From a54303fdafdfc7a4f1b8d986788d7ba318cf5d17 Mon Sep 17 00:00:00 2001 From: David Spencer Date: Sat, 2 Jun 2012 19:52:09 -0400 Subject: network/p0f: Updated for version 3.05b. Signed-off-by: dsomero --- network/p0f/README | 25 ++++++++++++++----------- network/p0f/doinst.sh | 4 ---- network/p0f/p0f.SlackBuild | 46 ++++++++++++++++++++++++++++------------------ network/p0f/p0f.info | 10 +++++----- network/p0f/slack-desc | 12 ++++++------ 5 files changed, 53 insertions(+), 44 deletions(-) (limited to 'network/p0f') diff --git a/network/p0f/README b/network/p0f/README index 4f31089bf4..6d725b92cf 100644 --- a/network/p0f/README +++ b/network/p0f/README @@ -1,12 +1,15 @@ -p0f v2 is a passive operating system fingerprinting tool. -It can identify the OS on: - - machines that connect to your box (SYN mode), - - machines you connect to (SYN+ACK mode), - - machines you cannot connect to (RST+ mode), - - machines whose communications you can observe. +P0f is a tool that utilizes an array of sophisticated, purely passive +traffic fingerprinting mechanisms to identify the players behind any +incidental TCP/IP communications (often as little as a single normal SYN) +without interfering in any way. Version 3 is a complete rewrite of the +original codebase, incorporating a significant number of improvements +to network-level fingerprinting, and introducing the ability to reason +about application-level payloads (e.g., HTTP). -P0f can also detect or measure the following: - - firewall presence, NAT use, - - existence of a load balancer setup, - - the distance to the remote system and its uptime, - - other guy's network hookup (DSL, OC3, avian carriers) and his ISP. +To build and install the optional signature and API tools, specify +TOOLS=yes to the SlackBuild, for example + + TOOLS=yes sh p0f.SlackBuild + +If you are upgrading from p0f version 2.0.8, please note that the files +/etc/p0f/p0f{a,o,r}.fp are no longer used and can be removed. diff --git a/network/p0f/doinst.sh b/network/p0f/doinst.sh index 872eca5d19..912b1cff40 100644 --- a/network/p0f/doinst.sh +++ b/network/p0f/doinst.sh @@ -12,7 +12,3 @@ config() { } config etc/p0f/p0f.fp.new -config etc/p0f/p0fa.fp.new -config etc/p0f/p0fo.fp.new -config etc/p0f/p0fr.fp.new - diff --git a/network/p0f/p0f.SlackBuild b/network/p0f/p0f.SlackBuild index 5d4866d4b3..1f5fe1b3a3 100644 --- a/network/p0f/p0f.SlackBuild +++ b/network/p0f/p0f.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for p0f -# Copyright 2011 David Spencer, Baildon, West Yorkshire, U.K. +# Copyright 2012 David Spencer, Baildon, West Yorkshire, U.K. # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -25,7 +25,7 @@ # Modified by the SlackBuilds.org project PRGNAM=p0f -VERSION=${VERSION:-2.0.8} +VERSION=${VERSION:-3.05b} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -61,33 +61,43 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM +rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tgz -cd $PRGNAM +cd $PRGNAM-$VERSION chown -R root:root . chmod -R u+w,go+r-w,a-s . -make p0f \ - CFLAGS="$SLKCFLAGS \ - -DUSE_BPF=\\\"pcap-bpf.h\\\" \ - -I/usr/include/pcap" \ - -f mk/Linux +# Set default location of fingerprint file: +sed -i 's;"p0f.fp";"/etc/p0f/p0f.fp";' config.h + +# Don't override SLKCFLAGS's optimisation +sed -i 's/ -O3//' build.sh + +CFLAGS="$SLKCFLAGS" \ + ./build.sh mkdir -p $PKG/usr/sbin/ -cp -f p0f p0frep $PKG/usr/sbin/ +cp -f p0f $PKG/usr/sbin/ strip --strip-unneeded $PKG/usr/sbin/p0f mkdir -p $PKG/etc/p0f -for i in p0f.fp p0fa.fp p0fr.fp p0fo.fp ; do \ - cat $i > $PKG/etc/p0f/${i}.new ; -done - -mkdir -p $PKG/usr/man/man1/ -cat p0f.1 | gzip -9 > $PKG/usr/man/man1/p0f.1.gz +cat p0f.fp > $PKG/etc/p0f/p0f.fp.new + +if [ "${TOOLS:-no}" = "yes" ]; then + cd tools + mkdir -p $PKG/usr/bin + for t in p0f-sendsyn p0f-sendsyn6 p0f-client ; do + make $t CFLAGS="$SLKCFLAGS" + cp -f $t $PKG/usr/bin/ + strip --strip-unneeded $PKG/usr/bin/$t + done + cp -a README-TOOLS $PKG/usr/doc/$PRGNAM-$VERSION + cd .. +fi mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cd doc -cp -a COPYING CREDITS ChangeLog KNOWN_BUGS README TODO \ +cd docs +cp -a COPYING ChangeLog README TODO existential-notes.txt \ $PKG/usr/doc/$PRGNAM-$VERSION cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild diff --git a/network/p0f/p0f.info b/network/p0f/p0f.info index c1a23d7daf..76c1f1acf8 100644 --- a/network/p0f/p0f.info +++ b/network/p0f/p0f.info @@ -1,10 +1,10 @@ PRGNAM="p0f" -VERSION="2.0.8" -HOMEPAGE="http://lcamtuf.coredump.cx/p0f.shtml" -DOWNLOAD="http://lcamtuf.coredump.cx/p0f/p0f-2.0.8.tgz" -MD5SUM="1ccbcd8d4c95ef6dae841120d23c56a5" +VERSION="3.05b" +HOMEPAGE="http://lcamtuf.coredump.cx/p0f3/" +DOWNLOAD="http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.05b.tgz" +MD5SUM="edbc4b135b2646db3227a441268fd2e2" DOWNLOAD_x86_64="" MD5SUM_x86_64="" MAINTAINER="David Spencer" EMAIL="baildon.research@googlemail.com" -APPROVED="rworkman" +APPROVED="dsomero" diff --git a/network/p0f/slack-desc b/network/p0f/slack-desc index 4be4d5bb54..1ff49a2da6 100644 --- a/network/p0f/slack-desc +++ b/network/p0f/slack-desc @@ -8,12 +8,12 @@ |-----handy-ruler------------------------------------------------------| p0f: p0f (passive os fingerprint tool) p0f: -p0f: p0f is a passive operating system fingerprinting tool. It can -p0f: identify the OS on machines that connect to your box, machines you -p0f: connect to, machines you cannot connect to, and machines whose -p0f: communications you can observe. It can detect or measure firewall -p0f: presence, NAT use, existence of a load balancer setup, the distance +p0f: p0f is a passive operating system fingerprinting tool. It can +p0f: identify the OS on machines that connect to your box, machines you +p0f: connect to, machines you cannot connect to, and machines whose +p0f: communications you can observe. It can detect or measure firewall +p0f: presence, NAT use, existence of a load balancer setup, the distance p0f: to the remote system, its uptime, and its network hookup and ISP. p0f: -p0f: Homepage: http://lcamtuf.coredump.cx/p0f.shtml +p0f: Homepage: http://lcamtuf.coredump.cx/p0f3/ p0f: -- cgit v1.2.3