Package: tcpspy Version: 1.7d-15 Severity: minor Tags: patch Dear Maintainer,
here are some editing fixes of the man page with remarks. Input file is tcpspy.rules.5 Output from "mandoc -T lint tcpspy.rules.5": mandoc: tcpspy.rules.5:36:2: WARNING: skipping paragraph macro: PP after SH mandoc: tcpspy.rules.5:40:24: STYLE: whitespace at end of input line mandoc: tcpspy.rules.5:69:2: WARNING: skipping paragraph macro: PP empty mandoc: tcpspy.rules.5:70:2: WARNING: skipping paragraph macro: PP empty mandoc: tcpspy.rules.5:124:81: STYLE: input text line longer than 80 bytes: a default mask with ... mandoc: tcpspy.rules.5:135:71: STYLE: whitespace at end of input line mandoc: tcpspy.rules.5:142:73: STYLE: whitespace at end of input line mandoc: tcpspy.rules.5:177:2: WARNING: skipping paragraph macro: PP empty ####### Remove space characters at the end of lines. Use "git apply ... --whitespace=fix" to fix extra space issues, or use global configuration "core.whitespace". 40:.IR /etc/init.d/tcpspy 135:True if the full filename (including directory) of the executable that 142:The pattern "" (an empty string) matches connections created/accepted by ##### Reduce space between words. 150:Expressions (including the comparisons listed above) may be joined together 196:Pablo Lorenzzoni (this manpage) and Mats Erik Andersson (changes for IPv6) ##### Use the correct macro for the font change of a single argument or split the argument into two. 40:.IR /etc/init.d/tcpspy 83:.BI ip 86:.BI ip6 ##### Change a HYPHEN-MINUS (code 0x55, 2D) to a minus (\-), if in front of a name for an option. 103:.I -high 146:.B -p ##### Wrong distance between sentences. Separate the sentences and subordinate clauses; each begins on a new line. See man-pages(7) ("Conventions for source file layout") and "info groff" ("Input Conventions"). The best procedure is to always start a new sentence on a new line, at least, if you are typing on a computer. Remember coding: Only one command ("sentence") on each (logical) line. E-mail: Easier to quote exactly the relevant lines. Generally: Easier to edit the sentence. Patches: Less unaffected text. The amount of space between sentences in the output can then be controlled with the ".ss" request. 104:is used, low is assumed to be 0. It is an error to omit both 123:AND of the local address of the connection and "mask". If no mask is specified, 124:a default mask with all bits set (255.255.255.255) is used. The CIDR type netmask 125:is also possible. With IPv6 only a prefix length netmask is allowed, and the 126:length defaults to 128. Depending on the address family, these rules contain 172:Rules are evaluated from left to right. Whitespace (space, tab and newline) 173:characters are ignored between "words". Rules consisting of only whitespace 195:Tim J. Robbins (tcpspy), ##### Use \(en for a dash (en-dash) between space characters, not a minus (\-) or a hyphen (-), except in the NAME section. tcpspy.rules.5:55:to 4 rules (line 1 to line 4 - one per each line) using the boolean tcpspy.rules.5:60:line 1 - for user "joedoe" connecting to 192.168.1.10:22 (remote) tcpspy.rules.5:62:line 2 - for user whose UID is 1003 tcpspy.rules.5:64:line 3 - to *:22 or *:21 (both locally) tcpspy.rules.5:66:line 4 - for user "joedoe" to *:23 (local) or to 192.168.1.20 (remote) tcpspy.rules.5:71:.SS "Rule Syntax - just extracted from tcpspy(8)" tcpspy.rules.5:93:.BI lport " [low] - [high]" ##### The name of a man page is set in bold type and the section in roman (see man-pages(7)). 42:tcpspy (see tcpspy(8)) logger filtering rules. ##### Protect a period (.) or a apostrophe (') with '\&' from becoming a control character, if it could end up at the start of a line (by splitting the line into more lines). 175:Parentheses, '(' and ')' may be placed around expressions to affect the order ##### --- tcpspy.rules.5 2023-06-18 02:25:13.000000000 +0000 +++ tcpspy.rules.5.new 2023-06-18 17:42:52.000000000 +0000 @@ -33,13 +33,15 @@ .SH NAME tcpspy.rules \- configuration file for tcpspy .SH DESCRIPTION -.LP This file, by default .IR /etc/tcpspy.rules , is read by the -.IR /etc/init.d/tcpspy +.I /etc/init.d/tcpspy script at init time in order to configure -tcpspy (see tcpspy(8)) logger filtering rules. +tcpspy +(see +.BR tcpspy (8)) +logger filtering rules. .LP It might look like: .IP @@ -52,23 +54,21 @@ lport 22 or lport 21 .fi .LP This rules file specifies that tcpspy logs tcp connections according -to 4 rules (line 1 to line 4 - one per each line) using the boolean +to 4 rules (line 1 to line 4 \(en one per each line) using the boolean logic (see below) to evaluate each rule. .LP This particular example logs connections: .TP -line 1 - for user "joedoe" connecting to 192.168.1.10:22 (remote) +line 1 \(en for user "joedoe" connecting to 192.168.1.10:22 (remote) .TP -line 2 - for user whose UID is 1003 +line 2 \(en for user whose UID is 1003 .TP -line 3 - to *:22 or *:21 (both locally) +line 3 \(en to *:22 or *:21 (both locally) .TP -line 4 - for user "joedoe" to *:23 (local) or to 192.168.1.20 (remote) +line 4 \(en for user "joedoe" to *:23 (local) or to 192.168.1.20 (remote) .LP Everything from an "#" signal and the end of the line will not be evaluated. -.LP -.PP -.SS "Rule Syntax - just extracted from tcpspy(8)" +.SS "Rule Syntax \(en just extracted from tcpspy(8)" A rule may be specified with the following comparison operators: .TP .BI user " uid" @@ -80,28 +80,29 @@ user id .BI user " \N'34'username\N'34'" Same as above, but using a username instead of a user id. .TP -.BI ip +.B ip True if the connection is IPv4. .TP -.BI ip6 +.B ip6 True if the connection is IPv6. .TP .BI lport " port" True if the local end of the connection has port number .IR port . .TP -.BI lport " [low] - [high]" +.BI lport "\fR [\fPlow\fR]\fP\(en\fR[\fPhigh\fR]" True if the local end of the connection has a port number greater than or equal to .I low and less than or equal to .IR high . If the form -.I low- +.I low\- is used, high is assumed to be 65535. If the form -.I -high -is used, low is assumed to be 0. It is an error to omit both +.I \-high +is used, low is assumed to be 0. +It is an error to omit both .IR low " and " high . .TP .BI lport " \N'34'service\N'34'" @@ -114,17 +115,20 @@ Same as .B lport but compares the port number of the remote end of the connection. .TP -.BI laddr " n.n.n.n[/m.m.m.m]" +.BI laddr " n.n.n.n" "\fR[" /m.m.m.m\fR] .TP .BI laddr " n.n.n.n/m" .TP -.BI laddr " ip6-addr[/m]" +.BI laddr " ip6-addr" \fR[ /m \fR] Interpreted as a "net/mask" expression; true if "net" is equal to the bitwise -AND of the local address of the connection and "mask". If no mask is specified, -a default mask with all bits set (255.255.255.255) is used. The CIDR type netmask -is also possible. With IPv6 only a prefix length netmask is allowed, and the -length defaults to 128. Depending on the address family, these rules contain -an implicit match condition "ip" or "ip6", respectively. +AND of the local address of the connection and "mask". +If no mask is specified, +a default mask with all bits set (255.255.255.255) is used. +The CIDR type netmask is also possible. +With IPv6 only a prefix length netmask is allowed, +and the length defaults to 128. +Depending on the address family, +these rules contain an implicit match condition "ip" or "ip6", respectively. .TP .B raddr Same as @@ -132,22 +136,22 @@ Same as but compares the remote address. .TP .BI exe " \N'34'pattern\N'34'" -True if the full filename (including directory) of the executable that +True if the full filename (including directory) of the executable that created/accepted the connection matches .IR pattern , a .BR glob (7)-style wildcard pattern. .IP -The pattern "" (an empty string) matches connections created/accepted by +The pattern "" (an empty string) matches connections created/accepted by processes whose executable filename is unknown. .IP If the -.B -p +.B \-p option is not specified, a warning message will be printed, and the result of this comparison will always be true. .PP -Expressions (including the comparisons listed above) may be joined together +Expressions (including the comparisons listed above) may be joined together with the following logical operations: .TP .IB expr1 " or " expr2 @@ -169,12 +173,14 @@ True if .I expr is false (logical NOT). .PP -Rules are evaluated from left to right. Whitespace (space, tab and newline) -characters are ignored between "words". Rules consisting of only whitespace -match no connections, but do not cause an error. -Parentheses, '(' and ')' may be placed around expressions to affect the order +Rules are evaluated from left to right. +Whitespace (space, tab and newline) +characters are ignored between "words". +Rules consisting of only whitespace match no connections, +but do not cause an error. +Parentheses, +\&'(' and \&')' may be placed around expressions to affect the order of evaluation. -.PP .SS "Examples" .TP These are some sample rules which further demonstrate how they are constructed: @@ -192,8 +198,8 @@ Log connections made by users "bob" and not on a fictional "intranet". .SH AUTHOR -Tim J. Robbins (tcpspy), -Pablo Lorenzzoni (this manpage) and Mats Erik Andersson (changes for IPv6) +Tim J.\& Robbins (tcpspy), +Pablo Lorenzzoni (this manpage) and Mats Erik Andersson (changes for IPv6) .SH SEE ALSO .BR glob (7), -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.27-1 (SMP w/2 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: sysvinit (via /sbin/init) Versions of packages tcpspy depends on: ii libc6 2.36-9 ii lsb-base 11.6 ii sysvinit-utils [lsb-base] 3.06-4 tcpspy recommends no packages. tcpspy suggests no packages. -- no debconf information