mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
network/arpwatch: Added (for tracking IP addresses on a network)
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
This commit is contained in:
parent
a80381f7a5
commit
77dd75eaef
17 changed files with 929 additions and 0 deletions
8
network/arpwatch/README
Normal file
8
network/arpwatch/README
Normal file
|
@ -0,0 +1,8 @@
|
|||
The arpwatch package contains arpwatch and arpsnmp. Arpwatch and
|
||||
arpsnmp are both network monitoring tools. Both utilities monitor
|
||||
Ethernet or FDDI network traffic and build databases of Ethernet/IP
|
||||
address pairs, and can report certain changes via email.
|
||||
|
||||
Install the arpwatch package if you need networking monitoring devices
|
||||
which will automatically keep track of the IP addresses on your
|
||||
network.
|
26
network/arpwatch/README.ethercodes
Normal file
26
network/arpwatch/README.ethercodes
Normal file
|
@ -0,0 +1,26 @@
|
|||
README.ethercodes
|
||||
=================
|
||||
|
||||
This file contains some specific instructions to complete the
|
||||
installation of arpwatch on Slackware.
|
||||
|
||||
1) After installing the arpwatch package
|
||||
----------------------------------------
|
||||
|
||||
1.1) Change current location to the arpwatch working directory:
|
||||
|
||||
# cd /var/lib/arpwatch
|
||||
|
||||
1.2) Download newest MAC addresses database:
|
||||
|
||||
# wget http://standards.ieee.org/regauth/oui/oui.txt
|
||||
|
||||
1.3) Convert it into ethercodes.dat format using script included in arpwatch source:
|
||||
|
||||
# ./massagevendor oui.txt > ethercodes.dat
|
||||
|
||||
1.4) Remove unnecessary database file:
|
||||
|
||||
# rm -f oui.txt
|
||||
|
||||
1.5) Congratulations, you have just created ethercodes.dat file with the newest MAC adresses.
|
105
network/arpwatch/arpwatch.SlackBuild
Normal file
105
network/arpwatch/arpwatch.SlackBuild
Normal file
|
@ -0,0 +1,105 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Slackware build script for arpwatch
|
||||
# Written by Michal Bialozor <bialyy@o2.pl>
|
||||
|
||||
PRGNAM=arpwatch
|
||||
VERSION=2.1a15
|
||||
BUILD=${BUILD:-1}
|
||||
TAG=${TAG:-_SBo}
|
||||
|
||||
# Automatically determine the architecture we're building on:
|
||||
if [ -z "$ARCH" ]; then
|
||||
case "$( uname -m )" in
|
||||
i?86) ARCH=i486 ;;
|
||||
arm*) ARCH=arm ;;
|
||||
# Unless $ARCH is already set, use uname -m for all other archs:
|
||||
*) ARCH=$( uname -m ) ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
CWD=$(pwd)
|
||||
TMP=${TMP:-/tmp/SBo}
|
||||
PKG=$TMP/package-$PRGNAM
|
||||
OUTPUT=${OUTPUT:-/tmp}
|
||||
|
||||
if [ "$ARCH" = "i486" ]; then
|
||||
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "i686" ]; then
|
||||
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
|
||||
LIBDIRSUFFIX=""
|
||||
elif [ "$ARCH" = "x86_64" ]; then
|
||||
SLKCFLAGS="-O2 -fPIC"
|
||||
LIBDIRSUFFIX="64"
|
||||
else
|
||||
SLKCFLAGS="-O2"
|
||||
LIBDIRSUFFIX=""
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf $PKG
|
||||
mkdir -p $TMP $PKG $OUTPUT
|
||||
cd $TMP
|
||||
rm -rf $PRGNAM-$VERSION
|
||||
tar xvf $CWD/$PRGNAM.tar.gz
|
||||
cd $PRGNAM-$VERSION
|
||||
chown -R root:root .
|
||||
find . \
|
||||
\( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
|
||||
-exec chmod 755 {} \; -o \
|
||||
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
|
||||
-exec chmod 644 {} \;
|
||||
|
||||
cat $CWD/patches/arpwatch-2.1a4-fhs.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-2.1a10-man.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-drop.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-drop-man.patch | patch --verbose -p0 || exit 1
|
||||
cat $CWD/patches/arpwatch-addr.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-dir-man.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-scripts.patch | patch --verbose -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-2.1a15-nolocalpcap.patch | patch -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-2.1a15-bogon.patch | patch -p1 || exit 1
|
||||
cat $CWD/patches/arpwatch-2.1a15-extraman.patch | patch --verbose -p1 || exit 1
|
||||
|
||||
CFLAGS="$SLKCFLAGS" \
|
||||
CXXFLAGS="$SLKCFLAGS" \
|
||||
./configure \
|
||||
--prefix=/usr \
|
||||
--bindir=/usr/sbin \
|
||||
--sbindir=/usr/sbin \
|
||||
--localstatedir=/var \
|
||||
--mandir=/usr/man \
|
||||
--build=$ARCH-slackware-linux
|
||||
|
||||
mkdir -p $PKG/usr/sbin
|
||||
mkdir -p $PKG/usr/man/man8
|
||||
|
||||
make ARPDIR=/var/lib/$PRGNAM
|
||||
make install install-man DESTDIR=$PKG
|
||||
|
||||
find $PKG | xargs file | grep -e "executable" -e "shared object"| grep ELF | \
|
||||
cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
|
||||
|
||||
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
||||
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
||||
|
||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cp -a CHANGES INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION
|
||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||
cat $CWD/README.ethercodes > $PKG/usr/doc/$PRGNAM-$VERSION/README.ethercodes
|
||||
|
||||
mkdir -p $PKG/var/lib/$PRGNAM
|
||||
cp -a arp.dat ethercodes.dat arp2ethers arpfetch massagevendor massagevendor-old \
|
||||
d.awk duplicates.awk e.awk euppertolower.awk p.awk $PKG/var/lib/$PRGNAM
|
||||
|
||||
mkdir -p $PKG/install
|
||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||
|
||||
mkdir -p $PKG/etc/rc.d
|
||||
cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new
|
||||
|
||||
cd $PKG
|
||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
10
network/arpwatch/arpwatch.info
Normal file
10
network/arpwatch/arpwatch.info
Normal file
|
@ -0,0 +1,10 @@
|
|||
PRGNAM="arpwatch"
|
||||
VERSION="2.1a15"
|
||||
HOMEPAGE="http://ee.lbl.gov/"
|
||||
DOWNLOAD="ftp://ftp.ee.lbl.gov/arpwatch.tar.gz"
|
||||
MD5SUM="cebfeb99c4a7c2a6cee2564770415fe7"
|
||||
DOWNLOAD_x86_64=""
|
||||
MD5SUM_x86_64=""
|
||||
MAINTAINER="Michal Bialozor"
|
||||
EMAIL="bialyy@o2.pl"
|
||||
APPROVED="dsomero"
|
20
network/arpwatch/doinst.sh
Normal file
20
network/arpwatch/doinst.sh
Normal file
|
@ -0,0 +1,20 @@
|
|||
config() {
|
||||
NEW="$1"
|
||||
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||
# If there's no config file by that name, mv it over:
|
||||
if [ ! -r $OLD ]; then
|
||||
mv $NEW $OLD
|
||||
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
|
||||
rm $NEW
|
||||
fi
|
||||
# Otherwise, we leave the .new copy for the admin to consider...
|
||||
}
|
||||
|
||||
# Keep same perms on rc.arpwatch.new:
|
||||
if [ -e etc/rc.d/rc.arpwatch ]; then
|
||||
cp -a etc/rc.d/rc.arpwatch etc/rc.d/rc.arpwatch.new.incoming
|
||||
cat etc/rc.d/rc.arpwatch.new > etc/rc.d/rc.arpwatch.new.incoming
|
||||
mv etc/rc.d/rc.arpwatch.new.incoming etc/rc.d/rc.arpwatch.new
|
||||
fi
|
||||
|
||||
config etc/rc.d/rc.arpwatch.new
|
33
network/arpwatch/patches/arpwatch-2.1a10-man.patch
Normal file
33
network/arpwatch/patches/arpwatch-2.1a10-man.patch
Normal file
|
@ -0,0 +1,33 @@
|
|||
diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
|
||||
--- arpwatch-2.1a10/arpsnmp.8 Sun Sep 17 23:34:48 2000
|
||||
+++ arpwatch-2.1a10.man/arpsnmp.8 Sun Dec 31 02:00:54 2000
|
||||
@@ -41,7 +41,7 @@
|
||||
and reports certain changes via email.
|
||||
.B Arpsnmp
|
||||
reads information from a file (usually generated by
|
||||
-.BR snmpwalk (8)).
|
||||
+.BR snmpwalk (1)).
|
||||
.LP
|
||||
The
|
||||
.B -d
|
||||
@@ -62,9 +62,9 @@
|
||||
.LP
|
||||
.SH "REPORT MESSAGES"
|
||||
(See the
|
||||
-.BR arpwatch (1)
|
||||
+.BR arpwatch (8)
|
||||
man page for details on the report messages generated by
|
||||
-.BR arpsnmp (1).)
|
||||
+.BR arpsnmp (8).)
|
||||
.SH FILES
|
||||
.na
|
||||
.nh
|
||||
@@ -79,7 +79,7 @@
|
||||
.na
|
||||
.nh
|
||||
.BR arpwatch (8),
|
||||
-.BR snmpwalk (8),
|
||||
+.BR snmpwalk (1),
|
||||
.BR arp (8)
|
||||
.ad
|
||||
.hy
|
20
network/arpwatch/patches/arpwatch-2.1a15-bogon.patch
Normal file
20
network/arpwatch/patches/arpwatch-2.1a15-bogon.patch
Normal file
|
@ -0,0 +1,20 @@
|
|||
--- arpwatch-2.1a15/arpwatch.c.bogon 2007-08-09 13:53:47.000000000 +0200
|
||||
+++ arpwatch-2.1a15/arpwatch.c 2007-08-09 13:58:17.000000000 +0200
|
||||
@@ -730,11 +730,12 @@ addnet(register const char *str)
|
||||
|
||||
/* XXX hack */
|
||||
n = ntohl(inet_addr(tstr));
|
||||
- while ((n & 0xff000000) == 0) {
|
||||
- n <<= 8;
|
||||
- if (n == 0)
|
||||
- return (0);
|
||||
- }
|
||||
+ if (n || width != 32)
|
||||
+ while ((n & 0xff000000) == 0) {
|
||||
+ n <<= 8;
|
||||
+ if (n == 0)
|
||||
+ return (0);
|
||||
+ }
|
||||
n = htonl(n);
|
||||
|
||||
if (width != 0) {
|
173
network/arpwatch/patches/arpwatch-2.1a15-extraman.patch
Normal file
173
network/arpwatch/patches/arpwatch-2.1a15-extraman.patch
Normal file
|
@ -0,0 +1,173 @@
|
|||
diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
|
||||
--- arpwatch-2.1a15/Makefile.in.extraman 2009-12-14 18:01:27.000000000 +0100
|
||||
+++ arpwatch-2.1a15/Makefile.in 2010-03-30 15:11:30.000000000 +0200
|
||||
@@ -118,6 +118,10 @@ install-man: force
|
||||
$(DESTDIR)$(MANDEST)/man8
|
||||
$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
|
||||
$(DESTDIR)$(MANDEST)/man8
|
||||
+ $(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
|
||||
+ $(DESTDIR)$(MANDEST)/man8
|
||||
+ $(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
|
||||
+ $(DESTDIR)$(MANDEST)/man8
|
||||
|
||||
lint: $(GENSRC) force
|
||||
lint -hbxn $(SRC) | \
|
||||
diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
|
||||
--- arpwatch-2.1a15/arp2ethers.8.extraman 2010-03-30 15:12:37.000000000 +0200
|
||||
+++ arpwatch-2.1a15/arp2ethers.8 2010-03-30 15:53:01.000000000 +0200
|
||||
@@ -0,0 +1,60 @@
|
||||
+.TH ARP2ETHERS 8
|
||||
+.SH NAME
|
||||
+arp2ethers \- convert arpwatch address database to ethers file format
|
||||
+.SH SYNOPSIS
|
||||
+.na
|
||||
+.B arp2ethers
|
||||
+.ad
|
||||
+.SH "DESCRIPTION"
|
||||
+.B arp2ethers
|
||||
+converts file
|
||||
+.IR arp.dat
|
||||
+in the current directory into
|
||||
+.BR ethers(5)
|
||||
+format on
|
||||
+.IR stdout .
|
||||
+Usually
|
||||
+.IR arp.dat
|
||||
+is an ethernet/ip database file generated by
|
||||
+.BR arpwatch(8) .
|
||||
+The arpwatch daemon in Debian will create different
|
||||
+.IR arp.dat
|
||||
+depending on its configuration. All of them will be available at
|
||||
+.IR /var/lib/arpwatch/ .
|
||||
+.SH FILES
|
||||
+.na
|
||||
+.nh
|
||||
+.nf
|
||||
+/var/lib/arpwatch - default directory for arp.dat
|
||||
+arp.dat - ethernet/ip address database
|
||||
+.ad
|
||||
+.hy
|
||||
+.fi
|
||||
+.SH "SEE ALSO"
|
||||
+.na
|
||||
+.nh
|
||||
+.BR arpwatch (8),
|
||||
+.BR ethers (5),
|
||||
+.BR rarp (8),
|
||||
+.BR arp (8),
|
||||
+.ad
|
||||
+.hy
|
||||
+.SH BUGS
|
||||
+Please send bug reports to arpwatch@ee.lbl.gov.
|
||||
+.SH AUTHORS
|
||||
+.LP
|
||||
+Original version by Craig Leres of the Lawrence Berkeley
|
||||
+National Laboratory Network Research Group, University of
|
||||
+California, Berkeley, CA.
|
||||
+.LP
|
||||
+Modified for the Debian Project by Peter Kelemen, with
|
||||
+additions from Erik Warmelink.
|
||||
+.LP
|
||||
+The current version is available via anonymous ftp:
|
||||
+.LP
|
||||
+.RS
|
||||
+.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
|
||||
+.RE
|
||||
+.LP
|
||||
+This manual page was contributed by Hugo Graumann.
|
||||
+
|
||||
diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
|
||||
--- arpwatch-2.1a15/massagevendor.8.extraman 2010-03-30 15:15:18.000000000 +0200
|
||||
+++ arpwatch-2.1a15/massagevendor.8 2010-03-30 15:15:18.000000000 +0200
|
||||
@@ -0,0 +1,91 @@
|
||||
+.TH MASSAGEVENDOR 8
|
||||
+.SH NAME
|
||||
+massagevendor \- convert the ethernet vendor codes master list to arpwatch format
|
||||
+.SH SYNOPSIS
|
||||
+.na
|
||||
+massagevendor
|
||||
+.I vendorfile
|
||||
+.SH "DESCRIPTION"
|
||||
+.B massagevendor
|
||||
+is a program that converts a text file containing ethernet vendor codes
|
||||
+into a format suitable for use by
|
||||
+.B arpwatch(8)
|
||||
+and
|
||||
+.B arpsnmp(8).
|
||||
+The input
|
||||
+.I vendorfile
|
||||
+is a master text file containing vendor codes. The output
|
||||
+is sent to
|
||||
+.I stdout.
|
||||
+Each line of the
|
||||
+.I vendorfile
|
||||
+is expected to have a six digit hexadecimal vendor code
|
||||
+followed by spaces followed by the name of the manufacturer.
|
||||
+.LP
|
||||
+All ethernet devices have a unique identifier which
|
||||
+includes a vendor code specifying the manufacturer of the
|
||||
+device. In normal operation
|
||||
+.B arpwatch(8)
|
||||
+and
|
||||
+.B arpsnmp(8)
|
||||
+use the file
|
||||
+.I ethercodes.dat
|
||||
+to report this vendor code.
|
||||
+.B massagevendor
|
||||
+is used to generate the
|
||||
+.I ethercodes.dat
|
||||
+file from text files containing these vendor codes.
|
||||
+.LP
|
||||
+Locations where an ethernet vendor codes master text file
|
||||
+can be obtained are given below.
|
||||
+.SH FILES
|
||||
+.na
|
||||
+.nh
|
||||
+.nf
|
||||
+/var/lib/arpwatch - default location of the ethernet vendor list
|
||||
+ethercodes.dat - file containing the list of ethernet vendor codes
|
||||
+.ad
|
||||
+.hy
|
||||
+.fi
|
||||
+.SH "SEE ALSO"
|
||||
+.na
|
||||
+.nh
|
||||
+.BR arpwatch(8),
|
||||
+.BR arpsnmp(8)
|
||||
+.ad
|
||||
+.hy
|
||||
+.SH NOTES
|
||||
+Sources for ethernet vendor codes seen in the wild are
|
||||
+.LP
|
||||
+.na
|
||||
+.nh
|
||||
+.nf
|
||||
+.RS
|
||||
+.I http://map-ne.com/Ethernet/vendor.html
|
||||
+.I ftp://ftp.cavebear.com/pub/Ethernet.txt
|
||||
+.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
|
||||
+.RE
|
||||
+.ad
|
||||
+.hy
|
||||
+.LP
|
||||
+Useful for comparison or completeness are the
|
||||
+ethernet vendor codes as assigned
|
||||
+by the IEEE which can be found at
|
||||
+.LP
|
||||
+.RS
|
||||
+.I http://standards.ieee.org/regauth/oui/oui.txt
|
||||
+.RE
|
||||
+.SH BUGS
|
||||
+Please send bug reports to arpwatch@ee.lbl.gov.
|
||||
+.SH AUTHORS
|
||||
+Craig Leres of the
|
||||
+Lawrence Berkeley National Laboratory Network Research Group,
|
||||
+University of California, Berkeley, CA.
|
||||
+.LP
|
||||
+The current version is available via anonymous ftp:
|
||||
+.LP
|
||||
+.RS
|
||||
+.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
|
||||
+.RE
|
||||
+.LP
|
||||
+This manual page was contributed by Hugo Graumann.
|
10
network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch
Normal file
10
network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch
Normal file
|
@ -0,0 +1,10 @@
|
|||
--- arpwatch-2.1a15/configure.nolocalpcap 2006-06-21 22:32:38.000000000 +0200
|
||||
+++ arpwatch-2.1a15/configure 2006-11-09 15:04:35.000000000 +0100
|
||||
@@ -4956,6 +4956,7 @@
|
||||
places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
|
||||
egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
|
||||
for dir in $places ../libpcap libpcap ; do
|
||||
+ break
|
||||
basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
|
||||
if test $lastdir = $basedir ; then
|
||||
continue;
|
20
network/arpwatch/patches/arpwatch-2.1a4-fhs.patch
Normal file
20
network/arpwatch/patches/arpwatch-2.1a4-fhs.patch
Normal file
|
@ -0,0 +1,20 @@
|
|||
--- arpwatch-2.1a4/Makefile.in.fhs Sun Jun 18 08:26:28 2000
|
||||
+++ arpwatch-2.1a4/Makefile.in Sun Jun 18 08:27:21 2000
|
||||
@@ -109,13 +109,13 @@
|
||||
$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
|
||||
|
||||
install: force
|
||||
- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
|
||||
- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
|
||||
+ $(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
|
||||
+ $(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
|
||||
|
||||
install-man: force
|
||||
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
|
||||
+ $(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
|
||||
$(DESTDIR)$(MANDEST)/man8
|
||||
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
|
||||
+ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
|
||||
$(DESTDIR)$(MANDEST)/man8
|
||||
|
||||
lint: $(GENSRC) force
|
232
network/arpwatch/patches/arpwatch-addr.patch
Normal file
232
network/arpwatch/patches/arpwatch-addr.patch
Normal file
|
@ -0,0 +1,232 @@
|
|||
--- arpwatch-2.1a11/addresses.h.in.addr Wed Jun 5 00:40:29 1996
|
||||
+++ arpwatch-2.1a11/addresses.h.in Wed Jul 31 17:39:38 2002
|
||||
@@ -1,2 +1,4 @@
|
||||
#define WATCHER "root"
|
||||
-#define WATCHEE "arpwatch (Arpwatch)"
|
||||
+#define WATCHEE "root (Arpwatch)"
|
||||
+extern char *watcher;
|
||||
+extern char *watchee;
|
||||
--- arpwatch-2.1a11/arpsnmp.8.addr Sun Sep 17 15:34:48 2000
|
||||
+++ arpwatch-2.1a11/arpsnmp.8 Fri Aug 2 15:15:31 2002
|
||||
@@ -30,6 +30,12 @@
|
||||
] [
|
||||
.B -f
|
||||
.I datafile
|
||||
+] [
|
||||
+.B -e
|
||||
+.I username
|
||||
+] [
|
||||
+.B -s
|
||||
+.I username
|
||||
]
|
||||
.I file
|
||||
[
|
||||
@@ -59,6 +65,27 @@
|
||||
.I arp.dat
|
||||
file must be created before the first time you run
|
||||
.BR arpsnmp .
|
||||
+.LP
|
||||
+If the
|
||||
+.B -e
|
||||
+flag is used,
|
||||
+.B arpsnmp
|
||||
+sends e-mail messages to
|
||||
+.I username
|
||||
+rather than the default (root).
|
||||
+If a single `-' character is given for the username,
|
||||
+sending of e-mail is suppressed,
|
||||
+but logging via syslog is still done as usual.
|
||||
+(This can be useful during initial runs, to collect data
|
||||
+without being flooded with messages about new stations.)
|
||||
+.LP
|
||||
+If the
|
||||
+.B -s
|
||||
+flag is used,
|
||||
+.B arpsnmp
|
||||
+sends e-mail messages with
|
||||
+.I username
|
||||
+as the return address, rather than the default (root).
|
||||
.LP
|
||||
.SH "REPORT MESSAGES"
|
||||
(See the
|
||||
--- arpwatch-2.1a11/arpsnmp.c.addr Sun Jan 17 19:47:40 1999
|
||||
+++ arpwatch-2.1a11/arpsnmp.c Fri Aug 2 15:17:16 2002
|
||||
@@ -59,6 +59,7 @@
|
||||
#include "file.h"
|
||||
#include "machdep.h"
|
||||
#include "util.h"
|
||||
+#include "addresses.h"
|
||||
|
||||
/* Forwards */
|
||||
int main(int, char **);
|
||||
@@ -90,7 +91,7 @@
|
||||
}
|
||||
|
||||
opterr = 0;
|
||||
- while ((op = getopt(argc, argv, "df:")) != EOF)
|
||||
+ while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
|
||||
switch (op) {
|
||||
|
||||
case 'd':
|
||||
@@ -105,6 +106,24 @@
|
||||
arpfile = optarg;
|
||||
break;
|
||||
|
||||
+ case 'e':
|
||||
+ if ( optarg ) {
|
||||
+ watcher = strdup(optarg);
|
||||
+ } else {
|
||||
+ (void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
|
||||
+ usage();
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case 's':
|
||||
+ if ( optarg ) {
|
||||
+ watchee = strdup(optarg);
|
||||
+ } else {
|
||||
+ (void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
|
||||
+ usage();
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
@@ -184,6 +203,6 @@
|
||||
|
||||
(void)fprintf(stderr, "Version %s\n", version);
|
||||
(void)fprintf(stderr,
|
||||
- "usage: %s [-d] [-f datafile] file [...]\n", prog);
|
||||
+ "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
|
||||
exit(1);
|
||||
}
|
||||
--- arpwatch-2.1a11/arpwatch.8.addr Thu Aug 1 13:45:36 2002
|
||||
+++ arpwatch-2.1a11/arpwatch.8 Thu Aug 1 14:08:05 2002
|
||||
@@ -46,6 +46,12 @@
|
||||
] [
|
||||
.B -u
|
||||
.I username
|
||||
+] [
|
||||
+.B -e
|
||||
+.I username
|
||||
+] [
|
||||
+.B -s
|
||||
+.I username
|
||||
]
|
||||
.ad
|
||||
.SH DESCRIPTION
|
||||
@@ -106,6 +112,27 @@
|
||||
and group ID to that of the primary group of
|
||||
.IR username .
|
||||
This is recommended for security reasons.
|
||||
+.LP
|
||||
+If the
|
||||
+.B -e
|
||||
+flag is used,
|
||||
+.B arpwatch
|
||||
+sends e-mail messages to
|
||||
+.I username
|
||||
+rather than the default (root).
|
||||
+If a single `-' character is given for the username,
|
||||
+sending of e-mail is suppressed,
|
||||
+but logging via syslog is still done as usual.
|
||||
+(This can be useful during initial runs, to collect data
|
||||
+without being flooded with messages about new stations.)
|
||||
+.LP
|
||||
+If the
|
||||
+.B -s
|
||||
+flag is used,
|
||||
+.B arpwatch
|
||||
+sends e-mail messages with
|
||||
+.I username
|
||||
+as the return address, rather than the default (root).
|
||||
.LP
|
||||
Note that an empty
|
||||
.I arp.dat
|
||||
--- arpwatch-2.1a11/arpwatch.c.addr Thu Aug 1 13:45:36 2002
|
||||
+++ arpwatch-2.1a11/arpwatch.c Thu Aug 1 13:47:35 2002
|
||||
@@ -78,6 +78,7 @@
|
||||
#include "machdep.h"
|
||||
#include "setsignal.h"
|
||||
#include "util.h"
|
||||
+#include "addresses.h"
|
||||
|
||||
/* Some systems don't define these */
|
||||
#ifndef ETHERTYPE_REVARP
|
||||
@@ -190,7 +191,7 @@
|
||||
interface = NULL;
|
||||
rfilename = NULL;
|
||||
pd = NULL;
|
||||
- while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
|
||||
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
|
||||
switch (op) {
|
||||
|
||||
case 'd':
|
||||
@@ -232,6 +233,26 @@
|
||||
}
|
||||
break;
|
||||
|
||||
+ case 'e':
|
||||
+ if ( optarg ) {
|
||||
+ watcher = strdup(optarg);
|
||||
+ }
|
||||
+ else {
|
||||
+ fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
|
||||
+ usage();
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case 's':
|
||||
+ if ( optarg ) {
|
||||
+ watchee = strdup(optarg);
|
||||
+ }
|
||||
+ else {
|
||||
+ fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
|
||||
+ usage();
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
@@ -784,6 +805,7 @@
|
||||
|
||||
(void)fprintf(stderr, "Version %s\n", version);
|
||||
(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
|
||||
- " [-n net[/width]] [-r file] [-u username]\n", prog);
|
||||
+ " [-n net[/width]] [-r file] [-u username]"
|
||||
+ " [-e username] [-s username]\n", prog);
|
||||
exit(1);
|
||||
}
|
||||
--- arpwatch-2.1a11/report.c.addr Sat Sep 30 18:41:10 2000
|
||||
+++ arpwatch-2.1a11/report.c Thu Aug 1 14:16:43 2002
|
||||
@@ -70,6 +70,9 @@
|
||||
|
||||
#define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
|
||||
|
||||
+char *watcher = WATCHER;
|
||||
+char *watchee = WATCHEE;
|
||||
+
|
||||
static int cdepth; /* number of outstanding children */
|
||||
|
||||
static char *fmtdate(time_t);
|
||||
@@ -240,8 +243,6 @@
|
||||
register FILE *f;
|
||||
char tempfile[64], cpu[64], os[64];
|
||||
char *fmt = "%20s: %s\n";
|
||||
- char *watcher = WATCHER;
|
||||
- char *watchee = WATCHEE;
|
||||
char *sendmail = PATH_SENDMAIL;
|
||||
char *unknown = "<unknown>";
|
||||
char buf[132];
|
||||
@@ -258,6 +259,9 @@
|
||||
}
|
||||
f = stdout;
|
||||
(void)putc('\n', f);
|
||||
+ } else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
|
||||
+ dosyslog(LOG_NOTICE, title, a, e1, e2);
|
||||
+ return;
|
||||
} else {
|
||||
/* Setup child reaper if we haven't already */
|
||||
if (!init) {
|
22
network/arpwatch/patches/arpwatch-dir-man.patch
Normal file
22
network/arpwatch/patches/arpwatch-dir-man.patch
Normal file
|
@ -0,0 +1,22 @@
|
|||
--- arpwatch-2.1a15/arpsnmp.8.dirman 2006-11-02 17:00:58.000000000 +0100
|
||||
+++ arpwatch-2.1a15/arpsnmp.8 2006-11-02 17:23:58.000000000 +0100
|
||||
@@ -96,7 +96,7 @@
|
||||
.na
|
||||
.nh
|
||||
.nf
|
||||
-/usr/operator/arpwatch - default directory
|
||||
+/var/lib/arpwatch - default directory
|
||||
arp.dat - ethernet/ip address database
|
||||
ethercodes.dat - vendor ethernet block list
|
||||
.ad
|
||||
--- arpwatch-2.1a15/arpwatch.8.dirman 2006-11-02 17:00:58.000000000 +0100
|
||||
+++ arpwatch-2.1a15/arpwatch.8 2006-11-02 17:24:07.000000000 +0100
|
||||
@@ -198,7 +198,7 @@
|
||||
.na
|
||||
.nh
|
||||
.nf
|
||||
-/usr/operator/arpwatch - default directory
|
||||
+/var/lib/arpwatch - default directory
|
||||
arp.dat - ethernet/ip address database
|
||||
ethercodes.dat - vendor ethernet block list
|
||||
.ad
|
48
network/arpwatch/patches/arpwatch-drop-man.patch
Normal file
48
network/arpwatch/patches/arpwatch-drop-man.patch
Normal file
|
@ -0,0 +1,48 @@
|
|||
--- arpwatch.8.orig Sun Oct 8 23:31:28 2000
|
||||
+++ arpwatch.8 Mon Oct 16 16:46:19 2000
|
||||
@@ -36,13 +36,16 @@
|
||||
.I interface
|
||||
]
|
||||
.br
|
||||
-.ti +8
|
||||
+.ti +9
|
||||
[
|
||||
.B -n
|
||||
.IR net [/ width
|
||||
]] [
|
||||
.B -r
|
||||
.I file
|
||||
+] [
|
||||
+.B -u
|
||||
+.I username
|
||||
]
|
||||
.ad
|
||||
.SH DESCRIPTION
|
||||
@@ -94,10 +97,26 @@
|
||||
.B arpwatch
|
||||
does not fork.
|
||||
.LP
|
||||
+If
|
||||
+.B -u
|
||||
+flag is used,
|
||||
+.B arpwatch
|
||||
+drops root privileges and changes user ID to
|
||||
+.I username
|
||||
+and group ID to that of the primary group of
|
||||
+.IR username .
|
||||
+This is recommended for security reasons.
|
||||
+.LP
|
||||
Note that an empty
|
||||
.I arp.dat
|
||||
file must be created before the first time you run
|
||||
-.BR arpwatch .
|
||||
+.BR arpwatch .
|
||||
+Also, the default directory (where arp.dat is stored) must be owned
|
||||
+by
|
||||
+.I username
|
||||
+if
|
||||
+.BR -u
|
||||
+flag is used.
|
||||
.LP
|
||||
.SH "REPORT MESSAGES"
|
||||
Here's a quick list of the report messages generated by
|
93
network/arpwatch/patches/arpwatch-drop.patch
Normal file
93
network/arpwatch/patches/arpwatch-drop.patch
Normal file
|
@ -0,0 +1,93 @@
|
|||
--- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000
|
||||
+++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001
|
||||
@@ -62,7 +62,7 @@
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
-
|
||||
+#include <pwd.h>
|
||||
#include <pcap.h>
|
||||
|
||||
#include "gnuc.h"
|
||||
@@ -141,6 +141,25 @@
|
||||
int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
|
||||
__dead void usage(void) __attribute__((volatile));
|
||||
|
||||
+void dropprivileges(const char* user)
|
||||
+{
|
||||
+ struct passwd* pw;
|
||||
+ pw = getpwnam( user );
|
||||
+ if ( pw ) {
|
||||
+ if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
|
||||
+ setuid(pw->pw_uid) != 0 ) {
|
||||
+ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
|
||||
+ pw->pw_uid, pw->pw_gid);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ }
|
||||
+ else {
|
||||
+ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
|
||||
+}
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
@@ -153,6 +172,7 @@
|
||||
register char *interface, *rfilename;
|
||||
struct bpf_program code;
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
+ char* serveruser = NULL;
|
||||
|
||||
if (argv[0] == NULL)
|
||||
prog = "arpwatch";
|
||||
@@ -170,7 +190,7 @@
|
||||
interface = NULL;
|
||||
rfilename = NULL;
|
||||
pd = NULL;
|
||||
- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
|
||||
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
|
||||
switch (op) {
|
||||
|
||||
case 'd':
|
||||
@@ -202,6 +222,16 @@
|
||||
rfilename = optarg;
|
||||
break;
|
||||
|
||||
+ case 'u':
|
||||
+ if ( optarg ) {
|
||||
+ serveruser = strdup(optarg);
|
||||
+ }
|
||||
+ else {
|
||||
+ fprintf(stderr, "%s: Need username after -u\n", prog);
|
||||
+ usage();
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
@@ -283,8 +313,11 @@
|
||||
* Revert to non-privileged user after opening sockets
|
||||
* (not needed on most systems).
|
||||
*/
|
||||
- setgid(getgid());
|
||||
- setuid(getuid());
|
||||
+ /*setgid(getgid());*/
|
||||
+ /*setuid(getuid());*/
|
||||
+ if ( serveruser ) {
|
||||
+ dropprivileges( serveruser );
|
||||
+ }
|
||||
|
||||
/* Must be ethernet or fddi */
|
||||
linktype = pcap_datalink(pd);
|
||||
@@ -751,6 +784,6 @@
|
||||
|
||||
(void)fprintf(stderr, "Version %s\n", version);
|
||||
(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
|
||||
- " [-n net[/width]] [-r file]\n", prog);
|
||||
+ " [-n net[/width]] [-r file] [-u username]\n", prog);
|
||||
exit(1);
|
||||
}
|
27
network/arpwatch/patches/arpwatch-scripts.patch
Normal file
27
network/arpwatch/patches/arpwatch-scripts.patch
Normal file
|
@ -0,0 +1,27 @@
|
|||
--- arpwatch-2.1a15/arp2ethers.scripts 2002-01-05 20:40:48.000000000 +0100
|
||||
+++ arpwatch-2.1a15/arp2ethers 2006-11-09 14:34:42.000000000 +0100
|
||||
@@ -13,7 +13,7 @@
|
||||
# - sort
|
||||
#
|
||||
|
||||
-sort +2rn arp.dat | \
|
||||
+sort -k 2 -rn arp.dat | \
|
||||
awk 'NF == 4 { print }' | \
|
||||
awk -f p.awk | \
|
||||
egrep -v '\.[0-9][0-9]*$' | \
|
||||
--- arpwatch-2.1a15/arpfetch.scripts 2006-07-28 20:10:30.000000000 +0200
|
||||
+++ arpwatch-2.1a15/arpfetch 2006-11-09 14:37:05.000000000 +0100
|
||||
@@ -4,8 +4,6 @@
|
||||
# arpfetch - collect arp data from a cisco using net-snmp
|
||||
#
|
||||
|
||||
-export PATH="/usr/local/bin:${PATH}"
|
||||
-
|
||||
prog=`basename $0`
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
@@ -30,4 +28,3 @@
|
||||
print ea "\t" ip
|
||||
}'
|
||||
|
||||
-rm -f ${t1}
|
63
network/arpwatch/rc.arpwatch
Normal file
63
network/arpwatch/rc.arpwatch
Normal file
|
@ -0,0 +1,63 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# /etc/rc.d/rc./arpwatch
|
||||
#
|
||||
# Start/stop/restart/status arpwatch.
|
||||
|
||||
ARPDIR="/var/lib/arpwatch"
|
||||
IFACE="$2"
|
||||
|
||||
OPTIONS="-i $IFACE -f $ARPDIR/arp-$IFACE.dat -u root -e root -s root"
|
||||
|
||||
pid="$(ps ax | awk '{if (match($5, ".*/arpwatch$") || $5 == "arpwatch") print $1}')"
|
||||
|
||||
start() {
|
||||
if [ "$IFACE" = "" ]; then
|
||||
echo "Please specify interface name"
|
||||
exit 1
|
||||
else
|
||||
if [ ! -f "$ARPDIR/arp-$IFACE.dat" ]; then
|
||||
echo "Creating new database file..."
|
||||
touch $ARPDIR/arp-$IFACE.dat
|
||||
echo "Starting arpwatch on $IFACE..."
|
||||
arpwatch $OPTIONS
|
||||
else
|
||||
echo "Starting arpwatch on $IFACE..."
|
||||
arpwatch $OPTIONS
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo "Stopping arpwatch..."
|
||||
killall arpwatch
|
||||
}
|
||||
|
||||
status() {
|
||||
if [ "$pid" != "" ]; then
|
||||
echo "arpwatch (pid "$pid") is running..."
|
||||
else
|
||||
echo "arpwatch is not running..."
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
'start')
|
||||
start
|
||||
;;
|
||||
'stop')
|
||||
stop
|
||||
;;
|
||||
'restart')
|
||||
stop
|
||||
start
|
||||
;;
|
||||
'status')
|
||||
status
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo "Usage: $0 {start [IFACE] | stop | restart [IFACE] | status}"
|
||||
echo ""
|
||||
exit 1
|
||||
esac
|
19
network/arpwatch/slack-desc
Normal file
19
network/arpwatch/slack-desc
Normal file
|
@ -0,0 +1,19 @@
|
|||
# HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier
|
||||
to edit a package description. Line # up the first '|' above the
|
||||
':' following the base package name, and the '|' # on the right
|
||||
side marks the last column you can put a character in. You must #
|
||||
make exactly 11 lines for the formatting to be correct. It's also #
|
||||
customary to leave one space after the ':'.
|
||||
|
||||
|-----handy-ruler------------------------------------------------------|
|
||||
arpwatch: arpwatch (Monitoring tools for tracking IP addresses on a network)
|
||||
arpwatch:
|
||||
arpwatch: The arpwatch package contains arpwatch and arpsnmp. Arpwatch and
|
||||
arpwatch: arpsnmp are both network monitoring tools. Both utilities monitor
|
||||
arpwatch: Ethernet or FDDI network traffic and build databases of Ethernet/IP
|
||||
arpwatch: address pairs, and can report certain changes via email.
|
||||
arpwatch:
|
||||
arpwatch:
|
||||
arpwatch: Homepage: http://ee.lbl.gov/
|
||||
arpwatch:
|
||||
arpwatch:
|
Loading…
Reference in a new issue