GNU bug report logs - #39136
[PATCH] gnu: services: Add endlessh.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: anothersms@HIDDEN (Nicolò Balzarotti); Keywords: patch; dated Tue, 14 Jan 2020 21:22:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 14 Jan 2020 21:21:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 14 16:21:40 2020
Received: from localhost ([127.0.0.1]:33654 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1irTd5-0006x8-GQ
	for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:40 -0500
Received: from lists.gnu.org ([209.51.188.17]:48207)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <anothersms@HIDDEN>) id 1irTd3-0006x1-GU
 for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:38 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49091)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <anothersms@HIDDEN>) id 1irTd1-00044c-VB
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <anothersms@HIDDEN>) id 1irTd0-0007ZX-7Z
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:35 -0500
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]:53302)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <anothersms@HIDDEN>)
 id 1irTcz-0007Yj-VI
 for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:34 -0500
Received: by mail-wm1-x335.google.com with SMTP id m24so15504159wmc.3
 for <guix-patches@HIDDEN>; Tue, 14 Jan 2020 13:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:mime-version;
 bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
 b=Eri6ghqtxz1c3IJDokMM5HQz8eIvytLfYgMLoO1l0Xxuche1EvSQ6km/tXgjdn68+n
 dieK0MjdUQgpXlP0+SUkzU1bmFbnS1rdR2vMuq3frQ/wKVDplVs68KBn+ZJOp9z98+1s
 yK9lUef94Prg4eJei4DHwFxQeeB3GdSo0SRL9nMgmOxq5eQoxO8LYvUqggYPYOeKtK4J
 sB18daB2O8xHzi1LU55bmR045YxILtP2TNtZaZRKJ/9Bdij9/XJQkLQGWFiCSfwN3CIl
 1humQLGu5oxnIFbPI1MbSM6IlHO6ybAFZxoQBYG2HmVLldrYGnM5dlnvTgfBwqCEsCgB
 p/JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
 b=I1FZTc/9mkK9eG0+U5qW2QakZRbnb352ksaupZD0rx5cRPxHmnDvx3vK8KeoAzItyx
 Ix8gKaJHD0SjLlwAs73TYfuX5s3JCjqge3z4bqykxuP8p3Zoy2SwBQ1Zo0+MbNFuf/+i
 LHZ6WfrBbew5U4b2H72nX3GJkEk5ZVvHYaASay4EG6jOquq6kTx060QLlj+Sy/VQ6PbD
 rFF93lDEv0cQJYI51yzlLw6Z8Mr0t7ZAClDBAydZSdBnk/5ahE+ecSAlC6tOXcx8N9US
 G55Y8LSFdHlSoXnQwRpiNSYnieCavRERR3/dnzGryB16xVB95l3/JTmTgYR3ZkaUk85K
 HqkQ==
X-Gm-Message-State: APjAAAVPIE4AxYWmtONB9Vedm8IZtWtqoaLGLBydJ7U8lsj1IxJduTbc
 PFe1u14XLBGFiaAAecKfInaeRcc4
X-Google-Smtp-Source: APXvYqywVcVDmddYzLVeEd+Ceux2ffMJB+Z0L43Jx7MYr1CoTcaKEmIdP7wc1snXzxB5P2WeWmgxAw==
X-Received: by 2002:a1c:740b:: with SMTP id p11mr31139307wmc.78.1579036891695; 
 Tue, 14 Jan 2020 13:21:31 -0800 (PST)
Received: from guixSD (host146-19-dynamic.50-79-r.retail.telecomitalia.it.
 [79.50.19.146])
 by smtp.gmail.com with ESMTPSA id n10sm21160533wrt.14.2020.01.14.13.21.30
 for <guix-patches@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 14 Jan 2020 13:21:30 -0800 (PST)
From: anothersms@HIDDEN (=?utf-8?Q?Nicol=C3=B2?= Balzarotti)
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: Add endlessh.
Date: Tue, 14 Jan 2020 22:21:29 +0100
Message-ID: <874kwx91k6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:1450:4864:20::335
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Hello guix! This is my first service :) I know I still miss
 documentation and tests, but before diving into it I wanted a general feedback
 on it (so that if we decide to change something I don't have to adjust th
 [...] Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
 blocked.  See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: nixo.xyz]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 1.9 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: nixo.xyz (xyz)]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (anothersms[at]gmail.com)
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [209.51.188.17 listed in list.dnswl.org]
 2.0 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello guix!

This is my first service :) I know I still miss documentation and tests,
but before diving into it I wanted a general feedback on it (so that if
we decide to change something I don't have to adjust the docs and the
tests twice).

Endlessh is already in the repo, but for those who don't know: it's a
fake ssh server; it should be used to prevent bruteforce attacks and the
like by "freezing" the connection on the standard port (while the real
ssh server is on another non-standard port).  So, I don't know if as
default port should be 22 or, as it is now, 2222 (program's default).

My second doubt is regarding the place; it's an ssh server, but its main
purpose is for security? Maybe should go under admin.scm? I'm not sure

Last thing: bind-family as a list of allowed values is a suggetion from
IRC @leoprikler. Thanks for your help there!

Waiting for your feedback,

Nicol=C3=B2


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-services-Add-endlessh.patch

From 63f975ec47de8ab951beaac6781327faf06d0cac Mon Sep 17 00:00:00 2001
From: nixo <nicolo@HIDDEN>
Date: Tue, 14 Jan 2020 22:08:15 +0100
Subject: [PATCH] gnu: services: Add endlessh.

* gnu/services/ssh.scm (endlessh): New variable.
---
 gnu/services/ssh.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 73 insertions(+), 1 deletion(-)

diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..d2729fb059 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -45,7 +45,11 @@
             dropbear-configuration
             dropbear-configuration?
             dropbear-service-type
-            dropbear-service))
+            dropbear-service
+
+            endlessh-configuration
+            endlessh-configuration?
+            endlessh-service-type))
 
 ;;; Commentary:
 ;;;
@@ -628,4 +632,72 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
 object."
   (service dropbear-service-type config))
 
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+  endlessh-configuration make-endlessh-configuration
+  endlessh-configuration?
+  ;; list of two symbols, allowed values are ipv4, ipv6 or both
+  (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+  ;; integer
+  (delay endlessh-configuration-delay (default 10000))
+  ;; integer
+  ;; Must be in the range
+  (length endlessh-configuration-length (default 32))
+  ;; integer
+  (max-clients endlessh-configuration-max-clients (default 4096))
+  ;; integer
+  (port-number endlessh-configuration-port-number (default 2222))
+  ;; integer
+  ;; Allowed values are 0, 1 and 2
+  (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+  "Convert the CONFIG of type <endlessh-config> to a config file."
+  (let* ((family (endlessh-configuration-bind-family config))
+	 (ipv4 (member 'ipv4 family))
+	 (ipv6 (member 'ipv6 family))
+	 (port (endlessh-configuration-port-number config))
+	 (delay (endlessh-configuration-delay config))
+	 (length (endlessh-configuration-length config))
+	 (log-level (endlessh-configuration-log-level config))
+	 (max-clients (endlessh-configuration-max-clients config))
+	 (bind
+	  ;; check if both are true (0), or only one of them is present
+	  (if (not (and (equal? ipv4 ipv6) ipv4))
+	      (if ipv4 4
+		  (if ipv6 6
+		      (throw 'endlessh-error
+			     "bind-family must contain at least one value")))
+	      0)))
+    (mixed-text-file "endlessh.conf"
+		     "# Generated by 'endlessh-config'.\n\n"
+		     "Port " (number->string port) "\n"
+		     "Delay " (number->string delay) "\n"
+		     "MaxLineLength " (number->string length) "\n"
+		     "MaxClients " (number->string max-clients) "\n"
+		     "LogLevel " (number->string log-level) "\n"
+		     "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+  (shepherd-service
+   (documentation "Run endlessh tarpit server.")
+   (provision '(endlessh))
+   (start #~(make-forkexec-constructor
+	     (list #$(file-append endlessh "/bin/endlessh")
+		   "-f" #$(endlessh-config->conf config))))
+   (stop  #~(make-kill-destructor))))
+
+(define endlessh-service-type
+  (service-type
+   (name 'endlessh)
+   (description "Run endlessh tarpit server.")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list endlessh-shepherd-service))))
+   (default-value (endlessh-configuration))))
+
 ;;; ssh.scm ends here
-- 
2.24.1


--=-=-=--




Acknowledgement sent to anothersms@HIDDEN (Nicolò Balzarotti):
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#39136; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 14 Jan 2020 21:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.