head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1
	RELEASE_6_1_0:1.1
	RELEASE_5_5_0:1.1
	RELEASE_6_0_0:1.1
	RELEASE_5_4_0:1.1
	RELEASE_4_11_0:1.1
	RELEASE_5_3_0:1.1
	RELEASE_4_10_0:1.1
	RELEASE_5_2_1:1.1
	RELEASE_5_2_0:1.1
	RELEASE_4_9_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2003.08.28.09.21.14;	author edwin;	state Exp;
branches;
next	;


desc
@@


1.1
log
@New port: hunch - Scan httpd log files, find vulnerability probes,
mail admins

	Scan Apache log files for CodeRed, Nimda, FormMail, proxy
	scanners and other malicious probes. For each one found,
	track down the contact email from WHOIS data and send a
	notice. Built-in rate controls prevent flooding an admin
	even when his machines are scanning at high rates. Runs as
	a non-privileged cron job to not interfere with the HTTP
	daemon's operation.

	Notes to committer:
	 1. This port installs a user and a group "hunch". It doesn't
	 meet the conditions listed in the handbook for a "reserved"
	 uid/gid.
	 2. portlint will complain about the port. A lot. To the
	 best of my judgment all of the warnings can be ignored
	 with the exception of the one about BATCH which I could
	 find no documentation for. Therefore it is setting
	 IS_INTERACTIVE.

PR:		ports/44836
Submitted by:	Dan Pelleg <daniel+hunch@@pelleg.org>
@
text
@#! /bin/sh

#
# Adapted from pkg-install in net/cvsup-mirror,
# presumably by jdp@@FreeBSD.org
#

user=hunch
group=hunch

interval=4

ask() {
    local question default answer

    question=$1
    default=$2
    if [ -z "${PACKAGE_BUILDING}" ]; then
	read -p "${question} [${default}]? " answer
    fi
    if [ x${answer} = x ]; then
	answer=${default}
    fi
    echo ${answer}
}

yesno() {
    local dflt question answer

    question=$1
    dflt=$2
    while :; do
	answer=$(ask "${question}" "${dflt}")
	case "${answer}" in
	[Yy]*)		return 0;;
	[Nn]*)		return 1;;
	esac
	echo "Please answer yes or no."
    done
}

make_account() {
    local u g gcos homeopt home

    u=$1
    g=$2
    gcos=$3
    homeopt=${4:+"-d $4"}

    if pw group show "${g}" >/dev/null 2>&1; then
	echo "You already have a group \"${g}\", so I will use it."
    else
	echo "You need a group \"${g}\"."
	if which -s pw && yesno "Would you like me to create it" y; then
	    pw groupadd ${g} || exit
	    echo "Done."
	else
	    echo "Please create it, and try again."
	    if ! grep -q "^${u}:" /etc/passwd; then
		echo "While you're at it, please create a user \"${u}\" too,"
		echo "with a default group of \"${g}\"."
	    fi
	    exit 1
	fi
    fi
    
    if pw user show "${u}" >/dev/null 2>&1; then
	echo "You already have a user \"${u}\", so I will use it."
    else
	echo "You need a user \"${u}\"."
	if which -s pw && yesno "Would you like me to create it" y; then
	    pw useradd ${u} -g ${g} -h - ${homeopt} \
		-s /nonexistent -c "${gcos}" || exit
	    echo "Done."
	else
	    echo "Please create it, and try again."
	    exit 1
	fi
    fi

    if [ x"$homeopt" = x ]; then
	eval home=~${u}
	if [ ! -d "${home}" ]; then
	    if yesno \
		"Would you like me to create ${u}'s home directory (${home})" y
	    then
		(umask 77 && \
		    mkdir -p ${home}/) || exit
		chown -R ${u}:${g} ${home} || exit
	    else
		echo "Please create it, and try again."
		exit 1
	    fi
	fi
    fi
}

case $2 in

POST-INSTALL)
    # . ${base}/config.sh || exit

    if which -s pw && which -s lockf; then
	:
    else
	cat <<EOF

This system looks like a pre-2.2 version of FreeBSD.  I see that it
is missing the "lockf" and/or "pw" utilities.  I need these utilities.
Please get them and install them, and try again.  You can get the
sources from:

  ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.bin/lockf.tar.gz
  ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/usr.sbin/pw.tar.gz

EOF
	exit 1
    fi

    echo ""
    make_account ${user} ${group} "Probe-griping user" "/nonexistent"
 
    echo "Fixing ownerships and modes"
    chown ${user}:${group} ${PREFIX}/etc/hunch-special
    misc_files="/var/db/hunch-timestamp /var/log/hunch.log"
    touch $misc_files
    chown ${user}:${group} $misc_files
    chmod 664 ${PREFIX}/etc/hunch-special $misc_files

    echo ""
    if grep -q "^[^#]*/var/log/hunch.log" /etc/newsyslog.conf; then
	echo -n "It looks like you already have some logging set up, so I "
	echo "will use it."
    else
	if yesno "Would you like me to set up log rotation" y; then
	    echo "Adding hunch log entry to \"/etc/newsyslog.conf\"."
	    cat <<EOF >>/etc/newsyslog.conf
/var/log/hunch.log	hunch:hunch		644  3    100    *    Z
EOF
	    echo "Done."
	else
	    cat <<EOF
OK, please remember to do it yourself.  You should add an entry to
"/etc/newsyslog.conf".
EOF
	fi
    fi

    echo ""
    if grep -q "^[^#]*${PREFIX}/bin/complain-httpd" /etc/crontab; then
	echo "It looks like your crontab is already set up, so I'll use that."
    else
	if [ ${interval} -eq 1 ]; then
	    updstr="hourly complaints"
	else
	    updstr="complaints every ${interval} hours"
	fi
	if yesno "Would you like me to set up your crontab for ${updstr}" y
	then
	    echo "Scheduling ${updstr} in \"/etc/crontab\"."
	    delay=5
	    now=$(date "+%s")
	    start=$((${now} + ${delay}*60))
	    hh=$(date -r ${start} "+%H")
	    mm=$(date -r ${start} "+%M")
	    h=$((${hh}))
	    m=$((${mm}))
	    if [ ${interval} -eq 1 ]; then
		hstr="*"
	    else
		h0=$((${h} % ${interval}))
		if [ ${interval} -eq 24 ]; then
		    hstr=${h0}
		else
		    h1=$((${h0} + 24 - ${interval}))
		    hstr=${h0}-${h1}/${interval}
		fi
	    fi
	    cat <<EOF >>/etc/crontab
${m}	${hstr}	*	*	*	${user} ${PREFIX}/bin/complain-httpd /var/log/httpd-access.log >> /var/log/hunch.log 2>&1
EOF
	    cat <<EOF
Done.
EOF
	else
	    cat <<EOF
OK, please remember to do it yourself.  The crontab entry should run
"${PREFIX}/bin/complain-httpd /var/log/htppd-access.log" as user ${user}
EOF
	fi
    fi

    echo ""
	if yesno "Would you like me to set up the sender's address as it appears on outgoing complaints" y; then
        host=`hostname`
        sender=$(ask "Enter sender's email address" "root@@$host" )
        tmp="${PREFIX}/bin/#complain-httpd$$"
        trap "rm -f ${tmp}" 0 1 2 3 15
        sed "s/sender = ''/sender = '$sender'/" ${PREFIX}/bin/complain-httpd >${tmp} || exit
        chmod 755 ${tmp}
        mv ${tmp} ${PREFIX}/bin/complain-httpd || exit
	    echo "Done."
	else
	    cat <<EOF
OK, please remember to do it yourself.  You should modify the "my \$sender=''"
line in "${PREFIX}/bin/complain-httpd".
EOF
    fi

    echo ""
    echo "I can enable hunch right now, or leave it in parse-only mode"
    echo "which will scan the logs and determine the contacts, but"
    echo "will not actually send any mail."
	if yesno "Would you like me enable hunch in mail-sending mode" y; then
        nomail=0
    else
        nomail=1
    fi
    tmp="${PREFIX}/bin/#complain-httpd$$"
    trap "rm -f ${tmp}" 0 1 2 3 15
    sed "s/no_mailing = .*;/no_mailing = $nomail;/" ${PREFIX}/bin/complain-httpd >${tmp} || exit
    chmod 755 ${tmp}
    mv ${tmp} ${PREFIX}/bin/complain-httpd || exit
	echo "OK."

    echo ""
    echo "You are now hunch-enabled"
    ;;
esac
@
