Hello All,
I am wanting to create a rpm for sshdfilter. I know it can be done, its just a matter of programing the install files. I am currently workings on the .spec file and stuck. The compressed file is found
here.
sshdfilter.spec
Quote:
Summary: ssh brute force attack blocker
Name: sshdfilter
Version: 0.1.0alpha1
Release: 1.5.5
License: GPL
Group: Security
URL: http://www.csc.liv.ac.uk/~greg/sshdfilter/
Source: http://www.csc.liv.ac.uk/~greg/sshdfilter-%(version).tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: iptables
Requires: sshd
Requires: logwatch
%description
sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output (or sysl
og output) and generating iptables (or ipfw) rules, the process can be quick enough to block an attack before they get a chance to e
nter any password at all. The blocking policy is defined by a list of blockrules largely by user name or by the type of user name. T
here are two install routes, the old style sshdfilter starts sshd itself, having started sshd with the -e and -D options. The newer
style uses a syslog configuration line that writes sshd messages to a dedicated named pipe, normally /var/log/sshd.fifo. Regardless,
this means sshdfilter can see events as they happen and act on them as they happen. sshdfilter then looks for lines of the form:
Did not receive identification string from x.x.x.x
Illegal user x from x.x.x.x
Failed password for illegal user x from x.x.x.x port x ssh2
Failed password for x from x.x.x.x port x ssh2
When sshd produces any of these messages, the response of sshdfilter is defined by the configuration file /etc/sshdfilterrc. The def
ault configuration file defines the first message as in instant block event that will install an iptables rule dropping that IP. The
other lines are given 3 chances (ie. this chance and two more) before an iptables dropping rule is generated and their IP is blocke
d.
%prep
%setup -q
%build
%install
%clean
%doc AUTHORS ChangeLog INSTALL NEWS TODO README COPYING
%changelog
* Sat Nov 15 2008 - travisray2004 at gmail dot com 0.1.0alpha1
- Initial release.
|
Currently need to work on the build/install/clean parts. Anyhelp is much appreciated.
create a rpm for sshdfilter
