Re: kismet 2011.03.R2-1: Please review debconf PO/control for the package kismet
Nick Andrik wrote:
> Could you please make a review on the newly prepared kismet package?
Okay, here are some comments; I suspect I'll need some corrections
before my revised version is ready. Starting with the templates:
> Template: kismet/install-setuid
> Type: boolean
> Default: true
> _Description: Should Kismet be installed to run with setuid privs?
Well, for a start "privs" is jargon. I would like to be able to find
a way of avoiding "setuid" too, but I don't think that's possible -
this isn't a simple case of "should it run as root?"
> Kismet can be installed as setuid (recommended) or as standard (root required).
I don't think "standard" works.
> Running Kismet as setuid is recommended over running it as root, because
> most parts of Kismet (such as the UI and the parts that decode packets) will
> not run with elevated privileges, reducing the risk of bugs leading to
> system-wide harm.
I'd like to try to rearrange this so that it has something more like
an explanation of what setuid is (and what problem it solves) at the
start. My current suggestion:
Kismet needs root privileges for some of its functions. To minimize
the amount of code that runs with elevated privileges (and reduce the
risk of bugs doing system-wide damage) it is recommended to install
Kismet with the "setuid" bit set, which will allow it to grant these
privileges automatically to the processes that need them, excluding
the user interface and packet decoding parts.
(This leaves unstated the alternative of getting root "manually".)
> .
> For more detailed information, please see the "Suidroot & Security" section
> of the Kismet README at:
> http://www.kismetwireless.net/README
> or
> /usr/share/doc/kismet/README
We don't need to point at two different copies - that's the default
location for a Kismet README under Debian anyway. (And why not
mention that it's section 4?)
> .
> Enabling this feature allows users in the 'kismet' group to run Kismet (and
> capture packets, change wireless card state, etc). Do NOT enable setuid
> Kismet if you have untrusted users on your system.
> .
> Most users running Kismet on personal laptops should install it as setuid.
This is all okay - I've just edited it to match the standard
debian-l10n-english "stylesheet", with double quotes and single-spaced
sentences.
>
> Template: kismet/install-users
> Type: string
> _Description: Users to add to the kismet group
> Only users in the kismet group are able to use kismet under the setuid model.
> .
> List users, separated by spaces, to be added to the group.
It's easy to misinterpret "list users" as a noun phrase, and then be
further confused at the mental image of people separated by spaces...
make it:
Please specify the users to be added to the group, as a
space-separated list.
> .
> NOTE: After adding users to a group, typically they must log out and log in
> again before the group is recognized.
I'm never keen on "PAY ATTENTION TO THIS BIT" signs, and I'd rephrase
the sentence to avoid subject-reference confusion:
Note that currently logged-in users who are added to a group will
typically need to log out and log in again before it is recognized.
(In fact you can "re-log-in on the spot" by saying "su - $USER", but
CLI-phobics don't need to hear about that.)
Meanwhile in the control file:
> Package: kismet
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
> Suggests: kismet-plugins, festival, gpsd
> Description: Wireless sniffing and monitoring - core
> Kismet is an 802.11 layer2 wireless network detector, sniffer, and
> intrusion detection system. It will work with any wireless card
> that supports raw monitoring (rfmon) mode and can sniff 802.11b,
> 802.11a, and 802.11g traffic.
Ah, slightly improved phrasing from the Squeeze version. But
* no need to capitalise "Wireless";
* in principle the old "...monitoring tool" synopsis had better
DevRef compliance (as a noun phrase describing the package), but
this works well enough;
* I'd say "layer-2" (possibly even "layer two");
* we're standardising on single-spaced sentences;
* it needs a comma after "mode" to make it clear that "can sniff" is
syntactically parallel to "work", not "supports" (it isn't saying
"any card that supports foo and can sniff bar and baz");
* you've updated the old blurb that only said it could do 802.11b,
but the README says it can do 802.11n, too! (Also, why list
802.11b before 802.11a?)
So I've got:
Description: wireless sniffing and monitoring - core
Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
intrusion detection system. It will work with any wireless card that
supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
802.11g, and 802.11n traffic.
> .
> It can use festival to play audio alarms for network events,
> can speak out network summary on discovery, and optionally works with
> gpsd to map scanning.
Er, now I'm confused. The Squeeze version used to suggest sox, and
said it could use (a) sox and (b) festival to (a) play alarms and (b)
speak, but now it seems to be saying I need to install festival just
to make it go beep. Is that true? Also:
* I'm not convinced "speak out" works as a transitive verb like
this, though it's hard to find an alternative;
* "optionally works" is redundant (unless it's got a configuration
option "BROKEN=NO");
* what does "to map scanning" mean?
Retreating into vagueness, my suggestion is:
It can use other programs to play audio alarms for network events,
announce network summaries as speech, or provide GPS coordinates.
> .
> This is the main package containing the core, client and server.
^
Insert serial comma for consistency.
>
> Package: kismet-plugins
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
> Enhances: kismet
> Description: Wireless sniffing and monitoring - plugins
> Kismet is an 802.11 layer2 wireless network detector, sniffer, and
> intrusion detection system. It will work with any wireless card
> that supports raw monitoring (rfmon) mode and can sniff 802.11b,
> 802.11a, and 802.11g traffic.
> .
> It can use festival to play audio alarms for network events,
> can speak out network summary on discovery, and optionally works with
> gpsd to map scanning.
All as above. Hang on, though - shouldn't it suggest spectools?
> .
> This package contains the following extra plugins for kismet:
> autowep: Easily detect the WEP key from BSSID and SSID
> btscan: Basic scan support for Bluetooth, aka 802.15.1
> dot15d4: Support for 802.15.4 protocol
> ptw: Performs the Aircrack-NG PTW attack against data captured by Kismet
> spectools: Links to the Spectools spectrum analyzer network export
These linebreaks will be reflowed in most displays; you need to make
it a proper indented list, with bullet points. I'll also rephrase
them slightly:
This package provides the following extra plugins for Kismet:
* autowep: detects the WEP key from BSSID and SSID;
* btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
* dot15d4: support for the 802.15.4 Personal Area Network protocol;
* ptw: performs the Aircrack-NG PTW attack against captured data;
* spectools: imports data from the spectools spectrum analyzer.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
diff -ru old/control new/control
--- old/control 2012-11-06 11:16:34.222725429 +0000
+++ new/control 2012-11-06 13:35:38.330724003 +0000
@@ -12,37 +12,35 @@
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
Suggests: kismet-plugins, festival, gpsd
-Description: Wireless sniffing and monitoring - core
- Kismet is an 802.11 layer2 wireless network detector, sniffer, and
- intrusion detection system. It will work with any wireless card
- that supports raw monitoring (rfmon) mode and can sniff 802.11b,
- 802.11a, and 802.11g traffic.
+Description: wireless sniffing and monitoring - core
+ Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
+ intrusion detection system. It will work with any wireless card that
+ supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
+ 802.11g, and 802.11n traffic.
.
- It can use festival to play audio alarms for network events,
- can speak out network summary on discovery, and optionally works with
- gpsd to map scanning.
+ It can use other programs to play audio alarms for network events,
+ announce network summaries as speech, or provide GPS coordinates.
.
- This is the main package containing the core, client and server.
+ This is the main package containing the core, client, and server.
Package: kismet-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
Enhances: kismet
Description: Wireless sniffing and monitoring - plugins
- Kismet is an 802.11 layer2 wireless network detector, sniffer, and
- intrusion detection system. It will work with any wireless card
- that supports raw monitoring (rfmon) mode and can sniff 802.11b,
- 802.11a, and 802.11g traffic.
+ Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
+ intrusion detection system. It will work with any wireless card that
+ supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
+ 802.11g, and 802.11n traffic.
.
- It can use festival to play audio alarms for network events,
- can speak out network summary on discovery, and optionally works with
- gpsd to map scanning.
+ It can use other programs to play audio alarms for network events,
+ announce network summaries as speech, or provide GPS coordinates.
.
- This package contains the following extra plugins for kismet:
- autowep: Easily detect the WEP key from BSSID and SSID
- btscan: Basic scan support for Bluetooth, aka 802.15.1
- dot15d4: Support for 802.15.4 protocol
- ptw: Performs the Aircrack-NG PTW attack against data captured by Kismet
- spectools: Links to the Spectools spectrum analyzer network export
+ This package provides the following extra plugins for Kismet:
+ * autowep: detects the WEP key from BSSID and SSID;
+ * btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
+ * dot15d4: support for the 802.15.4 Personal Area Network protocol;
+ * ptw: performs the Aircrack-NG PTW attack against captured data;
+ * spectools: imports data from the spectools spectrum analyzer.
diff -ru old/kismet.templates new/kismet.templates
--- old/kismet.templates 2012-11-06 11:16:35.450724020 +0000
+++ new/kismet.templates 2012-11-06 13:37:36.730724222 +0000
@@ -2,31 +2,31 @@
Template: kismet/install-setuid
Type: boolean
Default: true
-_Description: Should Kismet be installed to run with setuid privs?
- Kismet can be installed as setuid (recommended) or as standard (root required).
- Running Kismet as setuid is recommended over running it as root, because
- most parts of Kismet (such as the UI and the parts that decode packets) will
- not run with elevated privileges, reducing the risk of bugs leading to
- system-wide harm.
+_Description: Install Kismet "setuid root"?
+ Kismet needs root privileges for some of its functions. To minimize
+ the amount of code that runs with elevated privileges (and reduce the
+ risk of bugs doing system-wide damage) it is recommended to install
+ Kismet with the "setuid" bit set, which will allow it to grant these
+ privileges automatically to the processes that need them, excluding
+ the user interface and packet decoding parts.
.
- For more detailed information, please see the "Suidroot & Security" section
- of the Kismet README at:
- http://www.kismetwireless.net/README
- or
- /usr/share/doc/kismet/README
+ For more detailed information, see section 4 of the Kismet README
+ ("Suidroot & Security").
.
- Enabling this feature allows users in the 'kismet' group to run Kismet (and
- capture packets, change wireless card state, etc). Do NOT enable setuid
- Kismet if you have untrusted users on your system.
+ Enabling this feature allows users in the "kismet" group to run Kismet
+ (and capture packets, change wireless card state, etc). Do NOT accept
+ this option if you have untrusted users on your system.
.
Most users running Kismet on personal laptops should install it as setuid.
Template: kismet/install-users
Type: string
_Description: Users to add to the kismet group
- Only users in the kismet group are able to use kismet under the setuid model.
+ Only users in the kismet group are able to use kismet under the setuid
+ model.
.
- List users, separated by spaces, to be added to the group.
+ Please specify the users to be added to the group, as a
+ space-separated list.
.
- NOTE: After adding users to a group, typically they must log out and log in
- again before the group is recognized.
+ Note that currently logged-in users who are added to a group will
+ typically need to log out and log in again before it is recognized.
Template: kismet/install-setuid
Type: boolean
Default: true
_Description: Install Kismet "setuid root"?
Kismet needs root privileges for some of its functions. To minimize
the amount of code that runs with elevated privileges (and reduce the
risk of bugs doing system-wide damage) it is recommended to install
Kismet with the "setuid" bit set, which will allow it to grant these
privileges automatically to the processes that need them, excluding
the user interface and packet decoding parts.
.
For more detailed information, see section 4 of the Kismet README
("Suidroot & Security").
.
Enabling this feature allows users in the "kismet" group to run Kismet
(and capture packets, change wireless card state, etc). Do NOT accept
this option if you have untrusted users on your system.
.
Most users running Kismet on personal laptops should install it as setuid.
Template: kismet/install-users
Type: string
_Description: Users to add to the kismet group
Only users in the kismet group are able to use kismet under the setuid
model.
.
Please specify the users to be added to the group, as a
space-separated list.
.
Note that currently logged-in users who are added to a group will
typically need to log out and log in again before it is recognized.
Source: kismet
Section: net
Priority: optional
Homepage: http://www.kismetwireless.net/
Maintainer: Nick Andrik <nick.andrik@gmail.com>
Build-Depends: cdbs, debhelper(>=8), po-debconf, autotools-dev,
libncurses5-dev, libpcap-dev, libpcre3-dev, libcap-dev, libnl2-dev,
pkg-config, libbluetooth-dev, libusb-dev, libssl-dev
Standards-Version: 3.9.4
Package: kismet
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, libcap2-bin
Suggests: kismet-plugins, festival, gpsd
Description: wireless sniffing and monitoring - core
Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
intrusion detection system. It will work with any wireless card that
supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
802.11g, and 802.11n traffic.
.
It can use other programs to play audio alarms for network events,
announce network summaries as speech, or provide GPS coordinates.
.
This is the main package containing the core, client, and server.
Package: kismet-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, kismet(= ${binary:Version})
Enhances: kismet
Description: Wireless sniffing and monitoring - plugins
Kismet is an 802.11 layer-2 wireless network detector, sniffer, and
intrusion detection system. It will work with any wireless card that
supports raw monitoring (rfmon) mode, and can sniff 802.11a, 802.11b,
802.11g, and 802.11n traffic.
.
It can use other programs to play audio alarms for network events,
announce network summaries as speech, or provide GPS coordinates.
.
This package provides the following extra plugins for Kismet:
* autowep: detects the WEP key from BSSID and SSID;
* btscan: basic scan support for the 802.15.1 (Bluetooth) protocol;
* dot15d4: support for the 802.15.4 Personal Area Network protocol;
* ptw: performs the Aircrack-NG PTW attack against captured data;
* spectools: imports data from the spectools spectrum analyzer.
Reply to: