From d8973c80a839f6a6ddbb68b0bd05e2e8024afcaa Mon Sep 17 00:00:00 2001 From: "Serhii (Sergey) Kozlov" Date: Tue, 29 Apr 2025 20:25:34 +0000 Subject: [PATCH] security/sshesame: new port An easy to set up and use SSH honeypot, a fake SSH server that lets anyone in and logs their activity. sshesame accepts and logs SSH connections and activity (channels, requests), without doing anything on the host (e.g. executing commands, making network requests). --- GIDs | 2 +- UIDs | 2 +- security/sshesame/Makefile | 27 ++++++++++++++ security/sshesame/distinfo | 5 +++ security/sshesame/files/sshesame.in | 55 +++++++++++++++++++++++++++++ security/sshesame/pkg-descr | 3 ++ 6 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 security/sshesame/Makefile create mode 100644 security/sshesame/distinfo create mode 100644 security/sshesame/files/sshesame.in create mode 100644 security/sshesame/pkg-descr diff --git a/GIDs b/GIDs index 461c6349c29e..1d5da984eeaf 100644 --- a/GIDs +++ b/GIDs @@ -308,7 +308,7 @@ elog:*:364: gotify:*:365: opengist:*:366: velbustcpd:*:367: -# free: 368 +sshesame:*:368: # free: 369 _wsdd:*:370: # free: 371 diff --git a/UIDs b/UIDs index 0de2ef28aee6..af13787b0237 100644 --- a/UIDs +++ b/UIDs @@ -314,7 +314,7 @@ elog:*:364:364::0:0:Elog server:/nonexistent:/usr/sbin/nologin gotify:*:365:365::0:0:Gotify User:/var/db/gotify:/usr/sbin/nologin opengist:*:366:366::0:0:OpenGist User:/var/db/opengist:/usr/sbin/nologin velbustcpd:*:367:367::0:0:Velbustcp Deamon:/nonexistent:/usr/sbin/nologin -# free: 368 +sshesame:*:368:368::0:0:Sshesame Daemon:/nonexistent:/usr/sbin/nologin # free: 369 _wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin # free: 371 diff --git a/security/sshesame/Makefile b/security/sshesame/Makefile new file mode 100644 index 000000000000..ddba948fae64 --- /dev/null +++ b/security/sshesame/Makefile @@ -0,0 +1,27 @@ +PORTNAME= sshesame +DISTVERSIONPREFIX= v +DISTVERSION= 0.0.39 +CATEGORIES= security + +MAINTAINER= skozlov@FreeBSD.org +COMMENT= Easy to set up and use SSH honeypot +WWW= https://github.com/jaksi/sshesame + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:1.22,modules +USE_RC_SUBR= ${PORTNAME} + +USERS= sshesame +GROUPS= sshesame + +GO_MODULE= github.com/jaksi/sshesame + +PLIST_FILES= "@sample etc/${PORTNAME}.yaml.sample" \ + bin/${PORTNAME} + +post-install: + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.yaml ${STAGEDIR}${PREFIX}/etc/${PORTNAME}.yaml.sample + +.include diff --git a/security/sshesame/distinfo b/security/sshesame/distinfo new file mode 100644 index 000000000000..2e9ae7e8a15d --- /dev/null +++ b/security/sshesame/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1745923901 +SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = c4f5d9cfa804935307c14fa9a884d83b1732b13bb80529871db5a5394254d33d +SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.mod) = 630 +SHA256 (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 4dfe91efa8b6d55886d29d9ec18c20ddcef4a828f463c562c1c73d1841e15f04 +SIZE (go/security_sshesame/sshesame-v0.0.39/v0.0.39.zip) = 63861 diff --git a/security/sshesame/files/sshesame.in b/security/sshesame/files/sshesame.in new file mode 100644 index 000000000000..593de16821b2 --- /dev/null +++ b/security/sshesame/files/sshesame.in @@ -0,0 +1,55 @@ +#!/bin/sh + +# PROVIDE: sshesame +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following line to /etc/rc.conf to enable sshesame: +# +# sshesame_enable (bool): Set to "NO" by default. +# Set to "YES" to enable sshesame. +# sshesame_user (str): Default to "sshesame". +# sshesame_group (str): Default to "sshesame". +# User and group to run sshesame with. +# sshesame_config (str): Default to "%%PREFIX%%/etc/sshesame.yaml". +# sshesame config file. +# sshesame_datadir (str): Default to "/var/db/sshesame". +# Directory to store automatically generated host keys in +# sshesame_logdir (str): Default to "/var/log/sshesame". +# Directory to store sshesame logs + +. /etc/rc.subr + +name=sshesame +rcvar=sshesame_enable +desc="SSH honeypot" + +load_rc_config sshesame + +: ${sshesame_enable:=NO} +: ${sshesame_user:=sshesame} +: ${sshesame_group:=sshesame} +: ${sshesame_config=%%PREFIX%%/etc/sshesame.yaml} +: ${sshesame_datadir=/var/db/sshesame} +: ${sshesame_logdir=/var/log/sshesame} + +pidfile=/var/run/${name}/${name}.pid +start_precmd=sshesame_precmd +procname="%%PREFIX%%/bin/sshesame" +required_files="${sshesame_config}" +command=/usr/sbin/daemon +command_args="-cf -p ${pidfile} -o ${sshesame_logdir}/sshesame.out ${procname} -config ${sshesame_config} -data_dir ${sshesame_datadir}" + +sshesame_precmd() +{ + # Create PID file directory + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "$(dirname ${pidfile})" + + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_datadir}" + install -d -o ${sshesame_user} -g ${sshesame_group} -m 0755 "${sshesame_logdir}" + + # Remove default flags, they're added in `command_args` manually + rc_flags="" +} + +run_rc_command "$1" diff --git a/security/sshesame/pkg-descr b/security/sshesame/pkg-descr new file mode 100644 index 000000000000..5ea249190458 --- /dev/null +++ b/security/sshesame/pkg-descr @@ -0,0 +1,3 @@ +sshesame accepts and logs SSH connections and activity (channels, requests), +without doing anything on the host (e.g. executing commands, making network +requests).