summaryrefslogtreecommitdiff
path: root/network/arpwatch
diff options
context:
space:
mode:
authorMichal Bialozor <bialyy@o2.pl>2010-08-14 15:45:24 -0400
committerdsomero <xgizzmo@slackbuilds.org>2010-08-14 15:45:24 -0400
commit77dd75eaef6afecafdca97688e2df734c293610e (patch)
tree273bb7e5c628b7c81e4c01739f6f037054d55dcc /network/arpwatch
parenta80381f7a58afcf40ec7c67f9cdd53b16e72bfc8 (diff)
downloadslackbuilds-77dd75eaef6afecafdca97688e2df734c293610e.tar.gz
network/arpwatch: Added (for tracking IP addresses on a network)
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
Diffstat (limited to 'network/arpwatch')
-rw-r--r--network/arpwatch/README8
-rw-r--r--network/arpwatch/README.ethercodes26
-rw-r--r--network/arpwatch/arpwatch.SlackBuild105
-rw-r--r--network/arpwatch/arpwatch.info10
-rw-r--r--network/arpwatch/doinst.sh20
-rw-r--r--network/arpwatch/patches/arpwatch-2.1a10-man.patch33
-rw-r--r--network/arpwatch/patches/arpwatch-2.1a15-bogon.patch20
-rw-r--r--network/arpwatch/patches/arpwatch-2.1a15-extraman.patch173
-rw-r--r--network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch10
-rw-r--r--network/arpwatch/patches/arpwatch-2.1a4-fhs.patch20
-rw-r--r--network/arpwatch/patches/arpwatch-addr.patch232
-rw-r--r--network/arpwatch/patches/arpwatch-dir-man.patch22
-rw-r--r--network/arpwatch/patches/arpwatch-drop-man.patch48
-rw-r--r--network/arpwatch/patches/arpwatch-drop.patch93
-rw-r--r--network/arpwatch/patches/arpwatch-scripts.patch27
-rw-r--r--network/arpwatch/rc.arpwatch63
-rw-r--r--network/arpwatch/slack-desc19
17 files changed, 929 insertions, 0 deletions
diff --git a/network/arpwatch/README b/network/arpwatch/README
new file mode 100644
index 0000000000..470d5c457f
--- /dev/null
+++ b/network/arpwatch/README
@@ -0,0 +1,8 @@
+The arpwatch package contains arpwatch and arpsnmp. Arpwatch and
+arpsnmp are both network monitoring tools. Both utilities monitor
+Ethernet or FDDI network traffic and build databases of Ethernet/IP
+address pairs, and can report certain changes via email.
+
+Install the arpwatch package if you need networking monitoring devices
+which will automatically keep track of the IP addresses on your
+network.
diff --git a/network/arpwatch/README.ethercodes b/network/arpwatch/README.ethercodes
new file mode 100644
index 0000000000..8e3ad9adff
--- /dev/null
+++ b/network/arpwatch/README.ethercodes
@@ -0,0 +1,26 @@
+README.ethercodes
+=================
+
+This file contains some specific instructions to complete the
+installation of arpwatch on Slackware.
+
+1) After installing the arpwatch package
+----------------------------------------
+
+1.1) Change current location to the arpwatch working directory:
+
+ # cd /var/lib/arpwatch
+
+1.2) Download newest MAC addresses database:
+
+ # wget http://standards.ieee.org/regauth/oui/oui.txt
+
+1.3) Convert it into ethercodes.dat format using script included in arpwatch source:
+
+ # ./massagevendor oui.txt > ethercodes.dat
+
+1.4) Remove unnecessary database file:
+
+ # rm -f oui.txt
+
+1.5) Congratulations, you have just created ethercodes.dat file with the newest MAC adresses.
diff --git a/network/arpwatch/arpwatch.SlackBuild b/network/arpwatch/arpwatch.SlackBuild
new file mode 100644
index 0000000000..e7d9a66ab7
--- /dev/null
+++ b/network/arpwatch/arpwatch.SlackBuild
@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# Slackware build script for arpwatch
+# Written by Michal Bialozor <bialyy@o2.pl>
+
+PRGNAM=arpwatch
+VERSION=2.1a15
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+cat $CWD/patches/arpwatch-2.1a4-fhs.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a10-man.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-drop.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-drop-man.patch | patch --verbose -p0 || exit 1
+cat $CWD/patches/arpwatch-addr.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-dir-man.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-scripts.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-nolocalpcap.patch | patch -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-bogon.patch | patch -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-extraman.patch | patch --verbose -p1 || exit 1
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --bindir=/usr/sbin \
+ --sbindir=/usr/sbin \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --build=$ARCH-slackware-linux
+
+mkdir -p $PKG/usr/sbin
+mkdir -p $PKG/usr/man/man8
+
+make ARPDIR=/var/lib/$PRGNAM
+make install install-man DESTDIR=$PKG
+
+find $PKG | xargs file | grep -e "executable" -e "shared object"| grep ELF | \
+ cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a CHANGES INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.ethercodes > $PKG/usr/doc/$PRGNAM-$VERSION/README.ethercodes
+
+mkdir -p $PKG/var/lib/$PRGNAM
+cp -a arp.dat ethercodes.dat arp2ethers arpfetch massagevendor massagevendor-old \
+ d.awk duplicates.awk e.awk euppertolower.awk p.awk $PKG/var/lib/$PRGNAM
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/arpwatch/arpwatch.info b/network/arpwatch/arpwatch.info
new file mode 100644
index 0000000000..e1d4bc77d2
--- /dev/null
+++ b/network/arpwatch/arpwatch.info
@@ -0,0 +1,10 @@
+PRGNAM="arpwatch"
+VERSION="2.1a15"
+HOMEPAGE="http://ee.lbl.gov/"
+DOWNLOAD="ftp://ftp.ee.lbl.gov/arpwatch.tar.gz"
+MD5SUM="cebfeb99c4a7c2a6cee2564770415fe7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Michal Bialozor"
+EMAIL="bialyy@o2.pl"
+APPROVED="dsomero"
diff --git a/network/arpwatch/doinst.sh b/network/arpwatch/doinst.sh
new file mode 100644
index 0000000000..75006b21f7
--- /dev/null
+++ b/network/arpwatch/doinst.sh
@@ -0,0 +1,20 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Keep same perms on rc.arpwatch.new:
+if [ -e etc/rc.d/rc.arpwatch ]; then
+ cp -a etc/rc.d/rc.arpwatch etc/rc.d/rc.arpwatch.new.incoming
+ cat etc/rc.d/rc.arpwatch.new > etc/rc.d/rc.arpwatch.new.incoming
+ mv etc/rc.d/rc.arpwatch.new.incoming etc/rc.d/rc.arpwatch.new
+fi
+
+config etc/rc.d/rc.arpwatch.new
diff --git a/network/arpwatch/patches/arpwatch-2.1a10-man.patch b/network/arpwatch/patches/arpwatch-2.1a10-man.patch
new file mode 100644
index 0000000000..73b3068a36
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-2.1a10-man.patch
@@ -0,0 +1,33 @@
+diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
+--- arpwatch-2.1a10/arpsnmp.8 Sun Sep 17 23:34:48 2000
++++ arpwatch-2.1a10.man/arpsnmp.8 Sun Dec 31 02:00:54 2000
+@@ -41,7 +41,7 @@
+ and reports certain changes via email.
+ .B Arpsnmp
+ reads information from a file (usually generated by
+-.BR snmpwalk (8)).
++.BR snmpwalk (1)).
+ .LP
+ The
+ .B -d
+@@ -62,9 +62,9 @@
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+-.BR arpwatch (1)
++.BR arpwatch (8)
+ man page for details on the report messages generated by
+-.BR arpsnmp (1).)
++.BR arpsnmp (8).)
+ .SH FILES
+ .na
+ .nh
+@@ -79,7 +79,7 @@
+ .na
+ .nh
+ .BR arpwatch (8),
+-.BR snmpwalk (8),
++.BR snmpwalk (1),
+ .BR arp (8)
+ .ad
+ .hy
diff --git a/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch b/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch
new file mode 100644
index 0000000000..784deb015b
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-2.1a15-bogon.patch
@@ -0,0 +1,20 @@
+--- arpwatch-2.1a15/arpwatch.c.bogon 2007-08-09 13:53:47.000000000 +0200
++++ arpwatch-2.1a15/arpwatch.c 2007-08-09 13:58:17.000000000 +0200
+@@ -730,11 +730,12 @@ addnet(register const char *str)
+
+ /* XXX hack */
+ n = ntohl(inet_addr(tstr));
+- while ((n & 0xff000000) == 0) {
+- n <<= 8;
+- if (n == 0)
+- return (0);
+- }
++ if (n || width != 32)
++ while ((n & 0xff000000) == 0) {
++ n <<= 8;
++ if (n == 0)
++ return (0);
++ }
+ n = htonl(n);
+
+ if (width != 0) {
diff --git a/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch b/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch
new file mode 100644
index 0000000000..502404ec59
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-2.1a15-extraman.patch
@@ -0,0 +1,173 @@
+diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
+--- arpwatch-2.1a15/Makefile.in.extraman 2009-12-14 18:01:27.000000000 +0100
++++ arpwatch-2.1a15/Makefile.in 2010-03-30 15:11:30.000000000 +0200
+@@ -118,6 +118,10 @@ install-man: force
+ $(DESTDIR)$(MANDEST)/man8
+ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ $(DESTDIR)$(MANDEST)/man8
++ $(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
++ $(DESTDIR)$(MANDEST)/man8
++ $(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
++ $(DESTDIR)$(MANDEST)/man8
+
+ lint: $(GENSRC) force
+ lint -hbxn $(SRC) | \
+diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
+--- arpwatch-2.1a15/arp2ethers.8.extraman 2010-03-30 15:12:37.000000000 +0200
++++ arpwatch-2.1a15/arp2ethers.8 2010-03-30 15:53:01.000000000 +0200
+@@ -0,0 +1,60 @@
++.TH ARP2ETHERS 8
++.SH NAME
++arp2ethers \- convert arpwatch address database to ethers file format
++.SH SYNOPSIS
++.na
++.B arp2ethers
++.ad
++.SH "DESCRIPTION"
++.B arp2ethers
++converts file
++.IR arp.dat
++in the current directory into
++.BR ethers(5)
++format on
++.IR stdout .
++Usually
++.IR arp.dat
++is an ethernet/ip database file generated by
++.BR arpwatch(8) .
++The arpwatch daemon in Debian will create different
++.IR arp.dat
++depending on its configuration. All of them will be available at
++.IR /var/lib/arpwatch/ .
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default directory for arp.dat
++arp.dat - ethernet/ip address database
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch (8),
++.BR ethers (5),
++.BR rarp (8),
++.BR arp (8),
++.ad
++.hy
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++.LP
++Original version by Craig Leres of the Lawrence Berkeley
++National Laboratory Network Research Group, University of
++California, Berkeley, CA.
++.LP
++Modified for the Debian Project by Peter Kelemen, with
++additions from Erik Warmelink.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.
++
+diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
+--- arpwatch-2.1a15/massagevendor.8.extraman 2010-03-30 15:15:18.000000000 +0200
++++ arpwatch-2.1a15/massagevendor.8 2010-03-30 15:15:18.000000000 +0200
+@@ -0,0 +1,91 @@
++.TH MASSAGEVENDOR 8
++.SH NAME
++massagevendor \- convert the ethernet vendor codes master list to arpwatch format
++.SH SYNOPSIS
++.na
++massagevendor
++.I vendorfile
++.SH "DESCRIPTION"
++.B massagevendor
++is a program that converts a text file containing ethernet vendor codes
++into a format suitable for use by
++.B arpwatch(8)
++and
++.B arpsnmp(8).
++The input
++.I vendorfile
++is a master text file containing vendor codes. The output
++is sent to
++.I stdout.
++Each line of the
++.I vendorfile
++is expected to have a six digit hexadecimal vendor code
++followed by spaces followed by the name of the manufacturer.
++.LP
++All ethernet devices have a unique identifier which
++includes a vendor code specifying the manufacturer of the
++device. In normal operation
++.B arpwatch(8)
++and
++.B arpsnmp(8)
++use the file
++.I ethercodes.dat
++to report this vendor code.
++.B massagevendor
++is used to generate the
++.I ethercodes.dat
++file from text files containing these vendor codes.
++.LP
++Locations where an ethernet vendor codes master text file
++can be obtained are given below.
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default location of the ethernet vendor list
++ethercodes.dat - file containing the list of ethernet vendor codes
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch(8),
++.BR arpsnmp(8)
++.ad
++.hy
++.SH NOTES
++Sources for ethernet vendor codes seen in the wild are
++.LP
++.na
++.nh
++.nf
++.RS
++.I http://map-ne.com/Ethernet/vendor.html
++.I ftp://ftp.cavebear.com/pub/Ethernet.txt
++.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
++.RE
++.ad
++.hy
++.LP
++Useful for comparison or completeness are the
++ethernet vendor codes as assigned
++by the IEEE which can be found at
++.LP
++.RS
++.I http://standards.ieee.org/regauth/oui/oui.txt
++.RE
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++Craig Leres of the
++Lawrence Berkeley National Laboratory Network Research Group,
++University of California, Berkeley, CA.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.
diff --git a/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch b/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch
new file mode 100644
index 0000000000..13382bc79d
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch
@@ -0,0 +1,10 @@
+--- arpwatch-2.1a15/configure.nolocalpcap 2006-06-21 22:32:38.000000000 +0200
++++ arpwatch-2.1a15/configure 2006-11-09 15:04:35.000000000 +0100
+@@ -4956,6 +4956,7 @@
+ places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
+ egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
+ for dir in $places ../libpcap libpcap ; do
++ break
+ basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
+ if test $lastdir = $basedir ; then
+ continue;
diff --git a/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch b/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch
new file mode 100644
index 0000000000..313c794d0c
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-2.1a4-fhs.patch
@@ -0,0 +1,20 @@
+--- arpwatch-2.1a4/Makefile.in.fhs Sun Jun 18 08:26:28 2000
++++ arpwatch-2.1a4/Makefile.in Sun Jun 18 08:27:21 2000
+@@ -109,13 +109,13 @@
+ $(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
+
+ install: force
+- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
+- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
++ $(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
++ $(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
+
+ install-man: force
+- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
++ $(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
+ $(DESTDIR)$(MANDEST)/man8
+- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
++ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ $(DESTDIR)$(MANDEST)/man8
+
+ lint: $(GENSRC) force
diff --git a/network/arpwatch/patches/arpwatch-addr.patch b/network/arpwatch/patches/arpwatch-addr.patch
new file mode 100644
index 0000000000..5647ff811f
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-addr.patch
@@ -0,0 +1,232 @@
+--- arpwatch-2.1a11/addresses.h.in.addr Wed Jun 5 00:40:29 1996
++++ arpwatch-2.1a11/addresses.h.in Wed Jul 31 17:39:38 2002
+@@ -1,2 +1,4 @@
+ #define WATCHER "root"
+-#define WATCHEE "arpwatch (Arpwatch)"
++#define WATCHEE "root (Arpwatch)"
++extern char *watcher;
++extern char *watchee;
+--- arpwatch-2.1a11/arpsnmp.8.addr Sun Sep 17 15:34:48 2000
++++ arpwatch-2.1a11/arpsnmp.8 Fri Aug 2 15:15:31 2002
+@@ -30,6 +30,12 @@
+ ] [
+ .B -f
+ .I datafile
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .I file
+ [
+@@ -59,6 +65,27 @@
+ .I arp.dat
+ file must be created before the first time you run
+ .BR arpsnmp .
++.LP
++If the
++.B -e
++flag is used,
++.B arpsnmp
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s
++flag is used,
++.B arpsnmp
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+--- arpwatch-2.1a11/arpsnmp.c.addr Sun Jan 17 19:47:40 1999
++++ arpwatch-2.1a11/arpsnmp.c Fri Aug 2 15:17:16 2002
+@@ -59,6 +59,7 @@
+ #include "file.h"
+ #include "machdep.h"
+ #include "util.h"
++#include "addresses.h"
+
+ /* Forwards */
+ int main(int, char **);
+@@ -90,7 +91,7 @@
+ }
+
+ opterr = 0;
+- while ((op = getopt(argc, argv, "df:")) != EOF)
++ while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
+ switch (op) {
+
+ case 'd':
+@@ -105,6 +106,24 @@
+ arpfile = optarg;
+ break;
+
++ case 'e':
++ if ( optarg ) {
++ watcher = strdup(optarg);
++ } else {
++ (void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++ usage();
++ }
++ break;
++
++ case 's':
++ if ( optarg ) {
++ watchee = strdup(optarg);
++ } else {
++ (void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++ usage();
++ }
++ break;
++
+ default:
+ usage();
+ }
+@@ -184,6 +203,6 @@
+
+ (void)fprintf(stderr, "Version %s\n", version);
+ (void)fprintf(stderr,
+- "usage: %s [-d] [-f datafile] file [...]\n", prog);
++ "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
+ exit(1);
+ }
+--- arpwatch-2.1a11/arpwatch.8.addr Thu Aug 1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.8 Thu Aug 1 14:08:05 2002
+@@ -46,6 +46,12 @@
+ ] [
+ .B -u
+ .I username
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -106,6 +112,27 @@
+ and group ID to that of the primary group of
+ .IR username .
+ This is recommended for security reasons.
++.LP
++If the
++.B -e
++flag is used,
++.B arpwatch
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s
++flag is used,
++.B arpwatch
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ Note that an empty
+ .I arp.dat
+--- arpwatch-2.1a11/arpwatch.c.addr Thu Aug 1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.c Thu Aug 1 13:47:35 2002
+@@ -78,6 +78,7 @@
+ #include "machdep.h"
+ #include "setsignal.h"
+ #include "util.h"
++#include "addresses.h"
+
+ /* Some systems don't define these */
+ #ifndef ETHERTYPE_REVARP
+@@ -190,7 +191,7 @@
+ interface = NULL;
+ rfilename = NULL;
+ pd = NULL;
+- while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
++ while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+ switch (op) {
+
+ case 'd':
+@@ -232,6 +233,26 @@
+ }
+ break;
+
++ case 'e':
++ if ( optarg ) {
++ watcher = strdup(optarg);
++ }
++ else {
++ fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++ usage();
++ }
++ break;
++
++ case 's':
++ if ( optarg ) {
++ watchee = strdup(optarg);
++ }
++ else {
++ fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++ usage();
++ }
++ break;
++
+ default:
+ usage();
+ }
+@@ -784,6 +805,7 @@
+
+ (void)fprintf(stderr, "Version %s\n", version);
+ (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+- " [-n net[/width]] [-r file] [-u username]\n", prog);
++ " [-n net[/width]] [-r file] [-u username]"
++ " [-e username] [-s username]\n", prog);
+ exit(1);
+ }
+--- arpwatch-2.1a11/report.c.addr Sat Sep 30 18:41:10 2000
++++ arpwatch-2.1a11/report.c Thu Aug 1 14:16:43 2002
+@@ -70,6 +70,9 @@
+
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+
++char *watcher = WATCHER;
++char *watchee = WATCHEE;
++
+ static int cdepth; /* number of outstanding children */
+
+ static char *fmtdate(time_t);
+@@ -240,8 +243,6 @@
+ register FILE *f;
+ char tempfile[64], cpu[64], os[64];
+ char *fmt = "%20s: %s\n";
+- char *watcher = WATCHER;
+- char *watchee = WATCHEE;
+ char *sendmail = PATH_SENDMAIL;
+ char *unknown = "<unknown>";
+ char buf[132];
+@@ -258,6 +259,9 @@
+ }
+ f = stdout;
+ (void)putc('\n', f);
++ } else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
++ dosyslog(LOG_NOTICE, title, a, e1, e2);
++ return;
+ } else {
+ /* Setup child reaper if we haven't already */
+ if (!init) {
diff --git a/network/arpwatch/patches/arpwatch-dir-man.patch b/network/arpwatch/patches/arpwatch-dir-man.patch
new file mode 100644
index 0000000000..673a600df7
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-dir-man.patch
@@ -0,0 +1,22 @@
+--- arpwatch-2.1a15/arpsnmp.8.dirman 2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpsnmp.8 2006-11-02 17:23:58.000000000 +0100
+@@ -96,7 +96,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
+--- arpwatch-2.1a15/arpwatch.8.dirman 2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpwatch.8 2006-11-02 17:24:07.000000000 +0100
+@@ -198,7 +198,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
diff --git a/network/arpwatch/patches/arpwatch-drop-man.patch b/network/arpwatch/patches/arpwatch-drop-man.patch
new file mode 100644
index 0000000000..f183b2164e
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-drop-man.patch
@@ -0,0 +1,48 @@
+--- arpwatch.8.orig Sun Oct 8 23:31:28 2000
++++ arpwatch.8 Mon Oct 16 16:46:19 2000
+@@ -36,13 +36,16 @@
+ .I interface
+ ]
+ .br
+-.ti +8
++.ti +9
+ [
+ .B -n
+ .IR net [/ width
+ ]] [
+ .B -r
+ .I file
++] [
++.B -u
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -94,10 +97,26 @@
+ .B arpwatch
+ does not fork.
+ .LP
++If
++.B -u
++flag is used,
++.B arpwatch
++drops root privileges and changes user ID to
++.I username
++and group ID to that of the primary group of
++.IR username .
++This is recommended for security reasons.
++.LP
+ Note that an empty
+ .I arp.dat
+ file must be created before the first time you run
+-.BR arpwatch .
++.BR arpwatch .
++Also, the default directory (where arp.dat is stored) must be owned
++by
++.I username
++if
++.BR -u
++flag is used.
+ .LP
+ .SH "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by
diff --git a/network/arpwatch/patches/arpwatch-drop.patch b/network/arpwatch/patches/arpwatch-drop.patch
new file mode 100644
index 0000000000..916a4b1142
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-drop.patch
@@ -0,0 +1,93 @@
+--- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000
++++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001
+@@ -62,7 +62,7 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
+-
++#include <pwd.h>
+ #include <pcap.h>
+
+ #include "gnuc.h"
+@@ -141,6 +141,25 @@
+ int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
+ __dead void usage(void) __attribute__((volatile));
+
++void dropprivileges(const char* user)
++{
++ struct passwd* pw;
++ pw = getpwnam( user );
++ if ( pw ) {
++ if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++ setuid(pw->pw_uid) != 0 ) {
++ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
++ pw->pw_uid, pw->pw_gid);
++ exit(1);
++ }
++ }
++ else {
++ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
++ exit(1);
++ }
++ syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -153,6 +172,7 @@
+ register char *interface, *rfilename;
+ struct bpf_program code;
+ char errbuf[PCAP_ERRBUF_SIZE];
++ char* serveruser = NULL;
+
+ if (argv[0] == NULL)
+ prog = "arpwatch";
+@@ -170,7 +190,7 @@
+ interface = NULL;
+ rfilename = NULL;
+ pd = NULL;
+- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
++ while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
+ switch (op) {
+
+ case 'd':
+@@ -202,6 +222,16 @@
+ rfilename = optarg;
+ break;
+
++ case 'u':
++ if ( optarg ) {
++ serveruser = strdup(optarg);
++ }
++ else {
++ fprintf(stderr, "%s: Need username after -u\n", prog);
++ usage();
++ }
++ break;
++
+ default:
+ usage();
+ }
+@@ -283,8 +313,11 @@
+ * Revert to non-privileged user after opening sockets
+ * (not needed on most systems).
+ */
+- setgid(getgid());
+- setuid(getuid());
++ /*setgid(getgid());*/
++ /*setuid(getuid());*/
++ if ( serveruser ) {
++ dropprivileges( serveruser );
++ }
+
+ /* Must be ethernet or fddi */
+ linktype = pcap_datalink(pd);
+@@ -751,6 +784,6 @@
+
+ (void)fprintf(stderr, "Version %s\n", version);
+ (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+- " [-n net[/width]] [-r file]\n", prog);
++ " [-n net[/width]] [-r file] [-u username]\n", prog);
+ exit(1);
+ }
diff --git a/network/arpwatch/patches/arpwatch-scripts.patch b/network/arpwatch/patches/arpwatch-scripts.patch
new file mode 100644
index 0000000000..994dd1bd27
--- /dev/null
+++ b/network/arpwatch/patches/arpwatch-scripts.patch
@@ -0,0 +1,27 @@
+--- arpwatch-2.1a15/arp2ethers.scripts 2002-01-05 20:40:48.000000000 +0100
++++ arpwatch-2.1a15/arp2ethers 2006-11-09 14:34:42.000000000 +0100
+@@ -13,7 +13,7 @@
+ # - sort
+ #
+
+-sort +2rn arp.dat | \
++sort -k 2 -rn arp.dat | \
+ awk 'NF == 4 { print }' | \
+ awk -f p.awk | \
+ egrep -v '\.[0-9][0-9]*$' | \
+--- arpwatch-2.1a15/arpfetch.scripts 2006-07-28 20:10:30.000000000 +0200
++++ arpwatch-2.1a15/arpfetch 2006-11-09 14:37:05.000000000 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+
+ if [ $# -ne 2 ]; then
+@@ -30,4 +28,3 @@
+ print ea "\t" ip
+ }'
+
+-rm -f ${t1}
diff --git a/network/arpwatch/rc.arpwatch b/network/arpwatch/rc.arpwatch
new file mode 100644
index 0000000000..9bf52da1d3
--- /dev/null
+++ b/network/arpwatch/rc.arpwatch
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# /etc/rc.d/rc./arpwatch
+#
+# Start/stop/restart/status arpwatch.
+
+ARPDIR="/var/lib/arpwatch"
+IFACE="$2"
+
+OPTIONS="-i $IFACE -f $ARPDIR/arp-$IFACE.dat -u root -e root -s root"
+
+pid="$(ps ax | awk '{if (match($5, ".*/arpwatch$") || $5 == "arpwatch") print $1}')"
+
+start() {
+ if [ "$IFACE" = "" ]; then
+ echo "Please specify interface name"
+ exit 1
+ else
+ if [ ! -f "$ARPDIR/arp-$IFACE.dat" ]; then
+ echo "Creating new database file..."
+ touch $ARPDIR/arp-$IFACE.dat
+ echo "Starting arpwatch on $IFACE..."
+ arpwatch $OPTIONS
+ else
+ echo "Starting arpwatch on $IFACE..."
+ arpwatch $OPTIONS
+ fi
+ fi
+}
+
+stop() {
+ echo "Stopping arpwatch..."
+ killall arpwatch
+}
+
+status() {
+ if [ "$pid" != "" ]; then
+ echo "arpwatch (pid "$pid") is running..."
+ else
+ echo "arpwatch is not running..."
+ fi
+}
+
+case "$1" in
+'start')
+ start
+ ;;
+'stop')
+ stop
+ ;;
+'restart')
+ stop
+ start
+ ;;
+'status')
+ status
+ ;;
+*)
+ echo ""
+ echo "Usage: $0 {start [IFACE] | stop | restart [IFACE] | status}"
+ echo ""
+ exit 1
+esac
diff --git a/network/arpwatch/slack-desc b/network/arpwatch/slack-desc
new file mode 100644
index 0000000000..bbb390ba7b
--- /dev/null
+++ b/network/arpwatch/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier
+to edit a package description. Line # up the first '|' above the
+':' following the base package name, and the '|' # on the right
+side marks the last column you can put a character in. You must #
+make exactly 11 lines for the formatting to be correct. It's also #
+customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+arpwatch: arpwatch (Monitoring tools for tracking IP addresses on a network)
+arpwatch:
+arpwatch: The arpwatch package contains arpwatch and arpsnmp. Arpwatch and
+arpwatch: arpsnmp are both network monitoring tools. Both utilities monitor
+arpwatch: Ethernet or FDDI network traffic and build databases of Ethernet/IP
+arpwatch: address pairs, and can report certain changes via email.
+arpwatch:
+arpwatch:
+arpwatch: Homepage: http://ee.lbl.gov/
+arpwatch:
+arpwatch: