diff options
| author | Serhii (Sergey) Kozlov <skozlov@FreeBSD.org> | 2025-04-29 20:25:34 +0000 |
|---|---|---|
| committer | Serhii (Sergey) Kozlov <skozlov@FreeBSD.org> | 2025-04-29 22:23:35 +0000 |
| commit | d8973c80a839f6a6ddbb68b0bd05e2e8024afcaa (patch) | |
| tree | 1f9cffce61d03d7b6061af0a9e191d876511f24e | |
| parent | games/solarus-quest-editor: Update to 2.0.0 (diff) | |
security/sshesame: new port
An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in
and logs their activity. sshesame accepts and logs SSH connections and activity
(channels, requests), without doing anything on the host (e.g. executing
commands, making network requests).
| -rw-r--r-- | GIDs | 2 | ||||
| -rw-r--r-- | UIDs | 2 | ||||
| -rw-r--r-- | security/sshesame/Makefile | 27 | ||||
| -rw-r--r-- | security/sshesame/distinfo | 5 | ||||
| -rw-r--r-- | security/sshesame/files/sshesame.in | 55 | ||||
| -rw-r--r-- | security/sshesame/pkg-descr | 3 |
6 files changed, 92 insertions, 2 deletions
@@ -308,7 +308,7 @@ elog:*:364: gotify:*:365: opengist:*:366: velbustcpd:*:367: -# free: 368 +sshesame:*:368: # free: 369 _wsdd:*:370: # free: 371 @@ -314,7 +314,7 @@ elog:*:364:364::0:0:Elog server:/nonexistent:/usr/sbin/nologin gotify:*:365:365::0:0:Gotify User:/var/db/gotify:/usr/sbin/nologin opengist:*:366:366::0:0:OpenGist User:/var/db/opengist:/usr/sbin/nologin velbustcpd:*:367:367::0:0:Velbustcp Deamon:/nonexistent:/usr/sbin/nologin -# free: 368 +sshesame:*:368:368::0:0:Sshesame Daemon:/nonexistent:/usr/sbin/nologin # free: 369 _wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin # free: 371 diff --git a/security/sshesame/Makefile b/security/sshesame/Makefile new file mode 100644 index 000000000000..ddba948fae64 --- /dev/null +++ b/security/sshesame/Makefile @@ -0,0 +1,27 @@ +PORTNAME= sshesame +DISTVERSIONPREFIX= v +DISTVERSION= 0.0.39 +CATEGORIES= security + +MAINTAINER= skozlov@FreeBSD.org +COMMENT= Easy to set up and use SSH honeypot +WWW= https://github.com/jaksi/sshesame + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:1.22,modules +USE_RC_SUBR= ${PORTNAME} + +USERS= sshesame +GROUPS= sshesame + +GO_MODULE= github.com/jaksi/sshesame + +PLIST_FILES= "@sample etc/${PORTNAME}.yaml.sample" \ + bin/${PORTNAME} + +post-install: + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.yaml ${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample + +.include <bsd.port.mk> diff --git a/security/sshesame/distinfo b/security/sshesame/distinfo new file mode 100644 index 000000000000..2e9ae7e8a15d --- /dev/null +++ b/security/sshesame/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1745923901 +SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = c4f5d9cfa804935307c14fa9a884d83b1732b13bb80529871db5a5394254d33d +SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = 630 +SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 4dfe91efa8b6d55886d29d9ec18c20ddcef4a828f463c562c1c73d1841e15f04 +SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 63861 diff --git a/security/sshesame/files/sshesame.in b/security/sshesame/files/sshesame.in new file mode 100644 index 000000000000..593de16821b2 --- /dev/null +++ b/security/sshesame/files/sshesame.in @@ -0,0 +1,55 @@ +#!/bin/sh + +# PROVIDE: sshesame +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable sshesame: +# +# sshesame_enable (bool): Set to "NO" by default. +# Set to "YES" to enable sshesame. +# sshesame_user (str): Default to "sshesame". +# sshesame_group (str): Default to "sshesame". +# User and group to run sshesame with. +# sshesame_config (str): Default to "%%PREFIX%%/etc/sshesame.yaml". +# sshesame config file. +# sshesame_datadir (str): Default to "/var/db/sshesame". +# Directory to store automatically generated host keys in +# sshesame_logdir (str): Default to "/var/log/sshesame". +# Directory to store sshesame logs + +. /etc/rc.subr + +name=sshesame +rcvar=sshesame_enable +desc="SSH honeypot" + +load_rc_config sshesame + +: ${sshesame_enable:=NO} +: ${sshesame_user:=sshesame} +: ${sshesame_group:=sshesame} +: ${sshesame_config=%%PREFIX%%/etc/sshesame.yaml} +: ${sshesame_datadir=/var/db/sshesame} +: ${sshesame_logdir=/var/log/sshesame} + +pidfile=/var/run/${name}/${name}.pid +start_precmd=sshesame_precmd +procname="%%PREFIX%%/bin/sshesame" +required_files="${sshesame_config}" +command=/usr/sbin/daemon +command_args="-cf -p ${pidfile} -o ${sshesame_logdir}/sshesame.out ${procname} -config ${sshesame_config} -data_dir ${sshesame_datadir}" + +sshesame_precmd() +{ + # Create PID file directory + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "$(dirname ${pidfile})" + + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_datadir}" + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_logdir}" + + # Remove default flags, they're added in `command_args` manually + rc_flags="" +} + +run_rc_command "$1" diff --git a/security/sshesame/pkg-descr b/security/sshesame/pkg-descr new file mode 100644 index 000000000000..5ea249190458 --- /dev/null +++ b/security/sshesame/pkg-descr @@ -0,0 +1,3 @@ +sshesame accepts and logs SSH connections and activity (channels, requests), +without doing anything on the host (e.g. executing commands, making network +requests). |