From 77dd75eaef6afecafdca97688e2df734c293610e Mon Sep 17 00:00:00 2001 From: Michal Bialozor Date: Sat, 14 Aug 2010 15:45:24 -0400 Subject: network/arpwatch: Added (for tracking IP addresses on a network) Signed-off-by: dsomero --- network/arpwatch/README | 8 + network/arpwatch/README.ethercodes | 26 +++ network/arpwatch/arpwatch.SlackBuild | 105 ++++++++++ network/arpwatch/arpwatch.info | 10 + network/arpwatch/doinst.sh | 20 ++ network/arpwatch/patches/arpwatch-2.1a10-man.patch | 33 +++ .../arpwatch/patches/arpwatch-2.1a15-bogon.patch | 20 ++ .../patches/arpwatch-2.1a15-extraman.patch | 173 +++++++++++++++ .../patches/arpwatch-2.1a15-nolocalpcap.patch | 10 + network/arpwatch/patches/arpwatch-2.1a4-fhs.patch | 20 ++ network/arpwatch/patches/arpwatch-addr.patch | 232 +++++++++++++++++++++ network/arpwatch/patches/arpwatch-dir-man.patch | 22 ++ network/arpwatch/patches/arpwatch-drop-man.patch | 48 +++++ network/arpwatch/patches/arpwatch-drop.patch | 93 +++++++++ network/arpwatch/patches/arpwatch-scripts.patch | 27 +++ network/arpwatch/rc.arpwatch | 63 ++++++ network/arpwatch/slack-desc | 19 ++ 17 files changed, 929 insertions(+) create mode 100644 network/arpwatch/README create mode 100644 network/arpwatch/README.ethercodes create mode 100644 network/arpwatch/arpwatch.SlackBuild create mode 100644 network/arpwatch/arpwatch.info create mode 100644 network/arpwatch/doinst.sh create mode 100644 network/arpwatch/patches/arpwatch-2.1a10-man.patch create mode 100644 network/arpwatch/patches/arpwatch-2.1a15-bogon.patch create mode 100644 network/arpwatch/patches/arpwatch-2.1a15-extraman.patch create mode 100644 network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch create mode 100644 network/arpwatch/patches/arpwatch-2.1a4-fhs.patch create mode 100644 network/arpwatch/patches/arpwatch-addr.patch create mode 100644 network/arpwatch/patches/arpwatch-dir-man.patch create mode 100644 network/arpwatch/patches/arpwatch-drop-man.patch create mode 100644 network/arpwatch/patches/arpwatch-drop.patch create mode 100644 network/arpwatch/patches/arpwatch-scripts.patch create mode 100644 network/arpwatch/rc.arpwatch create mode 100644 network/arpwatch/slack-desc (limited to 'network') diff --git a/network/arpwatch/README b/network/arpwatch/README new file mode 100644 index 0000000000..470d5c457f --- /dev/null +++ b/network/arpwatch/README @@ -0,0 +1,8 @@ +The arpwatch package contains arpwatch and arpsnmp. Arpwatch and +arpsnmp are both network monitoring tools. Both utilities monitor +Ethernet or FDDI network traffic and build databases of Ethernet/IP +address pairs, and can report certain changes via email. + +Install the arpwatch package if you need networking monitoring devices +which will automatically keep track of the IP addresses on your +network. diff --git a/network/arpwatch/README.ethercodes b/network/arpwatch/README.ethercodes new file mode 100644 index 0000000000..8e3ad9adff --- /dev/null +++ b/network/arpwatch/README.ethercodes @@ -0,0 +1,26 @@ +README.ethercodes +================= + +This file contains some specific instructions to complete the +installation of arpwatch on Slackware. + +1) After installing the arpwatch package +---------------------------------------- + +1.1) Change current location to the arpwatch working directory: + + # cd /var/lib/arpwatch + +1.2) Download newest MAC addresses database: + + # wget http://standards.ieee.org/regauth/oui/oui.txt + +1.3) Convert it into ethercodes.dat format using script included in arpwatch source: + + # ./massagevendor oui.txt > ethercodes.dat + +1.4) Remove unnecessary database file: + + # rm -f oui.txt + +1.5) Congratulations, you have just created ethercodes.dat file with the newest MAC adresses. diff --git a/network/arpwatch/arpwatch.SlackBuild b/network/arpwatch/arpwatch.SlackBuild new file mode 100644 index 0000000000..e7d9a66ab7 --- /dev/null +++ b/network/arpwatch/arpwatch.SlackBuild @@ -0,0 +1,105 @@ +#!/bin/sh + +# Slackware build script for arpwatch +# Written by Michal Bialozor + +PRGNAM=arpwatch +VERSION=2.1a15 +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +cat $CWD/patches/arpwatch-2.1a4-fhs.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-2.1a10-man.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-drop.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-drop-man.patch | patch --verbose -p0 || exit 1 +cat $CWD/patches/arpwatch-addr.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-dir-man.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-scripts.patch | patch --verbose -p1 || exit 1 +cat $CWD/patches/arpwatch-2.1a15-nolocalpcap.patch | patch -p1 || exit 1 +cat $CWD/patches/arpwatch-2.1a15-bogon.patch | patch -p1 || exit 1 +cat $CWD/patches/arpwatch-2.1a15-extraman.patch | patch --verbose -p1 || exit 1 + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --bindir=/usr/sbin \ + --sbindir=/usr/sbin \ + --localstatedir=/var \ + --mandir=/usr/man \ + --build=$ARCH-slackware-linux + +mkdir -p $PKG/usr/sbin +mkdir -p $PKG/usr/man/man8 + +make ARPDIR=/var/lib/$PRGNAM +make install install-man DESTDIR=$PKG + +find $PKG | xargs file | grep -e "executable" -e "shared object"| grep ELF | \ + cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a CHANGES INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.ethercodes > $PKG/usr/doc/$PRGNAM-$VERSION/README.ethercodes + +mkdir -p $PKG/var/lib/$PRGNAM +cp -a arp.dat ethercodes.dat arp2ethers arpfetch massagevendor massagevendor-old \ + d.awk duplicates.awk e.awk euppertolower.awk p.awk $PKG/var/lib/$PRGNAM + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/arpwatch/arpwatch.info b/network/arpwatch/arpwatch.info new file mode 100644 index 0000000000..e1d4bc77d2 --- /dev/null +++ b/network/arpwatch/arpwatch.info @@ -0,0 +1,10 @@ +PRGNAM="arpwatch" +VERSION="2.1a15" +HOMEPAGE="http://ee.lbl.gov/" +DOWNLOAD="ftp://ftp.ee.lbl.gov/arpwatch.tar.gz" +MD5SUM="cebfeb99c4a7c2a6cee2564770415fe7" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Michal Bialozor" +EMAIL="bialyy@o2.pl" +APPROVED="dsomero" diff --git a/network/arpwatch/doinst.sh b/network/arpwatch/doinst.sh new file mode 100644 index 0000000000..75006b21f7 --- /dev/null +++ b/network/arpwatch/doinst.sh @@ -0,0 +1,20 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +# Keep same perms on rc.arpwatch.new: +if [ -e etc/rc.d/rc.arpwatch ]; then + cp -a etc/rc.d/rc.arpwatch etc/rc.d/rc.arpwatch.new.incoming + cat etc/rc.d/rc.arpwatch.new > etc/rc.d/rc.arpwatch.new.incoming + mv etc/rc.d/rc.arpwatch.new.incoming etc/rc.d/rc.arpwatch.new +fi + +config etc/rc.d/rc.arpwatch.new diff --git a/network/arpwatch/patches/arpwatch-2.1a10-man.patch b/network/arpwatch/patches/arpwatch-2.1a10-man.patch new file mode 100644 index 0000000000..73b3068a36 --- /dev/null +++ b/network/arpwatch/patches/arpwatch-2.1a10-man.patch @@ -0,0 +1,33 @@ +diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8 +--- arpwatch-2.1a10/arpsnmp.8 Sun Sep 17 23:34:48 2000 ++++ arpwatch-2.1a10.man/arpsnmp.8 Sun Dec 31 02:00:54 2000 +@@ -41,7 +41,7 @@ + and reports certain changes via email. + .B Arpsnmp + reads information from a file (usually generated by +-.BR snmpwalk (8)). ++.BR snmpwalk (1)). + .LP + The + .B -d +@@ -62,9 +62,9 @@ + .LP + .SH "REPORT MESSAGES" + (See the +-.BR arpwatch (1) ++.BR arpwatch (8) + man page for details on the report messages generated by +-.BR arpsnmp (1).) ++.BR arpsnmp (8).) + .SH FILES + .na + .nh +@@ -79,7 +79,7 @@ + .na + .nh + .BR arpwatch (8), +-.BR snmpwalk (8), ++.BR snmpwalk (1), + .BR arp (8) + .ad + .hy diff --git a/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch b/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch new file mode 100644 index 0000000000..784deb015b --- /dev/null +++ b/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch @@ -0,0 +1,20 @@ +--- arpwatch-2.1a15/arpwatch.c.bogon 2007-08-09 13:53:47.000000000 +0200 ++++ arpwatch-2.1a15/arpwatch.c 2007-08-09 13:58:17.000000000 +0200 +@@ -730,11 +730,12 @@ addnet(register const char *str) + + /* XXX hack */ + n = ntohl(inet_addr(tstr)); +- while ((n & 0xff000000) == 0) { +- n <<= 8; +- if (n == 0) +- return (0); +- } ++ if (n || width != 32) ++ while ((n & 0xff000000) == 0) { ++ n <<= 8; ++ if (n == 0) ++ return (0); ++ } + n = htonl(n); + + if (width != 0) { diff --git a/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch b/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch new file mode 100644 index 0000000000..502404ec59 --- /dev/null +++ b/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch @@ -0,0 +1,173 @@ +diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in +--- arpwatch-2.1a15/Makefile.in.extraman 2009-12-14 18:01:27.000000000 +0100 ++++ arpwatch-2.1a15/Makefile.in 2010-03-30 15:11:30.000000000 +0200 +@@ -118,6 +118,10 @@ install-man: force + $(DESTDIR)$(MANDEST)/man8 + $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \ + $(DESTDIR)$(MANDEST)/man8 ++ $(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \ ++ $(DESTDIR)$(MANDEST)/man8 ++ $(INSTALL) -m 644 $(srcdir)/massagevendor.8 \ ++ $(DESTDIR)$(MANDEST)/man8 + + lint: $(GENSRC) force + lint -hbxn $(SRC) | \ +diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8 +--- arpwatch-2.1a15/arp2ethers.8.extraman 2010-03-30 15:12:37.000000000 +0200 ++++ arpwatch-2.1a15/arp2ethers.8 2010-03-30 15:53:01.000000000 +0200 +@@ -0,0 +1,60 @@ ++.TH ARP2ETHERS 8 ++.SH NAME ++arp2ethers \- convert arpwatch address database to ethers file format ++.SH SYNOPSIS ++.na ++.B arp2ethers ++.ad ++.SH "DESCRIPTION" ++.B arp2ethers ++converts file ++.IR arp.dat ++in the current directory into ++.BR ethers(5) ++format on ++.IR stdout . ++Usually ++.IR arp.dat ++is an ethernet/ip database file generated by ++.BR arpwatch(8) . ++The arpwatch daemon in Debian will create different ++.IR arp.dat ++depending on its configuration. All of them will be available at ++.IR /var/lib/arpwatch/ . ++.SH FILES ++.na ++.nh ++.nf ++/var/lib/arpwatch - default directory for arp.dat ++arp.dat - ethernet/ip address database ++.ad ++.hy ++.fi ++.SH "SEE ALSO" ++.na ++.nh ++.BR arpwatch (8), ++.BR ethers (5), ++.BR rarp (8), ++.BR arp (8), ++.ad ++.hy ++.SH BUGS ++Please send bug reports to arpwatch@ee.lbl.gov. ++.SH AUTHORS ++.LP ++Original version by Craig Leres of the Lawrence Berkeley ++National Laboratory Network Research Group, University of ++California, Berkeley, CA. ++.LP ++Modified for the Debian Project by Peter Kelemen, with ++additions from Erik Warmelink. ++.LP ++The current version is available via anonymous ftp: ++.LP ++.RS ++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz ++.RE ++.LP ++This manual page was contributed by Hugo Graumann. ++ +diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8 +--- arpwatch-2.1a15/massagevendor.8.extraman 2010-03-30 15:15:18.000000000 +0200 ++++ arpwatch-2.1a15/massagevendor.8 2010-03-30 15:15:18.000000000 +0200 +@@ -0,0 +1,91 @@ ++.TH MASSAGEVENDOR 8 ++.SH NAME ++massagevendor \- convert the ethernet vendor codes master list to arpwatch format ++.SH SYNOPSIS ++.na ++massagevendor ++.I vendorfile ++.SH "DESCRIPTION" ++.B massagevendor ++is a program that converts a text file containing ethernet vendor codes ++into a format suitable for use by ++.B arpwatch(8) ++and ++.B arpsnmp(8). ++The input ++.I vendorfile ++is a master text file containing vendor codes. The output ++is sent to ++.I stdout. ++Each line of the ++.I vendorfile ++is expected to have a six digit hexadecimal vendor code ++followed by spaces followed by the name of the manufacturer. ++.LP ++All ethernet devices have a unique identifier which ++includes a vendor code specifying the manufacturer of the ++device. In normal operation ++.B arpwatch(8) ++and ++.B arpsnmp(8) ++use the file ++.I ethercodes.dat ++to report this vendor code. ++.B massagevendor ++is used to generate the ++.I ethercodes.dat ++file from text files containing these vendor codes. ++.LP ++Locations where an ethernet vendor codes master text file ++can be obtained are given below. ++.SH FILES ++.na ++.nh ++.nf ++/var/lib/arpwatch - default location of the ethernet vendor list ++ethercodes.dat - file containing the list of ethernet vendor codes ++.ad ++.hy ++.fi ++.SH "SEE ALSO" ++.na ++.nh ++.BR arpwatch(8), ++.BR arpsnmp(8) ++.ad ++.hy ++.SH NOTES ++Sources for ethernet vendor codes seen in the wild are ++.LP ++.na ++.nh ++.nf ++.RS ++.I http://map-ne.com/Ethernet/vendor.html ++.I ftp://ftp.cavebear.com/pub/Ethernet.txt ++.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html ++.RE ++.ad ++.hy ++.LP ++Useful for comparison or completeness are the ++ethernet vendor codes as assigned ++by the IEEE which can be found at ++.LP ++.RS ++.I http://standards.ieee.org/regauth/oui/oui.txt ++.RE ++.SH BUGS ++Please send bug reports to arpwatch@ee.lbl.gov. ++.SH AUTHORS ++Craig Leres of the ++Lawrence Berkeley National Laboratory Network Research Group, ++University of California, Berkeley, CA. ++.LP ++The current version is available via anonymous ftp: ++.LP ++.RS ++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz ++.RE ++.LP ++This manual page was contributed by Hugo Graumann. diff --git a/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch b/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch new file mode 100644 index 0000000000..13382bc79d --- /dev/null +++ b/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch @@ -0,0 +1,10 @@ +--- arpwatch-2.1a15/configure.nolocalpcap 2006-06-21 22:32:38.000000000 +0200 ++++ arpwatch-2.1a15/configure 2006-11-09 15:04:35.000000000 +0100 +@@ -4956,6 +4956,7 @@ + places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ + egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'` + for dir in $places ../libpcap libpcap ; do ++ break + basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'` + if test $lastdir = $basedir ; then + continue; diff --git a/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch b/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch new file mode 100644 index 0000000000..313c794d0c --- /dev/null +++ b/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch @@ -0,0 +1,20 @@ +--- arpwatch-2.1a4/Makefile.in.fhs Sun Jun 18 08:26:28 2000 ++++ arpwatch-2.1a4/Makefile.in Sun Jun 18 08:27:21 2000 +@@ -109,13 +109,13 @@ + $(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil + + install: force +- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST) ++ $(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST) + + install-man: force +- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \ ++ $(INSTALL) -m 644 $(srcdir)/arpwatch.8 \ + $(DESTDIR)$(MANDEST)/man8 +- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \ ++ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \ + $(DESTDIR)$(MANDEST)/man8 + + lint: $(GENSRC) force diff --git a/network/arpwatch/patches/arpwatch-addr.patch b/network/arpwatch/patches/arpwatch-addr.patch new file mode 100644 index 0000000000..5647ff811f --- /dev/null +++ b/network/arpwatch/patches/arpwatch-addr.patch @@ -0,0 +1,232 @@ +--- arpwatch-2.1a11/addresses.h.in.addr Wed Jun 5 00:40:29 1996 ++++ arpwatch-2.1a11/addresses.h.in Wed Jul 31 17:39:38 2002 +@@ -1,2 +1,4 @@ + #define WATCHER "root" +-#define WATCHEE "arpwatch (Arpwatch)" ++#define WATCHEE "root (Arpwatch)" ++extern char *watcher; ++extern char *watchee; +--- arpwatch-2.1a11/arpsnmp.8.addr Sun Sep 17 15:34:48 2000 ++++ arpwatch-2.1a11/arpsnmp.8 Fri Aug 2 15:15:31 2002 +@@ -30,6 +30,12 @@ + ] [ + .B -f + .I datafile ++] [ ++.B -e ++.I username ++] [ ++.B -s ++.I username + ] + .I file + [ +@@ -59,6 +65,27 @@ + .I arp.dat + file must be created before the first time you run + .BR arpsnmp . ++.LP ++If the ++.B -e ++flag is used, ++.B arpsnmp ++sends e-mail messages to ++.I username ++rather than the default (root). ++If a single `-' character is given for the username, ++sending of e-mail is suppressed, ++but logging via syslog is still done as usual. ++(This can be useful during initial runs, to collect data ++without being flooded with messages about new stations.) ++.LP ++If the ++.B -s ++flag is used, ++.B arpsnmp ++sends e-mail messages with ++.I username ++as the return address, rather than the default (root). + .LP + .SH "REPORT MESSAGES" + (See the +--- arpwatch-2.1a11/arpsnmp.c.addr Sun Jan 17 19:47:40 1999 ++++ arpwatch-2.1a11/arpsnmp.c Fri Aug 2 15:17:16 2002 +@@ -59,6 +59,7 @@ + #include "file.h" + #include "machdep.h" + #include "util.h" ++#include "addresses.h" + + /* Forwards */ + int main(int, char **); +@@ -90,7 +91,7 @@ + } + + opterr = 0; +- while ((op = getopt(argc, argv, "df:")) != EOF) ++ while ((op = getopt(argc, argv, "df:e:s:")) != EOF) + switch (op) { + + case 'd': +@@ -105,6 +106,24 @@ + arpfile = optarg; + break; + ++ case 'e': ++ if ( optarg ) { ++ watcher = strdup(optarg); ++ } else { ++ (void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog); ++ usage(); ++ } ++ break; ++ ++ case 's': ++ if ( optarg ) { ++ watchee = strdup(optarg); ++ } else { ++ (void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog); ++ usage(); ++ } ++ break; ++ + default: + usage(); + } +@@ -184,6 +203,6 @@ + + (void)fprintf(stderr, "Version %s\n", version); + (void)fprintf(stderr, +- "usage: %s [-d] [-f datafile] file [...]\n", prog); ++ "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog); + exit(1); + } +--- arpwatch-2.1a11/arpwatch.8.addr Thu Aug 1 13:45:36 2002 ++++ arpwatch-2.1a11/arpwatch.8 Thu Aug 1 14:08:05 2002 +@@ -46,6 +46,12 @@ + ] [ + .B -u + .I username ++] [ ++.B -e ++.I username ++] [ ++.B -s ++.I username + ] + .ad + .SH DESCRIPTION +@@ -106,6 +112,27 @@ + and group ID to that of the primary group of + .IR username . + This is recommended for security reasons. ++.LP ++If the ++.B -e ++flag is used, ++.B arpwatch ++sends e-mail messages to ++.I username ++rather than the default (root). ++If a single `-' character is given for the username, ++sending of e-mail is suppressed, ++but logging via syslog is still done as usual. ++(This can be useful during initial runs, to collect data ++without being flooded with messages about new stations.) ++.LP ++If the ++.B -s ++flag is used, ++.B arpwatch ++sends e-mail messages with ++.I username ++as the return address, rather than the default (root). + .LP + Note that an empty + .I arp.dat +--- arpwatch-2.1a11/arpwatch.c.addr Thu Aug 1 13:45:36 2002 ++++ arpwatch-2.1a11/arpwatch.c Thu Aug 1 13:47:35 2002 +@@ -78,6 +78,7 @@ + #include "machdep.h" + #include "setsignal.h" + #include "util.h" ++#include "addresses.h" + + /* Some systems don't define these */ + #ifndef ETHERTYPE_REVARP +@@ -190,7 +191,7 @@ + interface = NULL; + rfilename = NULL; + pd = NULL; +- while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF) ++ while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF) + switch (op) { + + case 'd': +@@ -232,6 +233,26 @@ + } + break; + ++ case 'e': ++ if ( optarg ) { ++ watcher = strdup(optarg); ++ } ++ else { ++ fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog); ++ usage(); ++ } ++ break; ++ ++ case 's': ++ if ( optarg ) { ++ watchee = strdup(optarg); ++ } ++ else { ++ fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog); ++ usage(); ++ } ++ break; ++ + default: + usage(); + } +@@ -784,6 +805,7 @@ + + (void)fprintf(stderr, "Version %s\n", version); + (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]" +- " [-n net[/width]] [-r file] [-u username]\n", prog); ++ " [-n net[/width]] [-r file] [-u username]" ++ " [-e username] [-s username]\n", prog); + exit(1); + } +--- arpwatch-2.1a11/report.c.addr Sat Sep 30 18:41:10 2000 ++++ arpwatch-2.1a11/report.c Thu Aug 1 14:16:43 2002 +@@ -70,6 +70,9 @@ + + #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s") + ++char *watcher = WATCHER; ++char *watchee = WATCHEE; ++ + static int cdepth; /* number of outstanding children */ + + static char *fmtdate(time_t); +@@ -240,8 +243,6 @@ + register FILE *f; + char tempfile[64], cpu[64], os[64]; + char *fmt = "%20s: %s\n"; +- char *watcher = WATCHER; +- char *watchee = WATCHEE; + char *sendmail = PATH_SENDMAIL; + char *unknown = ""; + char buf[132]; +@@ -258,6 +259,9 @@ + } + f = stdout; + (void)putc('\n', f); ++ } else if (watcher == NULL || *watcher == NULL || *watcher == '-') { ++ dosyslog(LOG_NOTICE, title, a, e1, e2); ++ return; + } else { + /* Setup child reaper if we haven't already */ + if (!init) { diff --git a/network/arpwatch/patches/arpwatch-dir-man.patch b/network/arpwatch/patches/arpwatch-dir-man.patch new file mode 100644 index 0000000000..673a600df7 --- /dev/null +++ b/network/arpwatch/patches/arpwatch-dir-man.patch @@ -0,0 +1,22 @@ +--- arpwatch-2.1a15/arpsnmp.8.dirman 2006-11-02 17:00:58.000000000 +0100 ++++ arpwatch-2.1a15/arpsnmp.8 2006-11-02 17:23:58.000000000 +0100 +@@ -96,7 +96,7 @@ + .na + .nh + .nf +-/usr/operator/arpwatch - default directory ++/var/lib/arpwatch - default directory + arp.dat - ethernet/ip address database + ethercodes.dat - vendor ethernet block list + .ad +--- arpwatch-2.1a15/arpwatch.8.dirman 2006-11-02 17:00:58.000000000 +0100 ++++ arpwatch-2.1a15/arpwatch.8 2006-11-02 17:24:07.000000000 +0100 +@@ -198,7 +198,7 @@ + .na + .nh + .nf +-/usr/operator/arpwatch - default directory ++/var/lib/arpwatch - default directory + arp.dat - ethernet/ip address database + ethercodes.dat - vendor ethernet block list + .ad diff --git a/network/arpwatch/patches/arpwatch-drop-man.patch b/network/arpwatch/patches/arpwatch-drop-man.patch new file mode 100644 index 0000000000..f183b2164e --- /dev/null +++ b/network/arpwatch/patches/arpwatch-drop-man.patch @@ -0,0 +1,48 @@ +--- arpwatch.8.orig Sun Oct 8 23:31:28 2000 ++++ arpwatch.8 Mon Oct 16 16:46:19 2000 +@@ -36,13 +36,16 @@ + .I interface + ] + .br +-.ti +8 ++.ti +9 + [ + .B -n + .IR net [/ width + ]] [ + .B -r + .I file ++] [ ++.B -u ++.I username + ] + .ad + .SH DESCRIPTION +@@ -94,10 +97,26 @@ + .B arpwatch + does not fork. + .LP ++If ++.B -u ++flag is used, ++.B arpwatch ++drops root privileges and changes user ID to ++.I username ++and group ID to that of the primary group of ++.IR username . ++This is recommended for security reasons. ++.LP + Note that an empty + .I arp.dat + file must be created before the first time you run +-.BR arpwatch . ++.BR arpwatch . ++Also, the default directory (where arp.dat is stored) must be owned ++by ++.I username ++if ++.BR -u ++flag is used. + .LP + .SH "REPORT MESSAGES" + Here's a quick list of the report messages generated by diff --git a/network/arpwatch/patches/arpwatch-drop.patch b/network/arpwatch/patches/arpwatch-drop.patch new file mode 100644 index 0000000000..916a4b1142 --- /dev/null +++ b/network/arpwatch/patches/arpwatch-drop.patch @@ -0,0 +1,93 @@ +--- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000 ++++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001 +@@ -62,7 +62,7 @@ + #include + #include + #include +- ++#include + #include + + #include "gnuc.h" +@@ -141,6 +141,25 @@ + int sanity_fddi(struct fddi_header *, struct ether_arp *, int); + __dead void usage(void) __attribute__((volatile)); + ++void dropprivileges(const char* user) ++{ ++ struct passwd* pw; ++ pw = getpwnam( user ); ++ if ( pw ) { ++ if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 || ++ setuid(pw->pw_uid) != 0 ) { ++ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user, ++ pw->pw_uid, pw->pw_gid); ++ exit(1); ++ } ++ } ++ else { ++ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user); ++ exit(1); ++ } ++ syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid()); ++} ++ + int + main(int argc, char **argv) + { +@@ -153,6 +172,7 @@ + register char *interface, *rfilename; + struct bpf_program code; + char errbuf[PCAP_ERRBUF_SIZE]; ++ char* serveruser = NULL; + + if (argv[0] == NULL) + prog = "arpwatch"; +@@ -170,7 +190,7 @@ + interface = NULL; + rfilename = NULL; + pd = NULL; +- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF) ++ while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF) + switch (op) { + + case 'd': +@@ -202,6 +222,16 @@ + rfilename = optarg; + break; + ++ case 'u': ++ if ( optarg ) { ++ serveruser = strdup(optarg); ++ } ++ else { ++ fprintf(stderr, "%s: Need username after -u\n", prog); ++ usage(); ++ } ++ break; ++ + default: + usage(); + } +@@ -283,8 +313,11 @@ + * Revert to non-privileged user after opening sockets + * (not needed on most systems). + */ +- setgid(getgid()); +- setuid(getuid()); ++ /*setgid(getgid());*/ ++ /*setuid(getuid());*/ ++ if ( serveruser ) { ++ dropprivileges( serveruser ); ++ } + + /* Must be ethernet or fddi */ + linktype = pcap_datalink(pd); +@@ -751,6 +784,6 @@ + + (void)fprintf(stderr, "Version %s\n", version); + (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]" +- " [-n net[/width]] [-r file]\n", prog); ++ " [-n net[/width]] [-r file] [-u username]\n", prog); + exit(1); + } diff --git a/network/arpwatch/patches/arpwatch-scripts.patch b/network/arpwatch/patches/arpwatch-scripts.patch new file mode 100644 index 0000000000..994dd1bd27 --- /dev/null +++ b/network/arpwatch/patches/arpwatch-scripts.patch @@ -0,0 +1,27 @@ +--- arpwatch-2.1a15/arp2ethers.scripts 2002-01-05 20:40:48.000000000 +0100 ++++ arpwatch-2.1a15/arp2ethers 2006-11-09 14:34:42.000000000 +0100 +@@ -13,7 +13,7 @@ + # - sort + # + +-sort +2rn arp.dat | \ ++sort -k 2 -rn arp.dat | \ + awk 'NF == 4 { print }' | \ + awk -f p.awk | \ + egrep -v '\.[0-9][0-9]*$' | \ +--- arpwatch-2.1a15/arpfetch.scripts 2006-07-28 20:10:30.000000000 +0200 ++++ arpwatch-2.1a15/arpfetch 2006-11-09 14:37:05.000000000 +0100 +@@ -4,8 +4,6 @@ + # arpfetch - collect arp data from a cisco using net-snmp + # + +-export PATH="/usr/local/bin:${PATH}" +- + prog=`basename $0` + + if [ $# -ne 2 ]; then +@@ -30,4 +28,3 @@ + print ea "\t" ip + }' + +-rm -f ${t1} diff --git a/network/arpwatch/rc.arpwatch b/network/arpwatch/rc.arpwatch new file mode 100644 index 0000000000..9bf52da1d3 --- /dev/null +++ b/network/arpwatch/rc.arpwatch @@ -0,0 +1,63 @@ +#!/bin/sh +# +# /etc/rc.d/rc./arpwatch +# +# Start/stop/restart/status arpwatch. + +ARPDIR="/var/lib/arpwatch" +IFACE="$2" + +OPTIONS="-i $IFACE -f $ARPDIR/arp-$IFACE.dat -u root -e root -s root" + +pid="$(ps ax | awk '{if (match($5, ".*/arpwatch$") || $5 == "arpwatch") print $1}')" + +start() { + if [ "$IFACE" = "" ]; then + echo "Please specify interface name" + exit 1 + else + if [ ! -f "$ARPDIR/arp-$IFACE.dat" ]; then + echo "Creating new database file..." + touch $ARPDIR/arp-$IFACE.dat + echo "Starting arpwatch on $IFACE..." + arpwatch $OPTIONS + else + echo "Starting arpwatch on $IFACE..." + arpwatch $OPTIONS + fi + fi +} + +stop() { + echo "Stopping arpwatch..." + killall arpwatch +} + +status() { + if [ "$pid" != "" ]; then + echo "arpwatch (pid "$pid") is running..." + else + echo "arpwatch is not running..." + fi +} + +case "$1" in +'start') + start + ;; +'stop') + stop + ;; +'restart') + stop + start + ;; +'status') + status + ;; +*) + echo "" + echo "Usage: $0 {start [IFACE] | stop | restart [IFACE] | status}" + echo "" + exit 1 +esac diff --git a/network/arpwatch/slack-desc b/network/arpwatch/slack-desc new file mode 100644 index 0000000000..bbb390ba7b --- /dev/null +++ b/network/arpwatch/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier +to edit a package description. Line # up the first '|' above the +':' following the base package name, and the '|' # on the right +side marks the last column you can put a character in. You must # +make exactly 11 lines for the formatting to be correct. It's also # +customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +arpwatch: arpwatch (Monitoring tools for tracking IP addresses on a network) +arpwatch: +arpwatch: The arpwatch package contains arpwatch and arpsnmp. Arpwatch and +arpwatch: arpsnmp are both network monitoring tools. Both utilities monitor +arpwatch: Ethernet or FDDI network traffic and build databases of Ethernet/IP +arpwatch: address pairs, and can report certain changes via email. +arpwatch: +arpwatch: +arpwatch: Homepage: http://ee.lbl.gov/ +arpwatch: +arpwatch: -- cgit v1.2.3-65-gdbad