diff options
author | Daniel Black <dragonheart@gentoo.org> | 2005-07-19 10:56:59 +0000 |
---|---|---|
committer | Daniel Black <dragonheart@gentoo.org> | 2005-07-19 10:56:59 +0000 |
commit | 3a18b3fc72e81cdadc49f1780d85c287d9ac575c (patch) | |
tree | 7c6091af4bcd83f4ace8043bd24c6e0986d698c3 /app-forensics | |
parent | Added fix/workaround for bug 94199 (diff) | |
download | gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.gz gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.bz2 gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.zip |
patch to fix with newer kernels. dismod perl script modified to find the System.map and dismod executables
(Portage version: 2.0.51.22-r1)
Diffstat (limited to 'app-forensics')
-rw-r--r-- | app-forensics/airt/ChangeLog | 10 | ||||
-rw-r--r-- | app-forensics/airt/Manifest | 14 | ||||
-rw-r--r-- | app-forensics/airt/airt-0.4-r1.ebuild | 41 | ||||
-rw-r--r-- | app-forensics/airt/files/airt-0.4-dismod.patch | 18 | ||||
-rw-r--r-- | app-forensics/airt/files/airt-0.4-kernelupdate.patch | 113 | ||||
-rw-r--r-- | app-forensics/airt/files/digest-airt-0.4-r1 | 1 |
6 files changed, 186 insertions, 11 deletions
diff --git a/app-forensics/airt/ChangeLog b/app-forensics/airt/ChangeLog index 4103095260a2..5a26b88853af 100644 --- a/app-forensics/airt/ChangeLog +++ b/app-forensics/airt/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-forensics/airt # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.1 2005/01/26 01:55:37 dragonheart Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.2 2005/07/19 10:56:59 dragonheart Exp $ + +*airt-0.4-r1 (19 Jul 2005) + + 19 Jul 2005; Daniel Black <dragonheart@gentoo.org> + +files/airt-0.4-dismod.patch, +files/airt-0.4-kernelupdate.patch, + +airt-0.4-r1.ebuild: + patch to fix with newer kernels. dismod perl script modified to find the + System.map and dismod executables 26 Jan 2005; Daniel Black <dragonheart@gentoo.org> +airt-0.4.ebuild, +metadata.xml: diff --git a/app-forensics/airt/Manifest b/app-forensics/airt/Manifest index 27d239ad92c2..183b68020a56 100644 --- a/app-forensics/airt/Manifest +++ b/app-forensics/airt/Manifest @@ -1,14 +1,8 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - MD5 df3e59ec816b16c961e26b502ed7bf1e airt-0.4.ebuild 1066 MD5 dd09b3d3602805b1bbcac35ef93e82c6 metadata.xml 707 MD5 51c610e08d33ffa49e4e32729eb97770 ChangeLog 389 +MD5 ba9e5a6fc5267b068d322d875ea5ce06 airt-0.4-r1.ebuild 1156 MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4 60 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.0 (GNU/Linux) - -iD8DBQFB9vmSmdTrptrqvGERAhPXAJ9SOUaqq1coPD//WsAAEIvVwAlujwCfR/R2 -pjEswzI8w66xlcsYLzmNGZg= -=Duyg ------END PGP SIGNATURE----- +MD5 d22f2ab7a3eb68a1a10927e0817498dd files/airt-0.4-kernelupdate.patch 6178 +MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4-r1 60 +MD5 466eea11f18af7adea2700516d1661af files/airt-0.4-dismod.patch 641 diff --git a/app-forensics/airt/airt-0.4-r1.ebuild b/app-forensics/airt/airt-0.4-r1.ebuild new file mode 100644 index 000000000000..1d675dce012b --- /dev/null +++ b/app-forensics/airt/airt-0.4-r1.ebuild @@ -0,0 +1,41 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4-r1.ebuild,v 1.1 2005/07/19 10:56:59 dragonheart Exp $ + +inherit linux-mod toolchain-funcs eutils + +DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform." +HOMEPAGE="http://159.226.5.93/projects/airt.htm" +SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2" + +LICENSE="GPL-2" +KEYWORDS="~x86 -*" +IUSE="" +S=${WORKDIR}/${PN} +DEPEND="virtual/libc" + +MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)" +BUILD_PARAMS="KDIR=${KERNEL_DIR}" +BUILD_TARGETS="default" + +src_unpack() { + unpack ${A} + epatch ${FILESDIR}/${P}-kernelupdate.patch + epatch ${FILESDIR}/${P}-dismod.patch + sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \ + ${S}/mod_dumper/Makefile +} + +src_compile() { + linux-mod_src_compile + emake -C mod_dumper dismod || die +} + + +src_install() { + linux-mod_src_install + dosbin mod_dumper/dismod + dosbin mod_dumper/dismod.pl + dodoc CHANGELOG.txt README.txt TODO +} + diff --git a/app-forensics/airt/files/airt-0.4-dismod.patch b/app-forensics/airt/files/airt-0.4-dismod.patch new file mode 100644 index 000000000000..55ccc2f13da4 --- /dev/null +++ b/app-forensics/airt/files/airt-0.4-dismod.patch @@ -0,0 +1,18 @@ +--- airt/mod_dumper/dismod.pl.orig 2005-07-19 20:40:29.000000000 +1000 ++++ airt/mod_dumper/dismod.pl 2005-07-19 20:43:21.000000000 +1000 +@@ -19,7 +19,7 @@ + close FH; + $os_ver = `uname -r`; + chomp $os_ver; +-while(</boot/System.map*>){ ++while(</boot/System.map-$os_ver /lib/modules/$os_ver/source/System.map /lib/modules/$os_ver/build/System.map /boot/System.map>){ + chomp; + print $_ . "\n"; + $file_tmp = $_; +@@ -32,5 +32,5 @@ + } + } + $symbol_file = $file_tmp if($symbol_file eq ""); +-$output = `./dismod -s $base_addr -l $dis_size -t $symbol_file`; ++$output = `/usr/sbin/dismod -s $base_addr -l $dis_size -t $symbol_file`; + print $output; diff --git a/app-forensics/airt/files/airt-0.4-kernelupdate.patch b/app-forensics/airt/files/airt-0.4-kernelupdate.patch new file mode 100644 index 000000000000..53846066ef16 --- /dev/null +++ b/app-forensics/airt/files/airt-0.4-kernelupdate.patch @@ -0,0 +1,113 @@ +--- airt/sock_hunter.c 2005-01-08 15:04:12.000000000 +1100 ++++ airt-new/sock_hunter.c 2005-07-19 10:44:27.000000000 +1000 +@@ -157,7 +157,9 @@ + + case 10: + return "TCP_LISTEN"; +- //TCP_CLOSING; ++ ++ case 11: ++ return "TCP_CLOSING"; + + default: + return "unknow state"; +@@ -219,7 +221,7 @@ + struct list_head *p, *q; + struct kmem_cache_s *cachep; + struct slab *slabp; +- struct tcp_sock *tcp_sk; ++ struct inet_sock tcp_sk_inet; + int i; + + +@@ -249,9 +251,9 @@ + list_for_each(q, &(cachep->lists.slabs_full)){ + slabp = list_entry(q, struct slab, list); + for(i = 0; i < cachep->num; i++){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); +- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); ++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); + } + } + /*---------- slabs partial --------------*/ +@@ -269,9 +271,9 @@ + + for(i = 0; i < cachep->num; i++){ + if(!my_array[i]){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state); +- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *)slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); ++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); + } + } + } +@@ -285,9 +287,9 @@ + list_for_each(q, &(cachep->lists.slabs_full)){ + slabp = list_entry(q, struct slab, list); + for(i = 0; i < cachep->num; i++){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); +- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); ++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); + } + } + /*---------- slabs partial --------------*/ +@@ -305,9 +307,9 @@ + + for(i = 0; i < cachep->num; i++){ + if(!my_array[i]){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state); +- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); ++ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); + } + } + } +@@ -321,9 +323,9 @@ + list_for_each(q, &(cachep->lists.slabs_full)){ + slabp = list_entry(q, struct slab, list); + for(i = 0; i < cachep->num; i++){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); +- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); ++ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); + } + } + /*---------- slabs partial --------------*/ +@@ -341,9 +343,9 @@ + + for(i = 0; i < cachep->num; i++){ + if(!my_array[i]){ +- tcp_sk = slabp->s_mem + i * cachep->objsize; +- // printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_raw_state(tcp_sk->sk.sk_state)); +- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state)); ++ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; ++ // printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); ++ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); + } + } + } +--- airt/mod_hunter.c 2005-01-08 15:04:18.000000000 +1100 ++++ airt-new/mod_hunter.c 2005-07-19 10:21:47.000000000 +1000 +@@ -299,8 +299,8 @@ + } + + #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7) +-printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj->kobj.kref.refcount.counter); +- if (kobject_register(&((struct module *)evil_addr)->mkobj->kobj)) ++printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj.kobj.kref.refcount.counter); ++ if (kobject_register(&((struct module *)evil_addr)->mkobj.kobj)) + { + printk("kobject already registered or registered failed\n"); + return -EFAULT; diff --git a/app-forensics/airt/files/digest-airt-0.4-r1 b/app-forensics/airt/files/digest-airt-0.4-r1 new file mode 100644 index 000000000000..7c116ca2c946 --- /dev/null +++ b/app-forensics/airt/files/digest-airt-0.4-r1 @@ -0,0 +1 @@ +MD5 a3f836391d4f9d57b9621bd7916cdd08 airt-0.4.tar.bz2 73609 |