Mail archive
alpine-devel

Re: [alpine-devel] [PATCH 3/4] /testing - Initial APKBUILD for FWSNORT (Firewall SNORT)

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 7 Nov 2013 16:22:37 +0100

On Sun, 3 Nov 2013 19:29:40 +0000
IT Offshore <developer_at_it-offshore.co.uk> wrote:

> Initial package into testing for 'FWSNORT': http://www.cipherdyne.org/fwsnort/
>
> fwsnort.post-install - adds daily cron to update rules / signatures

It should not be created with post-install
(seem more comments below)

>
> fwsnort.up - added to /etc/network/if-pre-up.d/ to splice rules into iptables
>
> fwsnort.update - daily snort rule / psad signature update script (run by cron)

> ---
> testing/fwsnort/APKBUILD | 74 ++++++++++++++++++++++++++++++++++++
> testing/fwsnort/fwsnort.post-install | 13 +++++++
> testing/fwsnort/fwsnort.up | 5 +++
> testing/fwsnort/fwsnort.update | 18 +++++++++
> 4 files changed, 110 insertions(+)
> create mode 100644 testing/fwsnort/APKBUILD
> create mode 100644 testing/fwsnort/fwsnort.post-install
> create mode 100644 testing/fwsnort/fwsnort.up
> create mode 100644 testing/fwsnort/fwsnort.update
>
> diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
> new file mode 100644
> index 0000000..853626b
> --- /dev/null
> +++ b/testing/fwsnort/APKBUILD
> _at_@ -0,0 +1,74 @@
> +# Contributor: IT Offshore <developer_at_it-offshore.co.uk>
> +# Maintainer:
> +pkgname=fwsnort
> +pkgver=1.6.3
> +pkgrel=0
> +pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
> +url="http://www.cipherdyne.org/fwsnort/"
> +arch="noarch"
> +license="GPL"
> +depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
> +depends_dev="wget"
> +makedepends="$depends_dev"
> +install="$pkgname.post-install"
> +source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
> + fwsnort.up
> + fwsnort.update
> + "
> +
> +_builddir="$srcdir"/$pkgname-$pkgver
> +
> +build() {
> + cd "$_builddir"
> +
> + #Disable Root requirement to build
> + START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
> + END=$(expr $START + 1)
> + #Busybox sed does not support +1d
> + sed -e ''$START','$END'd' ./install.pl -i
> +
> + #prevent chmod 0500 halting the build
> + sed -e "s|0500|0755|" ./install.pl -i
> +
> + #change MAN path so package builds
> + sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i
> +
> + # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
> + # avoids installation attempted into /etc /usr /var
> + # -S disables dependency installs (we also build with the nodep sources)
> + ./install.pl -S --install-test-dir
> +}
> +
> +package() {
> + cd "$_builddir"
> +
> + #create destinations before fakeroot runs
> + mkdir -p $pkgdir/etc \
> + $pkgdir/usr \
> + $pkgdir/usr
> +
> + cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir
> +
> + # delete references to $pkgdir made by the installer
> + cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf
> +
> + #fix permissions
> + chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
> + chmod 0500 $pkgdir/usr/sbin/fwsnort
> + chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf
> +
> + # install rule / signature update script
> + install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
> + # install iptables rule splicing script
> + install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
> +}
> +
> +md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz
> +442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up
> +4866ff4610b5f2aa56fa15a827b22179 fwsnort.update"
> +sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz
> +8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up
> +b9753c29cace84014876f0d3b18c1c4c76ac1cbe1c83dd295b341b9e2897f61d fwsnort.update"
> +sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz
> +3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up
> +0944c226600b380c504d36038948ef0c421a3d412a06d85cbb0b8397b4226ae966c5d94fe2f661c72865fed2afae1d698279c6a4e95fc8637281ddb6cb01b14d fwsnort.update"
> diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
> new file mode 100644
> index 0000000..9b3fa0cb
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.post-install
> _at_@ -0,0 +1,13 @@
> +#!/bin/sh
> +# fwsnort post install script
> +#############################
> +
> +/usr/bin/update-fwsnort

will this need network to work? Remember that on tmpfs installs, the
network is not initialized when packages are installed to tmpfs.

> +
> +#setup cron to update signatures daily
> +echo "0 15 * * * /usr/bin/update-fwsnort 2>&1 >> /var/log/fwsnort_update.log" >> /etc/crontabs/root

Why no ship an /etc/periodic/daily/fwsnort file? if you ship it within
the apk it will be removed when package is uninstalled. Otherwise it
will stay.

> +
> +echo "Daily root cron job created to update PSAD signatures & SNORT rules"
> +echo "/etc/network/pre-if-up.d/fwsnort created to add SNORT rules to iptables automatically"
> +
> +exit 0
> diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
> new file mode 100644
> index 0000000..b750f59
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.up
> _at_@ -0,0 +1,5 @@
> +#!/bin/sh
> +
> +#splice fwsnort rules into iptables whenever the network comes up
> +/var/lib/fwsnort/fwsnort.sh
> +
> diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
> new file mode 100644
> index 0000000..e94e1eb
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.update
> _at_@ -0,0 +1,18 @@
> +#!/bin/sh
> +# update fwsnort & psad signatures
> +
> +# clear update log (rewritten daily by cron)
> +if [ -f /var/log/fwsnort_update.log ]; then
> + rm -rf /var/log/fwsnort_update.log
> +fi
> +
> +/usr/sbin/fwsnort --update-rules
> +/usr/sbin/fwsnort
> +/var/lib/fwsnort/fwsnort.sh
> +
> +if ps aux | grep psad; then
> + psad --sig-update
> + echo "running 'psad -H'"
> + psad -H
> +fi
> +



---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Nov 07 2013 - 16:22:37 UTC