From owner-svn-ports-head@FreeBSD.ORG  Thu Apr 23 15:18:12 2015
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 27E7FB61;
 Thu, 23 Apr 2015 15:18:12 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1493F1B39;
 Thu, 23 Apr 2015 15:18:12 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3NFIBtk022305;
 Thu, 23 Apr 2015 15:18:11 GMT (envelope-from novel@FreeBSD.org)
Received: (from novel@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3NFIBrQ022303;
 Thu, 23 Apr 2015 15:18:11 GMT (envelope-from novel@FreeBSD.org)
Message-Id: <201504231518.t3NFIBrQ022303@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: novel set sender to
 novel@FreeBSD.org using -f
From: Roman Bogorodskiy <novel@FreeBSD.org>
Date: Thu, 23 Apr 2015 15:18:11 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r384591 - in head/security/scanlogd: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 15:18:12 -0000

Author: novel
Date: Thu Apr 23 15:18:11 2015
New Revision: 384591
URL: https://svnweb.freebsd.org/changeset/ports/384591

Log:
  - Add periodic script to display port scans
  - Use OPTIONS
  
  PR:		198643
  Submitted by:	TEUBEL György <tgyurci@gmail.com>

Added:
  head/security/scanlogd/files/850.scanlogd   (contents, props changed)
Modified:
  head/security/scanlogd/Makefile

Modified: head/security/scanlogd/Makefile
==============================================================================
--- head/security/scanlogd/Makefile	Thu Apr 23 14:56:59 2015	(r384590)
+++ head/security/scanlogd/Makefile	Thu Apr 23 15:18:11 2015	(r384591)
@@ -3,7 +3,7 @@
 
 PORTNAME=	scanlogd
 PORTVERSION=	2.2.7
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	http://openwall.com/scanlogd/ \
 		ftp://ftp.openwall.com/pub/projects/scanlogd/ \
@@ -14,21 +14,34 @@ COMMENT=	TCP port scan detection tool
 
 USE_RC_SUBR=	${PORTNAME}
 
-.if defined(WITH_LIBNIDS)
-BUILD_DEPENDS+=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
-ALL_TARGET=	libnids
-.else
-ALL_TARGET=	libpcap
-.endif
-
 USERS=		scanlogd
 GROUPS=		scanlogd
-MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS} -c" LD="${CC}"
+MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" LDFLAGS="${LDFLAGS}"
+
+PLIST_FILES=	bin/scanlogd man/man8/scanlogd.8.gz \
+		etc/periodic/security/850.scanlogd
+
+OPTIONS_SINGLE=	PCAP
+OPTIONS_SINGLE_PCAP=	PCAP_BASE NIDS
+
+OPTIONS_DEFAULT=	PCAP_BASE
+
+PCAP_BASE_DESC=	Use pcap from base for packet capture
+NIDS_DESC=	Use net/libnet for packet capture
+
+PCAP_BASE_ALL_TARGET=	libpcap
 
-PLIST_FILES=	bin/scanlogd man/man8/scanlogd.8.gz
+NIDS_ALL_TARGET=	libnids
+NIDS_BUILD_DEPENDS=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
+NIDS_LIB_DEPENDS=	libnet.so:${PORTSDIR}/net/libnet
+NIDS_CFLAGS=		-I${LOCALBASE}/include/libnet11
+NIDS_LDFLAGS=		-L${LOCALBASE}/lib/libnet11
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security
+	${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \
+		${STAGEDIR}${PREFIX}/etc/periodic/security
 
 .include <bsd.port.mk>

Added: head/security/scanlogd/files/850.scanlogd
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/scanlogd/files/850.scanlogd	Thu Apr 23 15:18:11 2015	(r384591)
@@ -0,0 +1,54 @@
+#!/bin/sh -
+#
+# Show possible port scans detected by scanlogd.
+#
+# If you want to enable this script, place the following
+# into /etc/periodic.conf:
+#
+# security_status_scanlogd_enable="YES"
+# security_status_scanlogd_period="daily"
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]; then
+	. /etc/defaults/periodic.conf
+	source_periodic_confs
+fi
+
+: ${security_status_scanlogd_period="daily"}
+
+security_daily_compat_var security_status_logdir
+security_daily_compat_var security_status_scanlogd_enable
+
+logdir="${security_status_logdir}"
+
+yesterday=`env LC_TIME=C date -v-1d "+%b %e "`
+
+catmsgs() {
+	local logdir logfile mtime
+	logdir="$1"
+	logfile="$2"
+	mtime="$3"
+
+	find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 |
+		xargs -0 ls -1tr |
+		while read f; do
+			case "$f" in
+				*.gz)   zcat -f "$f" ;;
+				*.bz2)  bzcat -f "$f" ;;
+				*)      cat "$f" ;;
+			esac
+		done
+}
+
+rc=0
+
+if check_yesno_period security_status_scanlogd_enable; then
+	echo ""
+	echo "${host} possible port scans:"
+	n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l)
+	[ $n -gt 0 ] && rc=1 || rc=0
+fi
+
+exit $rc