head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1
	RELEASE_6_1_0:1.1
	RELEASE_5_5_0:1.1
	RELEASE_6_0_0:1.1
	RELEASE_5_4_0:1.1
	RELEASE_4_11_0:1.1
	RELEASE_5_3_0:1.1
	RELEASE_4_10_0:1.1
	RELEASE_5_2_1:1.1
	RELEASE_5_2_0:1.1
	RELEASE_4_9_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2003.08.28.09.21.14;	author edwin;	state Exp;
branches;
next	;


desc
@@


1.1
log
@New port: hunch - Scan httpd log files, find vulnerability probes,
mail admins

	Scan Apache log files for CodeRed, Nimda, FormMail, proxy
	scanners and other malicious probes. For each one found,
	track down the contact email from WHOIS data and send a
	notice. Built-in rate controls prevent flooding an admin
	even when his machines are scanning at high rates. Runs as
	a non-privileged cron job to not interfere with the HTTP
	daemon's operation.

	Notes to committer:
	 1. This port installs a user and a group "hunch". It doesn't
	 meet the conditions listed in the handbook for a "reserved"
	 uid/gid.
	 2. portlint will complain about the port. A lot. To the
	 best of my judgment all of the warnings can be ignored
	 with the exception of the one about BATCH which I could
	 find no documentation for. Therefore it is setting
	 IS_INTERACTIVE.

PR:		ports/44836
Submitted by:	Dan Pelleg <daniel+hunch@@pelleg.org>
@
text
@#! /bin/sh

#
# Adapted from pkg-deinstall in net/cvsup-mirror,
# presumably by jdp@@FreeBSD.org
#

user=hunch
group=hunch

ask() {
    local question default answer

    question=$1
    default=$2
    if [ -z "${PACKAGE_BUILDING}" ]; then
	read -p "${question} [${default}]? " answer
    fi
    if [ x${answer} = x ]; then
	answer=${default}
    fi
    echo ${answer}
}

yesno() {
    local dflt question answer

    question=$1
    dflt=$2
    while :; do
	answer=$(ask "${question}" "${dflt}")
	case "${answer}" in
	[Yy]*)		return 0;;
	[Nn]*)		return 1;;
	esac
	echo "Please answer yes or no."
    done
}

delete_account() {
    local u g home

    u=$1
    g=$2
    if yesno "Do you want me to remove group \"${g}\"" y; then
	pw groupdel -n ${g}
	echo "Done."
    fi
    if yesno "Do you want me to remove user \"${u}\"" y; then
	eval home=~${u}
	pw userdel -n ${u}
	echo "Done."
	if [ -d "${home}" ]; then
	    echo "Please remember to remove the home directory \"${home}\" as"
	    echo "well as the mirrored files."
	fi
    fi
}

if [ x$2 != xDEINSTALL ]; then
    exit
fi

export PATH=/bin:/usr/bin:/usr/sbin

if ps -axc | grep -q complain-httpd; then
    if yesno "There are some complain-httpd processes running.  Shall I kill them" y
    then
	killall complain-httpd
	sleep 2
    else
	echo "OK ... I hope you know what you are doing."
    fi
fi

tmp="/etc/#hunch$$"
trap "rm -f ${tmp}" 0 1 2 3 15

rm -f /var/db/hunch-timestamp

if yesno "Do you want me to remove scheduled complaints from \"/etc/crontab\"" y
then
    sed "/complain-httpd/d" /etc/crontab >${tmp} || exit
    chmod 644 ${tmp}
    mv ${tmp} /etc/crontab || exit
    echo "Done."
fi

if yesno "Do you want me to remove the hunch log entry from \
\"/etc/newsyslog.conf\"" y; then
    sed "/hunch\.log/d" /etc/newsyslog.conf >${tmp} || exit
    chmod 644 ${tmp}
    mv ${tmp} /etc/newsyslog.conf || exit
    echo "Done."
fi

delete_account ${user} ${group}
@
