Date: Sat, 12 Feb 2005 14:49:00 -0600 (CST) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/77426: Shar file to replace previous submission under pr77402 Message-ID: <20050212204900.B7FE63C80CA@buttercup2> Resent-Message-ID: <200502122100.j1CL0exM098739@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77426
>Category: ports
>Synopsis: Shar file to replace previous submission under pr77402
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 12 21:00:40 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 4.9-SECURITY i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD unknown.utdallas.edu 4.9-SECURITY FreeBSD 4.9-SECURITY #0: Mon Jun 7 18:02:41 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Shar file to replace previous submission. This file includes changes to
the pkg-plist, pkg-message and Makefile so please replace the previous
submission with this one.
>How-To-Repeat:
>Fix:
--- sancp.port begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /usr/ports/security/sancp/
# /usr/ports/security/sancp/pkg-install
# /usr/ports/security/sancp/Makefile
# /usr/ports/security/sancp/pkg-descr
# /usr/ports/security/sancp/distinfo
# /usr/ports/security/sancp/files
# /usr/ports/security/sancp/files/sancp.sh
# /usr/ports/security/sancp/pkg-plist
# /usr/ports/security/sancp/pkg-message
#
echo c - /usr/ports/security/sancp/
mkdir -p /usr/ports/security/sancp/ > /dev/null 2>&1
echo x - /usr/ports/security/sancp/pkg-install
sed 's/^X//' >/usr/ports/security/sancp/pkg-install << 'END-of-/usr/ports/security/sancp/pkg-install'
X#!/bin/sh
X
XPATH=/bin:/usr/sbin
XUSER=sancp
XGROUP=${USER}
XLOG_DIR=/var/log/sancp
X
Xif [ ! -d ${LOG_DIR} ]; then mkdir ${LOG_DIR}; fi
X
Xif pw group show "${GROUP}" 2>/dev/null; then
X echo "You already have a group \"${GROUP}\", so I will use it."
Xelse
X if pw groupadd ${GROUP}; then
X echo "Added group \"${GROUP}\"."
X else
X echo "Adding group \"${GROUP}\" failed..."
X exit 1
X fi
Xfi
X
Xif pw user show "${USER}" 2>/dev/null; then
X echo "You already have a user \"${USER}\", so I will use it."
X if pw usermod ${USER} -d ${LOG_DIR}
X then
X echo "Changed home directory of \"${USER}\" to \"${LOG_DIR}\""
X else
X echo "Changing home directory of \"${USER}\" to \"${LOG_DIR}\" failed..."
X exit 1
X fi
Xelse
X if pw useradd ${USER} -g ${GROUP} -h - \
X -d ${LOG_DIR} -s /sbin/nologin -c "SANCP Daemon"
X then
X echo "Added user \"${USER}\"."
X else
X echo "Adding user \"${USER}\" failed..."
X exit 1
X fi
Xfi
X
Xchown -R ${USER}:${GROUP} ${LOG_DIR}
Xchmod 750 ${LOG_DIR}
END-of-/usr/ports/security/sancp/pkg-install
echo x - /usr/ports/security/sancp/Makefile
sed 's/^X//' >/usr/ports/security/sancp/Makefile << 'END-of-/usr/ports/security/sancp/Makefile'
X# New ports collection makefile for: sancp
X# Date created: 10 Feb 2005
X# Whom: Paul Schmehl <pauls@utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sancp
XPORTVERSION= 1.6.1
XCATEGORIES= security
XMASTER_SITES= http://www.metre.net/files/
X
XMAINTAINER= pauls@utdallas.edu
XCOMMENT= A network connection profiler
X
XPKGINSTALL= pkg-install
XALL_TARGET= final
XWITH_LIBPCAP_BASE= yes
XUSE_REINPLACE= yes
XUSE_RC_SUBR= yes
XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
X
XPORTDOCS= CHANGES INSTALL ISSUES README SETUP fields.LIST
X
X.include <bsd.port.pre.mk>
X
Xpost-patch:
X @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
X ${FILESDIR}/sancp.sh > ${WRKDIR}/sancp.sh
X
Xpost-install:
X ${SH} ${PKGINSTALL}
X ${INSTALL_PROGRAM} ${WRKSRC}/sancp ${PREFIX}/bin
X ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/sancp.sh ${PREFIX}/etc/rc.d/sancp.sh-sample
X.for f in sancp.conf
X ${INSTALL_DATA} ${WRKSRC}/etc/sancp/${f} ${PREFIX}/etc/${f}-sample
X [ -f ${PREFIX}/etc/${f} ] || \
X ${INSTALL_DATA} ${WRKSRC}/etc/sancp/${f} ${PREFIX}/etc/${f}
X.endfor
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X cd ${WRKSRC} && ${INSTALL_DATA} LICENSE ${DOCSDIR}
X cd ${WRKSRC}/docs/ && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X @${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-/usr/ports/security/sancp/Makefile
echo x - /usr/ports/security/sancp/pkg-descr
sed 's/^X//' >/usr/ports/security/sancp/pkg-descr << 'END-of-/usr/ports/security/sancp/pkg-descr'
XSancp is a network security tool designed to collect
Xstatistical information regarding network traffic, as
Xwell as, collect the traffic itself in pcap format, all
Xfor the purpose of: auditing, historical analysis, and
Xnetwork activity discovery. Rules can be used to distinguish
Xnormal from abnormal traffic and support tagging connections
Xwith: rule id, node id, and status id. From an intrusion
Xdetection standpoint, every connection is an event that must
Xbe validated through some means. Sancp uses rules to identify,
Xrecord, and tag traffic of interest. 'Tagging' a connection
Xis a new feature since v1.4.0 Connections ('stats') can be
Xloaded into a database for further analysis.
END-of-/usr/ports/security/sancp/pkg-descr
echo x - /usr/ports/security/sancp/distinfo
sed 's/^X//' >/usr/ports/security/sancp/distinfo << 'END-of-/usr/ports/security/sancp/distinfo'
XMD5 (sancp-1.6.1.tar.gz) = b83e2f4abb2bf7b10fd874aa58f6324c
XSIZE (sancp-1.6.1.tar.gz) = 69986
END-of-/usr/ports/security/sancp/distinfo
echo c - /usr/ports/security/sancp/files
mkdir -p /usr/ports/security/sancp/files > /dev/null 2>&1
echo x - /usr/ports/security/sancp/files/sancp.sh
sed 's/^X//' >/usr/ports/security/sancp/files/sancp.sh << 'END-of-/usr/ports/security/sancp/files/sancp.sh'
X#!/bin/sh
X#
X
X# PROVIDE: sancp
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable sancp:
X# sancp_enable (bool): Set to YES to enable sancp
X# Default: NO
X# sancp_flags (str): Extra flags passed to sancp
X# Default: -D
X# sancp_interface (str): Network interface to sniff
X# Default: ""
X# sancp_conf (str): Sancp configuration file
X# Default: ${PREFIX}/etc/sancp.conf
X#
X
X. %%RC_SUBR%%
X
Xname="sancp"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/bin/sancp"
X
Xload_rc_config $name
X
X[ -z "$sancp_enable" ] && sancp_enable="NO"
X[ -z "$sancp_conf" ] && sancp_conf="%%PREFIX%%/etc/sancp.conf"
X[ -z "$sancp_flags" ] && sancp_flags="-D"
X
X[ -n "$sancp_interface" ] && sancp_flags="$sancp_flags -i $sancp_interface"
X[ -n "$sancp_conf" ] && sancp_flags="$sancp_flags -c $sancp_conf"
X
Xrun_rc_command "$1"
END-of-/usr/ports/security/sancp/files/sancp.sh
echo x - /usr/ports/security/sancp/pkg-plist
sed 's/^X//' >/usr/ports/security/sancp/pkg-plist << 'END-of-/usr/ports/security/sancp/pkg-plist'
Xbin/sancp
X@unexec if [ -f %D/etc/rc.d/sancp.sh ] && cmp -s %D/etc/rc.d/sancp.sh %D/etc/rc.d/sancp.sh-sample; then rm -f %D/etc/rc.d/sancp.sh; fi
X@unexec if [ -f %D/etc/sancp.conf ] && cmp -s %D/etc/sancp.conf %D/etc/sancp.conf-sample; then rm -f %D/etc/sancp.conf; fi
Xetc/sancp.conf-sample
Xetc/rc.d/sancp.sh-sample
X%%DOCSDIR%%/LICENSE
X@unexec rm -fr %%DOCSDIR%%
X@unexec if [ ! -f /var/log/sancp/*.* ]; then rm -fr /var/log/sancp; fi
X@unexec if [ -f %D/etc/rc.d/sancp.sh ] || [ -f %D/etc/sancp.conf ] || [ -d /var/log/sancp ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sancp.sh ] || [ -f %D/etc/sancp.conf ] || [ -d /var/log/sancp ]; then echo "* WARNING!!!! WARNING!!!! WARNING!!!! *"; fi
X@unexec if [ -f %D/etc/rc.d/sancp.sh ] || [ -f %D/etc/sancp.conf ] || [ -d /var/log/sancp ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sancp.sh ]; then echo ""; echo "The %D/etc/rc.d/sancp.sh file was not removed!"; fi
X@unexec if [ -f %D/etc/sancp.conf ]; then echo ""; echo "The %D/etc/sancp.conf file was not removed!"; fi
X@unexec if [ -d /var/log/sancp ]; then echo ""; echo "The /var/log/sancp directory was not removed!"; fi
END-of-/usr/ports/security/sancp/pkg-plist
echo x - /usr/ports/security/sancp/pkg-message
sed 's/^X//' >/usr/ports/security/sancp/pkg-message << 'END-of-/usr/ports/security/sancp/pkg-message'
X ***********************************
X * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X ***********************************
X
XA startup script, named sancp.sh-sample was installed in
X%%PREFIX%%/etc/rc.d/. Create a copy named sancp.sh in the
Xsame directory and enable the script in /etc/rc.conf using
Xthe usual rc.subr syntax. See rc.conf(5) or go to
Xhttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
X
XConfiguration files named sancp.conf-sample and sancp.conf
Xwere installed in %%PREFIX%%/etc. See the INSTALL doc, located in
X%%PREFIX%%/share/doc/sancp/ for details on configuration
Xoptions or type "sancp -h" on the commandline.
X
XNote that if you are installing sancp for use with sguil, the
Xsancp.conf file will not be altered unless it is identical to
Xthe sancp.conf-sample file. In that case, during the
Xsguil-sensor install, the sancp.conf file will be overwritten with
Xthe one that comes with squil. That file needs no editing. If the
Xsancp.conf has been altered (you used sancp for something else) a
Xnew conf file, named sguil-sancp.conf-sample will be installed in the
X%%PREFIX%%/etc/rc.d/directory. You should use that one for sguil.
X
XSome of the configuration options for sancp are:
X
X-? or -h this help screen
X-c <filename> specify the configuration/rules filename
X-d <directory> specify the directory for output files
X-i <device> set the network device to listen on (default: 'any')
X-g <gid> set a group identity
X-u <uid> set a user identity
X-D (daemon) forks, prints msgs to syslog only and overrides -C option
X-F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B)
X-V display version
X
XIf you're running sguil, you probably want to use the following flags:
Xsancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp"
X(don't forget to specify the conf file and interface as well)
END-of-/usr/ports/security/sancp/pkg-message
exit
--- sancp.port ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050212204900.B7FE63C80CA>