Received: (at submit) by debbugs.gnu.org; 14 Jan 2020 21:21:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 14 16:21:40 2020
Received: from localhost ([127.0.0.1]:33654 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1irTd5-0006x8-GQ
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:40 -0500
Received: from lists.gnu.org ([209.51.188.17]:48207)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <anothersms@HIDDEN>) id 1irTd3-0006x1-GU
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2020 16:21:38 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49091)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <anothersms@HIDDEN>) id 1irTd1-00044c-VB
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:37 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <anothersms@HIDDEN>) id 1irTd0-0007ZX-7Z
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:35 -0500
Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]:53302)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from <anothersms@HIDDEN>)
id 1irTcz-0007Yj-VI
for guix-patches@HIDDEN; Tue, 14 Jan 2020 16:21:34 -0500
Received: by mail-wm1-x335.google.com with SMTP id m24so15504159wmc.3
for <guix-patches@HIDDEN>; Tue, 14 Jan 2020 13:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=Eri6ghqtxz1c3IJDokMM5HQz8eIvytLfYgMLoO1l0Xxuche1EvSQ6km/tXgjdn68+n
dieK0MjdUQgpXlP0+SUkzU1bmFbnS1rdR2vMuq3frQ/wKVDplVs68KBn+ZJOp9z98+1s
yK9lUef94Prg4eJei4DHwFxQeeB3GdSo0SRL9nMgmOxq5eQoxO8LYvUqggYPYOeKtK4J
sB18daB2O8xHzi1LU55bmR045YxILtP2TNtZaZRKJ/9Bdij9/XJQkLQGWFiCSfwN3CIl
1humQLGu5oxnIFbPI1MbSM6IlHO6ybAFZxoQBYG2HmVLldrYGnM5dlnvTgfBwqCEsCgB
p/JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
bh=YAe21svaacBEdVgUt5LGPvtbT+z75Cr4foKr7hHvhzg=;
b=I1FZTc/9mkK9eG0+U5qW2QakZRbnb352ksaupZD0rx5cRPxHmnDvx3vK8KeoAzItyx
Ix8gKaJHD0SjLlwAs73TYfuX5s3JCjqge3z4bqykxuP8p3Zoy2SwBQ1Zo0+MbNFuf/+i
LHZ6WfrBbew5U4b2H72nX3GJkEk5ZVvHYaASay4EG6jOquq6kTx060QLlj+Sy/VQ6PbD
rFF93lDEv0cQJYI51yzlLw6Z8Mr0t7ZAClDBAydZSdBnk/5ahE+ecSAlC6tOXcx8N9US
G55Y8LSFdHlSoXnQwRpiNSYnieCavRERR3/dnzGryB16xVB95l3/JTmTgYR3ZkaUk85K
HqkQ==
X-Gm-Message-State: APjAAAVPIE4AxYWmtONB9Vedm8IZtWtqoaLGLBydJ7U8lsj1IxJduTbc
PFe1u14XLBGFiaAAecKfInaeRcc4
X-Google-Smtp-Source: APXvYqywVcVDmddYzLVeEd+Ceux2ffMJB+Z0L43Jx7MYr1CoTcaKEmIdP7wc1snXzxB5P2WeWmgxAw==
X-Received: by 2002:a1c:740b:: with SMTP id p11mr31139307wmc.78.1579036891695;
Tue, 14 Jan 2020 13:21:31 -0800 (PST)
Received: from guixSD (host146-19-dynamic.50-79-r.retail.telecomitalia.it.
[79.50.19.146])
by smtp.gmail.com with ESMTPSA id n10sm21160533wrt.14.2020.01.14.13.21.30
for <guix-patches@HIDDEN>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 14 Jan 2020 13:21:30 -0800 (PST)
From: anothersms@HIDDEN (=?utf-8?Q?Nicol=C3=B2?= Balzarotti)
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: Add endlessh.
Date: Tue, 14 Jan 2020 22:21:29 +0100
Message-ID: <874kwx91k6.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
recognized.
X-Received-From: 2a00:1450:4864:20::335
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello guix! This is my first service :) I know I still miss
documentation and tests, but before diving into it I wanted a general feedback
on it (so that if we decide to change something I don't have to adjust th
[...] Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information. [URIs: nixo.xyz]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
1.9 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: nixo.xyz (xyz)]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (anothersms[at]gmail.com)
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust [209.51.188.17 listed in list.dnswl.org]
2.0 SPOOFED_FREEMAIL No description available.
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello guix!
This is my first service :) I know I still miss documentation and tests,
but before diving into it I wanted a general feedback on it (so that if
we decide to change something I don't have to adjust the docs and the
tests twice).
Endlessh is already in the repo, but for those who don't know: it's a
fake ssh server; it should be used to prevent bruteforce attacks and the
like by "freezing" the connection on the standard port (while the real
ssh server is on another non-standard port). So, I don't know if as
default port should be 22 or, as it is now, 2222 (program's default).
My second doubt is regarding the place; it's an ssh server, but its main
purpose is for security? Maybe should go under admin.scm? I'm not sure
Last thing: bind-family as a list of allowed values is a suggetion from
IRC @leoprikler. Thanks for your help there!
Waiting for your feedback,
Nicol=C3=B2
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
filename=0001-gnu-services-Add-endlessh.patch
From 63f975ec47de8ab951beaac6781327faf06d0cac Mon Sep 17 00:00:00 2001
From: nixo <nicolo@HIDDEN>
Date: Tue, 14 Jan 2020 22:08:15 +0100
Subject: [PATCH] gnu: services: Add endlessh.
* gnu/services/ssh.scm (endlessh): New variable.
---
gnu/services/ssh.scm | 74 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 73 insertions(+), 1 deletion(-)
diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm
index d2dbb8f80d..d2729fb059 100644
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@@ -45,7 +45,11 @@
dropbear-configuration
dropbear-configuration?
dropbear-service-type
- dropbear-service))
+ dropbear-service
+
+ endlessh-configuration
+ endlessh-configuration?
+ endlessh-service-type))
;;; Commentary:
;;;
@@ -628,4 +632,72 @@ daemon} with the given @var{config}, a @code{<dropbear-configuration>}
object."
(service dropbear-service-type config))
+
+;;;
+;;; Endlessh.
+;;;
+
+(define-record-type* <endlessh-configuration>
+ endlessh-configuration make-endlessh-configuration
+ endlessh-configuration?
+ ;; list of two symbols, allowed values are ipv4, ipv6 or both
+ (bind-family endlessh-configuration-bind-family (default '(ipv4 ipv6)))
+ ;; integer
+ (delay endlessh-configuration-delay (default 10000))
+ ;; integer
+ ;; Must be in the range
+ (length endlessh-configuration-length (default 32))
+ ;; integer
+ (max-clients endlessh-configuration-max-clients (default 4096))
+ ;; integer
+ (port-number endlessh-configuration-port-number (default 2222))
+ ;; integer
+ ;; Allowed values are 0, 1 and 2
+ (log-level endlessh-configuration-log-level (default 0)))
+
+(define (endlessh-config->conf config)
+ "Convert the CONFIG of type <endlessh-config> to a config file."
+ (let* ((family (endlessh-configuration-bind-family config))
+ (ipv4 (member 'ipv4 family))
+ (ipv6 (member 'ipv6 family))
+ (port (endlessh-configuration-port-number config))
+ (delay (endlessh-configuration-delay config))
+ (length (endlessh-configuration-length config))
+ (log-level (endlessh-configuration-log-level config))
+ (max-clients (endlessh-configuration-max-clients config))
+ (bind
+ ;; check if both are true (0), or only one of them is present
+ (if (not (and (equal? ipv4 ipv6) ipv4))
+ (if ipv4 4
+ (if ipv6 6
+ (throw 'endlessh-error
+ "bind-family must contain at least one value")))
+ 0)))
+ (mixed-text-file "endlessh.conf"
+ "# Generated by 'endlessh-config'.\n\n"
+ "Port " (number->string port) "\n"
+ "Delay " (number->string delay) "\n"
+ "MaxLineLength " (number->string length) "\n"
+ "MaxClients " (number->string max-clients) "\n"
+ "LogLevel " (number->string log-level) "\n"
+ "BindFamily " (number->string bind) "\n")))
+
+(define (endlessh-shepherd-service config)
+ (shepherd-service
+ (documentation "Run endlessh tarpit server.")
+ (provision '(endlessh))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append endlessh "/bin/endlessh")
+ "-f" #$(endlessh-config->conf config))))
+ (stop #~(make-kill-destructor))))
+
+(define endlessh-service-type
+ (service-type
+ (name 'endlessh)
+ (description "Run endlessh tarpit server.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list endlessh-shepherd-service))))
+ (default-value (endlessh-configuration))))
+
;;; ssh.scm ends here
--
2.24.1
--=-=-=--
anothersms@HIDDEN (Nicolò Balzarotti):guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#39136; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.