svn commit: r384872 - in head/security: . passivedns passivedns/files
Lars Engels
lme at FreeBSD.org
Mon Apr 27 20:33:40 UTC 2015
Author: lme
Date: Mon Apr 27 20:33:38 2015
New Revision: 384872
URL: https://svnweb.freebsd.org/changeset/ports/384872
Log:
Add security/passivedns:
A tool to collect DNS records passively to aid Incident handling, Network
Security Monitoring (NSM) and general digital forensics.
PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs
the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate
DNS answers in-memory, limiting the amount of data in the logfile without
losing the essense in the DNS answer.
WWW: https://github.com/gamelinux/passivedns
PR: 198499
Submitted by: shadowbq at gmail.com
Added:
head/security/passivedns/
head/security/passivedns/Makefile (contents, props changed)
head/security/passivedns/distinfo (contents, props changed)
head/security/passivedns/files/
head/security/passivedns/files/passivedns.in (contents, props changed)
head/security/passivedns/files/pkg-message.in (contents, props changed)
head/security/passivedns/pkg-descr (contents, props changed)
head/security/passivedns/pkg-plist (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Mon Apr 27 20:29:48 2015 (r384871)
+++ head/security/Makefile Mon Apr 27 20:33:38 2015 (r384872)
@@ -666,6 +666,7 @@
SUBDIR += pamtester
SUBDIR += paperkey
SUBDIR += parano
+ SUBDIR += passivedns
SUBDIR += pbc
SUBDIR += pbnj
SUBDIR += pcsc-tools
Added: head/security/passivedns/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/Makefile Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,40 @@
+# $FreeBSD$
+
+PORTNAME= passivedns
+DISTVERSION= ${GH_TAG}
+CATEGORIES= security
+DISTFILES= gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz
+
+MAINTAINER= shadowbq at gmail.com
+COMMENT= Network sniffer that logs DNS replies for use in passive DNS setups
+
+LICENSE= GPLv2
+
+LIB_DEPENDS= libldns.so:${PORTSDIR}/dns/ldns
+
+USE_GITHUB= yes
+GH_ACCOUNT= gamelinux
+GH_PROJECT= passivedns
+GH_TAG= a6c7e26
+
+WRKSRC= ${WRKDIR}/gamelinux-${PORTNAME}-${GH_TAG}
+
+SUB_FILES= pkg-message
+
+USES= autoreconf gmake libtool
+AUTOMAKE_ARGS= --add-missing
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --with-ldns-libraries=${PREFIX}/lib
+CONFIGURE_ARGS+=--with-ldns-includes=${PREFIX}/include
+
+USE_RC_SUBR= passivedns
+
+.include <bsd.port.options.mk>
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/passivedns \
+ ${STAGEDIR}${PREFIX}/bin
+ ${MKDIR} ${STAGEDIR}/var/log/passivedns
+
+.include <bsd.port.mk>
Added: head/security/passivedns/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/distinfo Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,2 @@
+SHA256 (gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz) = 6196cb863c8fcd352e4c3019053530c7ac75656a5c43d11be6774eb9115be5c7
+SIZE (gamelinux-passivedns-1.1.3-60-ga6c7e26.tar.gz) = 51318
Added: head/security/passivedns/files/passivedns.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/files/passivedns.in Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: passivedns
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable passivedns:
+# passivedns_enable (bool): Set to YES to enable passivedns
+# Default: NO
+# passivedns_interface (str):
+# Default: none - MUST BE SET
+# passivedns_logdir (str): Logging Directory
+# Default: "/var/log/passivedns"
+# passivedns_fields (str): Passive DNS Fields to log
+# Default: "SMcsCQTAtn"
+# passivedns_flags (str): Extra flags passed to passivedns (-D is always passed)
+# Default: none
+
+. /etc/rc.subr
+
+name="passivedns"
+rcvar=passivedns_enable
+
+command="%%PREFIX%%/bin/passivedns"
+
+start_precmd=start_precmd
+
+start_precmd()
+{
+ if [ -z "${passivedns_interface}" ]; then
+ err 1 "passivedns_interface must set."
+ fi
+}
+
+# set some defaults
+load_rc_config $name
+
+: ${passivedns_enable="NO"}
+: ${passivedns_logdir="/var/log/passivedns"}
+: ${passivedns_fields="SMcsCQTAtn"}
+: ${passivedns_flags=""}
+
+command_args="-i ${passivedns_interface} -l ${passivedns_logdir}/passivedns.log -f ${passivedns_fields} ${passivedns_flags} -D"
+
+run_rc_command "$1"
+
Added: head/security/passivedns/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/files/pkg-message.in Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,3 @@
+A startup script 'passivedns' was installed in %%PREFIX%%/etc/rc.d/.
+
+Type "passivedns -h" on the commandline for usage instructions.
Added: head/security/passivedns/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/pkg-descr Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,11 @@
+A tool to collect DNS records passively to aid Incident handling, Network
+Security Monitoring (NSM) and general digital forensics.
+
+PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs
+the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate
+DNS answers in-memory, limiting the amount of data in the logfile without
+losing the essense in the DNS answer.
+
+(c)2011-2012 - Edward Bjarte Fjellskal
+
+WWW: https://github.com/gamelinux/passivedns
Added: head/security/passivedns/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/passivedns/pkg-plist Mon Apr 27 20:33:38 2015 (r384872)
@@ -0,0 +1,2 @@
+bin/passivedns
+ at dir(root,wheel,750) /var/log/passivedns
More information about the svn-ports-head
mailing list