forked from gojue/ecapture
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrpmBuild.spec
60 lines (46 loc) · 2.61 KB
/
rpmBuild.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Name: ecapture
Version: v0.0.1
Release: 2023%{?dist}
Summary: capture SSL/TLS text content without CA cert using eBPF
License: AGPL-3.0
URL: https://ecapture.cc
Source0: %{name}-%{version}.tar.gz
%global _missing_build_ids_terminate_build 0
%define debug_package %{nil}
BuildRequires: make
BuildRequires: clang
BuildRequires: golang
BuildRequires: elfutils
%description
SSL/TLS plaintext capture,
support openssl/libressl/boringssl/gnutls/nspr(nss) libraries.
GoTLS plaintext support go tls library, which refers to encrypted
Communication in https/tls programs written in the golang language.
Bash audit, capture bash command for Host Security Audit.
MySQL query SQL audit, support mysqld 5.6/5.7/8.0, and mariadDB.
%prep
%setup -c
%build
make
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr/local/bin/
install -m 755 bin/ecapture %{buildroot}/usr/local/bin/ecapture
eu-strip %{buildroot}/usr/local/bin/ecapture
%post
echo "eCapture has been installed in the /usr/local/bin directory."
echo "Please ensure that /usr/local/bin is in your \$PATH.Or used /usr/local/bin/ecapture instead."
%files
/usr/local/bin/ecapture
%changelog
* Sat Dec 30 2023 CFC4N <cfc4ncs@gmail.com> - 0.7.0-1
- Split `nss/gnutls/openssl` into three separate submodules. Corresponding to the `./ecapture nss`, `./ecapture gnutls`, `ecapture tls` commands.
- Support `keylog` mode, equivalent to the functionality of the `SSLKEYLOGFILE` environment variable. Captures SSL/TLS communication keys directly without the need for changes in the target process.
- Refactor the mode parameters supported by the `openssl`(aka tls) module using the `-m`parameter, with values `text`, `pcap`,`keylog`.
- `pcap` mode: Set with `-m pcap` or `-m pcapng` parameters. When using this mode, it is necessary to specify `--pcapfile` and `-i` parameters. The default value for the `--pcapfile` parameter is `ecapture_openssl.pcapng`.
- `keylog` mode: Set with `-m keylog` or `-m key` parameters. When using this mode, it is necessary to specify `--keylogfile`, defaulting to `ecapture_masterkey.log`.
- `text` mode: Default mode when `-m` parameter is unspecified. Outputs all plaintext packets in text form. (As of v0.7.0, no longer captures communication keys, please use `keylog` mode instead.)
- Refactor the mode parameters supported by the `gotls` module, similar to the `openssl` module, without further details.
- Optimize the memory size of eBPF Map, specify with the `--mapsize` parameter, defaulting to 5120 KB.
- Remove the `-w` parameter, use `--pcapfile` parameter instead.
- Change `log-addr` parameter to `logaddr`, with unchanged functionality.