X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id D8E15DC0165
	for <alpine-devel@lists.alpinelinux.org>; Sat,  2 Nov 2013 03:29:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=it-offshore.co.uk; s=default;
	h=Message-Id:Date:Subject:Cc:To:From; bh=Ip3Jpafa/sCCCBSfzcD63za/y+OJ3YZbTKT2jypofPY=;
	b=umokpH8EDzvZTILMz93ap5xPjgcFX3bbSAJ4Rm9BBohIbjo3OjPiVo5rbZIi2gxxhq1d0f6vFFulsS5glXX4yHbrxQivAhk+SYVqnweKEo77/kV69OCXA/71MJGUAaLv;
Received: from [81.4.121.188] (port=53310 helo=alpine.my.domain)
	by apollo.thewebhostserver.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
	(Exim 4.80.1)
	(envelope-from <developer@it-offshore.co.uk>)
	id 1VcRtp-002ykX-GA; Sat, 02 Nov 2013 03:29:21 +0000
From: IT Offshore <developer@it-offshore.co.uk>
To: alpine-devel@lists.alpinelinux.org
Cc: IT Offshore <developer@it-offshore.co.uk>
Subject: [alpine-devel] [PATCH] Initial APKBUILD for FWSNORT (Firewall SNORT)
Date: Sat,  2 Nov 2013 03:30:45 +0000
Message-Id: <1383363045-15568-1-git-send-email-developer@it-offshore.co.uk>
X-Mailer: git-send-email 1.8.4.2
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com
X-AntiAbuse: Original Domain - lists.alpinelinux.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - it-offshore.co.uk
X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>

Initial package into testing for 'FWSNORT':

http://www.cipherdyne.org/fwsnort/

fwsnort.post-install - adds daily cron to update rules / signatures

fwsnort.up - added to /etc/network/if-pre-up.d/ to splice rules into iptables

fwsnort.update - daily snort rule / psad signature update script (run by cron)
---
 testing/fwsnort/APKBUILD             | 74 ++++++++++++++++++++++++++++++++++++
 testing/fwsnort/fwsnort.post-install | 13 +++++++
 testing/fwsnort/fwsnort.up           |  5 +++
 testing/fwsnort/fwsnort.update       | 18 +++++++++
 4 files changed, 110 insertions(+)
 create mode 100644 testing/fwsnort/APKBUILD
 create mode 100644 testing/fwsnort/fwsnort.post-install
 create mode 100644 testing/fwsnort/fwsnort.up
 create mode 100644 testing/fwsnort/fwsnort.update

diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
new file mode 100644
index 0000000..853626b
--- /dev/null
+++ b/testing/fwsnort/APKBUILD
@@ -0,0 +1,74 @@
+# Contributor: IT Offshore <developer@it-offshore.co.uk>
+# Maintainer:
+pkgname=fwsnort
+pkgver=1.6.3
+pkgrel=0
+pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
+url="http://www.cipherdyne.org/fwsnort/"
+arch="noarch"
+license="GPL"
+depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
+depends_dev="wget"
+makedepends="$depends_dev"
+install="$pkgname.post-install"
+source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
+        fwsnort.up
+        fwsnort.update
+        "
+
+_builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+	cd "$_builddir"
+
+	#Disable Root requirement to build
+        START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
+        END=$(expr $START + 1)
+        #Busybox sed does not support +1d
+        sed -e ''$START','$END'd' ./install.pl -i
+
+	#prevent chmod 0500 halting the build
+    sed -e "s|0500|0755|" ./install.pl -i
+
+	#change MAN path so package builds
+    sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i
+
+  	# --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
+  	# avoids installation attempted into /etc /usr /var
+	# -S disables dependency installs (we also build with the nodep sources)
+  	./install.pl -S --install-test-dir   
+}
+
+package() {
+	cd "$_builddir"
+
+	#create destinations before fakeroot runs
+	mkdir -p $pkgdir/etc \
+                 $pkgdir/usr \
+                 $pkgdir/usr
+
+        cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir
+
+        # delete references to $pkgdir made by the installer
+        cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf
+
+	#fix permissions
+	chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
+	chmod 0500 $pkgdir/usr/sbin/fwsnort
+	chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf
+
+	# install rule / signature update script
+        install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
+	# install iptables rule splicing script
+	install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
+}
+
+md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7  fwsnort-nodeps-1.6.3.tar.gz
+442039bc04d553c7c5f9d3fc4269cc71  fwsnort.up
+4866ff4610b5f2aa56fa15a827b22179  fwsnort.update"
+sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2  fwsnort-nodeps-1.6.3.tar.gz
+8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359  fwsnort.up
+b9753c29cace84014876f0d3b18c1c4c76ac1cbe1c83dd295b341b9e2897f61d  fwsnort.update"
+sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48  fwsnort-nodeps-1.6.3.tar.gz
+3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f  fwsnort.up
+0944c226600b380c504d36038948ef0c421a3d412a06d85cbb0b8397b4226ae966c5d94fe2f661c72865fed2afae1d698279c6a4e95fc8637281ddb6cb01b14d  fwsnort.update"
diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
new file mode 100644
index 0000000..9b3fa0cb
--- /dev/null
+++ b/testing/fwsnort/fwsnort.post-install
@@ -0,0 +1,13 @@
+#!/bin/sh
+# fwsnort post install script
+#############################
+
+/usr/bin/update-fwsnort
+
+#setup cron to update signatures daily
+echo "0 15 * * * /usr/bin/update-fwsnort 2>&1 >> /var/log/fwsnort_update.log" >> /etc/crontabs/root
+
+echo "Daily root cron job created to update PSAD signatures & SNORT rules"
+echo "/etc/network/pre-if-up.d/fwsnort created to add SNORT rules to iptables automatically"
+
+exit 0
diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
new file mode 100644
index 0000000..b750f59
--- /dev/null
+++ b/testing/fwsnort/fwsnort.up
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+#splice fwsnort rules into iptables whenever the network comes up
+/var/lib/fwsnort/fwsnort.sh
+
diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
new file mode 100644
index 0000000..e94e1eb
--- /dev/null
+++ b/testing/fwsnort/fwsnort.update
@@ -0,0 +1,18 @@
+#!/bin/sh
+# update fwsnort & psad signatures
+
+# clear update log (rewritten daily by cron)
+if [ -f /var/log/fwsnort_update.log ]; then
+   rm -rf /var/log/fwsnort_update.log
+fi
+
+/usr/sbin/fwsnort --update-rules
+/usr/sbin/fwsnort
+/var/lib/fwsnort/fwsnort.sh
+
+if ps aux | grep psad; then
+   psad --sig-update
+   echo "running 'psad -H'"
+   psad -H
+fi
+
-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---