Sophie

Sophie

distrib > Mandriva > 9.1 > ppc > by-pkgid > 9b8c11a2235c0b84ff0e337acc89d600 > files > 2

p0f-1.8.3-1mdk.ppc.rpm

#!/bin/bash
#
# Init file for p0f monitoring program
#
# chkconfig: 2345 60 40
# description: p0f - the p0f monitoring program. \
# p0f performs passive OS fingerprinting technique bases on information coming \
# from remote host when it establishes connection to our system. Captured \
# packets contains enough information to determine OS - and, unlike \
# active scanners (nmap, queSO) - without sending anything to this host.
#
# processname: p0f
# config: /etc/sysconfig/p0f
# pidfile: /var/run/p0f.pid


# TODO add support for the LSB, as /etc/init.d/mysql
#

# Source function library.
. /etc/rc.d/init.d/functions


[ -f /etc/sysconfig/p0f ] && . /etc/sysconfig/p0f

RETVAL=0

[ -z "$LOG_FILE" ] && LOG_FILE=/var/log/p0f 
[ ! -f "$LOG_FILE" ] && ( touch "$LOG_FILE" ; chown root.root "$LOG_FILE" ; chmod 600 "$LOG_FILE" );

[ -z "$OPTIONS" ] && OPTIONS=-v

start() {
	gprintf "Starting p0f : "
	#The 'tcp and tcp[13] & 2 = 2' requires at least syn set.
	#An alternative would be 'tcp and tcp[13] & 0x3f = 2', which
	#is syn and no other major flags (but ECN enabled packets are OK)
	if [ -z "$BPF_FILTER" ]; then
		BPF_FILTER='tcp and tcp[13] & 2 = 2'
	else
		BPF_FILTER="$BPF_FILTER and tcp and tcp[13] & 2 = 2"
	fi

	#The command in backticks returns all the local IP addresses on this machine.
	for OneIP in `/sbin/ifconfig 2>/dev/null | grep 'inet addr' | sed -e 's/.*addr://' -e 's/ .*//'` ; do
		BPF_FILTER="$BPF_FILTER and not src host $OneIP"
	done
		
	#Start up p0f and filter out all packets originating from any of this machines IP's.
	opt=" -o $LOG_FILE $OPTIONS $BPF_FILTER"  
	daemon p0fd $opt

	RETVAL=$?
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/p0f
	echo
	return $RETVAL
}
	
stop() {
	gprintf "Stopping p0f : "
	killproc p0f
	RETVAL=$?
	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/p0f
	echo
	return $RETVAL
}

restart() {
	stop
	start
}

	
case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart|reload)
		restart
		;;
	condrestart)
		if [ -f /var/log/subsys/p0f ]; then
			restart
		fi
		;;	
	status)
		status p0f
		;;
	*)
		gprintf "Usage: %s {start|stop|restart|condrestart|status}\n" `basename $0`
		RETVAL=1
		;;

esac

exit $RETVAL

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional