FreeBSD Bugzilla – Attachment 154438 Details for
Bug 198643
[PATCH] security/scanlogd: add periodic script to display port scans
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
scanlogd periodic script
scanlogd.diff (text/plain), 2.59 KB, created by
TEUBEL György
on 2015-03-16 20:18:49 UTC
(
hide
)
Description:
scanlogd periodic script
Filename:
MIME Type:
Creator:
TEUBEL György
Created:
2015-03-16 20:18:49 UTC
Size:
2.59 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 381435) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= scanlogd > PORTVERSION= 2.2.7 >-PORTREVISION= 1 >+PORTREVISION= 2 > CATEGORIES= security > MASTER_SITES= http://openwall.com/scanlogd/ \ > ftp://ftp.openwall.com/pub/projects/scanlogd/ \ >@@ -14,21 +14,20 @@ > > USE_RC_SUBR= ${PORTNAME} > >-.if defined(WITH_LIBNIDS) >-BUILD_DEPENDS+= ${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids >-ALL_TARGET= libnids >-.else >-ALL_TARGET= libpcap >-.endif >- > USERS= scanlogd > GROUPS= scanlogd >-MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS} -c" LD="${CC}" >+MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" > >-PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz >+PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz \ >+ etc/periodic/security/850.scanlogd > >+ALL_TARGET= libpcap >+ > do-install: > ${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin > ${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8 >+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security >+ ${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \ >+ ${STAGEDIR}${PREFIX}/etc/periodic/security > > .include <bsd.port.mk> >Index: files/850.scanlogd >=================================================================== >--- files/850.scanlogd (revision 0) >+++ files/850.scanlogd (working copy) >@@ -0,0 +1,54 @@ >+#!/bin/sh - >+# >+# Show possible port scans detected by scanlogd. >+# >+# If you want to enable this script, place the following >+# into /etc/periodic.conf: >+# >+# security_status_scanlogd_enable="YES" >+# security_status_scanlogd_period="daily" >+# >+ >+# If there is a global system configuration file, suck it in. >+# >+if [ -r /etc/defaults/periodic.conf ]; then >+ . /etc/defaults/periodic.conf >+ source_periodic_confs >+fi >+ >+: ${security_status_scanlogd_period="daily"} >+ >+security_daily_compat_var security_status_logdir >+security_daily_compat_var security_status_scanlogd_enable >+ >+logdir="${security_status_logdir}" >+ >+yesterday=`env LC_TIME=C date -v-1d "+%b %e "` >+ >+catmsgs() { >+ local logdir logfile mtime >+ logdir="$1" >+ logfile="$2" >+ mtime="$3" >+ >+ find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 | >+ xargs -0 ls -1tr | >+ while read f; do >+ case "$f" in >+ *.gz) zcat -f "$f" ;; >+ *.bz2) bzcat -f "$f" ;; >+ *) cat "$f" ;; >+ esac >+ done >+} >+ >+rc=0 >+ >+if check_yesno_period security_status_scanlogd_enable; then >+ echo "" >+ echo "${host} possible port scans:" >+ n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l) >+ [ $n -gt 0 ] && rc=1 || rc=0 >+fi >+ >+exit $rc
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=154438">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 198643
:
154438
|
154952
|
155099