1

[alpine-devel] [PATCH] Initial APKBUILD file of PSAD (Port Scan Attack Detector)

IT Offshore
Details
Message ID
<1383277644-5024-1-git-send-email-developer@it-offshore.co.uk>
Sender timestamp
1383277644
DKIM signature
missing
Download raw message
Patch: +315 -41
PSAD init file adapted from Debian
BUILD adapted from Arch Linux https://aur.archlinux.org/packages/psad/
PERL Module perl-storable not needed & removed
---
 testing/perl-storable/APKBUILD |  41 --------
 testing/psad/APKBUILD          |  86 ++++++++++++++++
 testing/psad/psad.confd        |   8 ++
 testing/psad/psad.initd        | 221 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 315 insertions(+), 41 deletions(-)
 delete mode 100644 testing/perl-storable/APKBUILD
 create mode 100644 testing/psad/APKBUILD
 create mode 100644 testing/psad/psad.confd
 create mode 100644 testing/psad/psad.initd

diff --git a/testing/perl-storable/APKBUILD b/testing/perl-storable/APKBUILD
deleted file mode 100644
index 9bdab70..0000000
--- a/testing/perl-storable/APKBUILD
@@ -1,41 +0,0 @@
-# Automatically generated by apkbuild-cpan, template 1
-# Contributor: IT Offshore <developer@it-offshore.co.uk>
-# Maintainer: IT Offshore <developer@it-offshore.co.uk>
-pkgname=perl-storable
-_pkgreal=Storable
-pkgver=2.45
-pkgrel=0
-pkgdesc="Brings persistence to your Perl data structures containing SCALAR, ARRAY, HASH or REF objects."
-url="http://search.cpan.org/dist/Storable/"
-arch="all"
-license="GPL PerlArtistic"
-cpandepends=""
-cpanmakedepends="   "
-depends="$cpandepends"
-makedepends="perl-dev $cpanmakedepends"
-subpackages="$pkgname-doc"
-source="http://search.cpan.org/CPAN/authors/id/A/AM/AMS/$_pkgreal-$pkgver.tar.gz"
-
-_builddir="$srcdir/$_pkgreal-$pkgver"
-
-prepare() {
-	cd "$_builddir"
-	export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
-	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor
-}
-
-build() {
-	cd "$_builddir"
-	export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
-	make && make test
-}
-
-package() {
-	cd "$_builddir"
-	make DESTDIR="$pkgdir" install || return 1
-	find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
-}
-
-md5sums="682dbbddf86bb30e455b24f569308195  Storable-2.45.tar.gz"
-sha256sums="d375dd53df154f060284bc6cb0a3e2807f091f6780c92a6b71e2c5cc0d4b1d56  Storable-2.45.tar.gz"
-sha512sums="d216590b1f49bcd39f561f4ee0dab8138b48e5d26cd1d76f5f909f80c923c0a36a1192afa461cb52355fb36691443f5c6e167cad379d321161c5390ac4fd4f1e  Storable-2.45.tar.gz"
diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD
new file mode 100644
index 0000000..dcef928
--- /dev/null
+++ b/testing/psad/APKBUILD
@@ -0,0 +1,86 @@
+# Contributor: IT Offshore <developer@it-offshore.co.uk>
+# Maintainer:
+pkgname=psad
+pkgver=2.2.1
+pkgrel=0
+pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic"
+url="http://cipherdyne.org/psad/"
+arch="all"
+license="GPL"
+depends="perl iptables ip6tables ssmtp psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools"
+subpackages="$pkgname-doc"
+source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz
+	psad.initd
+	psad.confd
+	"
+
+_builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+	cd "$_builddir"
+
+	#Set the config dirs
+  sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
+      -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
+      -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
+          ./install.pl -i
+       #/usr/sbin/psadwatchd set with last cmd
+  sed -e "s|/var/log/psad|$pkgdir&|" \
+      -e "s|/var/run/psad|$pkgdir&|" \
+      -e "s|/var/lib/psad|$pkgdir&|" \
+      -e "s|/usr/lib/psad|$pkgdir&|" \
+      -e "s|/etc/psad|$pkgdir&|" \
+      -e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \
+      -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
+      -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
+      -e "s|/usr/sbin/psad|$pkgdir&|" \
+        ./psad.conf -i
+
+	#Disable install of generic init script & setting numeric run level 
+  	START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl)
+  	END=$(expr $START + 7)
+        #Busybox sed does not support +7d
+	sed -e ''$START','$END'd' ./install.pl -i
+}
+
+package() {
+	cd "$_builddir"
+
+	#hope that things work
+	mkdir -p $pkgdir/etc/psad \
+                 $pkgdir/usr/bin \
+                 $pkgdir/usr/sbin \
+                 $pkgdir/usr/share/man/man8 \
+                 $pkgdir/var/lib/psad \
+                 $pkgdir/var/log/psad \
+                 $pkgdir/var/run/psad 
+ 	ln -s /bin/busybox $pkgdir/usr/bin/whois 
+	./install.pl --runlevel 1  
+ 
+        #Set correct permissions
+ 	chmod -R o+r $pkgdir/etc/psad
+ 	chmod -R o+r $pkgdir/usr/sbin/*
+ 	chmod 0700 $pkgdir/var/lib/psad
+	#remove whois symbolic link
+	rm -rf $pkgdir/usr/bin/whois 
+
+ 	# Fix the config
+ 	sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
+ 	sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
+
+	#install init script & config defaults
+	install -m755 -D "$srcdir"/$pkgname.initd \
+		"$pkgdir"/etc/init.d/$pkgname || return 1
+	install -m644 -D "$srcdir"/$pkgname.confd \
+		"$pkgdir"/etc/conf.d/$pkgname || return 1
+}
+
+md5sums="ee600d9b6b4b915b026370c9a3726b5f  psad-nodeps-2.2.1.tar.gz
+09628b84a98044122f0319e9d0dce193  psad.initd
+10cb8b8f6cb7b70a0277011780ead791  psad.confd"
+sha256sums="0422cdd1a37d4c8fcc1a4ce6e7c4a6974e58fdde82242f45b83eb6beb85708b5  psad-nodeps-2.2.1.tar.gz
+4b3848eadd775ae34103717d9c24ea772c5eec5a79efa85114b48ca9976cb626  psad.initd
+e3d5e969d8876c9862e539bb551b3271eb837ac0207e66e04f46739f0b28979c  psad.confd"
+sha512sums="9e3f475376c3c7b753e71676f5c9d639e9fffd93caf864faa130f8030e37f9a6c57ba59c9519d2bd8dde945f7ff7a014ca2a710bd4b7be9721ca7f13f879b970  psad-nodeps-2.2.1.tar.gz
+5941feaf39a3766b5c5ec206c6dcbe40a98945f6fd1f7ccfe5797dd8666ef1e95c026a2cbc394de75eb7b639466d267d92ef9ae7bb54933880879dd3b71f6e48  psad.initd
+1018a37ea0200fe629fb8a18a41d2c041d4d27bf201452c919e28b651fa0b797bf4368fafe78ea786f463148412b3d79f4815f761c60b07c6652083067ed1743  psad.confd"
diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd
new file mode 100644
index 0000000..b731cdb
--- /dev/null
+++ b/testing/psad/psad.confd
@@ -0,0 +1,8 @@
+# Default settings for psad.
+
+# Add any options you would like to pass to the daemon when started
+# For example if you would like to add an override file for your setup, this
+# can be achived this way:
+#
+#     DAEMON_ARGS="--Override-config /root/psad.override.conf"
+DAEMON_ARGS=""
diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd
new file mode 100644
index 0000000..ab2251f
--- /dev/null
+++ b/testing/psad/psad.initd
@@ -0,0 +1,221 @@
+#!/sbin/runscript
+
+# This file is part of PSAD (Port Scan Attack Detector)
+# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
+# Original Author: Franck Joncourt <franck@debian.org>
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Port Scan Attack Detector"
+NAME=psad
+DAEMON=/usr/sbin/$NAME
+PIDDIR=/var/run/psad
+SCRIPTNAME=/etc/init.d/psad
+
+depend() {
+	need net
+	need logger
+	after iptables
+}
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Load user options to pass to psad daemon
+DAEMON_ARGS=""
+[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad
+
+# Function that checks if all of the configuration files exist
+#
+# Return
+#   0 : all of the configuration files exist
+#   6 : at least one file is missing
+
+check_config()
+{
+	local retval
+	local file_list
+
+	retval=0
+	file_list="/etc/psad/psad.conf"
+
+	for ConfFile in $file_list; do
+		if [ ! -f "$ConfFile" ]; then
+			retval=6	
+		 	break	
+		fi
+	done
+
+	return $retval
+}
+
+#
+# Function to check if psad is running
+#
+#    0 : the psad.pid file has been found ; we assume the daemon is running
+#    1 : no pid file has been found ; we assume the daemon is not running
+#
+is_psad_running()
+{
+        local pidfile="$PIDDIR/psad.pid"
+        local retval
+
+        retval=0
+        if [ -r "$pidfile" ]; then
+                retval=1
+        fi
+
+        return $retval
+}
+
+#
+# Function that starts the daemon/service
+#
+#   0 : daemon has been started or was already running
+#   1 : generic or unspecified errors (could not be started)
+#   6 : program is not configured (missing configuration files)
+
+do_start()
+{
+	local retval
+
+
+        mkdir -p $PIDDIR
+        chmod 755 $PIDDIR
+
+	# Check psad configuration
+	check_config
+	retval=$?
+
+	# Try to start psad
+        is_psad_running
+        if [ "$?" = 1 ]; then
+            log_action_msg "The psad daemon is already running"
+            retval=0
+
+	elif [ "$retval"  = "0" ]; then
+		start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
+		retval="$?"
+	fi
+
+	# Handle return status codes
+	case "$retval" in
+		0)	 
+			;;
+		6)	
+			log_action_msg "You are missing the configuration file $ConfFile" || true
+			;;
+		9)	
+			retval=0
+			;;
+		*)
+			retval=1
+			log_action_msg "Unable to start the daemon" || true
+			;;
+	esac
+
+	log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
+        log_end_msg $retval || true
+
+	return $retval
+}
+
+#
+# Function that stops the daemon/service
+#
+# The upstream author has allowed the daemon to be killed through the 
+# following command-line : psad --Kill
+#
+# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before.
+#
+# Return
+#   0 : daemon has been stopped or was already stopped
+#   1 : daemon could not be stopped
+
+do_stop()
+{
+	local retval="0"
+	local status kill_status
+	local pid pidfile
+	local process_list="psadwatchd kmsgsd psad"
+
+	# For each process
+	for process in $process_list; do
+
+		pidfile="$PIDDIR/$process.pid"
+		status="0"
+		kill_status="1"
+
+		log_action_msg "Stopping the $process process"
+
+		# Try to kill the process associated to the pid
+		if [ -r "$pidfile" ]; then
+			pid=`cat "$pidfile" 2>/dev/null`
+			kill -0 "${pid:-}" 2>/dev/null
+			kill_status="$?"
+		fi
+
+		# Stop the process
+		if [ "$kill_status" = "0" ]; then
+			start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
+			status="$?"
+		fi
+
+		# Remove its pid file
+		if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
+			 rm -f "$pidfile" 2>/dev/null
+			 status="$?"
+		fi
+
+		[ "$status" = "0" ] || retval="1"
+
+	done
+
+	if [ "$retval" != "0" ]; then
+		log_action_msg "One or more process could not be stopped" || true
+	fi
+
+        log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
+        log_end_msg $retval || true
+
+	return $retval
+}
+
+#
+# Function that returns the daemon status
+#
+do_status()
+{
+	echo "Status of $DESC:"
+	$DAEMON --Status
+}
+
+case "$1" in
+	start)
+		do_start
+		;;
+
+	stop)
+		do_stop
+		;;
+
+	restart|force-reload)
+		do_stop
+		sleep 1
+		do_start
+		;;
+
+	status)
+		do_status
+		exit $?
+		;;
+
+	*)
+		log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
+		exit 1 
+		;;
+esac
+
+exit
+
+
+
-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20131101120617.66fb3d44@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1383277644-5024-1-git-send-email-developer@it-offshore.co.uk> (view parent)
Sender timestamp
1383303977
DKIM signature
missing
Download raw message
On Fri,  1 Nov 2013 03:47:24 +0000
IT Offshore <developer@it-offshore.co.uk> wrote:

Thanks for the patch. Some comments on the init.d script.

> +++ b/testing/psad/psad.initd
> @@ -0,0 +1,221 @@
> +#!/sbin/runscript
> +
> +# This file is part of PSAD (Port Scan Attack Detector)
> +# Adapted for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>
> +# Original Author: Franck Joncourt <franck@debian.org>
> +
> +PATH=/sbin:/usr/sbin:/bin:/usr/bin
> +DESC="Port Scan Attack Detector"
> +NAME=psad
> +DAEMON=/usr/sbin/$NAME
> +PIDDIR=/var/run/psad
> +SCRIPTNAME=/etc/init.d/psad
> +
> +depend() {
> +	need net
> +	need logger
> +	after iptables
> +}
> +
> +# Exit if the package is not installed
> +[ -x "$DAEMON" ] || exit 0

This should be removed. openrc will source the init.d scripts to parse dependencies. Unexpected things will happen if it exits early due to the binary file is missing.

> +
> +# Load user options to pass to psad daemon
> +DAEMON_ARGS=""
> +[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad

This is not needed. runscript will read /etc/conf.d/$SVCNAME for you.

> +
> +# Function that checks if all of the configuration files exist
> +#
> +# Return
> +#   0 : all of the configuration files exist
> +#   6 : at least one file is missing
> +
> +check_config()
> +{
> +	local retval
> +	local file_list
> +
> +	retval=0
> +	file_list="/etc/psad/psad.conf"
> +
> +	for ConfFile in $file_list; do
> +		if [ ! -f "$ConfFile" ]; then
> +			retval=6	
> +		 	break	
> +		fi
> +	done
> +
> +	return $retval
> +}

I think its unecessary long function for a single config file. I'd do something like:

# allow override config_file location from conf.d
: ${config_file:="/etc/psad/psad.conf"}

check_config() {
	if ! [ -f "$config_file" ]; then
		error "$config_file is missing"
		return 1
	fi
}


> +
> +#
> +# Function to check if psad is running
> +#
> +#    0 : the psad.pid file has been found ; we assume the daemon is running
> +#    1 : no pid file has been found ; we assume the daemon is not running
> +#
> +is_psad_running()
> +{
> +        local pidfile="$PIDDIR/psad.pid"
> +        local retval
> +
> +        retval=0
> +        if [ -r "$pidfile" ]; then
> +                retval=1
> +        fi
> +
> +        return $retval
> +}

This function should not be needed. start-stop-daemon[1] can check if
pidfile exists. (Please note that openrc implementation of
start-stop-daemon is somewhat different from debians)

> +
> +#
> +# Function that starts the daemon/service
> +#
> +#   0 : daemon has been started or was already running
> +#   1 : generic or unspecified errors (could not be started)
> +#   6 : program is not configured (missing configuration files)
> +
> +do_start()
> +{
> +	local retval
> +
> +
> +        mkdir -p $PIDDIR
> +        chmod 755 $PIDDIR
> +
> +	# Check psad configuration
> +	check_config
> +	retval=$?
> +
> +	# Try to start psad
> +        is_psad_running
> +        if [ "$?" = 1 ]; then
> +            log_action_msg "The psad daemon is already running"
> +            retval=0
> +
> +	elif [ "$retval"  = "0" ]; then
> +		start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
> +		retval="$?"
> +	fi
> +
> +	# Handle return status codes
> +	case "$retval" in
> +		0)	 
> +			;;
> +		6)	
> +			log_action_msg "You are missing the configuration file $ConfFile" || true
> +			;;
> +		9)	
> +			retval=0
> +			;;
> +		*)
> +			retval=1
> +			log_action_msg "Unable to start the daemon" || true
> +			;;
> +	esac
> +
> +	log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
> +        log_end_msg $retval || true
> +
> +	return $retval
> +}

This also looks way overcomplicated. i believe ebegin/eend should be
used instead of log_action_msg/log_daemon_msg.

> +
> +#
> +# Function that stops the daemon/service
> +#
> +# The upstream author has allowed the daemon to be killed through the 
> +# following command-line : psad --Kill
> +#
> +# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before.
> +#
> +# Return
> +#   0 : daemon has been stopped or was already stopped
> +#   1 : daemon could not be stopped
> +
> +do_stop()
> +{
> +	local retval="0"
> +	local status kill_status
> +	local pid pidfile
> +	local process_list="psadwatchd kmsgsd psad"
> +
> +	# For each process
> +	for process in $process_list; do
> +
> +		pidfile="$PIDDIR/$process.pid"
> +		status="0"
> +		kill_status="1"
> +
> +		log_action_msg "Stopping the $process process"
> +
> +		# Try to kill the process associated to the pid
> +		if [ -r "$pidfile" ]; then
> +			pid=`cat "$pidfile" 2>/dev/null`
> +			kill -0 "${pid:-}" 2>/dev/null
> +			kill_status="$?"
> +		fi
> +
> +		# Stop the process
> +		if [ "$kill_status" = "0" ]; then
> +			start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
> +			status="$?"
> +		fi
> +
> +		# Remove its pid file
> +		if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
> +			 rm -f "$pidfile" 2>/dev/null
> +			 status="$?"
> +		fi
> +
> +		[ "$status" = "0" ] || retval="1"
> +
> +	done
> +
> +	if [ "$retval" != "0" ]; then
> +		log_action_msg "One or more process could not be stopped" || true
> +	fi
> +
> +        log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
> +        log_end_msg $retval || true
> +
> +	return $retval
> +}

runscript has logic that should make most of that code uneccessary.

> +
> +#
> +# Function that returns the daemon status
> +#
> +do_status()
> +{
> +	echo "Status of $DESC:"
> +	$DAEMON --Status
> +}

runscript does this automatic.

> +
> +case "$1" in
> +	start)
> +		do_start
> +		;;
> +
> +	stop)
> +		do_stop
> +		;;
> +
> +	restart|force-reload)
> +		do_stop
> +		sleep 1
> +		do_start
> +		;;
> +
> +	status)
> +		do_status
> +		exit $?
> +		;;
> +
> +	*)
> +		log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
> +		exit 1 
> +		;;
> +esac
> +
> +exit

runscript does this too for you.

I believe the entire init.d script could be rewritten as:

---[BEGIN psad.initd]--------------------------------
#!/sbin/runscript

command="/usr/sbin/psad"
pidfile="/var/run/psad/psad.pid"

config_file="/etc/psad/psad.conf"

check_config() {
	[ -f "$config_file" ] || error "$config_file is missing"
}

start_pre() {
	check_config || return 1
	# make sure dir for pidfile exists. /var/run is tmpfs...
	checkpath --directory ${pidfile%/*}
}

---[END psad.initd]------------------------------------

runscript will take care of the rest.

the conf.d file could use the runscript's default command_args:

---[BEGIN psad.confd]----------------------------------
# Add any options you would like to pass to the daemon when started
# For example if you would like to add an override file for your setup, this
# can be achived this way:
#
#     command_args="--Override-config /root/psad.override.conf"
command_args=""
---[END psad.confd]-------------------------------------

For more info look at:
http://www.linuxhowtos.org/manpages/8/runscript.htm
http://wiki.alpinelinux.org/wiki/Writing_Init_Scripts

-nc

[1] http://linuxreviews.org/man/start-stop-daemon/


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---