~alpine/devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
3 2

[alpine-devel]

Details
Message ID
<1383885093-26524-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1383885091
DKIM signature
missing
Download raw message
Complete patches for both

Inetutils-syslogd - Corrected post-install / deinstall scripts (no longer stop
or start any services & are now fully interactive for changing boot runlevels)

FWSNORT - /etc/periodic/daily/fwsnort added to update SNORT Rules / PSAD signatures
& post-install script now just shows a message to manually update for the first
time (to prevent problems with installations on tmpfs)


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

[alpine-devel] [PATCH 1/2] Revised APKBUILD for inetutils-syslogd into testing

Details
Message ID
<1383885093-26524-2-git-send-email-developer@it-offshore.co.uk>
In-Reply-To
<1383885093-26524-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1383885092
DKIM signature
missing
Download raw message
Patch: +272 -0
re-submitted complete patch correcting:

post-install / post-deinstall:

Both now fully interactive for adding & removing busybox syslog / inetutils-syslogd
to the Boot Runlevel.

They also do not stop or start any services. Instead a status message shows if services
are started or stopped (cron will be stopped if either syslog is removed)
---
 testing/inetutils-syslogd/APKBUILD                 | 90 ++++++++++++++++++++++
 testing/inetutils-syslogd/inetutils-syslogd.confd  |  9 +++
 testing/inetutils-syslogd/inetutils-syslogd.initd  | 50 ++++++++++++
 .../inetutils-syslogd/inetutils-syslogd.logrotate  | 38 +++++++++
 .../inetutils-syslogd.post-deinstall               | 21 +++++
 .../inetutils-syslogd.post-install                 | 26 +++++++
 testing/inetutils-syslogd/syslog.conf              | 38 +++++++++
 7 files changed, 272 insertions(+)
 create mode 100644 testing/inetutils-syslogd/APKBUILD
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.confd
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.initd
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.logrotate
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-install
 create mode 100644 testing/inetutils-syslogd/syslog.conf

diff --git a/testing/inetutils-syslogd/APKBUILD b/testing/inetutils-syslogd/APKBUILD
new file mode 100644
index 0000000..88d5f16
--- /dev/null
+++ b/testing/inetutils-syslogd/APKBUILD
@@ -0,0 +1,90 @@
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# Maintainer:
pkgname=inetutils-syslogd
_pkgname=inetutils
pkgver=1.9.1
pkgrel=0
pkgdesc="A small syslogd for logging to multiple files"
url="http://www.gnu.org/software/inetutils/"
arch="all"
license="GPL3"
depends="readline ncurses"
depends_dev=""
makedepends="$depends_dev"
install="$pkgname.post-install $pkgname.post-deinstall"
subpackages="$pkgname-doc"
source="http://ftp.gnu.org/gnu/inetutils/${_pkgname}-${pkgver}.tar.gz
	inetutils-syslogd.initd
	inetutils-syslogd.confd
	syslog.conf
	inetutils-syslogd.logrotate
	"

_builddir="$srcdir"/$_pkgname-$pkgver

build() {
	cd "$_builddir"

        ./configure \
                --build=$CBUILD \
                --host=$CHOST \
                --prefix=/usr \
		--libexec=/usr/sbin \
                --sysconfdir=/etc \
                --mandir=/usr/share/man \
                --infodir=/usr/share/info \
                --localstatedir=/var \
		--without-wrap --without-pam \
                --disable-ftp --disable-ftpd \
      		--disable-telnet --disable-telnetd \
         	--disable-talk --disable-talkd \
         	--disable-rlogin --disable-rlogind \
         	--disable-rsh --disable-rshd \
	        --disable-rexec --disable-rexecd \
        	--disable-rcp --disable-hostname \
	        --disable-tftp --disable-tftpd \
        	--disable-ping --disable-ping6 \
	        --disable-logger --enable-syslogd \
        	--disable-inetd --disable-whois \
	        --disable-uucpd --disable-ifconfig --disable-traceroute \
		|| return 1
        make || return 1
}

check() {
  cd "$srcdir/${_pkgname}-${pkgver}"
  make check
}

package() {
	cd "$_builddir"
	make DESTDIR="${pkgdir}" install
	#binary installed to /usr/sbin not bin
	rm -rf $pkgdir/usr/bin

	#install init script & config defaults
        install -m755 -D "$srcdir"/$pkgname.initd \
                "$pkgdir"/etc/init.d/$pkgname || return 1
        install -m644 -D "$srcdir"/$pkgname.confd \
                "$pkgdir"/etc/conf.d/$pkgname || return 1
	install -m644 -D "$srcdir"/syslog.conf \
                "$pkgdir"/etc/syslog.conf || return 1
	install -m644 -D "$srcdir"/inetutils-syslogd.logrotate \
                "$pkgdir"/etc/logrotate.d/inetutils-syslogd || return 1
}

md5sums="944f7196a2b3dba2d400e9088576000c  inetutils-1.9.1.tar.gz
6f0deb2a07439638161d03fd887d4fad  inetutils-syslogd.initd
edf3f502d9f2bf49c5da8cb37a927d06  inetutils-syslogd.confd
506560780445d5a7b30e2e3c96efa19d  syslog.conf
9980ae54a3791c7f9d1d3baa04698e2a  inetutils-syslogd.logrotate"
sha256sums="02a9ebde8a198cb85f87545b9d88fb103a183958139864a85fe9e027ad79ff2b  inetutils-1.9.1.tar.gz
1cf71f3656dceba3ddf0543a43a98e644a0b42999ba80b9f72318ee578c9ff53  inetutils-syslogd.initd
86105f0a0105f50275f7381b5d7fe603b8d854a0e6753c2f06f6d0c234562948  inetutils-syslogd.confd
a991140072f0ff1a0d3b3e593eb5935fcca0c00f93436022b9055c7450decdf9  syslog.conf
2b3e73b1a808cabd54dd3c3b78573cdf759422fa3c7b64f15838ce0830edaa31  inetutils-syslogd.logrotate"
sha512sums="69267bfa3cae34f6145caad668dc2e9385701fb52a144640e9893fa7f0b7694eacd1fe579de3fb7190e8485b26c00337ded136488694c399b0fc290f7eec303c  inetutils-1.9.1.tar.gz
e70d0e244fcc30e94f846b82b4ec7318b5582f512bd715fb5bd9178d7be5ede0e5b53e29431a2db5177ce2f31fc306900b3a1297a658e84b2671f3ad5153b81c  inetutils-syslogd.initd
82968692b4fe79706aacaeb1021b343288dc4f1d86925481796dac1f743a8269976ce86bf446cd0c16d246b918e5822e312660b201407eb7031a17cb398c9513  inetutils-syslogd.confd
5abb2a0309c9e180d7cacf97917044a8d3573fdf4d5902d757788fb687800900b47a02c6ec4a113475931176b52a1c2ba0771452bfb301a11b5aa0230377872d  syslog.conf
30741cf17a86a0bf39404882711d827e200a2d22cdba873e49f1a871f8d113cfe5bb1ddf3206c44be888be15aa09104656f9bd26406abb42c9b6fed0624d0bfb  inetutils-syslogd.logrotate"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.confd b/testing/inetutils-syslogd/inetutils-syslogd.confd
new file mode 100644
index 0000000..dfcc1cb
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.confd
@@ -0,0 +1,9 @@
#
# inetutils syslogd defaults
#

# Internet connections are enabled if forwarding (which is the default).
# Example option to add a socket for chroot jailed openvpn server
#SYSLOGD_OPTS="--no-forward -a /etc/openvpn/jail/dev/log"

SYSLOGD_OPTS="--no-forward"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.initd b/testing/inetutils-syslogd/inetutils-syslogd.initd
new file mode 100644
index 0000000..6baad86
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.initd
@@ -0,0 +1,50 @@
#!/sbin/runscript

# This file is part of inetutils-syslogd
# Created for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>

name=syslogd
daemon=/usr/sbin/$name
config_file="/etc/syslog.conf"

depend() {
	need clock hostname localmount
        provide logger
}

check_config() {
        [ -f "$config_file" ] || error "$config_file is missing"
}

start_pre() {
        check_config || return 1
}

start() {
	ebegin "Starting ${name}"
		start-stop-daemon --start --quiet \
			--pidfile /var/run/${name}.pid \
			--exec ${daemon} -- ${SYSLOGD_OPTS}
	eend $?
}

stop() {
	ebegin "Stopping ${name}"
		start-stop-daemon --stop --quiet \
			--pidfile /var/run/$name.pid \
			--exec ${daemon}
	eend $?
}

reload() {
        if [ ! -f "${PIDFILE}" ]; then
                eerror "rsyslogd not running"
                return 1
        fi

        ebegin "Re-opening intetutils-syslogd log files"
        start-stop-daemon --stop --signal HUP \
                --pidfile /var/run/$name.pid
        eend $?
}

diff --git a/testing/inetutils-syslogd/inetutils-syslogd.logrotate b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
new file mode 100644
index 0000000..9edb145
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
@@ -0,0 +1,38 @@
/var/log/syslog
{
	rotate 7
	daily
	missingok
	notifempty
	delaycompress
	compress
	postrotate
		/etc/init.d/inetutils-syslogd reload &>/dev/null || true
	endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		/etc/init.d/inetutils-syslogd reload &>/dev/null || true
	endscript
}

diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
new file mode 100644
index 0000000..86eb1df
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
@@ -0,0 +1,21 @@
#!/bin/sh

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}
print_info "Would you like to add BusyBox Syslog to the Boot Runlevel ? [ Enter or Y to enable ]: "; read ans

if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
	rc-update add syslog boot
fi

# show service status - cron will be stopped due to logger dependency
cron_status=$(rc-status | grep cron)
syslog_status=$(rc-status boot | grep syslog)
print_info "Service Status:"
echo;print_info "$cron_status\t$syslog_status"
echo;print_info "[ rc-service <service> <start stop restart> ]"


diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-install b/testing/inetutils-syslogd/inetutils-syslogd.post-install
new file mode 100644
index 0000000..3434cdb
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-install
@@ -0,0 +1,26 @@
#!/bin/sh

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}

print_info "Would you like to remove BusyBox Syslog from the Boot Runlevel ? [ Enter or Y to remove ]:"; read ans
if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
        rc-update del syslog boot
fi

print_info "Would you like to add inetutils-syslogd to the Boot Runlevel ? [ Enter or Y to add ]:"; read ans
if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
        rc-update add inetutils-syslogd boot
fi

# show service status
inetutils_status=$(rc-status boot | grep inetutils-syslogd)
syslog_status=$(rc-status boot | grep syslog)

print_info "Service Status:"
echo;print_info "$inetutils_status\t$syslog_status"
echo;print_info "[ rc-service <service> <start stop restart> ]"
exit 0
diff --git a/testing/inetutils-syslogd/syslog.conf b/testing/inetutils-syslogd/syslog.conf
new file mode 100644
index 0000000..27141bf
--- /dev/null
+++ b/testing/inetutils-syslogd/syslog.conf
@@ -0,0 +1,38 @@
#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
cron.*                          /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

[alpine-devel] [PATCH 2/2] Revised APKBUILD for FWSNORT into testing

Details
Message ID
<1383885093-26524-3-git-send-email-developer@it-offshore.co.uk>
In-Reply-To
<1383885093-26524-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1383885093
DKIM signature
missing
Download raw message
Patch: +115 -0
re-submitted complete patch for FWSNORT correcting:

periodic.daily - now updates the SNORT rules / PSAD signatures daily.

fwsnort.post-install - now just shows a message to update signatures manually
(to avoid any problems with installations on tmpfs).

fwsnort.update - update script for FWSNORT & PSAD (if PSAD exists).

fwsnort.up - lives in /etc/network/if-pre-up.d/ to put the SNORT rules into iptables every time networking comes up.
---
 testing/fwsnort/APKBUILD             | 81 ++++++++++++++++++++++++++++++++++++
 testing/fwsnort/fwsnort.post-install | 13 ++++++
 testing/fwsnort/fwsnort.up           |  5 +++
 testing/fwsnort/fwsnort.update       | 11 +++++
 testing/fwsnort/periodic.daily       |  5 +++
 5 files changed, 115 insertions(+)
 create mode 100644 testing/fwsnort/APKBUILD
 create mode 100644 testing/fwsnort/fwsnort.post-install
 create mode 100644 testing/fwsnort/fwsnort.up
 create mode 100644 testing/fwsnort/fwsnort.update
 create mode 100644 testing/fwsnort/periodic.daily

diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
new file mode 100644
index 0000000..fcf7869
--- /dev/null
+++ b/testing/fwsnort/APKBUILD
@@ -0,0 +1,81 @@
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# Maintainer:
pkgname=fwsnort
pkgver=1.6.3
pkgrel=0
pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
url="http://www.cipherdyne.org/fwsnort/"
arch="noarch"
license="GPL"
depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
depends_dev="wget"
makedepends="$depends_dev"
install="$pkgname.post-install"
source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
        fwsnort.up
        fwsnort.update
	periodic.daily
        "

_builddir="$srcdir"/$pkgname-$pkgver

build() {
	cd "$_builddir"

	#Disable Root requirement to build
        START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
        END=$(expr $START + 1)
        #Busybox sed does not support +1d
        sed -e ''$START','$END'd' ./install.pl -i

	#prevent chmod 0500 halting the build
    sed -e "s|0500|0755|" ./install.pl -i

	#change MAN path so package builds
    sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i

	# --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
	# avoids installation attempted into /etc /usr /var
	# -S disables dependency installs (we also build with the nodep sources)
	./install.pl -S --install-test-dir
}

package() {
	cd "$_builddir"

	#create destinations before fakeroot runs
	mkdir -p $pkgdir/etc \
                 $pkgdir/usr \
                 $pkgdir/usr

        cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir

        # delete references to $pkgdir made by the installer
        cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf

	#fix permissions
	chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
	chmod 0500 $pkgdir/usr/sbin/fwsnort
	chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf

	# install rule / signature update script
        install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
	# install iptables rule splicing script
	install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
	# install daily cron
        install -Dm755 "$srcdir"/periodic.daily "$pkgdir"/etc/periodic/daily/fwsnort

}

md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7  fwsnort-nodeps-1.6.3.tar.gz
442039bc04d553c7c5f9d3fc4269cc71  fwsnort.up
57afe59d948bd559e9728cee34bfd721  fwsnort.update
80bd0a7b0c1392e8a279d95e06120ca4  periodic.daily"
sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2  fwsnort-nodeps-1.6.3.tar.gz
8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359  fwsnort.up
f0be3ec5846f075537c05389874cb66babff942d618bef7964511199563fbdd7  fwsnort.update
f080f4cb0b8e915a5d3af798b46b13fee0d2258d9c8c9dffafa4ecc0b9e1bbe6  periodic.daily"
sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48  fwsnort-nodeps-1.6.3.tar.gz
3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f  fwsnort.up
bfcb2a4c5dd91eea6e1983ec660e6c5f8915dc87ce1e7650dd6a92fdc7a52e207f710792d75d470a16fe83da223b6aa45b95e4d53c912144ae2a306855b70fa6  fwsnort.update
763b459d43319e9b6678a5addd96b3542c629379f9f11095bc158b1ef08b039cd776ceedd6207953ab01000804d7580a3a8223b352b407d3cc6a05c27d96fcb0  periodic.daily"
diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
new file mode 100644
index 0000000..8f986db
--- /dev/null
+++ b/testing/fwsnort/fwsnort.post-install
@@ -0,0 +1,13 @@
#!/bin/sh
# fwsnort post install script
#############################

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}

print_info "FWSNORT installed & daily signature updates configured"
echo; print_info "To update now run:\t/usr/bin/update-fwsnort"
exit 0
diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
new file mode 100644
index 0000000..b750f59
--- /dev/null
+++ b/testing/fwsnort/fwsnort.up
@@ -0,0 +1,5 @@
#!/bin/sh

#splice fwsnort rules into iptables whenever the network comes up
/var/lib/fwsnort/fwsnort.sh

diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
new file mode 100644
index 0000000..53d859c
--- /dev/null
+++ b/testing/fwsnort/fwsnort.update
@@ -0,0 +1,11 @@
#!/bin/sh
# update fwsnort & psad signatures

/usr/sbin/fwsnort --update-rules

if ps aux | grep psad; then
   psad --sig-update
   echo "running 'psad -H'"
   psad -H
fi

diff --git a/testing/fwsnort/periodic.daily b/testing/fwsnort/periodic.daily
new file mode 100644
index 0000000..ffc785d
--- /dev/null
+++ b/testing/fwsnort/periodic.daily
@@ -0,0 +1,5 @@
#!/bin/sh
#update FWSNORT Rules & PSAD signatures daily
/usr/bin/update-fwsnort
exit 0

-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] [PATCH 1/2] Revised APKBUILD for inetutils-syslogd into testing

Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20131108110942.625388d6@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1383885093-26524-2-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1383905382
DKIM signature
missing
Download raw message
On Fri,  8 Nov 2013 04:31:32 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:

> re-submitted complete patch correcting:
> 
> post-install / post-deinstall:
> 
> Both now fully interactive for adding & removing busybox syslog / inetutils-syslogd
> to the Boot Runlevel.

Sorry for not being clear, but apk must be able to run from completely
unattended scripts so no scripts can be interactive.

> 
> They also do not stop or start any services. Instead a status message shows if services
> are started or stopped (cron will be stopped if either syslog is removed)

Do you mind if we completely remove the install scripts?

If you want make it easy for endusers you can ship a
setup-inetutils-syslogd which replaces the syslogger.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)