SOURCES: p0f.init - add user and socket support
glen
glen at pld-linux.org
Sun Jan 15 23:28:59 CET 2006
Author: glen Date: Sun Jan 15 22:28:58 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- add user and socket support
---- Files affected:
SOURCES:
p0f.init (1.12 -> 1.13)
---- Diffs:
================================================================
Index: SOURCES/p0f.init
diff -u SOURCES/p0f.init:1.12 SOURCES/p0f.init:1.13
--- SOURCES/p0f.init:1.12 Sun Jan 15 23:22:29 2006
+++ SOURCES/p0f.init Sun Jan 15 23:28:53 2006
@@ -43,8 +43,17 @@
RULE="$P0F_RULE"
fi
fi
+ OPTIONS=""
if [ -n "$P0F_INTERFACE" ]; then
- OPTIONS="-i $P0F_INTERFACE"
+ OPTIONS="$OPTIONS -i $P0F_INTERFACE"
+ fi
+ if [ -n "$P0F_SOCKET" ]; then
+ # read the manual first and then ask why the umask
+ umask 007
+ OPTIONS="$OPTIONS -Q $P0F_SOCKET"
+ fi
+ if [ -n "$P0F_USER" ]; then
+ OPTIONS="$OPTIONS -u $P0F_USER"
fi
if [ $P0F_UNKNOWN_SIGNATURES = "yes" ]; then
OPTIONS="$OPTIONS -U"
@@ -59,6 +68,10 @@
/usr/sbin/p0f "$RULE" $OPTIONS $P0F_OPTIONS -d -o /var/log/p0f 2>/dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
+ # this is secure, as socket is always created with current umask and root
+ if [ "$P0F_USER" ] && [ "$P0F_SOCKET" ]; then
+ chown ${P0F_USER}: $P0F_SOCKET
+ fi
touch /var/lock/subsys/p0f
ok;
else
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/p0f.init?r1=1.12&r2=1.13&f=u
More information about the pld-cvs-commit
mailing list