network/arpwatch: Added (for tracking IP addresses on a network)

Signed-off-by: dsomero <xgizzmo@slackbuilds.org>

network/arpwatch/README

@@ -0,0 +1,8 @@
+The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
+arpsnmp are both network monitoring tools.  Both utilities monitor
+Ethernet or FDDI network traffic and build databases of Ethernet/IP
+address pairs, and can report certain changes via email.
+
+Install the arpwatch package if you need networking monitoring devices
+which will automatically keep track of the IP addresses on your
+network.

network/arpwatch/README.ethercodes

@@ -0,0 +1,26 @@
+README.ethercodes
+=================
+
+This file contains some specific instructions to complete the
+installation of arpwatch on Slackware.
+
+1) After installing the arpwatch package 
+----------------------------------------
+
+1.1) Change current location to the arpwatch working directory:
+
+     # cd /var/lib/arpwatch
+
+1.2) Download newest MAC addresses database:
+
+     # wget http://standards.ieee.org/regauth/oui/oui.txt
+
+1.3) Convert it into ethercodes.dat format using script included in arpwatch source:
+
+     # ./massagevendor oui.txt > ethercodes.dat
+
+1.4) Remove unnecessary database file:
+
+     # rm -f oui.txt
+
+1.5) Congratulations, you have just created ethercodes.dat file with the newest MAC adresses.

network/arpwatch/arpwatch.SlackBuild

@@ -0,0 +1,105 @@
+#!/bin/sh
+
+# Slackware build script for arpwatch
+# Written by Michal Bialozor <bialyy@o2.pl>
+
+PRGNAM=arpwatch
+VERSION=2.1a15
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i486 ;;
+    arm*) ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+cat $CWD/patches/arpwatch-2.1a4-fhs.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a10-man.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-drop.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-drop-man.patch | patch --verbose -p0 || exit 1
+cat $CWD/patches/arpwatch-addr.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-dir-man.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-scripts.patch | patch --verbose -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-nolocalpcap.patch | patch -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-bogon.patch | patch -p1 || exit 1
+cat $CWD/patches/arpwatch-2.1a15-extraman.patch | patch --verbose -p1 || exit 1
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --bindir=/usr/sbin \
+  --sbindir=/usr/sbin \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --build=$ARCH-slackware-linux
+
+mkdir -p $PKG/usr/sbin
+mkdir -p $PKG/usr/man/man8
+
+make ARPDIR=/var/lib/$PRGNAM
+make install install-man DESTDIR=$PKG
+
+find $PKG | xargs file | grep -e "executable" -e "shared object"| grep ELF | \
+  cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a CHANGES INSTALL README $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.ethercodes > $PKG/usr/doc/$PRGNAM-$VERSION/README.ethercodes
+
+mkdir -p $PKG/var/lib/$PRGNAM
+cp -a arp.dat ethercodes.dat arp2ethers arpfetch massagevendor massagevendor-old \
+  d.awk duplicates.awk e.awk euppertolower.awk p.awk $PKG/var/lib/$PRGNAM
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+mkdir -p $PKG/etc/rc.d
+cat $CWD/rc.$PRGNAM > $PKG/etc/rc.d/rc.$PRGNAM.new
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

network/arpwatch/arpwatch.info

@@ -0,0 +1,10 @@
+PRGNAM="arpwatch"
+VERSION="2.1a15"
+HOMEPAGE="http://ee.lbl.gov/"
+DOWNLOAD="ftp://ftp.ee.lbl.gov/arpwatch.tar.gz"
+MD5SUM="cebfeb99c4a7c2a6cee2564770415fe7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Michal Bialozor"
+EMAIL="bialyy@o2.pl"
+APPROVED="dsomero"

network/arpwatch/doinst.sh

@@ -0,0 +1,20 @@
+config() {
+    NEW="$1"
+    OLD="$(dirname $NEW)/$(basename $NEW .new)"
+    # If there's no config file by that name, mv it over:
+    if [ ! -r $OLD ]; then
+        mv $NEW $OLD
+    elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+        rm $NEW
+    fi
+    # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Keep same perms on rc.arpwatch.new:
+if [ -e etc/rc.d/rc.arpwatch ]; then
+  cp -a etc/rc.d/rc.arpwatch etc/rc.d/rc.arpwatch.new.incoming
+  cat etc/rc.d/rc.arpwatch.new > etc/rc.d/rc.arpwatch.new.incoming
+  mv etc/rc.d/rc.arpwatch.new.incoming etc/rc.d/rc.arpwatch.new
+fi
+
+config etc/rc.d/rc.arpwatch.new

network/arpwatch/patches/arpwatch-2.1a10-man.patch

@@ -0,0 +1,33 @@
+diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
+--- arpwatch-2.1a10/arpsnmp.8	Sun Sep 17 23:34:48 2000
++++ arpwatch-2.1a10.man/arpsnmp.8	Sun Dec 31 02:00:54 2000
+@@ -41,7 +41,7 @@
+ and reports certain changes via email.
+ .B Arpsnmp
+ reads information from a file (usually generated by
+-.BR snmpwalk (8)).
++.BR snmpwalk (1)).
+ .LP
+ The
+ .B -d
+@@ -62,9 +62,9 @@
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+-.BR arpwatch (1)
++.BR arpwatch (8)
+ man page for details on the report messages generated by
+-.BR arpsnmp (1).)
++.BR arpsnmp (8).)
+ .SH FILES
+ .na
+ .nh
+@@ -79,7 +79,7 @@
+ .na
+ .nh
+ .BR arpwatch (8),
+-.BR snmpwalk (8),
++.BR snmpwalk (1),
+ .BR arp (8)
+ .ad
+ .hy

network/arpwatch/patches/arpwatch-2.1a15-bogon.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a15/arpwatch.c.bogon	2007-08-09 13:53:47.000000000 +0200
++++ arpwatch-2.1a15/arpwatch.c	2007-08-09 13:58:17.000000000 +0200
+@@ -730,11 +730,12 @@ addnet(register const char *str)
+ 
+ 	/* XXX hack */
+ 	n = ntohl(inet_addr(tstr));
+-	while ((n & 0xff000000) == 0) {
+-		n <<= 8;
+-		if (n == 0)
+-			return (0);
+-	}
++	if (n || width != 32)
++		while ((n & 0xff000000) == 0) {
++			n <<= 8;
++			if (n == 0)
++				return (0);
++		}
+ 	n = htonl(n);
+ 
+ 	if (width != 0) {

network/arpwatch/patches/arpwatch-2.1a15-extraman.patch

@@ -0,0 +1,173 @@
+diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
+--- arpwatch-2.1a15/Makefile.in.extraman	2009-12-14 18:01:27.000000000 +0100
++++ arpwatch-2.1a15/Makefile.in	2010-03-30 15:11:30.000000000 +0200
+@@ -118,6 +118,10 @@ install-man: force
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
++	    $(DESTDIR)$(MANDEST)/man8
++	$(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
++	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force
+ 	lint -hbxn $(SRC) | \
+diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
+--- arpwatch-2.1a15/arp2ethers.8.extraman	2010-03-30 15:12:37.000000000 +0200
++++ arpwatch-2.1a15/arp2ethers.8	2010-03-30 15:53:01.000000000 +0200
+@@ -0,0 +1,60 @@
++.TH ARP2ETHERS 8
++.SH NAME
++arp2ethers \- convert arpwatch address database to ethers file format
++.SH SYNOPSIS
++.na
++.B arp2ethers
++.ad
++.SH "DESCRIPTION"
++.B arp2ethers
++converts file
++.IR arp.dat
++in the current directory into
++.BR ethers(5)
++format on
++.IR stdout .
++Usually
++.IR arp.dat
++is an ethernet/ip database file generated by
++.BR arpwatch(8) .
++The arpwatch daemon in Debian will create different 
++.IR arp.dat
++depending on its configuration. All of them will be available at 
++.IR /var/lib/arpwatch/ .
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default directory for arp.dat
++arp.dat - ethernet/ip address database
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch (8),
++.BR ethers (5),
++.BR rarp (8),
++.BR arp (8),
++.ad
++.hy
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++.LP
++Original version by Craig Leres of the Lawrence Berkeley
++National Laboratory Network Research Group, University of
++California, Berkeley, CA.
++.LP
++Modified for the Debian Project by Peter Kelemen, with
++additions from Erik Warmelink.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.
++
+diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
+--- arpwatch-2.1a15/massagevendor.8.extraman	2010-03-30 15:15:18.000000000 +0200
++++ arpwatch-2.1a15/massagevendor.8	2010-03-30 15:15:18.000000000 +0200
+@@ -0,0 +1,91 @@
++.TH MASSAGEVENDOR 8
++.SH NAME
++massagevendor \- convert the ethernet vendor codes master list to arpwatch format
++.SH SYNOPSIS
++.na
++massagevendor
++.I vendorfile
++.SH "DESCRIPTION"
++.B massagevendor
++is a program that converts a text file containing ethernet vendor codes
++into a format suitable for use by
++.B arpwatch(8)
++and
++.B arpsnmp(8).
++The input
++.I vendorfile
++is a master text file containing vendor codes. The output
++is sent to
++.I stdout.
++Each line of the
++.I vendorfile
++is expected to have a six digit hexadecimal vendor code
++followed by spaces followed by the name of the manufacturer.
++.LP
++All ethernet devices have a unique identifier which
++includes a vendor code specifying the manufacturer of the
++device. In normal operation
++.B arpwatch(8)
++and
++.B arpsnmp(8)
++use the file
++.I ethercodes.dat
++to report this vendor code.
++.B massagevendor
++is used to generate the
++.I ethercodes.dat
++file from text files containing these vendor codes.
++.LP
++Locations where an ethernet vendor codes master text file
++can be obtained are given below.
++.SH FILES
++.na
++.nh
++.nf
++/var/lib/arpwatch - default location of the ethernet vendor list
++ethercodes.dat - file containing the list of ethernet vendor codes
++.ad
++.hy
++.fi
++.SH "SEE ALSO"
++.na
++.nh
++.BR arpwatch(8),
++.BR arpsnmp(8)
++.ad
++.hy
++.SH NOTES
++Sources for ethernet vendor codes seen in the wild are
++.LP
++.na
++.nh
++.nf
++.RS
++.I http://map-ne.com/Ethernet/vendor.html
++.I ftp://ftp.cavebear.com/pub/Ethernet.txt
++.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
++.RE
++.ad
++.hy
++.LP
++Useful for comparison or completeness are the
++ethernet vendor codes as assigned
++by the IEEE which can be found at
++.LP
++.RS
++.I http://standards.ieee.org/regauth/oui/oui.txt
++.RE
++.SH BUGS
++Please send bug reports to arpwatch@ee.lbl.gov.
++.SH AUTHORS
++Craig Leres of the
++Lawrence Berkeley National Laboratory Network Research Group,
++University of California, Berkeley, CA.
++.LP
++The current version is available via anonymous ftp:
++.LP
++.RS
++.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
++.RE
++.LP
++This manual page was contributed by Hugo Graumann.

network/arpwatch/patches/arpwatch-2.1a15-nolocalpcap.patch

@@ -0,0 +1,10 @@
+--- arpwatch-2.1a15/configure.nolocalpcap	2006-06-21 22:32:38.000000000 +0200
++++ arpwatch-2.1a15/configure	2006-11-09 15:04:35.000000000 +0100
+@@ -4956,6 +4956,7 @@
+     places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
+ 	egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
+     for dir in $places ../libpcap libpcap ; do
++	    break
+ 	    basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
+ 	    if test $lastdir = $basedir ; then
+ 		    		    continue;

network/arpwatch/patches/arpwatch-2.1a4-fhs.patch

@@ -0,0 +1,20 @@
+--- arpwatch-2.1a4/Makefile.in.fhs	Sun Jun 18 08:26:28 2000
++++ arpwatch-2.1a4/Makefile.in	Sun Jun 18 08:27:21 2000
+@@ -109,13 +109,13 @@
+ 	$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
+ 
+ install: force
+-	$(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
+-	$(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
++	$(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
+ 
+ install-man: force
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+-	$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
++	$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
+ 	    $(DESTDIR)$(MANDEST)/man8
+ 
+ lint:	$(GENSRC) force

network/arpwatch/patches/arpwatch-addr.patch

@@ -0,0 +1,232 @@
+--- arpwatch-2.1a11/addresses.h.in.addr	Wed Jun  5 00:40:29 1996
++++ arpwatch-2.1a11/addresses.h.in	Wed Jul 31 17:39:38 2002
+@@ -1,2 +1,4 @@
+ #define WATCHER "root"
+-#define WATCHEE "arpwatch (Arpwatch)"
++#define WATCHEE "root (Arpwatch)"
++extern char *watcher;
++extern char *watchee;
+--- arpwatch-2.1a11/arpsnmp.8.addr	Sun Sep 17 15:34:48 2000
++++ arpwatch-2.1a11/arpsnmp.8	Fri Aug  2 15:15:31 2002
+@@ -30,6 +30,12 @@
+ ] [
+ .B -f
+ .I datafile
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .I file
+ [
+@@ -59,6 +65,27 @@
+ .I arp.dat
+ file must be created before the first time you run
+ .BR arpsnmp .
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpsnmp
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpsnmp
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ .SH "REPORT MESSAGES"
+ (See the
+--- arpwatch-2.1a11/arpsnmp.c.addr	Sun Jan 17 19:47:40 1999
++++ arpwatch-2.1a11/arpsnmp.c	Fri Aug  2 15:17:16 2002
+@@ -59,6 +59,7 @@
+ #include "file.h"
+ #include "machdep.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Forwards */
+ int	main(int, char **);
+@@ -90,7 +91,7 @@
+ 	}
+ 
+ 	opterr = 0;
+-	while ((op = getopt(argc, argv, "df:")) != EOF)
++	while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -105,6 +106,24 @@
+ 			arpfile = optarg;
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			} else {
++				(void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -184,6 +203,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr,
+-	    "usage: %s [-d] [-f datafile] file [...]\n", prog);
++	    "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/arpwatch.8.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.8	Thu Aug  1 14:08:05 2002
+@@ -46,6 +46,12 @@
+ ] [
+ .B -u
+ .I username
++] [
++.B -e
++.I username
++] [
++.B -s
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -106,6 +112,27 @@
+ and group ID to that of the primary group of 
+ .IR username .
+ This is recommended for security reasons.
++.LP
++If the
++.B -e 
++flag is used, 
++.B arpwatch
++sends e-mail messages to
++.I username
++rather than the default (root).
++If a single `-' character is given for the username,
++sending of e-mail is suppressed,
++but logging via syslog is still done as usual.
++(This can be useful during initial runs, to collect data
++without being flooded with messages about new stations.)
++.LP
++If the
++.B -s 
++flag is used, 
++.B arpwatch
++sends e-mail messages with
++.I username
++as the return address, rather than the default (root).
+ .LP
+ Note that an empty
+ .I arp.dat
+--- arpwatch-2.1a11/arpwatch.c.addr	Thu Aug  1 13:45:36 2002
++++ arpwatch-2.1a11/arpwatch.c	Thu Aug  1 13:47:35 2002
+@@ -78,6 +78,7 @@
+ #include "machdep.h"
+ #include "setsignal.h"
+ #include "util.h"
++#include "addresses.h"
+ 
+ /* Some systems don't define these */
+ #ifndef ETHERTYPE_REVARP
+@@ -190,7 +191,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -232,6 +233,26 @@
+ 			}
+ 			break;
+ 
++		case 'e':
++			if ( optarg ) {
++				watcher = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
++				usage();
++			}
++			break;
++
++		case 's':
++			if ( optarg ) {
++				watchee = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -784,6 +805,7 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file] [-u username]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]"
++	    " [-e username] [-s username]\n", prog);
+ 	exit(1);
+ }
+--- arpwatch-2.1a11/report.c.addr	Sat Sep 30 18:41:10 2000
++++ arpwatch-2.1a11/report.c	Thu Aug  1 14:16:43 2002
+@@ -70,6 +70,9 @@
+ 
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+ 
++char *watcher = WATCHER;
++char *watchee = WATCHEE;
++
+ static int cdepth;	/* number of outstanding children */
+ 
+ static char *fmtdate(time_t);
+@@ -240,8 +243,6 @@
+ 	register FILE *f;
+ 	char tempfile[64], cpu[64], os[64];
+ 	char *fmt = "%20s: %s\n";
+-	char *watcher = WATCHER;
+-	char *watchee = WATCHEE;
+ 	char *sendmail = PATH_SENDMAIL;
+ 	char *unknown = "<unknown>";
+ 	char buf[132];
+@@ -258,6 +259,9 @@
+ 		}
+ 		f = stdout;
+ 		(void)putc('\n', f);
++	} else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
++		dosyslog(LOG_NOTICE, title, a, e1, e2);
++		return;
+ 	} else {
+ 		/* Setup child reaper if we haven't already */
+ 		if (!init) {

network/arpwatch/patches/arpwatch-dir-man.patch

@@ -0,0 +1,22 @@
+--- arpwatch-2.1a15/arpsnmp.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpsnmp.8	2006-11-02 17:23:58.000000000 +0100
+@@ -96,7 +96,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
+--- arpwatch-2.1a15/arpwatch.8.dirman	2006-11-02 17:00:58.000000000 +0100
++++ arpwatch-2.1a15/arpwatch.8	2006-11-02 17:24:07.000000000 +0100
+@@ -198,7 +198,7 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/var/lib/arpwatch - default directory
+ arp.dat - ethernet/ip address database
+ ethercodes.dat - vendor ethernet block list
+ .ad

network/arpwatch/patches/arpwatch-drop-man.patch

@@ -0,0 +1,48 @@
+--- arpwatch.8.orig	Sun Oct  8 23:31:28 2000
++++ arpwatch.8	Mon Oct 16 16:46:19 2000
+@@ -36,13 +36,16 @@
+ .I interface
+ ]
+ .br
+-.ti +8
++.ti +9
+ [
+ .B -n
+ .IR net [/ width
+ ]] [
+ .B -r
+ .I file
++] [
++.B -u
++.I username
+ ]
+ .ad
+ .SH DESCRIPTION
+@@ -94,10 +97,26 @@
+ .B arpwatch
+ does not fork.
+ .LP
++If 
++.B -u 
++flag is used, 
++.B arpwatch
++drops root privileges and changes user ID to
++.I username
++and group ID to that of the primary group of 
++.IR username .
++This is recommended for security reasons.
++.LP
+ Note that an empty
+ .I arp.dat
+ file must be created before the first time you run
+-.BR arpwatch .
++.BR arpwatch . 
++Also, the default directory (where arp.dat is stored) must be owned
++by 
++.I username
++if 
++.BR -u
++flag is used.
+ .LP
+ .SH "REPORT MESSAGES"
+ Here's a quick list of the report messages generated by

network/arpwatch/patches/arpwatch-drop.patch

@@ -0,0 +1,93 @@
+--- arpwatch-2.1a10/arpwatch.c	Sat Oct 14 05:07:35 2000
++++ arpwatch-2.1a10/arpwatch.c	Sun Jun 10 16:22:57 2001
+@@ -62,7 +62,7 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
+-
++#include <pwd.h>
+ #include <pcap.h>
+ 
+ #include "gnuc.h"
+@@ -141,6 +141,25 @@
+ int	sanity_fddi(struct fddi_header *, struct ether_arp *, int);
+ __dead	void usage(void) __attribute__((volatile));
+ 
++void dropprivileges(const char* user)
++{
++	struct passwd* pw;
++	pw = getpwnam( user );
++	if ( pw ) {
++		if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
++				 setuid(pw->pw_uid) != 0 ) {
++			syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
++						 pw->pw_uid, pw->pw_gid);
++			exit(1);
++		}
++	}
++	else {
++		syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
++		exit(1);
++	}
++	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
++}
++
+ int
+ main(int argc, char **argv)
+ {
+@@ -153,6 +172,7 @@
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
++	char* serveruser = NULL;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -170,7 +190,7 @@
+ 	interface = NULL;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -202,6 +222,16 @@
+ 			rfilename = optarg;
+ 			break;
+ 
++		case 'u':
++			if ( optarg ) {
++				serveruser = strdup(optarg);
++			}
++			else {
++				fprintf(stderr, "%s: Need username after -u\n", prog);
++				usage();
++			}
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -283,8 +313,11 @@
+ 	 * Revert to non-privileged user after opening sockets
+ 	 * (not needed on most systems).
+ 	 */
+-	setgid(getgid());
+-	setuid(getuid());
++	/*setgid(getgid());*/
++	/*setuid(getuid());*/
++	if ( serveruser ) {
++		dropprivileges( serveruser );
++	}
+ 
+ 	/* Must be ethernet or fddi */
+ 	linktype = pcap_datalink(pd);
+@@ -751,6 +784,6 @@
+ 
+ 	(void)fprintf(stderr, "Version %s\n", version);
+ 	(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+-	    " [-n net[/width]] [-r file]\n", prog);
++	    " [-n net[/width]] [-r file] [-u username]\n", prog);
+ 	exit(1);
+ }

network/arpwatch/patches/arpwatch-scripts.patch

@@ -0,0 +1,27 @@
+--- arpwatch-2.1a15/arp2ethers.scripts	2002-01-05 20:40:48.000000000 +0100
++++ arpwatch-2.1a15/arp2ethers	2006-11-09 14:34:42.000000000 +0100
+@@ -13,7 +13,7 @@
+ #	- sort
+ #
+ 
+-sort +2rn arp.dat | \
++sort -k 2 -rn arp.dat | \
+     awk 'NF == 4 { print }' | \
+     awk -f p.awk | \
+     egrep -v '\.[0-9][0-9]*$' | \
+--- arpwatch-2.1a15/arpfetch.scripts	2006-07-28 20:10:30.000000000 +0200
++++ arpwatch-2.1a15/arpfetch	2006-11-09 14:37:05.000000000 +0100
+@@ -4,8 +4,6 @@
+ # arpfetch - collect arp data from a cisco using net-snmp
+ #
+ 
+-export PATH="/usr/local/bin:${PATH}"
+-
+ prog=`basename $0`
+ 
+ if [ $# -ne 2 ]; then
+@@ -30,4 +28,3 @@
+ 	    print ea "\t" ip
+     }'
+ 
+-rm -f ${t1}

network/arpwatch/rc.arpwatch

@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# /etc/rc.d/rc./arpwatch
+#
+# Start/stop/restart/status arpwatch.
+
+ARPDIR="/var/lib/arpwatch"
+IFACE="$2"
+
+OPTIONS="-i $IFACE -f $ARPDIR/arp-$IFACE.dat -u root -e root -s root"
+
+pid="$(ps ax | awk '{if (match($5, ".*/arpwatch$") || $5 == "arpwatch") print $1}')"
+
+start() {
+  if [ "$IFACE" = "" ]; then
+    echo "Please specify interface name"
+    exit 1
+  else
+    if [ ! -f "$ARPDIR/arp-$IFACE.dat" ]; then
+      echo "Creating new database file..."
+      touch $ARPDIR/arp-$IFACE.dat
+      echo "Starting arpwatch on $IFACE..."
+      arpwatch $OPTIONS
+    else
+      echo "Starting arpwatch on $IFACE..."
+      arpwatch $OPTIONS
+    fi
+  fi
+}
+
+stop() {
+  echo "Stopping arpwatch..."
+  killall arpwatch
+}
+
+status() {
+  if [ "$pid" != "" ]; then
+    echo "arpwatch (pid "$pid") is running..."
+  else
+    echo "arpwatch is not running..."
+  fi
+}
+
+case "$1" in
+'start')
+  start
+  ;;
+'stop')
+  stop
+  ;;
+'restart')
+  stop
+  start
+  ;;
+'status')
+  status
+  ;;
+*)
+  echo ""
+  echo "Usage: $0 {start [IFACE] | stop | restart [IFACE] | status}"
+  echo ""
+  exit 1
+esac

network/arpwatch/slack-desc

@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE: # The "handy ruler" below makes it easier
+to edit a package description.  Line # up the first '|' above the
+':' following the base package name, and the '|' # on the right
+side marks the last column you can put a character in.  You must #
+make exactly 11 lines for the formatting to be correct.  It's also #
+customary to leave one space after the ':'.
+
+        |-----handy-ruler------------------------------------------------------|
+arpwatch: arpwatch (Monitoring tools for tracking IP addresses on a network)
+arpwatch:
+arpwatch: The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
+arpwatch: arpsnmp are both network monitoring tools.  Both utilities monitor
+arpwatch: Ethernet or FDDI network traffic and build databases of Ethernet/IP
+arpwatch: address pairs, and can report certain changes via email.
+arpwatch:
+arpwatch:
+arpwatch: Homepage: http://ee.lbl.gov/
+arpwatch:
+arpwatch: