diff options
| author | Kurt Jaeger <pi@FreeBSD.org> | 2019-09-20 18:44:38 +0000 |
|---|---|---|
| committer | Kurt Jaeger <pi@FreeBSD.org> | 2019-09-20 18:44:38 +0000 |
| commit | be97957b6c7b63cdecf9af0c371703610363cb3d (patch) | |
| tree | 59a40d2eb4f14e553be376bf466d30316a5b8fbc /net-mgmt/p0f | |
| parent | 1bd27d12def9b354319e53ee39969e205aaf4a02 (diff) | |
| download | ports-be97957b6c7b63cdecf9af0c371703610363cb3d.tar.gz ports-be97957b6c7b63cdecf9af0c371703610363cb3d.zip | |
net-mgmt/p0f: add rc script
Added rc script to run p0f in daemon mode as as unprivileged user.
That is useful to provide access to p0f API via unix socket for
various clients (e.g. anti-spam filters like rspamd, haraka-plugin-p0f,
etc.).
PR: 240712
Submitted by: Alexander Moisseev <moiseev@mezonplus.ru>
Notes
Notes:
svn path=/head/; revision=512424
Diffstat (limited to 'net-mgmt/p0f')
| -rw-r--r-- | net-mgmt/p0f/Makefile | 8 | ||||
| -rw-r--r-- | net-mgmt/p0f/files/p0f.in | 76 |
2 files changed, 83 insertions, 1 deletions
diff --git a/net-mgmt/p0f/Makefile b/net-mgmt/p0f/Makefile index d1e10bb5041f..f7866e71b383 100644 --- a/net-mgmt/p0f/Makefile +++ b/net-mgmt/p0f/Makefile @@ -3,16 +3,22 @@ PORTNAME= p0f PORTVERSION= 3.09b +PORTREVISION= 1 CATEGORIES= net-mgmt security MASTER_SITES= http://lcamtuf.coredump.cx/p0f3/releases/ \ http://fossies.org/unix/privat/ -EXTRACT_SUFX= .tgz MAINTAINER= pi@FreeBSD.org COMMENT= Passive OS fingerprinting tool LICENSE= LGPL21 +USES= tar:tgz +USE_RC_SUBR= p0f + +USERS= p0f +GROUPS= p0f + PLIST_FILES= bin/p0f bin/p0f-client bin/p0f-sendsyn \ bin/p0f-sendsyn6 etc/p0f.fp PORTDOCS= ChangeLog README TODO existential-notes.txt \ diff --git a/net-mgmt/p0f/files/p0f.in b/net-mgmt/p0f/files/p0f.in new file mode 100644 index 000000000000..8f209a68e902 --- /dev/null +++ b/net-mgmt/p0f/files/p0f.in @@ -0,0 +1,76 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: p0f +# REQUIRE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: + +# p0f_enable (bool): Set it to YES to enable p0f. +# Default: NO. +# +# p0f_user (str) User to drop privileges and change to. +# Default: p0f. +# +# p0f_sock (path): Path to socket used to communicate with p0f. +# Default: /var/run/p0f.sock +# +# p0f_db (path): Location of fingerprint db. +# Default: %%PREFIX%%/etc/p0f.fp +# +# p0f_flags (str): Options passed to the p0f daemon. +# Default: "-d -u ${p0f_user} -s ${p0f_sock} -f ${p0f_db}" +# +# command_args (str): Optional pcap-style traffic filtering rules. +# See p0f README for details. + +. /etc/rc.subr + +name="p0f" +rcvar=p0f_enable + +load_rc_config "$name" + +: ${p0f_enable:="NO"} +: ${p0f_user:="p0f"} +: ${p0f_sock:="/var/run/${name}.sock"} +: ${p0f_db:="%%PREFIX%%/etc/p0f.fp"} +: ${p0f_flags:="-d -u ${p0f_user} -s ${p0f_sock} -f ${p0f_db}"} + +command="%%PREFIX%%/bin/${name}" + +pidfile="/var/run/${name}.pid" +required_files="${p0f_db}" + +start_cmd="${name}_start" +stop_postcmd="rm -f ${p0f_sock} $pidfile" + +extra_commands="reload" + +p0f_get_pid() { + PID=$(/bin/ps waux | /usr/bin/grep ${command} | /usr/bin/grep -v grep | /usr/bin/grep ${p0f_sock} | /usr/bin/awk '{print $2}') +} + +p0f_start() { + p0f_get_pid + if [ -z "${PID}" ] ; then + echo "Starting ${name}." + if [ ! -z "${command_args}" ] ; then + ${command} ${p0f_flags} "${command_args}" + else + ${command} ${p0f_flags} + fi + if [ ! -z "${pidfile}" ] ; then + p0f_get_pid + [ -z "${PID}" ] || echo ${PID} > ${pidfile} + fi + else + echo "${name} already running? (pid=${PID})." + fi +} + +run_rc_command "$1" |