Date: Thu, 23 Apr 2015 15:18:11 +0000 (UTC) From: Roman Bogorodskiy <novel@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r384591 - in head/security/scanlogd: . files Message-ID: <201504231518.t3NFIBrQ022303@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: novel Date: Thu Apr 23 15:18:11 2015 New Revision: 384591 URL: https://svnweb.freebsd.org/changeset/ports/384591 Log: - Add periodic script to display port scans - Use OPTIONS PR: 198643 Submitted by: TEUBEL György <tgyurci@gmail.com> Added: head/security/scanlogd/files/850.scanlogd (contents, props changed) Modified: head/security/scanlogd/Makefile Modified: head/security/scanlogd/Makefile ============================================================================== --- head/security/scanlogd/Makefile Thu Apr 23 14:56:59 2015 (r384590) +++ head/security/scanlogd/Makefile Thu Apr 23 15:18:11 2015 (r384591) @@ -3,7 +3,7 @@ PORTNAME= scanlogd PORTVERSION= 2.2.7 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://openwall.com/scanlogd/ \ ftp://ftp.openwall.com/pub/projects/scanlogd/ \ @@ -14,21 +14,34 @@ COMMENT= TCP port scan detection tool USE_RC_SUBR= ${PORTNAME} -.if defined(WITH_LIBNIDS) -BUILD_DEPENDS+= ${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids -ALL_TARGET= libnids -.else -ALL_TARGET= libpcap -.endif - USERS= scanlogd GROUPS= scanlogd -MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS} -c" LD="${CC}" +MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" LDFLAGS="${LDFLAGS}" + +PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz \ + etc/periodic/security/850.scanlogd + +OPTIONS_SINGLE= PCAP +OPTIONS_SINGLE_PCAP= PCAP_BASE NIDS + +OPTIONS_DEFAULT= PCAP_BASE + +PCAP_BASE_DESC= Use pcap from base for packet capture +NIDS_DESC= Use net/libnet for packet capture + +PCAP_BASE_ALL_TARGET= libpcap -PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz +NIDS_ALL_TARGET= libnids +NIDS_BUILD_DEPENDS= ${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids +NIDS_LIB_DEPENDS= libnet.so:${PORTSDIR}/net/libnet +NIDS_CFLAGS= -I${LOCALBASE}/include/libnet11 +NIDS_LDFLAGS= -L${LOCALBASE}/lib/libnet11 do-install: ${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin ${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8 + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security + ${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \ + ${STAGEDIR}${PREFIX}/etc/periodic/security .include <bsd.port.mk> Added: head/security/scanlogd/files/850.scanlogd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/scanlogd/files/850.scanlogd Thu Apr 23 15:18:11 2015 (r384591) @@ -0,0 +1,54 @@ +#!/bin/sh - +# +# Show possible port scans detected by scanlogd. +# +# If you want to enable this script, place the following +# into /etc/periodic.conf: +# +# security_status_scanlogd_enable="YES" +# security_status_scanlogd_period="daily" +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ]; then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +: ${security_status_scanlogd_period="daily"} + +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_scanlogd_enable + +logdir="${security_status_logdir}" + +yesterday=`env LC_TIME=C date -v-1d "+%b %e "` + +catmsgs() { + local logdir logfile mtime + logdir="$1" + logfile="$2" + mtime="$3" + + find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 | + xargs -0 ls -1tr | + while read f; do + case "$f" in + *.gz) zcat -f "$f" ;; + *.bz2) bzcat -f "$f" ;; + *) cat "$f" ;; + esac + done +} + +rc=0 + +if check_yesno_period security_status_scanlogd_enable; then + echo "" + echo "${host} possible port scans:" + n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l) + [ $n -gt 0 ] && rc=1 || rc=0 +fi + +exit $rc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504231518.t3NFIBrQ022303>