PSAD init file adapted from Debian
BUILD adapted from Arch Linux https://aur.archlinux.org/packages/psad/
PERL Module perl-storable not needed & removed
---
testing/perl-storable/APKBUILD | 41 --------
testing/psad/APKBUILD | 86 ++++++++++++++++
testing/psad/psad.confd | 8 ++
testing/psad/psad.initd | 221 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 315 insertions(+), 41 deletions(-)
delete mode 100644 testing/perl-storable/APKBUILD
create mode 100644 testing/psad/APKBUILD
create mode 100644 testing/psad/psad.confd
create mode 100644 testing/psad/psad.initd
diff --git a/testing/perl-storable/APKBUILD b/testing/perl-storable/APKBUILD
deleted file mode 100644
index 9bdab70..0000000
--- a/testing/perl-storable/APKBUILD
@@ -1,41 +0,0 @@
-# Automatically generated by apkbuild-cpan, template 1
-# Contributor: IT Offshore <developer@it-offshore.co.uk>
-# Maintainer: IT Offshore <developer@it-offshore.co.uk>
-pkgname=perl-storable
-_pkgreal=Storable
-pkgver=2.45
-pkgrel=0
-pkgdesc="Brings persistence to your Perl data structures containing SCALAR, ARRAY, HASH or REF objects."
-url="http://search.cpan.org/dist/Storable/"
-arch="all"
-license="GPL PerlArtistic"
-cpandepends=""
-cpanmakedepends=" "
-depends="$cpandepends"
-makedepends="perl-dev $cpanmakedepends"
-subpackages="$pkgname-doc"
-source="http://search.cpan.org/CPAN/authors/id/A/AM/AMS/$_pkgreal-$pkgver.tar.gz"
-
-_builddir="$srcdir/$_pkgreal-$pkgver"
-
-prepare() {
- cd "$_builddir"
- export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
- PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor
-}
-
-build() {
- cd "$_builddir"
- export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
- make && make test
-}
-
-package() {
- cd "$_builddir"
- make DESTDIR="$pkgdir" install || return 1
- find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
-}
-
-md5sums="682dbbddf86bb30e455b24f569308195 Storable-2.45.tar.gz"
-sha256sums="d375dd53df154f060284bc6cb0a3e2807f091f6780c92a6b71e2c5cc0d4b1d56 Storable-2.45.tar.gz"
-sha512sums="d216590b1f49bcd39f561f4ee0dab8138b48e5d26cd1d76f5f909f80c923c0a36a1192afa461cb52355fb36691443f5c6e167cad379d321161c5390ac4fd4f1e Storable-2.45.tar.gz"
diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD
new file mode 100644
index 0000000..dcef928
--- /dev/null
+++ b/testing/psad/APKBUILD
@@ -0,0 +1,86 @@
+# Contributor: IT Offshore <developer@it-offshore.co.uk>
+# Maintainer:
+pkgname=psad
+pkgver=2.2.1
+pkgrel=0
+pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic"
+url="http://cipherdyne.org/psad/"
+arch="all"
+license="GPL"
+depends="perl iptables ip6tables ssmtp psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools"
+subpackages="$pkgname-doc"
+source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz
+ psad.initd
+ psad.confd
+ "
+
+_builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+ cd "$_builddir"
+
+ #Set the config dirs
+ sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
+ -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
+ -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
+ ./install.pl -i
+ #/usr/sbin/psadwatchd set with last cmd
+ sed -e "s|/var/log/psad|$pkgdir&|" \
+ -e "s|/var/run/psad|$pkgdir&|" \
+ -e "s|/var/lib/psad|$pkgdir&|" \
+ -e "s|/usr/lib/psad|$pkgdir&|" \
+ -e "s|/etc/psad|$pkgdir&|" \
+ -e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \
+ -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
+ -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
+ -e "s|/usr/sbin/psad|$pkgdir&|" \
+ ./psad.conf -i
+
+ #Disable install of generic init script & setting numeric run level
+ START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl)
+ END=$(expr $START + 7)
+ #Busybox sed does not support +7d
+ sed -e ''$START','$END'd' ./install.pl -i
+}
+
+package() {
+ cd "$_builddir"
+
+ #hope that things work
+ mkdir -p $pkgdir/etc/psad \
+ $pkgdir/usr/bin \
+ $pkgdir/usr/sbin \
+ $pkgdir/usr/share/man/man8 \
+ $pkgdir/var/lib/psad \
+ $pkgdir/var/log/psad \
+ $pkgdir/var/run/psad
+ ln -s /bin/busybox $pkgdir/usr/bin/whois
+ ./install.pl --runlevel 1
+
+ #Set correct permissions
+ chmod -R o+r $pkgdir/etc/psad
+ chmod -R o+r $pkgdir/usr/sbin/*
+ chmod 0700 $pkgdir/var/lib/psad
+ #remove whois symbolic link
+ rm -rf $pkgdir/usr/bin/whois
+
+ # Fix the config
+ sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
+ sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
+
+ #install init script & config defaults
+ install -m755 -D "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ install -m644 -D "$srcdir"/$pkgname.confd \
+ "$pkgdir"/etc/conf.d/$pkgname || return 1
+}
+
+md5sums="ee600d9b6b4b915b026370c9a3726b5f psad-nodeps-2.2.1.tar.gz
+09628b84a98044122f0319e9d0dce193 psad.initd
+10cb8b8f6cb7b70a0277011780ead791 psad.confd"
+sha256sums="0422cdd1a37d4c8fcc1a4ce6e7c4a6974e58fdde82242f45b83eb6beb85708b5 psad-nodeps-2.2.1.tar.gz
+4b3848eadd775ae34103717d9c24ea772c5eec5a79efa85114b48ca9976cb626 psad.initd
+e3d5e969d8876c9862e539bb551b3271eb837ac0207e66e04f46739f0b28979c psad.confd"
+sha512sums="9e3f475376c3c7b753e71676f5c9d639e9fffd93caf864faa130f8030e37f9a6c57ba59c9519d2bd8dde945f7ff7a014ca2a710bd4b7be9721ca7f13f879b970 psad-nodeps-2.2.1.tar.gz
+5941feaf39a3766b5c5ec206c6dcbe40a98945f6fd1f7ccfe5797dd8666ef1e95c026a2cbc394de75eb7b639466d267d92ef9ae7bb54933880879dd3b71f6e48 psad.initd
+1018a37ea0200fe629fb8a18a41d2c041d4d27bf201452c919e28b651fa0b797bf4368fafe78ea786f463148412b3d79f4815f761c60b07c6652083067ed1743 psad.confd"
diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd
new file mode 100644
index 0000000..b731cdb
--- /dev/null
+++ b/testing/psad/psad.confd
@@ -0,0 +1,8 @@
+# Default settings for psad.
+
+# Add any options you would like to pass to the daemon when started
+# For example if you would like to add an override file for your setup, this
+# can be achived this way:
+#
+# DAEMON_ARGS="--Override-config /root/psad.override.conf"
+DAEMON_ARGS=""
diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd
new file mode 100644
index 0000000..ab2251f
--- /dev/null
+++ b/testing/psad/psad.initd
@@ -0,0 +1,221 @@
+#!/sbin/runscript
+
+# This file is part of PSAD (Port Scan Attack Detector)
+# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
+# Original Author: Franck Joncourt <franck@debian.org>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Port Scan Attack Detector"
+NAME=psad
+DAEMON=/usr/sbin/$NAME
+PIDDIR=/var/run/psad
+SCRIPTNAME=/etc/init.d/psad
+
+depend() {
+ need net
+ need logger
+ after iptables
+}
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Load user options to pass to psad daemon
+DAEMON_ARGS=""
+[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad
+
+# Function that checks if all of the configuration files exist
+#
+# Return
+# 0 : all of the configuration files exist
+# 6 : at least one file is missing
+
+check_config()
+{
+ local retval
+ local file_list
+
+ retval=0
+ file_list="/etc/psad/psad.conf"
+
+ for ConfFile in $file_list; do
+ if [ ! -f "$ConfFile" ]; then
+ retval=6
+ break
+ fi
+ done
+
+ return $retval
+}
+
+#
+# Function to check if psad is running
+#
+# 0 : the psad.pid file has been found ; we assume the daemon is running
+# 1 : no pid file has been found ; we assume the daemon is not running
+#
+is_psad_running()
+{
+ local pidfile="$PIDDIR/psad.pid"
+ local retval
+
+ retval=0
+ if [ -r "$pidfile" ]; then
+ retval=1
+ fi
+
+ return $retval
+}
+
+#
+# Function that starts the daemon/service
+#
+# 0 : daemon has been started or was already running
+# 1 : generic or unspecified errors (could not be started)
+# 6 : program is not configured (missing configuration files)
+
+do_start()
+{
+ local retval
+
+
+ mkdir -p $PIDDIR
+ chmod 755 $PIDDIR
+
+ # Check psad configuration
+ check_config
+ retval=$?
+
+ # Try to start psad
+ is_psad_running
+ if [ "$?" = 1 ]; then
+ log_action_msg "The psad daemon is already running"
+ retval=0
+
+ elif [ "$retval" = "0" ]; then
+ start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
+ retval="$?"
+ fi
+
+ # Handle return status codes
+ case "$retval" in
+ 0)
+ ;;
+ 6)
+ log_action_msg "You are missing the configuration file $ConfFile" || true
+ ;;
+ 9)
+ retval=0
+ ;;
+ *)
+ retval=1
+ log_action_msg "Unable to start the daemon" || true
+ ;;
+ esac
+
+ log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
+ log_end_msg $retval || true
+
+ return $retval
+}
+
+#
+# Function that stops the daemon/service
+#
+# The upstream author has allowed the daemon to be killed through the
+# following command-line : psad --Kill
+#
+# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before.
+#
+# Return
+# 0 : daemon has been stopped or was already stopped
+# 1 : daemon could not be stopped
+
+do_stop()
+{
+ local retval="0"
+ local status kill_status
+ local pid pidfile
+ local process_list="psadwatchd kmsgsd psad"
+
+ # For each process
+ for process in $process_list; do
+
+ pidfile="$PIDDIR/$process.pid"
+ status="0"
+ kill_status="1"
+
+ log_action_msg "Stopping the $process process"
+
+ # Try to kill the process associated to the pid
+ if [ -r "$pidfile" ]; then
+ pid=`cat "$pidfile" 2>/dev/null`
+ kill -0 "${pid:-}" 2>/dev/null
+ kill_status="$?"
+ fi
+
+ # Stop the process
+ if [ "$kill_status" = "0" ]; then
+ start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
+ status="$?"
+ fi
+
+ # Remove its pid file
+ if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
+ rm -f "$pidfile" 2>/dev/null
+ status="$?"
+ fi
+
+ [ "$status" = "0" ] || retval="1"
+
+ done
+
+ if [ "$retval" != "0" ]; then
+ log_action_msg "One or more process could not be stopped" || true
+ fi
+
+ log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
+ log_end_msg $retval || true
+
+ return $retval
+}
+
+#
+# Function that returns the daemon status
+#
+do_status()
+{
+ echo "Status of $DESC:"
+ $DAEMON --Status
+}
+
+case "$1" in
+ start)
+ do_start
+ ;;
+
+ stop)
+ do_stop
+ ;;
+
+ restart|force-reload)
+ do_stop
+ sleep 1
+ do_start
+ ;;
+
+ status)
+ do_status
+ exit $?
+ ;;
+
+ *)
+ log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit
+
+
+
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
On Fri, 1 Nov 2013 03:47:24 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:
Thanks for the patch. Some comments on the init.d script.
> +++ b/testing/psad/psad.initd
> @@ -0,0 +1,221 @@
> +#!/sbin/runscript
> +
> +# This file is part of PSAD (Port Scan Attack Detector)
> +# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
> +# Original Author: Franck Joncourt <franck@debian.org>
> +
> +PATH=/sbin:/usr/sbin:/bin:/usr/bin
> +DESC="Port Scan Attack Detector"
> +NAME=psad
> +DAEMON=/usr/sbin/$NAME
> +PIDDIR=/var/run/psad
> +SCRIPTNAME=/etc/init.d/psad
> +
> +depend() {
> + need net
> + need logger
> + after iptables
> +}
> +
> +# Exit if the package is not installed
> +[ -x "$DAEMON" ] || exit 0
This should be removed. openrc will source the init.d scripts to parse dependencies. Unexpected things will happen if it exits early due to the binary file is missing.
> +
> +# Load user options to pass to psad daemon
> +DAEMON_ARGS=""
> +[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad
This is not needed. runscript will read /etc/conf.d/$SVCNAME for you.
> +
> +# Function that checks if all of the configuration files exist
> +#
> +# Return
> +# 0 : all of the configuration files exist
> +# 6 : at least one file is missing
> +
> +check_config()
> +{
> + local retval
> + local file_list
> +
> + retval=0
> + file_list="/etc/psad/psad.conf"
> +
> + for ConfFile in $file_list; do
> + if [ ! -f "$ConfFile" ]; then
> + retval=6
> + break
> + fi
> + done
> +
> + return $retval
> +}
I think its unecessary long function for a single config file. I'd do something like:
# allow override config_file location from conf.d
: ${config_file:="/etc/psad/psad.conf"}
check_config() {
if ! [ -f "$config_file" ]; then
error "$config_file is missing"
return 1
fi
}
> +
> +#
> +# Function to check if psad is running
> +#
> +# 0 : the psad.pid file has been found ; we assume the daemon is running
> +# 1 : no pid file has been found ; we assume the daemon is not running
> +#
> +is_psad_running()
> +{
> + local pidfile="$PIDDIR/psad.pid"
> + local retval
> +
> + retval=0
> + if [ -r "$pidfile" ]; then
> + retval=1
> + fi
> +
> + return $retval
> +}
This function should not be needed. start-stop-daemon[1] can check if
pidfile exists. (Please note that openrc implementation of
start-stop-daemon is somewhat different from debians)
> +
> +#
> +# Function that starts the daemon/service
> +#
> +# 0 : daemon has been started or was already running
> +# 1 : generic or unspecified errors (could not be started)
> +# 6 : program is not configured (missing configuration files)
> +
> +do_start()
> +{
> + local retval
> +
> +
> + mkdir -p $PIDDIR
> + chmod 755 $PIDDIR
> +
> + # Check psad configuration
> + check_config
> + retval=$?
> +
> + # Try to start psad
> + is_psad_running
> + if [ "$?" = 1 ]; then
> + log_action_msg "The psad daemon is already running"
> + retval=0
> +
> + elif [ "$retval" = "0" ]; then
> + start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
> + retval="$?"
> + fi
> +
> + # Handle return status codes
> + case "$retval" in
> + 0)
> + ;;
> + 6)
> + log_action_msg "You are missing the configuration file $ConfFile" || true
> + ;;
> + 9)
> + retval=0
> + ;;
> + *)
> + retval=1
> + log_action_msg "Unable to start the daemon" || true
> + ;;
> + esac
> +
> + log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
> + log_end_msg $retval || true
> +
> + return $retval
> +}
This also looks way overcomplicated. i believe ebegin/eend should be
used instead of log_action_msg/log_daemon_msg.
> +
> +#
> +# Function that stops the daemon/service
> +#
> +# The upstream author has allowed the daemon to be killed through the
> +# following command-line : psad --Kill
> +#
> +# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before.
> +#
> +# Return
> +# 0 : daemon has been stopped or was already stopped
> +# 1 : daemon could not be stopped
> +
> +do_stop()
> +{
> + local retval="0"
> + local status kill_status
> + local pid pidfile
> + local process_list="psadwatchd kmsgsd psad"
> +
> + # For each process
> + for process in $process_list; do
> +
> + pidfile="$PIDDIR/$process.pid"
> + status="0"
> + kill_status="1"
> +
> + log_action_msg "Stopping the $process process"
> +
> + # Try to kill the process associated to the pid
> + if [ -r "$pidfile" ]; then
> + pid=`cat "$pidfile" 2>/dev/null`
> + kill -0 "${pid:-}" 2>/dev/null
> + kill_status="$?"
> + fi
> +
> + # Stop the process
> + if [ "$kill_status" = "0" ]; then
> + start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
> + status="$?"
> + fi
> +
> + # Remove its pid file
> + if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
> + rm -f "$pidfile" 2>/dev/null
> + status="$?"
> + fi
> +
> + [ "$status" = "0" ] || retval="1"
> +
> + done
> +
> + if [ "$retval" != "0" ]; then
> + log_action_msg "One or more process could not be stopped" || true
> + fi
> +
> + log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
> + log_end_msg $retval || true
> +
> + return $retval
> +}
runscript has logic that should make most of that code uneccessary.
> +
> +#
> +# Function that returns the daemon status
> +#
> +do_status()
> +{
> + echo "Status of $DESC:"
> + $DAEMON --Status
> +}
runscript does this automatic.
> +
> +case "$1" in
> + start)
> + do_start
> + ;;
> +
> + stop)
> + do_stop
> + ;;
> +
> + restart|force-reload)
> + do_stop
> + sleep 1
> + do_start
> + ;;
> +
> + status)
> + do_status
> + exit $?
> + ;;
> +
> + *)
> + log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
> + exit 1
> + ;;
> +esac
> +
> +exit
runscript does this too for you.
I believe the entire init.d script could be rewritten as:
---[BEGIN psad.initd]--------------------------------
#!/sbin/runscript
command="/usr/sbin/psad"
pidfile="/var/run/psad/psad.pid"
config_file="/etc/psad/psad.conf"
check_config() {
[ -f "$config_file" ] || error "$config_file is missing"
}
start_pre() {
check_config || return 1
# make sure dir for pidfile exists. /var/run is tmpfs...
checkpath --directory ${pidfile%/*}
}
---[END psad.initd]------------------------------------
runscript will take care of the rest.
the conf.d file could use the runscript's default command_args:
---[BEGIN psad.confd]----------------------------------
# Add any options you would like to pass to the daemon when started
# For example if you would like to add an override file for your setup, this
# can be achived this way:
#
# command_args="--Override-config /root/psad.override.conf"
command_args=""
---[END psad.confd]-------------------------------------
For more info look at:
http://www.linuxhowtos.org/manpages/8/runscript.htm
http://wiki.alpinelinux.org/wiki/Writing_Init_Scripts
-nc
[1] http://linuxreviews.org/man/start-stop-daemon/
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---