From: Chaz Kettleson Subject: Re: [NEW]: net/hopm - open-proxy monitor irc bot To: Omar Polo Cc: ports@openbsd.org Date: Wed, 14 Aug 2024 07:54:46 -0400 On Wed, Aug 14, 2024 at 12:13:53PM GMT, Omar Polo wrote: > On 2024/08/14 12:02:46 +0200, Omar Polo wrote: > > Hello, > > > > On 2024/08/11 15:20:32 -0400, Chaz Kettleson wrote: > > > On Sun, Aug 04, 2024 at 02:23:15PM GMT, Chaz Kettleson wrote: > > > > On Sat, Jul 27, 2024 at 09:11:57AM GMT, chaz@pyr3x.com wrote: > > > > > On Tue, Jul 23, 2024 at 08:02:08PM GMT, chaz@pyr3x.com wrote: > > > > > > On Tue, Jul 23, 2024 at 07:49:47PM GMT, chaz@pyr3x.com wrote: > > > > > > > On Sun, Jul 21, 2024 at 11:35:16AM GMT, chaz@pyr3x.com wrote: > > > > > > > > Hello, > > > > > > > > > > > > > > > > Attached is a new port HOPM. > > > > > > > > > > > > > > > > HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot > > > > > > > > designed to monitor an individual server (all servers on the network > > > > > > > > have to run their own bot if the IRCd does not support the "far > > > > > > > > connect" user mode) with a local operator {} block and monitor > > > > > > > > connections. When a client connects to a server, HOPM will scan the > > > > > > > > connection for insecure proxies. Insecure proxies are determined > > > > > > > > by attempting to connect the proxy back to another host (usually > > > > > > > > the IRC server in question). > > > > > > > > > > > > > > > > HOPM is written ground-up in C language and it is an improved fork > > > > > > > > of BOPM (blitzed open proxy monitor), which is a concept derived > > > > > > > > from wgmon. It improves on wgmon with HTTP support, faster scanning > > > > > > > > (it can scan clients simultaneously), better layout (scalability) > > > > > > > > and DNSBL support. > > > > > > > > > > > > > > > > Looking for comments/feedback/testing to get this committed. > > > > Some nits: > > > > - we can use DIST_TUPLE instead of SITES since upstream doesn't provide > > a distribution tarball. Makes sense. > > - we can avoid patching the makefile and instead setting `sysconfdir' in > > FAKE_FLAGS. This is much cleaner, thank you! > > - some of the patches didn't apply, had to regen them. > > ops, i typoed the version when moving to DIST_TUPLE, no wonders some > patches failed to apply... Sorry. Attaching now a fixed tarball. > > I've added some commentary to the patches and added one to fix the > printing of one time_t. Perfect. > > > > [...] > > > > > > > > diff --git a/infrastructure/db/user.list b/infrastructure/db/user.list > > > > > > > > index 06bf2693c54..2189f6cd89e 100644 > > > > > > > > --- a/infrastructure/db/user.list > > > > > > > > +++ b/infrastructure/db/user.list > > > > > > > > @@ -408,3 +408,4 @@ id user group port > > > > > > > > 897 _croc _croc sysutils/croc > > > > > > > > 898 _icingadb _icingadb net/icinga/icingadb > > > > > > > > 899 _openhab _openhab misc/openhab > > > > > > > > +900 _hopm _hopm net/hopm > > > > - Instead of using 900 we can reuse another UID, I'd prefer not to get > > too close to 1000. > > > > cvs blame user.list | awk '/#/{print $3, $7}' | sort -t- -k3 > > > > suggests _nginx that was retired in 2012. > > > > > > > > > Added patches for pledge/unveil. > > > > I'd postpone these for now if you agree. It'll require me more time to > > feel confident about these changes, so let's get hopm in the tree and > > then add pledge. Sure. This was my first attempt using pledge/unveil so I'm not overly confident I didn't mess something up. I have, however, been running this for some time with these patches applied without issue. > > > > > > I'm attaching an updated tarball and the user.list diff that's ok op@ to > > import. I don't run IRCd so can't really test this at runtime, but the > > port now looks fine to me. Thank again for taking the time to review and the feedback! > > > > > > Index: user.list > > =================================================================== > > RCS file: /home/cvs/ports/infrastructure/db/user.list,v > > diff -u -p -r1.446 user.list > > --- user.list 16 Jul 2024 20:25:49 -0000 1.446 > > +++ user.list 14 Aug 2024 09:25:04 -0000 > > @@ -101,7 +101,7 @@ id user group port > > 590 _smsd _smsd comms/smstools > > 591 _bacula _bacula sysutils/bacula > > 592 _imapproxy _imapproxy mail/imapproxy > > -#593 _nginx _nginx www/nginx > > +593 _hopm _hopm net/hopm > > #594 _ejabberd _ejabberd net/ejabberd > > 595 _poppassd _poppassd sysutils/openpoppassd > > #596 _heartbeat _heartbeat sysutils/heartbeat > -- Chaz