This thread contains a patchset. You're looking at the original emails,
but you may wish to use the patch review UI.
Review patch
8
2
[alpine-devel] /testing - 4 Single Patches for PSAD / FWSNORT / inetutils-syslogd / perl-netaddr-ip
4 Single complete patches for PSAD / FWSNORT / inetutils-syslogd / perl-netaddr-ip
Build files based on Arch Linux PKGBUILDs:
https://aur.archlinux.org/packages/psad/ (except we build without perl-storable)
https://aur.archlinux.org/packages/fwsnort/
https://aur.archlinux.org/packages/inetutils-syslogd/ (except we build without PAM)
(1) PSAD init script fixed to use OpenRC builtin functions & messaging. Dependency on perl-storable removed.
Post-install script added to start & add psad at the default run level.
(2) FWSNORT - Post-install script updates snort rules / psad signatures & creates a daily cron job for same.
Package includes /etc/network/if-pre-up.d/fwsnort to splice snort rules into iptables. No init script.
(3) perl-netaddr-ip (missing dependency for FWSNORT).
(4) inetutils-syslogd:
Splits log files in the same manner as Debian default rsyslog. Optionally there is now the ability to have OpenVPN log
inside a chroot. Default settings disable forwarding (we are not a remote syslog). Runs in OpenVZ containers with less
problems than rsyslog.
Post-install script disables & removes busybox/syslog service & installs / starts inetutils-syslogd @ boot run level.
Also starts cron which get stopped by removing busybox/syslog. Post-deinstall script gives the option to reinstate
busybox/syslog (& restart cron).
inetutils-syslogd builds without PAM. Settings for logrotate now included (based on Debian settings for rsyslog).
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 1/4] /testing - Initial APKBUILD for PSAD (Port Scan Attack Detector)
This is now a single patch for PSAD.
BUILD adapted from Arch Linux https://aur.archlinux.org/packages/psad/
psad.initd = revised init script (using OpenRC builtins)
psad.post-install = creates & adds psad service to default run level
---
testing/psad/APKBUILD | 87 ++++++++++++++++++++++++++++++++++++++++++
testing/psad/psad.confd | 8 ++++
testing/psad/psad.initd | 55 ++++++++++++++++++++++++++
testing/psad/psad.post-install | 7 ++++
4 files changed, 157 insertions(+)
create mode 100644 testing/psad/APKBUILD
create mode 100644 testing/psad/psad.confd
create mode 100644 testing/psad/psad.initd
create mode 100644 testing/psad/psad.post-install
diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD
new file mode 100644
index 0000000..58983f6
--- /dev/null
+++ b/testing/psad/APKBUILD
@@ -0,0 +1,87 @@
+ # Contributor: IT Offshore <developer@it-offshore.co.uk>
+ # Maintainer:
+ pkgname=psad
+ pkgver=2.2.1
+ pkgrel=0
+ pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic"
+ url="http://cipherdyne.org/psad/"
+ arch="all"
+ license="GPL"
+ depends="perl iptables ip6tables ssmtp psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools"
+ install="$pkgname.post-install"
+ subpackages="$pkgname-doc"
+ source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz
+ psad.initd
+ psad.confd
+ "
+
+ _builddir="$srcdir"/$pkgname-$pkgver
+
+ build() {
+ cd "$_builddir"
+
+ #Set the config dirs
+ sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
+ -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
+ -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
+ ./install.pl -i
+ #/usr/sbin/psadwatchd set with last cmd
+ sed -e "s|/var/log/psad|$pkgdir&|" \
+ -e "s|/var/run/psad|$pkgdir&|" \
+ -e "s|/var/lib/psad|$pkgdir&|" \
+ -e "s|/usr/lib/psad|$pkgdir&|" \
+ -e "s|/etc/psad|$pkgdir&|" \
+ -e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \
+ -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
+ -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
+ -e "s|/usr/sbin/psad|$pkgdir&|" \
+ ./psad.conf -i
+
+ #Disable install of generic init script & setting numeric run level
+ START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl)
+ END=$(expr $START + 7)
+ #Busybox sed does not support +7d
+ sed -e ''$START','$END'd' ./install.pl -i
+ }
+
+ package() {
+ cd "$_builddir"
+
+ #hope that things work
+ mkdir -p $pkgdir/etc/psad \
+ $pkgdir/usr/bin \
+ $pkgdir/usr/sbin \
+ $pkgdir/usr/share/man/man8 \
+ $pkgdir/var/lib/psad \
+ $pkgdir/var/log/psad \
+ $pkgdir/var/run/psad
+ ln -s /bin/busybox $pkgdir/usr/bin/whois
+ ./install.pl --runlevel 1
+
+ #Set correct permissions
+ chmod -R o+r $pkgdir/etc/psad
+ chmod -R o+r $pkgdir/usr/sbin/*
+ chmod 0700 $pkgdir/var/lib/psad
+ #remove whois symbolic link
+ rm -rf $pkgdir/usr/bin/whois
+
+ # Fix the config
+ sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
+ sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
+
+ #install init script & config defaults
+ install -m755 -D "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ install -m644 -D "$srcdir"/$pkgname.confd \
+ "$pkgdir"/etc/conf.d/$pkgname || return 1
+ }
+
+ md5sums="ee600d9b6b4b915b026370c9a3726b5f psad-nodeps-2.2.1.tar.gz
+ 6e5ef9b0ddebf1a229da58b0f1918f89 psad.initd
+ bc07efebb41cc23c4be129bbbacc874b psad.confd"
+ sha256sums="0422cdd1a37d4c8fcc1a4ce6e7c4a6974e58fdde82242f45b83eb6beb85708b5 psad-nodeps-2.2.1.tar.gz
+ b38a3643f0b0c9ed338f1c3f1beea6114ba5b0a8cfb60097598066aa4e415c32 psad.initd
+ 74c72225fa37c367a458321b737050cacaf262f32b0cc13babc54468ff1988b9 psad.confd"
+ sha512sums="9e3f475376c3c7b753e71676f5c9d639e9fffd93caf864faa130f8030e37f9a6c57ba59c9519d2bd8dde945f7ff7a014ca2a710bd4b7be9721ca7f13f879b970 psad-nodeps-2.2.1.tar.gz
+ 01fbb402032f8cff9d2c6be3a032c5ea446d4708ca4f56addebba84bbd1b70e69e4c94b31a3af2680bbf8633f854f1ed8ef78ac746450ff1848fdbc4c90bf44a psad.initd
+ a80666f59356cc6157a9f5dca132991d4f1e0afda8f673d602de2557219d5521bec9ae148330e98d9483175d14d96e4cc2ccd11541d8b187b0e47f44ba4ada54 psad.confd"
diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd
new file mode 100644
index 0000000..27ce228
--- /dev/null
+++ b/testing/psad/psad.confd
@@ -0,0 +1,8 @@
+ # Default settings for psad.
+
+ # Add any options you would like to pass to the daemon when started
+ # For example if you would like to add an override file for your setup, this
+ # can be achived this way:
+ #
+ # command_args="--Override-config /root/psad.override.conf"
+ command_args=""
diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd
new file mode 100644
index 0000000..3e12cf4
--- /dev/null
+++ b/testing/psad/psad.initd
@@ -0,0 +1,55 @@
+ #!/sbin/runscript
+
+ # This file is part of PSAD (Port Scan Attack Detector)
+ # Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
+
+ command="/usr/sbin/psad"
+ pidfile="/var/run/psad/psad.pid"
+ config_file="/etc/psad/psad.conf"
+
+ depend() {
+ need net
+ need logger
+ after iptables
+ }
+
+ # allow override config_file location from conf.d
+ : ${config_file:="/etc/psad/psad.conf"}
+
+ check_config() {
+ [ -f "$config_file" ] || error "$config_file is missing"
+ }
+
+ start_pre() {
+ check_config || return 1
+ # make sure dir for pidfile exists. /var/run is tmpfs...
+ checkpath --directory ${pidfile%/*}
+ }
+
+ start() {
+ ebegin "Starting PSAD (Port Scan Attack Detector)"
+ start-stop-daemon --start $command --pidfile $pidfile
+ eend $?
+ }
+
+ stop()
+ {
+ local pidfile
+ local piddir=/var/run/psad
+ local process_list="psadwatchd kmsgsd psad"
+
+ # Stop all 3 daemons with psad stopped last as it launches the other 2
+ for process in $process_list; do
+
+ pidfile="$piddir/$process.pid"
+ einfo "Stopping the $process process"
+ start-stop-daemon --stop $process --progress --pidfile $pidfile
+ eend $?
+
+ done
+ }
+
+ exit
+
+
+
diff --git a/testing/psad/psad.post-install b/testing/psad/psad.post-install
new file mode 100644
index 0000000..ab9647e
--- /dev/null
+++ b/testing/psad/psad.post-install
@@ -0,0 +1,7 @@
+ #!/bin/sh
+
+ # add & start psad service
+ rc-update add psad default
+ rc-service psad start
+ exit 0
+
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 2/4] /testing - Initial APKBUILD for perl-netaddr-ip
perl-netaddr-ip into testing - dependency for FWSNORT:
http://www.cipherdyne.org/fwsnort/
---
testing/perl-netaddr-ip/APKBUILD | 41 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
create mode 100644 testing/perl-netaddr-ip/APKBUILD
diff --git a/testing/perl-netaddr-ip/APKBUILD b/testing/perl-netaddr-ip/APKBUILD
new file mode 100644
index 0000000..b884a66
--- /dev/null
+++ b/testing/perl-netaddr-ip/APKBUILD
@@ -0,0 +1,41 @@
+ # Automatically generated by apkbuild-cpan, template 1
+ # Contributor: IT Offshore <developer@it-offshore.co.uk>
+ # Maintainer: IT Offshore <developer@it-offshore.co.uk>
+ pkgname=perl-netaddr-ip
+ _pkgreal=NetAddr-IP
+ pkgver=4.071
+ pkgrel=0
+ pkgdesc="Manages IPv4 and IPv6 addresses and subnets"
+ url="http://search.cpan.org/dist/NetAddr-IP/"
+ arch="all"
+ license="GPL PerlArtistic"
+ cpandepends=""
+ cpanmakedepends=" "
+ depends="$cpandepends"
+ makedepends="perl-dev $cpanmakedepends"
+ subpackages="$pkgname-doc"
+ source="http://search.cpan.org/CPAN/authors/id/M/MI/MIKER/$_pkgreal-$pkgver.tar.gz"
+
+ _builddir="$srcdir/$_pkgreal-$pkgver"
+
+ prepare() {
+ cd "$_builddir"
+ export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
+ PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor
+ }
+
+ build() {
+ cd "$_builddir"
+ export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
+ make && make test
+ }
+
+ package() {
+ cd "$_builddir"
+ make DESTDIR="$pkgdir" install || return 1
+ find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
+ }
+
+ md5sums="f0da45422022fdf1ccfa90b8068d782b NetAddr-IP-4.071.tar.gz"
+ sha256sums="6375e8c76e72d9bd362a9d4ca0794396c9b919fa4e6e00b65e50dee719430d55 NetAddr-IP-4.071.tar.gz"
+ sha512sums="5a0927712a798e470b6f98c9acef27cf035b31bd2c4d7329edb1a3cf246a526c67855f388ade3905a0ee821d1fce7d3c0d91ebdfc99c2ca6c013a03cdf6ec36b NetAddr-IP-4.071.tar.gz"
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 3/4] /testing - Initial APKBUILD for FWSNORT (Firewall SNORT)
Initial package into testing for 'FWSNORT': http://www.cipherdyne.org/fwsnort/
fwsnort.post-install - adds daily cron to update rules / signatures
fwsnort.up - added to /etc/network/if-pre-up.d/ to splice rules into iptables
fwsnort.update - daily snort rule / psad signature update script (run by cron)
---
testing/fwsnort/APKBUILD | 74 ++++++++++++++++++++++++++++++++++++
testing/fwsnort/fwsnort.post-install | 13 +++++++
testing/fwsnort/fwsnort.up | 5 +++
testing/fwsnort/fwsnort.update | 18 +++++++++
4 files changed, 110 insertions(+)
create mode 100644 testing/fwsnort/APKBUILD
create mode 100644 testing/fwsnort/fwsnort.post-install
create mode 100644 testing/fwsnort/fwsnort.up
create mode 100644 testing/fwsnort/fwsnort.update
diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
new file mode 100644
index 0000000..853626b
--- /dev/null
+++ b/testing/fwsnort/APKBUILD
@@ -0,0 +1,74 @@
+ # Contributor: IT Offshore <developer@it-offshore.co.uk>
+ # Maintainer:
+ pkgname=fwsnort
+ pkgver=1.6.3
+ pkgrel=0
+ pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
+ url="http://www.cipherdyne.org/fwsnort/"
+ arch="noarch"
+ license="GPL"
+ depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
+ depends_dev="wget"
+ makedepends="$depends_dev"
+ install="$pkgname.post-install"
+ source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
+ fwsnort.up
+ fwsnort.update
+ "
+
+ _builddir="$srcdir"/$pkgname-$pkgver
+
+ build() {
+ cd "$_builddir"
+
+ #Disable Root requirement to build
+ START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
+ END=$(expr $START + 1)
+ #Busybox sed does not support +1d
+ sed -e ''$START','$END'd' ./install.pl -i
+
+ #prevent chmod 0500 halting the build
+ sed -e "s|0500|0755|" ./install.pl -i
+
+ #change MAN path so package builds
+ sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i
+
+ # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
+ # avoids installation attempted into /etc /usr /var
+ # -S disables dependency installs (we also build with the nodep sources)
+ ./install.pl -S --install-test-dir
+ }
+
+ package() {
+ cd "$_builddir"
+
+ #create destinations before fakeroot runs
+ mkdir -p $pkgdir/etc \
+ $pkgdir/usr \
+ $pkgdir/usr
+
+ cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir
+
+ # delete references to $pkgdir made by the installer
+ cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf
+
+ #fix permissions
+ chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
+ chmod 0500 $pkgdir/usr/sbin/fwsnort
+ chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf
+
+ # install rule / signature update script
+ install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
+ # install iptables rule splicing script
+ install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
+ }
+
+ md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz
+ 442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up
+ 4866ff4610b5f2aa56fa15a827b22179 fwsnort.update"
+ sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz
+ 8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up
+ b9753c29cace84014876f0d3b18c1c4c76ac1cbe1c83dd295b341b9e2897f61d fwsnort.update"
+ sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz
+ 3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up
+ 0944c226600b380c504d36038948ef0c421a3d412a06d85cbb0b8397b4226ae966c5d94fe2f661c72865fed2afae1d698279c6a4e95fc8637281ddb6cb01b14d fwsnort.update"
diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
new file mode 100644
index 0000000..9b3fa0cb
--- /dev/null
+++ b/testing/fwsnort/fwsnort.post-install
@@ -0,0 +1,13 @@
+ #!/bin/sh
+ # fwsnort post install script
+ #############################
+
+ /usr/bin/update-fwsnort
+
+ #setup cron to update signatures daily
+ echo "0 15 * * * /usr/bin/update-fwsnort 2>&1 >> /var/log/fwsnort_update.log" >> /etc/crontabs/root
+
+ echo "Daily root cron job created to update PSAD signatures & SNORT rules"
+ echo "/etc/network/pre-if-up.d/fwsnort created to add SNORT rules to iptables automatically"
+
+ exit 0
diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
new file mode 100644
index 0000000..b750f59
--- /dev/null
+++ b/testing/fwsnort/fwsnort.up
@@ -0,0 +1,5 @@
+ #!/bin/sh
+
+ #splice fwsnort rules into iptables whenever the network comes up
+ /var/lib/fwsnort/fwsnort.sh
+
diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
new file mode 100644
index 0000000..e94e1eb
--- /dev/null
+++ b/testing/fwsnort/fwsnort.update
@@ -0,0 +1,18 @@
+ #!/bin/sh
+ # update fwsnort & psad signatures
+
+ # clear update log (rewritten daily by cron)
+ if [ -f /var/log/fwsnort_update.log ]; then
+ rm -rf /var/log/fwsnort_update.log
+ fi
+
+ /usr/sbin/fwsnort --update-rules
+ /usr/sbin/fwsnort
+ /var/lib/fwsnort/fwsnort.sh
+
+ if ps aux | grep psad; then
+ psad --sig-update
+ echo "running 'psad -H'"
+ psad -H
+ fi
+
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 4/4] /testing - Initial APKBUILD for inetutils-syslogd
Single patch for inetutils-syslogd into testing to provide a small syslog
with logging to multiple files. Will also allow OpenVPN to log inside a chroot:
inetutils-syslogd.post-install = removes busybox syslog boot dependency & service
& adds / starts inetutils-syslogd
inetutils-syslogd.post-deinstall = gives option to reinstate busybox syslog service
syslog.conf = settings to split log files
inetutils-syslogd.logrotate = settings for logrotate
inetutils-syslogd.confd = default settings disable forwarding (we are not a remote syslog)
---
testing/inetutils-syslogd/APKBUILD | 90 ++++++++++++++++++++++
testing/inetutils-syslogd/inetutils-syslogd.confd | 9 +++
testing/inetutils-syslogd/inetutils-syslogd.initd | 50 ++++++++++++
.../inetutils-syslogd/inetutils-syslogd.logrotate | 38 +++++++++
.../inetutils-syslogd.post-deinstall | 18 +++++
.../inetutils-syslogd.post-install | 11 +++
testing/inetutils-syslogd/syslog.conf | 38 +++++++++
7 files changed, 254 insertions(+)
create mode 100644 testing/inetutils-syslogd/APKBUILD
create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.confd
create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.initd
create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.logrotate
create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-install
create mode 100644 testing/inetutils-syslogd/syslog.conf
diff --git a/testing/inetutils-syslogd/APKBUILD b/testing/inetutils-syslogd/APKBUILD
new file mode 100644
index 0000000..88d5f16
--- /dev/null
+++ b/testing/inetutils-syslogd/APKBUILD
@@ -0,0 +1,90 @@
+ # Contributor: IT Offshore <developer@it-offshore.co.uk>
+ # Maintainer:
+ pkgname=inetutils-syslogd
+ _pkgname=inetutils
+ pkgver=1.9.1
+ pkgrel=0
+ pkgdesc="A small syslogd for logging to multiple files"
+ url="http://www.gnu.org/software/inetutils/"
+ arch="all"
+ license="GPL3"
+ depends="readline ncurses"
+ depends_dev=""
+ makedepends="$depends_dev"
+ install="$pkgname.post-install $pkgname.post-deinstall"
+ subpackages="$pkgname-doc"
+ source="http://ftp.gnu.org/gnu/inetutils/${_pkgname}-${pkgver}.tar.gz
+ inetutils-syslogd.initd
+ inetutils-syslogd.confd
+ syslog.conf
+ inetutils-syslogd.logrotate
+ "
+
+ _builddir="$srcdir"/$_pkgname-$pkgver
+
+ build() {
+ cd "$_builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libexec=/usr/sbin \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --without-wrap --without-pam \
+ --disable-ftp --disable-ftpd \
+ --disable-telnet --disable-telnetd \
+ --disable-talk --disable-talkd \
+ --disable-rlogin --disable-rlogind \
+ --disable-rsh --disable-rshd \
+ --disable-rexec --disable-rexecd \
+ --disable-rcp --disable-hostname \
+ --disable-tftp --disable-tftpd \
+ --disable-ping --disable-ping6 \
+ --disable-logger --enable-syslogd \
+ --disable-inetd --disable-whois \
+ --disable-uucpd --disable-ifconfig --disable-traceroute \
+ || return 1
+ make || return 1
+ }
+
+ check() {
+ cd "$srcdir/${_pkgname}-${pkgver}"
+ make check
+ }
+
+ package() {
+ cd "$_builddir"
+ make DESTDIR="${pkgdir}" install
+ #binary installed to /usr/sbin not bin
+ rm -rf $pkgdir/usr/bin
+
+ #install init script & config defaults
+ install -m755 -D "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ install -m644 -D "$srcdir"/$pkgname.confd \
+ "$pkgdir"/etc/conf.d/$pkgname || return 1
+ install -m644 -D "$srcdir"/syslog.conf \
+ "$pkgdir"/etc/syslog.conf || return 1
+ install -m644 -D "$srcdir"/inetutils-syslogd.logrotate \
+ "$pkgdir"/etc/logrotate.d/inetutils-syslogd || return 1
+ }
+
+ md5sums="944f7196a2b3dba2d400e9088576000c inetutils-1.9.1.tar.gz
+ 6f0deb2a07439638161d03fd887d4fad inetutils-syslogd.initd
+ edf3f502d9f2bf49c5da8cb37a927d06 inetutils-syslogd.confd
+ 506560780445d5a7b30e2e3c96efa19d syslog.conf
+ 9980ae54a3791c7f9d1d3baa04698e2a inetutils-syslogd.logrotate"
+ sha256sums="02a9ebde8a198cb85f87545b9d88fb103a183958139864a85fe9e027ad79ff2b inetutils-1.9.1.tar.gz
+ 1cf71f3656dceba3ddf0543a43a98e644a0b42999ba80b9f72318ee578c9ff53 inetutils-syslogd.initd
+ 86105f0a0105f50275f7381b5d7fe603b8d854a0e6753c2f06f6d0c234562948 inetutils-syslogd.confd
+ a991140072f0ff1a0d3b3e593eb5935fcca0c00f93436022b9055c7450decdf9 syslog.conf
+ 2b3e73b1a808cabd54dd3c3b78573cdf759422fa3c7b64f15838ce0830edaa31 inetutils-syslogd.logrotate"
+ sha512sums="69267bfa3cae34f6145caad668dc2e9385701fb52a144640e9893fa7f0b7694eacd1fe579de3fb7190e8485b26c00337ded136488694c399b0fc290f7eec303c inetutils-1.9.1.tar.gz
+ e70d0e244fcc30e94f846b82b4ec7318b5582f512bd715fb5bd9178d7be5ede0e5b53e29431a2db5177ce2f31fc306900b3a1297a658e84b2671f3ad5153b81c inetutils-syslogd.initd
+ 82968692b4fe79706aacaeb1021b343288dc4f1d86925481796dac1f743a8269976ce86bf446cd0c16d246b918e5822e312660b201407eb7031a17cb398c9513 inetutils-syslogd.confd
+ 5abb2a0309c9e180d7cacf97917044a8d3573fdf4d5902d757788fb687800900b47a02c6ec4a113475931176b52a1c2ba0771452bfb301a11b5aa0230377872d syslog.conf
+ 30741cf17a86a0bf39404882711d827e200a2d22cdba873e49f1a871f8d113cfe5bb1ddf3206c44be888be15aa09104656f9bd26406abb42c9b6fed0624d0bfb inetutils-syslogd.logrotate"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.confd b/testing/inetutils-syslogd/inetutils-syslogd.confd
new file mode 100644
index 0000000..dfcc1cb
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.confd
@@ -0,0 +1,9 @@
+ #
+ # inetutils syslogd defaults
+ #
+
+ # Internet connections are enabled if forwarding (which is the default).
+ # Example option to add a socket for chroot jailed openvpn server
+ #SYSLOGD_OPTS="--no-forward -a /etc/openvpn/jail/dev/log"
+
+ SYSLOGD_OPTS="--no-forward"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.initd b/testing/inetutils-syslogd/inetutils-syslogd.initd
new file mode 100644
index 0000000..6baad86
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.initd
@@ -0,0 +1,50 @@
+ #!/sbin/runscript
+
+ # This file is part of inetutils-syslogd
+ # Created for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
+
+ name=syslogd
+ daemon=/usr/sbin/$name
+ config_file="/etc/syslog.conf"
+
+ depend() {
+ need clock hostname localmount
+ provide logger
+ }
+
+ check_config() {
+ [ -f "$config_file" ] || error "$config_file is missing"
+ }
+
+ start_pre() {
+ check_config || return 1
+ }
+
+ start() {
+ ebegin "Starting ${name}"
+ start-stop-daemon --start --quiet \
+ --pidfile /var/run/${name}.pid \
+ --exec ${daemon} -- ${SYSLOGD_OPTS}
+ eend $?
+ }
+
+ stop() {
+ ebegin "Stopping ${name}"
+ start-stop-daemon --stop --quiet \
+ --pidfile /var/run/$name.pid \
+ --exec ${daemon}
+ eend $?
+ }
+
+ reload() {
+ if [ ! -f "${PIDFILE}" ]; then
+ eerror "rsyslogd not running"
+ return 1
+ fi
+
+ ebegin "Re-opening intetutils-syslogd log files"
+ start-stop-daemon --stop --signal HUP \
+ --pidfile /var/run/$name.pid
+ eend $?
+ }
+
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.logrotate b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
new file mode 100644
index 0000000..9edb145
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
@@ -0,0 +1,38 @@
+ /var/log/syslog
+ {
+ rotate 7
+ daily
+ missingok
+ notifempty
+ delaycompress
+ compress
+ postrotate
+ /etc/init.d/inetutils-syslogd reload &>/dev/null || true
+ endscript
+ }
+
+ /var/log/mail.info
+ /var/log/mail.warn
+ /var/log/mail.err
+ /var/log/mail.log
+ /var/log/daemon.log
+ /var/log/kern.log
+ /var/log/auth.log
+ /var/log/user.log
+ /var/log/lpr.log
+ /var/log/cron.log
+ /var/log/debug
+ /var/log/messages
+ {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+ delaycompress
+ sharedscripts
+ postrotate
+ /etc/init.d/inetutils-syslogd reload &>/dev/null || true
+ endscript
+ }
+
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
new file mode 100644
index 0000000..1694252
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
@@ -0,0 +1,18 @@
+ #!/bin/sh
+
+ print_info() {
+ echo -n -e '\e[1;36m'
+ echo -n $1
+ echo -e '\e[0m'
+ }
+
+ print_info "Would you like to re-enable BusyBox Syslog & start cron ? (enter or y to re-enable): "; read enable_syslog
+
+ if [ -z "$enable_syslog" ] || [ "$enable_syslog" = "y" ] || [ "$enable_syslog" = "Y" ]; then
+ rc-update add syslog boot
+ rc-service syslog start
+ #removing any syslog also stops cron as it depends on logger
+ rc-service cron start
+ fi
+
+
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-install b/testing/inetutils-syslogd/inetutils-syslogd.post-install
new file mode 100644
index 0000000..d92a3c1
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-install
@@ -0,0 +1,11 @@
+ #!/bin/sh
+
+ # stop & remove busybox syslog service
+ rc-update syslog stop
+ rc-update del syslog boot
+ # add & start inetutils-syslogd
+ rc-update add inetutils-syslogd boot
+ rc-service inetutils-syslogd start
+ # stopping any syslog also stops cron which depends on logger
+ rc-service cron start
+ exit 0
diff --git a/testing/inetutils-syslogd/syslog.conf b/testing/inetutils-syslogd/syslog.conf
new file mode 100644
index 0000000..27141bf
--- /dev/null
+++ b/testing/inetutils-syslogd/syslog.conf
@@ -0,0 +1,38 @@
+ #
+ # First some standard log files. Log by facility.
+ #
+ auth,authpriv.* /var/log/auth.log
+ *.*;auth,authpriv.none -/var/log/syslog
+ cron.* /var/log/cron.log
+ daemon.* -/var/log/daemon.log
+ kern.* -/var/log/kern.log
+ lpr.* -/var/log/lpr.log
+ mail.* -/var/log/mail.log
+ user.* -/var/log/user.log
+
+ #
+ # Logging for the mail system. Split it up so that
+ # it is easy to write scripts to parse these files.
+ #
+ mail.info -/var/log/mail.info
+ mail.warn -/var/log/mail.warn
+ mail.err /var/log/mail.err
+
+ #
+ # Logging for INN news system.
+ #
+ news.crit /var/log/news/news.crit
+ news.err /var/log/news/news.err
+ news.notice -/var/log/news/news.notice
+
+ #
+ # Some "catch-all" log files.
+ #
+ *.=debug;\
+ auth,authpriv.none;\
+ news.none;mail.none -/var/log/debug
+ *.=info;*.=notice;*.=warn;\
+ auth,authpriv.none;\
+ cron,daemon.none;\
+ mail,news.none -/var/log/messages
+
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Re: [alpine-devel] [PATCH 1/4] /testing - Initial APKBUILD for PSAD (Port Scan Attack Detector)
Re: [alpine-devel] [PATCH 2/4] /testing - Initial APKBUILD for perl-netaddr-ip
Re: [alpine-devel] [PATCH 3/4] /testing - Initial APKBUILD for FWSNORT (Firewall SNORT)
On Sun, 3 Nov 2013 19:29:40 +0000
IT Offshore <developer@it-offshore.co.uk > wrote:
> Initial package into testing for 'FWSNORT': http://www.cipherdyne.org/fwsnort/
>
> fwsnort.post-install - adds daily cron to update rules / signatures
It should not be created with post-install
(seem more comments below)
>
> fwsnort.up - added to /etc/network/if-pre-up.d/ to splice rules into iptables
>
> fwsnort.update - daily snort rule / psad signature update script (run by cron)
> ---
> testing/fwsnort/APKBUILD | 74 ++++++++++++++++++++++++++++++++++++
> testing/fwsnort/fwsnort.post-install | 13 +++++++
> testing/fwsnort/fwsnort.up | 5 +++
> testing/fwsnort/fwsnort.update | 18 +++++++++
> 4 files changed, 110 insertions(+)
> create mode 100644 testing/fwsnort/APKBUILD
> create mode 100644 testing/fwsnort/fwsnort.post-install
> create mode 100644 testing/fwsnort/fwsnort.up
> create mode 100644 testing/fwsnort/fwsnort.update
>
> diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
> new file mode 100644
> index 0000000..853626b
> --- /dev/null
> +++ b/testing/fwsnort/APKBUILD
> @@ -0,0 +1,74 @@
> +# Contributor: IT Offshore <developer@it-offshore.co.uk >
> +# Maintainer:
> +pkgname=fwsnort
> +pkgver=1.6.3
> +pkgrel=0
> +pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
> +url="http://www.cipherdyne.org/fwsnort/"
> +arch="noarch"
> +license="GPL"
> +depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
> +depends_dev="wget"
> +makedepends="$depends_dev"
> +install="$pkgname.post-install"
> +source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
> + fwsnort.up
> + fwsnort.update
> + "
> +
> +_builddir="$srcdir"/$pkgname-$pkgver
> +
> +build() {
> + cd "$_builddir"
> +
> + #Disable Root requirement to build
> + START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
> + END=$(expr $START + 1)
> + #Busybox sed does not support +1d
> + sed -e ''$START','$END'd' ./install.pl -i
> +
> + #prevent chmod 0500 halting the build
> + sed -e "s|0500|0755|" ./install.pl -i
> +
> + #change MAN path so package builds
> + sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i
> +
> + # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
> + # avoids installation attempted into /etc /usr /var
> + # -S disables dependency installs (we also build with the nodep sources)
> + ./install.pl -S --install-test-dir
> +}
> +
> +package() {
> + cd "$_builddir"
> +
> + #create destinations before fakeroot runs
> + mkdir -p $pkgdir/etc \
> + $pkgdir/usr \
> + $pkgdir/usr
> +
> + cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir
> +
> + # delete references to $pkgdir made by the installer
> + cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf
> +
> + #fix permissions
> + chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
> + chmod 0500 $pkgdir/usr/sbin/fwsnort
> + chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf
> +
> + # install rule / signature update script
> + install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
> + # install iptables rule splicing script
> + install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
> +}
> +
> +md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz
> +442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up
> +4866ff4610b5f2aa56fa15a827b22179 fwsnort.update"
> +sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz
> +8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up
> +b9753c29cace84014876f0d3b18c1c4c76ac1cbe1c83dd295b341b9e2897f61d fwsnort.update"
> +sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz
> +3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up
> +0944c226600b380c504d36038948ef0c421a3d412a06d85cbb0b8397b4226ae966c5d94fe2f661c72865fed2afae1d698279c6a4e95fc8637281ddb6cb01b14d fwsnort.update"
> diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
> new file mode 100644
> index 0000000..9b3fa0cb
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.post-install
> @@ -0,0 +1,13 @@
> +#!/bin/sh
> +# fwsnort post install script
> +#############################
> +
> +/usr/bin/update-fwsnort
will this need network to work? Remember that on tmpfs installs, the
network is not initialized when packages are installed to tmpfs.
> +
> +#setup cron to update signatures daily
> +echo "0 15 * * * /usr/bin/update-fwsnort 2>&1 >> /var/log/fwsnort_update.log" >> /etc/crontabs/root
Why no ship an /etc/periodic/daily/fwsnort file? if you ship it within
the apk it will be removed when package is uninstalled. Otherwise it
will stay.
> +
> +echo "Daily root cron job created to update PSAD signatures & SNORT rules"
> +echo "/etc/network/pre-if-up.d/fwsnort created to add SNORT rules to iptables automatically"
> +
> +exit 0
> diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
> new file mode 100644
> index 0000000..b750f59
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.up
> @@ -0,0 +1,5 @@
> +#!/bin/sh
> +
> +#splice fwsnort rules into iptables whenever the network comes up
> +/var/lib/fwsnort/fwsnort.sh
> +
> diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
> new file mode 100644
> index 0000000..e94e1eb
> --- /dev/null
> +++ b/testing/fwsnort/fwsnort.update
> @@ -0,0 +1,18 @@
> +#!/bin/sh
> +# update fwsnort & psad signatures
> +
> +# clear update log (rewritten daily by cron)
> +if [ -f /var/log/fwsnort_update.log ]; then
> + rm -rf /var/log/fwsnort_update.log
> +fi
> +
> +/usr/sbin/fwsnort --update-rules
> +/usr/sbin/fwsnort
> +/var/lib/fwsnort/fwsnort.sh
> +
> +if ps aux | grep psad; then
> + psad --sig-update
> + echo "running 'psad -H'"
> + psad -H
> +fi
> +
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Re: [alpine-devel] [PATCH 4/4] /testing - Initial APKBUILD for inetutils-syslogd
On Sun, 3 Nov 2013 19:29:41 +0000
IT Offshore <developer@it-offshore.co.uk > wrote:
> Single patch for inetutils-syslogd into testing to provide a small syslog
> with logging to multiple files. Will also allow OpenVPN to log inside a chroot:
>
> inetutils-syslogd.post-install = removes busybox syslog boot dependency & service
> & adds / starts inetutils-syslogd
install/deinstall scripts should never start/stop any services.
> inetutils-syslogd.post-deinstall = gives option to reinstate busybox syslog service
install/deinstall script should be interactive.
> syslog.conf = settings to split log files
>
> inetutils-syslogd.logrotate = settings for logrotate
>
> inetutils-syslogd.confd = default settings disable forwarding (we are not a remote syslog)
> ---
> testing/inetutils-syslogd/APKBUILD | 90 ++++++++++++++++++++++
> testing/inetutils-syslogd/inetutils-syslogd.confd | 9 +++
> testing/inetutils-syslogd/inetutils-syslogd.initd | 50 ++++++++++++
> .../inetutils-syslogd/inetutils-syslogd.logrotate | 38 +++++++++
> .../inetutils-syslogd.post-deinstall | 18 +++++
> .../inetutils-syslogd.post-install | 11 +++
> testing/inetutils-syslogd/syslog.conf | 38 +++++++++
> 7 files changed, 254 insertions(+)
> create mode 100644 testing/inetutils-syslogd/APKBUILD
> create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.confd
> create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.initd
> create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.logrotate
> create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
> create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-install
> create mode 100644 testing/inetutils-syslogd/syslog.conf
-nc
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---