Add scanlogd, a TCP port scan detection tool, originally designed to illustrate

various attacks an IDS developer has to deal with. Unlike some of the other
port scan detection tools out there, scanlogd is designed to be totally safe
to use.

PR:		ports/66449
Submitted by:	Roman Bogorodskiy <bogorodskiy@inbox.ru>

6 files changed, 69 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index deb311673e23..4d5cec4815af 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -369,6 +369,7 @@
     SUBDIR += saint
     SUBDIR += samba-vscan
     SUBDIR += samhain
+    SUBDIR += scanlogd
     SUBDIR += scanssh
     SUBDIR += seahorse
     SUBDIR += secpanel
diff --git a/security/scanlogd/Makefile b/security/scanlogd/Makefile
new file mode 100644
index 000000000000..cc2f6fefed34
--- /dev/null
+++ b/security/scanlogd/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:	scanlogd
+# Date created:				10 May 2004
+# Whom:					Roman Bogorodskiy
+#
+# $FreeBSD$
+#
+
+PORTNAME=	scanlogd
+PORTVERSION=	2.2.1
+CATEGORIES=	security
+MASTER_SITES=	http://openwall.com/scanlogd/ \
+		ftp://ftp.openwall.com/pub/projects/scanlogd/ \
+		ftp://rt.fm/pub/scanlogd/
+
+MAINTAINER=	bogorodskiy@inbox.ru
+COMMENT=	TCP port scan detection tool
+
+.if defined(WITH_LIBNIDS)
+BUILD_DEPENDS+=	${LOCALBASE}/lib/libnids.a:${PORTSDIR}/net/libnids
+.endif
+
+.if defined(WITH_LIBNIDS)
+ALL_TARGET=	libnids
+.else
+ALL_TARGET=	libpcap
+.endif
+
+MAN8=		scanlogd.8
+PLIST_FILES=	bin/scanlogd
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/scanlogd ${PREFIX}/bin
+	${INSTALL_MAN} ${WRKSRC}/scanlogd.8 ${MANPREFIX}/man/man8
+
+post-install:
+	 @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/scanlogd/distinfo b/security/scanlogd/distinfo
new file mode 100644
index 000000000000..1ea5473da79d
--- /dev/null
+++ b/security/scanlogd/distinfo
@@ -0,0 +1,2 @@
+MD5 (scanlogd-2.2.1.tar.gz) = ade2989402c34d122c2909b1ea819faa
+SIZE (scanlogd-2.2.1.tar.gz) = 8998
diff --git a/security/scanlogd/files/patch-scanlogd.c b/security/scanlogd/files/patch-scanlogd.c
new file mode 100644
index 000000000000..c9a023c41221
--- /dev/null
+++ b/security/scanlogd/files/patch-scanlogd.c
@@ -0,0 +1,10 @@
+--- scanlogd.c.orig	Mon May 10 13:32:49 2004
++++ scanlogd.c	Mon May 10 13:33:10 2004
+@@ -11,6 +11,7 @@
+ 
+ #define _BSD_SOURCE
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <unistd.h>
+ #include <signal.h>
+ #include <string.h>
diff --git a/security/scanlogd/pkg-descr b/security/scanlogd/pkg-descr
new file mode 100644
index 000000000000..7f3fc5db8e59
--- /dev/null
+++ b/security/scanlogd/pkg-descr
@@ -0,0 +1,9 @@
+scanlogd is a TCP port scan detection tool, originally designed to illustrate 
+various attacks an IDS developer has to deal with. Unlike some of the other 
+port scan detection tools out there, scanlogd is designed to be totally safe 
+to use.
+
+WWW: http://openwall.com/scanlogd/
+
+-Roman Bogorodskiy
+<bogorodskiy@inbox.ru>
diff --git a/security/scanlogd/pkg-message b/security/scanlogd/pkg-message
new file mode 100644
index 000000000000..a3258794efcb
--- /dev/null
+++ b/security/scanlogd/pkg-message
@@ -0,0 +1,9 @@
+----------------------------------------------------------------------------
+
+scanlogd requires a separate user and group named 'scanlogd' to run.
+You will need to create these manually. For example:
+
+pw groupadd scanlogd
+pw useradd scanlogd -d /nonexistent -g scanlogd -s /sbin/nologin -c SCANLOGD
+
+----------------------------------------------------------------------------