Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 13 Jan 2003 11:01:59 +0000 (GMT)
From:      Yonatan@xpert.com
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/47011: new port: forensic file-times collector
Message-ID:  <20030113110159.B6FC6552@node-110.xpert.com>
next in thread | raw e-mail | index | archive | help 

>Number:         47011
>Category:       ports
>Synopsis:       new port: forensic file-times collector
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 13 01:00:22 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Yonatan@xpert.com
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD Temujin 4.7-STABLE FreeBSD 4.7-STABLE #0: Wed Jan 8 11:54:56 GMT 2003 root@Temujin:/usr/obj/usr/src/sys/TEMUJIN i386

>Description:
	This is a one-file-port of mac-robber- a program that outputs
Modification, Access and Create times for files. This is (or should be) a
standard part of any forensic toolkit.
>How-To-Repeat:
	N/A
>Fix:

--- mac-robber.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	/usr/ports/security/mac-robber
#	/usr/ports/security/mac-robber/Makefile
#	/usr/ports/security/mac-robber/distinfo
#	/usr/ports/security/mac-robber/pkg-plist
#	/usr/ports/security/mac-robber/pkg-comment
#	/usr/ports/security/mac-robber/pkg-descr
#
echo c - /usr/ports/security/mac-robber
mkdir -p /usr/ports/security/mac-robber > /dev/null 2>&1
echo x - /usr/ports/security/mac-robber/Makefile
sed 's/^X//' >/usr/ports/security/mac-robber/Makefile << 'END-of-/usr/ports/security/mac-robber/Makefile'
X# Ports collection makefile for:  mac-robber
X# Date created:			  Jan 12 2003
X# Whom:				  Yonatan <Yonatan@xpert.com>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	mac-robber
XPORTVERSION=	1.00
XCATEGORIES=	security
XMASTER_SITES=	http://www.atstake.com/research/tools/
X#DISTNAME=	dcetest
X
XMAINTAINER=	Yonatan@xpert.com
X
Xdo-install:
X	${INSTALL_PROGRAM} ${WRKSRC}/mac-robber ${PREFIX}/bin
X
X.if !target(post-install) && (${PORTNAME} == "mac-robber")
Xpost-install:
X	@strip ${PREFIX}/bin/mac-robber
X.endif
X
X.include <bsd.port.mk>
END-of-/usr/ports/security/mac-robber/Makefile
echo x - /usr/ports/security/mac-robber/distinfo
sed 's/^X//' >/usr/ports/security/mac-robber/distinfo << 'END-of-/usr/ports/security/mac-robber/distinfo'
XMD5 (mac-robber-1.00.tar.gz) = 4fa05cf85dd0d28c2780b6151b74f9f0
END-of-/usr/ports/security/mac-robber/distinfo
echo x - /usr/ports/security/mac-robber/pkg-plist
sed 's/^X//' >/usr/ports/security/mac-robber/pkg-plist << 'END-of-/usr/ports/security/mac-robber/pkg-plist'
X@comment $FreeBSD$
Xbin/mac-robber
END-of-/usr/ports/security/mac-robber/pkg-plist
echo x - /usr/ports/security/mac-robber/pkg-comment
sed 's/^X//' >/usr/ports/security/mac-robber/pkg-comment << 'END-of-/usr/ports/security/mac-robber/pkg-comment'
XCollect Modify, Access, Create times from files
END-of-/usr/ports/security/mac-robber/pkg-comment
echo x - /usr/ports/security/mac-robber/pkg-descr
sed 's/^X//' >/usr/ports/security/mac-robber/pkg-descr << 'END-of-/usr/ports/security/mac-robber/pkg-descr'
Xmac-robber is a Forensics & Incident Response tool used to collect
Xthe Modified, Access, and Change (MAC) times from allocated files.
XIt recursively reads MAC times of files and directories and prints
Xthem in 'time machine' format to STDOUT.  This format is the same
Xthat the mactime tool from The Coroners Toolkit (TCT) reads.
X
Xmac-robber is based on the grave-robber tool from The Coroners
XToolkit (TCT) when using the '-m' flag, except it does not require
XPerl!
X
XWWW: http://www.atstake.com/research/tools/forensic/
END-of-/usr/ports/security/mac-robber/pkg-descr
exit
--- mac-robber.shar ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113110159.B6FC6552>