diff --git a/AUTHORS b/AUTHORS index e371494..c0fcdc5 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1 +1,2 @@ Ryan McCabe +Nathan Gibbs nathan@cmpublishers.com diff --git a/ChangeLog b/ChangeLog index d20d8dd..506901b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +06-17-2013 + Released as version 2.2.4 + Some code tweaks to get it to compile on debian Wheezy. + Added debian startup script + +05-16-2013 + New project lead. + Nathan Gibbs nathan@cmpublishers.com + Wed Jan 03 14:06:11 EST 2001 Ryan McCabe * Released as version 2.2.3. diff --git a/NEWS b/NEWS index 67172dd..1992e81 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +CHANGES IN IPLOG 2.2.4 +---------------------- +* Code tweaks to allow compilation on debian wheezy. +* Included debian specific init script. + CHANGES IN IPLOG 2.2.3 ---------------------- * Bug fixes. diff --git a/README b/README index 7cb6d41..642429c 100644 --- a/README +++ b/README @@ -1,4 +1,5 @@ -iplog 2.2.3 by Ryan McCabe +iplog 2.2.4 by Ryan McCabe +Continued by Nathan Gibbs nathan@cmpublishers.com ------------------------------------------ iplog is a TCP/IP traffic logger. Currently, it is capable of logging @@ -71,15 +72,3 @@ GNU make can be found at ftp.gnu.org:/pub/gnu/make Any contributions (testing, comments, bug reports, ports, enhancements, etc) are greatly appreciated. - - - - - - - - - - - -$Id: README,v 1.20 2001/01/01 19:42:54 odin Exp $ diff --git a/TODO b/TODO index a25aca1..1af471f 100644 --- a/TODO +++ b/TODO @@ -29,8 +29,5 @@ Other Stuff - I want to port iplog to more platforms. If you'd like to do this or provide access so I can do this, I'd be awfully grateful. - - - - -$Id: TODO,v 1.13 2001/01/01 19:42:54 odin Exp $ +Nathan's TODO + 1. Clean up the format of the log messages diff --git a/configure b/configure index 92b05ff..4ec1405 100755 --- a/configure +++ b/configure @@ -705,7 +705,7 @@ fi PACKAGE=$PACKAGE -VERSION=2.2.3 +VERSION=2.2.4 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; } diff --git a/iplog.init b/iplog.init new file mode 100755 index 0000000..0092e6f --- /dev/null +++ b/iplog.init @@ -0,0 +1,160 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: iplog +# Required-Start: $network $syslog +# Required-Stop: $network $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: IPLog Service +# Description: IP Logging Service +### END INIT INFO + +# Author: NPG + + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="IP Logging Service" +NAME=iplog +DAEMON=/usr/local/sbin/$NAME +DAEMON_ARGS="" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + + +# +# Configuration is in /etc/iplog.conf +# + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/src/iplog_options.c b/src/iplog_options.c index 0237e74..161138c 100644 --- a/src/iplog_options.c +++ b/src/iplog_options.c @@ -440,57 +440,57 @@ void check_options(void) { static void print_help(void) { mysyslog( -"Usage: " PACKAGE " [options] (\"*\" Denotes enabled by default) ---user or -u Run as specified the user or UID. ---group or -g Run with specified the group or GID. ---logfile or -l Log to . ---pid-file Use as the pid file. ---ignore or -d Ignore DNS traffic from nameservers listed in - /etc/resolv.conf. ---interface or -i Listen on the specified interface(s). ---promisc or -a Log traffic to all hosts on . ---kill or -k Kill iplog, if it is running. ---restart or -R Restart iplog, if it is running. ---no-fork or -o Run in the foreground. ---stdout or -L Log to stdout. ---help or -h This help screen. ---version or -v Print version information and exit. - ---facility Use the specified syslog facility. ---priority Use the specified syslog priority. - ---tcp[=true|false|toggle] %cLog TCP traffic. ---udp[=true|false|toggle] %cLog UDP traffic. ---icmp[=true|false|toggle] %cLog ICMP traffic. - ---log-ip[=true|false|toggle] or -w %cLog IP along with hostname. ---log-dest[=true|false|toggle] or -D %cLog the destination of traffic. ---dns-cache[=true|false|toggle] or -c %cUse the built-in DNS cache. ---get-ident[=true|false|toggle] or -e %cGet ident info on connections - to listening ports. - ---tcp-resolve[=true|false|toggle] or -T %cResolve IPs of TCP traffic. ---udp-resolve[=true|false|toggle] or -U %cResolve IPs of UDP traffic. ---icmp-resolve[=true|false|toggle] or -I %cResolve IPs of ICMP traffic. ---disable-resolver or -N %cDo not resolve any IPs. - ---verbose[=true|false|toggle] or -V %cBe verbose. ---fool-nmap[=true|false|toggle] or -z %cFool nmap's OS detection. ---scans-only[=true|false|toggle] or -m %cOnly log scans. ---detect-syn-flood[=true|false|toggle] or -s %cStop resolving IPs if a - SYN flood is detected. - ---log-frag[=true|false|toggle] or -y %cLog fragment attacks. ---log-traceroute[=true|false|toggle] or -t %cLog traceroutes. ---log-ping-flood[=true|false|toggle] or -P %cLog ICMP ping floods. ---log-smurf[=true|false|toggle] or -S %cLog smurf attacks. ---log-bogus[=true|false|toggle] or -b %cLog bogus TCP flags. ---log-portscan[=true|false|toggle] or -p %cLog port scans. ---log-udp-scan[=true|false|toggle] or -F %cLog UDP scans/floods. ---log-fin-scan[=true|false|toggle] or -f %cLog FIN scans. ---log-syn-scan[=true|false|toggle] or -q %cLog SYN scans. ---log-xmas-scan[=true|false|toggle] or -x %cLog Xmas scans. ---log-null-scan[=true|false|toggle] or -n %cLog null scans.", +"Usage: " PACKAGE " [options] (\"*\" Denotes enabled by default)\n" +"--user or -u Run as specified the user or UID.\n" +"--group or -g Run with specified the group or GID.\n" +"--logfile or -l Log to .\n" +"--pid-file Use as the pid file.\n" +"--ignore or -d Ignore DNS traffic from nameservers listed in\n" +" /etc/resolv.conf.\n" +"--interface or -i Listen on the specified interface(s).\n" +"--promisc or -a Log traffic to all hosts on .\n" +"--kill or -k Kill iplog, if it is running.\n" +"--restart or -R Restart iplog, if it is running.\n" +"--no-fork or -o Run in the foreground.\n" +"--stdout or -L Log to stdout.\n" +"--help or -h This help screen.\n" +"--version or -v Print version information and exit.\n" +"\n" +"--facility Use the specified syslog facility.\n" +"--priority Use the specified syslog priority.\n" +"\n" +"--tcp[=true|false|toggle] %cLog TCP traffic.\n" +"--udp[=true|false|toggle] %cLog UDP traffic.\n" +"--icmp[=true|false|toggle] %cLog ICMP traffic.\n" +"\n" +"--log-ip[=true|false|toggle] or -w %cLog IP along with hostname.\n" +"--log-dest[=true|false|toggle] or -D %cLog the destination of traffic.\n" +"--dns-cache[=true|false|toggle] or -c %cUse the built-in DNS cache.\n" +"--get-ident[=true|false|toggle] or -e %cGet ident info on connections\n" +" to listening ports.\n" +"\n" +"--tcp-resolve[=true|false|toggle] or -T %cResolve IPs of TCP traffic.\n" +"--udp-resolve[=true|false|toggle] or -U %cResolve IPs of UDP traffic.\n" +"--icmp-resolve[=true|false|toggle] or -I %cResolve IPs of ICMP traffic.\n" +"--disable-resolver or -N %cDo not resolve any IPs.\n" +"\n" +"--verbose[=true|false|toggle] or -V %cBe verbose.\n" +"--fool-nmap[=true|false|toggle] or -z %cFool nmap's OS detection.\n" +"--scans-only[=true|false|toggle] or -m %cOnly log scans.\n" +"--detect-syn-flood[=true|false|toggle] or -s %cStop resolving IPs if a\n" +" SYN flood is detected.\n" +"\n" +"--log-frag[=true|false|toggle] or -y %cLog fragment attacks.\n" +"--log-traceroute[=true|false|toggle] or -t %cLog traceroutes.\n" +"--log-ping-flood[=true|false|toggle] or -P %cLog ICMP ping floods.\n" +"--log-smurf[=true|false|toggle] or -S %cLog smurf attacks.\n" +"--log-bogus[=true|false|toggle] or -b %cLog bogus TCP flags.\n" +"--log-portscan[=true|false|toggle] or -p %cLog port scans.\n" +"--log-udp-scan[=true|false|toggle] or -F %cLog UDP scans/floods.\n" +"--log-fin-scan[=true|false|toggle] or -f %cLog FIN scans.\n" +"--log-syn-scan[=true|false|toggle] or -q %cLog SYN scans.\n" +"--log-xmas-scan[=true|false|toggle] or -x %cLog Xmas scans.\n" +"--log-null-scan[=true|false|toggle] or -n %cLog null scans.", IS_DEFAULT(LOG_TCP), IS_DEFAULT(LOG_UDP), IS_DEFAULT(LOG_ICMP), IS_DEFAULT(LOG_IP), IS_DEFAULT(LOG_DEST), IS_DEFAULT(DNS_CACHE), IS_DEFAULT(GET_IDENT), IS_DEFAULT(TCP_RES), IS_DEFAULT(UDP_RES), diff --git a/src/iplog_options.h b/src/iplog_options.h index 5a1444b..99b2936 100644 --- a/src/iplog_options.h +++ b/src/iplog_options.h @@ -60,8 +60,8 @@ extern u_int32_t flags; #define ANY_SCAN \ (PORTSCAN | NULL_SCAN | FIN_SCAN | XMAS_SCAN | UDP_SCAN | PING_FLOOD | SMURF) -#define AUTHORS "Ryan McCabe " -#define WEBPAGE "http://ojnk.sourceforge.net" +#define AUTHORS "Ryan McCabe & Nathan Gibbs (nathan@cmpublishers.com)" +#define WEBPAGE "http://www.cmpublishers.com/oss" int get_facility(const u_char *new_facility); int get_priority(const u_char *new_priority); diff --git a/src/iplog_tcp.c b/src/iplog_tcp.c index 6a80564..f29993b 100644 --- a/src/iplog_tcp.c +++ b/src/iplog_tcp.c @@ -144,9 +144,7 @@ int tcp_parser(const struct ip *ip) { ret = sendto(raw_sock, (char *) xip, sizeof(struct ip) + sizeof(struct tcphdr), 0, -#if !defined(__GLIBC__) || (__GLIBC__ < 2) (struct sockaddr *) -#endif &fn_sin, sizeof(struct sockaddr_in));