X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 39A49DC0086 for ; Fri, 1 Nov 2013 03:46:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=it-offshore.co.uk; s=default; h=Message-Id:Date:Subject:Cc:To:From; bh=VATXMQathVibDziKQbTIzS0ldUtV9iaUHDCgEDi/V74=; b=WW5LKi1o6UaotbWLrzrt18iLsEp9CW9uHbg5lrpHZOl5H0MjvpjnypK/Lyaz37tEzJH7jJCjy2ZGc/+RInt99IEAhcWJEUbLKzn3v8YXQLMb8pPgB1mELJFnPWFf3QPD; Received: from [81.4.121.188] (port=56302 helo=alpine.my.domain) by apollo.thewebhostserver.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1Vc5gm-0043BZ-MA; Fri, 01 Nov 2013 03:46:24 +0000 From: IT Offshore To: alpine-devel@lists.alpinelinux.org Cc: IT Offshore Subject: [alpine-devel] [PATCH] Initial APKBUILD file of PSAD (Port Scan Attack Detector) Date: Fri, 1 Nov 2013 03:47:24 +0000 Message-Id: <1383277644-5024-1-git-send-email-developer@it-offshore.co.uk> X-Mailer: git-send-email 1.8.4.2 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com X-AntiAbuse: Original Domain - lists.alpinelinux.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - it-offshore.co.uk X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk X-Source: X-Source-Args: X-Source-Dir: X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: PSAD init file adapted from Debian BUILD adapted from Arch Linux https://aur.archlinux.org/packages/psad/ PERL Module perl-storable not needed & removed --- testing/perl-storable/APKBUILD | 41 -------- testing/psad/APKBUILD | 86 ++++++++++++++++ testing/psad/psad.confd | 8 ++ testing/psad/psad.initd | 221 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 315 insertions(+), 41 deletions(-) delete mode 100644 testing/perl-storable/APKBUILD create mode 100644 testing/psad/APKBUILD create mode 100644 testing/psad/psad.confd create mode 100644 testing/psad/psad.initd diff --git a/testing/perl-storable/APKBUILD b/testing/perl-storable/APKBUILD deleted file mode 100644 index 9bdab70..0000000 --- a/testing/perl-storable/APKBUILD +++ /dev/null @@ -1,41 +0,0 @@ -# Automatically generated by apkbuild-cpan, template 1 -# Contributor: IT Offshore -# Maintainer: IT Offshore -pkgname=perl-storable -_pkgreal=Storable -pkgver=2.45 -pkgrel=0 -pkgdesc="Brings persistence to your Perl data structures containing SCALAR, ARRAY, HASH or REF objects." -url="http://search.cpan.org/dist/Storable/" -arch="all" -license="GPL PerlArtistic" -cpandepends="" -cpanmakedepends=" " -depends="$cpandepends" -makedepends="perl-dev $cpanmakedepends" -subpackages="$pkgname-doc" -source="http://search.cpan.org/CPAN/authors/id/A/AM/AMS/$_pkgreal-$pkgver.tar.gz" - -_builddir="$srcdir/$_pkgreal-$pkgver" - -prepare() { - cd "$_builddir" - export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'` - PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor -} - -build() { - cd "$_builddir" - export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'` - make && make test -} - -package() { - cd "$_builddir" - make DESTDIR="$pkgdir" install || return 1 - find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete -} - -md5sums="682dbbddf86bb30e455b24f569308195 Storable-2.45.tar.gz" -sha256sums="d375dd53df154f060284bc6cb0a3e2807f091f6780c92a6b71e2c5cc0d4b1d56 Storable-2.45.tar.gz" -sha512sums="d216590b1f49bcd39f561f4ee0dab8138b48e5d26cd1d76f5f909f80c923c0a36a1192afa461cb52355fb36691443f5c6e167cad379d321161c5390ac4fd4f1e Storable-2.45.tar.gz" diff --git a/testing/psad/APKBUILD b/testing/psad/APKBUILD new file mode 100644 index 0000000..dcef928 --- /dev/null +++ b/testing/psad/APKBUILD @@ -0,0 +1,86 @@ +# Contributor: IT Offshore +# Maintainer: +pkgname=psad +pkgver=2.2.1 +pkgrel=0 +pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic" +url="http://cipherdyne.org/psad/" +arch="all" +license="GPL" +depends="perl iptables ip6tables ssmtp psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools" +subpackages="$pkgname-doc" +source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz + psad.initd + psad.confd + " + +_builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$_builddir" + + #Set the config dirs + sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \ + -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \ + -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \ + ./install.pl -i + #/usr/sbin/psadwatchd set with last cmd + sed -e "s|/var/log/psad|$pkgdir&|" \ + -e "s|/var/run/psad|$pkgdir&|" \ + -e "s|/var/lib/psad|$pkgdir&|" \ + -e "s|/usr/lib/psad|$pkgdir&|" \ + -e "s|/etc/psad|$pkgdir&|" \ + -e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \ + -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \ + -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \ + -e "s|/usr/sbin/psad|$pkgdir&|" \ + ./psad.conf -i + + #Disable install of generic init script & setting numeric run level + START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl) + END=$(expr $START + 7) + #Busybox sed does not support +7d + sed -e ''$START','$END'd' ./install.pl -i +} + +package() { + cd "$_builddir" + + #hope that things work + mkdir -p $pkgdir/etc/psad \ + $pkgdir/usr/bin \ + $pkgdir/usr/sbin \ + $pkgdir/usr/share/man/man8 \ + $pkgdir/var/lib/psad \ + $pkgdir/var/log/psad \ + $pkgdir/var/run/psad + ln -s /bin/busybox $pkgdir/usr/bin/whois + ./install.pl --runlevel 1 + + #Set correct permissions + chmod -R o+r $pkgdir/etc/psad + chmod -R o+r $pkgdir/usr/sbin/* + chmod 0700 $pkgdir/var/lib/psad + #remove whois symbolic link + rm -rf $pkgdir/usr/bin/whois + + # Fix the config + sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i + sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i + + #install init script & config defaults + install -m755 -D "$srcdir"/$pkgname.initd \ + "$pkgdir"/etc/init.d/$pkgname || return 1 + install -m644 -D "$srcdir"/$pkgname.confd \ + "$pkgdir"/etc/conf.d/$pkgname || return 1 +} + +md5sums="ee600d9b6b4b915b026370c9a3726b5f psad-nodeps-2.2.1.tar.gz +09628b84a98044122f0319e9d0dce193 psad.initd +10cb8b8f6cb7b70a0277011780ead791 psad.confd" +sha256sums="0422cdd1a37d4c8fcc1a4ce6e7c4a6974e58fdde82242f45b83eb6beb85708b5 psad-nodeps-2.2.1.tar.gz +4b3848eadd775ae34103717d9c24ea772c5eec5a79efa85114b48ca9976cb626 psad.initd +e3d5e969d8876c9862e539bb551b3271eb837ac0207e66e04f46739f0b28979c psad.confd" +sha512sums="9e3f475376c3c7b753e71676f5c9d639e9fffd93caf864faa130f8030e37f9a6c57ba59c9519d2bd8dde945f7ff7a014ca2a710bd4b7be9721ca7f13f879b970 psad-nodeps-2.2.1.tar.gz +5941feaf39a3766b5c5ec206c6dcbe40a98945f6fd1f7ccfe5797dd8666ef1e95c026a2cbc394de75eb7b639466d267d92ef9ae7bb54933880879dd3b71f6e48 psad.initd +1018a37ea0200fe629fb8a18a41d2c041d4d27bf201452c919e28b651fa0b797bf4368fafe78ea786f463148412b3d79f4815f761c60b07c6652083067ed1743 psad.confd" diff --git a/testing/psad/psad.confd b/testing/psad/psad.confd new file mode 100644 index 0000000..b731cdb --- /dev/null +++ b/testing/psad/psad.confd @@ -0,0 +1,8 @@ +# Default settings for psad. + +# Add any options you would like to pass to the daemon when started +# For example if you would like to add an override file for your setup, this +# can be achived this way: +# +# DAEMON_ARGS="--Override-config /root/psad.override.conf" +DAEMON_ARGS="" diff --git a/testing/psad/psad.initd b/testing/psad/psad.initd new file mode 100644 index 0000000..ab2251f --- /dev/null +++ b/testing/psad/psad.initd @@ -0,0 +1,221 @@ +#!/sbin/runscript + +# This file is part of PSAD (Port Scan Attack Detector) +# Adapted for Alpine Linux by IT Offshore +# Original Author: Franck Joncourt + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Port Scan Attack Detector" +NAME=psad +DAEMON=/usr/sbin/$NAME +PIDDIR=/var/run/psad +SCRIPTNAME=/etc/init.d/psad + +depend() { + need net + need logger + after iptables +} + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Load user options to pass to psad daemon +DAEMON_ARGS="" +[ -r /etc/conf.d/psad ] && . /etc/conf.d/psad + +# Function that checks if all of the configuration files exist +# +# Return +# 0 : all of the configuration files exist +# 6 : at least one file is missing + +check_config() +{ + local retval + local file_list + + retval=0 + file_list="/etc/psad/psad.conf" + + for ConfFile in $file_list; do + if [ ! -f "$ConfFile" ]; then + retval=6 + break + fi + done + + return $retval +} + +# +# Function to check if psad is running +# +# 0 : the psad.pid file has been found ; we assume the daemon is running +# 1 : no pid file has been found ; we assume the daemon is not running +# +is_psad_running() +{ + local pidfile="$PIDDIR/psad.pid" + local retval + + retval=0 + if [ -r "$pidfile" ]; then + retval=1 + fi + + return $retval +} + +# +# Function that starts the daemon/service +# +# 0 : daemon has been started or was already running +# 1 : generic or unspecified errors (could not be started) +# 6 : program is not configured (missing configuration files) + +do_start() +{ + local retval + + + mkdir -p $PIDDIR + chmod 755 $PIDDIR + + # Check psad configuration + check_config + retval=$? + + # Try to start psad + is_psad_running + if [ "$?" = 1 ]; then + log_action_msg "The psad daemon is already running" + retval=0 + + elif [ "$retval" = "0" ]; then + start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS + retval="$?" + fi + + # Handle return status codes + case "$retval" in + 0) + ;; + 6) + log_action_msg "You are missing the configuration file $ConfFile" || true + ;; + 9) + retval=0 + ;; + *) + retval=1 + log_action_msg "Unable to start the daemon" || true + ;; + esac + + log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true + log_end_msg $retval || true + + return $retval +} + +# +# Function that stops the daemon/service +# +# The upstream author has allowed the daemon to be killed through the +# following command-line : psad --Kill +# +# As psad starts kmsgsd and psadwatchd on its own, we need to stop them before. +# +# Return +# 0 : daemon has been stopped or was already stopped +# 1 : daemon could not be stopped + +do_stop() +{ + local retval="0" + local status kill_status + local pid pidfile + local process_list="psadwatchd kmsgsd psad" + + # For each process + for process in $process_list; do + + pidfile="$PIDDIR/$process.pid" + status="0" + kill_status="1" + + log_action_msg "Stopping the $process process" + + # Try to kill the process associated to the pid + if [ -r "$pidfile" ]; then + pid=`cat "$pidfile" 2>/dev/null` + kill -0 "${pid:-}" 2>/dev/null + kill_status="$?" + fi + + # Stop the process + if [ "$kill_status" = "0" ]; then + start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile" + status="$?" + fi + + # Remove its pid file + if [ -r "$pidfile" ] && [ "$status" = "0" ]; then + rm -f "$pidfile" 2>/dev/null + status="$?" + fi + + [ "$status" = "0" ] || retval="1" + + done + + if [ "$retval" != "0" ]; then + log_action_msg "One or more process could not be stopped" || true + fi + + log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true + log_end_msg $retval || true + + return $retval +} + +# +# Function that returns the daemon status +# +do_status() +{ + echo "Status of $DESC:" + $DAEMON --Status +} + +case "$1" in + start) + do_start + ;; + + stop) + do_stop + ;; + + restart|force-reload) + do_stop + sleep 1 + do_start + ;; + + status) + do_status + exit $? + ;; + + *) + log_success_msg "Usage: $0 {start|stop|restart|status}" >&2 + exit 1 + ;; +esac + +exit + + + -- 1.8.4.2 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---