From owner-freebsd-ports-bugs@FreeBSD.ORG Fri May 23 03:00:09 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F4125106567A for ; Fri, 23 May 2008 03:00:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D3E5A8FC16 for ; Fri, 23 May 2008 03:00:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m4N308i0057195 for ; Fri, 23 May 2008 03:00:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m4N308A2057194; Fri, 23 May 2008 03:00:08 GMT (envelope-from gnats) Resent-Date: Fri, 23 May 2008 03:00:08 GMT Resent-Message-Id: <200805230300.m4N308A2057194@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Schmehl Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90281106564A for ; Fri, 23 May 2008 02:51:14 +0000 (UTC) (envelope-from root@utd65257.utdallas.edu) Received: from utd65257.utdallas.edu (utd65257.utdallas.edu [129.110.3.28]) by mx1.freebsd.org (Postfix) with ESMTP id 79D118FC1D for ; Fri, 23 May 2008 02:51:14 +0000 (UTC) (envelope-from root@utd65257.utdallas.edu) Received: by utd65257.utdallas.edu (Postfix, from userid 0) id 7D6A234781C; Thu, 22 May 2008 21:51:14 -0500 (CDT) Message-Id: <20080523025114.7D6A234781C@utd65257.utdallas.edu> Date: Thu, 22 May 2008 21:51:14 -0500 (CDT) From: Paul Schmehl To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/123916: security/sancp, improve startup script X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2008 03:00:09 -0000 >Number: 123916 >Category: ports >Synopsis: security/sancp, improve startup script >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri May 23 03:00:08 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 7.0-STABLE i386 >Organization: The University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 7.0-STABLE FreeBSD 7.0-STABLE #6: Wed Apr 16 17:14:28 CDT 2008 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: security/sancp, this PR improves the startup script by bringing it more in alignment with the rc.subr way of doing things. It increments PORTREVISION and makes some minor changes to pkg-message as well >How-To-Repeat: >Fix: --- patch-Makefile begins here --- --- Makefile.orig 2008-05-22 21:39:05.000000000 -0500 +++ Makefile 2008-05-22 21:39:21.000000000 -0500 @@ -8,7 +8,7 @@ PORTNAME= sancp PORTVERSION= 1.6.1 DISTVERSIONSUFFIX= -stable -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= SF --- patch-Makefile ends here --- --- patch-files-pkg-mesage.in begins here --- --- files/pkg-message.in.orig 2008-05-22 21:40:40.000000000 -0500 +++ files/pkg-message.in 2008-05-22 21:30:46.000000000 -0500 @@ -20,18 +20,9 @@ new conf file, named sguil-sancp.conf-sample will be installed in the %%PREFIX%%/etc directory. You should use that one for sguil. -Some of the configuration options for sancp are: +All of the configuration options for sancp are documented in the +startup script in %%PREFIX%%/etc/rc.d (don't forget to specify interface +in /etc/rc.conf) --? or -h this help screen --c specify the configuration/rules filename --d specify the directory for output files --i set the network device to listen on (default: 'any') --g set a group identity --u set a user identity --D (daemon) forks, prints msgs to syslog only and overrides -C option --F file containing a bpf filter expression, overrides (alternative to -B) --V display version - -If you're running sguil, you probably want to use the following flags: +If you're running sguil, you probably want to use at least the following flags: sancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp" -(don't forget to specify the conf file and interface as well) --- patch-files-pkg-mesage.in ends here --- --- patch-files-sancp.sh.in begins here --- --- files/sancp.sh.in.orig 2008-05-22 20:48:56.000000000 -0500 +++ files/sancp.sh.in 2008-05-22 21:37:09.000000000 -0500 @@ -11,26 +11,59 @@ # Default: NO # sancp_flags (str): Extra flags passed to sancp # Default: -D -# sancp_interface (str): Network interface to sniff -# Default: "" # sancp_conf (str): Sancp configuration file # Default: %%PREFIX%%/etc/sancp.conf +# sancp_interface (str): Default: none - MUST BE SET # +# Command Line Options: (cmdline) +# --------------------- +# +# -? or -h this help screen +# -c specify the configuration/rules filename +# -d specify the directory for output files +# -i set the network device to listen on (default: 'any') +# -g set a group identity +# -u set a user identity +# -r pcap file to read (overrides -i) +# -B "" set a bpf expression (alternative to -F ) +# -D (daemon) forks, prints msgs to syslog only and overrides -C option +# -K (console) enable additional printing of 'realtimes' to stdout (suppressed by option -D) +# -F file containing a bpf filter expression, overrides (alternative to -B) +# -H --human-readable write IP addresses in dotted notation and TCPflag fields in hex +# -R Set default for realtime to 'pass' (default is 'log') disables realtime, but rules can override +# -S Set default for stats to 'pass' (default is 'log') disables stats, but rules can override +# -P Set default for pcap to 'pass' (default is 'log') disables pcap, but rules can override +# -I or --enable_icmp_mixed record 'code' and 'type' fields for ICMP +# to the fields 's_port' and 'd_port'. +# note: affects how related icmp packets are correlated +# -V display version +# --shift (debug) force interpretation of packet starting at byte[2] +# normally performed when reading from the 'any' interface +# --strip-80211 strip 802.1Q headers from 802.1Q packets; used to +# decode 802.1Q encapsulated packets - affects -A option, +# --log-facility where facility can be 'LOCAL1' - 'LOCAL7' +# The default log facility used by SANCP is LOG_DAEMON +# +# Debug mode for pcap data logging +# -A records ALL traffic frames to a pcap file named 'debug_pcap_raw' +# (despite rules). Packets are logged here prior to decoding or handling. +# Use -F or -B option to restrict what is collectedi. +# Pcap data logged using this option is affected by the --strip-80211 cmdline option +# The configuration file equivalent to this is 'default debug_pcap_raw enable' . %%RC_SUBR%% +# set some defaults +sancp_enable="NO" +sancp_flags="-D" +sancp_conf="%%PREFIX%%/etc/sancp.conf" +sancp_interface="" + name="sancp" +load_rc_config sancp rcvar=`set_rcvar` command="%%PREFIX%%/bin/sancp" - -load_rc_config $name - -[ -z "$sancp_enable" ] && sancp_enable="NO" -[ -z "$sancp_conf" ] && sancp_conf="%%PREFIX%%/etc/sancp.conf" -[ -z "$sancp_flags" ] && sancp_flags="-D" - -[ -n "$sancp_interface" ] && sancp_flags="$sancp_flags -i $sancp_interface" -[ -n "$sancp_conf" ] && sancp_flags="$sancp_flags -c $sancp_conf" +command_args="${sancp_flags} -c ${sancp_conf} -i ${sancp_interface}" run_rc_command "$1" --- patch-files-sancp.sh.in ends here --- >Release-Note: >Audit-Trail: >Unformatted: