diff options
-rw-r--r-- | network/p0f/README | 12 | ||||
-rw-r--r-- | network/p0f/doinst.sh | 20 | ||||
-rw-r--r-- | network/p0f/p0f.SlackBuild | 63 | ||||
-rw-r--r-- | network/p0f/p0f.info | 8 | ||||
-rw-r--r-- | network/p0f/slack-desc | 19 |
5 files changed, 122 insertions, 0 deletions
diff --git a/network/p0f/README b/network/p0f/README new file mode 100644 index 0000000000000..1971c9d4515e8 --- /dev/null +++ b/network/p0f/README @@ -0,0 +1,12 @@ +p0f v2 is a passive operating system fingerprinting tool.
+It can identify the OS on:
+ - machines that connect to your box (SYN mode),
+ - machines you connect to (SYN+ACK mode),
+ - machines you cannot connect to (RST+ mode),
+ - machines whose communications you can observe.
+
+P0f can also detect or measure the following:
+ - firewall presence, NAT use,
+ - existence of a load balancer setup,
+ - the distance to the remote system and its uptime,
+ - other guy's network hookup (DSL, OC3, avian carriers) and his ISP.
diff --git a/network/p0f/doinst.sh b/network/p0f/doinst.sh new file mode 100644 index 0000000000000..0959ef448fc4c --- /dev/null +++ b/network/p0f/doinst.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/p0f/p0f.fp.new +config etc/p0f/p0fa.fp.new +config etc/p0f/p0fo.fp.new +config etc/p0f/p0fr.fp.new + diff --git a/network/p0f/p0f.SlackBuild b/network/p0f/p0f.SlackBuild new file mode 100644 index 0000000000000..b59b2db3ac93e --- /dev/null +++ b/network/p0f/p0f.SlackBuild @@ -0,0 +1,63 @@ +#!/bin/sh + +# Slackware build script for p0f +# Written by David Spencer <nobbutl@yahoo.co.uk> +#============================================================================== + +# Modified by the SlackBuilds.org project +# Assumed to be public domain per our submission policy + +set -e + +PRGNAM=p0f +VERSION=2.0.8 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM +tar -xzvf $CWD/$PRGNAM-$VERSION.tgz +cd $PRGNAM +chown -R root:root . +chmod -R u+w,go+r-w,a-s . + +make CFLAGS="$SLKCFLAGS -DUSE_BPF=\\\"pcap-bpf.h\\\" -I/usr/include/pcap" \ + -f mk/Linux p0f + +mkdir -p $PKG/usr/sbin/ +cp -f p0f p0frep $PKG/usr/sbin/ +strip --strip-unneeded $PKG/usr/sbin/p0f + +mkdir -p $PKG/etc/p0f +for i in p0f.fp p0fa.fp p0fr.fp p0fo.fp ; do \ + cat $i > $PKG/etc/p0f/${i}.new ; +done + +mkdir -p $PKG/usr/man/man1/ +cat p0f.1 | gzip -9 > $PKG/usr/man/man1/p0f.1.gz + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cd doc +cp -a COPYING CREDITS ChangeLog KNOWN_BUGS README TODO \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/network/p0f/p0f.info b/network/p0f/p0f.info new file mode 100644 index 0000000000000..028f49092ae16 --- /dev/null +++ b/network/p0f/p0f.info @@ -0,0 +1,8 @@ +PRGNAM="p0f" +VERSION="2.0.8" +HOMEPAGE="http://lcamtuf.coredump.cx/p0f.shtml" +DOWNLOAD="http://lcamtuf.coredump.cx/p0f/p0f-2.0.8.tgz" +MD5SUM="1ccbcd8d4c95ef6dae841120d23c56a5" +MAINTAINER="David Spencer" +EMAIL="nobbutl@yahoo.co.uk" +APPROVED="rworkman" diff --git a/network/p0f/slack-desc b/network/p0f/slack-desc new file mode 100644 index 0000000000000..f13bbcb70024e --- /dev/null +++ b/network/p0f/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +p0f: p0f (passive os fingerprint tool) +p0f: +p0f: p0f is a passive operating system fingerprinting tool. It can +p0f: identify the OS on machines that connect to your box, machines you +p0f: connect to, machines you cannot connect to, and machines whose +p0f: communications you can observe. It can detect or measure firewall +p0f: presence, NAT use, existence of a load balancer setup, the distance +p0f: to the remote system, its uptime, and its network hookup and ISP. +p0f: +p0f: Homepage: http://lcamtuf.coredump.cx/p0f.shtml +p0f: |