From b52510d2199309601d5d9475ba2f37ef39e5b80f Mon Sep 17 00:00:00 2001 From: jcs Date: Mon, 29 Oct 2001 03:20:38 +0000 Subject: [PATCH] Import of p0f-1.7, maintained by Jose Nazario Passive OS fingerprinting technique based on information coming from remote host when it establishes connection to our system. Captured packets contains enough information to determine OS - and, unlike active scanners (nmap, queSO) - without sending anything to this host. --- security/p0f/Makefile | 32 ++++++++++++++++ security/p0f/files/md5 | 3 ++ security/p0f/patches/patch-p0f_c | 12 ++++++ security/p0f/pkg/DEINSTALL | 25 ++++++++++++ security/p0f/pkg/DESCR | 7 ++++ security/p0f/pkg/INSTALL | 65 ++++++++++++++++++++++++++++++++ security/p0f/pkg/PLIST | 6 +++ 7 files changed, 150 insertions(+) create mode 100644 security/p0f/Makefile create mode 100644 security/p0f/files/md5 create mode 100644 security/p0f/patches/patch-p0f_c create mode 100644 security/p0f/pkg/DEINSTALL create mode 100644 security/p0f/pkg/DESCR create mode 100644 security/p0f/pkg/INSTALL create mode 100644 security/p0f/pkg/PLIST diff --git a/security/p0f/Makefile b/security/p0f/Makefile new file mode 100644 index 00000000000..073b77d12bb --- /dev/null +++ b/security/p0f/Makefile @@ -0,0 +1,32 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2001/10/29 03:20:38 jcs Exp $ +# $NetBSD: Makefile,v 1.1.1.2 2001/03/26 11:59:15 hubertf Exp $ + +COMMENT= passive OS fingerprinting tool + +DISTNAME= p0f +PKGNAME= p0f-1.7 +CATEGORIES= security +NEED_VERSION= 1.363 + +HOMEPAGE= http://lcamtuf.coredump.cx/ + +MAINTAINER= Jose Nazario + +PERMIT_PACKAGE_CDROM= Yes +PERMIT_PACKAGE_FTP= Yes +PERMIT_DISTFILES_CDROM= Yes +PERMIT_DISTFILES_FTP= Yes + +MASTER_SITES= http://lcamtuf.coredump.cx/soft/ +EXTRACT_SUFX= .tgz + +MAKE_FLAGS= CFLAGS='${CFLAGS} -DSYSCONFDIR="\"${SYSCONFDIR}\""' + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin/p0f + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/p0f + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/p0f + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f/README + ${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/share/examples/p0f/p0f.fp + +.include diff --git a/security/p0f/files/md5 b/security/p0f/files/md5 new file mode 100644 index 00000000000..3c42e9ab776 --- /dev/null +++ b/security/p0f/files/md5 @@ -0,0 +1,3 @@ +MD5 (p0f.tgz) = 20b652039d78fe7f251e84ac19757a0e +RMD160 (p0f.tgz) = d01950ca9282ef9f2b2c790423eb710c3282b5c1 +SHA1 (p0f.tgz) = 40a3182278b59450ccaa584f03826f612007e5dc diff --git a/security/p0f/patches/patch-p0f_c b/security/p0f/patches/patch-p0f_c new file mode 100644 index 00000000000..843f9fa9e8d --- /dev/null +++ b/security/p0f/patches/patch-p0f_c @@ -0,0 +1,12 @@ +$OpenBSD: patch-p0f_c,v 1.1.1.1 2001/10/29 03:20:38 jcs Exp $ +--- p0f.c.orig Thu Aug 9 18:54:07 2001 ++++ p0f.c Thu Aug 9 18:54:19 2001 +@@ -260,7 +260,7 @@ + + /* set a reasonable default fingerprint file */ + if (!filename || !*filename) +- filename = "/etc/p0f.fp"; ++ filename = SYSCONFDIR "/p0f.fp"; + + /* anything left after getopt'ing is a rule */ + if (argv[optind] && *(argv[optind])) diff --git a/security/p0f/pkg/DEINSTALL b/security/p0f/pkg/DEINSTALL new file mode 100644 index 00000000000..bb490191201 --- /dev/null +++ b/security/p0f/pkg/DEINSTALL @@ -0,0 +1,25 @@ +#!/bin/sh +# $OpenBSD: DEINSTALL,v 1.1.1.1 2001/10/29 03:20:38 jcs Exp $ +# +# p0f de-installation, ganked from siphon de-installation + +set -e +PATH=/bin:/usr/bin:/sbin:/usr/sbin +PREFIX=${PKG_PREFIX:-/usr/local} +CONFIG_FILE=${SYSCONFDIR}/p0f.fp + +if [ -f $CONFIG_FILE ]; then + echo + echo "+---------------" + echo "| To completely deinstall the $1 package you need to perform" + echo "| this step as root:" + echo "|" + echo "| rm -f $CONFIG_FILE" + echo "|" + echo "| Do not do this if you plan on re-installing $1" + echo "| at some future time." + echo "+---------------" + echo +fi + +exit 0 diff --git a/security/p0f/pkg/DESCR b/security/p0f/pkg/DESCR new file mode 100644 index 00000000000..b019b4dfad4 --- /dev/null +++ b/security/p0f/pkg/DESCR @@ -0,0 +1,7 @@ +Passive OS fingerprinting technique based on information coming +from remote host when it establishes connection to our system. +Captured packets contains enough information to determine OS - and, +unlike active scanners (nmap, queSO) - without sending anything to +this host. + +WWW: ${HOMEPAGE} diff --git a/security/p0f/pkg/INSTALL b/security/p0f/pkg/INSTALL new file mode 100644 index 00000000000..c5089a46b17 --- /dev/null +++ b/security/p0f/pkg/INSTALL @@ -0,0 +1,65 @@ +#!/bin/sh +# $OpenBSD: INSTALL,v 1.1.1.1 2001/10/29 03:20:38 jcs Exp $ +# +# Pre/post-installation setup of p0f, stolen from jsyn's siphone scripts + +# exit on errors, use a sane path and install prefix + +set -e +PATH=/bin:/usr/bin:/sbin:/usr/sbin +PREFIX=${PKG_PREFIX:-/usr/local} +CONFIG_FILE=${SYSCONFDIR}/p0f.fp +SAMPLE_CONFIG_DIR=$PREFIX/share/examples/p0f + +do_notice() +{ + echo + echo "+---------------" + echo "| The existing $1 configuration file in $CONFIG_FILE," + echo "| has NOT been changed. You may want to compare it to the" + echo "| current sample file in $SAMPLE_CONFIG_DIR," + echo "| and update your configuration as needed." + echo "+---------------" + echo +} + +do_install() +{ + install -o root -g wheel -m 644 $SAMPLE_CONFIG_DIR/p0f.fp \ + $CONFIG_FILE + echo + echo "+---------------" + echo "| The $1 configuration file has been installed at" + echo "| $CONFIG_FILE. Please view this file and change the configuration" + echo "| to meet your needs." + echo "+---------------" + echo +} + +# verify proper execution +# +if [ $# -ne 2 ]; then + echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2 + exit 1 +fi + +# Verify/process the command +# +case $2 in + PRE-INSTALL) + : nothing to pre-install for this port + ;; + POST-INSTALL) + if [ ! -f $CONFIG_FILE ]; then + do_install $1 + else + do_notice $1 + fi + ;; + *) + echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/security/p0f/pkg/PLIST b/security/p0f/pkg/PLIST new file mode 100644 index 00000000000..2042c359b0c --- /dev/null +++ b/security/p0f/pkg/PLIST @@ -0,0 +1,6 @@ +@comment $OpenBSD: PLIST,v 1.1.1.1 2001/10/29 03:20:38 jcs Exp $ +bin/p0f +share/doc/p0f/README +share/examples/p0f/p0f.fp +@dirrm share/examples/p0f +@dirrm share/doc/p0f