X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from dal-a2.localdomain (unknown [74.117.189.115]) by mail.alpinelinux.org (Postfix) with ESMTP id 2490EDCA1C1 for ; Thu, 7 Nov 2013 15:22:42 +0000 (UTC) Received: from ncopa-desktop.alpinelinux.org (3.203.202.84.customer.cdi.no [84.202.203.3]) (using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ncopa@tanael.org) by dal-a2.localdomain (Postfix) with ESMTPSA id 56D98BC39A8; Thu, 7 Nov 2013 15:22:41 +0000 (UTC) Date: Thu, 7 Nov 2013 16:22:37 +0100 From: Natanael Copa To: IT Offshore Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] [PATCH 3/4] /testing - Initial APKBUILD for FWSNORT (Firewall SNORT) Message-ID: <20131107162237.0f2a760f@ncopa-desktop.alpinelinux.org> In-Reply-To: <1383506981-19379-4-git-send-email-developer@it-offshore.co.uk> References: <1383506981-19379-1-git-send-email-developer@it-offshore.co.uk> <1383506981-19379-4-git-send-email-developer@it-offshore.co.uk> X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.20; x86_64-alpine-linux-uclibc) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sun, 3 Nov 2013 19:29:40 +0000 IT Offshore wrote: > Initial package into testing for 'FWSNORT': http://www.cipherdyne.org/fwsnort/ > > fwsnort.post-install - adds daily cron to update rules / signatures It should not be created with post-install (seem more comments below) > > fwsnort.up - added to /etc/network/if-pre-up.d/ to splice rules into iptables > > fwsnort.update - daily snort rule / psad signature update script (run by cron) > --- > testing/fwsnort/APKBUILD | 74 ++++++++++++++++++++++++++++++++++++ > testing/fwsnort/fwsnort.post-install | 13 +++++++ > testing/fwsnort/fwsnort.up | 5 +++ > testing/fwsnort/fwsnort.update | 18 +++++++++ > 4 files changed, 110 insertions(+) > create mode 100644 testing/fwsnort/APKBUILD > create mode 100644 testing/fwsnort/fwsnort.post-install > create mode 100644 testing/fwsnort/fwsnort.up > create mode 100644 testing/fwsnort/fwsnort.update > > diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD > new file mode 100644 > index 0000000..853626b > --- /dev/null > +++ b/testing/fwsnort/APKBUILD > @@ -0,0 +1,74 @@ > +# Contributor: IT Offshore > +# Maintainer: > +pkgname=fwsnort > +pkgver=1.6.3 > +pkgrel=0 > +pkgdesc="Application layer IDS/IPS by translating snort rules into iptables" > +url="http://www.cipherdyne.org/fwsnort/" > +arch="noarch" > +license="GPL" > +depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools" > +depends_dev="wget" > +makedepends="$depends_dev" > +install="$pkgname.post-install" > +source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz > + fwsnort.up > + fwsnort.update > + " > + > +_builddir="$srcdir"/$pkgname-$pkgver > + > +build() { > + cd "$_builddir" > + > + #Disable Root requirement to build > + START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl) > + END=$(expr $START + 1) > + #Busybox sed does not support +1d > + sed -e ''$START','$END'd' ./install.pl -i > + > + #prevent chmod 0500 halting the build > + sed -e "s|0500|0755|" ./install.pl -i > + > + #change MAN path so package builds > + sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i > + > + # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test > + # avoids installation attempted into /etc /usr /var > + # -S disables dependency installs (we also build with the nodep sources) > + ./install.pl -S --install-test-dir > +} > + > +package() { > + cd "$_builddir" > + > + #create destinations before fakeroot runs > + mkdir -p $pkgdir/etc \ > + $pkgdir/usr \ > + $pkgdir/usr > + > + cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir > + > + # delete references to $pkgdir made by the installer > + cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf > + > + #fix permissions > + chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules > + chmod 0500 $pkgdir/usr/sbin/fwsnort > + chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf > + > + # install rule / signature update script > + install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort > + # install iptables rule splicing script > + install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort > +} > + > +md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz > +442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up > +4866ff4610b5f2aa56fa15a827b22179 fwsnort.update" > +sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz > +8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up > +b9753c29cace84014876f0d3b18c1c4c76ac1cbe1c83dd295b341b9e2897f61d fwsnort.update" > +sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz > +3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up > +0944c226600b380c504d36038948ef0c421a3d412a06d85cbb0b8397b4226ae966c5d94fe2f661c72865fed2afae1d698279c6a4e95fc8637281ddb6cb01b14d fwsnort.update" > diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install > new file mode 100644 > index 0000000..9b3fa0cb > --- /dev/null > +++ b/testing/fwsnort/fwsnort.post-install > @@ -0,0 +1,13 @@ > +#!/bin/sh > +# fwsnort post install script > +############################# > + > +/usr/bin/update-fwsnort will this need network to work? Remember that on tmpfs installs, the network is not initialized when packages are installed to tmpfs. > + > +#setup cron to update signatures daily > +echo "0 15 * * * /usr/bin/update-fwsnort 2>&1 >> /var/log/fwsnort_update.log" >> /etc/crontabs/root Why no ship an /etc/periodic/daily/fwsnort file? if you ship it within the apk it will be removed when package is uninstalled. Otherwise it will stay. > + > +echo "Daily root cron job created to update PSAD signatures & SNORT rules" > +echo "/etc/network/pre-if-up.d/fwsnort created to add SNORT rules to iptables automatically" > + > +exit 0 > diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up > new file mode 100644 > index 0000000..b750f59 > --- /dev/null > +++ b/testing/fwsnort/fwsnort.up > @@ -0,0 +1,5 @@ > +#!/bin/sh > + > +#splice fwsnort rules into iptables whenever the network comes up > +/var/lib/fwsnort/fwsnort.sh > + > diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update > new file mode 100644 > index 0000000..e94e1eb > --- /dev/null > +++ b/testing/fwsnort/fwsnort.update > @@ -0,0 +1,18 @@ > +#!/bin/sh > +# update fwsnort & psad signatures > + > +# clear update log (rewritten daily by cron) > +if [ -f /var/log/fwsnort_update.log ]; then > + rm -rf /var/log/fwsnort_update.log > +fi > + > +/usr/sbin/fwsnort --update-rules > +/usr/sbin/fwsnort > +/var/lib/fwsnort/fwsnort.sh > + > +if ps aux | grep psad; then > + psad --sig-update > + echo "running 'psad -H'" > + psad -H > +fi > + --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---