summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2005-07-19 10:56:59 +0000
committerDaniel Black <dragonheart@gentoo.org>2005-07-19 10:56:59 +0000
commit3a18b3fc72e81cdadc49f1780d85c287d9ac575c (patch)
tree7c6091af4bcd83f4ace8043bd24c6e0986d698c3 /app-forensics
parentAdded fix/workaround for bug 94199 (diff)
downloadgentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.gz
gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.bz2
gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.zip
patch to fix with newer kernels. dismod perl script modified to find the System.map and dismod executables
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'app-forensics')
-rw-r--r--app-forensics/airt/ChangeLog10
-rw-r--r--app-forensics/airt/Manifest14
-rw-r--r--app-forensics/airt/airt-0.4-r1.ebuild41
-rw-r--r--app-forensics/airt/files/airt-0.4-dismod.patch18
-rw-r--r--app-forensics/airt/files/airt-0.4-kernelupdate.patch113
-rw-r--r--app-forensics/airt/files/digest-airt-0.4-r11
6 files changed, 186 insertions, 11 deletions
diff --git a/app-forensics/airt/ChangeLog b/app-forensics/airt/ChangeLog
index 4103095260a2..5a26b88853af 100644
--- a/app-forensics/airt/ChangeLog
+++ b/app-forensics/airt/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-forensics/airt
# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.1 2005/01/26 01:55:37 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.2 2005/07/19 10:56:59 dragonheart Exp $
+
+*airt-0.4-r1 (19 Jul 2005)
+
+ 19 Jul 2005; Daniel Black <dragonheart@gentoo.org>
+ +files/airt-0.4-dismod.patch, +files/airt-0.4-kernelupdate.patch,
+ +airt-0.4-r1.ebuild:
+ patch to fix with newer kernels. dismod perl script modified to find the
+ System.map and dismod executables
26 Jan 2005; Daniel Black <dragonheart@gentoo.org> +airt-0.4.ebuild,
+metadata.xml:
diff --git a/app-forensics/airt/Manifest b/app-forensics/airt/Manifest
index 27d239ad92c2..183b68020a56 100644
--- a/app-forensics/airt/Manifest
+++ b/app-forensics/airt/Manifest
@@ -1,14 +1,8 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
MD5 df3e59ec816b16c961e26b502ed7bf1e airt-0.4.ebuild 1066
MD5 dd09b3d3602805b1bbcac35ef93e82c6 metadata.xml 707
MD5 51c610e08d33ffa49e4e32729eb97770 ChangeLog 389
+MD5 ba9e5a6fc5267b068d322d875ea5ce06 airt-0.4-r1.ebuild 1156
MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4 60
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFB9vmSmdTrptrqvGERAhPXAJ9SOUaqq1coPD//WsAAEIvVwAlujwCfR/R2
-pjEswzI8w66xlcsYLzmNGZg=
-=Duyg
------END PGP SIGNATURE-----
+MD5 d22f2ab7a3eb68a1a10927e0817498dd files/airt-0.4-kernelupdate.patch 6178
+MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4-r1 60
+MD5 466eea11f18af7adea2700516d1661af files/airt-0.4-dismod.patch 641
diff --git a/app-forensics/airt/airt-0.4-r1.ebuild b/app-forensics/airt/airt-0.4-r1.ebuild
new file mode 100644
index 000000000000..1d675dce012b
--- /dev/null
+++ b/app-forensics/airt/airt-0.4-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4-r1.ebuild,v 1.1 2005/07/19 10:56:59 dragonheart Exp $
+
+inherit linux-mod toolchain-funcs eutils
+
+DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform."
+HOMEPAGE="http://159.226.5.93/projects/airt.htm"
+SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+KEYWORDS="~x86 -*"
+IUSE=""
+S=${WORKDIR}/${PN}
+DEPEND="virtual/libc"
+
+MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)"
+BUILD_PARAMS="KDIR=${KERNEL_DIR}"
+BUILD_TARGETS="default"
+
+src_unpack() {
+ unpack ${A}
+ epatch ${FILESDIR}/${P}-kernelupdate.patch
+ epatch ${FILESDIR}/${P}-dismod.patch
+ sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \
+ ${S}/mod_dumper/Makefile
+}
+
+src_compile() {
+ linux-mod_src_compile
+ emake -C mod_dumper dismod || die
+}
+
+
+src_install() {
+ linux-mod_src_install
+ dosbin mod_dumper/dismod
+ dosbin mod_dumper/dismod.pl
+ dodoc CHANGELOG.txt README.txt TODO
+}
+
diff --git a/app-forensics/airt/files/airt-0.4-dismod.patch b/app-forensics/airt/files/airt-0.4-dismod.patch
new file mode 100644
index 000000000000..55ccc2f13da4
--- /dev/null
+++ b/app-forensics/airt/files/airt-0.4-dismod.patch
@@ -0,0 +1,18 @@
+--- airt/mod_dumper/dismod.pl.orig 2005-07-19 20:40:29.000000000 +1000
++++ airt/mod_dumper/dismod.pl 2005-07-19 20:43:21.000000000 +1000
+@@ -19,7 +19,7 @@
+ close FH;
+ $os_ver = `uname -r`;
+ chomp $os_ver;
+-while(</boot/System.map*>){
++while(</boot/System.map-$os_ver /lib/modules/$os_ver/source/System.map /lib/modules/$os_ver/build/System.map /boot/System.map>){
+ chomp;
+ print $_ . "\n";
+ $file_tmp = $_;
+@@ -32,5 +32,5 @@
+ }
+ }
+ $symbol_file = $file_tmp if($symbol_file eq "");
+-$output = `./dismod -s $base_addr -l $dis_size -t $symbol_file`;
++$output = `/usr/sbin/dismod -s $base_addr -l $dis_size -t $symbol_file`;
+ print $output;
diff --git a/app-forensics/airt/files/airt-0.4-kernelupdate.patch b/app-forensics/airt/files/airt-0.4-kernelupdate.patch
new file mode 100644
index 000000000000..53846066ef16
--- /dev/null
+++ b/app-forensics/airt/files/airt-0.4-kernelupdate.patch
@@ -0,0 +1,113 @@
+--- airt/sock_hunter.c 2005-01-08 15:04:12.000000000 +1100
++++ airt-new/sock_hunter.c 2005-07-19 10:44:27.000000000 +1000
+@@ -157,7 +157,9 @@
+
+ case 10:
+ return "TCP_LISTEN";
+- //TCP_CLOSING;
++
++ case 11:
++ return "TCP_CLOSING";
+
+ default:
+ return "unknow state";
+@@ -219,7 +221,7 @@
+ struct list_head *p, *q;
+ struct kmem_cache_s *cachep;
+ struct slab *slabp;
+- struct tcp_sock *tcp_sk;
++ struct inet_sock tcp_sk_inet;
+ int i;
+
+
+@@ -249,9 +251,9 @@
+ list_for_each(q, &(cachep->lists.slabs_full)){
+ slabp = list_entry(q, struct slab, list);
+ for(i = 0; i < cachep->num; i++){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ /*---------- slabs partial --------------*/
+@@ -269,9 +271,9 @@
+
+ for(i = 0; i < cachep->num; i++){
+ if(!my_array[i]){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *)slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ }
+@@ -285,9 +287,9 @@
+ list_for_each(q, &(cachep->lists.slabs_full)){
+ slabp = list_entry(q, struct slab, list);
+ for(i = 0; i < cachep->num; i++){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ /*---------- slabs partial --------------*/
+@@ -305,9 +307,9 @@
+
+ for(i = 0; i < cachep->num; i++){
+ if(!my_array[i]){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ }
+@@ -321,9 +323,9 @@
+ list_for_each(q, &(cachep->lists.slabs_full)){
+ slabp = list_entry(q, struct slab, list);
+ for(i = 0; i < cachep->num; i++){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ /*---------- slabs partial --------------*/
+@@ -341,9 +343,9 @@
+
+ for(i = 0; i < cachep->num; i++){
+ if(!my_array[i]){
+- tcp_sk = slabp->s_mem + i * cachep->objsize;
+- // printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_raw_state(tcp_sk->sk.sk_state));
+- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state));
++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++ // printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
++ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
+ }
+ }
+ }
+--- airt/mod_hunter.c 2005-01-08 15:04:18.000000000 +1100
++++ airt-new/mod_hunter.c 2005-07-19 10:21:47.000000000 +1000
+@@ -299,8 +299,8 @@
+ }
+
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
+-printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj->kobj.kref.refcount.counter);
+- if (kobject_register(&((struct module *)evil_addr)->mkobj->kobj))
++printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj.kobj.kref.refcount.counter);
++ if (kobject_register(&((struct module *)evil_addr)->mkobj.kobj))
+ {
+ printk("kobject already registered or registered failed\n");
+ return -EFAULT;
diff --git a/app-forensics/airt/files/digest-airt-0.4-r1 b/app-forensics/airt/files/digest-airt-0.4-r1
new file mode 100644
index 000000000000..7c116ca2c946
--- /dev/null
+++ b/app-forensics/airt/files/digest-airt-0.4-r1
@@ -0,0 +1 @@
+MD5 a3f836391d4f9d57b9621bd7916cdd08 airt-0.4.tar.bz2 73609