FreeBSD Bugzilla – Attachment 111011 Details for
Bug 152226
[PATCH] security/sancp: Fix a bug in RC script + other changes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
sancp-1.6.1_4.patch
sancp-1.6.1_4.patch (text/plain), 10.23 KB, created by
Sevan Janiyan
on 2010-11-14 04:00:16 UTC
(
hide
)
Description:
sancp-1.6.1_4.patch
Filename:
MIME Type:
Creator:
Sevan Janiyan
Created:
2010-11-14 04:00:16 UTC
Size:
10.23 KB
patch
obsolete
>Index: Makefile >=================================================================== >RCS file: /home/ncvs/ports/security/sancp/Makefile,v >retrieving revision 1.6 >diff -u -u -r1.6 Makefile >--- Makefile 22 Aug 2009 00:35:04 -0000 1.6 >+++ Makefile 14 Nov 2010 03:26:29 -0000 >@@ -8,7 +8,7 @@ > PORTNAME= sancp > PORTVERSION= 1.6.1 > DISTVERSIONSUFFIX= -stable >-PORTREVISION= 3 >+PORTREVISION= 4 > CATEGORIES= security > MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}-stable > >@@ -16,9 +16,12 @@ > COMMENT= A network connection profiler > > ALL_TARGET= bsd >-USE_RC_SUBR= sancp.sh >+USE_RC_SUBR= sancp > SUB_FILES= pkg-message > >+USERS= sancp >+GROUPS= sancp >+ > PORTDOCS= CHANGES INSTALL ISSUES README \ > SETUP fields.LIST LICENSE > >@@ -26,7 +29,6 @@ > @cd ${WRKSRC} && ${MV} LICENSE docs/ > > do-install: >- @${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL > @${INSTALL_PROGRAM} ${WRKSRC}/sancp ${PREFIX}/bin > @${INSTALL_DATA} ${WRKSRC}/etc/sancp/sancp.conf ${PREFIX}/etc/sancp.conf-dist > @${CP} -n ${PREFIX}/etc/sancp.conf-dist ${PREFIX}/etc/sancp.conf >Index: distinfo >=================================================================== >RCS file: /home/ncvs/ports/security/sancp/distinfo,v >retrieving revision 1.4 >diff -u -u -r1.4 distinfo >--- distinfo 14 Jul 2007 22:21:13 -0000 1.4 >+++ distinfo 14 Nov 2010 03:26:29 -0000 >@@ -1,3 +1,2 @@ >-MD5 (sancp-1.6.1-stable.tar.gz) = ffa64f2fdb49afd7ef16fbefda21e251 > SHA256 (sancp-1.6.1-stable.tar.gz) = 9836262aaf02bde116a9e79d342ea3af8b4991c7ba27b816fb54ed6c0863ff48 > SIZE (sancp-1.6.1-stable.tar.gz) = 71748 >Index: pkg-deinstall >=================================================================== >RCS file: /home/ncvs/ports/security/sancp/pkg-deinstall,v >retrieving revision 1.3 >diff -u -u -r1.3 pkg-deinstall >--- pkg-deinstall 14 Jul 2007 22:21:13 -0000 1.3 >+++ pkg-deinstall 14 Nov 2010 03:26:29 -0000 >@@ -4,28 +4,6 @@ > exit 0 > fi > >-PATH=/bin:/usr/sbin >-USER=sancp >-GROUP=${USER} >-LOG_DIR=/var/log/sancp >+PATH=/bin:/usr/bin > >-# Remove the log directory >-if [ -d ${LOG_DIR} ]; >-then >- rmdir ${LOG_DIR} >/dev/null 2>&1; >-fi >- >-if pw user show "${USER}" >/dev/null 2>&1; then >- if ! pw userdel ${USER} ; >- then >- echo "Unable to remove user: ${USER}, remove it manually" >- fi >-fi >- >- >-if pw group show "${GROUP}" >/dev/null 2>&1; then >- if ! pw groupdel ${GROUP} ; >- then >- echo "Unable to remove group: ${GROUP}, remove it manually" >- fi >-fi >+echo "* If you nolonger plan to run sancp delete /var/log/sancp, the user & group created during install *" >Index: pkg-install >=================================================================== >RCS file: /home/ncvs/ports/security/sancp/pkg-install,v >retrieving revision 1.2 >diff -u -u -r1.2 pkg-install >--- pkg-install 14 Jul 2007 22:21:13 -0000 1.2 >+++ pkg-install 14 Nov 2010 03:26:29 -0000 >@@ -5,42 +5,6 @@ > fi > > PATH=/bin:/usr/sbin >-USER=sancp >-GROUP=${USER} > LOG_DIR=/var/log/sancp > >-if [ ! -d ${LOG_DIR} ]; then mkdir ${LOG_DIR}; fi >- >-if pw group show "${GROUP}" 2>/dev/null; then >- echo "You already have a group \"${GROUP}\", so I will use it." >-else >- if pw groupadd ${GROUP}; then >- echo "Added group \"${GROUP}\"." >- else >- echo "Adding group \"${GROUP}\" failed..." >- exit 1 >- fi >-fi >- >-if pw user show "${USER}" 2>/dev/null; then >- echo "You already have a user \"${USER}\", so I will use it." >- if pw usermod ${USER} -d ${LOG_DIR} >- then >- echo "Changed home directory of \"${USER}\" to \"${LOG_DIR}\"" >- else >- echo "Changing home directory of \"${USER}\" to \"${LOG_DIR}\" failed..." >- exit 1 >- fi >-else >- if pw useradd ${USER} -g ${GROUP} -h - \ >- -d ${LOG_DIR} -s /sbin/nologin -c "SANCP Daemon" >- then >- echo "Added user \"${USER}\"." >- else >- echo "Adding user \"${USER}\" failed..." >- exit 1 >- fi >-fi >- >-chown -R ${USER}:${GROUP} ${LOG_DIR} > chmod 750 ${LOG_DIR} >Index: files/sancp.in >=================================================================== >RCS file: files/sancp.in >diff -N files/sancp.in >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ files/sancp.in 14 Nov 2010 03:26:29 -0000 >@@ -0,0 +1,80 @@ >+#!/bin/sh >+# >+ >+# PROVIDE: sancp >+# REQUIRE: DAEMON >+# BEFORE: LOGIN >+# KEYWORD: shutdown >+ >+# Add the following lines to /etc/rc.conf to enable sancp: >+# sancp_enable (bool): Set to YES to enable sancp >+# Default: NO >+# sancp_flags (str): Extra flags passed to sancp >+# Default: -D >+# sancp_conf (str): Sancp configuration file >+# Default: %%PREFIX%%/etc/sancp.conf >+# sancp_interface (str): Default: none - MUST BE SET >+# >+# Command Line Options: (cmdline) >+# --------------------- >+# >+# -? or -h this help screen >+# -c <filename> specify the configuration/rules filename >+# -d <directory> specify the directory for output files >+# -i <device> set the network device to listen on (default: 'any') >+# -g <gid> set a group identity >+# -u <uid> set a user identity >+# -r <pcapfile> pcap file to read (overrides -i) >+# -B "<bpf expression>" set a bpf expression (alternative to -F <filename>) >+# -D (daemon) forks, prints msgs to syslog only and overrides -C option >+# -K (console) enable additional printing of 'realtimes' to stdout (suppressed by option -D) >+# -F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B) >+# -H --human-readable write IP addresses in dotted notation and TCPflag fields in hex >+# -R Set default for realtime to 'pass' (default is 'log') disables realtime, but rules can override >+# -S Set default for stats to 'pass' (default is 'log') disables stats, but rules can override >+# -P Set default for pcap to 'pass' (default is 'log') disables pcap, but rules can override >+# -I or --enable_icmp_mixed record 'code' and 'type' fields for ICMP >+# to the fields 's_port' and 'd_port'. >+# note: affects how related icmp packets are correlated >+# -V display version >+# --shift (debug) force interpretation of packet starting at byte[2] >+# normally performed when reading from the 'any' interface >+# --strip-80211 strip 802.1Q headers from 802.1Q packets; used to >+# decode 802.1Q encapsulated packets - affects -A option, >+# --log-facility <facility> where facility can be 'LOCAL1' - 'LOCAL7' >+# The default log facility used by SANCP is LOG_DAEMON >+# >+# Debug mode for pcap data logging >+# -A records ALL traffic frames to a pcap file named 'debug_pcap_raw' >+# (despite rules). Packets are logged here prior to decoding or handling. >+# Use -F or -B option to restrict what is collectedi. >+# Pcap data logged using this option is affected by the --strip-80211 cmdline option >+# The configuration file equivalent to this is 'default debug_pcap_raw enable' >+ >+. /etc/rc.subr >+ >+name="sancp" >+rcvar=`set_rcvar` >+ >+command="%%PREFIX%%/bin/sancp" >+ >+start_precmd=start_precmd >+ >+start_precmd() >+{ >+ if [ -z "${sancp_interface}" ]; then >+ err 1 "sancp_interface must set." >+ fi >+} >+ >+# set some defaults >+load_rc_config $name >+ >+: ${sancp_enable="NO"} >+: ${sancp_flags="-D"} >+: ${sancp_conf="%%PREFIX%%/etc/sancp.conf"} >+: ${sancp_interface=""} >+ >+command_args="-c ${sancp_conf} -i ${sancp_interface}" >+ >+run_rc_command "$1" >Index: files/sancp.sh.in >=================================================================== >RCS file: files/sancp.sh.in >diff -N files/sancp.sh.in >--- files/sancp.sh.in 27 Mar 2010 00:14:47 -0000 1.4 >+++ /dev/null 1 Jan 1970 00:00:00 -0000 >@@ -1,80 +0,0 @@ >-#!/bin/sh >-# >- >-# PROVIDE: sancp >-# REQUIRE: DAEMON >-# BEFORE: LOGIN >-# KEYWORD: shutdown >- >-# Add the following lines to /etc/rc.conf to enable sancp: >-# sancp_enable (bool): Set to YES to enable sancp >-# Default: NO >-# sancp_flags (str): Extra flags passed to sancp >-# Default: -D >-# sancp_conf (str): Sancp configuration file >-# Default: %%PREFIX%%/etc/sancp.conf >-# sancp_interface (str): Default: none - MUST BE SET >-# >-# Command Line Options: (cmdline) >-# --------------------- >-# >-# -? or -h this help screen >-# -c <filename> specify the configuration/rules filename >-# -d <directory> specify the directory for output files >-# -i <device> set the network device to listen on (default: 'any') >-# -g <gid> set a group identity >-# -u <uid> set a user identity >-# -r <pcapfile> pcap file to read (overrides -i) >-# -B "<bpf expression>" set a bpf expression (alternative to -F <filename>) >-# -D (daemon) forks, prints msgs to syslog only and overrides -C option >-# -K (console) enable additional printing of 'realtimes' to stdout (suppressed by option -D) >-# -F <bpf filename> file containing a bpf filter expression, overrides (alternative to -B) >-# -H --human-readable write IP addresses in dotted notation and TCPflag fields in hex >-# -R Set default for realtime to 'pass' (default is 'log') disables realtime, but rules can override >-# -S Set default for stats to 'pass' (default is 'log') disables stats, but rules can override >-# -P Set default for pcap to 'pass' (default is 'log') disables pcap, but rules can override >-# -I or --enable_icmp_mixed record 'code' and 'type' fields for ICMP >-# to the fields 's_port' and 'd_port'. >-# note: affects how related icmp packets are correlated >-# -V display version >-# --shift (debug) force interpretation of packet starting at byte[2] >-# normally performed when reading from the 'any' interface >-# --strip-80211 strip 802.1Q headers from 802.1Q packets; used to >-# decode 802.1Q encapsulated packets - affects -A option, >-# --log-facility <facility> where facility can be 'LOCAL1' - 'LOCAL7' >-# The default log facility used by SANCP is LOG_DAEMON >-# >-# Debug mode for pcap data logging >-# -A records ALL traffic frames to a pcap file named 'debug_pcap_raw' >-# (despite rules). Packets are logged here prior to decoding or handling. >-# Use -F or -B option to restrict what is collectedi. >-# Pcap data logged using this option is affected by the --strip-80211 cmdline option >-# The configuration file equivalent to this is 'default debug_pcap_raw enable' >- >-. /etc/rc.subr >- >-name="sancp" >-rcvar=`set_rcvar` >- >-command="%%PREFIX%%/bin/sancp" >- >-start_precmd=start_precmd >- >-start_precmd() >-{ >- if [ -z "${sancp_interface}" ]; then >- err 1 "sancp_interface must set." >- fi >-} >- >-# set some defaults >-load_rc_config $name >- >-: ${sancp_enable="NO"} >-: ${sancp_flags="-D"} >-: ${sancp_conf="%%PREFIX%%/etc/sancp.conf"} >-: ${sancp_interface=""} >- >-command_args="${sancp_flags} -c ${sancp_conf} -i ${sancp_interface}" >- >-run_rc_command "$1"
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=111011">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 152226
: 111011