+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons

5 files changed, 174 insertions, 0 deletions

diff --git a/pcr/psad/PKGBUILD b/pcr/psad/PKGBUILD
new file mode 100644
index 000000000..145625e89
--- /dev/null
+++ b/pcr/psad/PKGBUILD
@@ -0,0 +1,66 @@
+# Maintainer: Artur Wojcik <xartii at gmail dot com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO>
+
+pkgname=psad
+pkgver=2.2
+pkgrel=2
+pkgdesc="A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic"
+arch=('i686 x86_64')
+url="http://cipherdyne.org/psad/"
+license=('GPL')
+depends=('perl-bit-vector' 'perl-date-calc' 'perl-iptables-chainmgr' 'perl-iptables-parse' 'perl-net-ipv4addr' 'perl-storable' 'perl-unix-syslog' 'net-tools')
+source=("http://cipherdyne.org/psad/download/$pkgname-$pkgver.tar.gz" "responses" "psad-sysvinit.archlinux" "psad-systemdinit.archlinux" "psad.patch1")
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  cp $srcdir/psad-sysvinit.archlinux init-scripts/psad-init.archlinux
+  if [ ! -e responses ]; then 
+    ln $srcdir/responses responses -s; 
+  fi
+  patch -p1 -i $srcdir/psad.patch1
+
+  #Create the dirs it will need to make the program
+  mkdir -p $pkgdir/etc/psad \
+           $pkgdir/etc/rc.d \
+           $pkgdir/usr/bin \
+           $pkgdir/usr/sbin \
+           $pkgdir/usr/share/man/man8 \
+           $pkgdir/var/lib/psad \
+           $pkgdir/var/log/psad \
+           $pkgdir/var/run/psad \
+           $pkgdir/usr/lib/psad \
+           $pkgdir/usr/lib/systemd/system 
+  #Set the config dirs
+  sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
+      -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
+      -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
+          ./install.pl -i
+  sed -e "s|/var/log/psad|$pkgdir&|" \
+      -e "s|/var/run/psad|$pkgdir&|" \
+      -e "s|/var/lib/psad|$pkgdir&|" \
+      -e "s|/usr/lib/psad|$pkgdir&|" \
+      -e "s|/etc/psad|$pkgdir&|" \
+      -e "s|/usr/bin/whois_psad|$pkgdir&|" \
+      -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
+      -e "s|/usr/sbin/psadwatchd|$pkgdir&|" \
+      -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
+      -e "s|/usr/sbin/psad|$pkgdir&|" \
+        ./psad.conf -i
+
+  #hope that things work
+  ./install.pl --init-dir "$pkgdir/etc/rc.d/" < responses
+
+  #add the systemd service file
+  cp $srcdir/psad-systemdinit.archlinux $pkgdir/usr/lib/systemd/system/psad.service
+
+  # Fix the config
+  sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
+  sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
+
+  #Set correct permissions  
+  chmod 0700 $pkgdir/var/lib/psad
+   
+
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/pcr/psad/psad-systemdinit.archlinux b/pcr/psad/psad-systemdinit.archlinux
new file mode 100644
index 000000000..991aa7423
--- /dev/null
+++ b/pcr/psad/psad-systemdinit.archlinux
@@ -0,0 +1,12 @@
+[Unit]
+Description=Port scan attack detector
+After=iptables.service
+
+[Service]
+ExecStart=/usr/sbin/psad
+ExecStop=/usr/sbin/psad --Kill
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/psad/psad-sysvinit.archlinux b/pcr/psad/psad-sysvinit.archlinux
new file mode 100644
index 000000000..6b4e76042
--- /dev/null
+++ b/pcr/psad/psad-sysvinit.archlinux
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# Startup script for psad
+#
+# chkconfig: 345 99 05
+# description: The Port Scan Attack Detector (psad)
+# processname: psad
+# pidfile: /var/run/psad.pid
+# config: /etc/psad/psad.conf
+#
+# $Id: psad-init.archlinux
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+. /etc/conf.d/sshd
+
+PID=`cat /var/run/psad.pid`
+# See how we were called.
+case "$1" in
+start)
+    stat_busy "Starting psad"
+    [ -z "$PID" ] && /usr/sbin/psad
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      #let psad take care of the pid; we don't need to
+      add_daemon psad
+      stat_done
+    fi
+    ;;
+stop)
+    stat_busy "Stopping psad"
+    /usr/sbin/psad --Kill
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      #let psad take care of the pid; we don't need to
+      rm_daemon psad
+      stat_done
+    fi
+    ;;
+status)
+    /usr/sbin/psad --Status
+    ;;
+restart)
+    $0 stop
+    $0 start
+    ;;
+*)
+    echo "Usage: psad {start|stop|status|restart}"
+    exit 1
+esac
diff --git a/pcr/psad/psad.patch1 b/pcr/psad/psad.patch1
new file mode 100644
index 000000000..98ddd9a60
--- /dev/null
+++ b/pcr/psad/psad.patch1
@@ -0,0 +1,37 @@
+--- psad-2.2/install.pl	2012-04-21 04:43:46.000000000 +0200
++++ psad-2.2/install.pl	2012-10-13 16:05:03.302818330 +0200
+@@ -752,6 +752,8 @@
+         $init_file = 'init-scripts/psad-init.fedora';
+     } elsif ($distro eq 'gentoo') {
+         $init_file = 'init-scripts/psad-init.gentoo';
++    } elsif ($distro eq 'archlinux') {
++        $init_file = 'init-scripts/psad-init.archlinux';
+     } else {
+         $init_file = 'init-scripts/psad-init.generic';
+     }
+@@ -773,13 +775,14 @@
+     if ($preserve_rv) {
+         &logr("\n[+] psad has been installed (with your original config merged).\n");
+     } else {
+-        &logr("\n[+] psad has been installed.\n");
++        &logr("\n[+] psad has been compiled.\n");
++        &logr("\n[+] use pacman -U to install.\n");
+     }
+     if ($installed_init_script) {
+         if ($init_dir) {
+-            &logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n");
++            #&logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n");
+         } else {
+-            &logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n");
++            #&logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n");
+         }
+     }
+ 
+@@ -1748,6 +1751,7 @@
+ 
+ sub get_distro() {
+     return 'gentoo' if -e '/etc/gentoo-release';
++    return 'archlinux' if -e '/etc/archlinux-release';
+     if (-e '/etc/issue') {
+         ### Red Hat Linux release 6.2 (Zoot)
+         open ISSUE, '< /etc/issue' or
diff --git a/pcr/psad/responses b/pcr/psad/responses
new file mode 100644
index 000000000..715dfaf1a
--- /dev/null
+++ b/pcr/psad/responses
@@ -0,0 +1,7 @@
+n
+n
+y
+n
+n
+n
+