Skip to content

fdammeke/passivedns-rpm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 

Repository files navigation

passivedns-rpm

This repository contains a basic SPEC file required to build an rpm of Gamelinux PassiveDNS

#
#  ______                                           ____   __  __  _____
# |  __  |                         @               |    \ |  \ | ||  ___| (TM)
# | _____|.------. .-----. .-----. _ -. .-.------. | |\  ||   \| ||___  |
# |  |    |  __  ||__  --'|__  --'| |\ Y /| _--__|_| |/  ||      || \_| |
# |__|    |____|_||______||______||_| \_/ |_______/|____/ |__|\__||_____|
#
#

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without losing the essense in the DNS answer.

Build RPM

export rhel=el6
sudo yum-builddep -y SPECS/passivedns-${rhel}.spec
spectool -g -R SPECS/passivedns-${rhel}.spec
rpmbuild -ba -vv SPECS/passivedns-${rhel}.spec

Notice: a patch has been added to this SPEC which makes passivedns send it's logs to syslog via the local6 facility, instead of the local7 facility.

TODO

Create systemd compatible service script

References

Article: https://www.dammekens.be/2015/10/21/gamelinux-passivedns-rpm/

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published