diff --git a/security/Makefile b/security/Makefile index 8f94e5a061fd..e74d89e72621 100644 --- a/security/Makefile +++ b/security/Makefile @@ -721,6 +721,7 @@ SUBDIR += snortsms SUBDIR += snortsnarf SUBDIR += spike-proxy + SUBDIR += spybye SUBDIR += sqlmap SUBDIR += sqlninja SUBDIR += squidclam diff --git a/security/spybye/Makefile b/security/spybye/Makefile new file mode 100644 index 000000000000..91c4830fbe00 --- /dev/null +++ b/security/spybye/Makefile @@ -0,0 +1,34 @@ +# New ports collection makefile for: spybye +# Date created: 23 May 2008 +# Whom: pauls +# +# $FreeBSD$ +# + +PORTNAME= spybye +PORTVERSION= 0.3 +CATEGORIES= security www +MASTER_SITES= http://www.monkey.org/~provos/ + +MAINTAINER= pauls@utdallas.edu +COMMENT= A web proxy to detect malware + +BUILD_DEPENDS= event_rpcgen.py:${PORTSDIR}/devel/libevent + +OPTIONS= CLAMAV "Enable CLAMAV support" off + +USE_RC_SUBR= spybye.sh +GNU_CONFIGURE= yes +CONFIGURE_ENV= LDFLAGS="${LDFLAGS}" +CONFIGURE_TARGET= --build=${MACHINE_ARCH}-portbld-freebsd${OSREL} + +MAN1= spybye.1 + +.include + +.if defined(WITH_CLAMAV) +LIB_DEPENDS+= clamav:${PORTSDIR}/security/clamav +CONFIGURE_ARGS+= --with-libclamav=${PREFIX}/bin +.endif + +.include diff --git a/security/spybye/distinfo b/security/spybye/distinfo new file mode 100644 index 000000000000..1e9a72270c89 --- /dev/null +++ b/security/spybye/distinfo @@ -0,0 +1,3 @@ +MD5 (spybye-0.3.tar.gz) = 1cc6b8c5ef244e38fd05d02b02f55d5d +SHA256 (spybye-0.3.tar.gz) = 00dd7df03c9a37e80854fa27e44eeaaa4a8c49fa3b0597b5e3b1b2a128669432 +SIZE (spybye-0.3.tar.gz) = 160014 diff --git a/security/spybye/files/spybye.sh.in b/security/spybye/files/spybye.sh.in new file mode 100644 index 000000000000..12e6cd9d007e --- /dev/null +++ b/security/spybye/files/spybye.sh.in @@ -0,0 +1,37 @@ +#!/bin/sh +# + +# PROVIDE: spybye +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable spybye: +# spybye_enable (bool): Set to YES to enable spybye +# Default: NO +# spybye_flags (str): Extra flags passed to spybye +# Default: -x -p 8080 -l /var/log/spybye.log +# +# spybye command arguments +# spybye: [-P] [-p port] [-g good] [-b bad] [-l logfile] [-S shareurl] [-x] +# -P disable private IP check; allows the proxy to fetch 127/8 +# -p port port number to create proxy server on +# -g good_patterns a file or url containing the good patterns +# -b bad_patterns a file or url containing the danger patterns +# -l logfile a file to log dangerous site interactions to +# -S shareurl host to log dangerous site interactions to +# -x enable proxy mode + +. %%RC_SUBR%% + +name="spybye" +load_rc_config ${name} +rcvar=`set_rcvar` +# set the defaults +: ${spybye_enable="NO"} +: ${spybye_flags="-x -p 8080 -l /var/log/spybye.log"} + +command=%%PREFIX%%/bin/${name} +command_args="${spybye_flags} &" + +run_rc_command "$1" diff --git a/security/spybye/pkg-descr b/security/spybye/pkg-descr new file mode 100644 index 000000000000..cdc434d193dc --- /dev/null +++ b/security/spybye/pkg-descr @@ -0,0 +1,13 @@ +SpyBye is a tool to help web masters determine if their web pages +are hosting browser exploits that can infect visiting users with +malware. It functions as an HTTP proxy server and intercepts all +browser requests. SpyBye uses a few simple rules to determine if +embedded links on your web page are harmlesss, unknown or maybe +even dangerous. + +SpyBye analyzes all downloads in the background and provides you +with a warning notification whenever it encounters content that +is potentially malicious. At that point, you can click on the link +in the notification and receive a more detailed analysis of the web page. + +WWW: http://www.spybye.org/ diff --git a/security/spybye/pkg-plist b/security/spybye/pkg-plist new file mode 100644 index 000000000000..b88fd581a705 --- /dev/null +++ b/security/spybye/pkg-plist @@ -0,0 +1,5 @@ +bin/spybye +bin/spybye2html +share/spybye/bad_patterns +share/spybye/good_patterns +@dirrm share/spybye