From f511aaa71961e2c29e15a14a2b75cb0a74e631f2 Mon Sep 17 00:00:00 2001
From: "David E. O'Brien" <obrien@FreeBSD.org>
Date: Sat, 19 Oct 2002 18:40:49 +0000
Subject: Add a script to make auditing a network easier.

Submitted by:	"l.j." <l.j@pc.dk>
---
 security/nbaudit/Makefile            |  1 +
 security/nbaudit/files/nbaudition.pl | 80 ++++++++++++++++++++++++++++++++++++
 security/nbaudit/pkg-plist           |  1 +
 3 files changed, 82 insertions(+)
 create mode 100644 security/nbaudit/files/nbaudition.pl

(limited to 'security/nbaudit')

diff --git a/security/nbaudit/Makefile b/security/nbaudit/Makefile
index 86058b5171f9..5476f99bbd78 100644
--- a/security/nbaudit/Makefile
+++ b/security/nbaudit/Makefile
@@ -21,6 +21,7 @@ MAN1=		nat.1 nbaudit.1
 do-install:
 	@${INSTALL_PROGRAM} ${WRKSRC}/nat ${PREFIX}/bin
 	@${LN} -f ${PREFIX}/bin/nat ${PREFIX}/bin/nbaudit
+	@${INSTALL_SCRIPT} ${FILESDIR}/nbaudition.pl ${PREFIX}/bin
 	@${INSTALL_MAN} ${WRKSRC}/nat.1 ${PREFIX}/man/man1
 	@${LN} -f ${PREFIX}/man/man1/nat.1 ${PREFIX}/man/man1/nbaudit.1
 
diff --git a/security/nbaudit/files/nbaudition.pl b/security/nbaudit/files/nbaudition.pl
new file mode 100644
index 000000000000..13bfa5a2d433
--- /dev/null
+++ b/security/nbaudit/files/nbaudition.pl
@@ -0,0 +1,80 @@
+#!/usr/bin/perl
+use strict;
+
+# run nmap -oX logfile <host> -p 139 to create the log for this script
+
+# run audition.pl log.xml to begin the great enterprise.
+# logging is done to /tmp/nbaud.log
+
+# requires: nmap generated xml logs, nbaudit.
+
+# author: lj
+# contact: lj@bsd.sh
+
+my ($date, $host, $status, $state);
+my $in_block = 0;
+chomp($date = `date`);
+open(TMPLOG, ">>/tmp/nbaud.log") or die "cant write to logfile: $!";
+print TMPLOG $date, " started\n";
+close TMPLOG;
+chomp(my $nbaudit = `which nbaudit`);
+unless(-e $nbaudit){die "$!";}
+while(<>)
+{
+chomp;
+if (/<host>/){$in_block = 1;}
+	if($in_block){
+
+	WEE:{
+	
+	if(m/<status state=\"(.\S+)\"/)
+	{
+
+		if($1)
+		{
+			$status = $1; 
+			if($status eq 'down')
+			{
+			next WEE;
+			}
+		}
+	}
+	
+	if(m/<state state=\"(.\S+)\" \//)
+	{
+		if($1)
+		{
+			$state = $1;
+			if($state ne 'open')
+			{
+			next WEE;
+			}
+		}
+	}
+
+	if (m/<address addr=\"(.\S+)\" /)
+	{
+		if($1)
+		{
+			$host = $1; 
+		}
+	}
+	
+	if(/<\/host>/){$in_block = 0;}
+	if(($1) and ($host))
+		{
+			if(($1 eq $host) and ($status eq 'up') and ($state eq 'open'))
+			{
+#			print "\n$host is $status with port 139 $state\n";
+			system("$nbaudit -o /tmp/nbaud.log $host");
+			}
+		}
+		} #end of WEE
+	} 
+
+}
+chomp($date = `date`);
+open(TMPLOG, ">>/tmp/nbaud.log") or warn "$!";
+print TMPLOG $date, " stopped\n";
+close TMPLOG; 
+print "\nfin.\n" and exit;
diff --git a/security/nbaudit/pkg-plist b/security/nbaudit/pkg-plist
index 8c31cbeeccd1..31fc2db567e4 100644
--- a/security/nbaudit/pkg-plist
+++ b/security/nbaudit/pkg-plist
@@ -1,3 +1,4 @@
 @comment $FreeBSD$
 bin/nat
 bin/nbaudit
+bin/nbaudition.pl
-- 
cgit v1.2.3