diff options
| author |   Tomas Chvatal <scarabeus@gentoo.org> | 2010-01-23 14:50:50 +0000 |
|---|---|---|
| committer | Tomas Chvatal <scarabeus@gentoo.org> | 2010-01-23 14:50:50 +0000 |
| commit | 2e12ed18e492fb840303dfc86120ac02f02fa7a9 (patch) | |
| tree | 4dc34fc9dcdf128fd53d644621a12a618294eb24 /app-forensics | |
| parent | Remove per bug #248390. (diff) | |
| download | gentoo-2-2e12ed18e492fb840303dfc86120ac02f02fa7a9.tar.gz gentoo-2-2e12ed18e492fb840303dfc86120ac02f02fa7a9.tar.bz2 gentoo-2-2e12ed18e492fb840303dfc86120ac02f02fa7a9.zip | |
Remove per bug #227571.
Diffstat (limited to 'app-forensics')
| -rw-r--r-- | app-forensics/airt/ChangeLog | 27 | ||||
| -rw-r--r-- | app-forensics/airt/Manifest | 7 | ||||
| -rw-r--r-- | app-forensics/airt/airt-0.4-r1.ebuild | 38 | ||||
| -rw-r--r-- | app-forensics/airt/airt-0.4.ebuild | 36 | ||||
| -rw-r--r-- | app-forensics/airt/files/airt-0.4-dismod.patch | 18 | ||||
| -rw-r--r-- | app-forensics/airt/files/airt-0.4-kernelupdate.patch | 113 | ||||
| -rw-r--r-- | app-forensics/airt/metadata.xml | 16 |
7 files changed, 0 insertions, 255 deletions
diff --git a/app-forensics/airt/ChangeLog b/app-forensics/airt/ChangeLog deleted file mode 100644 index 4532214b1e5b..000000000000 --- a/app-forensics/airt/ChangeLog +++ /dev/null @@ -1,27 +0,0 @@ -# ChangeLog for app-forensics/airt -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.4 2009/09/13 22:33:08 patrick Exp $ - - 13 Sep 2009; Patrick Lauer <patrick@gentoo.org> airt-0.4.ebuild, - airt-0.4-r1.ebuild: - Remove virtual/libc deps - - 09 Feb 2007; Diego Pettenò <flameeyes@gentoo.org> ChangeLog: - Regenerate digest in Manifest2 format. - - 08 Feb 2007; Diego Pettenò <flameeyes@gentoo.org> ChangeLog: - Regenerate digest in Manifest2 format. - -*airt-0.4-r1 (19 Jul 2005) - - 19 Jul 2005; Daniel Black <dragonheart@gentoo.org> - +files/airt-0.4-dismod.patch, +files/airt-0.4-kernelupdate.patch, - +airt-0.4-r1.ebuild: - patch to fix with newer kernels. dismod perl script modified to find the - System.map and dismod executables - - 26 Jan 2005; Daniel Black <dragonheart@gentoo.org> +airt-0.4.ebuild, - +metadata.xml: - Initial import as per bug #79524. Thanks to Michael Zanetta - <mzanetta@telsys.ch>. - diff --git a/app-forensics/airt/Manifest b/app-forensics/airt/Manifest deleted file mode 100644 index 253b48ca8666..000000000000 --- a/app-forensics/airt/Manifest +++ /dev/null @@ -1,7 +0,0 @@ -AUX airt-0.4-dismod.patch 641 RMD160 f386b06d6cc65a6ac6ebaff9078e7c942a90e71c SHA1 06855db69962dc57ad62efc0e5c7c465bdf26f22 SHA256 bbf0315b15e2fbfc1e23b9f2067e80ea3bb43dfc82f87392e8cae77a3d0b9b99 -AUX airt-0.4-kernelupdate.patch 6178 RMD160 c00602f571f14bc9276542dc08ec0299374b37db SHA1 02cf4226ae2492703648604a1ef13d80cd34dc4b SHA256 c943d9ea705d6c59e5d6898a8ea1dc25fdeb56d60a98d26ac5dfc00c8ed6876a -DIST airt-0.4.tar.bz2 73609 RMD160 a2596c36afb811a904a4e09b9ae68053e2d8e429 SHA1 e8081b31ac97a446e80a9f63412798aae79d62c4 SHA256 d11a83889a9d88ec7f7379e4dd9ac38b434aff4fe80a6cfab91303ac3b45ca5f -EBUILD airt-0.4-r1.ebuild 1121 RMD160 2a229dec5d022014240aead9468d8a3ebef78aaf SHA1 ecf740427e04aeb007aa7c6ec2fe39ea1193b2d0 SHA256 8a36f96d0da165e5baac66176e043e2f606a05b2ca42d693b58e426f3fe6a557 -EBUILD airt-0.4.ebuild 1038 RMD160 a9c7e822d5005d4830158ea52daf53f1f010893c SHA1 25e5f7ad05a84d6fee3ec4f3a540ba823b67d000 SHA256 65134c3d0e2c9a31402f89afeae04ee7e3cfaed624a01aa7599ea265f3813de0 -MISC ChangeLog 998 RMD160 26be62af6e507a973aa5484422fbee005f3eb2a1 SHA1 b0e65815b87e935cb8a3599f58a44d05f19c7d48 SHA256 a8ae34b9474f07ebb3e868a8e124a2e2114d42a244787a66f0ee5b98b885846d -MISC metadata.xml 707 RMD160 4465ec58af4a3061009056a1a7c105d608969c54 SHA1 b60b9548e29ab337757e31ced554c76d1e15a393 SHA256 35be214c0a81b2289a5269fa739f511545a8f2b325b475f5e3e1c3fe97ba65fe diff --git a/app-forensics/airt/airt-0.4-r1.ebuild b/app-forensics/airt/airt-0.4-r1.ebuild deleted file mode 100644 index d41a4a172743..000000000000 --- a/app-forensics/airt/airt-0.4-r1.ebuild +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4-r1.ebuild,v 1.3 2009/09/13 22:33:08 patrick Exp $ - -inherit linux-mod toolchain-funcs eutils - -DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform." -HOMEPAGE="http://159.226.5.93/projects/airt.htm" -SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2" - -LICENSE="GPL-2" -KEYWORDS="~x86 -*" -IUSE="" -S=${WORKDIR}/${PN} - -MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)" -BUILD_PARAMS="KDIR=${KERNEL_DIR}" -BUILD_TARGETS="default" - -src_unpack() { - unpack ${A} - epatch ${FILESDIR}/${P}-kernelupdate.patch - epatch ${FILESDIR}/${P}-dismod.patch - sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \ - ${S}/mod_dumper/Makefile -} - -src_compile() { - linux-mod_src_compile - emake -C mod_dumper dismod || die -} - -src_install() { - linux-mod_src_install - dosbin mod_dumper/dismod - dosbin mod_dumper/dismod.pl - dodoc CHANGELOG.txt README.txt TODO -} diff --git a/app-forensics/airt/airt-0.4.ebuild b/app-forensics/airt/airt-0.4.ebuild deleted file mode 100644 index 97a2bf9acf12..000000000000 --- a/app-forensics/airt/airt-0.4.ebuild +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4.ebuild,v 1.4 2009/09/13 22:33:08 patrick Exp $ - -inherit linux-mod toolchain-funcs - -DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform." -HOMEPAGE="http://159.226.5.93/projects/airt.htm" -SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2" - -LICENSE="GPL-2" -KEYWORDS="x86 -*" -IUSE="" -S=${WORKDIR}/${PN} - -MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)" -BUILD_PARAMS="KDIR=${KERNEL_DIR}" -BUILD_TARGETS="default" - -src_unpack() { - unpack ${A} - sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \ - ${S}/mod_dumper/Makefile -} - -src_compile() { - linux-mod_src_compile - emake -C mod_dumper dismod || die -} - -src_install() { - linux-mod_src_install - dosbin mod_dumper/dismod - dosbin mod_dumper/dismod.pl - dodoc CHANGELOG CHANGELOG.txt README.txt TODO -} diff --git a/app-forensics/airt/files/airt-0.4-dismod.patch b/app-forensics/airt/files/airt-0.4-dismod.patch deleted file mode 100644 index 55ccc2f13da4..000000000000 --- a/app-forensics/airt/files/airt-0.4-dismod.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- airt/mod_dumper/dismod.pl.orig 2005-07-19 20:40:29.000000000 +1000 -+++ airt/mod_dumper/dismod.pl 2005-07-19 20:43:21.000000000 +1000 -@@ -19,7 +19,7 @@ - close FH; - $os_ver = `uname -r`; - chomp $os_ver; --while(</boot/System.map*>){ -+while(</boot/System.map-$os_ver /lib/modules/$os_ver/source/System.map /lib/modules/$os_ver/build/System.map /boot/System.map>){ - chomp; - print $_ . "\n"; - $file_tmp = $_; -@@ -32,5 +32,5 @@ - } - } - $symbol_file = $file_tmp if($symbol_file eq ""); --$output = `./dismod -s $base_addr -l $dis_size -t $symbol_file`; -+$output = `/usr/sbin/dismod -s $base_addr -l $dis_size -t $symbol_file`; - print $output; diff --git a/app-forensics/airt/files/airt-0.4-kernelupdate.patch b/app-forensics/airt/files/airt-0.4-kernelupdate.patch deleted file mode 100644 index 53846066ef16..000000000000 --- a/app-forensics/airt/files/airt-0.4-kernelupdate.patch +++ /dev/null @@ -1,113 +0,0 @@ ---- airt/sock_hunter.c 2005-01-08 15:04:12.000000000 +1100 -+++ airt-new/sock_hunter.c 2005-07-19 10:44:27.000000000 +1000 -@@ -157,7 +157,9 @@ - - case 10: - return "TCP_LISTEN"; -- //TCP_CLOSING; -+ -+ case 11: -+ return "TCP_CLOSING"; - - default: - return "unknow state"; -@@ -219,7 +221,7 @@ - struct list_head *p, *q; - struct kmem_cache_s *cachep; - struct slab *slabp; -- struct tcp_sock *tcp_sk; -+ struct inet_sock tcp_sk_inet; - int i; - - -@@ -249,9 +251,9 @@ - list_for_each(q, &(cachep->lists.slabs_full)){ - slabp = list_entry(q, struct slab, list); - for(i = 0; i < cachep->num; i++){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); -- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); -+ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); - } - } - /*---------- slabs partial --------------*/ -@@ -269,9 +271,9 @@ - - for(i = 0; i < cachep->num; i++){ - if(!my_array[i]){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state); -- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *)slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); -+ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); - } - } - } -@@ -285,9 +287,9 @@ - list_for_each(q, &(cachep->lists.slabs_full)){ - slabp = list_entry(q, struct slab, list); - for(i = 0; i < cachep->num; i++){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); -- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); -+ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); - } - } - /*---------- slabs partial --------------*/ -@@ -305,9 +307,9 @@ - - for(i = 0; i < cachep->num; i++){ - if(!my_array[i]){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state); -- printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); -+ printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state)); - } - } - } -@@ -321,9 +323,9 @@ - list_for_each(q, &(cachep->lists.slabs_full)){ - slabp = list_entry(q, struct slab, list); - for(i = 0; i < cachep->num; i++){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state); -- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state); -+ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); - } - } - /*---------- slabs partial --------------*/ -@@ -341,9 +343,9 @@ - - for(i = 0; i < cachep->num; i++){ - if(!my_array[i]){ -- tcp_sk = slabp->s_mem + i * cachep->objsize; -- // printk("%5d %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_raw_state(tcp_sk->sk.sk_state)); -- printk("%5d %15s %15s %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state)); -+ tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet; -+ // printk("%5d %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); -+ printk("%5d %15s %15s %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state)); - } - } - } ---- airt/mod_hunter.c 2005-01-08 15:04:18.000000000 +1100 -+++ airt-new/mod_hunter.c 2005-07-19 10:21:47.000000000 +1000 -@@ -299,8 +299,8 @@ - } - - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7) --printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj->kobj.kref.refcount.counter); -- if (kobject_register(&((struct module *)evil_addr)->mkobj->kobj)) -+printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj.kobj.kref.refcount.counter); -+ if (kobject_register(&((struct module *)evil_addr)->mkobj.kobj)) - { - printk("kobject already registered or registered failed\n"); - return -EFAULT; diff --git a/app-forensics/airt/metadata.xml b/app-forensics/airt/metadata.xml deleted file mode 100644 index 8a52bb2b2fa7..000000000000 --- a/app-forensics/airt/metadata.xml +++ /dev/null @@ -1,16 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> -<herd>forensics</herd> -<maintainer> - <email>forensics@gentoo.org</email> - <name>Forensics Herd</name> -</maintainer> -<longdescription> -AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform. It's useful when you want -to know what evil kernel backdoor is still resident on your broken system and what the hell it is. - -It is not as same as kstat which can be fooled simply by modifying the sys_write syscall. AIRT searches the kernel backdoors from -underlying system memory by a customed algorithm. -</longdescription> -</pkgmetadata> |