Update to 2.0.3.
This new version includes a migration from Perl to C and support for ipfw and pf. While here, trim the Makefile headers. PR: ports/171951 Submitted by: Sean Greven <sean.greven@gmail.com> (maintainer) Feature safe: yes
This commit is contained in:
parent
bfe3323fa3
commit
26801e4cf7
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=307863
@ -1,61 +1,28 @@
|
||||
# New ports collection makefile for: fwknop
|
||||
#
|
||||
# Date created: 23 Nov 2007
|
||||
# Whom: Sean Greven<sean.greven@gmail.com>
|
||||
#
|
||||
# Created by: Sean Greven <sean.greven@gmail.com>
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= fwknop
|
||||
PORTVERSION= 1.8.3
|
||||
PORTREVISION= 2
|
||||
PORTVERSION= 2.0.3
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://www.cipherdyne.org/fwknop/download/
|
||||
|
||||
MAINTAINER= sean.greven@gmail.com
|
||||
COMMENT= SPA implementation for Linux and FreeBSD
|
||||
|
||||
BUILD_DEPENDS= p5-Net-IPv4Addr>=0:${PORTSDIR}/net-mgmt/p5-Net-IPv4Addr \
|
||||
p5-Unix-Syslog>=0:${PORTSDIR}/sysutils/p5-Unix-Syslog \
|
||||
p5-Term-ReadKey>=0:${PORTSDIR}/devel/p5-Term-ReadKey \
|
||||
p5-Net-Pcap>=0:${PORTSDIR}/net/p5-Net-Pcap \
|
||||
p5-List-MoreUtils>=0:${PORTSDIR}/lang/p5-List-MoreUtils \
|
||||
p5-Crypt-Rijndael>=0:${PORTSDIR}/security/p5-Crypt-Rijndael \
|
||||
p5-Class-MethodMaker>=0:${PORTSDIR}/devel/p5-Class-MethodMaker \
|
||||
p5-Net-RawIP>=0:${PORTSDIR}/net/p5-Net-RawIP \
|
||||
p5-GnuPG-Interface>=0:${PORTSDIR}/security/p5-GnuPG-Interface \
|
||||
p5-Crypt-CBC>=0:${PORTSDIR}/security/p5-Crypt-CBC \
|
||||
p5-NetPacket>=0:${PORTSDIR}/net/p5-NetPacket \
|
||||
p5-Net-Ping-External>=0:${PORTSDIR}/net/p5-Net-Ping-External
|
||||
RUN_DEPENDS:= ${BUILD_DEPENDS}
|
||||
OPTIONS_DEFINE= GPGME
|
||||
OPTIONS_DEFAULT= GPGME
|
||||
GPGME_DESC= Build support for gpgme
|
||||
MAN8= fwknop.8 fwknopd.8
|
||||
INFO= libfko
|
||||
MANCOMPRESSED= no
|
||||
GNU_CONFIGURE= yes
|
||||
USE_RC_SUBR= fwknopd
|
||||
USE_LDCONFIG= yes
|
||||
|
||||
MAN8= fwknop.8 fwknopd.8 knopmd.8 knopwatchd.8
|
||||
MANCOMPRESSED= yes
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
NO_BUILD= yes
|
||||
IS_INTERACTIVE= yes
|
||||
USE_PERL5_BUILD=yes
|
||||
|
||||
post-patch:
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/access.conf
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.8
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop.conf
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknop_serv
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/fwknopd.8
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/install.pl
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.8
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.c
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopmd.conf
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopspoof
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knoptm
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.8
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/knopwatchd.c
|
||||
@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' ${WRKSRC}/init-scripts/fwknop-init.freebsd
|
||||
|
||||
do-install:
|
||||
cd ${WRKSRC} && ./install.pl
|
||||
@${ECHO_MSG} "Configuration files in ${LOCALBASE}/etc/fwknop";
|
||||
.if ${PORT_OPTIONS:MGPGME}
|
||||
BUILD_DEPENDS+= gpgme:${PORTSDIR}/security/gpgme
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (fwknop-1.8.3.tar.gz) = 366dbb0c9ae38973cee960408eb1a76ed6ff544f15855affaed93331face9491
|
||||
SIZE (fwknop-1.8.3.tar.gz) = 471949
|
||||
SHA256 (fwknop-2.0.3.tar.gz) = f7f306a66c641020e7c7a820eaa3743e2700ddee6e26cca37440db95df56b986
|
||||
SIZE (fwknop-2.0.3.tar.gz) = 904769
|
||||
|
41
security/fwknop/files/fwknopd.in
Normal file
41
security/fwknop/files/fwknopd.in
Normal file
@ -0,0 +1,41 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
# PROVIDE: fwknopd
|
||||
# REQUIRE: LOGIN
|
||||
|
||||
#
|
||||
# Add the following lines to /etc/rc.conf to enable fwknopd:
|
||||
#
|
||||
# fwknopd_enable="YES"
|
||||
#
|
||||
# See fwknopd(8) for flags
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name=fwknopd
|
||||
rcvar=fwknopd_enable
|
||||
|
||||
command=%%PREFIX%%/sbin/fwknopd
|
||||
required_files=%%PREFIX%%/etc/fwknop/access.conf
|
||||
|
||||
start_precmd=start_precmd
|
||||
stop_postcmd=stop_postcmd
|
||||
|
||||
extra_commands="reload"
|
||||
|
||||
start_precmd()
|
||||
{
|
||||
}
|
||||
|
||||
stop_postcmd()
|
||||
{
|
||||
}
|
||||
|
||||
# read settings, set default values
|
||||
load_rc_config $name
|
||||
: ${fwknopd_enable="NO"}
|
||||
|
||||
run_rc_command "$1"
|
@ -1,20 +0,0 @@
|
||||
--- access.conf.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ access.conf 2007-11-21 21:00:47.000000000 +0200
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Purpose: This file defines how fwknop will modify iptables access controls
|
||||
# for specific IPs/networks. It gets installed by default at
|
||||
-# /etc/fwknop/access.conf and is consulted by fwknop when run in
|
||||
+# %%PREFIX%%/etc/fwknop/access.conf and is consulted by fwknop when run in
|
||||
# "access control mode", which is the default (i.e. when fwknop is
|
||||
# run from the command line without any command line arguments).
|
||||
# The corresponding file ~/.fwknoprc defines how fwknop will
|
||||
@@ -96,7 +96,7 @@
|
||||
# fwknopd to read packets from a file that is written to by a sniffer
|
||||
# process or by something like the ulogd pcap writer (use ULOG_PCAP for
|
||||
# this). The specific file path is defined by the PCAP_FILE keyword in
|
||||
-# /etc/fwknop/fwknop.conf). We also require that the username on the
|
||||
+# %%PREFIX%%/etc/fwknop/fwknop.conf). We also require that the username on the
|
||||
# system that generates the authorization packet is "mbr":
|
||||
#
|
||||
# SOURCE: ANY;
|
@ -1,20 +0,0 @@
|
||||
--- fwknop.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ fwknop 2007-11-21 21:01:29.000000000 +0200
|
||||
@@ -37,7 +37,7 @@
|
||||
# $Id: fwknop 586 2006-11-04 20:45:49Z mbr $
|
||||
#
|
||||
|
||||
-use lib '/usr/lib/fwknop';
|
||||
+use lib '%%PREFIX%%/lib/fwknop';
|
||||
use Crypt::CBC;
|
||||
use Net::IPv4Addr qw(ipv4_in_network);
|
||||
use Net::Ping::External qw(ping);
|
||||
@@ -975,7 +975,7 @@
|
||||
} else {
|
||||
print
|
||||
"[+] Enter an encryption key. This key must match a key in the file\n",
|
||||
-" /etc/fwknop/access.conf on the remote system.\n\n" unless $quiet;
|
||||
+" %%PREFIX%%/etc/fwknop/access.conf on the remote system.\n\n" unless $quiet;
|
||||
}
|
||||
my $try = 0;
|
||||
my $max_tries = 20;
|
@ -1,65 +0,0 @@
|
||||
--- fwknop.8.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ fwknop.8 2007-11-21 21:01:07.000000000 +0200
|
||||
@@ -43,7 +43,7 @@
|
||||
or via GnuPG and associated asymmetric ciphers. If the symmetric encryption
|
||||
method is chosen, then the encryption key is shared between between the
|
||||
client and server (see the
|
||||
-.I /etc/fwknop/access.conf
|
||||
+.I %%PREFIX%%/etc/fwknop/access.conf
|
||||
file). If the GnuPG
|
||||
method is chosen, then the encryption keys are derived from GnuPG key
|
||||
rings. SPA packets generated by fwknop running as a client adhere
|
||||
@@ -76,7 +76,7 @@
|
||||
this can be tuned via the
|
||||
.B ALERTING_METHODS
|
||||
variable in the
|
||||
-.I /etc/fwknop/fwknop.conf
|
||||
+.I %%PREFIX%%/etc/fwknop/fwknop.conf
|
||||
file). By default, the
|
||||
.B fwknop
|
||||
client sends authorization packets over UDP
|
||||
@@ -310,7 +310,7 @@
|
||||
.B REQUIRE_USERNAME
|
||||
keyword that might
|
||||
be specified in
|
||||
-.I /etc/fwknop/access.conf.
|
||||
+.I %%PREFIX%%/etc/fwknop/access.conf.
|
||||
.TP
|
||||
.BR \-\^\-Spoof-user\ \<user>
|
||||
Specify the username that is included within SPA packet. This allows
|
||||
@@ -352,7 +352,7 @@
|
||||
and have it execute the command). This option is not needed when trying to
|
||||
gain access to a service via the SPA mechanism. To use this feature, please
|
||||
ensure that ENABLE_CMD_EXEC; is set in the file
|
||||
-.I /etc/fwknop/access.conf
|
||||
+.I %%PREFIX%%/etc/fwknop/access.conf
|
||||
on the
|
||||
.B fwknopd
|
||||
server you are sending the command to.
|
||||
@@ -363,7 +363,7 @@
|
||||
server, which will execute the command as root. Command execution is enabled only
|
||||
if the
|
||||
.B ENABLE_CMD_EXEC keyword is given in
|
||||
-.I /etc/fwknop/access.conf
|
||||
+.I %%PREFIX%%/etc/fwknop/access.conf
|
||||
(note that commands can easily be restricted with the
|
||||
.B CMD_REGEX
|
||||
keyword as well).
|
||||
@@ -502,7 +502,7 @@
|
||||
.RS
|
||||
.B NOTE:
|
||||
Please ensure that ENABLE_CMD_EXEC; is set in the file
|
||||
-.I /etc/fwknop/access.conf
|
||||
+.I %%PREFIX%%/etc/fwknop/access.conf
|
||||
on the
|
||||
.B fwknopd
|
||||
server you are attempting to connect to.
|
||||
@@ -563,7 +563,7 @@
|
||||
will read the sequence out of the file
|
||||
.B ~/.fwknoprc
|
||||
and the server will read the sequence out of
|
||||
-.B /etc/fwknop/access.conf:
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf:
|
||||
.PP
|
||||
.B $ fwknop --Server-mode 'knock' -D 10.11.11.123
|
||||
.RE
|
@ -1,45 +0,0 @@
|
||||
--- fwknop.conf.orig 2007-11-23 22:37:27.000000000 +0200
|
||||
+++ fwknop.conf 2007-11-23 22:40:56.000000000 +0200
|
||||
@@ -10,7 +10,7 @@
|
||||
#
|
||||
# Note there are no access control directives in this file. All access
|
||||
# control directives are located in the file
|
||||
-# /etc/fwknop/access.conf. You will need to edit the access.conf file in
|
||||
+# %%PREFIX%%/etc/fwknop/access.conf. You will need to edit the access.conf file in
|
||||
# order for fwknop to function correctly.
|
||||
#
|
||||
#############################################################################
|
||||
@@ -90,7 +90,7 @@
|
||||
|
||||
### If GPG keys are used instead of a Rijndael symmetric key, this is
|
||||
### the default GPG keys directory. Note that each access block in
|
||||
-### /etc/fwknop/access.conf can specify its own GPG directory to override
|
||||
+### %%PREFIX%%/etc/fwknop/access.conf can specify its own GPG directory to override
|
||||
### this default.
|
||||
GPG_DEFAULT_HOME_DIR /root/.gnupg;
|
||||
|
||||
@@ -184,8 +184,8 @@
|
||||
FWKNOP_DIR /var/log/fwknop;
|
||||
FWKNOP_RUN_DIR /var/run/fwknop;
|
||||
FWKNOP_LIB_DIR /var/lib/fwknop; # for legacy port knocking mode
|
||||
-FWKNOP_MOD_DIR /usr/lib/fwknop;
|
||||
-FWKNOP_CONF_DIR /etc/fwknop;
|
||||
+FWKNOP_MOD_DIR %%PREFIX%%/lib/fwknop;
|
||||
+FWKNOP_CONF_DIR %%PREFIX%%/etc/fwknop;
|
||||
FWKNOP_ERR_DIR $FWKNOP_DIR/errs;
|
||||
|
||||
### Files
|
||||
@@ -216,8 +216,8 @@
|
||||
mknodCmd /bin/mknod;
|
||||
iptablesCmd /sbin/iptables;
|
||||
ipfwCmd /sbin/ipfw; ### BSD and Mac OS X only
|
||||
-fwknopdCmd /usr/sbin/fwknopd;
|
||||
-fwknop_servCmd /usr/sbin/fwknop_serv;
|
||||
-knopmdCmd /usr/sbin/knopmd;
|
||||
-knoptmCmd /usr/sbin/knoptm;
|
||||
-knopwatchdCmd /usr/sbin/knopwatchd;
|
||||
+fwknopdCmd %%PREFIX%%/sbin/fwknopd;
|
||||
+fwknop_servCmd %%PREFIX%%/sbin/fwknop_serv;
|
||||
+knopmdCmd %%PREFIX%%/sbin/knopmd;
|
||||
+knoptmCmd %%PREFIX%%/sbin/knoptm;
|
||||
+knopwatchdCmd %%PREFIX%%/sbin/knopwatchd;
|
@ -1,11 +0,0 @@
|
||||
--- fwknop_serv.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ fwknop_serv 2007-11-21 21:02:08.000000000 +0200
|
||||
@@ -22,7 +22,7 @@
|
||||
use POSIX;
|
||||
use strict;
|
||||
|
||||
-my $config_file = '/etc/fwknop/fwknop.conf';
|
||||
+my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf';
|
||||
my %config = ();
|
||||
|
||||
my @required_vars = qw(
|
@ -1,20 +0,0 @@
|
||||
--- fwknopd.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ fwknopd 2007-11-21 21:02:31.000000000 +0200
|
||||
@@ -40,7 +40,7 @@
|
||||
# $Id: fwknopd 583 2006-11-04 20:43:01Z mbr $
|
||||
#
|
||||
|
||||
-use lib '/usr/lib/fwknop';
|
||||
+use lib '%%PREFIX%%/lib/fwknop';
|
||||
use Crypt::CBC;
|
||||
use Unix::Syslog qw(:subs :macros);
|
||||
use Net::IPv4Addr qw(ipv4_in_network);
|
||||
@@ -59,7 +59,7 @@
|
||||
use Getopt::Long;
|
||||
use strict;
|
||||
|
||||
-my $config_file = '/etc/fwknop/fwknop.conf';
|
||||
+my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf';
|
||||
|
||||
my $version = '1.8.3';
|
||||
my $revision_svn = '$Revision: 809 $';
|
@ -1,112 +0,0 @@
|
||||
--- fwknopd.8.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ fwknopd.8 2007-11-21 21:02:20.000000000 +0200
|
||||
@@ -26,7 +26,7 @@
|
||||
and
|
||||
.B access.conf
|
||||
within the
|
||||
-.B /etc/fwknop
|
||||
+.B %%PREFIX%%/etc/fwknop
|
||||
directory, and configuration variables within these files are desribed below.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
@@ -34,7 +34,7 @@
|
||||
When run in server mode
|
||||
.B fwknop
|
||||
references the file
|
||||
-.B /etc/fwknop/fwknop.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/fwknop.conf
|
||||
for various run-time configuration
|
||||
variables. The path to this file can be changed through the use of the
|
||||
.B --config
|
||||
@@ -42,7 +42,7 @@
|
||||
.TP
|
||||
.BR \-i "\fR,\fP " \-\^\-intf\ \<interface>
|
||||
Manually specify interface on which to sniff, e.g. "-i eth0". This option
|
||||
-is not usually needed because the PCAP_INTF keyword in /etc/fwknop/fwknop.conf
|
||||
+is not usually needed because the PCAP_INTF keyword in %%PREFIX%%/etc/fwknop/fwknop.conf
|
||||
file defines the sniffing interface.
|
||||
.TP
|
||||
.BR \-\^\-fw-list
|
||||
@@ -80,32 +80,32 @@
|
||||
.BR \-V "\fR,\fP " \-\^\-Version
|
||||
Display version information and exit.
|
||||
.SH FILES
|
||||
-.B /etc/fwknop/fwknop.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/fwknop.conf
|
||||
.RS
|
||||
The main configuration file for
|
||||
.B fwknop.
|
||||
.RE
|
||||
|
||||
-.B /etc/fwknop/access.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf
|
||||
.RS
|
||||
Defines all knock sequences and access control directives.
|
||||
.RE
|
||||
|
||||
-.B /etc/fwknop/pf.os
|
||||
+.B %%PREFIX%%/etc/fwknop/pf.os
|
||||
.RS
|
||||
Defines p0f signatures used by fwknop.
|
||||
.RE
|
||||
.SH FWKNOP CONFIG AND ACCESS VARIABLES
|
||||
.B fwknop
|
||||
references the file
|
||||
-.B /etc/fwknop/fwknop.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/fwknop.conf
|
||||
for configuration variables such as the path to the firewall logfile,
|
||||
the sleep interval fwknop uses to check for new log messages, and
|
||||
paths to system binaries, etc. The
|
||||
.B fwknop
|
||||
config file does not define any access control directives; they are
|
||||
located in the file
|
||||
-.B /etc/fwknop/access.conf.
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf.
|
||||
Access control directives define encryption keys and level of access that
|
||||
is granted to an fwknop client that has generated the appropriate encrypted
|
||||
message. This file is referenced for this information when run in either
|
||||
@@ -116,7 +116,7 @@
|
||||
legacy knock sequence) will be accepted. The string "ANY" is also
|
||||
accepted if a valid authorization packet should be honored from any source
|
||||
IP. Every authorization stanza in
|
||||
-.B /etc/fwknop/access.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf
|
||||
definition must start with the SOURCE keyword. Networks can be
|
||||
specified in either CIDR (e.g. "192.168.10.0/24") or regular (e.g.
|
||||
"192.168.10.0/255.255.255.0") notation, and individual IP addresses
|
||||
@@ -178,7 +178,7 @@
|
||||
on the client, but each fwknopd server should have its own gpg key that is
|
||||
generated specifically for fwknop communications. The reason for this is
|
||||
that the decryption password for the server key must be placed within the
|
||||
-.B /etc/fwknop/access.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf
|
||||
file for fwknopd to function (it has to be able to decrypt SPA messages that
|
||||
have been encrypted with the server's public key). For more information on
|
||||
using fwknop with GnuPG keys, see the following link:
|
||||
@@ -204,7 +204,7 @@
|
||||
Define the path to the GnuPG directory to be used by the
|
||||
.B fwknopd
|
||||
server. If this keyword is not specified within
|
||||
-.B /etc/fwknop/access.conf
|
||||
+.B %%PREFIX%%/etc/fwknop/access.conf
|
||||
then fwknopd will default to using the /root/.gnupg directory for the server key(s).
|
||||
.TP
|
||||
.B FW_ACCESS_TIMEOUT: <seconds>
|
||||
@@ -235,7 +235,7 @@
|
||||
"Linux:2.4::Linux 2.4/2.6" or "OpenBSD:3.0-3.5::OpenBSD 3.0-3.5"
|
||||
before a knock sequence will be accepted. The fingerprints are listed
|
||||
in
|
||||
-.B /etc/fwknop/pf.os.
|
||||
+.B %%PREFIX%%/etc/fwknop/pf.os.
|
||||
Note that the corresponding knock sequence must utilize the tcp protocol
|
||||
(this is only be an issue for shared sequences since encrypted sequences
|
||||
use tcp by default) since OS fingerprinting requires tcp syn packets.
|
||||
@@ -281,7 +281,7 @@
|
||||
starting at a default port of 61000. This value can be changed
|
||||
through the use of the PORT_OFFSET variable. The PORT_OFFSET
|
||||
is optional and will be set to 61000 by fwknop if it is not specified
|
||||
-in /etc/fwknop/access.conf.
|
||||
+in %%PREFIX%%/etc/fwknop/access.conf.
|
||||
.TP
|
||||
.B MIN_TIME_DIFF: <seconds>
|
||||
Set the minimum number of seconds that must pass between successive
|
@ -1,18 +0,0 @@
|
||||
--- init-scripts/fwknop-init.freebsd.orig 2007-06-01 02:55:08.000000000 +0000
|
||||
+++ init-scripts/fwknop-init.freebsd 2008-06-13 02:47:25.000000000 +0000
|
||||
@@ -14,13 +14,13 @@
|
||||
fwknop_start()
|
||||
{
|
||||
echo "Starting fwknop."
|
||||
- /usr/sbin/fwknopd
|
||||
+ %%PREFIX%%/sbin/fwknopd
|
||||
}
|
||||
|
||||
fwknop_stop()
|
||||
{
|
||||
echo "Stopping fwknop."
|
||||
- /usr/sbin/fwknopd --Kill
|
||||
+ %%PREFIX%%/sbin/fwknopd --Kill
|
||||
}
|
||||
|
||||
load_rc_config $name
|
@ -1,60 +0,0 @@
|
||||
--- install.pl 2007-10-24 00:32:29.000000000 +0000
|
||||
+++ install.pl 2008-06-13 02:52:36.000000000 +0000
|
||||
@@ -38,8 +38,8 @@
|
||||
|
||||
#========================== config ===========================
|
||||
my $INIT_DIR = '/etc/init.d';
|
||||
-my $USRBIN_DIR = '/usr/bin';
|
||||
-my $URRSBIN_DIR = '/usr/sbin';
|
||||
+my $USRBIN_DIR = '%%PREFIX%%/bin';
|
||||
+my $URRSBIN_DIR = '%%PREFIX%%/sbin';
|
||||
|
||||
my $RUNLEVEL; ### This should only be set if install.pl
|
||||
### cannot determine the correct runlevel
|
||||
@@ -302,7 +302,7 @@
|
||||
&stop_fwknop();
|
||||
}
|
||||
|
||||
- for my $dir qw| /usr/lib /var/run /var/log /var/lib | {
|
||||
+ for my $dir qw| %%PREFIX%%/lib /usr/lib /var/run /var/log /var/lib | {
|
||||
unless (-d $dir) {
|
||||
mkdir $dir or die "[*] Could not mkdir $dir: $!";
|
||||
}
|
||||
@@ -463,7 +463,7 @@
|
||||
"$USRBIN_DIR/fwknop.tmp: $!";
|
||||
for my $line (@lines) {
|
||||
### change the lib dir to new homedir path
|
||||
- if ($line =~ m|^\s*use\s+lib\s+\'/usr/lib/fwknop\';|) {
|
||||
+ if ($line =~ m|^\s*use\s+lib\s+\'%%PREFIX%%/lib/fwknop\';|) {
|
||||
print P "use lib '", $config{'FWKNOP_MOD_DIR'}, "';\n";
|
||||
} else {
|
||||
print P $line;
|
||||
@@ -725,8 +725,8 @@
|
||||
unless (-d $INIT_DIR) {
|
||||
if (-d '/etc/rc.d/init.d') {
|
||||
$INIT_DIR = '/etc/rc.d/init.d';
|
||||
- } elsif (-d '/etc/rc.d') {
|
||||
- $INIT_DIR = '/etc/rc.d';
|
||||
+ } elsif (-d '%%PREFIX%%/etc/rc.d') {
|
||||
+ $INIT_DIR = '%%PREFIX%%/etc/rc.d';
|
||||
} elsif (-d '/etc/init.d') {
|
||||
$INIT_DIR = '/etc/init.d';
|
||||
} else {
|
||||
@@ -1010,7 +1010,7 @@
|
||||
|
||||
### default location to put man pages, but check with
|
||||
### /etc/man.config
|
||||
- my $mpath = '/usr/share/man/man8';
|
||||
+ my $mpath = '%%PREFIX%%/man/man8';
|
||||
if (-e '/etc/man.config') {
|
||||
### prefer to install $manpage in /usr/local/man/man8 if
|
||||
### this directory is configured in /etc/man.config
|
||||
@@ -1202,7 +1202,7 @@
|
||||
print "[+] Module $mod_name is already installed in the ",
|
||||
"system perl tree, skipping.\n";
|
||||
} else {
|
||||
- ### install the module in the /usr/lib/fwknop directory because
|
||||
+ ### install the module in the %%PREFIX%%/lib/fwknop directory because
|
||||
### it is not already installed.
|
||||
$install_module = 1;
|
||||
}
|
@ -1,11 +0,0 @@
|
||||
--- knopmd.8.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopmd.8 2007-11-21 21:03:11.000000000 +0200
|
||||
@@ -13,7 +13,7 @@
|
||||
cannot detect port knocking sequences without knopmd running on the machine.
|
||||
.B knopmd
|
||||
uses the knopmd.conf configuration file which by default is
|
||||
-located at /etc/fwknop/knopmd.conf, but a different path can be specified
|
||||
+located at %%PREFIX%%/etc/fwknop/knopmd.conf, but a different path can be specified
|
||||
on the command line.
|
||||
|
||||
.SH SEE ALSO
|
@ -1,11 +0,0 @@
|
||||
--- knopmd.c.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopmd.c 2007-11-21 21:03:20.000000000 +0200
|
||||
@@ -39,7 +39,7 @@
|
||||
#include <getopt.h>
|
||||
|
||||
/* defines */
|
||||
-#define FWKNOP_CONF "/etc/fwknop/fwknop.conf"
|
||||
+#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf"
|
||||
|
||||
/* globals */
|
||||
static volatile sig_atomic_t received_sighup = 0;
|
@ -1,11 +0,0 @@
|
||||
--- knopmd.conf.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopmd.conf 2007-11-21 21:03:26.000000000 +0200
|
||||
@@ -3,7 +3,7 @@
|
||||
#
|
||||
# This is the configuration file for fwknop knopmd daemon (for more
|
||||
# information, read the knopmd man page). Normally this file gets
|
||||
-# installed at /etc/fwknop/knopmd.conf, but can be put anywhere in the
|
||||
+# installed at %%PREFIX%%/etc/fwknop/knopmd.conf, but can be put anywhere in the
|
||||
# filesystem and then the path can be specified on the command line
|
||||
# argument "-c <file>" to knopmd. The syntax of this file is as follows:
|
||||
#
|
@ -1,11 +0,0 @@
|
||||
--- knopspoof.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopspoof 2007-11-21 21:03:35.000000000 +0200
|
||||
@@ -36,7 +36,7 @@
|
||||
# $Id: knopspoof 346 2005-09-13 02:23:08Z mbr $
|
||||
#
|
||||
|
||||
-use lib '/usr/lib/fwknop';
|
||||
+use lib '%%PREFIX%%/lib/fwknop';
|
||||
use Net::RawIP;
|
||||
use strict;
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- knoptm.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knoptm 2007-11-21 21:03:43.000000000 +0200
|
||||
@@ -35,7 +35,7 @@
|
||||
# $Id: knoptm 771 2007-09-15 13:52:22Z mbr $
|
||||
#
|
||||
|
||||
-use lib '/usr/lib/fwknop';
|
||||
+use lib '%%PREFIX%%/lib/fwknop';
|
||||
use Unix::Syslog qw(:subs :macros);
|
||||
use Net::IPv4Addr qw(ipv4_in_network);
|
||||
use IO::Socket;
|
||||
@@ -46,7 +46,7 @@
|
||||
use Getopt::Long;
|
||||
use strict;
|
||||
|
||||
-my $config_file = '/etc/fwknop/fwknop.conf';
|
||||
+my $config_file = '%%PREFIX%%/etc/fwknop/fwknop.conf';
|
||||
my $user_rc_file = '';
|
||||
|
||||
my $version = '1.8.2';
|
@ -1,15 +0,0 @@
|
||||
--- knopwatchd.8.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopwatchd.8 2007-11-21 21:03:49.000000000 +0200
|
||||
@@ -11,10 +11,10 @@
|
||||
and fwknop are running on the box. If any of the three daemons
|
||||
have died, knopwatchd will restart the daemon and notify each
|
||||
email address listed in the EMAIL_ADDRESSES variable (see
|
||||
-/etc/fwknop/knopwatchd.conf) that the daemon has been restarted.
|
||||
+%%PREFIX%%/fwknop/knopwatchd.conf) that the daemon has been restarted.
|
||||
.B knopwatchd
|
||||
uses the knopwatchd.conf configuration file which by default is
|
||||
-located at /etc/fwknop/knopwatchd.conf, but a different path can be specified
|
||||
+located at %%PREFIX%%/etc/fwknop/knopwatchd.conf, but a different path can be specified
|
||||
on the command line.
|
||||
|
||||
.SH SEE ALSO
|
@ -1,11 +0,0 @@
|
||||
--- knopwatchd.c.orig 2007-11-21 20:59:13.000000000 +0200
|
||||
+++ knopwatchd.c 2007-11-21 21:03:55.000000000 +0200
|
||||
@@ -38,7 +38,7 @@
|
||||
#include "fwknop.h"
|
||||
|
||||
/* defines */
|
||||
-#define FWKNOP_CONF "/etc/fwknop/fwknop.conf"
|
||||
+#define FWKNOP_CONF "%%PREFIX%%/etc/fwknop/fwknop.conf"
|
||||
|
||||
/* globals */
|
||||
unsigned short int fwknopd_syscalls_ctr = 0;
|
@ -1,44 +1,10 @@
|
||||
bin/fwknop
|
||||
sbin/fwknop_serv
|
||||
%%ETCDIR%%/access.conf
|
||||
%%ETCDIR%%/fwknopd.conf
|
||||
include/fko.h
|
||||
lib/libfko.a
|
||||
lib/libfko.la
|
||||
lib/libfko.so
|
||||
lib/libfko.so.0
|
||||
sbin/fwknopd
|
||||
sbin/knopmd
|
||||
sbin/knoptm
|
||||
sbin/knopwatchd
|
||||
|
||||
etc/fwknop/access.conf
|
||||
etc/fwknop/fwknop.conf
|
||||
etc/fwknop/pf.os
|
||||
etc/rc.d/fwknop
|
||||
|
||||
lib/fwknop/NetPacket.pm
|
||||
lib/fwknop/NetPacket/ARP.pm
|
||||
lib/fwknop/NetPacket/Ethernet.pm
|
||||
lib/fwknop/NetPacket/ICMP.pm
|
||||
lib/fwknop/NetPacket/IGMP.pm
|
||||
lib/fwknop/NetPacket/IP.pm
|
||||
lib/fwknop/NetPacket/TCP.pm
|
||||
lib/fwknop/NetPacket/UDP.pm
|
||||
lib/fwknop/i386-freebsd-64int/auto/NetPacket/.packlist
|
||||
lib/fwknop/i386-freebsd-64int/perllocal.pod
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ARP.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::Ethernet.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::ICMP.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IGMP.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::IP.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::TCP.3
|
||||
lib/fwknop/lib/perl5/5.8.8/man/man3/NetPacket::UDP.3
|
||||
|
||||
@dirrm lib/fwknop/lib/perl5/5.8.8/man/man3
|
||||
@dirrm lib/fwknop/lib/perl5/5.8.8/man
|
||||
@dirrm lib/fwknop/lib/perl5/5.8.8
|
||||
@dirrm lib/fwknop/lib/perl5
|
||||
@dirrm lib/fwknop/lib
|
||||
@dirrm lib/fwknop/i386-freebsd-64int/auto/NetPacket
|
||||
@dirrm lib/fwknop/i386-freebsd-64int/auto
|
||||
@dirrm lib/fwknop/i386-freebsd-64int
|
||||
@dirrm lib/fwknop/NetPacket
|
||||
@dirrm lib/fwknop
|
||||
@dirrm etc/fwknop/archive
|
||||
@dirrm etc/fwknop
|
||||
|
||||
@dirrm %%ETCDIR%%
|
||||
|
Loading…
Reference in New Issue
Block a user