Date: Thu, 22 May 2008 21:51:14 -0500 (CDT) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/123916: security/sancp, improve startup script Message-ID: <20080523025114.7D6A234781C@utd65257.utdallas.edu> Resent-Message-ID: <200805230300.m4N308A2057194@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 123916
>Category: ports
>Synopsis: security/sancp, improve startup script
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri May 23 03:00:08 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 7.0-STABLE i386
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 7.0-STABLE FreeBSD 7.0-STABLE #6: Wed Apr 16 17:14:28 CDT 2008 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
security/sancp, this PR improves the startup script by bringing it
more in alignment with the rc.subr way of doing things. It increments
PORTREVISION and makes some minor changes to pkg-message as well
>How-To-Repeat:
>Fix:
--- patch-Makefile begins here ---
--- Makefile.orig 2008-05-22 21:39:05.000000000 -0500
+++ Makefile 2008-05-22 21:39:21.000000000 -0500
@@ -8,7 +8,7 @@
PORTNAME= sancp
PORTVERSION= 1.6.1
DISTVERSIONSUFFIX= -stable
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= SF
--- patch-Makefile ends here ---
--- patch-files-pkg-mesage.in begins here ---
--- files/pkg-message.in.orig 2008-05-22 21:40:40.000000000 -0500
+++ files/pkg-message.in 2008-05-22 21:30:46.000000000 -0500
@@ -20,18 +20,9 @@
new conf file, named sguil-sancp.conf-sample will be installed in the
%%PREFIX%%/etc directory. You should use that one for sguil.
-Some of the configuration options for sancp are:
+All of the configuration options for sancp are documented in the
+startup script in %%PREFIX%%/etc/rc.d (don't forget to specify interface
+in /etc/rc.conf)
--? or -h this help screen
--c <filename> specify the configuration/rules filename
--d <directory> specify the directory for output files
--i <device> set the network device to listen on (default: 'any')
--g <gid> set a group identity
--u <uid> set a user identity
--D (daemon) forks, prints msgs to syslog only and overrides -C option
--F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B)
--V display version
-
-If you're running sguil, you probably want to use the following flags:
+If you're running sguil, you probably want to use at least the following flags:
sancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp"
-(don't forget to specify the conf file and interface as well)
--- patch-files-pkg-mesage.in ends here ---
--- patch-files-sancp.sh.in begins here ---
--- files/sancp.sh.in.orig 2008-05-22 20:48:56.000000000 -0500
+++ files/sancp.sh.in 2008-05-22 21:37:09.000000000 -0500
@@ -11,26 +11,59 @@
# Default: NO
# sancp_flags (str): Extra flags passed to sancp
# Default: -D
-# sancp_interface (str): Network interface to sniff
-# Default: ""
# sancp_conf (str): Sancp configuration file
# Default: %%PREFIX%%/etc/sancp.conf
+# sancp_interface (str): Default: none - MUST BE SET
#
+# Command Line Options: (cmdline)
+# ---------------------
+#
+# -? or -h this help screen
+# -c <filename> specify the configuration/rules filename
+# -d <directory> specify the directory for output files
+# -i <device> set the network device to listen on (default: 'any')
+# -g <gid> set a group identity
+# -u <uid> set a user identity
+# -r <pcapfile> pcap file to read (overrides -i)
+# -B "<bpf expression>" set a bpf expression (alternative to -F <filename>)
+# -D (daemon) forks, prints msgs to syslog only and overrides -C option
+# -K (console) enable additional printing of 'realtimes' to stdout (suppressed by option -D)
+# -F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B)
+# -H --human-readable write IP addresses in dotted notation and TCPflag fields in hex
+# -R Set default for realtime to 'pass' (default is 'log') disables realtime, but rules can override
+# -S Set default for stats to 'pass' (default is 'log') disables stats, but rules can override
+# -P Set default for pcap to 'pass' (default is 'log') disables pcap, but rules can override
+# -I or --enable_icmp_mixed record 'code' and 'type' fields for ICMP
+# to the fields 's_port' and 'd_port'.
+# note: affects how related icmp packets are correlated
+# -V display version
+# --shift (debug) force interpretation of packet starting at byte[2]
+# normally performed when reading from the 'any' interface
+# --strip-80211 strip 802.1Q headers from 802.1Q packets; used to
+# decode 802.1Q encapsulated packets - affects -A option,
+# --log-facility <facility> where facility can be 'LOCAL1' - 'LOCAL7'
+# The default log facility used by SANCP is LOG_DAEMON
+#
+# Debug mode for pcap data logging
+# -A records ALL traffic frames to a pcap file named 'debug_pcap_raw'
+# (despite rules). Packets are logged here prior to decoding or handling.
+# Use -F or -B option to restrict what is collectedi.
+# Pcap data logged using this option is affected by the --strip-80211 cmdline option
+# The configuration file equivalent to this is 'default debug_pcap_raw enable'
. %%RC_SUBR%%
+# set some defaults
+sancp_enable="NO"
+sancp_flags="-D"
+sancp_conf="%%PREFIX%%/etc/sancp.conf"
+sancp_interface=""
+
name="sancp"
+load_rc_config sancp
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/sancp"
-
-load_rc_config $name
-
-[ -z "$sancp_enable" ] && sancp_enable="NO"
-[ -z "$sancp_conf" ] && sancp_conf="%%PREFIX%%/etc/sancp.conf"
-[ -z "$sancp_flags" ] && sancp_flags="-D"
-
-[ -n "$sancp_interface" ] && sancp_flags="$sancp_flags -i $sancp_interface"
-[ -n "$sancp_conf" ] && sancp_flags="$sancp_flags -c $sancp_conf"
+command_args="${sancp_flags} -c ${sancp_conf} -i ${sancp_interface}"
run_rc_command "$1"
--- patch-files-sancp.sh.in ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080523025114.7D6A234781C>