~alpine/devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-devel] [PATCH] Revised Init Script for PSAD (Port Scan Attack Detector)

IT Offshore <developer@it-offshore.co.uk>
Details
Message ID
<1383328057-6243-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1383328057
DKIM signature
missing
Download raw message
10 years ago
Patch: +31 -197 
Revised psad.initd / .confd to make use of OpenRC's runscript functions
& builtin messaging.

Updated checksums for APKBUILD.
---
 testing/psad/APKBUILD   |  12 +--
 testing/psad/psad.confd |   4 +-
 testing/psad/psad.initd | 212 ++++++------------------------------------------
 3 files changed, 31 insertions(+), 197 deletions(-)

diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD
index dcef928..ab36581 100644
--- a/testing/psad/APKBUILD
+++ b/testing/psad/APKBUILD
@@ -76,11 +76,11 @@ package() {
}

md5sums="ee600d9b6b4b915b026370c9a3726b5f  psad-nodeps-2.2.1.tar.gz
09628b84a98044122f0319e9d0dce193  psad.initd
10cb8b8f6cb7b70a0277011780ead791  psad.confd"
6e5ef9b0ddebf1a229da58b0f1918f89  psad.initd
bc07efebb41cc23c4be129bbbacc874b  psad.confd"
sha256sums="0422cdd1a37d4c8fcc1a4ce6e7c4a6974e58fdde82242f45b83eb6beb85708b5  psad-nodeps-2.2.1.tar.gz
4b3848eadd775ae34103717d9c24ea772c5eec5a79efa85114b48ca9976cb626  psad.initd
e3d5e969d8876c9862e539bb551b3271eb837ac0207e66e04f46739f0b28979c  psad.confd"
b38a3643f0b0c9ed338f1c3f1beea6114ba5b0a8cfb60097598066aa4e415c32  psad.initd
74c72225fa37c367a458321b737050cacaf262f32b0cc13babc54468ff1988b9  psad.confd"
sha512sums="9e3f475376c3c7b753e71676f5c9d639e9fffd93caf864faa130f8030e37f9a6c57ba59c9519d2bd8dde945f7ff7a014ca2a710bd4b7be9721ca7f13f879b970  psad-nodeps-2.2.1.tar.gz
5941feaf39a3766b5c5ec206c6dcbe40a98945f6fd1f7ccfe5797dd8666ef1e95c026a2cbc394de75eb7b639466d267d92ef9ae7bb54933880879dd3b71f6e48  psad.initd
1018a37ea0200fe629fb8a18a41d2c041d4d27bf201452c919e28b651fa0b797bf4368fafe78ea786f463148412b3d79f4815f761c60b07c6652083067ed1743  psad.confd"
01fbb402032f8cff9d2c6be3a032c5ea446d4708ca4f56addebba84bbd1b70e69e4c94b31a3af2680bbf8633f854f1ed8ef78ac746450ff1848fdbc4c90bf44a  psad.initd
a80666f59356cc6157a9f5dca132991d4f1e0afda8f673d602de2557219d5521bec9ae148330e98d9483175d14d96e4cc2ccd11541d8b187b0e47f44ba4ada54  psad.confd"
diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd
index b731cdb..27ce228 100644
--- a/testing/psad/psad.confd
+++ b/testing/psad/psad.confd
@@ -4,5 +4,5 @@
# For example if you would like to add an override file for your setup, this
# can be achived this way:
#
#     DAEMON_ARGS="--Override-config /root/psad.override.conf"
DAEMON_ARGS=""
#     command_args="--Override-config /root/psad.override.conf"
command_args=""
diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd
index ab2251f..3e12cf4 100644
--- a/testing/psad/psad.initd
+++ b/testing/psad/psad.initd
@@ -2,14 +2,10 @@

# This file is part of PSAD (Port Scan Attack Detector)
# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
# Original Author: Franck Joncourt <franck@debian.org>

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Port Scan Attack Detector"
NAME=psad
DAEMON=/usr/sbin/$NAME
PIDDIR=/var/run/psad
SCRIPTNAME=/etc/init.d/psad
command="/usr/sbin/psad"
pidfile="/var/run/psad/psad.pid"
config_file="/etc/psad/psad.conf"

depend() {
	need net
@@ -17,204 +13,42 @@ depend() {
	after iptables
}

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# allow override config_file location from conf.d
: ${config_file:="/etc/psad/psad.conf"}

# Load user options to pass to psad daemon
DAEMON_ARGS=""
[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad

# Function that checks if all of the configuration files exist
#
# Return
#   0 : all of the configuration files exist
#   6 : at least one file is missing

check_config()
{
	local retval
	local file_list

	retval=0
	file_list="/etc/psad/psad.conf"

	for ConfFile in $file_list; do
		if [ ! -f "$ConfFile" ]; then
			retval=6	
		 	break	
		fi
	done

	return $retval
check_config() {
	[ -f "$config_file" ] || error "$config_file is missing"
}

#
# Function to check if psad is running
#
#    0 : the psad.pid file has been found ; we assume the daemon is running
#    1 : no pid file has been found ; we assume the daemon is not running
#
is_psad_running()
{
        local pidfile="$PIDDIR/psad.pid"
        local retval

        retval=0
        if [ -r "$pidfile" ]; then
                retval=1
        fi

        return $retval
start_pre() {
	check_config || return 1
	# make sure dir for pidfile exists. /var/run is tmpfs...
	checkpath --directory ${pidfile%/*}
}

#
# Function that starts the daemon/service
#
#   0 : daemon has been started or was already running
#   1 : generic or unspecified errors (could not be started)
#   6 : program is not configured (missing configuration files)

do_start()
{
	local retval


        mkdir -p $PIDDIR
        chmod 755 $PIDDIR

	# Check psad configuration
	check_config
	retval=$?

	# Try to start psad
        is_psad_running
        if [ "$?" = 1 ]; then
            log_action_msg "The psad daemon is already running"
            retval=0

	elif [ "$retval"  = "0" ]; then
		start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
		retval="$?"
	fi

	# Handle return status codes
	case "$retval" in
		0)	 
			;;
		6)	
			log_action_msg "You are missing the configuration file $ConfFile" || true
			;;
		9)	
			retval=0
			;;
		*)
			retval=1
			log_action_msg "Unable to start the daemon" || true
			;;
	esac

	log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
        log_end_msg $retval || true

	return $retval
start() {
    ebegin "Starting PSAD (Port Scan Attack Detector)"
    start-stop-daemon --start $command --pidfile $pidfile
    eend $?
}

#
# Function that stops the daemon/service
#
# The upstream author has allowed the daemon to be killed through the 
# following command-line : psad --Kill
#
# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before.
#
# Return
#   0 : daemon has been stopped or was already stopped
#   1 : daemon could not be stopped

do_stop()
stop()
{
	local retval="0"
	local status kill_status
	local pid pidfile
	local pidfile
	local piddir=/var/run/psad
	local process_list="psadwatchd kmsgsd psad"

	# For each process
	# Stop all 3 daemons with psad stopped last as it launches the other 2
	for process in $process_list; do

		pidfile="$PIDDIR/$process.pid"
		status="0"
		kill_status="1"

		log_action_msg "Stopping the $process process"

		# Try to kill the process associated to the pid
		if [ -r "$pidfile" ]; then
			pid=`cat "$pidfile" 2>/dev/null`
			kill -0 "${pid:-}" 2>/dev/null
			kill_status="$?"
		fi

		# Stop the process
		if [ "$kill_status" = "0" ]; then
			start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
			status="$?"
		fi

		# Remove its pid file
		if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
			 rm -f "$pidfile" 2>/dev/null
			 status="$?"
		fi

		[ "$status" = "0" ] || retval="1"
		pidfile="$piddir/$process.pid"
		einfo "Stopping the $process process"
		start-stop-daemon --stop $process --progress --pidfile $pidfile
		eend $?

	done

	if [ "$retval" != "0" ]; then
		log_action_msg "One or more process could not be stopped" || true
	fi

        log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
        log_end_msg $retval || true

	return $retval
}

#
# Function that returns the daemon status
#
do_status()
{
	echo "Status of $DESC:"
	$DAEMON --Status
}

case "$1" in
	start)
		do_start
		;;

	stop)
		do_stop
		;;

	restart|force-reload)
		do_stop
		sleep 1
		do_start
		;;

	status)
		do_status
		exit $?
		;;

	*)
		log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
		exit 1 
		;;
esac

exit


-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)