Summary: | net-analyzer/p0f: Include improved init.d file | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Giampaolo Tomassoni <giampaolo> |
Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | CONFIRMED --- | ||
Severity: | enhancement | CC: | bug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
The fixed and improved p0f init script
A baselayout-2 p0f init script for net-analyzer/p0f-3.00_rc5 A baselayout-2 p0f init script for net-analyzer/p0f-3.00_rc5 - fixed |
Description
Giampaolo Tomassoni
2010-05-18 13:14:35 UTC
Created attachment 231973 [details]
The fixed and improved p0f init script
I'm attaching an updated version of the /etc/init.d/p0f script which fixes these bugs and limitations. It is meant to be compatible with respect to any user-configured value in /etc/conf.d/p0f, but it also allows some more config entries to be defined. These are the recognized variables from /etc/conf.d/p0f:
P0FDEVICE: same meaning as before;
P0FOPTIONS: same meaning as before, but know options "-t" and "-l" are on by default;
P0FLOGFILE: the pathname of the p0f logfile. As previous, it defaults to "/var/log/p0f". Actually, definiting it the null device ("/dev/null"), turns logfile output off;
BpfFilter: same meaning as before, but know setting it to "dst port smtp or dst port http" works the way it is meant to;
P0FUSER: (new) the user the p0f daemon should change (and chroot) after startup. No default (i.e.: the running user);
P0FSOCKET: (new) the socket p0f should create and use to reply to queries from external processes. Defaults to no queries via socket;
P0FSOCKETMODE: (new) the file mode to be enforced in the socket file. Default 0660. Meaningful only when P0FSOCKET is also set. p0f creates a socket with a weird mode of 0777 (which, with default umask, is 0755): execute bits are useless in sockets, and this way the socket doesn't allow non-P0FUSER processes to issue queries, which is a limit in most environments (i.e.: spam detection boxes). Please note that p0f may run in a jail thanks to the
P0FUSER setting and that the socket is a query-only interface. There is no evident reason to limit its accessability;
Can you refresh your work for p0f-3.00_rc5 ? Created attachment 299151 [details] A baselayout-2 p0f init script for net-analyzer/p0f-3.00_rc5 Here it is. It seems to work to me. Please note that many p0f runstring options got changed in meaning in ver 3.x, so that one may have to revise the P0FOPTIONS setting in /etc/conf.d/p0f before using this script. Also, this script implements a work-around for bug#320391 . ... which is bug#399165 actually... Created attachment 299363 [details]
A baselayout-2 p0f init script for net-analyzer/p0f-3.00_rc5 - fixed
This is a new version of the script, which fixes a small bug in handling P0FOPTIONS and attempts to be less bash-dependant.
Hi, I found some issues in this script. First issue is location of `ip`, now it is in /bin. Second issue is wrong handling tun interfaces, I'm getting filter string: host not ( 127.0.0.1 or 81.4.0.0 or 81.1.0.0 or 10.254.248.1 or peer or 10.254.248.2 or 10.10.0.1 or peer or 10.10.0.2 ) As for know I didn't find working solution. |