---
name: bruteblock
version: 0.0.5_4
origin: security/bruteblock
comment: Software for blocking bruteforce attacks with ipfw
arch: freebsd:10:x86:64
www: http://samm.kiev.ua/bruteblock/
maintainer: amdmi3@FreeBSD.org
prefix: /usr/local
licenselogic: single
flatsize: 46770
desc: |
  Bruteblock allows system administrators to block various bruteforce
  attacks on UNIX services. The program analyzes system logs and adds
  attacker's IP address into ipfw2 table effectively blocking them.
  Addresses are automatically removed from the table after specified
  amount of time. Bruteblock uses regular expressions to parse logs,
  which provides flexibility allowing it to be used with almost any
  network service.  Bruteblock is written in pure C, doesn't use any
  external programs and work with ipfw2 tables via raw sockets API.

  WWW: http://samm.kiev.ua/bruteblock/
deps:
  pcre: {origin: devel/pcre, version: 8.33}
categories:
- security
shlibs_required:
- libpcre.so.3
files:
  /usr/local/etc/bruteblock/proftpd.conf.dist: 5295ec9888c7223e2a9429f5afd1207de4d6b758d89b091daf4b405575a11f80
  /usr/local/etc/bruteblock/ssh.conf.dist: c8477e6fd9c3f59c06d57d45d788a24498c6e4fade99d56abbd83bf07096812c
  /usr/local/etc/rc.d/bruteblockd: ff02f066b0037ad2681efb3b844a8841034c877235081719c8bd01c47efcbe48
  /usr/local/man/man8/bruteblock.8.gz: dd3a881b3d868fa8f6431e2c5596e26e8130500915c8ef281f4883ae13878106
  /usr/local/sbin/bruteblock: c637144fc816e730149451c0df98b7e28e6cd8eb677e72fa3d10d0574e0b1eb2
  /usr/local/sbin/bruteblockd: 48395fdfe510036e8d87f4b27d023f5ce193fec52972d779d51d98b8987db72d
  /usr/local/share/doc/bruteblock/CHANGES: ca10f5e1156b142af4b96bbd839a9fc6453d792f9ab01ffdff54cec6d89fff76
  /usr/local/share/doc/bruteblock/FAQ: be7efd0a1dee99d59fac90ec1c75cf2b00d1ec4221531eb1e002aa951e07c758
  /usr/local/share/doc/bruteblock/README: 15e1ddd3ff902d6c7a05cede2fd4ee45abf3b12cd6299c5d3db35f6cbf7dea3c
directories:
  /usr/local/share/doc/bruteblock/: n
  /usr/local/etc/bruteblock/: y
scripts:
  post-install: |
    if [ ! -f /usr/local/etc/bruteblock/proftpd.conf ]; then cp -p /usr/local/etc/bruteblock/proftpd.conf.dist /usr/local/etc/bruteblock/proftpd.conf; fi
    if [ ! -f /usr/local/etc/bruteblock/ssh.conf ]; then cp -p /usr/local/etc/bruteblock/ssh.conf.dist /usr/local/etc/bruteblock/ssh.conf; fi
    cd /usr/local
  pre-deinstall: |
    if cmp -s /usr/local/etc/bruteblock/proftpd.conf.dist /usr/local/etc/bruteblock/proftpd.conf; then rm -f /usr/local/etc/bruteblock/proftpd.conf; fi
    if cmp -s /usr/local/etc/bruteblock/ssh.conf.dist /usr/local/etc/bruteblock/ssh.conf; then rm -f /usr/local/etc/bruteblock/ssh.conf; fi
    cd /usr/local
  post-deinstall: |
    cd /usr/local
message: "===>  CONFIGURATION NOTE:\n\n  Configuration of the bruteblock is done via
  configuration files\n  located at /usr/local/etc/bruteblock/\n\n  To run the script,
  append following lines to /etc/syslog.conf:\n\n!*\nauth.info;authpriv.info                         |exec
  /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf\n\n  and restart
  syslogd.\n\n  Also you should add ipfw2 table and the corresponding deny rule.\n
  \ For example,\n\n# ipfw add deny ip from table(1) to any  \n\n  Next, you'll want
  to setup periodical cleanup of ipfw2 table.  Add following \n  lines to /etc/rc.conf:\n\n
  \    bruteblockd_enable=\"YES\"\n     bruteblockd_table=\"1\"\n     bruteblockd_flags=\"-s
  5\"\n \n  and start bruteblockd: /usr/local/etc/rc.d/bruteblockd.sh start\n\nSee
  bruteblock(8) for more details.\n"
