a + legal action under this Agreement more than one year after + the cause of action arose. Each party waives its rights to + a jury trial in any resulting litigation. --- portsentry-1.2.orig/debian/dirs +++ portsentry-1.2/debian/dirs @@ -0,0 +1,7 @@ +usr/sbin +usr/lib/portsentry +var/lib/portsentry +etc/portsentry +etc/default +etc/ppp/ip-up.d +etc/ppp/ip-down.d --- portsentry-1.2.orig/debian/docs +++ portsentry-1.2/debian/docs @@ -0,0 +1 @@ +CHANGES README.COMPAT README.install README.methods README.stealth CREDITS --- portsentry-1.2.orig/debian/init.d +++ portsentry-1.2/debian/init.d @@ -0,0 +1,98 @@ +#! /bin/sh +# start and stop portsentry +# +# $Id: init.d,v 1.7 2002/01/05 14:52:14 agx Exp $ + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/portsentry +CONFIG=/etc/default/portsentry +BUILDSCRIPT=/usr/lib/portsentry/portsentry-build-ignore-file + +test -f $DAEMON || exit 0 +test -f $CONFIG || exit 0 +test -f $BUILDSCRIPT || exit 0 + +# source the config file +. $CONFIG + +startup () { + +if [ \( ! "$TCP_MODE" \) -a \( ! "$UDP_MODE" \) ]; then +echo "Not starting anti portscan daemon (no modes in $CONFIG)." + exit 0 +fi + +echo -n "Starting anti portscan daemon: " +# populate portsentry.ignore first +$BUILDSCRIPT + +case "$TCP_MODE" in + "tcp"|"stcp"|"atcp") +# Make sure we're not already listening for tcp scans + if ! ps awx | grep -q "$DAEMON -[as]*tcp" + then + $DAEMON -$TCP_MODE + echo -n "portsentry in $TCP_MODE" + else + TCP_MODE="" + fi + ;; +# do nothing if TCP_MODE is not set + "") + ;; + *) + echo "$TCP_MODE is not a valid mode." + exit 1; + ;; +esac + +case "$UDP_MODE" in + "udp"|"sudp"|"audp") + if ! ps awx | grep -q "$DAEMON -[as]*udp" + then + $DAEMON -$UDP_MODE + if [ "$TCP_MODE" ]; then + echo -n " &" + else + echo -n "portsentry in" + fi + echo -n " $UDP_MODE" + else + UDP_MODE="" + fi + ;; +# do nothing if UDP_MODE is not set + "") + ;; + *) + echo "$UDP_MODE is not a valid mode." + exit 1; + ;; +esac +if [ "$TCP_MODE" -o "$UDP_MODE" ]; then + echo " mode." +fi +} + +case "$1" in + start) + startup + ;; + stop) + echo -n "Stopping anti portscan daemon: portsentry" + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON + echo "." + ;; + restart|force-reload) + echo -n "Stopping anti portscan daemon: portsentry" + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON + echo "." + startup + ;; + *) + echo "Usage: /etc/init.d/portsentry {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 --- portsentry-1.2.orig/debian/portsentry.8 +++ portsentry-1.2/debian/portsentry.8 @@ -0,0 +1,151 @@ +.TH PORTSENTRY 8 +.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection +.\" other parms are allowed: see man(7), man(1) +.SH NAME +portsentry \- detect portscan activity +.SH SYNOPSIS +.B portsentry +.I "[ \-tcp | \-stcp | \-atcp ]" +.br +.B portsentry +.I "[ \-udp | \-sudp | \-audp ]" +.SH "DESCRIPTION" +This manual page documents briefly the +.BR portsentry +command. +This manual page was written for the Debian GNU/Linux distribution +because the original program does not have a manual page. +.PP +.B portsentry +is a program that tries to detect portscans on network interfaces with the ability to detect stealth scans. On alarm portsentry can block the scanning machine via hosts.deny (see +.BR hosts_access (5), +firewall rule (see +.BR ipfwadm (8) , +.BR ipchains (8) +and +.BR iptables (8)) +or dropped route (see +.BR route (8)). +.SH OPTIONS +For details on the various modes see +.I /usr/doc/portsentry/README.install +. +.TP +.B \-tcp +tcp portscan detection on ports specified under +.I TCP_PORTS +in the config file +.IR /etc/portsentry/portsentry.conf . +.TP +.B \-stcp +As above but additionally detect stealth scans. +.TP +.B \-atcp +Advanced tcp or inverse mode. Portsentry binds to all unused ports below +.I ADVANCED_PORTS_TCP +given in the config file +.IR /etc/portsentry/portsentry.conf . + +.TP +.B \-udp +udp portscan detection on ports specified under +.I UDP_PORTS +in the config file +.IR /etc/portsentry/portsentry.conf . +.TP +.B \-sudp +As above but additionally detect "stealth" scans. +.TP +.B \-audp +Advanced udp or inverse mode. Portsentry binds to all unused ports below +.I ADVANCED_PORTS_UDP +given in the config file +.IR /etc/portsentry/portsentry.conf . + +.SH "CONFIGURATION FILES" +.B portsentry +keeps all its configuration files in +.BR /etc/portsentry. +.B portsentry.conf +is +.BR portsentry 's +main configuration file. See +.BR portsentry.conf (5) +for details. + +The file +.BR portsentry.ignore +contains a list of all hosts that are ignored, if they connect to a tripwired +port. It should contain at least the localhost(127.0.0.1), 0.0.0.0 and the IP addresses of all local interfaces. You can ignore whole subnets by using a notation /. It is *not* recommend putting in every machine IP on your network. It may be important for you to see who is connecting to you, even if it is a "friendly" machine. This can help you detect internal host compromises faster. + +If you use the +.IR /etc/init.d/portsentry +script to start the daemon, +.BR portsentry.ignore +is rebuild on each start of the daemon using +.BR portsentry.ignore.static +and all the IP addresses found on the machine via +.BR ifconfig . + +.BR /etc/default/portsenty +specifies in which protocol modes +.B portsentry +should be startet from +.IR /etc/init.d/portsentry +There are currently two options: +.TP +.B TCP_MODE= +either +.BR tcp ", " stcp " or " atcp " (see " OPTIONS " above)." +.TP +.B UDP_MODE= +either +.BR udp ", " sudp " or " audp " (see " OPTIONS " above)." + +.PP +The options above correspond to portsentry's commandline arguments. For example +.B TCP_MODE="atcp" +has the same effect as to start portsentry using +.BR portsentry " " -atcp. +Only one mode per protocol can be started at a time (i.e. one tcp and one udp mode). + +.SH "FILES" +.BR /etc/portsentry/portsentry.conf +main configuration file +.TP +.BR /etc/portsentry/portsentry.ignore +IP addresses to ignore +.TP +.BR /etc/portsentry/portsentry.ignore.static +static IP addresses to ignore +.TP +.BR /etc/default/portsentry +startup options +.TP +.BR /etc/init.d/portsentry +script responsible for starting and stopping the daemon +.TP +.BR /var/lib/portsentry/portsentry.blocked.* +blocked hosts(cleared upon reload) +.TP +.BR /var/lib/portsentry/portsentry.history +history file +.LP +.SH "SEE ALSO" +.BR portsentry.conf(5), +.BR hosts_access(5), +.BR hosts_options(5), +.BR route(8), +.BR ipfwadm(8), +.BR ipchains(8), +.BR iptables(8), +.BR ifconfig(8) + +.BR /usr/share/doc/portsentry/README.install +.LP +.SH AUTHOR +.B portsentry +was written by Craig H. Howland +.B . + +This manual page was stitched together by Guido Guenther , for the Debian GNU/Linux system (but may be used by others). Some parts are just a cut and paste from the original documentation. --- portsentry-1.2.orig/debian/portsentry.conf.5 +++ portsentry-1.2/debian/portsentry.conf.5 @@ -0,0 +1,217 @@ +.TH PORTSENTRY.CONF 5 +.\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection +.\" other parms are allowed: see man(7), man(1) +.SH NAME +portsentry.conf \- portsentry´s main configuration file +.SH "DESCRIPTION" +This manual page documents briefly the format of +.BR portsentry ´s(8) +configuration file. +.SH OPTIONS +.TP +.B TCP_PORTS +A comma delimited string of TCP ports you want PortSentry to +listen to. This string can NOT have any spaces in it. You can put in as +many sockets as you want. PortSentry will try to bind them all up until +the default limit of 64. + +For the stealth scan detection modes, the ports are not "bound" per se, +but they are monitored at the socket level for connections. + +For the Advanced Stealth Scan Detection (see below) this list is *ignored* +.TP +.B UDP_PORTS +The same as above, except for UDP ports. You need to be +very careful with UDP mode as an attacker can forge a port sweep and +make you block any number of hosts. Use this option with caution, or +not at all if your host is a well-known Internet connected system. + +For the Advanced Stealth Scan Detection (see below) this list is *ignored* + +.TP +.B ADVANCED_PORTS_TCP +A number indicating the highest port number to +monitor down from. Any port *below* this number is then monitored. The +default is 1024 (reserved port range), but can be made as large as 65535 +(system max). I don't recommend going over 1024 with this option. + +.TP +.B ADVANCED_PORTS_UDP +Same as above, except for UDP. + +.TP +.B ADVANCED_EXCLUDE_TCP +A comma delimited string of TCP ports that should +be manually excluded from monitoring in Advanced mode. These are normally +ports that may get hit by mistake by remote clients and shouldn't cause +alarms (ident, SSL, etc). + +.TP +.B ADVANCED_EXCLUDE_UDP +Same as above, except for UDP. + +.TP +.B IGNORE_FILE +The path to the file that contains IP addresses of hosts you +want to always be ignored. + +.TP +.B BLOCKED_FILE +The path to the file that contains the IP addresses of +blocked hosts. + +.TP +.B RESOLVE_HOST - This option turns off DNS resolution for +hosts. If you have a slow DNS server it may be more effective +to turn off resolution. + +.TP +.B BLOCK_UDP +This option disables all automatic responses to UDP probes. +Because UDP can be easily forged, it may allow an attacker to start a +denial of service attack against the protected host, causing it to block +all manner of hosts that should normally be left alone. Setting this option +to "0" will disable all responses, although the connects are still logged. +This option is mainly useful for Internet exposed hosts. For internal hosts +you should leave this enabled. If someone internally is firing spoofed +packets at you, then you have a much bigger problem than a denial of service. + +.TP +.B BLOCK_TCP +Same as above, but for TCP. Packet forgery is not as big a problem +though because PortSentry waits for a full connect to occur and this is much +harder to forge in the basic modes. Leave this enabled, even for +Internet connected hosts. For stealth scan detection modes the UDP warning +applies: + + An attacker can cause you to block hosts you don't want to + through packet forgery. I wouldn't worry about this until it is a + problem, but you should be aware of it. + +.TP +.B KILL_ROUTE +This is the command to run to drop the offending route(see +.BR route (8)) +if an attack is detected. This is the *full path* to the route command +along with the necessary parameters to make the command work. The macro +.B $TARGET$ +will be substituted with the attacking host IP and is +REQUIRED in this option. Your gateway should be a *dead host* on the +local subnet. On some systems though you can just put in the localhost +address (127.0.0.1) and this will probably work. All packets from the +target host will get routed to this address so don't mess this up. +More modern route commands will include a "-blackhole" or "-reject" flag. +Check your man(1) pages and if your route command supports this feature +you should use it (although we recommend using packet filtering +instead, see below). + +Also be aware that this creates what is known as an "asynchronous +route" which basically means packets enter your host via one route +and are sent out on another (dead) route. This works OK for full +TCP connect requests, but for UDP and stealth scan modes it +still allows packets to activate PortSentry and you may get a +series of "already blocked" alarms by PortSentry. For UDP scans +this method prevents ICMP messages from returning to the attacker +so all ports appear open. However, if the attacker is performing +an actual exploit with UDP the drop route method will not work. +The asynchronous route allows the packet to hit the system and the +attacker could perform a "blind" attack with UDP if they know what +the responses are going to be. + +By far the best method is to use the local packet filter (see +.BR ipfwadm (8), +.BR ipchains (8), +or +.BR iptables (8)). +This is a much cleaner solution and is +detailed in the config file. The macro +.B $PORT$ +will substitute the port +that was connected to by the attacker, but this is NOT required for this +option. The macro $MODE$ reports what mode the blocking occurred in +(tcp, udp, stcp, sudp, atcp, audp) but is also NOT required. + +.TP +.B KILL_HOSTS_DENY +This is the format of the string to drop into the +hosts.deny file that TCP wrappers uses(see +.BR hosts_access (5), +and +.BR hosts_options (5)). +Again the +.B $TARGET$ +macro is +expanded out to be the IP of the attacker and is required. You can +also drop in any TCP wrapper escape codes here as well (%h, twist, +etc). The macro +.B $PORT$ +will substitute the port that was connected to +by the attacker, but this is NOT required for this option. +The macro $MODE$ reports what mode the blocking occurred in +(tcp, udp, stcp, sudp, atcp, audp) but is also NOT required. + +.TP +.B KILL_RUN_CMD +This is a command you want run *before* the route +is dropped to the attacker. You can put in any program/script you want +executed when an attack is detected. WE NEVER RECOMMEND PUTTING IN +RETALIATORY ACTION AGAINST AN ATTACKING HOST. Virtually every time you're +are port scanned the host doing the scanning has been compromised itself. +Therefore, if you retaliate you are probably attacking an innocent(?) +party. Also the goal of security is to make the person GO AWAY. You don't +want to irritate them into making a personal vendetta against you. +Remember, even a 13 year old can run a [insert favorite D.O.S. program +here] attack against you from their Windows box to make your life +miserable. As above, the +.BR $TARGET$ , +.B $PORT$ +and +.B $MODE$ +macros are available to you but they are not required with this option as above. + +.TP +.B KILL_RUN_CMD_FIRST +Setting this to "1" makes the command above run before the route is +dropped. Setting it to "0" makes the command run aftter the blocking +has occurred. + +.TP +.B SCAN_TRIGGER +PortSentry has a state engine that will remember hosts +that connected to it. Setting this value will tell PortSentry to allow X +number of grace port hits before it reacts. This will detect both +sequential and random port sweeps. The default is 0 which will react +immediately. A setting of 1 or 2 will reduce false alarms, anything +higher is probably too much as anything more than 3 hits to different +ports is pretty suspicious behavior. Usually you can leave this at 0 +without any consequence, with the exception of Advanced stealth scan +detection modes where you may create a "hair trigger" if you aren't +careful. Use your own discretion. + +.TP +.B PORT_BANNER +A text banner you want displayed to the connecting host if +the PortSentry is activated. Leave this commented out if you don't want this +feature. If you do use it, try not to taunt the person too badly. We +recommend keeping it professional and to the point. The banner is *not* +displayed when stealth scan detection modes are used. + +.LP +.SH "SEE ALSO" +.BR portsentry(8), +.BR hosts_access(5), +.BR hosts_options(5), +.BR route(8), +.BR ipfwadm(8), +.BR ipchains(8) + +.BR /usr/share/doc/portsentry/README.install +.LP +.SH AUTHOR +.B portsentry +was written by Craig H. Howland +.B . + +This manual page is essentially just a "cut and paste" from the README.install file and was done by Guido Guenther (hopefully without adding too many errors), for the Debian GNU/Linux system (but may be used by others). + + --- portsentry-1.2.orig/debian/portsentry.examples +++ portsentry-1.2/debian/portsentry.examples @@ -0,0 +1,3 @@ +ignore.csh +debian/examples/kill_cmd +debian/examples/scan-detect --- portsentry-1.2.orig/debian/portsentry.links +++ portsentry-1.2/debian/portsentry.links @@ -0,0 +1 @@ +/usr/share/doc/portsentry/CHANGES.gz /usr/share/doc/portsentry/changelog.gz --- portsentry-1.2.orig/debian/portsentry.ppp.ip-down +++ portsentry-1.2/debian/portsentry.ppp.ip-down @@ -0,0 +1,14 @@ +#! /bin/sh -e +# $Id: portsentry.ppp.ip-down,v 1.1 2003/10/26 18:15:02 agx Exp $ +# +# rebuilds /etc/portsentry/portsentry.ignore and restarts the daemon +# reload would be cleaner, but portsentry does not support this + +INIT_SCRIPT=/etc/init.d/portsentry +DAEMON=/usr/sbin/portsentry + +if [ -x $INIT_SCRIPT -a -x $DAEMON ]; then + if [ "`pidof /usr/sbin/portsentry`" ]; then + $INIT_SCRIPT restart + fi +fi --- portsentry-1.2.orig/debian/portsentry.ppp.ip-up +++ portsentry-1.2/debian/portsentry.ppp.ip-up @@ -0,0 +1,14 @@ +#! /bin/sh -e +# $Id: portsentry.ppp.ip-up,v 1.1 2003/10/26 18:15:02 agx Exp $ +# +# rebuilds /etc/portsentry/portsentry.ignore and restarts the daemon +# reload would be cleaner, but portsentry does not support this + +INIT_SCRIPT=/etc/init.d/portsentry +DAEMON=/usr/sbin/portsentry + +if [ -x $INIT_SCRIPT -a -x $DAEMON ]; then + if [ "`pidof /usr/sbin/portsentry`" ]; then + $INIT_SCRIPT restart + fi +fi --- portsentry-1.2.orig/debian/postinst +++ portsentry-1.2/debian/postinst @@ -0,0 +1,57 @@ +#!/bin/sh +# $Id: postinst,v 1.7 2003/09/08 18:09:03 agx Exp $ + +set -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +PS_DEFAULT="/etc/default/portsentry" +if [ "$1" = "configure" -a ! -e $PS_DEFAULT ]; then + # copy over the settings from /e/portsentry/startup.conf + # when upgrading from versions < 1.0-2 + if [ -n "$2" ] && dpkg --compare-versions $2 lt 1.0-2 ; then + if [ -e /etc/portsentry/startup.conf ]; then + . /etc/portsentry/startup.conf + fi + # create /e/d/portsentry if it doesn't exist on first time installs + elif [ -z "$2" ]; then + TCP_MODE=tcp + UDP_MODE=udp + fi + if [ -n "$TCP_MODE" -o -n "$UDP_MODE" ]; then + cat >$PS_DEFAULT </dev/null + +# this is not a very nice way to do things, but it's the safest one +if [ "`pidof /usr/sbin/portsentry`" ]; then + echo -n "Stopping anti portscan daemon: " + kill `pidof /usr/sbin/portsentry` + echo "portsentry." +fi + +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d portsentry start +else + /etc/init.d/portsentry start +fi + +# until portsentry is fixed: +db_stop + --- portsentry-1.2.orig/debian/postrm +++ portsentry-1.2/debian/postrm @@ -0,0 +1,28 @@ +#!/bin/sh -e +# $Id: postrm,v 1.5 2001/07/11 21:12:47 agx Exp $ + +ETCDIR="/etc/portsentry" +VARDIR="/var/lib/portsentry" +STARTUP="/etc/default/portsentry" + +#DEBHELPER# + +# Be sure to clean up the history files upon purge +if [ "$1" = "purge" ] +then + if [ \( -e $ETCDIR \) -o \( -e $STARTUP \) ]; then + echo -n "Purging additional configuration files..." + rm -f $ETCDIR/portsentry.ignore + rmdir --ignore-fail-on-non-empty $ETCDIR + rm -f $STARTUP + echo "done." + fi + if [ -e $VARDIR ]; then + echo -n "Purging history files..." + rm -f $VARDIR/portsentry.blocked.*tcp + rm -f $VARDIR/portsentry.blocked.*udp + rm -f $VARDIR/portsentry.history + rmdir --ignore-fail-on-non-empty $VARDIR + echo "done." + fi +fi --- portsentry-1.2.orig/debian/prerm +++ portsentry-1.2/debian/prerm @@ -0,0 +1,26 @@ +#!/bin/sh +#$Id: prerm,v 1.4 2003/09/08 18:09:03 agx Exp $ + +# rm symbolic link to /usr/doc/portsentry when package gets removed or +# upgraded +# keep this for one stable release to get rid of the symlink +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/portsentry ]; then + rm -f /usr/doc/portsentry +fi + +# to avoid long downtimes upon mass upgrades do not stop the daemon. +# Unfortunately maintainer scripts prior to 1.0-1.2 don't know anything +# about this. So we have to stop the daemon on downgrades. +if [ -n "$2" ] && dpkg --compare-versions $2 lt 1.0-2 ; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d portsentry stop + else + /etc/init.d/portsentry stop + fi +elif [ "$1" != "upgrade" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d portsentry stop + else + /etc/init.d/portsentry stop + fi +fi --- portsentry-1.2.orig/debian/rules +++ portsentry-1.2/debian/rules @@ -0,0 +1,104 @@ +#!/usr/bin/make -f +# MAde with the aid of dh_make, by Craig Small +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. +# Some lines taken from debmake, by Cristoph Lameter. +# modified for portsentry by Guido Guenther +# +# $Id: rules,v 1.9 2003/10/26 18:14:07 agx Exp $ + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +DEST=`pwd`/debian/`dh_listpackages` +ETCDIR=$(DEST)/etc/portsentry +PPP=$(DEST)/etc/ppp +SCRIPTS=$(DEST)/usr/lib/portsentry +BINDIR = $(DEST)/usr/sbin + +INSTALL=install +INSTALL_PROGRAM = $(INSTALL) -p -o root -g root -m 755 +CFLAGS=-Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +# auto update .po files +debian/po/templates.pot: debian/templates + @debconf-updatepo + +build: build-stamp debian/po/templates.pot +build-stamp: + dh_testdir + + # Add here commands to compile the package. + $(MAKE) CFLAGS="$(CFLAGS)" -f Makefile debian-linux + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) -f Makefile clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/portsentry. + $(INSTALL_PROGRAM) portsentry $(BINDIR) + # install Debian specific stuff + $(INSTALL) --mode=644 portsentry.ignore.static $(ETCDIR) + $(INSTALL) --mode=644 portsentry.conf.Debian $(ETCDIR)/portsentry.conf + $(INSTALL) scripts/portsentry-* $(SCRIPTS) + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installdebconf + dh_installdocs + dh_installexamples + dh_installppp +# dh_installmenu +# dh_installlogrotate +# dh_installemacsen + dh_installinit -u"defaults 99" +# dh_installcron + dh_installman debian/portsentry.8 debian/portsentry.conf.5 + dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_makeshlibs + dh_installdeb +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary --- portsentry-1.2.orig/debian/templates +++ portsentry-1.2/debian/templates @@ -0,0 +1,23 @@ +Template: portsentry/warn_no_block +Type: note +_Description: PortSentry does not block anything by default. + Please note that by default PortSentry takes no action against potential + attackers. It only dumps messages into /var/log/syslog. To change this + edit /etc/portsentry/portsentry.conf. + . + You may also want to check: + /etc/default/portsentry (daemon startup options) and + /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore) + . + For further details see the portsentry(8) and portsentry.conf(5) manpages. + +Template: portsentry/startup_conf_obsolete +Type: note +_Description: startup.conf is obsolete - use /etc/default/portsentry instead + /etc/portsentry/startup.conf is no longer used and /etc/default/portsentry + is used instead. In order to ease the transition I'll do my best to + preserve your settings while copying them over to the new location. + Please check /etc/default/portsentry against /etc/portsentry/startup.conf + and remove the later after the installation has finished. + . + Sorry for any inconvenience. --- portsentry-1.2.orig/debian/po/POTFILES.in +++ portsentry-1.2/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates --- portsentry-1.2.orig/debian/po/ca.po +++ portsentry-1.2/debian/po/ca.po @@ -0,0 +1,87 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "PortSentry no bloquejarà res per defecte." + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "" +"Si us plau noteu que per defecte PortSentry no fa cap acció contra dels " +"atacs en potència. Aquest sols veu els missatges en el /var/log/syslog. Per " +"a canviar això editeu el /etc/portsentry/portsentry.conf." + +#. Description +#: ../templates:3 +#, fuzzy +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "" +" Pot ser també vulgueu comprobar:\n" +" /etc/portsentry/startup.conf (opcions de càrrega) i\n" +" /etc/portsentry/portsentry.ignore.static (llocs/interfícies a ignorar)" + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "" +"Per a més detalls mireu-vos les pàgines del manual portsentry(8) i " +"portsentry.conf(5)." + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "startup.conf està obsolet - ara usareu /etc/default/portsentry" + +#. Description +#: ../templates:16 +#, fuzzy +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "" +"El /etc/portsentry/startup.conf no pot ser usar, ara s'usarà el /etc/default/" +"portsentry. Per a facilitar la transició faré el que pugui per a conservar " +"les vostres configuracions copiant-les a la nova localització. Si us plau " +"comprobeu el /etc/default/portsentry contra el /etc/portsentry/startup.conf " +"i esborreu aquest últim una vegada la instal·lació hagi finalitzat." + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "" --- portsentry-1.2.orig/debian/po/de.po +++ portsentry-1.2/debian/po/de.po @@ -0,0 +1,83 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "PortSentry blockt standardmäßig nichts." + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "" +"Bitte beachten Sie, daß PortSentry standardmäßig keine Aktionen gegen " +"potentielle Angreifer durchführt. Er schreibt nur Informationen nach /var/" +"log/syslog. Um dies zu ändern passen Sie bitte die Datei /etc/portsentry/" +"portsentry.conf entsprechend an." + +#. Description +#: ../templates:3 +#, fuzzy +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "" +" Bitte beachten Sie auch folgende Dateien:\n" +" /etc/portsentry/startup.conf (Startoptionen) und\n" +" /etc/portsentry/portsentry.ignore.static (zu ignorierende Rechner/" +"Schnittstellen)" + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "" +"Für weitere Informationen lesen Sie bitte die portsentry(8) und portsentry." +"conf(5) Manpages." + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "" + +#. Description +#: ../templates:16 +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "" + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "" --- portsentry-1.2.orig/debian/po/fr.po +++ portsentry-1.2/debian/po/fr.po @@ -0,0 +1,85 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: portsentry_1.2-1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: 2003-08-23 11:06+0200\n" +"Last-Translator: Michel Grentzinger \n" +"Language-Team: French \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "PortSentry ne bloque rien par défaut" + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "" +"Veuillez noter que PortSentry ne prend aucune mesure par défaut contre les " +"attaquants potentiels. Il se contente de dupliquer les messages dans /var/" +"log/syslog. Pour modifier ce comportement, veuillez modifier /etc/portsentry/" +"portsentry.conf." + +#. Description +#: ../templates:3 +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "" +" Vous devriez également vérifier :\n" +" /etc/default/portsentry (options de démarrage) et\n" +" /etc/portsentry/portsentry.ignore.static (hôtes/interfaces à ignorer)" + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "" +"Pour davantage de détails, consultez les pages de manuel portsentry(8) et " +"portsentry.conf(5)." + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "" +"startup.conf est obsolète - utilisez /etc/default/portsentry à la place" + +#. Description +#: ../templates:16 +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "" +"/etc/portsentry/startup.conf n'est plus utilisé et /etc/default/portsentry " +"est maintenant utilisé en remplacement. Afin de faciliter la transition, vos " +"paramètres seront copiés avec le plus grand soin vers leur nouvel " +"emplacement. Veuillez comparer /etc/default/portsentry et /etc/portsentry/" +"startup.conf puis supprimer ce dernier une fois l'installation terminée." + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "" +"Veuillez accepter les excuses du responsable du paquet pour ces désagréments." --- portsentry-1.2.orig/debian/po/ja.po +++ portsentry-1.2/debian/po/ja.po @@ -0,0 +1,72 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: 2003-11-19 01:32+0900\n" +"Last-Translator: Hideki Yamane \n" +"Language-Team: Japanese \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=EUC-JP\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "PortSentry ¤Ïɸ½à¤Ç¤Ï²¿¤â¥Ö¥í¥Ã¥¯¤·¤Þ¤»¤ó¡£" + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "ɸ½à¾õÂ֤ΠPortSentry ¤Ï¹¶·â¤Î²ÄǽÀ­¤¬¤¢¤ë¤â¤Î¤ËÂФ·¤Æ²¿¤â¥¢¥¯¥·¥ç¥ó¤ò¤·¤Ê¤¤¤³¤È¤Ëα°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£/var/log/syslog ¤Ø¥á¥Ã¥»¡¼¥¸¤òÅǤ­½Ð¤¹¤À¤±¤Ç¤¹¡£¤³¤ì¤òÊѹ¹¤¹¤ë¤Ë¤Ï /etc/portsentry/portsentry.conf ¤òÊÔ½¸¤·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Description +#: ../templates:3 +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "°Ê²¼¤Ë¤Ä¤¤¤Æ¤â¥Á¥§¥Ã¥¯¤·¤¿¤Û¤¦¤¬Îɤ¤¤Ç¤·¤ç¤¦: \n /etc/default/portsentry (¥Ç¡¼¥â¥óµ¯Æ°»þ¤Î¥ª¥×¥·¥ç¥ó) ¤ª¤è¤Ó\n /etc/portsentry/portsentry.ignore.static (̵»ë¤ò¤¹¤ë¥Û¥¹¥È¤ª¤è¤Ó¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹)" + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "¤è¤ê¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï portsentry(8) ¤È portsentry.conf(5) ¤Î man ¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "startup.conf ¤ÏÇѻߤµ¤ì¤Æ¤¤¤Þ¤¹¡£Âå¤ï¤ê¤Ë /etc/default/portsentry ¤ò»ÈÍѤ·¤Æ¤¯¤À¤µ¤¤" + +#. Description +#: ../templates:16 +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "/etc/portsentry/startup.conf ¤Ï¤â¤Ï¤ä»ÈÍѤµ¤ì¤Ê¤¯¤Ê¤Ã¤Æ¤ª¤ê¡¢Âå¤ï¤ê¤Ë /etc/default/portsentry ¤ò»ÈÍѤ·¤Æ¤Þ¤¹¡£°Ü¹Ô¤òÍưפˤ¹¤ë¤¿¤á¡¢ÀßÄê¤ò¿·¤·¤¤¾ì½ê¤Ø°Ü¤¹ºÝ¤Ë¸µ¤ÎÀßÄê¤òÊÝ»ý¤¹¤ë¤è¤¦ºÇÂç¸Â¤ÎÅØÎϤò¤·¤Æ¤¤¤Þ¤¹¡£¥¤¥ó¥¹¥È¡¼¥ë´°Î»¸å¤Ë /etc/default/portsentry ¤ò /etc/portsentry/startup.conf ¤ÈÈæ³Ó¤·¤Æ¤«¤é¸å¼Ô¤òºï½ü¤·¤Æ¤¯¤À¤µ¤¤¡£" + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "¤´ÌÂÏǤò¤ª³Ý¤±¤·¤Æ¿½¤·Ìõ¤¢¤ê¤Þ¤»¤ó¡£" --- portsentry-1.2.orig/debian/po/pt_BR.po +++ portsentry-1.2/debian/po/pt_BR.po @@ -0,0 +1,90 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: portsentry\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: 2004-08-22 09:03-0300\n" +"Last-Translator: Tiago Bortoletto Vaz tiagovaz@im.ufba.br\n" +"Language-Team: Debian-BR Project \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "" +"Portsentry não bloqueia nada por padrão." + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "" +"Note que por padrão o PortSentry não realiza nenhuma ação contra " +"potenciais atacantes. Ele apenas registra as mensagens em /var/log/syslog. " +"Para mudar isso, edite o arquivo /etc/portsentry/portsentry.conf." + +#. Description +#: ../templates:3 +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "" +" Você pode também querer checar:\n" +" /etc/default/portsentry (opções de inicializaçao do daemon) e\n" +"/etc/portsentry/portsentry.ignore.static (hosts/interfaces a ignorar)" + + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "" +"Para mais detalhes veja as páginas de manual portsentry(8) e " +"portsentry.conf(5)" + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "" +"startup.conf está obsoleto - use /etc/default/portsentry no seu lugar" + +#. Description +#: ../templates:16 +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "" +"/etc/portsentry/startup.conf não é mais utilizado e /etc/default/portsentry " +"é utilizado no seu lugar. De forma a facilitar a transição eu estarei " +"fazendo o melhor para preservar suas configurações enquanto é feita a cópia " +"para a nova localização. Por favor verifique /etc/default/portsentry e " +"remova o /etc/portsentry/startup.conf depois que a instalação for finalizada." + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "" +"Desculpe por algum inconveniente" + --- portsentry-1.2.orig/debian/po/templates.pot +++ portsentry-1.2/debian/po/templates.pot @@ -0,0 +1,72 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-09-08 18:51+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Description +#: ../templates:3 +msgid "PortSentry does not block anything by default." +msgstr "" + +#. Description +#: ../templates:3 +msgid "" +"Please note that by default PortSentry takes no action against potential " +"attackers. It only dumps messages into /var/log/syslog. To change this edit /" +"etc/portsentry/portsentry.conf." +msgstr "" + +#. Description +#: ../templates:3 +msgid "" +" You may also want to check:\n" +" /etc/default/portsentry (daemon startup options) and\n" +" /etc/portsentry/portsentry.ignore.static (hosts/interfaces to ignore)" +msgstr "" + +#. Description +#: ../templates:3 +msgid "" +"For further details see the portsentry(8) and portsentry.conf(5) manpages." +msgstr "" + +#. Description +#: ../templates:16 +msgid "startup.conf is obsolete - use /etc/default/portsentry instead" +msgstr "" + +#. Description +#: ../templates:16 +msgid "" +"/etc/portsentry/startup.conf is no longer used and /etc/default/portsentry " +"is used instead. In order to ease the transition I'll do my best to preserve " +"your settings while copying them over to the new location. Please check /" +"etc/default/portsentry against /etc/portsentry/startup.conf and remove the " +"later after the installation has finished." +msgstr "" + +#. Description +#: ../templates:16 +msgid "Sorry for any inconvenience." +msgstr "" --- portsentry-1.2.orig/portsentry.c +++ portsentry-1.2/portsentry.c @@ -1581,8 +1581,8 @@ Usage (void) { printf ("PortSentry - Port Scan Detector.\n"); - printf ("Copyright 1997-2003 Craig H. Rowland \n"); + printf ("Copyright 1997-2003 Craig H. Rowland \n"); printf ("Licensing restrictions apply. Please see documentation\n"); printf ("Version: %s\n\n", VERSION); #ifdef SUPPORT_STEALTH --- portsentry-1.2.orig/portsentry.conf.Debian +++ portsentry-1.2/portsentry.conf.Debian @@ -0,0 +1,303 @@ +# PortSentry Configuration +# +# $Id: portsentry.conf.Debian,v 1.6 2001/07/19 21:02:20 agx Exp $ +# +# Original portsentry.conf by Craig H. Rowland +# modified for Debian by Guido Guenther +# +# IMPORTANT NOTE: You CAN NOT put spaces between your port arguments. +# +# The default ports will catch a large number of common probes +# +# All entries must be in quotes. + + +####################### +# Port Configurations # +####################### +# +# +# Some example port configs for classic and basic Stealth modes +# +# I like to always keep some ports at the "low" end of the spectrum. +# This will detect a sequential port sweep really quickly and usually +# these ports are not in use (i.e. tcpmux port 1) +# +# ** X-Windows Users **: If you are running X on your box, you need to be sure +# you are not binding PortSentry to port 6000 (or port 2000 for OpenWindows users). +# Doing so will prevent the X-client from starting properly. +# +# These port bindings are *ignored* for Advanced Stealth Scan Detection Mode. +# + +# Un-comment these if you are really anal: +#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320" +#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321" +# +# Use these if you just want to be aware: +TCP_PORTS="1,11,15,79,111,119,143,540,635,1080,1524,2000,5742,6667,12345,12346,20034,27665,31337,32771,32772,32773,32774,40421,49724,54320" +UDP_PORTS="1,7,9,69,161,162,513,635,640,641,700,37444,34555,31335,32770,32771,32772,32773,32774,31337,54321" +# +# Use these for just bare-bones +#TCP_PORTS="1,11,15,110,111,143,540,635,1080,1524,2000,12345,12346,20034,32771,32772,32773,32774,49724,54320" +#UDP_PORTS="1,7,9,69,161,162,513,640,700,32770,32771,32772,32773,32774,31337,54321" + +########################################### +# Advanced Stealth Scan Detection Options # +########################################### +# +# This is the number of ports you want PortSentry to monitor in Advanced mode. +# Any port *below* this number will be monitored. Right now it watches +# everything below 1024. +# +# On many Linux systems you cannot bind above port 61000. This is because +# these ports are used as part of IP masquerading. I don't recommend you +# bind over this number of ports. Realistically: I DON'T RECOMMEND YOU MONITOR +# OVER 1024 PORTS AS YOUR FALSE ALARM RATE WILL ALMOST CERTAINLY RISE. You've been +# warned! Don't write me if you have have a problem because I'll only tell +# you to RTFM and don't run above the first 1024 ports. +# +# +ADVANCED_PORTS_TCP="1024" +ADVANCED_PORTS_UDP="1024" +# +# This field tells PortSentry what ports (besides listening daemons) to +# ignore. This is helpful for services like ident that services such +# as FTP, SMTP, and wrappers look for but you may not run (and probably +# *shouldn't* IMHO). +# +# By specifying ports here PortSentry will simply not respond to +# incoming requests, in effect PortSentry treats them as if they are +# actual bound daemons. The default ports are ones reported as +# problematic false alarms and should probably be left alone for +# all but the most isolated systems/networks. +# +# Default TCP ident and NetBIOS service +ADVANCED_EXCLUDE_TCP="113,139" +# Default UDP route (RIP), NetBIOS, bootp broadcasts. +ADVANCED_EXCLUDE_UDP="520,138,137,67" + + +###################### +# Configuration Files# +###################### +# +# Hosts to ignore +IGNORE_FILE="/etc/portsentry/portsentry.ignore" +# Hosts that have been denied (running history) +HISTORY_FILE="/var/lib/portsentry/portsentry.history" +# Hosts that have been denied this session only (temporary until next restart) +BLOCKED_FILE="/var/lib/portsentry/portsentry.blocked" + +############################## +# Misc. Configuration Options# +############################## +# +# DNS Name resolution - Setting this to "1" will turn on DNS lookups +# for attacking hosts. Setting it to "0" (or any other value) will shut +# it off. +RESOLVE_HOST = "0" + +################### +# Response Options# +################### +# Options to dispose of attacker. Each is an action that will +# be run if an attack is detected. If you don't want a particular +# option then comment it out and it will be skipped. +# +# The variable $TARGET$ will be substituted with the target attacking +# host when an attack is detected. The variable $PORT$ will be substituted +# with the port that was scanned. +# +################## +# Ignore Options # +################## +# These options allow you to enable automatic response +# options for UDP/TCP. This is useful if you just want +# warnings for connections, but don't want to react for +# a particular protocol (i.e. you want to block TCP, but +# not UDP). To prevent a possible Denial of service attack +# against UDP and stealth scan detection for TCP, you may +# want to disable blocking, but leave the warning enabled. +# I personally would wait for this to become a problem before +# doing though as most attackers really aren't doing this. +# The third option allows you to run just the external command +# in case of a scan to have a pager script or such execute +# but not drop the route. This may be useful for some admins +# who want to block TCP, but only want pager/e-mail warnings +# on UDP, etc. +# +# +# 0 = Do not block UDP/TCP scans. +# 1 = Block UDP/TCP scans. +# 2 = Run external command only (KILL_RUN_CMD) + +BLOCK_UDP="0" +BLOCK_TCP="0" + +################### +# Dropping Routes:# +################### +# This command is used to drop the route or add the host into +# a local filter table. +# +# The gateway (333.444.555.666) should ideally be a dead host on +# the *local* subnet. On some hosts you can also point this at +# localhost (127.0.0.1) and get the same effect. NOTE THAT +# 333.444.555.66 WILL *NOT* WORK. YOU NEED TO CHANGE IT!! +# +# ALL KILL ROUTE OPTIONS ARE COMMENTED OUT INITIALLY. Make sure you +# uncomment the correct line for your OS. If you OS is not listed +# here and you have a route drop command that works then please +# mail it to me so I can include it. ONLY ONE KILL_ROUTE OPTION +# CAN BE USED AT A TIME SO DON'T UNCOMMENT MULTIPLE LINES. +# +# NOTE: The route commands are the least optimal way of blocking +# and do not provide complete protection against UDP attacks and +# will still generate alarms for both UDP and stealth scans. I +# always recommend you use a packet filter because they are made +# for this purpose. +# + +# Generic +#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" + +# Generic Linux +#KILL_ROUTE="/sbin/route add -host $TARGET$ gw 333.444.555.666" + +# Newer versions of Linux support the reject flag now. This +# is cleaner than the above option. +KILL_ROUTE="/sbin/route add -host $TARGET$ reject" + +# Generic BSD (BSDI, OpenBSD, NetBSD, FreeBSD) +#KILL_ROUTE="/sbin/route add $TARGET$ 333.444.555.666" + +# Generic Sun +#KILL_ROUTE="/usr/sbin/route add $TARGET$ 333.444.555.666 1" + +# NEXTSTEP +#KILL_ROUTE="/usr/etc/route add $TARGET$ 127.0.0.1 1" + +# FreeBSD +#KILL_ROUTE="route add -net $TARGET$ -netmask 255.255.255.255 127.0.0.1 -blackhole" + +# Digital UNIX 4.0D (OSF/1 / Compaq Tru64 UNIX) +#KILL_ROUTE="/sbin/route add -host -blackhole $TARGET$ 127.0.0.1" + +# Generic HP-UX +#KILL_ROUTE="/usr/sbin/route add net $TARGET$ netmask 255.255.255.0 127.0.0.1" + +## +# Using a packet filter is the PREFERRED. The below lines +# work well on many OS's. Remember, you can only uncomment *one* +# KILL_ROUTE option. +## + +# ipfwadm support for Linux +#KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$ -o" +# +# ipfwadm support for Linux (no logging of denied packets) +#KILL_ROUTE="/sbin/ipfwadm -I -i deny -S $TARGET$" +# +# ipchain support for Linux +#KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l" +# +# ipchain support for Linux (no logging of denied packets) +#KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY" +# +# iptables support for Linux +#KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP" +# +# iptables support for Linux with limit and LOG support. Logs only +# a limited number of packets to avoid a denial of service attack. +# KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP && /sbin/iptables -I INPUT -s $TARGET$ -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: '" +# +# For those of you running FreeBSD (and compatible) you can +# use their built in firewalling as well. +# +#KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any" +# +# +# For those running ipfilt (OpenBSD, etc.) +# NOTE THAT YOU NEED TO CHANGE external_interface TO A VALID INTERFACE!! +# +#KILL_ROUTE="/bin/echo 'block in log on external_interface from $TARGET$/32 to any' | /sbin/ipf -f -" + + +############### +# TCP Wrappers# +############### +# This text will be dropped into the hosts.deny file for wrappers +# to use. There are two formats for TCP wrappers: +# +# Format One: Old Style - The default when extended host processing +# options are not enabled. +# +#KILL_HOSTS_DENY="ALL: $TARGET$" + +# Format Two: New Style - The format used when extended option +# processing is enabled. You can drop in extended processing +# options, but be sure you escape all '%' symbols with a backslash +# to prevent problems writing out (i.e. \%c \%h ) +# +KILL_HOSTS_DENY="ALL: $TARGET$ : DENY" + +################### +# External Command# +################### +# This is a command that is run when a host connects, it can be whatever +# you want it to be (pager, etc.). This command is executed before the +# route is dropped or after depending on the KILL_RUN_CMD_FIRST option below +# +# +# I NEVER RECOMMEND YOU PUT IN RETALIATORY ACTIONS AGAINST THE HOST SCANNING +# YOU! +# +# TCP/IP is an *unauthenticated protocol* and people can make scans appear out +# of thin air. The only time it is reasonably safe (and I *never* think it is +# reasonable) to run reverse probe scripts is when using the "classic" -tcp mode. +# This mode requires a full connect and is very hard to spoof. +# +# The KILL_RUN_CMD_FIRST value should be set to "1" to force the command +# to run *before* the blocking occurs and should be set to "0" to make the +# command run *after* the blocking has occurred. +# +#KILL_RUN_CMD_FIRST = "0" +# +# +#KILL_RUN_CMD="/some/path/here/script $TARGET$ $PORT$ $MODE$" +# for examples see /usr/share/doc/portsentry/expamples/ + + +##################### +# Scan trigger value# +##################### +# Enter in the number of port connects you will allow before an +# alarm is given. The default is 0 which will react immediately. +# A value of 1 or 2 will reduce false alarms. Anything higher is +# probably not necessary. This value must always be specified, but +# generally can be left at 0. +# +# NOTE: If you are using the advanced detection option you need to +# be careful that you don't make a hair trigger situation. Because +# Advanced mode will react for *any* host connecting to a non-used +# port below your specified range, you have the opportunity to +# really break things. (i.e someone innocently tries to connect to +# you via SSL [TCP port 443] and you immediately block them). Some +# of you may even want this though. Just be careful. +# +SCAN_TRIGGER="0" + +###################### +# Port Banner Section# +###################### +# +# Enter text in here you want displayed to a person tripping the PortSentry. +# I *don't* recommend taunting the person as this will aggravate them. +# Leave this commented out to disable the feature +# +# Stealth scan detection modes don't use this feature +# +#PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY." + +# EOF --- portsentry-1.2.orig/portsentry.ignore.static +++ portsentry-1.2/portsentry.ignore.static @@ -0,0 +1,26 @@ +# /etc/portsentry/portsentry.ignore.static +# +# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games. +# Put hosts in here you never want blocked. This includes the IP addresses +# of all local interfaces on the protected host (i.e virtual host, mult-home) +# Keep 127.0.0.1 and 0.0.0.0 to keep people from playing games. +# +# Upon start of portsentry(8) via /etc/init.d/portsentry this file +# will be merged into portsentry.ignore. +# +# PortSentry can support full netmasks for networks as well. Format is: +# +# / +# +# Example: +# +# 192.168.2.0/24 +# 192.168.0.0/16 +# 192.168.2.1/32 +# Etc. +# +# If you don't supply a netmask it is assumed to be 32 bits. +# +# +127.0.0.1/32 +0.0.0.0 --- portsentry-1.2.orig/portsentry_config.h +++ portsentry-1.2/portsentry_config.h @@ -23,6 +23,10 @@ /* These are probably ok. Be sure you change the Makefile if you */ /* change the path */ #define CONFIG_FILE "/usr/local/psionic/portsentry/portsentry.conf" +#ifdef DEBIAN +# undef CONFIG_FILE +# define CONFIG_FILE "/etc/portsentry/portsentry.conf" +#endif /* The location of Wietse Venema's TCP Wrapper hosts.deny file */ #define WRAPPER_HOSTS_DENY "/etc/hosts.deny" --- portsentry-1.2.orig/scripts/portsentry-add-ip +++ portsentry-1.2/scripts/portsentry-add-ip @@ -0,0 +1,38 @@ +#!/usr/bin/perl -w +# $Id: portsentry-add-ip,v 1.3 2001/07/01 22:51:00 agx Exp $ +# +# add an IP to portsentry.ignore.static file +# by Guido Guenther + +$etcdir='/etc/portsentry'; +$static_file='portsentry.ignore.static'; +$ip_regexp='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; + +if( @ARGV == 0) {die "Adds an ip to portsentry.ignore.static.\ +usage: portsentry-add-ip ip-address\n";} +else { + $new_ip = $ARGV[0]; +} + +# do sanity check on given ip +if ( $new_ip !~ /^$ip_regexp$/) { + die "$new_ip is not in aaa.bbb.ccc.ddd format!\n"; +} +print "Debug: trying to add $new_ip\n" if defined($DEBUG); + +# read ignore file +open( P, "$etcdir/$static_file") || die "Can't read $etcdir/$static_file: $!\n"; +@ignored_ips =

; +close( P); + +# reopen it for writing +$mode='>>'; +open( P, "$mode$etcdir/$static_file") || die "Can't write to $etcdir/$static_file: $!\n"; + +# check if ip is already in the ignore file, if not append it +if( !grep( /^\s*$new_ip[\s#]/, @ignored_ips)) { + print "Debug: adding $new_ip!\n" if defined($DEBUG); + print P "$new_ip\n"; +} +close( P); + --- portsentry-1.2.orig/scripts/portsentry-build-ignore-file +++ portsentry-1.2/scripts/portsentry-build-ignore-file @@ -0,0 +1,50 @@ +#!/usr/bin/perl -w +# $Id: portsentry-build-ignore-file,v 1.9 2004/09/30 18:38:13 agx Exp $ +# +# build portsentry.ignore from portsentry.ignore.static and +# all other IPs found on this host +# +# by Guido Guenther +# +# it was inspired by ignore.csh provided with the original +# portsentry package (see /usr/share/doc/portsentry/examples/ignore.csh) + +use strict; +use File::Temp qw( tempfile ); + +my $etcdir="/etc/portsentry"; +my $static_file="$etcdir/portsentry.ignore.static";# static IPs +my $ignore_file="$etcdir/portsentry.ignore"; # build this one +my $tmpdir="/var/lib/portsentry"; +my $ip_re='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; +my $ipnm_re='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]{1,2})?'; + +(my $th, my $tfname) = tempfile("portsentry.ignore.static.XXXXXX", DIR => $tmpdir); +# build file header +print $th "# $ignore_file: Contains all IPs portsentry(8) +\# will never block. +\# +\# This file was generated by $0. +\# DO NOT EDIT - edit $static_file instead and use +\# \"/etc/init.d/portsentry restart\" to reload the configuration.\n\n"; + +# insert $static_file: +open( Q, "$static_file") || die "Cannot open $static_file: $!\n"; +my @static_ips = grep( /^\s*$ipnm_re\s*(#|$)/, ); +close(Q); +print $th "\# IPs from $static_file:\n"; +print $th @static_ips; + +# insert dynamic IPs +print $th "\n\# dynamically fetched IPs(via ifconfig -a):\n"; +my @dyn_ips = grep( /inet/, `LC_ALL=C /sbin/ifconfig -a`); +foreach my $i (@dyn_ips) { + if ($i =~ /addr:($ip_re)/) { +# XXX: this is too lax, need to check subnet matches here too + print $th "$1\n" if !grep( /^\s*$1[\s#]/, @static_ips); + } +} + +close( $th ) || die "Cannot close $tfname: $!\n"; +system( "/bin/mv","-f", $tfname, $ignore_file) && die "moving $ignore_file into place failed: $?\n"; +chmod( 0644, $ignore_file ); --- portsentry-1.2.orig/scripts/portsentry-rm-ip +++ portsentry-1.2/scripts/portsentry-rm-ip @@ -0,0 +1,40 @@ +#!/usr/bin/perl -w +# $Id: portsentry-rm-ip,v 1.3 2001/07/01 22:51:00 agx Exp $ +# +# remove an IP from portsentry.ignore.static file +# +# by Guido Guenther + +use File::Temp qw( tempfile ); + +$etcdir='/etc/portsentry'; +$static_file="$etcdir/portsentry.ignore.static"; +$tmpdir="/var/lib/portsentry"; +$ip_regexp='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; + +if( @ARGV == 0) { + die +"Remove an ip from portsentry.ignore.static. +usage: portsentry-add-ip ip-address\n"; +} else { + $rm_ip = $ARGV[0]; +} + +if ( $rm_ip !~ /^$ip_regexp$/) { + die "$rm_ip is not in aaa.bbb.ccc.ddd format!\n"; +} + +open( P, "$static_file") || die "Can't read $static_file: $!\n"; +@ignored_ips =

; +close( P); + +($th, $tfname) = tempfile("portsentry.ignore.static.XXXXXX", DIR => $tmpdir); + +# write out everything except the mathing ip +@tmp_ips=grep( !/^\s*$rm_ip[\s#]/, @ignored_ips); +print $th @tmp_ips; +close( $th); + +# move temp-file to portsentry.ignore.static +rename($tfname, $static_file); +chmod( 0644, $static_file );