efe705504a
mail admins Scan Apache log files for CodeRed, Nimda, FormMail, proxy scanners and other malicious probes. For each one found, track down the contact email from WHOIS data and send a notice. Built-in rate controls prevent flooding an admin even when his machines are scanning at high rates. Runs as a non-privileged cron job to not interfere with the HTTP daemon's operation. Notes to committer: 1. This port installs a user and a group "hunch". It doesn't meet the conditions listed in the handbook for a "reserved" uid/gid. 2. portlint will complain about the port. A lot. To the best of my judgment all of the warnings can be ignored with the exception of the one about BATCH which I could find no documentation for. Therefore it is setting IS_INTERACTIVE. PR: ports/44836 Submitted by: Dan Pelleg <daniel+hunch@pelleg.org>
98 lines
1.9 KiB
Bash
98 lines
1.9 KiB
Bash
#! /bin/sh
|
|
|
|
#
|
|
# Adapted from pkg-deinstall in net/cvsup-mirror,
|
|
# presumably by jdp@FreeBSD.org
|
|
#
|
|
|
|
user=hunch
|
|
group=hunch
|
|
|
|
ask() {
|
|
local question default answer
|
|
|
|
question=$1
|
|
default=$2
|
|
if [ -z "${PACKAGE_BUILDING}" ]; then
|
|
read -p "${question} [${default}]? " answer
|
|
fi
|
|
if [ x${answer} = x ]; then
|
|
answer=${default}
|
|
fi
|
|
echo ${answer}
|
|
}
|
|
|
|
yesno() {
|
|
local dflt question answer
|
|
|
|
question=$1
|
|
dflt=$2
|
|
while :; do
|
|
answer=$(ask "${question}" "${dflt}")
|
|
case "${answer}" in
|
|
[Yy]*) return 0;;
|
|
[Nn]*) return 1;;
|
|
esac
|
|
echo "Please answer yes or no."
|
|
done
|
|
}
|
|
|
|
delete_account() {
|
|
local u g home
|
|
|
|
u=$1
|
|
g=$2
|
|
if yesno "Do you want me to remove group \"${g}\"" y; then
|
|
pw groupdel -n ${g}
|
|
echo "Done."
|
|
fi
|
|
if yesno "Do you want me to remove user \"${u}\"" y; then
|
|
eval home=~${u}
|
|
pw userdel -n ${u}
|
|
echo "Done."
|
|
if [ -d "${home}" ]; then
|
|
echo "Please remember to remove the home directory \"${home}\" as"
|
|
echo "well as the mirrored files."
|
|
fi
|
|
fi
|
|
}
|
|
|
|
if [ x$2 != xDEINSTALL ]; then
|
|
exit
|
|
fi
|
|
|
|
export PATH=/bin:/usr/bin:/usr/sbin
|
|
|
|
if ps -axc | grep -q complain-httpd; then
|
|
if yesno "There are some complain-httpd processes running. Shall I kill them" y
|
|
then
|
|
killall complain-httpd
|
|
sleep 2
|
|
else
|
|
echo "OK ... I hope you know what you are doing."
|
|
fi
|
|
fi
|
|
|
|
tmp="/etc/#hunch$$"
|
|
trap "rm -f ${tmp}" 0 1 2 3 15
|
|
|
|
rm -f /var/db/hunch-timestamp
|
|
|
|
if yesno "Do you want me to remove scheduled complaints from \"/etc/crontab\"" y
|
|
then
|
|
sed "/complain-httpd/d" /etc/crontab >${tmp} || exit
|
|
chmod 644 ${tmp}
|
|
mv ${tmp} /etc/crontab || exit
|
|
echo "Done."
|
|
fi
|
|
|
|
if yesno "Do you want me to remove the hunch log entry from \
|
|
\"/etc/newsyslog.conf\"" y; then
|
|
sed "/hunch\.log/d" /etc/newsyslog.conf >${tmp} || exit
|
|
chmod 644 ${tmp}
|
|
mv ${tmp} /etc/newsyslog.conf || exit
|
|
echo "Done."
|
|
fi
|
|
|
|
delete_account ${user} ${group}
|