X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id AD478DC0B35 for ; Fri, 8 Nov 2013 04:30:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=it-offshore.co.uk; s=default; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=MIYrKh7J5GrrlYLIuXhwYbHctjJFN0qfyzMxVQCRAAo=; b=qs/vTuOGmeZHwJpIfEbPM4g+di2KCTG0I3m8wxqEfPHAAkcJR8CGAPKzsPBxrmzE0nTZHpx56foX/eHkKwS/MD7YGG14/QQWwFYutjYNPsfEUpnMGudm4Fob3wcUGY0k; Received: from [81.4.121.188] (port=37162 helo=alpine.my.domain) by apollo.thewebhostserver.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1Vedhv-001QdF-Qf; Fri, 08 Nov 2013 04:30:08 +0000 From: IT Offshore To: alpine-devel@lists.alpinelinux.org Cc: IT Offshore Subject: [alpine-devel] [PATCH 2/2] Revised APKBUILD for FWSNORT into testing Date: Fri, 8 Nov 2013 04:31:33 +0000 Message-Id: <1383885093-26524-3-git-send-email-developer@it-offshore.co.uk> X-Mailer: git-send-email 1.8.4.2 In-Reply-To: <1383885093-26524-1-git-send-email-developer@it-offshore.co.uk> References: <1383885093-26524-1-git-send-email-developer@it-offshore.co.uk> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com X-AntiAbuse: Original Domain - lists.alpinelinux.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - it-offshore.co.uk X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk X-Source: X-Source-Args: X-Source-Dir: X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: re-submitted complete patch for FWSNORT correcting: periodic.daily - now updates the SNORT rules / PSAD signatures daily. fwsnort.post-install - now just shows a message to update signatures manually (to avoid any problems with installations on tmpfs). fwsnort.update - update script for FWSNORT & PSAD (if PSAD exists). fwsnort.up - lives in /etc/network/if-pre-up.d/ to put the SNORT rules into iptables every time networking comes up. --- testing/fwsnort/APKBUILD | 81 ++++++++++++++++++++++++++++++++++++ testing/fwsnort/fwsnort.post-install | 13 ++++++ testing/fwsnort/fwsnort.up | 5 +++ testing/fwsnort/fwsnort.update | 11 +++++ testing/fwsnort/periodic.daily | 5 +++ 5 files changed, 115 insertions(+) create mode 100644 testing/fwsnort/APKBUILD create mode 100644 testing/fwsnort/fwsnort.post-install create mode 100644 testing/fwsnort/fwsnort.up create mode 100644 testing/fwsnort/fwsnort.update create mode 100644 testing/fwsnort/periodic.daily diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD new file mode 100644 index 0000000..fcf7869 --- /dev/null +++ b/testing/fwsnort/APKBUILD @@ -0,0 +1,81 @@ +# Contributor: IT Offshore +# Maintainer: +pkgname=fwsnort +pkgver=1.6.3 +pkgrel=0 +pkgdesc="Application layer IDS/IPS by translating snort rules into iptables" +url="http://www.cipherdyne.org/fwsnort/" +arch="noarch" +license="GPL" +depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools" +depends_dev="wget" +makedepends="$depends_dev" +install="$pkgname.post-install" +source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz + fwsnort.up + fwsnort.update + periodic.daily + " + +_builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$_builddir" + + #Disable Root requirement to build + START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl) + END=$(expr $START + 1) + #Busybox sed does not support +1d + sed -e ''$START','$END'd' ./install.pl -i + + #prevent chmod 0500 halting the build + sed -e "s|0500|0755|" ./install.pl -i + + #change MAN path so package builds + sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i + + # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test + # avoids installation attempted into /etc /usr /var + # -S disables dependency installs (we also build with the nodep sources) + ./install.pl -S --install-test-dir +} + +package() { + cd "$_builddir" + + #create destinations before fakeroot runs + mkdir -p $pkgdir/etc \ + $pkgdir/usr \ + $pkgdir/usr + + cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir + + # delete references to $pkgdir made by the installer + cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf + + #fix permissions + chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules + chmod 0500 $pkgdir/usr/sbin/fwsnort + chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf + + # install rule / signature update script + install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort + # install iptables rule splicing script + install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort + # install daily cron + install -Dm755 "$srcdir"/periodic.daily "$pkgdir"/etc/periodic/daily/fwsnort + +} + +md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz +442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up +57afe59d948bd559e9728cee34bfd721 fwsnort.update +80bd0a7b0c1392e8a279d95e06120ca4 periodic.daily" +sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz +8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up +f0be3ec5846f075537c05389874cb66babff942d618bef7964511199563fbdd7 fwsnort.update +f080f4cb0b8e915a5d3af798b46b13fee0d2258d9c8c9dffafa4ecc0b9e1bbe6 periodic.daily" +sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz +3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up +bfcb2a4c5dd91eea6e1983ec660e6c5f8915dc87ce1e7650dd6a92fdc7a52e207f710792d75d470a16fe83da223b6aa45b95e4d53c912144ae2a306855b70fa6 fwsnort.update +763b459d43319e9b6678a5addd96b3542c629379f9f11095bc158b1ef08b039cd776ceedd6207953ab01000804d7580a3a8223b352b407d3cc6a05c27d96fcb0 periodic.daily" diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install new file mode 100644 index 0000000..8f986db --- /dev/null +++ b/testing/fwsnort/fwsnort.post-install @@ -0,0 +1,13 @@ +#!/bin/sh +# fwsnort post install script +############################# + +print_info() { + echo -n -e '\e[1;36m' + echo -n -e $1 + echo -e '\e[0m' +} + +print_info "FWSNORT installed & daily signature updates configured" +echo; print_info "To update now run:\t/usr/bin/update-fwsnort" +exit 0 diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up new file mode 100644 index 0000000..b750f59 --- /dev/null +++ b/testing/fwsnort/fwsnort.up @@ -0,0 +1,5 @@ +#!/bin/sh + +#splice fwsnort rules into iptables whenever the network comes up +/var/lib/fwsnort/fwsnort.sh + diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update new file mode 100644 index 0000000..53d859c --- /dev/null +++ b/testing/fwsnort/fwsnort.update @@ -0,0 +1,11 @@ +#!/bin/sh +# update fwsnort & psad signatures + +/usr/sbin/fwsnort --update-rules + +if ps aux | grep psad; then + psad --sig-update + echo "running 'psad -H'" + psad -H +fi + diff --git a/testing/fwsnort/periodic.daily b/testing/fwsnort/periodic.daily new file mode 100644 index 0000000..ffc785d --- /dev/null +++ b/testing/fwsnort/periodic.daily @@ -0,0 +1,5 @@ +#!/bin/sh +#update FWSNORT Rules & PSAD signatures daily +/usr/bin/update-fwsnort +exit 0 + -- 1.8.4.2 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---