ethereal and few others toys

Elias · 2006-01-23 21:32:09

Hi, I just come from the gentoo distro which have many many ebuilds and i'am very sad to see that there are a lot of toys missing in ArchLinux...

i'am talking of ethereal, amap (thc), dsniff, nikto or honeyd.

I'am currently try to make those PKGBUILD and the binaries and put them on my own repo but have to admit that my knowledge is much better for ebuild than for PKGBUILD so if some one would be kind enought to do it

Thanks !

(and even thou there is not that much software available yet compared to debian or gentoo, archlinux remains a great piece of work, congratulation !)

WillySilly · 2006-01-23 21:42:12

ethereal is in the repo, just do pacman -S ethereal

dsniff has a PKGBUILD in AUR, same with nikto

Elias · 2006-01-24 09:53:16

damn, i tried looking for it (-Ss) and i was suprised to get no results... sounds like a stupid spelling mistake ?

thx !

tomk · 2006-01-24 15:27:26

I'll have a look at amap and honeyd for you - it may not be today, as I've something else on at the moment.

tomk · 2006-01-25 09:53:33

Alright - it's a new day, and here's honeyd, along with the required gcc4 patch (thanks Gentoo guys ):

honeyd PKGBUILD

# Contributor: Tom K <tomk@runbox.com>
pkgname=honeyd
pkgver=1.0
pkgrel=1        
pkgdesc="A small daemon that creates virtual hosts on a network."
depends=('libdnet' ' libevent' 'libpcap' 'zlib')
source=(http://www.citi.umich.edu/u/provos/$pkgname/$pkgname-$pkgver.tar.gz 
        honeyd-1.0-gcc4.diff)
md5sums=('5c5c6cc62d135075d021a6c1bc5c9a5b' '0f51773734c0ac0e902fc0eea15f9647')
url="http://www.honeyd.org"

build() {
  cd $startdir/src/$pkgname-$pkgver

  patch -Np1 -i ../honeyd-1.0-gcc4.diff || return 1

  ./configure --prefix=/usr
  make || return 1
  make prefix=$startdir/pkg/usr install
}

honeyd-1.0-gcc4.diff

diff --exclude='*~' --exclude='.*' -I '$Id:' -urN honeyd-1.0.orig/dhcpclient.c honeyd-1.0/dhcpclient.c
--- honeyd-1.0.orig/dhcpclient.c        2005-05-28 22:22:21.000000000 -0400
+++ honeyd-1.0/dhcpclient.c     2005-05-28 22:25:10.000000000 -0400
@@ -472,7 +472,8 @@
 
        memset(buf, 0, sizeof(buf));
 
-       eth = (struct eth_hdr *)p = buf;
+       p = buf;
+       eth = (struct eth_hdr *)p;
        eth_pack_hdr(eth, ETH_ADDR_BROADCAST, req->ea, ETH_TYPE_IP);
 
        restlen -= ETH_HDR_LEN;
@@ -524,7 +525,8 @@
 
        memset(buf, 0, sizeof(buf));
 
-       eth = (struct eth_hdr *)p = buf;
+       p = buf;
+       eth = (struct eth_hdr *)p;
        eth_pack_hdr(eth, req->server_ea, req->ea, ETH_TYPE_IP);
 
        restlen -= ETH_HDR_LEN;

As you have already said you're not that familiar with PKGBUILDs, can I ask if you know what to do next? If you would prefer, I can upload the binary for you to test.

And let's not forget amap, again with a patch. The source for this is a bit dumb, IMO - it tries to put stuff in /usr/etc (?!) and it includes a very old version of pcre. I'll admit to a quick peek at the amap ebuild for 'inspiration' while sorting this out.

amap PKGBUILD

# Contributor: Tom K <tomk@runbox.com>
pkgname=amap
pkgver=5.2
pkgrel=1        
pkgdesc="next-generation tool for assisting network penetration testing."
depends=('glibc' 'pcre' 'openssl')
source=(http://thc.org/releases/$pkgname-$pkgver.tar.gz pcre.patch)
md5sums=('e3b1f5ebd24aac03aacb38ec183eb426' 'a11774428cb7e97a81107a22682d1798')
url="http://www.thc.org"

build() {
  cd $startdir/src/$pkgname-$pkgver

  mkdir -p $startdir/pkg/usr/{bin,man/man1,share/amap}
  
  sed -i -e "s:etc/:share/amap/:g" amap-lib.c
  sed -i 's:/usr/local:/usr:' amap.h
  sed -i '/DATADIR/s:/etc:/share/amap:' Makefile.am

  rm -rf pcre-3.9

  patch -Np1 -i ../pcre.patch || return 1

  ./configure

  sed -i -e '/^XLIBPATHS/s:=.*:=:' -e '/^XIPATHS=/s:=.*:=:' Makefile

  make || return 1

  cp amap amapcrap $startdir/pkg/usr/bin
  cp amap.1 $startdir/pkg/usr/man/man1
  cp appdefs* $startdir/pkg/usr/share/amap
}

pcre.patch

diff --exclude='*~' -urN amap-4.8.orig/amap-inc.h amap-4.8/amap-inc.h
--- amap-4.8.orig/amap-inc.h    2005-02-21 21:47:47.251638320 -0500
+++ amap-4.8/amap-inc.h 2005-02-21 21:48:27.774477912 -0500
@@ -20,7 +20,7 @@
 #include <errno.h>
 #include <sys/resource.h>
 #include <sys/wait.h>
-#include "pcre-3.9/pcre.h"
+#include <pcre.h>
 #ifdef OPENSSL
  #include <openssl/ssl.h>
  #include <openssl/err.h>
diff --exclude='*~' -urN amap-4.8.orig/configure amap-4.8/configure
--- amap-4.8.orig/configure     2005-02-21 21:47:47.240639992 -0500
+++ amap-4.8/configure  2005-02-21 21:48:41.379409648 -0500
@@ -13,10 +13,6 @@
   exit 0
 fi
 
-cd pcre-3.9 || exit 1
-./configure || exit 1
-cd ..
-
 echo
 echo
 echo "Starting amap auto configuration ..."
diff --exclude='*~' -urN amap-4.8.orig/Makefile.am amap-4.8/Makefile.am
--- amap-4.8.orig/Makefile.am   2005-02-21 21:47:47.242639688 -0500
+++ amap-4.8/Makefile.am        2005-02-21 21:49:16.070135856 -0500
@@ -1,5 +1,5 @@
 CC=gcc
-LIB=-lpcre -L./pcre-3.9/ -I./pcre-3.9/
+LIB=-lpcre
 OPT=-O2
 OPT_DEBUG=-ggdb -Wall -lefence
 BINDIR=/bin
@@ -7,7 +7,7 @@
 MANDIR=/man/man1
 SCRIPTS=appdefs.trig appdefs.resp appdefs.rpc
 MANPAGE=amap.1
-all:   pcre strip
+all:   amap amapcrap
 
 pcre:
        cd pcre-3.9 && make

There is just one small problem with this. amap -W, which is meant to do an online update of the trigger definitions, doesn't work - it crashes. It's not the source, because it works if I do a straight ./configure && make && make install. Everything else works fine, and I'll see if I can sort that out. As before, let me know if you want to download the binary.

Any opinions, advice, etc gratefully accepted, as always.

tomk · 2006-02-13 23:51:36

Anyone else interested in these apps? Elias seems to have disappeared (back to Gentoo? ), and ideally I'd like someone else to test them before I AUR them.

phrakture · 2006-02-13 23:58:55

Might as well stick them in unsupported anyway, maybe orphan then, at least so the PKGBUILD is on record.

WillySilly · 2006-02-13 23:59:20

Yeah, that'd probably be best

tomk · 2006-02-14 08:24:44

Done.

Elias · 2006-02-28 18:26:59

Sorry for being so late and thank you tomk for your interest !

I both compiled libdnet and honeyd from AUR (strictly following the instructions from the wiki)

Since i lost my previous config file i have to start from scratch my honeyd conf so stay tuned for (hopefully good and quick) results !

Thanks a lot for you help !

ps: back on gentoo? how one could decently use another distro once he tasted archlinux?

ps2: is it possible to "convert" an ebuild to a PKGBUILD? If yes, why not simply try to build pacman's missing packages from portage's ebuilds?

tomk · 2006-02-28 18:57:14

Elias wrote:

Sorry for being so late and thank you tomk for your interest !

Welcome back - and you're welcome.

Elias wrote:

ps: back on gentoo? how one could decently use another distro once he tasted archlinux?

Can't argue with that.

Elias wrote:

ps2: is it possible to "convert" an ebuild to a PKGBUILD?

No idea - I only had a look at that one because I was stuck.

Elias · 2006-03-05 11:56:16

Well, so here i'am again.

Only tried out honeyd for the moment, it took me a while to remake my confs files but i had quite good results exept once when honeyd seg faulted while i was checking what he was doing over the network...
but i couldn't recreate the bug (using the same conf file and checking the same fake host the same way) so i can't post any backtrace and so one. it was 3 days ago, now its up and running without any other problems yet.

Arch Linux

#1 2006-01-23 21:32:09

ethereal and few others toys

#2 2006-01-23 21:42:12

Re: ethereal and few others toys

#3 2006-01-24 09:53:16

Re: ethereal and few others toys

#4 2006-01-24 15:27:26

Re: ethereal and few others toys

#5 2006-01-25 09:53:33

Re: ethereal and few others toys

#6 2006-02-13 23:51:36

Re: ethereal and few others toys

#7 2006-02-13 23:58:55

Re: ethereal and few others toys

#8 2006-02-13 23:59:20

Re: ethereal and few others toys

#9 2006-02-14 08:24:44

Re: ethereal and few others toys

#10 2006-02-28 18:26:59

Re: ethereal and few others toys

#11 2006-02-28 18:57:14

Re: ethereal and few others toys

#12 2006-03-05 11:56:16

Re: ethereal and few others toys

Board footer