---
name: sancp
version: 1.6.1_4
origin: security/sancp
comment: A network connection profiler
arch: freebsd:9:x86:64
www: http://www.metre.net/sancp.html
maintainer: pauls@utdallas.edu
prefix: /usr/local
licenselogic: single
flatsize: 178554
desc: "Sancp is a network security tool designed to collect \nstatistical information
  regarding network traffic, as \nwell as, collect the traffic itself in pcap format,
  all \nfor the purpose of: auditing, historical analysis, and \nnetwork activity
  discovery. Rules can be used to distinguish \nnormal from abnormal traffic and support
  tagging connections \nwith: rule id, node id, and status id.  From an intrusion
  \ndetection standpoint, every connection is an event that must \nbe validated through
  some means. Sancp uses rules to identify, \nrecord, and tag traffic of interest.
  'Tagging' a connection \nis a new feature since v1.4.0 Connections ('stats') can
  be \nloaded into a database for further analysis. \n\nWWW: http://www.metre.net/sancp.html\n"
categories: [security]
users: [sancp]
groups: [sancp]
files:
  /usr/local/bin/sancp: ca7e6a341f1f1099655930d011b81b157c43a7121ccea8c58fcfa812e8534d71
  /usr/local/etc/rc.d/sancp: 6ef1cbb5d620be073625aaa36f9f9c053e676f1656feb97509f2295c44a90680
  /usr/local/etc/sancp.conf-dist: dc0ea363f3bd5ed60efc9d69872b8d3c8c17fc84d7138f98f6f2be9cb117b297
  /usr/local/share/doc/sancp/CHANGES: dbd8d090578d4b00ab689ba4f6e493cb03f7a5a5d1c1faf9ad62d7c8b7710843
  /usr/local/share/doc/sancp/INSTALL: 083012eaaa880fecde7c1ac0c69b84921e3e059ab924e6cd69efdacdf8addbfb
  /usr/local/share/doc/sancp/ISSUES: 657bafe4b5d56480e1d9f2eed40f0581901f3c3a11a6a09e0b648568a93367d5
  /usr/local/share/doc/sancp/LICENSE: 7d82a1f2cfd6f589b22bd6b6c332ce87b0deca6680c6295e3a4288df49e612dd
  /usr/local/share/doc/sancp/README: 8248ae13f04cbe4890e3254481b4bd9929a8bc25ebe38168eee1830123f5f298
  /usr/local/share/doc/sancp/SETUP: d0eed63e31df841c3eb1fa82240f3872e1256411ea4f1a7818ed22e9bd79679e
  /usr/local/share/doc/sancp/fields.LIST: 5269d9b0dd1d088a8ae8f84fc7f4acdd20291772a77674731dd5d20425977764
directories:
  /usr/local/share/doc/sancp/: n
scripts:
  post-install: |
    echo "===> Creating users and/or groups."
    if ! /usr/sbin/pw groupshow sancp >/dev/null 2>&1; then  echo "Creating group 'sancp' with gid '932'.";  /usr/sbin/pw groupadd sancp -g 932; else echo "Using existing group 'sancp'."; fi
    if ! /usr/sbin/pw usershow sancp >/dev/null 2>&1; then  echo "Creating user 'sancp' with uid '932'.";  /usr/sbin/pw useradd sancp -u 932 -g 932  -c "SANCP Daemon" -d /var/log/sancp -s /usr/sbin/nologin;  else echo "Using existing user 'sancp'."; fi
    install -d -g 932 -o 932 /var/log/sancp
    cp -n /usr/local/etc/sancp.conf-dist /usr/local/etc/sancp.conf
    cd /usr/local
  pre-deinstall: |
    if cmp -s /usr/local/etc/sancp.conf /usr/local/etc/sancp.conf-dist; then rm -f /usr/local/etc/sancp.conf; fi
    if /usr/sbin/pw usershow sancp >/dev/null 2>&1; then  echo "==> You should manually remove the \"sancp\" user. "; fi
    cd /usr/local
  post-deinstall: |
    cd /usr/local
  install: "#!/bin/sh\n\nif [ \"$2\" != \"POST-INSTALL\" ]; then\n\texit 0\nfi\n\nPATH=/bin:/usr/sbin\nLOG_DIR=/var/log/sancp\n\nchmod
    750 ${LOG_DIR}\n"
  deinstall: |
    #!/bin/sh

    if [ "$2" != "POST-DEINSTALL" ]; then
            exit 0
    fi

    PATH=/bin:/usr/bin

    echo "* If you nolonger plan to run sancp delete /var/log/sancp, the user & group created during install *"
message: "\t***********************************\n\t* !!!!!!!!!!! WARNING !!!!!!!!!!!
  *\n\t***********************************\n\nA startup script was installed in /usr/local/etc/rc.d/.
  \ Enable the script\nin /etc/rc.conf using the usual rc.subr syntax.  See rc.conf(5)
  or go to\nhttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html\n\nConfiguration
  files named sancp.conf-dist and sancp.conf\nwere installed in /usr/local/etc.  See
  the INSTALL doc, located in\n/usr/local/share/doc/sancp/ for details on configuration\noptions
  or type \"sancp -h\" on the commandline.\n\nNote that if you are installing sancp
  for use with sguil, the\nsancp.conf file will not be altered unless it is identical
  to\nthe sancp.conf-dist file.  In that case, during the\nsguil-sensor install, the
  sancp.conf file will be overwritten with\nthe one that comes with squil.  That file
  needs no editing.  If the\nsancp.conf has been altered (you used sancp for something
  else) a\nnew conf file, named sguil-sancp.conf-sample will be installed in the\n/usr/local/etc
  directory.  You should use that one for sguil.\n\nAll of the configuration options
  for sancp are documented in the \nstartup script in /usr/local/etc/rc.d (don't forget
  to specify interface\nin /etc/rc.conf)\n\nIf you're running sguil, you probably
  want to use at least the following flags:\nsancp_flags=\"-D -P -R -u sancp -g sancp
  -d /var/log/sancp\"\n"
