From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- .../sancp/files/sancp-1.6.1-compiler.patch | 45 ++++++++++++++ net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch | 26 ++++++++ net-analyzer/sancp/files/sancp.confd | 15 +++++ net-analyzer/sancp/files/sancp.rc1 | 42 +++++++++++++ net-analyzer/sancp/files/sguil_sancp.conf | 69 ++++++++++++++++++++++ 5 files changed, 197 insertions(+) create mode 100644 net-analyzer/sancp/files/sancp-1.6.1-compiler.patch create mode 100644 net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch create mode 100644 net-analyzer/sancp/files/sancp.confd create mode 100644 net-analyzer/sancp/files/sancp.rc1 create mode 100644 net-analyzer/sancp/files/sguil_sancp.conf (limited to 'net-analyzer/sancp/files') diff --git a/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch b/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch new file mode 100644 index 000000000000..d7816cbdd5de --- /dev/null +++ b/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch @@ -0,0 +1,45 @@ +--- a/Makefile 2004-01-19 23:04:56.000000000 +0100 ++++ b/Makefile 2010-09-15 02:02:26.000000000 +0200 +@@ -1,26 +1,26 @@ + + # !!! Uncomment this CFLAGS for a small binary !!! +-CFLAGS = -O3 -s -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2 ++CFLAGS += -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2 + + # !!! or uncomment this CFLAGS for a large binary with symbols; use for debugging !!! + #CFLAGS = -O0 -g -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2 + + final : sancp.cc Makefile +- if [ ! -f build_acl.o -o build_acl.cc -nt build_acl.o ]; then g++ -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o; fi +- if [ ! -f misc_functs.o -o misc_functs.cc -nt misc_functs.o ]; then g++ -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o; fi +- if [ ! -f outputFileHandle.o -o outputFileHandle.cc -nt outputFileHandle.o ]; then g++ -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o; fi +- if [ ! -f apply_rule.o -o apply_rule.cc -nt apply_rule.o ]; then g++ -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o; fi +- if [ ! -f decode.o -o decode.cc -nt decode.o ]; then g++ -Wall $(CFLAGS) -c decode.cc -o decode.o; fi +- if [ ! -f fileHandle.o -o fileHandle.cc -nt fileHandle.o ]; then g++ -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o; fi +- if [ ! -f MemoryPool.o -o MemoryPool.cc -nt MemoryPool.o ]; then g++ -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o; fi +- if [ ! -f pcapFileHandle.o -o pcapFileHandle.cc -nt pcapFileHandle.o ]; then g++ -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o; fi +- if [ ! -f sancp.o -o sancp.cc -nt sancp.o ]; then g++ -Wall $(CFLAGS) -c sancp.cc -o sancp.o; fi +- if [ ! -f pcap_functions.o -o pcap_functions.c -nt pcap_functions.o ]; then gcc -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o; fi +- if [ ! -f help.o -o help.cc -nt help.o ]; then g++ -Wall $(CFLAGS) -c help.cc -o help.o ; fi +- if [ ! -f permissions.o -o permissions.cc -nt permissions.o ]; then g++ -Wall $(CFLAGS) -c permissions.cc -o permissions.o ; fi +- if [ ! -f check_packet.o -o check_packet.cc -nt check_packet.o ]; then g++ -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o; fi +- if [ ! -f statefull_logging.o -o statefull_logging.cc -nt statefull_logging.o ]; then g++ -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o ; fi +- g++ -Wall $(CFLAGS) -o sancp sancp.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o help.o permissions.o outputFileHandle.o -lpcap ++ if [ ! -f build_acl.o -o build_acl.cc -nt build_acl.o ]; then $(CXX) -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o; fi ++ if [ ! -f misc_functs.o -o misc_functs.cc -nt misc_functs.o ]; then $(CXX) -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o; fi ++ if [ ! -f outputFileHandle.o -o outputFileHandle.cc -nt outputFileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o; fi ++ if [ ! -f apply_rule.o -o apply_rule.cc -nt apply_rule.o ]; then $(CXX) -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o; fi ++ if [ ! -f decode.o -o decode.cc -nt decode.o ]; then $(CXX) -Wall $(CFLAGS) -c decode.cc -o decode.o; fi ++ if [ ! -f fileHandle.o -o fileHandle.cc -nt fileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o; fi ++ if [ ! -f MemoryPool.o -o MemoryPool.cc -nt MemoryPool.o ]; then $(CXX) -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o; fi ++ if [ ! -f pcapFileHandle.o -o pcapFileHandle.cc -nt pcapFileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o; fi ++ if [ ! -f sancp.o -o sancp.cc -nt sancp.o ]; then $(CXX) -Wall $(CFLAGS) -c sancp.cc -o sancp.o; fi ++ if [ ! -f pcap_functions.o -o pcap_functions.c -nt pcap_functions.o ]; then $(CC) -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o; fi ++ if [ ! -f help.o -o help.cc -nt help.o ]; then $(CXX) -Wall $(CFLAGS) -c help.cc -o help.o ; fi ++ if [ ! -f permissions.o -o permissions.cc -nt permissions.o ]; then $(CXX) -Wall $(CFLAGS) -c permissions.cc -o permissions.o ; fi ++ if [ ! -f check_packet.o -o check_packet.cc -nt check_packet.o ]; then $(CXX) -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o; fi ++ if [ ! -f statefull_logging.o -o statefull_logging.cc -nt statefull_logging.o ]; then $(CXX) -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o ; fi ++ $(CXX) -Wall $(CFLAGS) $(LDFLAGS) -o sancp sancp.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o help.o permissions.o outputFileHandle.o -lpcap + + clean : + rm -f *.o sancp diff --git a/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch b/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch new file mode 100644 index 000000000000..e56d7114468e --- /dev/null +++ b/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch @@ -0,0 +1,26 @@ +--- a/pcapFileHandle.h ++++ b/pcapFileHandle.h +@@ -16,7 +16,12 @@ + + #define PCAP_HEADER_SIZE 24 + +-const char pcap_header[] = { 0xd4,0xc3,0xb2,0xa1,0x02,0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x4e,0x00,0x00,0x01,0x00,0x00,0x00 }; ++const char pcap_header[] = { ++ (char) 0xd4,(char) 0xc3,(char) 0xb2,(char) 0xa1,(char) 0x02,(char) 0x00, ++ (char) 0x04,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00, ++ (char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x20,(char) 0x4e, ++ (char) 0x00,(char) 0x00,(char) 0x01,(char) 0x00,(char) 0x00,(char) 0x00 ++}; + + class pcapFileHandle : public fileHandle { + +--- a/sancp.h ++++ b/sancp.h +@@ -223,7 +223,6 @@ + #define R_URG 0x20 + #define R_RES2 0x40 + #define R_RES1 0x80 +-#define max(i,j) (((i)>(j)) ? (i) : (j)) + #define SIZE_OF_CLASS_C 11 + + struct t_ports { diff --git a/net-analyzer/sancp/files/sancp.confd b/net-analyzer/sancp/files/sancp.confd new file mode 100644 index 000000000000..31cbef82ec1b --- /dev/null +++ b/net-analyzer/sancp/files/sancp.confd @@ -0,0 +1,15 @@ +# Config file for /etc/init.d/sancp +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Interface to listen on +IFACE="eth0" + +# Directory to log in +LOGDIR="/var/log/sancp" + +# Default config file +CONF="/etc/sancp/sancp.conf" + +# You could add more options :) +SANCP_OPTS="-d $LOGDIR/today -i $IFACE -c $CONF -u sancp -g sancp" diff --git a/net-analyzer/sancp/files/sancp.rc1 b/net-analyzer/sancp/files/sancp.rc1 new file mode 100644 index 000000000000..07745f675676 --- /dev/null +++ b/net-analyzer/sancp/files/sancp.rc1 @@ -0,0 +1,42 @@ +#!/sbin/openrc-run +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +today=$(date '+%Y-%m-%d') + +depend() { + need net +} +checkconfig() { + if [ ! -e /etc/sancp/sancp.conf ] ; then + eerror "You need an /etc/sancp/sancp.conf to run sancp" + return 1 + fi +} + +start() { + checkconfig || return 1 + + # Today's log directory + if [ ! -d $LOGDIR/$today ]; then + /bin/mkdir $LOGDIR/$today + /bin/rm -f $LOGDIR/today + fi + + # today/ directory :) + if [ ! -d $LOGDIR/today ]; then + /bin/ln -s $LOGDIR/$today $LOGDIR/today + fi + + ebegin "Starting sancp" + start-stop-daemon --start --quiet -m --pidfile /var/run/sancp.pid \ + --exec /usr/bin/sancp \ + -- ${SANCP_OPTS} > /var/log/sancp.log 2>&1 & + eend $? +} + +stop() { + ebegin "Stopping sancp" + start-stop-daemon --stop --quiet --pidfile /var/run/sancp.pid + eend $? +} diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf new file mode 100644 index 000000000000..f559286e7bb3 --- /dev/null +++ b/net-analyzer/sancp/files/sguil_sancp.conf @@ -0,0 +1,69 @@ +# $Id: sancp.conf,v 1.1 2004/03/19 20:33:59 bamm Exp $ # +# +# This sancp.conf is distributed as part of sguil (http://sguil.sf.net). +# It's purpose is to define a default output that is compatible with table +# schema defined by sguil. Please read the README.sancp for more information +# +# sancp is copyrighted by John Curry and can be downloaded at: +# www.metre.net/sancp.html +# + +# SANCP VERSION 1.5.3 + +# Currently, sguil only supports the 'stats' output and we want it in +# timestamped fields +default stats tsfilename stats + +# Time in seconds we write a new file if expired cnxs are available +default flush_interval=30 +# This tells sancp to open new file handle, write, and close in one step +default burst_mode=enable + +# Default timeout: how many secs to wait after the last packet till we consider the cnx closed +default timeout=120 + +# Conforms with out sguil sancp table schema +format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags + +# From here on you define what stats/cnxs/sessions/flows (whatever you +# want to call it) get logged. Please read the sancp documention for +# more information. Most of the below are examples of setting +# variables for complex rules. + +var ip 8 # ether proto 0x0800 # ip traffic + +# define some ip protocols + +var icmp 1 +var tcp 6 +var udp 17 + +# define some tcp protocols + +var http 80 +var https 443 +var smtp 25 +var dns 53 + +var HOME_NET 127.0.0.1 +#var WWW_NET 192.168.1.0/24 +#var MAIL_SERVER 192.168.1.2 +#var MAIL_SERVER2 192.168.1.3 + + +# Default output logging for each connection +# We don't use realtime or pcap logging at this point so we pass them +default realtime=pass +default pcap=pass + +# Here is where our "rules" start. We log all stats by default +# so this is defining exceptions. +# +# first six fields are required before rule options can be used +# +# eth_proto src_ip dst_ip ip_proto src_port dst_port +# + +# Here is an example if ignoring outbound HTTP stats. +#ip HOME_NET any tcp any http, stats pass +#ip HOME_NET any tcp any https, stats pass -- cgit v1.2.3