svn commit: r384591 - in head/security/scanlogd: . files

Roman Bogorodskiy novel at FreeBSD.org
Thu Apr 23 15:18:12 UTC 2015 

Author: novel
Date: Thu Apr 23 15:18:11 2015
New Revision: 384591
URL: https://svnweb.freebsd.org/changeset/ports/384591

Log:
  - Add periodic script to display port scans
  - Use OPTIONS
  
  PR:		198643
  Submitted by:	TEUBEL György <tgyurci at gmail.com>

Added:
  head/security/scanlogd/files/850.scanlogd   (contents, props changed)
Modified:
  head/security/scanlogd/Makefile

Modified: head/security/scanlogd/Makefile
==============================================================================
--- head/security/scanlogd/Makefile	Thu Apr 23 14:56:59 2015	(r384590)
+++ head/security/scanlogd/Makefile	Thu Apr 23 15:18:11 2015	(r384591)
@@ -3,7 +3,7 @@
 
 PORTNAME=	scanlogd
 PORTVERSION=	2.2.7
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	http://openwall.com/scanlogd/ \
 		ftp://ftp.openwall.com/pub/projects/scanlogd/ \
@@ -14,21 +14,34 @@ COMMENT=	TCP port scan detection tool
 
 USE_RC_SUBR=	${PORTNAME}
 
-.if defined(WITH_LIBNIDS)
-BUILD_DEPENDS+=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
-ALL_TARGET=	libnids
-.else
-ALL_TARGET=	libpcap
-.endif
-
 USERS=		scanlogd
 GROUPS=		scanlogd
-MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS} -c" LD="${CC}"
+MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" LDFLAGS="${LDFLAGS}"
+
+PLIST_FILES=	bin/scanlogd man/man8/scanlogd.8.gz \
+		etc/periodic/security/850.scanlogd
+
+OPTIONS_SINGLE=	PCAP
+OPTIONS_SINGLE_PCAP=	PCAP_BASE NIDS
+
+OPTIONS_DEFAULT=	PCAP_BASE
+
+PCAP_BASE_DESC=	Use pcap from base for packet capture
+NIDS_DESC=	Use net/libnet for packet capture
+
+PCAP_BASE_ALL_TARGET=	libpcap
 
-PLIST_FILES=	bin/scanlogd man/man8/scanlogd.8.gz
+NIDS_ALL_TARGET=	libnids
+NIDS_BUILD_DEPENDS=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
+NIDS_LIB_DEPENDS=	libnet.so:${PORTSDIR}/net/libnet
+NIDS_CFLAGS=		-I${LOCALBASE}/include/libnet11
+NIDS_LDFLAGS=		-L${LOCALBASE}/lib/libnet11
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security
+	${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \
+		${STAGEDIR}${PREFIX}/etc/periodic/security
 
 .include <bsd.port.mk>

Added: head/security/scanlogd/files/850.scanlogd
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/scanlogd/files/850.scanlogd	Thu Apr 23 15:18:11 2015	(r384591)
@@ -0,0 +1,54 @@
+#!/bin/sh -
+#
+# Show possible port scans detected by scanlogd.
+#
+# If you want to enable this script, place the following
+# into /etc/periodic.conf:
+#
+# security_status_scanlogd_enable="YES"
+# security_status_scanlogd_period="daily"
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]; then
+	. /etc/defaults/periodic.conf
+	source_periodic_confs
+fi
+
+: ${security_status_scanlogd_period="daily"}
+
+security_daily_compat_var security_status_logdir
+security_daily_compat_var security_status_scanlogd_enable
+
+logdir="${security_status_logdir}"
+
+yesterday=`env LC_TIME=C date -v-1d "+%b %e "`
+
+catmsgs() {
+	local logdir logfile mtime
+	logdir="$1"
+	logfile="$2"
+	mtime="$3"
+
+	find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 |
+		xargs -0 ls -1tr |
+		while read f; do
+			case "$f" in
+				*.gz)   zcat -f "$f" ;;
+				*.bz2)  bzcat -f "$f" ;;
+				*)      cat "$f" ;;
+			esac
+		done
+}
+
+rc=0
+
+if check_yesno_period security_status_scanlogd_enable; then
+	echo ""
+	echo "${host} possible port scans:"
+	n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l)
+	[ $n -gt 0 ] && rc=1 || rc=0
+fi
+
+exit $rc

More information about the svn-ports-head mailing list