aboutsummaryrefslogtreecommitdiff
path: root/network/p0f
diff options
context:
space:
mode:
authorDavid Spencer <baildon.research@googlemail.com>2012-06-02 19:52:09 -0400
committerErik Hanson <erik@slackbuilds.org>2012-06-03 15:21:14 -0500
commita54303fdafdfc7a4f1b8d986788d7ba318cf5d17 (patch)
tree3137f0734c0390e732ab70e9ce895961a0a6f1e8 /network/p0f
parentf6dd191c0b4ff1fc715f2746c2b3f5d853e55972 (diff)
network/p0f: Updated for version 3.05b.
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
Diffstat (limited to 'network/p0f')
-rw-r--r--network/p0f/README25
-rw-r--r--network/p0f/doinst.sh4
-rw-r--r--network/p0f/p0f.SlackBuild46
-rw-r--r--network/p0f/p0f.info10
-rw-r--r--network/p0f/slack-desc12
5 files changed, 53 insertions, 44 deletions
diff --git a/network/p0f/README b/network/p0f/README
index 4f31089bf414..6d725b92cf6b 100644
--- a/network/p0f/README
+++ b/network/p0f/README
@@ -1,12 +1,15 @@
-p0f v2 is a passive operating system fingerprinting tool.
-It can identify the OS on:
- - machines that connect to your box (SYN mode),
- - machines you connect to (SYN+ACK mode),
- - machines you cannot connect to (RST+ mode),
- - machines whose communications you can observe.
+P0f is a tool that utilizes an array of sophisticated, purely passive
+traffic fingerprinting mechanisms to identify the players behind any
+incidental TCP/IP communications (often as little as a single normal SYN)
+without interfering in any way. Version 3 is a complete rewrite of the
+original codebase, incorporating a significant number of improvements
+to network-level fingerprinting, and introducing the ability to reason
+about application-level payloads (e.g., HTTP).
-P0f can also detect or measure the following:
- - firewall presence, NAT use,
- - existence of a load balancer setup,
- - the distance to the remote system and its uptime,
- - other guy's network hookup (DSL, OC3, avian carriers) and his ISP.
+To build and install the optional signature and API tools, specify
+TOOLS=yes to the SlackBuild, for example
+
+ TOOLS=yes sh p0f.SlackBuild
+
+If you are upgrading from p0f version 2.0.8, please note that the files
+/etc/p0f/p0f{a,o,r}.fp are no longer used and can be removed.
diff --git a/network/p0f/doinst.sh b/network/p0f/doinst.sh
index 872eca5d198d..912b1cff40b6 100644
--- a/network/p0f/doinst.sh
+++ b/network/p0f/doinst.sh
@@ -12,7 +12,3 @@ config() {
}
config etc/p0f/p0f.fp.new
-config etc/p0f/p0fa.fp.new
-config etc/p0f/p0fo.fp.new
-config etc/p0f/p0fr.fp.new
-
diff --git a/network/p0f/p0f.SlackBuild b/network/p0f/p0f.SlackBuild
index 5d4866d4b356..1f5fe1b3a3aa 100644
--- a/network/p0f/p0f.SlackBuild
+++ b/network/p0f/p0f.SlackBuild
@@ -2,7 +2,7 @@
# Slackware build script for p0f
-# Copyright 2011 David Spencer, Baildon, West Yorkshire, U.K.
+# Copyright 2012 David Spencer, Baildon, West Yorkshire, U.K.
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -25,7 +25,7 @@
# Modified by the SlackBuilds.org project
PRGNAM=p0f
-VERSION=${VERSION:-2.0.8}
+VERSION=${VERSION:-3.05b}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -61,33 +61,43 @@ set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
-rm -rf $PRGNAM
+rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tgz
-cd $PRGNAM
+cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R u+w,go+r-w,a-s .
-make p0f \
- CFLAGS="$SLKCFLAGS \
- -DUSE_BPF=\\\"pcap-bpf.h\\\" \
- -I/usr/include/pcap" \
- -f mk/Linux
+# Set default location of fingerprint file:
+sed -i 's;"p0f.fp";"/etc/p0f/p0f.fp";' config.h
+
+# Don't override SLKCFLAGS's optimisation
+sed -i 's/ -O3//' build.sh
+
+CFLAGS="$SLKCFLAGS" \
+ ./build.sh
mkdir -p $PKG/usr/sbin/
-cp -f p0f p0frep $PKG/usr/sbin/
+cp -f p0f $PKG/usr/sbin/
strip --strip-unneeded $PKG/usr/sbin/p0f
mkdir -p $PKG/etc/p0f
-for i in p0f.fp p0fa.fp p0fr.fp p0fo.fp ; do \
- cat $i > $PKG/etc/p0f/${i}.new ;
-done
-
-mkdir -p $PKG/usr/man/man1/
-cat p0f.1 | gzip -9 > $PKG/usr/man/man1/p0f.1.gz
+cat p0f.fp > $PKG/etc/p0f/p0f.fp.new
+
+if [ "${TOOLS:-no}" = "yes" ]; then
+ cd tools
+ mkdir -p $PKG/usr/bin
+ for t in p0f-sendsyn p0f-sendsyn6 p0f-client ; do
+ make $t CFLAGS="$SLKCFLAGS"
+ cp -f $t $PKG/usr/bin/
+ strip --strip-unneeded $PKG/usr/bin/$t
+ done
+ cp -a README-TOOLS $PKG/usr/doc/$PRGNAM-$VERSION
+ cd ..
+fi
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cd doc
-cp -a COPYING CREDITS ChangeLog KNOWN_BUGS README TODO \
+cd docs
+cp -a COPYING ChangeLog README TODO existential-notes.txt \
$PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
diff --git a/network/p0f/p0f.info b/network/p0f/p0f.info
index c1a23d7dafce..76c1f1acf8bf 100644
--- a/network/p0f/p0f.info
+++ b/network/p0f/p0f.info
@@ -1,10 +1,10 @@
PRGNAM="p0f"
-VERSION="2.0.8"
-HOMEPAGE="http://lcamtuf.coredump.cx/p0f.shtml"
-DOWNLOAD="http://lcamtuf.coredump.cx/p0f/p0f-2.0.8.tgz"
-MD5SUM="1ccbcd8d4c95ef6dae841120d23c56a5"
+VERSION="3.05b"
+HOMEPAGE="http://lcamtuf.coredump.cx/p0f3/"
+DOWNLOAD="http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.05b.tgz"
+MD5SUM="edbc4b135b2646db3227a441268fd2e2"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="David Spencer"
EMAIL="baildon.research@googlemail.com"
-APPROVED="rworkman"
+APPROVED="dsomero"
diff --git a/network/p0f/slack-desc b/network/p0f/slack-desc
index 4be4d5bb54d0..1ff49a2da6ef 100644
--- a/network/p0f/slack-desc
+++ b/network/p0f/slack-desc
@@ -8,12 +8,12 @@
|-----handy-ruler------------------------------------------------------|
p0f: p0f (passive os fingerprint tool)
p0f:
-p0f: p0f is a passive operating system fingerprinting tool. It can
-p0f: identify the OS on machines that connect to your box, machines you
-p0f: connect to, machines you cannot connect to, and machines whose
-p0f: communications you can observe. It can detect or measure firewall
-p0f: presence, NAT use, existence of a load balancer setup, the distance
+p0f: p0f is a passive operating system fingerprinting tool. It can
+p0f: identify the OS on machines that connect to your box, machines you
+p0f: connect to, machines you cannot connect to, and machines whose
+p0f: communications you can observe. It can detect or measure firewall
+p0f: presence, NAT use, existence of a load balancer setup, the distance
p0f: to the remote system, its uptime, and its network hookup and ISP.
p0f:
-p0f: Homepage: http://lcamtuf.coredump.cx/p0f.shtml
+p0f: Homepage: http://lcamtuf.coredump.cx/p0f3/
p0f: