pfSense » pfSense Packages

dshield-sensor			/usr/ports/net-mgmt/dshield-sensor		/usr/local/sbin/dshield-sensor

# Created by: Robert Nelson <robertn@the-nelsons.org>

# $FreeBSD$

PORTNAME=	dshield-sensor

PORTVERSION=	2015.04.03

CATEGORIES=	net-mgmt

MAINTAINER=	robertn@the-nelsons.org

COMMENT=	Submit firewall logs to Dshield Sensor periodically

RUN_DEPENDS=	p5-Net-IP>=0:${PORTSDIR}/net-mgmt/p5-Net-IP

USE_GITHUB=	yes

GH_ACCOUNT=	Robert-Nelson

GH_PROJECT=	dshield-framework

DISTVERSIONPREFIX=	v

USES=		perl5 shebangfix

SHEBANG_FILES=	${WRKSRC}/build_clients.pl

USE_PERL5=	build run

NO_ARCH=	yes

.include <bsd.port.pre.mk>

post-extract:

	${CP} ${FILESDIR}/dshield-sensor ${WRKSRC}

post-patch:

	@${REINPLACE_CMD} -e 's,@@DATADIR@@,${DATADIR},g' -e 's,@@ETCDIR@@,${ETCDIR},g' ${WRKSRC}/dshield-sensor ${WRKSRC}/dshield.cnf

do-build:

	cd ${WRKSRC}; ./build_clients.pl

	@${REINPLACE_CMD} ${_SHEBANG_REINPLACE_ARGS} ${WRKSRC}/pfsense.pl

do-install:

	${MKDIR} ${STAGEDIR}${DATADIR}

	${INSTALL_SCRIPT} ${WRKSRC}/pfsense.pl ${STAGEDIR}${DATADIR}/pfsense.pl

	${MKDIR} ${STAGEDIR}${ETCDIR}

	${INSTALL_DATA} ${WRKSRC}/dshield-source-exclude.lst ${STAGEDIR}${ETCDIR}/dshield-source-exclude.lst.sample

	${INSTALL_DATA} ${WRKSRC}/dshield-source-port-exclude.lst ${STAGEDIR}${ETCDIR}/dshield-source-port-exclude.lst.sample

	${INSTALL_DATA} ${WRKSRC}/dshield-target-exclude.lst ${STAGEDIR}${ETCDIR}/dshield-target-exclude.lst.sample

	${INSTALL_DATA} ${WRKSRC}/dshield-target-port-exclude.lst ${STAGEDIR}${ETCDIR}/dshield-target-port-exclude.lst.sample

	${INSTALL_DATA} ${WRKSRC}/dshield.cnf ${STAGEDIR}${ETCDIR}/dshield.cnf.sample

	${INSTALL_SCRIPT} ${WRKSRC}/dshield-sensor ${STAGEDIR}${PREFIX}/sbin/dshield-sensor

.include <bsd.port.post.mk>

SHA256 (dshield-sensor-v2015.04.03_GH0.tar.gz) = c0dc2fba04a1d492e69ebcb30077ed1107d68c13562497851fc417d41875608a

SIZE (dshield-sensor-v2015.04.03_GH0.tar.gz) = 57749

#!/bin/sh

@@DATADIR@@/pfsense.pl -config=@@ETCDIR@@/dshield.cnf

--- dshield.cnf.orig	2015-03-29 17:50:14 UTC

+++ dshield.cnf

@@ -35,7 +35,7 @@ replyto=

 # client processes 'syslog' reports.  Unless your firewall logs go to 

 # a different file....

-log=/var/log/messages

+#log=/var/log/messages

 # Regular expression that must match in each log line that is processed

 # Needed if your log contains all kinds of different things, not just

@@ -79,20 +79,21 @@ sendmail=/usr/sbin/sendmail -oi -t

 # Or for testing and debugging, so that you don't have to fool with mail until

 # you have it working right.

-whereto=MAIL

+#whereto=MAIL

+whereto=-

 # These optional files contain ranges that are used to exclude 

 # log lines, so you can filter out log lines that you don't want

 # to submit to DShield.

 #

 # IP addresses

-source_exclude=/etc/dshield-source-exclude.lst

-target_exclude=/etc/dshield-target-exclude.lst

+source_exclude=@@ETCDIR@@/dshield-source-exclude.lst

+target_exclude=@@ETCDIR@@/dshield-target-exclude.lst

 #

 # Ports

-source_port_exclude=/etc/dshield-source-port-exclude.lst

-target_port_exclude=/etc/dshield-target-port-exclude.lst

+source_port_exclude=@@ETCDIR@@/dshield-source-port-exclude.lst

+target_port_exclude=@@ETCDIR@@/dshield-target-port-exclude.lst

 # Replace the first byte of the target IP with '10.'

 # Note that if you set this to 'Y' then DShield won't send FightBack

@@ -112,7 +113,7 @@ obfus=N

 # yyyymmddhhmmss format, so you can manually edit this if you need to

 # reset where processing will start.

-linecnt=/tmp/dshield.cnt

+linecnt=/var/tmp/dshield.cnt

 # Setting these to "Y" makes the client spit out a lot of stuff

 # to standard output, some of which may be helpful.

This is a set of scripts which automatically submits firewall logs to DShield

WWW: https://dshield.org/howto.html

sbin/dshield-sensor

%%DATADIR%%/pfsense.pl

@sample %%ETCDIR%%/dshield-source-exclude.lst.sample

@sample %%ETCDIR%%/dshield-source-port-exclude.lst.sample

@sample %%ETCDIR%%/dshield-target-exclude.lst.sample

@sample %%ETCDIR%%/dshield-target-port-exclude.lst.sample

@sample %%ETCDIR%%/dshield.cnf.sample