[patchlogo]

Debian patch tracking system

- tcpspy - tcpspy/1.7d-4

tcpspy (1.7d-4) direct (non packaging) changes

Summary

 Makefile       |   47 +++++++++++---
 tcpspy.rules   |   60 ++++++++++++++++++
 tcpspy.rules.5 |  190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 289 insertions(+), 8 deletions(-)
download this patch

Patch contents

--- tcpspy-1.7d.orig/tcpspy.rules
+++ tcpspy-1.7d/tcpspy.rules
@@ -0,0 +1,60 @@
+# tcpspy.rules for tcpspy Debian GNU/Linux package
+# Written by Pablo Lorenzzoni <spectra@linuxbr.com.br>
+# 
+# Lines containing a # will be ignored. Blank lines too.
+#
+# Rule Syntax - this is a copy of tcpspy.rules(5)
+#       A rule may be  specified  with  the  following  comparison
+#       operators:
+#
+#       user uid
+#              True  if the local user initiating or accepting the
+#              connection has the effective user id uid.
+#
+#       user "username"
+#              Same as above, but using a username  instead  of  a
+#              user id.
+#
+#       lport port
+#              True  if  the  local end of the connection has port
+#              number port.
+#
+#       lport [low] - [high]
+#              True if the local end of the connection has a  port
+#              number  greater  than or equal to low and less than
+#              or equal to high.  If the form low- is  used,  high
+#              is assumed to be 65535.  If the form -high is used,
+#              low is assumed to be 0. It is an error to omit both
+#              low and high.
+#
+#       lport "service"
+#              Same  as  above,  but  using  a  service  name from
+#              /etc/services instead of a port number.
+#
+#       rport  Same as lport but compares the port number  of  the
+#              remote end of the connection.
+#
+#       laddr n.n.n.n[/m.m.m.m]
+#              Interpreted  as  a  "net/mask"  expression; true if
+#              "net" is equal to the  bitwise  AND  of  the  local
+#              address of the connection and "mask". If no mask is
+#              specified,  a  default  mask  with  all  bits   set
+#              (255.255.255.255) is used.
+#
+#       raddr  Same as laddr but compares the remote address.
+#
+#       exe "pattern"
+#              True  if the full filename (including directory) of
+#              the executable that created/accepted the connection
+#              matches  pattern, a glob(7)-style wildcard pattern.
+#
+#              The pattern "" (an empty  string)  matches  connec-
+#              tions  created/accepted  by  processes  whose  exe-
+#              cutable filename is unknown.
+#
+#              If the -p option is not specified, a  warning  mes-
+#              sage  will  be printed, and the result of this com-
+#              parison will always be true.
+#
+# By default this file is empty. This means tcpspy will log everything
+#
--- tcpspy-1.7d.orig/Makefile
+++ tcpspy-1.7d/Makefile
@@ -1,11 +1,15 @@
 # Makefile for tcpspy
 # Tim J. Robbins, 2000
+# Modified for Debian GNU/Linux by Pablo Lorenzzoni
 # $Id: Makefile,v 2.5 2001/04/25 01:40:17 tim Stab $
 
 # You may specify the syslog facility to use here. If in doubt, use LOG_DAEMON
 # or LOG_LOCAL[0-7]. See the syslog(3) manual page for a complete list of
 # facilities.
-CFLAGS+=-DFACILITY=LOG_LOCAL1
+# Edited for Debian GNU/Linux
+# original line:
+#  default: CFLAGS+=-DFACILITY=LOG_LOCAL1
+CFLAGS+=-DFACILITY=LOG_DAEMON
 
 # You may also override the default number of buckets in the connection table
 # here, but this not usually necessary.
@@ -17,8 +21,19 @@
 # Add any other options for the compiler here
 CFLAGS+=-O2 -Wall -W
 
+# Added for Debian GNU/Linux.
+prefix =
+BIN = $(prefix)/usr/sbin
+ETC = $(prefix)/etc
+MANPAGE8 = $(prefix)/usr/share/man/man8
+MANPAGE5 = $(prefix)/usr/share/man/man5
+DOC = $(prefix)/usr/share/doc/tcpspy
 
-default: tcpspy
+
+# Edited for Debian GNU/Linux
+# original line:
+#  default: tcpspy
+default: tcpspy doc
 all: tcpspy doc
 
 tcpspy: log.o rule_lexer.o rule_grammar.o rule.o tcpspy.o
@@ -39,14 +54,30 @@
 tcpspy.o: tcpspy.c
 
 doc:
-	groff -Tps -man tcpspy.8 >tcpspy.ps
-	ps2pdf tcpspy.ps tcpspy.pdf
+	groff -Tps -man tcpspy.8 > tcpspy.ps
+
+# Removed for preventing conflicts with Debian GNU/Linux autobuilders
+# (mainly lack of gs and fonts packages)
+#	ps2pdf tcpspy.ps tcpspy.pdf
+# Added for Debian GNU/Linux (compatibility with the previous version)
+	groff -Thtml -man tcpspy.8 > tcpspy.8.html
 
 clean:
 	rm -f log.o rule_lexer.o rule_grammar.o rule_lexer.c \
 		rule_grammar.c rule_grammar.h rule.o tcpspy.o tcpspy \
-		tcpspy.ps tcpspy.pdf
+		tcpspy.8.html tcpspy.ps tcpspy.pdf
 
-install: tcpspy
-	install -m 644 -D tcpspy.8 /usr/local/man/man8/tcpspy.8
-	install -m 755 -D tcpspy /usr/local/sbin/tcpspy
+# Edited for Debian GNU/Linux
+# original lines:
+# install: tcpspy
+#	install -m 644 -D tcpspy.8 /usr/local/man/man8/tcpspy.8
+#	install -m 755 -D tcpspy /usr/local/sbin/tcpspy
+install: tcpspy doc
+	install -d $(BIN) $(ETC) $(MANPAGE8) $(MANPAGE5)
+	install -m 755 ./tcpspy $(BIN)
+	install -m 644 tcpspy.rules $(ETC)
+	install -m 644 tcpspy.8 $(MANPAGE8)
+	install -m 644 tcpspy.rules.5 $(MANPAGE5)
+	install -d $(DOC)
+	cp -a tcpspy.8.html $(DOC)
+	cp -a tcpspy.ps $(DOC)
--- tcpspy-1.7d.orig/tcpspy.rules.5
+++ tcpspy-1.7d/tcpspy.rules.5
@@ -0,0 +1,190 @@
+.\" This file is part of tcpspy Debian package, a TCP/IP connection monitor.
+.\" In truth this is just an snipped version of tcpspy manpage, which is
+.\" copyrighted by Tim J. Robbins under the same terms below.
+.\"
+.\" Copyright (c) 2001 Pablo Lorenzzoni. 
+.\" All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $Id: tcpspy.rules.5,v 1.33 2001/01/28 13:09:12 fyre Exp $
+.TH TCPSPY.RULES 5 "April 2001" Spectra "tcpspy.rules"
+.SH NAME
+tcpspy.rules \- configuration file for tcpspy
+.SH DESCRIPTION
+.LP
+This file, by default
+.IR /etc/tcpspy.rules ,
+is read by the
+.IR /etc/init.d/tcpspy 
+script at init time in order to configure
+tcpspy (see tcpspy(8)) logger filtering rules.
+.LP
+It might look like:
+.IP
+.nf
+# /etc/tcpspt.rules example
+user "joedoe" and rport 22 and raddr 192.168.1.10
+user 1003
+lport 22 or lport 21
+(lport 23 and user "joedoe") or raddr 192.168.1.20
+.fi
+.LP
+This rules file specifies that tcpspy logs tcp connections according
+to 4 rules (line 1 to line 4 - one per each line) using the boolean
+logic (see below) to evaluate each rule.
+.LP
+This particular example logs conections:
+.TP
+line 1 - for user "joedoe" connecting to 192.168.1.10:22 (remote)
+.TP
+line 2 - for user whose UID is 1003
+.TP
+line 3 - to localhost:22 or localhost:21
+.TP
+line 4 - for user "joedoe" to localhost:23 or to 192.168.1.20 (remote)
+.LP
+Everything from an "#" signal and the end of the line will not be evaluated.
+.LP
+.PP
+.SS "Rule Syntax - just extracted from tcpspy(8)"
+A rule may be specified with the following comparison operators:
+.TP
+.BI user " uid"
+True if the local user initiating or accepting the connection has the
+.B effective
+user id
+.IR uid .
+.TP
+.BI user " \N'34'username\N'34'"
+Same as above, but using a username instead of a user id.
+.TP
+.BI lport " port"
+True if the local end of the connection has port number
+.IR port .
+.TP
+.BI lport " [low] - [high]"
+True if the local end of the connection has a port number
+greater than or equal to
+.I low
+and less than or equal to
+.IR high .
+If the form
+.I low-
+is used, high is assumed to be 65535.
+If the form
+.I -high
+is used, low is assumed to be 0. It is an error to omit both
+.IR low " and " high .
+.TP
+.BI lport " \N'34'service\N'34'"
+Same as above, but using a service name from
+.I /etc/services
+instead of a port number.
+.TP
+.B rport
+Same as
+.B lport
+but compares the port number of the remote end of the connection.
+.TP
+.BI laddr " n.n.n.n[/m.m.m.m]"
+Interpreted as a "net/mask" expression; true if "net" is equal to the bitwise
+AND of the local address of the connection and "mask". If no mask is specified,
+a default mask with all bits set (255.255.255.255) is used.
+.TP
+.B raddr
+Same as
+.B laddr
+but compares the remote address.
+.TP
+.BI exe " \N'34'pattern\N'34'"
+True if the full filename (including directory) of the executable that 
+created/accepted the connection matches
+.IR pattern ,
+a
+.BR glob (7)-style
+wildcard pattern.
+.IP
+The pattern "" (an empty string) matches connections created/accepted by 
+processes whose executable filename is unknown.
+.IP
+If the
+.B -p
+option is not specified, a warning message will be printed, and the result of
+this comparison will always be true.
+.PP
+Expressions (including the  comparisons listed above) may be joined together
+with the following logical operations:
+.TP
+.IB expr1 " or " expr2
+True if either of
+.I expr1
+or
+.I expr2
+are true (logical OR).
+.TP
+.IB expr1 " and " expr2
+True if both
+.I expr1
+and
+.I expr2
+are true (logical AND).
+.TP
+.BI not " expr"
+True if
+.I expr
+is false (logical NOT).
+.PP
+Rules are evaluated from left to right. Whitespace (space, tab and newline)
+characters are ignored between "words". Rules consisting of only whitespace
+match no connections, but do not cause an error.
+Parentheses, '(' and ')' may be placed around expressions to affect the order
+of evaluation.
+.PP
+.SS "Examples"
+.TP
+These are some sample rules which further demonstrate how they are constructed:
+.TP
+.nf
+user "joe" and rport "ssh"
+.fi
+Log connections made by user "joe" for the service "ssh".
+
+.TP
+.nf
+not raddr 10.0.0.0/255.0.0.0 and rport 25 and (user "bob" or user "joe")
+.fi
+Log connections made by users "bob" and "joe" to remote port 25 on machines
+not on a fictional "intranet".
+
+.SH AUTHOR
+Tim J. Robbins (tcpspy),
+Pablo Lorenzzoni (this manpage)
+
+.SH SEE ALSO
+.BR glob (7),
+.BR proc (5),
+.BR services (5),
+.BR signal (7),
+.BR syslog (3),
+.BR tcpspy (8)
page code/design/content is copyright (c) 2008 sean finney <seanius@debian.org>.
patches viewed/retrieved through this system are copyrighted by their respective authors.
browse git repo - clone git repo