svn commit: r512424 - in head: . net-mgmt/p0f net-mgmt/p0f/files
Kurt Jaeger
pi at FreeBSD.org
Fri Sep 20 18:44:39 UTC 2019
Author: pi
Date: Fri Sep 20 18:44:38 2019
New Revision: 512424
URL: https://svnweb.freebsd.org/changeset/ports/512424
Log:
net-mgmt/p0f: add rc script
Added rc script to run p0f in daemon mode as as unprivileged user.
That is useful to provide access to p0f API via unix socket for
various clients (e.g. anti-spam filters like rspamd, haraka-plugin-p0f,
etc.).
PR: 240712
Submitted by: Alexander Moisseev <moiseev at mezonplus.ru>
Added:
head/net-mgmt/p0f/files/p0f.in (contents, props changed)
Modified:
head/GIDs
head/UIDs
head/net-mgmt/p0f/Makefile
Modified: head/GIDs
==============================================================================
--- head/GIDs Fri Sep 20 17:06:15 2019 (r512423)
+++ head/GIDs Fri Sep 20 18:44:38 2019 (r512424)
@@ -792,7 +792,7 @@ graylog:*:848:
chronyd:*:849:
qbittorrent:*:850:
cassandra:*:851:
-# free: 852
+p0f:*:852:
_geodns:*:853:
# free: 854
# free: 855
Modified: head/UIDs
==============================================================================
--- head/UIDs Fri Sep 20 17:06:15 2019 (r512423)
+++ head/UIDs Fri Sep 20 18:44:38 2019 (r512424)
@@ -797,7 +797,7 @@ graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/
chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
qbittorrent:*:850:850::0:0:qBittorrent Daemon User:/var/db/qbittorrent/conf:/usr/sbin/nologin
cassandra:*:851:851::0:0:Cassandra DB Daemon User:/var/db/cassandra:/usr/sbin/nologin
-# free: 852
+p0f:*:852:852::0:0:p0f unprivileged user:/var/empty:/usr/sbin/nologin
_geodns:*:853:853::0:0:GeoDNS User:/var/empty:/usr/sbin/nologin
# free: 854
# free: 855
Modified: head/net-mgmt/p0f/Makefile
==============================================================================
--- head/net-mgmt/p0f/Makefile Fri Sep 20 17:06:15 2019 (r512423)
+++ head/net-mgmt/p0f/Makefile Fri Sep 20 18:44:38 2019 (r512424)
@@ -3,15 +3,21 @@
PORTNAME= p0f
PORTVERSION= 3.09b
+PORTREVISION= 1
CATEGORIES= net-mgmt security
MASTER_SITES= http://lcamtuf.coredump.cx/p0f3/releases/ \
http://fossies.org/unix/privat/
-EXTRACT_SUFX= .tgz
MAINTAINER= pi at FreeBSD.org
COMMENT= Passive OS fingerprinting tool
LICENSE= LGPL21
+
+USES= tar:tgz
+USE_RC_SUBR= p0f
+
+USERS= p0f
+GROUPS= p0f
PLIST_FILES= bin/p0f bin/p0f-client bin/p0f-sendsyn \
bin/p0f-sendsyn6 etc/p0f.fp
Added: head/net-mgmt/p0f/files/p0f.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net-mgmt/p0f/files/p0f.in Fri Sep 20 18:44:38 2019 (r512424)
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: p0f
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+
+# p0f_enable (bool): Set it to YES to enable p0f.
+# Default: NO.
+#
+# p0f_user (str) User to drop privileges and change to.
+# Default: p0f.
+#
+# p0f_sock (path): Path to socket used to communicate with p0f.
+# Default: /var/run/p0f.sock
+#
+# p0f_db (path): Location of fingerprint db.
+# Default: %%PREFIX%%/etc/p0f.fp
+#
+# p0f_flags (str): Options passed to the p0f daemon.
+# Default: "-d -u ${p0f_user} -s ${p0f_sock} -f ${p0f_db}"
+#
+# command_args (str): Optional pcap-style traffic filtering rules.
+# See p0f README for details.
+
+. /etc/rc.subr
+
+name="p0f"
+rcvar=p0f_enable
+
+load_rc_config "$name"
+
+: ${p0f_enable:="NO"}
+: ${p0f_user:="p0f"}
+: ${p0f_sock:="/var/run/${name}.sock"}
+: ${p0f_db:="%%PREFIX%%/etc/p0f.fp"}
+: ${p0f_flags:="-d -u ${p0f_user} -s ${p0f_sock} -f ${p0f_db}"}
+
+command="%%PREFIX%%/bin/${name}"
+
+pidfile="/var/run/${name}.pid"
+required_files="${p0f_db}"
+
+start_cmd="${name}_start"
+stop_postcmd="rm -f ${p0f_sock} $pidfile"
+
+extra_commands="reload"
+
+p0f_get_pid() {
+ PID=$(/bin/ps waux | /usr/bin/grep ${command} | /usr/bin/grep -v grep | /usr/bin/grep ${p0f_sock} | /usr/bin/awk '{print $2}')
+}
+
+p0f_start() {
+ p0f_get_pid
+ if [ -z "${PID}" ] ; then
+ echo "Starting ${name}."
+ if [ ! -z "${command_args}" ] ; then
+ ${command} ${p0f_flags} "${command_args}"
+ else
+ ${command} ${p0f_flags}
+ fi
+ if [ ! -z "${pidfile}" ] ; then
+ p0f_get_pid
+ [ -z "${PID}" ] || echo ${PID} > ${pidfile}
+ fi
+ else
+ echo "${name} already running? (pid=${PID})."
+ fi
+}
+
+run_rc_command "$1"
More information about the svn-ports-all
mailing list