All patches now use the system colours $STRONG $GREEN $RED. Post install
scripts now only give info / status messages & run unattended & do not start any services.
Any setup is now done by /sbin/setup-$pkg
Completes patches correcting the following issues:
PSAD - now builds without stopping for user input.
dnscrypt-proxy - confd / initd now include the additional 3 variables for
the Resolvers - so /sbin/setup-dnscrypt now only updates confd & does not
touch init.
libsodium (dnscrypt dependency) - post-install running ldconfig removed.
FWSNORT - post-install only gives an info message & does not run the included update script.
Signature updates run by /etc/periodic/daily.
inetutils-syslogd - post-install only gives an info message. Setup done by /sbin/setup-$pkg
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 1/5] Initial APKBUILD for PSAD into Testing
Corrected patch for PSAD - the APKBUILD now provides the answers required by install.pl
so the package will build unattended. I looked at building the package the Redhat way
but the perl install script also preserves configuration settings on upgrades.
Post-install script now only adds PSAD to the default runlevel & shows it's status as stopped.
---
testing/psad/APKBUILD | 106 +++++++++++++++++++++++++++++++++++++++++testing/psad/psad.confd | 8 ++++testing/psad/psad.initd | 55 +++++++++++++++++++++testing/psad/psad.post-install | 6 +++
4 files changed, 175 insertions(+)
create mode 100644 testing/psad/APKBUILD
create mode 100644 testing/psad/psad.confd
create mode 100644 testing/psad/psad.initd
create mode 100644 testing/psad/psad.post-install
diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD
new file mode 100644
index 0000000..0e0477b
--- /dev/null+++ b/testing/psad/APKBUILD
@@ -0,0 +1,106 @@
+# Contributor: IT Offshore <developer@it-offshore.co.uk>+# Maintainer:+pkgname=psad+pkgver=2.2.1+pkgrel=0+pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic"+url="http://cipherdyne.org/psad/"+arch="all"+license="GPL"+depends="perl iptables ip6tables ssmtp psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools"+install="$pkgname.post-install"+subpackages="$pkgname-doc"+source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz+ psad.initd+ psad.confd+ "++_builddir="$srcdir"/$pkgname-$pkgver++build() {+ cd "$_builddir"++ #Set the config dirs+ sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \+ -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \+ -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \+ ./install.pl -i+ #/usr/sbin/psadwatchd set with last cmd+ sed -e "s|/var/log/psad|$pkgdir&|" \+ -e "s|/var/run/psad|$pkgdir&|" \+ -e "s|/var/lib/psad|$pkgdir&|" \+ -e "s|/usr/lib/psad|$pkgdir&|" \+ -e "s|/etc/psad|$pkgdir&|" \+ -e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \+ -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \+ -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \+ -e "s|/usr/sbin/psad|$pkgdir&|" \+ ./psad.conf -i++ #Disable install of generic init script & setting numeric run level+ START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl)+ END=$(expr $START + 7)+ #Busybox sed does not support +7d+ sed -e ''$START','$END'd' ./install.pl -i++ #populate install.answers so build does not wait for them+ echo -e "Would you like to merge the config from the existing psad installation:\t n;" > ./install.answers+ echo -e "Preserve any user modfications in etc psad signatures:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad icmp_types:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad icmp6_types:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad posf:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad auto_dl:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad snort_rule_dl:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad pf os:\t y;" >> ./install.answers+ echo -e "Preserve any user modfications in etc psad ip_options:\t y;" >> ./install.answers+ echo -e "Would you like alerts sent to a different address:\t y;" >> ./install.answers+ echo -e "Email addresses:\t root@localhost;" >> ./install.answers+ echo -e "Would you like psad to only parse specific strings in iptables messages:\t n;" >> ./install.answers+ echo -e "First is it ok to leave the HOME_NET setting as any:\t y;" >> ./install.answers+ echo -e "Would you like to enable DShield alerts:\t n;" >> ./install.answers+ echo -e "Would you like to install the latest signatures from http www cipherdyne org psad signatures:\t n;" >> ./install.answers+ echo -e "Enable psad at boot time:\t n;" >> ./install.answers+}++package() {+ cd "$_builddir"++ mkdir -p $pkgdir/etc/psad \+ $pkgdir/usr/bin \+ $pkgdir/usr/sbin \+ $pkgdir/usr/share/man/man8 \+ $pkgdir/var/lib/psad \+ $pkgdir/var/log/psad \+ $pkgdir/var/run/psad+ # add dummy whois so build completes+ ln -s /bin/busybox $pkgdir/usr/bin/whois+ # dummy runlevel 1 / skip perl module installation+ ./install.pl --runlevel 1 --Use-answers --Skip-mod-install++ #Set correct permissions+ chmod -R o+r $pkgdir/etc/psad+ chmod -R o+r $pkgdir/usr/sbin/*+ chmod 0700 $pkgdir/var/lib/psad+ #remove whois symbolic link+ rm -rf $pkgdir/usr/bin/whois++ # Fix the config+ sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i+ sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i++ #install init script & config defaults+ install -m755 -D "$srcdir"/$pkgname.initd \+ "$pkgdir"/etc/init.d/$pkgname || return 1+ install -m644 -D "$srcdir"/$pkgname.confd \+ "$pkgdir"/etc/conf.d/$pkgname || return 1+}++md5sums="d4b46544d167235a71ba5c56745927ed psad-2.2.1.tar.bz2+6e5ef9b0ddebf1a229da58b0f1918f89 psad.initd+bc07efebb41cc23c4be129bbbacc874b psad.confd"+sha256sums="17befa8879f326d8f416c4827ec4241c6a8882656776d677f1b7ed05728e9728 psad-2.2.1.tar.bz2+b38a3643f0b0c9ed338f1c3f1beea6114ba5b0a8cfb60097598066aa4e415c32 psad.initd+74c72225fa37c367a458321b737050cacaf262f32b0cc13babc54468ff1988b9 psad.confd"+sha512sums="08a4173126f3b9ea592224cd0079b41156e15366643f2347e6dbfe01a89bca112d3d94b0ec593da6c8fc9782befa74aad4a66b4117a40523d28a25bc1f1508c4 psad-2.2.1.tar.bz2+01fbb402032f8cff9d2c6be3a032c5ea446d4708ca4f56addebba84bbd1b70e69e4c94b31a3af2680bbf8633f854f1ed8ef78ac746450ff1848fdbc4c90bf44a psad.initd+a80666f59356cc6157a9f5dca132991d4f1e0afda8f673d602de2557219d5521bec9ae148330e98d9483175d14d96e4cc2ccd11541d8b187b0e47f44ba4ada54 psad.confd"
diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd
new file mode 100644
index 0000000..27ce228
--- /dev/null+++ b/testing/psad/psad.confd
@@ -0,0 +1,8 @@
+# Default settings for psad.++# Add any options you would like to pass to the daemon when started+# For example if you would like to add an override file for your setup, this+# can be achived this way:+#+# command_args="--Override-config /root/psad.override.conf"+command_args=""
diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd
new file mode 100644
index 0000000..3e12cf4
--- /dev/null+++ b/testing/psad/psad.initd
@@ -0,0 +1,55 @@
+#!/sbin/runscript++# This file is part of PSAD (Port Scan Attack Detector)+# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>++command="/usr/sbin/psad"+pidfile="/var/run/psad/psad.pid"+config_file="/etc/psad/psad.conf"++depend() {+ need net+ need logger+ after iptables+}++# allow override config_file location from conf.d+: ${config_file:="/etc/psad/psad.conf"}++check_config() {+ [ -f "$config_file" ] || error "$config_file is missing"+}++start_pre() {+ check_config || return 1+ # make sure dir for pidfile exists. /var/run is tmpfs...+ checkpath --directory ${pidfile%/*}+}++start() {+ ebegin "Starting PSAD (Port Scan Attack Detector)"+ start-stop-daemon --start $command --pidfile $pidfile+ eend $?+}++stop()+{+ local pidfile+ local piddir=/var/run/psad+ local process_list="psadwatchd kmsgsd psad"++ # Stop all 3 daemons with psad stopped last as it launches the other 2+ for process in $process_list; do++ pidfile="$piddir/$process.pid"+ einfo "Stopping the $process process"+ start-stop-daemon --stop $process --progress --pidfile $pidfile+ eend $?++ done+}++exit+++
diff --git a/testing/psad/psad.post-install b/testing/psad/psad.post-install
new file mode 100644
index 0000000..510d99b
--- /dev/null+++ b/testing/psad/psad.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh+# add psad service to Default Runlevel+rc-update add psad default+echo "PSAD:";rc-service psad status+exit 0+
--
1.8.4.2
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
[alpine-devel] [PATCH 2/5] Version Bump for dnscrypt-proxy to 1.33
On Sun, 10 Nov 2013 09:58:56 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:
> Corrected patch for PSAD - the APKBUILD now provides the answers required by install.pl> so the package will build unattended. I looked at building the package the Redhat way> but the perl install script also preserves configuration settings on upgrades.> > Post-install script now only adds PSAD to the default runlevel & shows it's status as stopped.> ---> testing/psad/APKBUILD | 106 +++++++++++++++++++++++++++++++++++++++++> testing/psad/psad.confd | 8 ++++> testing/psad/psad.initd | 55 +++++++++++++++++++++> testing/psad/psad.post-install | 6 +++> 4 files changed, 175 insertions(+)> create mode 100644 testing/psad/APKBUILD> create mode 100644 testing/psad/psad.confd> create mode 100644 testing/psad/psad.initd> create mode 100644 testing/psad/psad.post-install
I applied with some changes:
* removed the post-install script
* copied the stop() function from the provided initscript for gentoo
and removed the start() as i believe the default start action will
work.
-nc
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Re: [alpine-devel] [PATCH 2/5] Version Bump for dnscrypt-proxy to 1.33
Sorry for taking long time for this...
On Sun, 10 Nov 2013 09:58:57 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:
> Complete patch to bump dnscrypt-proxy to version 1.33> > Minor changes to APKBUILD to build with the new sources & make-depends.
Applied with some changes.This is fcolista's package though so it would
be nice if fcolista could have a look at it.
> confd / initd changed to include the additional configurations to set the alternative> resolver ip / public keys.
I basically rewrote the init.d. I tried to use sensible defaults but
its possible to override with conf.d.
> Separate patch created to build dnscrypt's dependency libsodium / libsodium-dev> (as it no longer forms part of dnscrypt's sources).
nice! thanks!
> Post-install script is just status / info using the $STRONG / $RED / $GREEN> system colours.
I don't think we need any informal message at all but I'll let fcolista
decide that for this package.
> Added /sbin/setup-dnscrypt for changing the resolver dnscrypt queries &> optionally installing unbound for dns caching. This also uses the system terminal> colours. This no longer makes any changes to init.d, it only updates conf.d
I didn't test it but i think this idea is pretty neat.
Thanks!
-nc
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
Re: [alpine-devel] [PATCH 5/5] Initial APKBUILD for inetutils-syslogd into /testing