Group :: Monitoring
RPM: passivedns
Navigation
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: passivedns-1.2.1-alt.patch
Download
Download
.gear/passivedns.init | 87 ++++++++++++
.gear/passivedns.spec | 157 +++++++++++++++++++++
.gear/passivedns@.service | 10 ++
.gear/rules | 5 +
.../tags/a72ab8057dc5aae34720acda5b50ff11226e7c5f | 6 +
.gear/tags/list | 1 +
.gear/upstream/remotes | 3 +
configure.ac | 2 +
src/Makefile.am | 2 +-
src/dns.c | 4 +-
10 files changed, 275 insertions(+), 2 deletions(-)
diff --git a/.gear/passivedns.init b/.gear/passivedns.init
new file mode 100644
index 0000000..7a5e1cb
--- /dev/null
+++ b/.gear/passivedns.init
@@ -0,0 +1,87 @@
+#!/bin/sh
+#
+# passivedns A network sniffer that logs all DNS server replies for use in a passive DNS setup
+#
+# chkconfig: - 90 10
+# description: A tool to collect DNS records passively \
+# to aid Incident handling, Network \
+# Security Monitoring (NSM) and \
+# general digital forensics.
+# processname: passivedns
+# config: /etc/passivedns/passivedns.conf
+# pidfile: /var/run/passivedns.pid
+
+# Do not load RH compatibility interface.
+WITHOUT_RC_COMPAT=1
+
+# Source function library.
+. /etc/init.d/functions
+
+PIDFILE=/var/run/passivedns.pid
+LOCKFILE=/var/lock/subsys/passivedns
+RETVAL=0
+
+
+SourceIfNotEmpty /etc/sysconfig/passivedns
+
+OPTIONS="-D -u _passivedns -g _passivedns $OPTIONS"
+
+start()
+{+ start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _passivedns -- passivedns "$OPTIONS"
+ RETVAL=$?
+ return $RETVAL
+}
+
+stop()
+{+ stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" --expect-user _passivedns -- passivedns
+ RETVAL=$?
+ return $RETVAL
+}
+
+restart()
+{+ stop
+ start
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ reload)
+ restart
+ ;;
+ restart)
+ restart
+ ;;
+ condstop)
+ if [ -e "$LOCKFILE" ]; then
+ stop
+ fi
+ ;;
+ condrestart)
+ if [ -e "$LOCKFILE" ]; then
+ restart
+ fi
+ ;;
+ condreload)
+ if [ -e "$LOCKFILE" ]; then
+ reload
+ fi
+ ;;
+ status)
+ status --pidfile "$PIDFILE" --expect-user _passivedns -- passivedns
+ RETVAL=$?
+ ;;
+ *)
+ msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/.gear/passivedns.spec b/.gear/passivedns.spec
new file mode 100644
index 0000000..2a241eb
--- /dev/null
+++ b/.gear/passivedns.spec
@@ -0,0 +1,157 @@
+%define _unpackaged_files_terminate_build 1
+
+Name: passivedns
+Version: 1.2.1
+Release: alt2
+Summary: A network sniffer that logs all DNS server replies for use in a passive DNS setup
+License: GPLv2
+Group: Monitoring
+URL: https://github.com/gamelinux/passivedns
+
+Source: %name-%version.tar
+Source2: %name.init
+Source3: %{name}@.service+
+Patch1: %name-%version-alt.patch
+
+BuildRequires: libpcap-devel libldns-devel
+BuildRequires: libjansson-devel
+BuildRequires: perl(DBI.pm) perl(Date/Simple.pm) perl(DateTime.pm) perl(Time/Local.pm)
+
+%description
+A tool to collect DNS records passively to aid Incident handling, Network
+Security Monitoring (NSM) and general digital forensics.
+
+PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs
+the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate
+DNS answers in-memory, limiting the amount of data in the logfile without
+loosing the essens in the DNS answer.
+
+%package daemon
+Summary: Daemon for passive DNS
+Group: Monitoring
+Requires: %name = %EVR
+
+%description daemon
+Daemon for %name
+
+%package tools
+Summary: Tools for passive DNS
+Group: Monitoring
+
+%description tools
+A tools for work with %name data
+
+%prep
+%setup
+%patch1 -p1
+
+find . -type f | xargs sed -i \
+ -e "s|%_logdir/passivedns.log|%_logdir/%name/passivedns.log|g" \
+ -e "s|%_logdir/passivedns.stats|%_logdir/%name/passivedns.stats|g" \
+ -e "s|%_logdir/passivedns-run.log|%_logdir/%name/passivedns-run.log|g" \
+ -e "s|%_logdir/passivedns-alert.log|%_logdir/%name/passivedns-alert.log|g" \
+ %nil
+
+%build
+%autoreconf
+%configure \
+ --enable-json \
+ %nil
+
+%make_build
+
+%install
+install -pD -m755 src/%name %buildroot%_sbindir/%name
+install -pD -m755 tools/pdns2db.pl %buildroot%_bindir/pdns2db.pl
+install -pD -m755 tools/search-pdns.pl %buildroot%_bindir/search-pdns.pl
+install -pD -m755 %SOURCE2 %buildroot%_initdir/%name
+
+mkdir -p %buildroot%_unitdir
+install -pD -m755 %SOURCE3 %buildroot%_unitdir/%{name}@.service+
+mkdir -p %buildroot%_logdir/%name
+mkdir -p %buildroot%_sharedstatedir/%name
+mkdir -p %buildroot%_sysconfdir/sysconfig
+mkdir -p %buildroot%_logrotatedir
+
+cat > %buildroot%_sysconfdir/sysconfig/%name <<EOF
+#OPTIONS:
+# -i <iface> Network device <iface> (default: eth0).
+# -l <file> Name of the logfile (default: %_logdir/%name/passivedns.log).
+# -b 'BPF' Berkley Packet Filter (default: 'port 53').
+# -S <mem> Soft memory limit in MB (default: 256).
+# -C <sec> Seconds to cache DNS objects in memory (default 43200).
+# -P <sec> Seconds between printing duplicate DNS info (default 86400).
+# -X <flags> Manually set DNS RR Types to care about(Default -X 46CDNPRS).
+
+OPTIONS='-i lo'
+
+EOF
+
+cat << EOF > %buildroot%_logrotatedir/%name
+%_logdir/%name/%name.log {+ create 644 root _%name
+ weekly
+ rotate 5
+ copytruncate
+ compress
+ notifempty
+ missingok
+}
+
+EOF
+
+
+%pre
+/usr/sbin/groupadd -r -f _%name
+/usr/sbin/useradd -r -g _%name -d %_sharedstatedir/%name -s /dev/null -n -c "DNS network sniffer" _%name >/dev/null 2>&1 ||:
+
+%post daemon
+%post_service %name
+
+%preun daemon
+%preun_service %name
+
+%files
+%doc README doc tools/README.skip_white_black-list.txt www
+%_sbindir/*
+%dir %attr(3770,root,_%name) %_logdir/%name
+%_logrotatedir/%name
+
+%files daemon
+%dir %_sharedstatedir/%name
+%_sysconfdir/sysconfig/%name
+%_initdir/*
+%_unitdir/%{name}@.service+
+%files tools
+%_bindir/*.pl
+
+%changelog
+* Fri Dec 04 2020 Aleksei Nikiforov <darktemplar@altlinux.org> 1.2.1-alt2
+- Fixed build with -fno-common.
+
+* Wed Feb 06 2019 Aleksei Nikiforov <darktemplar@altlinux.org> 1.2.1-alt1
+- Updated to upstream version 1.2.1.
+- Removed %%ubt macro from release.
+
+* Wed Sep 13 2017 Aleksei Nikiforov <darktemplar@altlinux.org> 1.2.0-alt2
+- Rebuilt with ldns-1.7.0.
+- Added %%ubt macro to release.
+- Added systemd service.
+
+* Tue Dec 01 2015 Igor Vlasenko <viy@altlinux.ru> 1.2.0-alt1
+- NMU: new version (fixes build)
+
+* Mon Nov 30 2015 Igor Vlasenko <viy@altlinux.ru> 1.1.3-alt1.git20140826.1
+- bugfixes for perl 5.22
+
+* Fri Sep 19 2014 Eugeny A. Rostovtsev (REAL) <real at altlinux.org> 1.1.3-alt1.git20140826
+- New snapshot
+
+* Tue Dec 31 2013 Slava Dubrovskiy <dubrsl@altlinux.org> 1.1.3-alt1
+- New version
+
+* Tue Mar 20 2012 Slava Dubrovskiy <dubrsl@altlinux.org> 0.3.3-alt1
+- built for ALT Linux
diff --git a/.gear/passivedns@.service b/.gear/passivedns@.service
new file mode 100644
index 0000000..bbde9fd
--- /dev/null
+++ b/.gear/passivedns@.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=A network sniffer that logs all DNS server replies for use in a passive DNS setup
+After=syslog.target network.target
+
+[Service]
+WorkingDirectory=/var/run
+ExecStart=/usr/sbin/passivedns -u _passivedns -g _passivedns -i %i
+
+[Install]
+WantedBy=multi-user.target
diff --git a/.gear/rules b/.gear/rules
new file mode 100644
index 0000000..e93106f
--- /dev/null
+++ b/.gear/rules
@@ -0,0 +1,5 @@
+spec: .gear/passivedns.spec
+tar: @version@:.
+diff: @version@:. . name=@name@-@version@-alt.patch
+copy: .gear/*.init
+copy: .gear/*.service
diff --git a/.gear/tags/a72ab8057dc5aae34720acda5b50ff11226e7c5f b/.gear/tags/a72ab8057dc5aae34720acda5b50ff11226e7c5f
new file mode 100644
index 0000000..84afd09
--- /dev/null
+++ b/.gear/tags/a72ab8057dc5aae34720acda5b50ff11226e7c5f
@@ -0,0 +1,6 @@
+object 945fcea0334c2915e2ebc0322f5d01d208b97d13
+type commit
+tag 1.2.1
+tagger Edward Bjarte Fjellskål <edward.fjellskaal@gmail.com> 1530609458 +0200
+
+Bumped version to 1.2.1
diff --git a/.gear/tags/list b/.gear/tags/list
new file mode 100644
index 0000000..bd30438
--- /dev/null
+++ b/.gear/tags/list
@@ -0,0 +1 @@
+a72ab8057dc5aae34720acda5b50ff11226e7c5f 1.2.1
diff --git a/.gear/upstream/remotes b/.gear/upstream/remotes
new file mode 100644
index 0000000..b446fee
--- /dev/null
+++ b/.gear/upstream/remotes
@@ -0,0 +1,3 @@
+[remote "upstream"]
+ fetch = +refs/heads/*:refs/remotes/upstream/*
+ url = git://github.com/gamelinux/passivedns
diff --git a/configure.ac b/configure.ac
index 4fd762f..f28c64c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,6 +14,8 @@ AC_PROG_CC
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug], [Enable debug output]))
+CPPFLAGS="${CFLAGS}"+
AS_IF([test "x$enable_debug" = "xyes"], [
CPPFLAGS="${CPPFLAGS} -Wall -g -DDEBUG"])
diff --git a/src/Makefile.am b/src/Makefile.am
index 841281f..15907e1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -7,7 +7,7 @@ bin_PROGRAMS=passivedns
all: $(bin_PROGRAMS)
%.o: %.c
- $(CC) -O3 $(CPPFLAGS) -c $< -o $@
+ $(CC) $(CPPFLAGS) -c $< -o $@
passivedns$(EXEEXT): $(OBJECTS)
$(CC) -o passivedns $(OBJECTS) $(LDFLAGS)
diff --git a/src/dns.c b/src/dns.c
index c11e731..8ded536 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -35,7 +35,7 @@
#include <jansson.h>
#endif /* HAVE_JSON */
-globalconfig config;
+extern globalconfig config;
/* The 12th Carol number and 7th Carol prime, 16769023, is also a Carol emirp */
//#define DBUCKET_SIZE 16769023
@@ -419,8 +419,10 @@ int cache_dns_objects(packetinfo *pi, ldns_rdf *rdf_data,
break;
case LDNS_RR_TYPE_NAPTR:
if (config.dnsf & DNS_CHK_NAPTR)
+ {offset = 0;
to_offset = 6;
+ }
break;
case LDNS_RR_TYPE_RP:
if (config.dnsf & DNS_CHK_RP)