diff options
| author | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
|---|---|---|
| committer | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
| commit | f97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch) | |
| tree | 297ea34dee3ae68d71ca4a5175d1d478ce69be76 | |
| parent | 9cce2f098d5d77a2748952e1221127b9f0614566 (diff) | |
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
| -rw-r--r-- | pcr/barnyard2/PKGBUILD | 44 | ||||
| -rw-r--r-- | pcr/perl-iptables-chainmgr/PKGBUILD | 22 | ||||
| -rw-r--r-- | pcr/perl-unix-syslog/PKGBUILD | 33 | ||||
| -rw-r--r-- | pcr/psad/PKGBUILD | 66 | ||||
| -rw-r--r-- | pcr/psad/psad-systemdinit.archlinux | 12 | ||||
| -rw-r--r-- | pcr/psad/psad-sysvinit.archlinux | 52 | ||||
| -rw-r--r-- | pcr/psad/psad.patch1 | 37 | ||||
| -rw-r--r-- | pcr/psad/responses | 7 | ||||
| -rw-r--r-- | pcr/pulledpork/PKGBUILD | 19 | ||||
| -rw-r--r-- | pcr/snort/PKGBUILD | 51 | ||||
| -rw-r--r-- | pcr/snort/snort | 41 | ||||
| -rw-r--r-- | pcr/snort/snort.conf.d | 21 | ||||
| -rw-r--r-- | pcr/snort/snort.install | 26 | ||||
| -rw-r--r-- | pcr/vuurmuur/PKGBUILD | 139 | ||||
| -rw-r--r-- | pcr/vuurmuur/modules.conf | 3 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.install | 27 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.rc | 114 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.script | 88 | ||||
| -rw-r--r-- | pcr/vuurmuur/vuurmuur.service | 13 | ||||
| -rw-r--r-- | pcr/xtables-addons/PKGBUILD | 35 |
20 files changed, 850 insertions, 0 deletions
diff --git a/pcr/barnyard2/PKGBUILD b/pcr/barnyard2/PKGBUILD new file mode 100644 index 000000000..7b52c952c --- /dev/null +++ b/pcr/barnyard2/PKGBUILD @@ -0,0 +1,44 @@ +# Contributor: Commiebstrd<spenserreinhardt@gmail.com> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io> + +pkgname=barnyard2 +pkgver=1 +pkgrel=9 +pkgdesc="Barnyard2 is a fork of the original barnyard project, designed specifically for Snort's new unified2 file format. Barnyard2 is under active development and continues to adapt based on user feedback." +arch=('i686' 'x86_64') +url="http://www.securixlive.com/barnyard2/index.php" +license=('GPLv2') +depends=('snort' 'mysql') +source=("http://www.securixlive.com/download/${pkgname}/${pkgname}-${pkgver}.${pkgrel}.tar.gz") + +package() { + + #configures and makes package + cd "${srcdir}/${pkgname}-${pkgver}.${pkgrel}" + ./configure --with-mysql + make + make DESTDIR="${pkgdir}" install + + #makes dir for /etc locations + mkdir "${pkgdir}/etc" -p + + #makes dirs for /var locations + mkdir "${pkgdir}/var" -p + mkdir "${pkgdir}/var/log" -p + mkdir "${pkgdir}/var/log/$pkgname" -p + + #makes /usr/bin, /usr should already be made from make\make install + mkdir "${pkgdir}/usr/bin" + + #copy barnyard2.conf to /etc/barnyard2.conf and executable to /usr/bin/ + cp "${pkgdir}/usr/local/etc/$pkgname.conf" "${pkgdir}/etc/" + cp "${pkgdir}/usr/local/bin/$pkgname" "${pkgdir}/usr/bin/" + + #file permission mods and creation of initial .waldo file + chmod 666 "${pkgdir}/var/log/$pkgname" + touch "${pkgdir}/var/log/$pkgname/$pkgname.waldo" + chown snort.snort "${pkgdir}/var/log/$pkgname/$pkgname.waldo" + + #not needed since conf is copied to /etc/ and barnyard is sent to /usr/bin + rm -rf "${pkgdir}/usr/local/" +} diff --git a/pcr/perl-iptables-chainmgr/PKGBUILD b/pcr/perl-iptables-chainmgr/PKGBUILD new file mode 100644 index 000000000..e45a1faf3 --- /dev/null +++ b/pcr/perl-iptables-chainmgr/PKGBUILD @@ -0,0 +1,22 @@ +# Contributor: Weirch Sodora <sodora@gmail.com> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=perl-iptables-chainmgr +pkgver=1.2 +pkgrel=1 +pkgdesc="IPTables::ChainMgr - Perl extension for manipulating iptables and ip6tables policies" +arch=('i686' 'x86_64') +url="http://search.cpan.org/~mrash/IPTables-ChainMgr/" +license=('GPL' 'PerlArtistic') +depends=('perl' 'iptables' 'perl-iptables-parse>=0.9' 'perl-netaddr-ip>=4.0') +options=('!emptydirs') +source=(http://search.cpan.org/CPAN/authors/id/M/MR/MRASH/IPTables-ChainMgr-$pkgver.tar.gz) + +build() { + cd $startdir/src/IPTables-ChainMgr-$pkgver + PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1 + make || return 1 + make install DESTDIR=$startdir/pkg || return 1 + find $startdir/pkg -name '.packlist' -delete + find $startdir/pkg -name '*.pod' -delete +} diff --git a/pcr/perl-unix-syslog/PKGBUILD b/pcr/perl-unix-syslog/PKGBUILD new file mode 100644 index 000000000..5f4acd962 --- /dev/null +++ b/pcr/perl-unix-syslog/PKGBUILD @@ -0,0 +1,33 @@ +# Contributor: Justin Davis <jrcd83@gmail.com> +# Generator : CPANPLUS::Dist::Arch 1.04 +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname='perl-unix-syslog' +pkgver='1.1' +pkgrel='1' +pkgdesc="Interface to syslog functions in a C-library" +arch=('any') +license=('PerlArtistic' 'GPL') +options=('!emptydirs') +depends=('glibc>=2.12.1' 'perl') +url='http://search.cpan.org/dist/Unix-Syslog' +source=('http://search.cpan.org/CPAN/authors/id/M/MH/MHARNISCH/Unix-Syslog-1.1.tar.gz') + +build() { + PERL=/usr/bin/perl + DIST_DIR="${srcdir}/Unix-Syslog-1.1" + export PERL_MM_USE_DEFAULT=1 PERL5LIB="" \ + PERL_AUTOINSTALL=--skipdeps \ + PERL_MM_OPT="INSTALLDIRS=vendor DESTDIR='$pkgdir'" \ + PERL_MB_OPT="--installdirs vendor --destdir '$pkgdir'" \ + MODULEBUILDRC=/dev/null + + { cd "$DIST_DIR" && + $PERL Makefile.PL && + make && + make test && + make install; + } || return 1; + + find "$pkgdir" -name .packlist -o -name perllocal.pod -delete +} diff --git a/pcr/psad/PKGBUILD b/pcr/psad/PKGBUILD new file mode 100644 index 000000000..145625e89 --- /dev/null +++ b/pcr/psad/PKGBUILD @@ -0,0 +1,66 @@ +# Maintainer: Artur Wojcik <xartii at gmail dot com> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=psad +pkgver=2.2 +pkgrel=2 +pkgdesc="A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic" +arch=('i686 x86_64') +url="http://cipherdyne.org/psad/" +license=('GPL') +depends=('perl-bit-vector' 'perl-date-calc' 'perl-iptables-chainmgr' 'perl-iptables-parse' 'perl-net-ipv4addr' 'perl-storable' 'perl-unix-syslog' 'net-tools') +source=("http://cipherdyne.org/psad/download/$pkgname-$pkgver.tar.gz" "responses" "psad-sysvinit.archlinux" "psad-systemdinit.archlinux" "psad.patch1") + +build() { + cd "$srcdir/$pkgname-$pkgver" + cp $srcdir/psad-sysvinit.archlinux init-scripts/psad-init.archlinux + if [ ! -e responses ]; then + ln $srcdir/responses responses -s; + fi + patch -p1 -i $srcdir/psad.patch1 + + #Create the dirs it will need to make the program + mkdir -p $pkgdir/etc/psad \ + $pkgdir/etc/rc.d \ + $pkgdir/usr/bin \ + $pkgdir/usr/sbin \ + $pkgdir/usr/share/man/man8 \ + $pkgdir/var/lib/psad \ + $pkgdir/var/log/psad \ + $pkgdir/var/run/psad \ + $pkgdir/usr/lib/psad \ + $pkgdir/usr/lib/systemd/system + #Set the config dirs + sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \ + -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \ + -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \ + ./install.pl -i + sed -e "s|/var/log/psad|$pkgdir&|" \ + -e "s|/var/run/psad|$pkgdir&|" \ + -e "s|/var/lib/psad|$pkgdir&|" \ + -e "s|/usr/lib/psad|$pkgdir&|" \ + -e "s|/etc/psad|$pkgdir&|" \ + -e "s|/usr/bin/whois_psad|$pkgdir&|" \ + -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \ + -e "s|/usr/sbin/psadwatchd|$pkgdir&|" \ + -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \ + -e "s|/usr/sbin/psad|$pkgdir&|" \ + ./psad.conf -i + + #hope that things work + ./install.pl --init-dir "$pkgdir/etc/rc.d/" < responses + + #add the systemd service file + cp $srcdir/psad-systemdinit.archlinux $pkgdir/usr/lib/systemd/system/psad.service + + # Fix the config + sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i + sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i + + #Set correct permissions + chmod 0700 $pkgdir/var/lib/psad + + +} + +# vim:set ts=2 sw=2 et: diff --git a/pcr/psad/psad-systemdinit.archlinux b/pcr/psad/psad-systemdinit.archlinux new file mode 100644 index 000000000..991aa7423 --- /dev/null +++ b/pcr/psad/psad-systemdinit.archlinux @@ -0,0 +1,12 @@ +[Unit] +Description=Port scan attack detector +After=iptables.service + +[Service] +ExecStart=/usr/sbin/psad +ExecStop=/usr/sbin/psad --Kill +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/pcr/psad/psad-sysvinit.archlinux b/pcr/psad/psad-sysvinit.archlinux new file mode 100644 index 000000000..6b4e76042 --- /dev/null +++ b/pcr/psad/psad-sysvinit.archlinux @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Startup script for psad +# +# chkconfig: 345 99 05 +# description: The Port Scan Attack Detector (psad) +# processname: psad +# pidfile: /var/run/psad.pid +# config: /etc/psad/psad.conf +# +# $Id: psad-init.archlinux + +. /etc/rc.conf +. /etc/rc.d/functions +. /etc/conf.d/sshd + +PID=`cat /var/run/psad.pid` +# See how we were called. +case "$1" in +start) + stat_busy "Starting psad" + [ -z "$PID" ] && /usr/sbin/psad + if [ $? -gt 0 ]; then + stat_fail + else + #let psad take care of the pid; we don't need to + add_daemon psad + stat_done + fi + ;; +stop) + stat_busy "Stopping psad" + /usr/sbin/psad --Kill + if [ $? -gt 0 ]; then + stat_fail + else + #let psad take care of the pid; we don't need to + rm_daemon psad + stat_done + fi + ;; +status) + /usr/sbin/psad --Status + ;; +restart) + $0 stop + $0 start + ;; +*) + echo "Usage: psad {start|stop|status|restart}" + exit 1 +esac diff --git a/pcr/psad/psad.patch1 b/pcr/psad/psad.patch1 new file mode 100644 index 000000000..98ddd9a60 --- /dev/null +++ b/pcr/psad/psad.patch1 @@ -0,0 +1,37 @@ +--- psad-2.2/install.pl 2012-04-21 04:43:46.000000000 +0200 ++++ psad-2.2/install.pl 2012-10-13 16:05:03.302818330 +0200 +@@ -752,6 +752,8 @@ + $init_file = 'init-scripts/psad-init.fedora'; + } elsif ($distro eq 'gentoo') { + $init_file = 'init-scripts/psad-init.gentoo'; ++ } elsif ($distro eq 'archlinux') { ++ $init_file = 'init-scripts/psad-init.archlinux'; + } else { + $init_file = 'init-scripts/psad-init.generic'; + } +@@ -773,13 +775,14 @@ + if ($preserve_rv) { + &logr("\n[+] psad has been installed (with your original config merged).\n"); + } else { +- &logr("\n[+] psad has been installed.\n"); ++ &logr("\n[+] psad has been compiled.\n"); ++ &logr("\n[+] use pacman -U to install.\n"); + } + if ($installed_init_script) { + if ($init_dir) { +- &logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n"); ++ #&logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n"); + } else { +- &logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n"); ++ #&logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n"); + } + } + +@@ -1748,6 +1751,7 @@ + + sub get_distro() { + return 'gentoo' if -e '/etc/gentoo-release'; ++ return 'archlinux' if -e '/etc/archlinux-release'; + if (-e '/etc/issue') { + ### Red Hat Linux release 6.2 (Zoot) + open ISSUE, '< /etc/issue' or diff --git a/pcr/psad/responses b/pcr/psad/responses new file mode 100644 index 000000000..715dfaf1a --- /dev/null +++ b/pcr/psad/responses @@ -0,0 +1,7 @@ +n +n +y +n +n +n + diff --git a/pcr/pulledpork/PKGBUILD b/pcr/pulledpork/PKGBUILD new file mode 100644 index 000000000..db7aa9d0d --- /dev/null +++ b/pcr/pulledpork/PKGBUILD @@ -0,0 +1,19 @@ +# Contributor: Isaac C. Aronson <i@pingas.org> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io> + +pkgname=pulledpork +pkgver=0.6.1 +pkgrel=3 +pkgdesc="Tool to automatically update rules for snort" +arch=('any') +url="http://code.google.com/p/pulledpork" +license=('GPL') +depends=('perl' 'perl-lwp-protocol-https' 'perl-crypt-ssleay' 'perl-archive-tar' 'perl-switch') +optdepends=('snort') +source=(http://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz) + +package() { + cd $srcdir/$pkgname-$pkgver + install -Dm644 etc/pulledpork.conf $pkgdir/etc/pulledpork.conf + install -Dm755 pulledpork.pl $pkgdir/usr/sbin/pulledpork.pl +} diff --git a/pcr/snort/PKGBUILD b/pcr/snort/PKGBUILD new file mode 100644 index 000000000..2439a1c73 --- /dev/null +++ b/pcr/snort/PKGBUILD @@ -0,0 +1,51 @@ +# $Id: PKGBUILD 78820 2012-10-25 06:47:28Z foutrelis $ +# Contributor: Lukas Fleischer <archlinux at cryptocrack dot de> +# Contributor: Hugo Doria <hugo@archlinux.org> +# Contributor: Kessia 'even' Pinheiro <kessiapinheiro at gmail.com> +# Contributor: dorphell <dorphell@archlinux.org> +# Contributor: Gregor Ibic <gregor.ibic@intelicom.si> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.io> + +pkgname=snort +pkgver=2.9.3.1 +pkgrel=1 +pkgdesc='A lightweight network intrusion detection system.' +arch=('i686' 'x86_64') +url='http://www.snort.org' +license=('GPL') +depends=('libdaq' 'libdnet' 'libpcap' 'pcre' 'zlib') +makedepends=('ca-certificates') +backup=('etc/conf.d/snort' + 'etc/snort/snort.conf' + 'etc/snort/threshold.conf' + 'etc/snort/confreference.config' + 'etc/snort/classification.config') +options=('!makeflags' '!libtool') +install='snort.install' +source=("http://www.snort.org/dl/snort-current/${pkgname}-${pkgver}.tar.gz"{,.sig} + 'snort' + 'snort.conf.d') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure --prefix=/usr --sysconfdir=/etc/snort --with-libpcap-includes=/usr/include/pcap \ + --without-mysql --without-postgresql --without-oracle --without-odbc --enable-zlib \ + --enable-ipv6 + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + mkdir -p "${pkgdir}/"{etc/rc.d,etc/snort/rules} + + install -d -m755 "${pkgdir}/var/log/snort" + install -D -m644 etc/{*.conf*,*.map} "${pkgdir}/etc/snort/" + install -D -m644 "${srcdir}/snort.conf.d" "${pkgdir}/etc/conf.d/snort" + install -D -m755 "${srcdir}/snort" "${pkgdir}/etc/rc.d/snort" + + sed -i 's#/usr/local/lib/#/usr/lib/#' "${pkgdir}/etc/snort/snort.conf" +} diff --git a/pcr/snort/snort b/pcr/snort/snort new file mode 100644 index 000000000..5dfa72fbf --- /dev/null +++ b/pcr/snort/snort @@ -0,0 +1,41 @@ +#!/bin/bash + +. /etc/rc.conf +. /etc/rc.d/functions + +# source application-specific settings +[ -f /etc/conf.d/snort ] && . /etc/conf.d/snort + +PID=`pidof -o %PPID /usr/bin/snort` +case "$1" in + start) + stat_busy "Starting Intrusion Database System: SNORT" + [ -z "$PID" ] && /usr/bin/snort ${SNORT_OPTIONS} -u ${USER} -g ${GROUP} \ + -i ${INTERFACE} -c ${SNORT_CONF} + if [ $? -gt 0 ]; then + stat_fail + else + add_daemon snort + stat_done + fi + ;; + + stop) + stat_busy "Stopping Intrusion Database System: SNORT" + [ ! -z "$PID" ] && kill $PID &> /dev/null + if [ $? -gt 0 ]; then + stat_fail + else + rm_daemon snort + stat_done + fi + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" +esac +exit 0 diff --git a/pcr/snort/snort.conf.d b/pcr/snort/snort.conf.d new file mode 100644 index 000000000..86b566abc --- /dev/null +++ b/pcr/snort/snort.conf.d @@ -0,0 +1,21 @@ +# +# Parameters to be passed to snort +# + +# options taken from Fedora +# http://cvs.fedoraproject.org/viewcvs/devel/snort/sysconfig.snort?rev=1.2&view=markup + +# Where is the snort.conf file. +SNORT_CONF="/etc/snort/snort.conf" + +# What user account should we run under. +USER="snort" + +# What group account should we run under. +GROUP="snort" + +# define the interface we listen on +INTERFACE="eth0" + +# If you are using prelude, delete the '-A fast' option +SNORT_OPTIONS="-A fast -b -l /var/log/snort -D -p" diff --git a/pcr/snort/snort.install b/pcr/snort/snort.install new file mode 100644 index 000000000..673f22c6c --- /dev/null +++ b/pcr/snort/snort.install @@ -0,0 +1,26 @@ +post_install() { + getent group snort >/dev/null || usr/sbin/groupadd -g 29 snort + getent passwd snort >/dev/null || usr/sbin/useradd -c 'Snort user' -u 29 -g snort -d /var/log/snort -s /bin/false snort + usr/bin/passwd -l snort &>/dev/null + + [ -f var/log/snort/alert ] || : >var/log/snort/alert + chown snort.snort var/log/snort/ -R + +cat << _EOF + +>>> You have to edit the HOME_NET variable in the /etc/snort/snort.conf file to reflect your local network. +>>> If you do not change it, snort may not work. + +_EOF +} + +post_upgrade() { + post_install $1 +} + +pre_remove() { + usr/sbin/userdel snort &>/dev/null + usr/sbin/groupdel snort &>/dev/null +} + +# vim:set ts=2 sw=2 et: diff --git a/pcr/vuurmuur/PKGBUILD b/pcr/vuurmuur/PKGBUILD new file mode 100644 index 000000000..8aed82655 --- /dev/null +++ b/pcr/vuurmuur/PKGBUILD @@ -0,0 +1,139 @@ +# vim:set ts=2 sw=2 et ft=sh tw=100: expandtab +# Contributor: Piotr Rogoża <rogoza dot piotr at gmail dot com> +# Contributor: skydrome <skydrome@i2pmail.org> +# Contributor: Valere Monseur <valere_monseur@hotmail.com> +# Contributor: Phillip Smith <fukawi2@NO-SPAM.gmail.com> +# Contributor: (asper, noob +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=vuurmuur +_pkgname=Vuurmuur +pkgver=0.7 +pkgrel=1 +pkgdesc='powerful front-end for iptables aimed at system-administrators who need a decent firewall, but dont have netfilter specific knowledge' +arch=('i686' 'x86_64') +url='http://www.vuurmuur.org' +license=('GPL') +install='vuurmuur.install' +depends=('iptables' 'ncurses' 'libjpeg') +optdepends=('conntrack-tools: for connection tracking' + 'iproute2: for traffic shapping' + 'iptrafvol: for traffic volume logging') +conflicts=(vuurmuur-devel) +backup=('etc/vuurmuur/config.conf' + 'etc/vuurmuur/modules.conf' + 'etc/vuurmuur/vuurmuur_conf.conf' + 'etc/vuurmuur/plugins/textdir.conf' + 'etc/logrotate.d/vuurmuur') +source=( +ftp://ftp.vuurmuur.org/releases/$pkgver/${_pkgname}-$pkgver.tar.gz +modules.conf +vuurmuur.rc +vuurmuur.service +vuurmuur.script +) +build() { + cd ${srcdir}/${_pkgname}-${pkgver} + + for archive in libvuurmuur vuurmuur vuurmuur_conf; do + [[ ! -d "$archive" ]] && + tar xzf ${archive}-${pkgver}.tar.gz + done + + msg "building vuurmuur libraries..." + pushd libvuurmuur-${pkgver} + ./configure --prefix=/usr --sysconfdir=/etc + make + popd + + msg "building vuurmuur..." + pushd vuurmuur-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${pkgname}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" + make + popd + + msg "building vuurmuur_conf..." + pushd vuurmuur_conf-${pkgver} + sed -i 's|-rpath|-rpath-link|' configure + LDFLAGS+="-L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src \ + -L${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src/.libs \ + -Wl,-rpath=/usr/lib/${pkgname}/plugins" \ + ./configure --prefix=/usr --sysconfdir=/etc \ + --with-libvuurmuur-includes="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" \ + --with-libvuurmuur-libraries="${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/src" + make + popd +} + +package() { + cd ${srcdir}/${_pkgname}-${pkgver} + + pushd libvuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur-${pkgver} + make DESTDIR=${pkgdir} install + popd + + pushd vuurmuur_conf-${pkgver} + make DESTDIR=${pkgdir} install + popd + + # make directory structure + install -dm700 ${pkgdir}/etc/${pkgname} + install -dm700 ${pkgdir}/etc/${pkgname}/plugins + install -dm700 ${pkgdir}/etc/logrotate.d/ + install -dm755 ${pkgdir}/usr/share/${pkgname}/textdir/{interfaces,services,zones,rules} + install -dm700 ${pkgdir}/var/log/${pkgname} + + # install daemon and log + install -Dm755 ${srcdir}/vuurmuur.rc ${pkgdir}/etc/rc.d/${pkgname} + install -Dm644 ${pkgdir}/usr/share/${pkgname}/scripts/vuurmuur-logrotate ${pkgdir}/etc/logrotate.d/${pkgname} + + # install systemd's files + install -Dm755 $srcdir/vuurmuur.script $pkgdir/usr/lib/systemd/scripts/vuurmuur + install -Dm644 $srcdir/vuurmuur.service $pkgdir/usr/lib/systemd/system/vuurmuur.service + + # install configuration + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/config.conf.sample \ + ${pkgdir}/etc/${pkgname}/config.conf + install -Dm600 ${srcdir}/modules.conf ${pkgdir}/etc/${pkgname}/modules.conf + install -Dm600 ${pkgdir}/usr/share/vuurmuur/config/vuurmuur_conf.conf.sample \ + ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf + + sed -i ${pkgdir}/etc/${pkgname}/config.conf \ + -e 's|"/sbin/tc|"/usr/sbin/tc|' \ + -e 's|"/sbin/ip6tables|"/usr/sbin/ip6tables|' \ + -e 's|"/sbin/iptables|"/usr/sbin/iptables|' \ + -e 's|"/sbin/ip6tables-restore|"/usr/sbin/ip6tables-restore|' \ + -e 's|"/sbin/iptables-restore|"/usr/sbin/iptables-restore|' \ + -e 's|"/var/log/messages|"/var/log/iptables.log|' + + sed -i ${pkgdir}/etc/${pkgname}/${pkgname}_conf.conf \ + -e 's|"/usr/bin/iptrafvol.pl|"/usr/sbin/iptrafvol.pl|' + + + echo "LOCATION=\"/etc/${pkgname}/textdir\"" > ${pkgdir}/etc/${pkgname}/plugins/textdir.conf + + # default firewall setup in /usr/share + touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/rules.conf + touch ${pkgdir}/usr/share/${pkgname}/textdir/rules/blocklist.conf + + cp -R ${srcdir}/${_pkgname}-${pkgver}/zones/* ${pkgdir}/usr/share/${pkgname}/textdir/zones/ + mv ${pkgdir}/usr/share/${pkgname}/services/* ${pkgdir}/usr/share/${pkgname}/textdir/services/ + + # install licenses + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/lib${pkgname}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/lib${pkgname}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${pkgname}/COPYING + install -Dm644 ${srcdir}/${_pkgname}-${pkgver}/${pkgname}_conf-${pkgver}/COPYING \ + ${pkgdir}/usr/share/licenses/${pkgname}_conf/COPYING +} diff --git a/pcr/vuurmuur/modules.conf b/pcr/vuurmuur/modules.conf new file mode 100644 index 000000000..eda78a036 --- /dev/null +++ b/pcr/vuurmuur/modules.conf @@ -0,0 +1,3 @@ +# modules loaded by vuurmuur daemon +# ip_queue => not found +MODULES_TO_LOAD="ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack ipt_state ip_conntrack_ftp ip_nat_ftp" diff --git a/pcr/vuurmuur/vuurmuur.install b/pcr/vuurmuur/vuurmuur.install new file mode 100644 index 000000000..0f596b8c9 --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.install @@ -0,0 +1,27 @@ +post_install() { + if [[ ! -d /etc/vuurmuur/textdir ]]; then + # copy default firewall setup + cp -R /usr/share/vuurmuur/textdir /etc/vuurmuur/ + + # set permissions and ownership + chown -R root:root /etc/vuurmuur + chmod -R o=rwX,go= /etc/vuurmuur + chown -R root:root /var/log/vuurmuur + chmod -R o=rwX,go= /var/log/vuurmuur + + echo + echo "Default firewall setup has been installed in /etc/vuurmuur/textdir" + echo + echo "You can now setup your network topology and firewall rules using vuurmuur_conf" + echo "Don't forget to add 'vuurmuur' in /etc/rc.conf" + echo + echo "Usefull documentation can be found at http://www.vuurmuur.org" + echo + fi +} + +post_remove () { + echo + echo "Your firewall setup has been left unchanged in /etc/vuurmuur/textdir" + echo +} diff --git a/pcr/vuurmuur/vuurmuur.rc b/pcr/vuurmuur/vuurmuur.rc new file mode 100644 index 000000000..3b4d3e99e --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.rc @@ -0,0 +1,114 @@ +#!/bin/bash +# vi: ft=sh + +. /etc/rc.conf +. /etc/rc.d/functions + +# PID file +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +case $1 in +start) + # initialize + stat_busy "Starting Vuurmuur Firewall" + STATUS="ok" + + # check if vuurmuur is configured + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + stat_busy "Please configure Vuurmuur first by defining at least one interface." + stat_fail + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + stat_busy "Error when loading module $MODULE. Check log files." + stat_fail + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + stat_busy "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + stat_busy "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + add_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +stop) + # initialize + stat_busy "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + stat_busy "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + stat_busy "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "ok" ]; then + rm_daemon vuurmuur + stat_done + else + stat_fail + exit 1 + fi + ;; + +restart) + $0 stop + $0 start + ;; + +*) + echo "Usage: $0 {start|stop|restart}" >&2 + exit 1 + +esac +exit 0 diff --git a/pcr/vuurmuur/vuurmuur.script b/pcr/vuurmuur/vuurmuur.script new file mode 100644 index 000000000..a643d6fbd --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.script @@ -0,0 +1,88 @@ +#!/bin/bash + +VUURMUURPID='/run/vuurmuur.pid' +VUURMUURLOGPID='/run/vuurmuur_log.pid' +start() { + IFNUM=`/usr/bin/vuurmuur_script --list --interface any | wc -l` + if [ $IFNUM = 0 ]; then + echo "Please configure Vuurmuur first by defining at least one interface." + exit 1 + fi + + # load modules + . /etc/vuurmuur/modules.conf + for MODULE in `echo $MODULES_TO_LOAD`; do + /sbin/modprobe $MODULE &>/dev/null + if [ $? != 0 ]; then + echo "Error when loading module $MODULE. Check log files." + exit 1 + fi + done + + # start vuurmuur daemon + if [ ! -f $VUURMUURPID ]; then + /usr/bin/vuurmuur -l + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur daemon. Already running at pid $PID." + STATUS="failed" + fi + + # start vuurmuur log parsing daemon + if [ ! -f $VUURMUURLOGPID ]; then + /usr/bin/vuurmuur_log + if [ $? != 0 ]; then + echo "Error when starting Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + else + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + echo "Error when starting Vuurmuur log parsing daemon. Already running at pid $PID." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "failed" ]; then + exit 1 + fi +} +stop() { + # initialize + echo "Stopping Vuurmuur Firewall" + STATUS="ok" + + # stop vuurmuur log parsing daemon + PID=`cat $VUURMUURLOGPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURLOGPID + else + echo "Error when stopping Vuurmuur log parsing daemon. Check log files." + STATUS="failed" + fi + + # stop vuurmuur daemon + PID=`cat $VUURMUURPID | cut -d " " -f 1` + if [[ ! -z $PID ]] && kill "$PID" &>/dev/null; then + rm -f $VUURMUURPID + else + echo "Error when stopping Vuurmuur daemon. Check log files." + STATUS="failed" + fi + + # finalize + if [ $STATUS = "false" ]; then + exit 1 + fi +} +restart() { + $0 stop + $0 start +} + +case $1 in + start|stop|restart) "$1" ;; +esac diff --git a/pcr/vuurmuur/vuurmuur.service b/pcr/vuurmuur/vuurmuur.service new file mode 100644 index 000000000..3defcaa82 --- /dev/null +++ b/pcr/vuurmuur/vuurmuur.service @@ -0,0 +1,13 @@ +# vi: ft=systemd +[Unit] +Description=Powerful front-end for iptables +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/lib/systemd/scripts/vuurmuur start +ExecStop=/usr/lib/systemd/scripts/vuurmuur stop +ExecReload=/usr/lib/systemd/scripts/vuurmuur restart + +[Install] +WantedBy=multi-user.target diff --git a/pcr/xtables-addons/PKGBUILD b/pcr/xtables-addons/PKGBUILD new file mode 100644 index 000000000..0b652408a --- /dev/null +++ b/pcr/xtables-addons/PKGBUILD @@ -0,0 +1,35 @@ +# Contributor: Vladimir Kutyavin <vlkut@bk.ru> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=xtables-addons +pkgver=1.46 +pkgrel=1 +pkgdesc="Successor to patch-o-matic(-ng). Additional extensions for iptables, ip6tables, etc. CHAOS, TARPIT, TEE, DELUDE and other targets; condition, geoip, ipp2p and other matches. Includes ipset package." +arch=('i686' 'x86_64') +license=('GPL2') +url="http://xtables-addons.sourceforge.net/" +depends=('iptables>=1.4.3' 'glibc') +makedepends=('linux-api-headers' 'linux-headers') +conflicts=(ipset) +replaces=(ipset) +provides=(ipset) +source=(http://download.sourceforge.net/project/xtables-addons/Xtables-addons/$pkgver/$pkgname-$pkgver.tar.xz) + +build() { + cd $srcdir/$pkgname-$pkgver + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/iptables \ + --sysconfdir=/etc \ + --with-xtlibdir=/usr/lib/iptables \ + --mandir=/usr/share/man + make || return 1 + make DESTDIR=$pkgdir install || return 1 + chmod a-x $pkgdir/usr/lib/iptables/*.so + #remove ipset there is a ipset package +# rm \ +# $pkgdir/usr/lib/iptables/libipset_* \ +# $pkgdir/usr/sbin/ipset +# $pkgdir/usr/share/man/man8/ipset.8 +# rmdir $pkgdir/usr/sbin +} |