network/p0f: Updated for version 3.05b.

Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
2024-11-18 22:06:04 +01:00 · 2012-06-02 19:52:09 -04:00 · 2012-06-02 19:52:09 -04:00 · a54303fdaf
commit a54303fdaf
parent f6dd191c0b
5 changed files with 52 additions and 43 deletions
--- a/network/p0f/README
+++ b/network/p0f/README
@ -1,12 +1,15 @@
-p0f v2 is a passive operating system fingerprinting tool.
-It can identify the OS on:
-   - machines that connect to your box (SYN mode),
-   - machines you connect to (SYN+ACK mode),
-   - machines you cannot connect to (RST+ mode),
-   - machines whose communications you can observe.
+P0f is a tool that utilizes an array of sophisticated, purely passive
+traffic fingerprinting mechanisms to identify the players behind any
+incidental TCP/IP communications (often as little as a single normal SYN)
+without interfering in any way. Version 3 is a complete rewrite of the
+original codebase, incorporating a significant number of improvements
+to network-level fingerprinting, and introducing the ability to reason
+about application-level payloads (e.g., HTTP).

-P0f can also detect or measure the following:
-   - firewall presence, NAT use,
-   - existence of a load balancer setup,
-   - the distance to the remote system and its uptime,
-   - other guy's network hookup (DSL, OC3, avian carriers) and his ISP.
+To build and install the optional signature and API tools, specify
+TOOLS=yes to the SlackBuild, for example
+
+  TOOLS=yes sh p0f.SlackBuild
+
+If you are upgrading from p0f version 2.0.8, please note that the files
+/etc/p0f/p0f{a,o,r}.fp are no longer used and can be removed.
--- a/network/p0f/doinst.sh
+++ b/network/p0f/doinst.sh
@ -12,7 +12,3 @@ config() {
 }

 config etc/p0f/p0f.fp.new
-config etc/p0f/p0fa.fp.new
-config etc/p0f/p0fo.fp.new
-config etc/p0f/p0fr.fp.new
-
--- a/network/p0f/p0f.SlackBuild
+++ b/network/p0f/p0f.SlackBuild
@ -2,7 +2,7 @@

 # Slackware build script for p0f

-# Copyright 2011 David Spencer, Baildon, West Yorkshire, U.K.
+# Copyright 2012 David Spencer, Baildon, West Yorkshire, U.K.
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@ -25,7 +25,7 @@
 # Modified by the SlackBuilds.org project

 PRGNAM=p0f
-VERSION=${VERSION:-2.0.8}
+VERSION=${VERSION:-3.05b}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

@ -61,33 +61,43 @@ set -e
 rm -rf $PKG
 mkdir -p $TMP $PKG $OUTPUT
 cd $TMP
-rm -rf $PRGNAM
+rm -rf $PRGNAM-$VERSION
 tar xvf $CWD/$PRGNAM-$VERSION.tgz
-cd $PRGNAM
+cd $PRGNAM-$VERSION
 chown -R root:root .
 chmod -R u+w,go+r-w,a-s .

-make p0f \
-  CFLAGS="$SLKCFLAGS \
-  -DUSE_BPF=\\\"pcap-bpf.h\\\" \
-  -I/usr/include/pcap" \
-  -f mk/Linux
+# Set default location of fingerprint file:
+sed -i 's;"p0f.fp";"/etc/p0f/p0f.fp";' config.h
+
+# Don't override SLKCFLAGS's optimisation
+sed -i 's/ -O3//' build.sh
+
+CFLAGS="$SLKCFLAGS" \
+  ./build.sh

 mkdir -p $PKG/usr/sbin/
-cp -f p0f p0frep $PKG/usr/sbin/
+cp -f p0f $PKG/usr/sbin/
 strip --strip-unneeded $PKG/usr/sbin/p0f

 mkdir -p $PKG/etc/p0f
-for i in p0f.fp p0fa.fp p0fr.fp p0fo.fp ; do \
-  cat $i > $PKG/etc/p0f/${i}.new ; 
-done
+cat p0f.fp > $PKG/etc/p0f/p0f.fp.new

-mkdir -p $PKG/usr/man/man1/
-cat p0f.1 | gzip -9 > $PKG/usr/man/man1/p0f.1.gz
+if [ "${TOOLS:-no}" = "yes" ]; then
+  cd tools
+    mkdir -p $PKG/usr/bin
+    for t in p0f-sendsyn p0f-sendsyn6 p0f-client ; do
+      make $t CFLAGS="$SLKCFLAGS"
+      cp -f $t $PKG/usr/bin/
+      strip --strip-unneeded $PKG/usr/bin/$t
+    done
+    cp -a README-TOOLS $PKG/usr/doc/$PRGNAM-$VERSION
+  cd ..
+fi

 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cd doc
-cp -a COPYING CREDITS ChangeLog KNOWN_BUGS README TODO \
+cd docs
+cp -a COPYING ChangeLog README TODO existential-notes.txt \
  $PKG/usr/doc/$PRGNAM-$VERSION
 cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild

--- a/network/p0f/p0f.info
+++ b/network/p0f/p0f.info
@ -1,10 +1,10 @@
 PRGNAM="p0f"
-VERSION="2.0.8"
-HOMEPAGE="http://lcamtuf.coredump.cx/p0f.shtml"
-DOWNLOAD="http://lcamtuf.coredump.cx/p0f/p0f-2.0.8.tgz"
-MD5SUM="1ccbcd8d4c95ef6dae841120d23c56a5"
+VERSION="3.05b"
+HOMEPAGE="http://lcamtuf.coredump.cx/p0f3/"
+DOWNLOAD="http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.05b.tgz"
+MD5SUM="edbc4b135b2646db3227a441268fd2e2"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 MAINTAINER="David Spencer"
 EMAIL="baildon.research@googlemail.com"
-APPROVED="rworkman"
+APPROVED="dsomero"
--- a/network/p0f/slack-desc
+++ b/network/p0f/slack-desc
@ -8,12 +8,12 @@
   |-----handy-ruler------------------------------------------------------|
 p0f: p0f (passive os fingerprint tool)
 p0f:
-p0f: p0f is a passive operating system fingerprinting tool.  It can 
-p0f: identify the OS on machines that connect to your box, machines you 
-p0f: connect to, machines you cannot connect to, and machines whose 
-p0f: communications you can observe.  It can detect or measure firewall 
-p0f: presence, NAT use, existence of a load balancer setup, the distance 
+p0f: p0f is a passive operating system fingerprinting tool.  It can
+p0f: identify the OS on machines that connect to your box, machines you
+p0f: connect to, machines you cannot connect to, and machines whose
+p0f: communications you can observe.  It can detect or measure firewall
+p0f: presence, NAT use, existence of a load balancer setup, the distance
 p0f: to the remote system, its uptime, and its network hookup and ISP.
 p0f:
-p0f: Homepage: http://lcamtuf.coredump.cx/p0f.shtml
+p0f: Homepage: http://lcamtuf.coredump.cx/p0f3/
 p0f: