~alpine/devel

[alpine-devel] v1 PROPOSED

IT Offshore: 2
 Revised APKBUILD for inetutils-syslogd into testing
 Revised APKBUILD for FWSNORT into testing

 12 files changed, 387 insertions(+), 0 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.alpinelinux.org/~alpine/devel/patches/574/mbox | git am -3
Learn more about email & git

[alpine-devel] [PATCH 1/2] Revised APKBUILD for inetutils-syslogd into testing Export this patch

re-submitted complete patch correcting:

post-install / post-deinstall:

Both now fully interactive for adding & removing busybox syslog / inetutils-syslogd
to the Boot Runlevel.
They also do not stop or start any services. Instead a status message shows if services
are started or stopped (cron will be stopped if either syslog is removed)
---
 testing/inetutils-syslogd/APKBUILD                 | 90 ++++++++++++++++++++++
 testing/inetutils-syslogd/inetutils-syslogd.confd  |  9 +++
 testing/inetutils-syslogd/inetutils-syslogd.initd  | 50 ++++++++++++
 .../inetutils-syslogd/inetutils-syslogd.logrotate  | 38 +++++++++
 .../inetutils-syslogd.post-deinstall               | 21 +++++
 .../inetutils-syslogd.post-install                 | 26 +++++++
 testing/inetutils-syslogd/syslog.conf              | 38 +++++++++
 7 files changed, 272 insertions(+)
 create mode 100644 testing/inetutils-syslogd/APKBUILD
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.confd
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.initd
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.logrotate
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
 create mode 100644 testing/inetutils-syslogd/inetutils-syslogd.post-install
 create mode 100644 testing/inetutils-syslogd/syslog.conf

diff --git a/testing/inetutils-syslogd/APKBUILD b/testing/inetutils-syslogd/APKBUILD
new file mode 100644
index 0000000..88d5f16
--- /dev/null
+++ b/testing/inetutils-syslogd/APKBUILD
@@ -0,0 +1,90 @@
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# Maintainer:
pkgname=inetutils-syslogd
_pkgname=inetutils
pkgver=1.9.1
pkgrel=0
pkgdesc="A small syslogd for logging to multiple files"
url="http://www.gnu.org/software/inetutils/"
arch="all"
license="GPL3"
depends="readline ncurses"
depends_dev=""
makedepends="$depends_dev"
install="$pkgname.post-install $pkgname.post-deinstall"
subpackages="$pkgname-doc"
source="http://ftp.gnu.org/gnu/inetutils/${_pkgname}-${pkgver}.tar.gz
	inetutils-syslogd.initd
	inetutils-syslogd.confd
	syslog.conf
	inetutils-syslogd.logrotate
	"

_builddir="$srcdir"/$_pkgname-$pkgver

build() {
	cd "$_builddir"

        ./configure \
                --build=$CBUILD \
                --host=$CHOST \
                --prefix=/usr \
		--libexec=/usr/sbin \
                --sysconfdir=/etc \
                --mandir=/usr/share/man \
                --infodir=/usr/share/info \
                --localstatedir=/var \
		--without-wrap --without-pam \
                --disable-ftp --disable-ftpd \
      		--disable-telnet --disable-telnetd \
         	--disable-talk --disable-talkd \
         	--disable-rlogin --disable-rlogind \
         	--disable-rsh --disable-rshd \
	        --disable-rexec --disable-rexecd \
        	--disable-rcp --disable-hostname \
	        --disable-tftp --disable-tftpd \
        	--disable-ping --disable-ping6 \
	        --disable-logger --enable-syslogd \
        	--disable-inetd --disable-whois \
	        --disable-uucpd --disable-ifconfig --disable-traceroute \
		|| return 1
        make || return 1
}

check() {
  cd "$srcdir/${_pkgname}-${pkgver}"
  make check
}

package() {
	cd "$_builddir"
	make DESTDIR="${pkgdir}" install
	#binary installed to /usr/sbin not bin
	rm -rf $pkgdir/usr/bin

	#install init script & config defaults
        install -m755 -D "$srcdir"/$pkgname.initd \
                "$pkgdir"/etc/init.d/$pkgname || return 1
        install -m644 -D "$srcdir"/$pkgname.confd \
                "$pkgdir"/etc/conf.d/$pkgname || return 1
	install -m644 -D "$srcdir"/syslog.conf \
                "$pkgdir"/etc/syslog.conf || return 1
	install -m644 -D "$srcdir"/inetutils-syslogd.logrotate \
                "$pkgdir"/etc/logrotate.d/inetutils-syslogd || return 1
}

md5sums="944f7196a2b3dba2d400e9088576000c  inetutils-1.9.1.tar.gz
6f0deb2a07439638161d03fd887d4fad  inetutils-syslogd.initd
edf3f502d9f2bf49c5da8cb37a927d06  inetutils-syslogd.confd
506560780445d5a7b30e2e3c96efa19d  syslog.conf
9980ae54a3791c7f9d1d3baa04698e2a  inetutils-syslogd.logrotate"
sha256sums="02a9ebde8a198cb85f87545b9d88fb103a183958139864a85fe9e027ad79ff2b  inetutils-1.9.1.tar.gz
1cf71f3656dceba3ddf0543a43a98e644a0b42999ba80b9f72318ee578c9ff53  inetutils-syslogd.initd
86105f0a0105f50275f7381b5d7fe603b8d854a0e6753c2f06f6d0c234562948  inetutils-syslogd.confd
a991140072f0ff1a0d3b3e593eb5935fcca0c00f93436022b9055c7450decdf9  syslog.conf
2b3e73b1a808cabd54dd3c3b78573cdf759422fa3c7b64f15838ce0830edaa31  inetutils-syslogd.logrotate"
sha512sums="69267bfa3cae34f6145caad668dc2e9385701fb52a144640e9893fa7f0b7694eacd1fe579de3fb7190e8485b26c00337ded136488694c399b0fc290f7eec303c  inetutils-1.9.1.tar.gz
e70d0e244fcc30e94f846b82b4ec7318b5582f512bd715fb5bd9178d7be5ede0e5b53e29431a2db5177ce2f31fc306900b3a1297a658e84b2671f3ad5153b81c  inetutils-syslogd.initd
82968692b4fe79706aacaeb1021b343288dc4f1d86925481796dac1f743a8269976ce86bf446cd0c16d246b918e5822e312660b201407eb7031a17cb398c9513  inetutils-syslogd.confd
5abb2a0309c9e180d7cacf97917044a8d3573fdf4d5902d757788fb687800900b47a02c6ec4a113475931176b52a1c2ba0771452bfb301a11b5aa0230377872d  syslog.conf
30741cf17a86a0bf39404882711d827e200a2d22cdba873e49f1a871f8d113cfe5bb1ddf3206c44be888be15aa09104656f9bd26406abb42c9b6fed0624d0bfb  inetutils-syslogd.logrotate"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.confd b/testing/inetutils-syslogd/inetutils-syslogd.confd
new file mode 100644
index 0000000..dfcc1cb
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.confd
@@ -0,0 +1,9 @@
#
# inetutils syslogd defaults
#

# Internet connections are enabled if forwarding (which is the default).
# Example option to add a socket for chroot jailed openvpn server
#SYSLOGD_OPTS="--no-forward -a /etc/openvpn/jail/dev/log"

SYSLOGD_OPTS="--no-forward"
diff --git a/testing/inetutils-syslogd/inetutils-syslogd.initd b/testing/inetutils-syslogd/inetutils-syslogd.initd
new file mode 100644
index 0000000..6baad86
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.initd
@@ -0,0 +1,50 @@
#!/sbin/runscript

# This file is part of inetutils-syslogd
# Created for Alpine Linux by IT Offshore <developer@it-offshore.co.uk>

name=syslogd
daemon=/usr/sbin/$name
config_file="/etc/syslog.conf"

depend() {
	need clock hostname localmount
        provide logger
}

check_config() {
        [ -f "$config_file" ] || error "$config_file is missing"
}

start_pre() {
        check_config || return 1
}

start() {
	ebegin "Starting ${name}"
		start-stop-daemon --start --quiet \
			--pidfile /var/run/${name}.pid \
			--exec ${daemon} -- ${SYSLOGD_OPTS}
	eend $?
}

stop() {
	ebegin "Stopping ${name}"
		start-stop-daemon --stop --quiet \
			--pidfile /var/run/$name.pid \
			--exec ${daemon}
	eend $?
}

reload() {
        if [ ! -f "${PIDFILE}" ]; then
                eerror "rsyslogd not running"
                return 1
        fi

        ebegin "Re-opening intetutils-syslogd log files"
        start-stop-daemon --stop --signal HUP \
                --pidfile /var/run/$name.pid
        eend $?
}

diff --git a/testing/inetutils-syslogd/inetutils-syslogd.logrotate b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
new file mode 100644
index 0000000..9edb145
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.logrotate
@@ -0,0 +1,38 @@
/var/log/syslog
{
	rotate 7
	daily
	missingok
	notifempty
	delaycompress
	compress
	postrotate
		/etc/init.d/inetutils-syslogd reload &>/dev/null || true
	endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
	rotate 4
	weekly
	missingok
	notifempty
	compress
	delaycompress
	sharedscripts
	postrotate
		/etc/init.d/inetutils-syslogd reload &>/dev/null || true
	endscript
}

diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
new file mode 100644
index 0000000..86eb1df
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-deinstall
@@ -0,0 +1,21 @@
#!/bin/sh

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}
print_info "Would you like to add BusyBox Syslog to the Boot Runlevel ? [ Enter or Y to enable ]: "; read ans

if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
	rc-update add syslog boot
fi

# show service status - cron will be stopped due to logger dependency
cron_status=$(rc-status | grep cron)
syslog_status=$(rc-status boot | grep syslog)
print_info "Service Status:"
echo;print_info "$cron_status\t$syslog_status"
echo;print_info "[ rc-service <service> <start stop restart> ]"


diff --git a/testing/inetutils-syslogd/inetutils-syslogd.post-install b/testing/inetutils-syslogd/inetutils-syslogd.post-install
new file mode 100644
index 0000000..3434cdb
--- /dev/null
+++ b/testing/inetutils-syslogd/inetutils-syslogd.post-install
@@ -0,0 +1,26 @@
#!/bin/sh

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}

print_info "Would you like to remove BusyBox Syslog from the Boot Runlevel ? [ Enter or Y to remove ]:"; read ans
if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
        rc-update del syslog boot
fi

print_info "Would you like to add inetutils-syslogd to the Boot Runlevel ? [ Enter or Y to add ]:"; read ans
if [ -z "$ans" ] || [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then
        rc-update add inetutils-syslogd boot
fi

# show service status
inetutils_status=$(rc-status boot | grep inetutils-syslogd)
syslog_status=$(rc-status boot | grep syslog)

print_info "Service Status:"
echo;print_info "$inetutils_status\t$syslog_status"
echo;print_info "[ rc-service <service> <start stop restart> ]"
exit 0
diff --git a/testing/inetutils-syslogd/syslog.conf b/testing/inetutils-syslogd/syslog.conf
new file mode 100644
index 0000000..27141bf
--- /dev/null
+++ b/testing/inetutils-syslogd/syslog.conf
@@ -0,0 +1,38 @@
#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog
cron.*                          /var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*                          -/var/log/kern.log
lpr.*                           -/var/log/lpr.log
mail.*                          -/var/log/mail.log
user.*                          -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info                       -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

[alpine-devel] [PATCH 2/2] Revised APKBUILD for FWSNORT into testing Export this patch

re-submitted complete patch for FWSNORT correcting:

periodic.daily - now updates the SNORT rules / PSAD signatures daily.

fwsnort.post-install - now just shows a message to update signatures manually
(to avoid any problems with installations on tmpfs).

fwsnort.update - update script for FWSNORT & PSAD (if PSAD exists).

fwsnort.up - lives in /etc/network/if-pre-up.d/ to put the SNORT rules into iptables every time networking comes up.
---
 testing/fwsnort/APKBUILD             | 81 ++++++++++++++++++++++++++++++++++++
 testing/fwsnort/fwsnort.post-install | 13 ++++++
 testing/fwsnort/fwsnort.up           |  5 +++
 testing/fwsnort/fwsnort.update       | 11 +++++
 testing/fwsnort/periodic.daily       |  5 +++
 5 files changed, 115 insertions(+)
 create mode 100644 testing/fwsnort/APKBUILD
 create mode 100644 testing/fwsnort/fwsnort.post-install
 create mode 100644 testing/fwsnort/fwsnort.up
 create mode 100644 testing/fwsnort/fwsnort.update
 create mode 100644 testing/fwsnort/periodic.daily

diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD
new file mode 100644
index 0000000..fcf7869
--- /dev/null
+++ b/testing/fwsnort/APKBUILD
@@ -0,0 +1,81 @@
# Contributor: IT Offshore <developer@it-offshore.co.uk>
# Maintainer:
pkgname=fwsnort
pkgver=1.6.3
pkgrel=0
pkgdesc="Application layer IDS/IPS by translating snort rules into iptables"
url="http://www.cipherdyne.org/fwsnort/"
arch="noarch"
license="GPL"
depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools"
depends_dev="wget"
makedepends="$depends_dev"
install="$pkgname.post-install"
source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz
        fwsnort.up
        fwsnort.update
	periodic.daily
        "

_builddir="$srcdir"/$pkgname-$pkgver

build() {
	cd "$_builddir"

	#Disable Root requirement to build
        START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl)
        END=$(expr $START + 1)
        #Busybox sed does not support +1d
        sed -e ''$START','$END'd' ./install.pl -i

	#prevent chmod 0500 halting the build
    sed -e "s|0500|0755|" ./install.pl -i

	#change MAN path so package builds
    sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i

	# --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test
	# avoids installation attempted into /etc /usr /var
	# -S disables dependency installs (we also build with the nodep sources)
	./install.pl -S --install-test-dir
}

package() {
	cd "$_builddir"

	#create destinations before fakeroot runs
	mkdir -p $pkgdir/etc \
                 $pkgdir/usr \
                 $pkgdir/usr

        cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir

        # delete references to $pkgdir made by the installer
        cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf

	#fix permissions
	chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules
	chmod 0500 $pkgdir/usr/sbin/fwsnort
	chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf

	# install rule / signature update script
        install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort
	# install iptables rule splicing script
	install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort
	# install daily cron
        install -Dm755 "$srcdir"/periodic.daily "$pkgdir"/etc/periodic/daily/fwsnort

}

md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7  fwsnort-nodeps-1.6.3.tar.gz
442039bc04d553c7c5f9d3fc4269cc71  fwsnort.up
57afe59d948bd559e9728cee34bfd721  fwsnort.update
80bd0a7b0c1392e8a279d95e06120ca4  periodic.daily"
sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2  fwsnort-nodeps-1.6.3.tar.gz
8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359  fwsnort.up
f0be3ec5846f075537c05389874cb66babff942d618bef7964511199563fbdd7  fwsnort.update
f080f4cb0b8e915a5d3af798b46b13fee0d2258d9c8c9dffafa4ecc0b9e1bbe6  periodic.daily"
sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48  fwsnort-nodeps-1.6.3.tar.gz
3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f  fwsnort.up
bfcb2a4c5dd91eea6e1983ec660e6c5f8915dc87ce1e7650dd6a92fdc7a52e207f710792d75d470a16fe83da223b6aa45b95e4d53c912144ae2a306855b70fa6  fwsnort.update
763b459d43319e9b6678a5addd96b3542c629379f9f11095bc158b1ef08b039cd776ceedd6207953ab01000804d7580a3a8223b352b407d3cc6a05c27d96fcb0  periodic.daily"
diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install
new file mode 100644
index 0000000..8f986db
--- /dev/null
+++ b/testing/fwsnort/fwsnort.post-install
@@ -0,0 +1,13 @@
#!/bin/sh
# fwsnort post install script
#############################

print_info() {
    echo -n -e '\e[1;36m'
    echo -n -e $1
    echo -e '\e[0m'
}

print_info "FWSNORT installed & daily signature updates configured"
echo; print_info "To update now run:\t/usr/bin/update-fwsnort"
exit 0
diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up
new file mode 100644
index 0000000..b750f59
--- /dev/null
+++ b/testing/fwsnort/fwsnort.up
@@ -0,0 +1,5 @@
#!/bin/sh

#splice fwsnort rules into iptables whenever the network comes up
/var/lib/fwsnort/fwsnort.sh

diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update
new file mode 100644
index 0000000..53d859c
--- /dev/null
+++ b/testing/fwsnort/fwsnort.update
@@ -0,0 +1,11 @@
#!/bin/sh
# update fwsnort & psad signatures

/usr/sbin/fwsnort --update-rules

if ps aux | grep psad; then
   psad --sig-update
   echo "running 'psad -H'"
   psad -H
fi

diff --git a/testing/fwsnort/periodic.daily b/testing/fwsnort/periodic.daily
new file mode 100644
index 0000000..ffc785d
--- /dev/null
+++ b/testing/fwsnort/periodic.daily
@@ -0,0 +1,5 @@
#!/bin/sh
#update FWSNORT Rules & PSAD signatures daily
/usr/bin/update-fwsnort
exit 0

-- 
1.8.4.2



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---