- Added unicornscan-web subpackage (#538190 #c3, Robert E. Lee)unicornscan-0_4_7-2_el4

- Updated the patch for 64 bit support in configure (#538190 #c6)
- Upgrade to 0.4.7
- Initial spec file for Fedora and Red Hat Enterprise Linux (spec file is
    based on a try by Robert E. Lee and Manuel Wolfshant)

9 files changed, 425 insertions, 0 deletions

diff --git a/.cvsignore b/.cvsignore
index e69de29..820c72a 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -0,0 +1 @@
+unicornscan-0.4.7-2.tar.bz2
diff --git a/sources b/sources
index e69de29..e397b21 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+4c5f272eb38c333c0094c32317edf758  unicornscan-0.4.7-2.tar.bz2
diff --git a/unicornscan-0.4.7-config.patch b/unicornscan-0.4.7-config.patch
new file mode 100644
index 0000000..1bc02ad
--- /dev/null
+++ b/unicornscan-0.4.7-config.patch
@@ -0,0 +1,56 @@
+--- unicornscan-0.4.7/etc/modules.conf			2006-10-18 18:57:05.000000000 +0200
++++ unicornscan-0.4.7/etc/modules.conf.config		2009-12-05 20:34:31.000000000 +0100
+@@ -1,16 +1,9 @@
+ 
+ module "pgsqldb" {
+-	dbconf:		"user=scan password=scanit! host=localhost dbname=scan";
++	dbconf:		"user=unicornscan password=scanit! host=localhost dbname=unicornscan";
+ 	logpacket:	"true";
+ };
+ 
+-module "mysqldb" {
+-	username:	"scan";
+-	password:	"scanit!";
+-	hostname:	"localhost";
+-	dbname:		"foo";
+-};
+-
+ module "osdetect" {
+ 	/*	Stim	TCPFLG	TTL	DF	WS	TOS	Misc	*/
+ 	/* tcpopts		type	desc				*/
+--- unicornscan-0.4.7/www-front-end/config.php		2007-11-27 11:23:35.000000000 +0100
++++ unicornscan-0.4.7/www-front-end/config.php.config	2009-12-05 20:35:13.000000000 +0100
+@@ -4,16 +4,16 @@
+ 	define("config_master_include", 1);
+ 
+ 	// Web Server location stuff
+-	$PHPLIB["uri_base"]="http://localhost/unicornscan/";		// http://vhost.domain.tld/something/
++	$PHPLIB["uri_base"]="/unicornscan/";				// http://vhost.domain.tld/something/
+ 
+-	$PHPLIB["filesystem_base"]="/var/www/htdocs/unicornscan/";		// Base directory content is in
+-	$PHPLIB["filesystem_phplib"]="/var/www/htdocs/unicornscan/lib/";	// Where phplib is
+-	$PHPLIB["filesystem_temporary"]="/tmp/";			// Where can i write files to?
++	$PHPLIB["filesystem_base"]="/usr/share/unicornscan/";		// Base directory content is in
++	$PHPLIB["filesystem_phplib"]="/usr/share/unicornscan/lib/";	// Where phplib is
++	$PHPLIB["filesystem_temporary"]="/var/lib/unicornscan/web/";	// Where can i write files to?
+ 
+ 	// DataBase Variables
+-	$PHPLIB["database_name"]="scan"; 		// change this for sure , its the database name
+-	$PHPLIB["database_type"]="pgsql";		// pgsql, mysql, youll need the right class though
+-	$PHPLIB["database_username"]="scan";
++	$PHPLIB["database_name"]="unicornscan";		// change this for sure , its the database name
++	$PHPLIB["database_type"]="pgsql";		// and something else isn't supported right now
++	$PHPLIB["database_username"]="unicornscan";
+ 	$PHPLIB["database_password"]="scanit!";
+ 	$PHPLIB["database_host"]="127.0.0.1";
+ 	$PHPLIB["database_db"]["default"]="";
+@@ -24,6 +24,9 @@
+ 	// formclass2.php stuff
+ 	$PHPLIB["formclass_warnimage"]="exl.gif";			// warning image for invalid forms
+ 
++	// No PHP error reporting
++	error_reporting(0);
++
+ } // Double Inclusion detection
+ 
+ require("./lib/connect_todb.php");
diff --git a/unicornscan-0.4.7-geoip.patch b/unicornscan-0.4.7-geoip.patch
new file mode 100644
index 0000000..2ba6941
--- /dev/null
+++ b/unicornscan-0.4.7-geoip.patch
@@ -0,0 +1,31 @@
+Patch by Robert Scheck <robert@fedoraproject.org> for unicornscan >= 0.4.7, which adds the
+standard location of GeoIP data at Fedora in front of the original opening try. Unicornscan
+upstream is expecting /etc/unicornscan/GeoIP.dat instead of /usr/share/GeoIP/GeoIP.dat by
+default. This patch is looking for the existence of /usr/share/GeoIP/GeoIP.dat, otherwise
+/etc/unicornscan/GeoIP.dat will be used to not break the standards from upstream, if patch
+gets applied for a future unicornscan release.
+
+--- unicornscan-0.4.7/src/scan_progs/report.c		2006-10-18 18:57:05.000000000 +0200
++++ unicornscan-0.4.7/src/scan_progs/report.c.geoip	2009-11-17 13:16:04.000000000 +0100
+@@ -68,9 +68,18 @@
+ 	report_t=rbinit(123);
+ 
+ #ifdef HAVE_LIBGEOIP
+-	gi=GeoIP_open(CONF_DIR "/GeoIP.dat", GEOIP_MEMORY_CACHE);
+-	if (gi == NULL) {
+-		ERR("error opening geoip database `%s/%s': %s", CONF_DIR, "/GeoIP.dat", strerror(errno));
++
++	if (access("/usr/share/GeoIP/GeoIP.dat", F_OK) == 0) {
++		gi=GeoIP_open("/usr/share/GeoIP/GeoIP.dat", GEOIP_MEMORY_CACHE);
++		if (gi == NULL) {
++			ERR("error opening geoip standard database `/usr/share/GeoIP/GeoIP.dat': %s", strerror(errno));
++		}
++	}
++	else {
++		gi=GeoIP_open(CONF_DIR "/GeoIP.dat", GEOIP_MEMORY_CACHE);
++		if (gi == NULL) {
++			ERR("error opening geoip database `%s/%s': %s", CONF_DIR, "/GeoIP.dat", strerror(errno));
++		}
+ 	}
+ 
+ #endif
diff --git a/unicornscan-0.4.7-lib64.patch b/unicornscan-0.4.7-lib64.patch
new file mode 100644
index 0000000..bbfaa37
--- /dev/null
+++ b/unicornscan-0.4.7-lib64.patch
@@ -0,0 +1,47 @@
+Patch by Robert Scheck <robert@fedoraproject.org> for unicornscan >= 0.4.7, which
+adds support for x86_64, ppc64 or other 64 bit architectures using /usr/lib64 for
+their libraries. Having lib64 in front of lib is mandatory, as 64 bit systems are
+likely to run with multi-lib, that means 32 bit libraries are parallel in use. If
+you apply this patch, don't run autoconf > 2.6.3, as it will break, because whole
+autotools stuff from upstream is unfortunately a bit broken.
+
+--- unicornscan-0.4.7/configure.ac		2007-11-29 15:51:20.000000000 +0100
++++ unicornscan-0.4.7/configure.ac.lib64	2009-11-16 23:32:27.000000000 +0100
+@@ -269,7 +269,7 @@
+       AC_MSG_RESULT(no)
+     fi
+   else
+-    for i in lib lib/mysql; do
++    for i in lib64 lib lib64/mysql lib/mysql; do
+       str="$MYSQL_DIR/$i/libmysqlclient.*"
+       for j in `echo $str`; do
+         if test -r $j; then
+@@ -331,7 +331,7 @@
+       AC_MSG_RESULT(no)
+     fi
+   else
+-    for i in lib lib/postgresql; do
++    for i in lib64 lib lib64/postgresql lib/postgresql; do
+       str="$PGSQL_DIR/$i/libpq.*"
+       for j in `echo $str`; do
+         if test -r $j; then
+--- unicornscan-0.4.7/configure			2007-12-18 16:26:12.000000000 +0100
++++ unicornscan-0.4.7/configure.lib64		2009-12-05 12:04:32.000000000 +0100
+@@ -26275,7 +26275,7 @@
+ echo "${ECHO_T}no" >&6; }
+     fi
+   else
+-    for i in lib lib/mysql; do
++    for i in lib64 lib lib64/mysql lib/mysql; do
+       str="$MYSQL_DIR/$i/libmysqlclient.*"
+       for j in `echo $str`; do
+         if test -r $j; then
+@@ -26438,7 +26438,7 @@
+ echo "${ECHO_T}no" >&6; }
+     fi
+   else
+-    for i in lib lib/postgresql; do
++    for i in lib64 lib lib64/postgresql lib/postgresql; do
+       str="$PGSQL_DIR/$i/libpq.*"
+       for j in `echo $str`; do
+         if test -r $j; then
diff --git a/unicornscan-README.fedora b/unicornscan-README.fedora
new file mode 100644
index 0000000..1b6663d
--- /dev/null
+++ b/unicornscan-README.fedora
@@ -0,0 +1,81 @@
+Unicornscan and PostgreSQL
+--------------------------
+
+1.  The PostgreSQL service has to be up and running. Depending on the exact
+    version of Fedora or Red Hat Enterprise Linux, on the first PostgreSQL
+    startup, a "service postgresql initdb" is maybe required for initializing.
+
+    [root@tux ~]# service postgresql start
+    Starting postgresql service:                               [  OK  ]
+    [root@tux ~]# 
+
+2.  Switch to the PostgreSQL user.
+
+    [root@tux ~]# su - postgres
+    -bash-4.0$ 
+
+3.  Create an own PostgreSQL database user for unicornscan. Don't forget to set
+    a password, e.g. "scanit!" as it is used in all examples.
+
+    -bash-4.0$ createuser --no-superuser --no-createrole --no-createdb --pwprompt unicornscan
+    Enter password for new role:
+    Enter it again:
+    -bash-4.0$ 
+
+4.  Create an own PostgreSQL database for unicornscan linked with the previous
+    generated database user for unicornscan.
+
+    -bash-4.0$ createdb --owner unicornscan unicornscan
+    -bash-4.0$ 
+
+5.  Switch back to the root user.
+
+    -bash-4.0$ exit
+    exit
+    [root@tux ~]#
+
+6.  Edit PostgreSQL client authentication file /var/lib/pgsql/data/pg_hba.conf
+    file with a text editor, insert the following lines before the other already
+    existing rules.
+
+    # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+    local   unicornscan unicornscan                       md5
+    host    unicornscan unicornscan 127.0.0.1/32          md5
+    host    unicornscan unicornscan ::1/128               md5
+
+7.  Edit PostgreSQL server configuration in /var/lib/pgsql/data/postgresql.conf
+    and set the configuration variable as follows:
+
+    escape_string_warning = off
+
+8.  Restart the PostgreSQL service to enable the previous performed changes.
+
+    [root@tux ~]# service postgresql restart
+    Stopping postgresql service:                               [  OK  ]
+    Starting postgresql service:                               [  OK  ]
+    [root@tux ~]# 
+
+9.  Create the required tables for unicornscan inside of PostgreSQL database,
+    there will be some error messages displayed after entering the password for
+    psql. These error messages are normal and expected, because the SQL dump
+    contains a SQL DROP of all tables before the SQL CREATE is performed.
+
+    [root@tux ~]# psql --username unicornscan --password unicornscan < /usr/share/doc/unicornscan-0.*/pgsql_schema.sql
+    Password for user unicornscan:
+    [...]
+    [root@tux ~]# 
+
+10. Edit the unicornscan configuration file /etc/unicornscan/modules.conf and
+    check or correct the PostgreSQL database connection settings.
+
+    module "pgsqldb" {
+            dbconf:         "user=unicornscan password=scanit! host=localhost dbname=unicornscan";
+            logpacket:      "true";
+    };
+
+11. Perform a small sample scan and write the output to PostgreSQL database.
+
+    [root@tux ~]# unicornscan www.google.com -e pgsqldb
+    TCP open                    http[   80]         from 209.85.129.104  ttl 52
+    TCP open                   https[  443]         from 209.85.129.104  ttl 52
+    [root@tux ~]#
diff --git a/unicornscan-web-README.fedora b/unicornscan-web-README.fedora
new file mode 100644
index 0000000..3199fb2
--- /dev/null
+++ b/unicornscan-web-README.fedora
@@ -0,0 +1,45 @@
+Unicornscan and PostgreSQL
+--------------------------
+
+1.  Follow the /usr/share/doc/unicornscan-0.*/README.fedora file, so that the
+    PostgreSQL service is up and running already.
+
+2.  Start (or restart) the Apache HTTP webserver, to ensure that configuration
+    file for Apache gets active.
+
+    [root@tux ~]# service httpd start
+    Starting httpd:                                            [  OK  ]
+    [root@tux ~]# 
+
+3.  Create the required tables for unicornscan inside of PostgreSQL database,
+    there will be some error messages displayed after entering the password for
+    psql. These error messages are normal and expected, because the SQL dump
+    contains a SQL DROP of all tables before the SQL CREATE is performed.
+
+    [root@tux ~]# psql --username unicornscan --password unicornscan < /usr/share/doc/unicornscan-web-0.*/session.sql
+    Password for user unicornscan:
+    [...]
+    [root@tux ~]#
+
+4.  If you've got SELinux enabled, make sure, that SELinux allows Apache/PHP to
+    connect to the PostgreSQL database. If you don't have SELinux enabled, just
+    skip this step.
+
+    setsebool -P httpd_can_network_connect_db=1
+
+5.  Edit the unicornscan configuration file /etc/unicornscan/web.php and check
+    or correct the PostgreSQL database connection settings.
+
+    $PHPLIB["database_name"]="unicornscan";
+    $PHPLIB["database_username"]="unicornscan";
+    $PHPLIB["database_password"]="scanit!";
+    $PHPLIB["database_host"]="127.0.0.1";
+
+6.  Perform a small sample scan and write the output to PostgreSQL database.
+
+    [root@tux ~]# unicornscan www.google.com -e pgsqldb
+    TCP open                    http[   80]         from 209.85.129.104  ttl 52
+    TCP open                   https[  443]         from 209.85.129.104  ttl 52
+    [root@tux ~]#
+
+7.  Open a webbrowser and switch to: http://localhost/unicornscan/
diff --git a/unicornscan.conf b/unicornscan.conf
new file mode 100644
index 0000000..dbafb87
--- /dev/null
+++ b/unicornscan.conf
@@ -0,0 +1,5 @@
+#
+# Scalable, accurate, flexible and efficient network probing
+#
+
+Alias /unicornscan /usr/share/unicornscan
diff --git a/unicornscan.spec b/unicornscan.spec
new file mode 100644
index 0000000..8007e13
--- /dev/null
+++ b/unicornscan.spec
@@ -0,0 +1,158 @@
+Summary:	Scalable, accurate, flexible and efficient network probing
+Name:		unicornscan
+Version:	0.4.7
+Release:	2%{?dist}
+License:	GPLv2+
+Group:		Applications/Internet
+URL:		http://www.unicornscan.org/
+Source0:	http://www.unicornscan.org/releases/%{name}-%{version}-2.tar.bz2
+Source1:	unicornscan.conf
+Source2:	unicornscan-README.fedora
+Source3:	unicornscan-web-README.fedora
+Patch0:		unicornscan-0.4.7-lib64.patch
+Patch1:		unicornscan-0.4.7-geoip.patch
+Patch2:		unicornscan-0.4.7-config.patch
+Requires(pre):	shadow-utils
+BuildRequires:	flex, bison, %{_includedir}/pcap.h, %{_includedir}/ltdl.h
+BuildRequires:	libdnet-devel, GeoIP-devel, postgresql-devel
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+%description
+Unicornscan is an attempt at a user-land distributed TCP/IP stack. It is
+intended to provide a researcher a superior interface for introducing a
+stimulus into and measuring a response from a TCP/IP enabled device or
+network. Although it currently has hundreds of individual features, a main
+set of abilities include: Asynchronous stateless TCP scanning with all
+variations of TCP flags, asynchronous stateless TCP banner grabbing,
+asynchronous protocol specific UDP scanning (sending enough of a signature
+to elicit a response), active and passive remote OS, application and
+component identification by analyzing responses, PCAP file logging and
+filtering, relational database output, custom module support, customized
+data-set views.
+
+%package web
+Summary:	Web-based front-end for unicornscan database results
+Group:		Applications/Internet
+Requires:	%{name} = %{version}-%{release}, php-pgsql, httpd
+%if 0%{?fedora}%{?rhel} >= 6
+BuildArch:	noarch
+%endif
+
+%description web
+Unicornscan provides support to write results into a database. And with the
+web-based front-end for unicornscan, which is written in PHP, these results
+can be easily interpreted and visualized.
+
+%prep
+%setup -q
+%patch0 -p1 -b .lib64
+%patch1 -p1 -b .geoip
+%patch2 -p1 -b .config
+
+cp -pf %{SOURCE2} README.fedora
+cp -pf %{SOURCE3} www-front-end/README.fedora
+
+%build
+# - _GNU_SOURCE is required for "ucred" from <bits/socket.h> via <sys/socket.h>
+# - Use classical non-SELinux permission schema once SELinux Reference Policy is
+#   including unicornscan support directly, maybe with Fedora 13 and/or RHEL 6
+# - MySQL support is only available in ./configure as inside broken and disabled
+export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
+%configure --localstatedir=%{_localstatedir}/lib --with-pgsql --with-listen-user=%{name}
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" install
+
+# Remove the static library files
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}/modules/*.a
+
+# Correct permissions and timestamps
+chmod 644 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/*
+touch -c -r etc/modules.conf.config $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/modules.conf
+
+# Install web files into destination
+cp -af www-front-end $RPM_BUILD_ROOT%{_datadir}/%{name}/
+rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/attic
+rm -f $RPM_BUILD_ROOT%{_datadir}/%{name}/{config.php.config,README.fedora,TODO}
+rm -f $RPM_BUILD_ROOT%{_datadir}/%{name}/lib/{session.sql,.htaccess}
+
+# Move configuration file to its place
+mv -f $RPM_BUILD_ROOT%{_datadir}/%{name}/config.php $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/web.php
+touch -c -r www-front-end/config.php.config $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/web.php
+ln -sf ../../..%{_sysconfdir}/%{name}/web.php $RPM_BUILD_ROOT%{_datadir}/%{name}/config.php
+
+# Install the apache configuration file
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
+install -p -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/%{name}.conf
+
+# Create temporary directory for packaging
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/%{name}/web/
+
+%pre
+getent group %{name} > /dev/null || %{_sbindir}/groupadd -r %{name}
+getent passwd %{name} > /dev/null || %{_sbindir}/useradd -r -g %{name} -d %{_localstatedir}/lib/%{name} -s /sbin/nologin -c "Unicornscan User" %{name}
+exit 0
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root,-)
+%doc AUTHORS LICENSE README README.database README.fedora README.security
+%doc THANKS TODO UDP_PAYLOADS_NEEDED docs/Unicornscan-Getting_Started.pdf
+%doc src/output_modules/database/sql/pgsql_schema.sql src/parse/example_confs
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/modules.conf
+%config(noreplace) %{_sysconfdir}/%{name}/oui.txt
+%config(noreplace) %{_sysconfdir}/%{name}/payloads.conf
+%config(noreplace) %{_sysconfdir}/%{name}/ports.txt
+%config(noreplace) %{_sysconfdir}/%{name}/unicorn.conf
+%{_bindir}/fantaip
+%{_bindir}/unibrow
+%{_bindir}/unicfgtst
+%{_bindir}/%{name}
+%{_bindir}/us
+%dir %{_libdir}/%{name}
+%dir %{_libdir}/%{name}/modules
+# *.la files are referenced by the shared objects and required
+%{_libdir}/%{name}/modules/httpexp.la
+%{_libdir}/%{name}/modules/httpexp.so
+%{_libdir}/%{name}/modules/http.la
+%{_libdir}/%{name}/modules/http.so
+%{_libdir}/%{name}/modules/ntalk.la
+%{_libdir}/%{name}/modules/ntalk.so
+%{_libdir}/%{name}/modules/osdetect.la
+%{_libdir}/%{name}/modules/osdetect.so
+%{_libdir}/%{name}/modules/pgsqldb.la
+%{_libdir}/%{name}/modules/pgsqldb.so
+%{_libdir}/%{name}/modules/rdns.la
+%{_libdir}/%{name}/modules/rdns.so
+%{_libdir}/%{name}/modules/sip.la
+%{_libdir}/%{name}/modules/sip.so
+%{_libdir}/%{name}/modules/upnp.la
+%{_libdir}/%{name}/modules/upnp.so
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/unilisten
+%{_libexecdir}/%{name}/unisend
+%{_mandir}/man1/%{name}.1*
+%dir %{_localstatedir}/lib/%{name}
+
+%files web
+%defattr(-,root,root,-)
+%doc www-front-end/README.fedora www-front-end/lib/session.sql
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
+%config(noreplace) %attr(640,apache,apache) %{_sysconfdir}/%{name}/web.php
+%{_datadir}/%{name}
+%attr(-,apache,apache) %dir %{_localstatedir}/lib/%{name}/web
+
+%changelog
+* Sat Dec 05 2009 Robert Scheck <robert@fedoraproject.org> 0.4.7-2
+- Added unicornscan-web subpackage (#538190 #c3, Robert E. Lee)
+- Updated the patch for 64 bit support in configure (#538190 #c6)
+
+* Tue Nov 17 2009 Robert Scheck <robert@fedoraproject.org> 0.4.7-1
+- Upgrade to 0.4.7
+- Initial spec file for Fedora and Red Hat Enterprise Linux (spec
+  file is based on a try by Robert E. Lee and Manuel Wolfshant)