Attachment #155099 for bug #198643





PORTNAME=	scanlogd
PORTVERSION=	2.2.7
PORTREVISION=	2
CATEGORIES=	security
MASTER_SITES=	http://openwall.com/scanlogd/ \
		ftp://ftp.openwall.com/pub/projects/scanlogd/ \


USE_RC_SUBR=	${PORTNAME}

.if defined(WITH_LIBNIDS)
BUILD_DEPENDS+=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
ALL_TARGET=	libnids
.else
ALL_TARGET=	libpcap
.endif

USERS=		scanlogd
GROUPS=		scanlogd
MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" LDFLAGS="${LDFLAGS}"

PLIST_FILES=	bin/scanlogd man/man8/scanlogd.8.gz \
		etc/periodic/security/850.scanlogd

OPTIONS_SINGLE=	PCAP
OPTIONS_SINGLE_PCAP=	PCAP_BASE NIDS

OPTIONS_DEFAULT=	PCAP_BASE

PCAP_BASE_DESC=	Use pcap from base for packet capture
NIDS_DESC=	Use net/libnet for packet capture

PCAP_BASE_ALL_TARGET=	libpcap

NIDS_ALL_TARGET=	libnids
NIDS_BUILD_DEPENDS=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
NIDS_LIB_DEPENDS=	libnet.so:${PORTSDIR}/net/libnet
NIDS_CFLAGS=		-I${LOCALBASE}/include/libnet11
NIDS_LDFLAGS=		-L${LOCALBASE}/lib/libnet11

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin
	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8
	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security
	${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \
		${STAGEDIR}${PREFIX}/etc/periodic/security

.include <bsd.port.mk>




#!/bin/sh -
#
# Show possible port scans detected by scanlogd.
#
# If you want to enable this script, place the following
# into /etc/periodic.conf:
#
# security_status_scanlogd_enable="YES"
# security_status_scanlogd_period="daily"
#

# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]; then
	. /etc/defaults/periodic.conf
	source_periodic_confs
fi

: ${security_status_scanlogd_period="daily"}

security_daily_compat_var security_status_logdir
security_daily_compat_var security_status_scanlogd_enable

logdir="${security_status_logdir}"

yesterday=`env LC_TIME=C date -v-1d "+%b %e "`

catmsgs() {
	local logdir logfile mtime
	logdir="$1"
	logfile="$2"
	mtime="$3"

	find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 |
		xargs -0 ls -1tr |
		while read f; do
			case "$f" in
				*.gz)   zcat -f "$f" ;;
				*.bz2)  bzcat -f "$f" ;;
				*)      cat "$f" ;;
			esac
		done
}

rc=0

if check_yesno_period security_status_scanlogd_enable; then
	echo ""
	echo "${host} possible port scans:"
	n=$(catmsgs "$logdir" messages "-2" | egrep -ia "^$yesterday.*scanlogd:" | tee /dev/stderr | wc -l)
	[ $n -gt 0 ] && rc=1 || rc=0
fi

exit $rc

Return to bug 198643

Lines 3-9 Link Here

(-)Makefile (-10 / +23 lines)
3		3
4	PORTNAME= scanlogd	4	PORTNAME= scanlogd
5	PORTVERSION= 2.2.7	5	PORTVERSION= 2.2.7
6	PORTREVISION= 1	6	PORTREVISION= 2
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= http://openwall.com/scanlogd/ \	8	MASTER_SITES= http://openwall.com/scanlogd/ \
9	ftp://ftp.openwall.com/pub/projects/scanlogd/ \	9	ftp://ftp.openwall.com/pub/projects/scanlogd/ \
Lines 14-34 Link Here
14		14
15	USE_RC_SUBR= ${PORTNAME}	15	USE_RC_SUBR= ${PORTNAME}
16		16
17	.if defined(WITH_LIBNIDS)
18	BUILD_DEPENDS+= ${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
19	ALL_TARGET= libnids
20	.else
21	ALL_TARGET= libpcap
22	.endif
23
24	USERS= scanlogd	17	USERS= scanlogd
25	GROUPS= scanlogd	18	GROUPS= scanlogd
26	MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS} -c" LD="${CC}"	19	MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS}" LD="${CC}" LDFLAGS="${LDFLAGS}"
27		20
28	PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz	21	PLIST_FILES= bin/scanlogd man/man8/scanlogd.8.gz \
		22	etc/periodic/security/850.scanlogd
29		23
		24	OPTIONS_SINGLE= PCAP
		25	OPTIONS_SINGLE_PCAP= PCAP_BASE NIDS
		26
		27	OPTIONS_DEFAULT= PCAP_BASE
		28
		29	PCAP_BASE_DESC= Use pcap from base for packet capture
		30	NIDS_DESC= Use net/libnet for packet capture
		31
		32	PCAP_BASE_ALL_TARGET= libpcap
		33
		34	NIDS_ALL_TARGET= libnids
		35	NIDS_BUILD_DEPENDS= ${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
		36	NIDS_LIB_DEPENDS= libnet.so:${PORTSDIR}/net/libnet
		37	NIDS_CFLAGS= -I${LOCALBASE}/include/libnet11
		38	NIDS_LDFLAGS= -L${LOCALBASE}/lib/libnet11
		39
30	do-install:	40	do-install:
31	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin	41	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${STAGEDIR}${PREFIX}/bin
32	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8	42	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${STAGEDIR}${MANPREFIX}/man/man8
		43	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/security
		44	${INSTALL_SCRIPT} ${FILESDIR}/850.scanlogd \
		45	${STAGEDIR}${PREFIX}/etc/periodic/security
33		46
34	.include <bsd.port.mk>	47	.include <bsd.port.mk>

Line 0 Link Here

(-)files/850.scanlogd (+54 lines)
	1	#!/bin/sh -
	2	#
	3	# Show possible port scans detected by scanlogd.
	4	#
	5	# If you want to enable this script, place the following
	6	# into /etc/periodic.conf:
	7	#
	8	# security_status_scanlogd_enable="YES"
	9	# security_status_scanlogd_period="daily"
	10	#
	11
	12	# If there is a global system configuration file, suck it in.
	13	#
	14	if [ -r /etc/defaults/periodic.conf ]; then
	15	. /etc/defaults/periodic.conf
	16	source_periodic_confs
	17	fi
	18
	19	: ${security_status_scanlogd_period="daily"}
	20
	21	security_daily_compat_var security_status_logdir
	22	security_daily_compat_var security_status_scanlogd_enable
	23
	24	logdir="${security_status_logdir}"
	25
	26	yesterday=`env LC_TIME=C date -v-1d "+%b %e "`
	27
	28	catmsgs() {
	29	local logdir logfile mtime
	30	logdir="$1"
	31	logfile="$2"
	32	mtime="$3"
	33
	34	find "$logdir" \( -name "$logfile" -o -name "$logfile.*" \) -mtime "$mtime" -print0 \|
	35	xargs -0 ls -1tr \|
	36	while read f; do
	37	case "$f" in
	38	*.gz) zcat -f "$f" ;;
	39	*.bz2) bzcat -f "$f" ;;
	40	*) cat "$f" ;;
	41	esac
	42	done
	43	}
	44
	45	rc=0
	46
	47	if check_yesno_period security_status_scanlogd_enable; then
	48	echo ""
	49	echo "${host} possible port scans:"
	50	n=$(catmsgs "$logdir" messages "-2" \| egrep -ia "^$yesterday.*scanlogd:" \| tee /dev/stderr \| wc -l)
	51	[ $n -gt 0 ] && rc=1 \|\| rc=0
	52	fi
	53
	54	exit $rc