diff options
| author | Edwin Groothuis <edwin@FreeBSD.org> | 2008-06-13 03:43:51 +0000 |
|---|---|---|
| committer | Edwin Groothuis <edwin@FreeBSD.org> | 2008-06-13 03:43:51 +0000 |
| commit | be29a34732f3bda4f52b0ee512fede198e9f03f3 (patch) | |
| tree | cb77dd6875c552a9b643d1f7df6754bc6e83bc3a /security | |
| parent | a643038b42ef282cf2c0b7751a5e1419919094ee (diff) | |
Notes
Diffstat (limited to 'security')
21 files changed, 570 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index e74d89e72621..c6cb36160bab 100644 --- a/security/Makefile +++ b/security/Makefile @@ -150,6 +150,7 @@ SUBDIR += fwanalog SUBDIR += fwbuilder SUBDIR += fwipe + SUBDIR += fwknop SUBDIR += fwlogwatch SUBDIR += fwtk SUBDIR += gag diff --git a/security/fwknop/Makefile b/security/fwknop/Makefile new file mode 100644 index 000000000000..9f41b2d6c97e --- /dev/null +++ b/security/fwknop/Makefile @@ -0,0 +1,59 @@ +# New ports collection makefile for: fwknop +# +# Date created: 23 Nov 2007 +# Whom: Sean Greven<sean.greven@gmail.com> +# +# $FreeBSD$ +# + +PORTNAME= fwknop +PORTVERSION= 1.8.3 +CATEGORIES= security +MASTER_SITES= http://www.cipherdyne.org/fwknop/download/ + +MAINTAINER= sean.greven@gmail.com +COMMENT= An SPA implimentation for Linux and FreeBSD + +BUILD_DEPENDS= ${SITE_PERL}/Net/IPv4Addr.pm:${PORTSDIR}/net-mgmt/p5-Net-IPv4Addr \ + ${SITE_PERL}/${PERL_ARCH}/Unix/Syslog.pm:${PORTSDIR}/sysutils/p5-Unix-Syslog \ + ${SITE_PERL}/${PERL_ARCH}/Term/ReadKey.pm:${PORTSDIR}/devel/p5-Term-ReadKey \ + ${SITE_PERL}/${PERL_ARCH}/Net/Pcap.pm:${PORTSDIR}/net/p5-Net-Pcap \ + ${SITE_PERL}/${PERL_ARCH}/List/MoreUtils.pm:${PORTSDIR}/lang/p5-List-MoreUtils \ + ${SITE_PERL}/${PERL_ARCH}/Crypt/Rijndael.pm:${PORTSDIR}/security/p5-Crypt-Rijndael \ + ${SITE_PERL}/${PERL_ARCH}/Class/MethodMaker.pm:${PORTSDIR}/devel/p5-Class-MethodMaker \ + ${SITE_PERL}/${PERL_ARCH}/Net/RawIP.pm:${PORTSDIR}/net/p5-Net-RawIP \ + ${SITE_PERL}/GnuPG/Key.pm:${PORTSDIR}/security/p5-GnuPG-Interface \ + ${SITE_PERL}/Crypt/CBC.pm:${PORTSDIR}/security/p5-Crypt-CBC \ + ${SITE_PERL}/NetPacket.pm:${PORTSDIR}/net/p5-NetPacket \ + ${SITE_PERL}/Net/Ping/External.pm:${PORTSDIR}/net/p5-Net-Ping-External +RUN_DEPENDS= ${BUILD_DEPENDS} + +MAN8= fwknop.8 fwknopd.8 knopmd.8 knopwatchd.8 +MANCOMPRESSED= yes + +NO_BUILD= yes +USE_PERL5_BUILD=yes + +post-patch: + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/access.conf + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.8 + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.conf + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop_serv + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd.8 + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/install.pl + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.8 + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.c + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.conf + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopspoof + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knoptm + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.8 + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.c + @${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/init-scripts/fwknop-init.freebsd + +do-install: + cd ${WRKSRC} && ./install.pl + @${ECHO_MSG} "Configuration files in ${LOCALBASE}/etc/fwknop"; + +.include <bsd.port.mk> diff --git a/security/fwknop/distinfo b/security/fwknop/distinfo new file mode 100644 index 000000000000..f3a1efdbceb3 --- /dev/null +++ b/security/fwknop/distinfo @@ -0,0 +1,3 @@ +MD5 (fwknop-1.8.3.tar.gz) = 9ee3ff46a01911a095f4cec9a3ca2e3b +SHA256 (fwknop-1.8.3.tar.gz) = 366dbb0c9ae38973cee960408eb1a76ed6ff544f15855affaed93331face9491 +SIZE (fwknop-1.8.3.tar.gz) = 471949 diff --git a/security/fwknop/files/patch-access.conf b/security/fwknop/files/patch-access.conf new file mode 100644 index 000000000000..6c5249bdff18 --- /dev/null +++ b/security/fwknop/files/patch-access.conf @@ -0,0 +1,20 @@ +--- access.conf.orig 2007-11-21 20:59:13.000000000 +0200 ++++ access.conf 2007-11-21 21:00:47.000000000 +0200 +@@ -5,7 +5,7 @@ + # + # Purpose: This file defines how fwknop will modify iptables access controls + # for specific IPs/networks. It gets installed by default at +-# /etc/fwknop/access.conf and is consulted by fwknop when run in ++# %%PREFIX%%/etc/fwknop/access.conf and is consulted by fwknop when run in + # "access control mode", which is the default (i.e. when fwknop is + # run from the command line without any command line arguments). + # The corresponding file ~/.fwknoprc defines how fwknop will +@@ -96,7 +96,7 @@ + # fwknopd to read packets from a file that is written to by a sniffer + # process or by something like the ulogd pcap writer (use ULOG_PCAP for + # this). The specific file path is defined by the PCAP_FILE keyword in +-# /etc/fwknop/fwknop.conf). We also require that the username on the ++# %%PREFIX%%/etc/fwknop/fwknop.conf). We also require that the username on the + # system that generates the authorization packet is "mbr": + # + # SOURCE: ANY; diff --git a/security/fwknop/files/patch-fwknop b/security/fwknop/files/patch-fwknop new file mode 100644 index 000000000000..46555550e603 --- /dev/null +++ b/security/fwknop/files/patch-fwknop @@ -0,0 +1,20 @@ +--- fwknop.orig 2007-11-21 20:59:13.000000000 +0200 ++++ fwknop 2007-11-21 21:01:29.000000000 +0200 +@@ -37,7 +37,7 @@ + # $Id: fwknop 586 2006-11-04 20:45:49Z mbr $ + # + +-use lib '/usr/lib/fwknop'; ++use lib '%%PREFIX%%/lib/fwknop'; + use Crypt::CBC; + use Net::IPv4Addr qw(ipv4_in_network); + use Net::Ping::External qw(ping); +@@ -975,7 +975,7 @@ + } else { + print + "[+] Enter an encryption key. This key must match a key in the file\n", +-" /etc/fwknop/access.conf on the remote system.\n\n" unless $quiet; ++" %%PREFIX%%/etc/fwknop/access.conf on the remote system.\n\n" unless $quiet; + } + my $try = 0; + my $max_tries = 20; diff --git a/security/fwknop/files/patch-fwknop.8 b/security/fwknop/files/patch-fwknop.8 new file mode 100644 index 000000000000..0caefd89cadd --- /dev/null +++ b/security/fwknop/files/patch-fwknop.8 @@ -0,0 +1,65 @@ +--- fwknop.8.orig 2007-11-21 20:59:13.000000000 +0200 ++++ fwknop.8 2007-11-21 21:01:07.000000000 +0200 +@@ -43,7 +43,7 @@ + or via GnuPG and associated asymmetric ciphers. If the symmetric encryption + method is chosen, then the encryption key is shared between between the + client and server (see the +-.I /etc/fwknop/access.conf ++.I %%PREFIX%%/etc/fwknop/access.conf + file). If the GnuPG + method is chosen, then the encryption keys are derived from GnuPG key + rings. SPA packets generated by fwknop running as a client adhere +@@ -76,7 +76,7 @@ + this can be tuned via the + .B ALERTING_METHODS + variable in the +-.I /etc/fwknop/fwknop.conf ++.I %%PREFIX%%/etc/fwknop/fwknop.conf + file). By default, the + .B fwknop + client sends authorization packets over UDP +@@ -310,7 +310,7 @@ + .B REQUIRE_USERNAME + keyword that might + be specified in +-.I /etc/fwknop/access.conf. ++.I %%PREFIX%%/etc/fwknop/access.conf. + .TP + .BR \-\^\-Spoof-user\ \<user> + Specify the username that is included within SPA packet. This allows +@@ -352,7 +352,7 @@ + and have it execute the command). This option is not needed when trying to + gain access to a service via the SPA mechanism. To use this feature, please + ensure that ENABLE_CMD_EXEC; is set in the file +-.I /etc/fwknop/access.conf ++.I %%PREFIX%%/etc/fwknop/access.conf + on the + .B fwknopd + server you are sending the command to. +@@ -363,7 +363,7 @@ + server, which will execute the command as root. Command execution is enabled only + if the + .B ENABLE_CMD_EXEC keyword is given in +-.I /etc/fwknop/access.conf ++.I %%PREFIX%%/etc/fwknop/access.conf + (note that commands can easily be restricted with the + .B CMD_REGEX + keyword as well). +@@ -502,7 +502,7 @@ + .RS + .B NOTE: + Please ensure that ENABLE_CMD_EXEC; is set in the file +-.I /etc/fwknop/access.conf ++.I %%PREFIX%%/etc/fwknop/access.conf + on the + .B fwknopd + server you are attempting to connect to. +@@ -563,7 +563,7 @@ + will read the sequence out of the file + .B ~/.fwknoprc + and the server will read the sequence out of +-.B /etc/fwknop/access.conf: ++.B %%PREFIX%%/etc/fwknop/access.conf: + .PP + .B $ fwknop --Server-mode 'knock' -D 10.11.11.123 + .RE diff --git a/security/fwknop/files/patch-fwknop.conf b/security/fwknop/files/patch-fwknop.conf new file mode 100644 index 000000000000..ba8ec4b07230 --- /dev/null +++ b/security/fwknop/files/patch-fwknop.conf @@ -0,0 +1,45 @@ +--- fwknop.conf.orig 2007-11-23 22:37:27.000000000 +0200 ++++ fwknop.conf 2007-11-23 22:40:56.000000000 +0200 +@@ -10,7 +10,7 @@ + # + # Note there are no access control directives in this file. All access + # control directives are located in the file +-# /etc/fwknop/access.conf. You will need to edit the access.conf file in ++# %%PREFIX%%/etc/fwknop/access.conf. You will need to edit the access.conf file in + # order for fwknop to function correctly. + # + ############################################################################# +@@ -90,7 +90,7 @@ + + ### If GPG keys are used instead of a Rijndael symmetric key, this is + ### the default GPG keys directory. Note that each access block in +-### /etc/fwknop/access.conf can specify its own GPG directory to override ++### %%PREFIX%%/etc/fwknop/access.conf can specify its own GPG directory to override + ### this default. + GPG_DEFAULT_HOME_DIR /root/.gnupg; + +@@ -184,8 +184,8 @@ + FWKNOP_DIR /var/log/fwknop; + FWKNOP_RUN_DIR /var/run/fwknop; + FWKNOP_LIB_DIR /var/lib/fwknop; # for legacy port knocking mode +-FWKNOP_MOD_DIR /usr/lib/fwknop; +-FWKNOP_CONF_DIR /etc/fwknop; ++FWKNOP_MOD_DIR %%PREFIX%%/lib/fwknop; ++FWKNOP_CONF_DIR %%PREFIX%%/etc/fwknop; + FWKNOP_ERR_DIR $FWKNOP_DIR/errs; + + ### Files +@@ -216,8 +216,8 @@ + mknodCmd /bin/mknod; + iptablesCmd /sbin/iptables; + ipfwCmd /sbin/ipfw; ### BSD and Mac OS X only +-fwknopdCmd /usr/sbin/fwknopd; +-fwknop_servCmd /usr/sbin/fwknop_serv; +-knopmdCmd /usr/sbin/knopmd; +-knoptmCmd /usr/sbin/knoptm; +-knopwatchdCmd /usr/sbin/knopwatchd; ++fwknopdCmd %%PREFIX%%/sbin/fwknopd; ++fwknop_servCmd %%PREFIX%%/sbin/fwknop_serv; ++knopmdCmd %%PREFIX%%/sbin/knopmd; ++knoptmCmd %%PREFIX%%/sbin/knoptm; ++knopwatchdCmd %%PREFIX%%/sbin/knopwatchd; diff --git a/security/fwknop/files/patch-fwknop_serv b/security/fwknop/files/patch-fwknop_serv new file mode 100644 index 000000000000..d8a4f83fba7c --- /dev/null +++ b/security/fwknop/files/patch-fwknop_serv @@ -0,0 +1,11 @@ +--- fwknop_serv.orig 2007-11-21 20:59:13.000000000 +0200 ++++ fwknop_serv 2007-11-21 21:02:08.000000000 +0200 +@@ -22,7 +22,7 @@ + use POSIX; + use strict; + +-my $config_file = '/etc/fwknop/fwknop.conf'; ++my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf'; + my %config = (); + + my @required_vars = qw( diff --git a/security/fwknop/files/patch-fwknopd b/security/fwknop/files/patch-fwknopd new file mode 100644 index 000000000000..49dcf270273a --- /dev/null +++ b/security/fwknop/files/patch-fwknopd @@ -0,0 +1,20 @@ +--- fwknopd.orig 2007-11-21 20:59:13.000000000 +0200 ++++ fwknopd 2007-11-21 21:02:31.000000000 +0200 +@@ -40,7 +40,7 @@ + # $Id: fwknopd 583 2006-11-04 20:43:01Z mbr $ + # + +-use lib '/usr/lib/fwknop'; ++use lib '%%PREFIX%%/lib/fwknop'; + use Crypt::CBC; + use Unix::Syslog qw(:subs :macros); + use Net::IPv4Addr qw(ipv4_in_network); +@@ -59,7 +59,7 @@ + use Getopt::Long; + use strict; + +-my $config_file = '/etc/fwknop/fwknop.conf'; ++my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf'; + + my $version = '1.8.3'; + my $revision_svn = '$Revision: 809 $'; diff --git a/security/fwknop/files/patch-fwknopd.8 b/security/fwknop/files/patch-fwknopd.8 new file mode 100644 index 000000000000..e8c4a485e7cc --- /dev/null +++ b/security/fwknop/files/patch-fwknopd.8 @@ -0,0 +1,112 @@ +--- fwknopd.8.orig 2007-11-21 20:59:13.000000000 +0200 ++++ fwknopd.8 2007-11-21 21:02:20.000000000 +0200 +@@ -26,7 +26,7 @@ + and + .B access.conf + within the +-.B /etc/fwknop ++.B %%PREFIX%%/etc/fwknop + directory, and configuration variables within these files are desribed below. + .SH OPTIONS + .TP +@@ -34,7 +34,7 @@ + When run in server mode + .B fwknop + references the file +-.B /etc/fwknop/fwknop.conf ++.B %%PREFIX%%/etc/fwknop/fwknop.conf + for various run-time configuration + variables. The path to this file can be changed through the use of the + .B --config +@@ -42,7 +42,7 @@ + .TP + .BR \-i "\fR,\fP " \-\^\-intf\ \<interface> + Manually specify interface on which to sniff, e.g. "-i eth0". This option +-is not usually needed because the PCAP_INTF keyword in /etc/fwknop/fwknop.conf ++is not usually needed because the PCAP_INTF keyword in %%PREFIX%%/etc/fwknop/fwknop.conf + file defines the sniffing interface. + .TP + .BR \-\^\-fw-list +@@ -80,32 +80,32 @@ + .BR \-V "\fR,\fP " \-\^\-Version + Display version information and exit. + .SH FILES +-.B /etc/fwknop/fwknop.conf ++.B %%PREFIX%%/etc/fwknop/fwknop.conf + .RS + The main configuration file for + .B fwknop. + .RE + +-.B /etc/fwknop/access.conf ++.B %%PREFIX%%/etc/fwknop/access.conf + .RS + Defines all knock sequences and access control directives. + .RE + +-.B /etc/fwknop/pf.os ++.B %%PREFIX%%/etc/fwknop/pf.os + .RS + Defines p0f signatures used by fwknop. + .RE + .SH FWKNOP CONFIG AND ACCESS VARIABLES + .B fwknop + references the file +-.B /etc/fwknop/fwknop.conf ++.B %%PREFIX%%/etc/fwknop/fwknop.conf + for configuration variables such as the path to the firewall logfile, + the sleep interval fwknop uses to check for new log messages, and + paths to system binaries, etc. The + .B fwknop + config file does not define any access control directives; they are + located in the file +-.B /etc/fwknop/access.conf. ++.B %%PREFIX%%/etc/fwknop/access.conf. + Access control directives define encryption keys and level of access that + is granted to an fwknop client that has generated the appropriate encrypted + message. This file is referenced for this information when run in either +@@ -116,7 +116,7 @@ + legacy knock sequence) will be accepted. The string "ANY" is also + accepted if a valid authorization packet should be honored from any source + IP. Every authorization stanza in +-.B /etc/fwknop/access.conf ++.B %%PREFIX%%/etc/fwknop/access.conf + definition must start with the SOURCE keyword. Networks can be + specified in either CIDR (e.g. "192.168.10.0/24") or regular (e.g. + "192.168.10.0/255.255.255.0") notation, and individual IP addresses +@@ -178,7 +178,7 @@ + on the client, but each fwknopd server should have its own gpg key that is + generated specifically for fwknop communications. The reason for this is + that the decryption password for the server key must be placed within the +-.B /etc/fwknop/access.conf ++.B %%PREFIX%%/etc/fwknop/access.conf + file for fwknopd to function (it has to be able to decrypt SPA messages that + have been encrypted with the server's public key). For more information on + using fwknop with GnuPG keys, see the following link: +@@ -204,7 +204,7 @@ + Define the path to the GnuPG directory to be used by the + .B fwknopd + server. If this keyword is not specified within +-.B /etc/fwknop/access.conf ++.B %%PREFIX%%/etc/fwknop/access.conf + then fwknopd will default to using the /root/.gnupg directory for the server key(s). + .TP + .B FW_ACCESS_TIMEOUT: <seconds> +@@ -235,7 +235,7 @@ + "Linux:2.4::Linux 2.4/2.6" or "OpenBSD:3.0-3.5::OpenBSD 3.0-3.5" + before a knock sequence will be accepted. The fingerprints are listed + in +-.B /etc/fwknop/pf.os. ++.B %%PREFIX%%/etc/fwknop/pf.os. + Note that the corresponding knock sequence must utilize the tcp protocol + (this is only be an issue for shared sequences since encrypted sequences + use tcp by default) since OS fingerprinting requires tcp syn packets. +@@ -281,7 +281,7 @@ + starting at a default port of 61000. This value can be changed + through the use of the PORT_OFFSET variable. The PORT_OFFSET + is optional and will be set to 61000 by fwknop if it is not specified +-in /etc/fwknop/access.conf. ++in %%PREFIX%%/etc/fwknop/access.conf. + .TP + .B MIN_TIME_DIFF: <seconds> + Set the minimum number of seconds that must pass between successive diff --git a/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd b/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd new file mode 100644 index 000000000000..b4638c6db6e3 --- /dev/null +++ b/security/fwknop/files/patch-init-scripts-fwknop-init.freebsd @@ -0,0 +1,18 @@ +--- init-scripts/fwknop-init.freebsd.orig 2007-06-01 02:55:08.000000000 +0000 ++++ init-scripts/fwknop-init.freebsd 2008-06-13 02:47:25.000000000 +0000 +@@ -14,13 +14,13 @@ + fwknop_start() + { + echo "Starting fwknop." +- /usr/sbin/fwknopd ++ %%PREFIX%%/sbin/fwknopd + } + + fwknop_stop() + { + echo "Stopping fwknop." +- /usr/sbin/fwknopd --Kill ++ %%PREFIX%%/sbin/fwknopd --Kill + } + + load_rc_config $name diff --git a/security/fwknop/files/patch-install.pl b/security/fwknop/files/patch-install.pl new file mode 100644 index 000000000000..10bd6d33dec8 --- /dev/null +++ b/security/fwknop/files/patch-install.pl @@ -0,0 +1,60 @@ +--- install.pl 2007-10-24 00:32:29.000000000 +0000 ++++ install.pl 2008-06-13 02:52:36.000000000 +0000 +@@ -38,8 +38,8 @@ + + #========================== config =========================== + my $INIT_DIR = '/etc/init.d'; +-my $USRBIN_DIR = '/usr/bin'; +-my $URRSBIN_DIR = '/usr/sbin'; ++my $USRBIN_DIR = '%%PREFIX%%/bin'; ++my $URRSBIN_DIR = '%%PREFIX%%/sbin'; + + my $RUNLEVEL; ### This should only be set if install.pl + ### cannot determine the correct runlevel +@@ -302,7 +302,7 @@ + &stop_fwknop(); + } + +- for my $dir qw| /usr/lib /var/run /var/log /var/lib | { ++ for my $dir qw| %%PREFIX%%/lib /usr/lib /var/run /var/log /var/lib | { + unless (-d $dir) { + mkdir $dir or die "[*] Could not mkdir $dir: $!"; + } +@@ -463,7 +463,7 @@ + "$USRBIN_DIR/fwknop.tmp: $!"; + for my $line (@lines) { + ### change the lib dir to new homedir path +- if ($line =~ m|^\s*use\s+lib\s+\'/usr/lib/fwknop\';|) { ++ if ($line =~ m|^\s*use\s+lib\s+\'%%PREFIX%%/lib/fwknop\';|) { + print P "use lib '", $config{'FWKNOP_MOD_DIR'}, "';\n"; + } else { + print P $line; +@@ -725,8 +725,8 @@ + unless (-d $INIT_DIR) { + if (-d '/etc/rc.d/init.d') { + $INIT_DIR = '/etc/rc.d/init.d'; +- } elsif (-d '/etc/rc.d') { +- $INIT_DIR = '/etc/rc.d'; ++ } elsif (-d '%%PREFIX%%/etc/rc.d') { ++ $INIT_DIR = '%%PREFIX%%/etc/rc.d'; + } elsif (-d '/etc/init.d') { + $INIT_DIR = '/etc/init.d'; + } else { +@@ -1010,7 +1010,7 @@ + + ### default location to put man pages, but check with + ### /etc/man.config +- my $mpath = '/usr/share/man/man8'; ++ my $mpath = '%%PREFIX%%/man/man8'; + if (-e '/etc/man.config') { + ### prefer to install $manpage in /usr/local/man/man8 if + ### this directory is configured in /etc/man.config +@@ -1202,7 +1202,7 @@ + print "[+] Module $mod_name is already installed in the ", + "system perl tree, skipping.\n"; + } else { +- ### install the module in the /usr/lib/fwknop directory because ++ ### install the module in the %%PREFIX%%/lib/fwknop directory because + ### it is not already installed. + $install_module = 1; + } diff --git a/security/fwknop/files/patch-knopmd.8 b/security/fwknop/files/patch-knopmd.8 new file mode 100644 index 000000000000..5ed896df4407 --- /dev/null +++ b/security/fwknop/files/patch-knopmd.8 @@ -0,0 +1,11 @@ +--- knopmd.8.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopmd.8 2007-11-21 21:03:11.000000000 +0200 +@@ -13,7 +13,7 @@ + cannot detect port knocking sequences without knopmd running on the machine. + .B knopmd + uses the knopmd.conf configuration file which by default is +-located at /etc/fwknop/knopmd.conf, but a different path can be specified ++located at %%PREFIX%%/etc/fwknop/knopmd.conf, but a different path can be specified + on the command line. + + .SH SEE ALSO diff --git a/security/fwknop/files/patch-knopmd.c b/security/fwknop/files/patch-knopmd.c new file mode 100644 index 000000000000..52ed151adb17 --- /dev/null +++ b/security/fwknop/files/patch-knopmd.c @@ -0,0 +1,11 @@ +--- knopmd.c.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopmd.c 2007-11-21 21:03:20.000000000 +0200 +@@ -39,7 +39,7 @@ + #include <getopt.h> + + /* defines */ +-#define FWKNOP_CONF "/etc/fwknop/fwknop.conf" ++#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf" + + /* globals */ + static volatile sig_atomic_t received_sighup = 0; diff --git a/security/fwknop/files/patch-knopmd.conf b/security/fwknop/files/patch-knopmd.conf new file mode 100644 index 000000000000..3c8b5b2ce0a2 --- /dev/null +++ b/security/fwknop/files/patch-knopmd.conf @@ -0,0 +1,11 @@ +--- knopmd.conf.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopmd.conf 2007-11-21 21:03:26.000000000 +0200 +@@ -3,7 +3,7 @@ + # + # This is the configuration file for fwknop knopmd daemon (for more + # information, read the knopmd man page). Normally this file gets +-# installed at /etc/fwknop/knopmd.conf, but can be put anywhere in the ++# installed at %%PREFIX%%/etc/fwknop/knopmd.conf, but can be put anywhere in the + # filesystem and then the path can be specified on the command line + # argument "-c <file>" to knopmd. The syntax of this file is as follows: + # diff --git a/security/fwknop/files/patch-knopspoof b/security/fwknop/files/patch-knopspoof new file mode 100644 index 000000000000..d3a3d9b5cfc4 --- /dev/null +++ b/security/fwknop/files/patch-knopspoof @@ -0,0 +1,11 @@ +--- knopspoof.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopspoof 2007-11-21 21:03:35.000000000 +0200 +@@ -36,7 +36,7 @@ + # $Id: knopspoof 346 2005-09-13 02:23:08Z mbr $ + # + +-use lib '/usr/lib/fwknop'; ++use lib '%%PREFIX%%/lib/fwknop'; + use Net::RawIP; + use strict; + diff --git a/security/fwknop/files/patch-knoptm b/security/fwknop/files/patch-knoptm new file mode 100644 index 000000000000..a4f9ecbbd441 --- /dev/null +++ b/security/fwknop/files/patch-knoptm @@ -0,0 +1,20 @@ +--- knoptm.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knoptm 2007-11-21 21:03:43.000000000 +0200 +@@ -35,7 +35,7 @@ + # $Id: knoptm 771 2007-09-15 13:52:22Z mbr $ + # + +-use lib '/usr/lib/fwknop'; ++use lib '%%PREFIX%%/lib/fwknop'; + use Unix::Syslog qw(:subs :macros); + use Net::IPv4Addr qw(ipv4_in_network); + use IO::Socket; +@@ -46,7 +46,7 @@ + use Getopt::Long; + use strict; + +-my $config_file = '/etc/fwknop/fwknop.conf'; ++my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf'; + my $user_rc_file = ''; + + my $version = '1.8.2'; diff --git a/security/fwknop/files/patch-knopwatchd.8 b/security/fwknop/files/patch-knopwatchd.8 new file mode 100644 index 000000000000..76d7b31a1703 --- /dev/null +++ b/security/fwknop/files/patch-knopwatchd.8 @@ -0,0 +1,15 @@ +--- knopwatchd.8.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopwatchd.8 2007-11-21 21:03:49.000000000 +0200 +@@ -11,10 +11,10 @@ + and fwknop are running on the box. If any of the three daemons + have died, knopwatchd will restart the daemon and notify each + email address listed in the EMAIL_ADDRESSES variable (see +-/etc/fwknop/knopwatchd.conf) that the daemon has been restarted. ++%%PREFIX%%/fwknop/knopwatchd.conf) that the daemon has been restarted. + .B knopwatchd + uses the knopwatchd.conf configuration file which by default is +-located at /etc/fwknop/knopwatchd.conf, but a different path can be specified ++located at %%PREFIX%%/etc/fwknop/knopwatchd.conf, but a different path can be specified + on the command line. + + .SH SEE ALSO diff --git a/security/fwknop/files/patch-knopwatchd.c b/security/fwknop/files/patch-knopwatchd.c new file mode 100644 index 000000000000..2182d4a3d2ad --- /dev/null +++ b/security/fwknop/files/patch-knopwatchd.c @@ -0,0 +1,11 @@ +--- knopwatchd.c.orig 2007-11-21 20:59:13.000000000 +0200 ++++ knopwatchd.c 2007-11-21 21:03:55.000000000 +0200 +@@ -38,7 +38,7 @@ + #include "fwknop.h" + + /* defines */ +-#define FWKNOP_CONF "/etc/fwknop/fwknop.conf" ++#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf" + + /* globals */ + unsigned short int fwknopd_syscalls_ctr = 0; diff --git a/security/fwknop/pkg-descr b/security/fwknop/pkg-descr new file mode 100644 index 000000000000..43e56f687c3b --- /dev/null +++ b/security/fwknop/pkg-descr @@ -0,0 +1,2 @@ +fwknop,"FireWall KNock OPerator", implements Single Packet Authorization (SPA). +WWW: http://www.cipherdyne.org/fwknop/ diff --git a/security/fwknop/pkg-plist b/security/fwknop/pkg-plist new file mode 100644 index 000000000000..349f40427291 --- /dev/null +++ b/security/fwknop/pkg-plist @@ -0,0 +1,44 @@ +bin/fwknop +sbin/fwknop_serv +sbin/fwknopd +sbin/knopmd +sbin/knoptm +sbin/knopwatchd + +etc/fwknop/access.conf +etc/fwknop/fwknop.conf +etc/fwknop/pf.os +etc/rc.d/fwknop + +lib/fwknop/NetPacket.pm +lib/fwknop/NetPacket/ARP.pm +lib/fwknop/NetPacket/Ethernet.pm +lib/fwknop/NetPacket/ICMP.pm +lib/fwknop/NetPacket/IGMP.pm +lib/fwknop/NetPacket/IP.pm +lib/fwknop/NetPacket/TCP.pm +lib/fwknop/NetPacket/UDP.pm +lib/fwknop/i386-freebsd-64int/auto/NetPacket/.packlist +lib/fwknop/i386-freebsd-64int/perllocal.pod +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ARP.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::Ethernet.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ICMP.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IGMP.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IP.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::TCP.3 +lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::UDP.3 + +@dirrm lib/fwknop/lib/perl5/5.8.8/man/man3 +@dirrm lib/fwknop/lib/perl5/5.8.8/man +@dirrm lib/fwknop/lib/perl5/5.8.8 +@dirrm lib/fwknop/lib/perl5 +@dirrm lib/fwknop/lib +@dirrm lib/fwknop/i386-freebsd-64int/auto/NetPacket +@dirrm lib/fwknop/i386-freebsd-64int/auto +@dirrm lib/fwknop/i386-freebsd-64int +@dirrm lib/fwknop/NetPacket +@dirrm lib/fwknop +@dirrm etc/fwknop/archive +@dirrm etc/fwknop + |