diff options
| author | Niels Heinen <niels@FreeBSD.org> | 2005-06-07 20:56:27 +0000 |
|---|---|---|
| committer | Niels Heinen <niels@FreeBSD.org> | 2005-06-07 20:56:27 +0000 |
| commit | 4c30e8b53d6f432c8c178c80447dbe6814f9b5b7 (patch) | |
| tree | e073f415f50183e84d29a869a67836288677eb66 | |
| parent | 511afb5eb9d44c32bf65217f1cb44530a0839326 (diff) | |
| download | ports-4c30e8b53d6f432c8c178c80447dbe6814f9b5b7.tar.gz ports-4c30e8b53d6f432c8c178c80447dbe6814f9b5b7.zip | |
Notes
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/sancp/Makefile | 45 | ||||
| -rw-r--r-- | security/sancp/distinfo | 2 | ||||
| -rw-r--r-- | security/sancp/files/sancp.sh | 36 | ||||
| -rw-r--r-- | security/sancp/pkg-deinstall | 28 | ||||
| -rw-r--r-- | security/sancp/pkg-descr | 12 | ||||
| -rw-r--r-- | security/sancp/pkg-install | 42 | ||||
| -rw-r--r-- | security/sancp/pkg-message | 39 | ||||
| -rw-r--r-- | security/sancp/pkg-plist | 7 |
9 files changed, 212 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index 9c384a45e9b7..6d2f020e2ed1 100644 --- a/security/Makefile +++ b/security/Makefile @@ -448,6 +448,7 @@ SUBDIR += saint SUBDIR += samba-vscan SUBDIR += samhain + SUBDIR += sancp SUBDIR += scanlogd SUBDIR += scanssh SUBDIR += seahorse diff --git a/security/sancp/Makefile b/security/sancp/Makefile new file mode 100644 index 000000000000..65ce225d724d --- /dev/null +++ b/security/sancp/Makefile @@ -0,0 +1,45 @@ +# New ports collection makefile for: sancp +# Date created: 10 Feb 2005 +# Whom: Paul Schmehl <pauls@utdallas.edu> +# +# $FreeBSD$ +# + +PORTNAME= sancp +PORTVERSION= 1.6.1 +CATEGORIES= security +MASTER_SITES= http://www.metre.net/files/ + +MAINTAINER= pauls@utdallas.edu +COMMENT= A network connection profiler + +ALL_TARGET= final +USE_REINPLACE= yes +USE_RC_SUBR= yes +RC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR} + +PORTDOCS= CHANGES INSTALL ISSUES README SETUP fields.LIST + +.include <bsd.port.pre.mk> + +post-patch: + @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ + ${FILESDIR}/sancp.sh > ${WRKDIR}/sancp.sh + +post-install: + ${SH} ${PKGINSTALL} + ${INSTALL_PROGRAM} ${WRKSRC}/sancp ${PREFIX}/bin + ${INSTALL_SCRIPT} -m 755 ${WRKDIR}/sancp.sh ${PREFIX}/etc/rc.d/sancp.sh +.for f in sancp.conf + ${INSTALL_DATA} ${WRKSRC}/etc/sancp/${f} ${PREFIX}/etc/${f}-sample + [ -f ${PREFIX}/etc/${f} ] || \ + ${INSTALL_DATA} ${WRKSRC}/etc/sancp/${f} ${PREFIX}/etc/${f} +.endfor +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} LICENSE ${DOCSDIR} + cd ${WRKSRC}/docs/ && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} +.endif + @${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/sancp/distinfo b/security/sancp/distinfo new file mode 100644 index 000000000000..76947b4d4191 --- /dev/null +++ b/security/sancp/distinfo @@ -0,0 +1,2 @@ +MD5 (sancp-1.6.1.tar.gz) = b83e2f4abb2bf7b10fd874aa58f6324c +SIZE (sancp-1.6.1.tar.gz) = 69986 diff --git a/security/sancp/files/sancp.sh b/security/sancp/files/sancp.sh new file mode 100644 index 000000000000..f8be90c0e112 --- /dev/null +++ b/security/sancp/files/sancp.sh @@ -0,0 +1,36 @@ +#!/bin/sh +# + +# PROVIDE: sancp +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: FreeBSD shutdown + +# Add the following lines to /etc/rc.conf to enable sancp: +# sancp_enable (bool): Set to YES to enable sancp +# Default: NO +# sancp_flags (str): Extra flags passed to sancp +# Default: -D +# sancp_interface (str): Network interface to sniff +# Default: "" +# sancp_conf (str): Sancp configuration file +# Default: %%PREFIX%%/etc/sancp.conf +# + +. %%RC_SUBR%% + +name="sancp" +rcvar=`set_rcvar` + +command="%%PREFIX%%/bin/sancp" + +load_rc_config $name + +[ -z "$sancp_enable" ] && sancp_enable="NO" +[ -z "$sancp_conf" ] && sancp_conf="%%PREFIX%%/etc/sancp.conf" +[ -z "$sancp_flags" ] && sancp_flags="-D" + +[ -n "$sancp_interface" ] && sancp_flags="$sancp_flags -i $sancp_interface" +[ -n "$sancp_conf" ] && sancp_flags="$sancp_flags -c $sancp_conf" + +run_rc_command "$1" diff --git a/security/sancp/pkg-deinstall b/security/sancp/pkg-deinstall new file mode 100644 index 000000000000..143ec1bc244c --- /dev/null +++ b/security/sancp/pkg-deinstall @@ -0,0 +1,28 @@ +#!/bin/sh + +PATH=/bin:/usr/sbin +USER=sancp +GROUP=${USER} +LOG_DIR=/var/log/sancp + +# Remove the log directory +if [ -d ${LOG_DIR} ]; +then + rmdir ${LOG_DIR} >/dev/null 2>&1; +fi + +if pw user show "${USER}" >/dev/null 2>&1; then + if ! pw userdel ${USER} ; + then + echo "Unable to remove user: ${USER}, remove it manually" + fi +fi + + +if pw group show "${GROUP}" >/dev/null 2>&1; then + if ! pw groupdel ${GROUP} ; + then + echo "Unable to remove group: ${GROUP}, remove it manually" + fi +fi + diff --git a/security/sancp/pkg-descr b/security/sancp/pkg-descr new file mode 100644 index 000000000000..659dd3137fd9 --- /dev/null +++ b/security/sancp/pkg-descr @@ -0,0 +1,12 @@ +Sancp is a network security tool designed to collect +statistical information regarding network traffic, as +well as, collect the traffic itself in pcap format, all +for the purpose of: auditing, historical analysis, and +network activity discovery. Rules can be used to distinguish +normal from abnormal traffic and support tagging connections +with: rule id, node id, and status id. From an intrusion +detection standpoint, every connection is an event that must +be validated through some means. Sancp uses rules to identify, +record, and tag traffic of interest. 'Tagging' a connection +is a new feature since v1.4.0 Connections ('stats') can be +loaded into a database for further analysis. diff --git a/security/sancp/pkg-install b/security/sancp/pkg-install new file mode 100644 index 000000000000..5a20c14d416d --- /dev/null +++ b/security/sancp/pkg-install @@ -0,0 +1,42 @@ +#!/bin/sh + +PATH=/bin:/usr/sbin +USER=sancp +GROUP=${USER} +LOG_DIR=/var/log/sancp + +if [ ! -d ${LOG_DIR} ]; then mkdir ${LOG_DIR}; fi + +if pw group show "${GROUP}" 2>/dev/null; then + echo "You already have a group \"${GROUP}\", so I will use it." +else + if pw groupadd ${GROUP}; then + echo "Added group \"${GROUP}\"." + else + echo "Adding group \"${GROUP}\" failed..." + exit 1 + fi +fi + +if pw user show "${USER}" 2>/dev/null; then + echo "You already have a user \"${USER}\", so I will use it." + if pw usermod ${USER} -d ${LOG_DIR} + then + echo "Changed home directory of \"${USER}\" to \"${LOG_DIR}\"" + else + echo "Changing home directory of \"${USER}\" to \"${LOG_DIR}\" failed..." + exit 1 + fi +else + if pw useradd ${USER} -g ${GROUP} -h - \ + -d ${LOG_DIR} -s /sbin/nologin -c "SANCP Daemon" + then + echo "Added user \"${USER}\"." + else + echo "Adding user \"${USER}\" failed..." + exit 1 + fi +fi + +chown -R ${USER}:${GROUP} ${LOG_DIR} +chmod 750 ${LOG_DIR} diff --git a/security/sancp/pkg-message b/security/sancp/pkg-message new file mode 100644 index 000000000000..fa346b069aa3 --- /dev/null +++ b/security/sancp/pkg-message @@ -0,0 +1,39 @@ + *********************************** + * !!!!!!!!!!! WARNING !!!!!!!!!!! * + *********************************** + +A startup script, named sancp.sh-sample was installed in +%%PREFIX%%/etc/rc.d/. Create a copy named sancp.sh in the +same directory and enable the script in /etc/rc.conf using +the usual rc.subr syntax. See rc.conf(5) or go to +http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html + +Configuration files named sancp.conf-sample and sancp.conf +were installed in %%PREFIX%%/etc. See the INSTALL doc, located in +%%PREFIX%%/share/doc/sancp/ for details on configuration +options or type "sancp -h" on the commandline. + +Note that if you are installing sancp for use with sguil, the +sancp.conf file will not be altered unless it is identical to +the sancp.conf-sample file. In that case, during the +sguil-sensor install, the sancp.conf file will be overwritten with +the one that comes with squil. That file needs no editing. If the +sancp.conf has been altered (you used sancp for something else) a +new conf file, named sguil-sancp.conf-sample will be installed in the +%%PREFIX%%/etc/rc.d/directory. You should use that one for sguil. + +Some of the configuration options for sancp are: + +-? or -h this help screen +-c <filename> specify the configuration/rules filename +-d <directory> specify the directory for output files +-i <device> set the network device to listen on (default: 'any') +-g <gid> set a group identity +-u <uid> set a user identity +-D (daemon) forks, prints msgs to syslog only and overrides -C option +-F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B) +-V display version + +If you're running sguil, you probably want to use the following flags: +sancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp" +(don't forget to specify the conf file and interface as well) diff --git a/security/sancp/pkg-plist b/security/sancp/pkg-plist new file mode 100644 index 000000000000..71bb3ff88a5c --- /dev/null +++ b/security/sancp/pkg-plist @@ -0,0 +1,7 @@ +bin/sancp +etc/sancp.conf-sample +etc/rc.d/sancp.sh +%%DOCSDIR%%/LICENSE +@unexec if [ -f %D/etc/sancp.conf ] && ! cmp -s %D/etc/sancp.conf %D/etc/sancp.conf-sample; then rm -f %D/etc/sancp.conf; fi +@unexec if [ -d /var/log/sancp/ ] && ! rmdir /var/log/sancp/ >/dev/null 2>&1; then echo "WARNING: Unable to remove log dir '/var/log/sancp/', its probably not empty" ; fi +@unexec if [ -f %D/etc/sancp.conf ]; then echo "WARNING: The %D/etc/sancp.conf file was not removed!"; fi |