From 88b36ac6aaf57ed6a328afa405fefc504af2492f Mon Sep 17 00:00:00 2001
From: Tobias Schmidt <nazgul@uvip-media.de>
Date: Thu, 24 Jun 2004 11:07:06 +0000
Subject: [PATCH] Tobias Schmidt: 	Added package scanlogd (portscan
 monitor)

[2004061202240325023] (https://www.rocklinux.net/submaster)



git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@3349 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
---
 package/tschmidt/scanlogd/Makefile      | 45 +++++++++++++++++++++++++
 package/tschmidt/scanlogd/params.patch  | 11 ++++++
 package/tschmidt/scanlogd/scanlogd.conf |  4 +++
 package/tschmidt/scanlogd/scanlogd.desc | 45 +++++++++++++++++++++++++
 package/tschmidt/scanlogd/scanlogd.init | 38 +++++++++++++++++++++
 5 files changed, 143 insertions(+)
 create mode 100644 package/tschmidt/scanlogd/Makefile
 create mode 100644 package/tschmidt/scanlogd/params.patch
 create mode 100644 package/tschmidt/scanlogd/scanlogd.conf
 create mode 100644 package/tschmidt/scanlogd/scanlogd.desc
 create mode 100644 package/tschmidt/scanlogd/scanlogd.init

diff --git a/package/tschmidt/scanlogd/Makefile b/package/tschmidt/scanlogd/Makefile
new file mode 100644
index 000000000..469df5c03
--- /dev/null
+++ b/package/tschmidt/scanlogd/Makefile
@@ -0,0 +1,45 @@
+CC = gcc
+LD = gcc
+RM = rm -f
+CFLAGS = -c -Wall -O2 -fomit-frame-pointer
+LDFLAGS = -s
+
+PCAP_H = -I/usr/include/pcap
+PCAP_L = -lpcap
+
+NIDS_H = -I/usr/local/include
+NIDS_L = -L/usr/local/lib -lnids -lnet -lpcap
+
+PROJ = scanlogd
+
+OBJS_COMMON = scanlogd.o
+OBJS = $(OBJS_COMMON) in_linux.o in_nids.o in_pcap.o
+
+default: libnids
+
+install: default
+	cp scanlogd $(ROOT)/$(PREFIX)/sbin/
+
+linux: $(OBJS_COMMON) in_linux.o
+	$(LD) $(LDFLAGS) $(OBJS_COMMON) in_linux.o -o scanlogd
+
+libnids: $(OBJS_COMMON) in_nids.o
+	$(LD) $(LDFLAGS) $(OBJS_COMMON) in_nids.o $(NIDS_L) -o scanlogd
+
+libpcap: $(OBJS_COMMON) in_pcap.o
+	$(LD) $(LDFLAGS) $(OBJS_COMMON) in_pcap.o $(PCAP_L) -o scanlogd
+
+in_pcap.o: params.h in.h
+	$(CC) $(CFLAGS) $(PCAP_H) in_pcap.c
+
+in_nids.o: params.h in.h
+	$(CC) $(CFLAGS) $(NIDS_H) in_nids.c
+
+scanlogd.o: params.h in.h
+in_linux.o: params.h in.h
+
+.c.o:
+	$(CC) $(CFLAGS) $*.c
+
+clean:
+	$(RM) $(PROJ) $(OBJS)
diff --git a/package/tschmidt/scanlogd/params.patch b/package/tschmidt/scanlogd/params.patch
new file mode 100644
index 000000000..7e959af9a
--- /dev/null
+++ b/package/tschmidt/scanlogd/params.patch
@@ -0,0 +1,11 @@
+--- scanlogd-2.2.4/params.h
++++ scanlogd-2.2.4/params.h
+18c18
+< 
+---
+> #undef SCANLOGD_USER /* just for now */
+24c24
+< 
+---
+> #undef SCANLOGD_CHROOT /* just for now */
+
diff --git a/package/tschmidt/scanlogd/scanlogd.conf b/package/tschmidt/scanlogd/scanlogd.conf
new file mode 100644
index 000000000..9b3be70b7
--- /dev/null
+++ b/package/tschmidt/scanlogd/scanlogd.conf
@@ -0,0 +1,4 @@
+premake="echo PREFIX=$prefix > $builddir/scanlogd-$ver/Makefile"
+premake="$premake; echo ROOT=$root >> $builddir/scanlogd-$ver/Makefile"
+premake="$premake; cat $confdir/Makefile >> $builddir/scanlogd-$ver/Makefile"
+postmake="install_init scanlog $confdir/scanlogd.init"
diff --git a/package/tschmidt/scanlogd/scanlogd.desc b/package/tschmidt/scanlogd/scanlogd.desc
new file mode 100644
index 000000000..75efc0d9a
--- /dev/null
+++ b/package/tschmidt/scanlogd/scanlogd.desc
@@ -0,0 +1,45 @@
+
+[COPY] --- ROCK-COPYRIGHT-NOTE-BEGIN ---
+[COPY] 
+[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
+[COPY] Please add additional copyright information _after_ the line containing
+[COPY] the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by
+[COPY] the ./scripts/Create-CopyPatch script. Do not edit this copyright text!
+[COPY] 
+[COPY] ROCK Linux: rock-src/package/tschmidt/scanlogd/scanlogd.desc
+[COPY] ROCK Linux is Copyright (C) 1998 - 2004 Clifford Wolf
+[COPY] 
+[COPY] This program is free software; you can redistribute it and/or modify
+[COPY] it under the terms of the GNU General Public License as published by
+[COPY] the Free Software Foundation; either version 2 of the License, or
+[COPY] (at your option) any later version. A copy of the GNU General Public
+[COPY] License can be found at Documentation/COPYING.
+[COPY] 
+[COPY] Many people helped and are helping developing ROCK Linux. Please
+[COPY] have a look at http://www.rocklinux.org/ and the Documentation/TEAM
+[COPY] file for details.
+[COPY] 
+[COPY] --- ROCK-COPYRIGHT-NOTE-END ---
+
+[I] check if you are portscanned 
+
+[T] scanlogd is a TCP port scan detection tool, originally designed to 
+[T] illustrate various attacks an IDS developer has to deal with, for a 
+[T] Phrack Magazine article (see below). Thus, unlike some of the other 
+[T] port scan detection tools out there, scanlogd is designed to be totally 
+[T] safe to use.
+
+[U] http://www.openwall.com/scanlogd/
+
+[A] solar designer <solar@false.com>
+[M] Tobias Schmidt <nazgul@uvip-media.de>
+
+[C] extra/network
+
+[L] GPL
+[S] Stable
+[V] 2.2.4
+[P] X -----5---9 800.000
+
+[D] 258760100 scanlogd-2.2.4.tar.gz http://www.openwall.com/scanlogd/
+
diff --git a/package/tschmidt/scanlogd/scanlogd.init b/package/tschmidt/scanlogd/scanlogd.init
new file mode 100644
index 000000000..0afcb3b69
--- /dev/null
+++ b/package/tschmidt/scanlogd/scanlogd.init
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# --- ROCK-COPYRIGHT-NOTE-BEGIN ---
+# 
+# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
+# Please add additional copyright information _after_ the line containing
+# the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by
+# the ./scripts/Create-CopyPatch script. Do not edit this copyright text!
+# 
+# ROCK Linux: rock-src/package/tschmidt/scanlogd/scanlogd.init
+# ROCK Linux is Copyright (C) 1998 - 2003 Clifford Wolf
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version. A copy of the GNU General Public
+# License can be found at Documentation/COPYING.
+# 
+# Many people helped and are helping developing ROCK Linux. Please
+# have a look at http://www.rocklinux.org/ and the Documentation/TEAM
+# file for details.
+# 
+# --- ROCK-COPYRIGHT-NOTE-END ---
+#
+# Desc: Portscan-Monitor 
+# Runlevel: 90 rcX
+#
+
+main_begin
+
+    block_begin(start, `Starting scanlog daemon')
+	check(`D_prefix/sbin/scanlogd')
+    block_end
+    block_begin(stop, `Stopping scanlog daemon')
+	check(`killall -KILL D_prefix/sbin/scanlogd')
+    block_end
+
+main_end