rpms/psad/devel psad-2.1.2-initscript.patch, NONE, 1.1 psad.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Peter Vrabec
pvrabec at fedoraproject.org
Mon Aug 25 13:43:58 UTC 2008
Author: pvrabec
Update of /cvs/extras/rpms/psad/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15961
Modified Files:
.cvsignore sources
Added Files:
psad-2.1.2-initscript.patch psad.spec
Log Message:
package upload
psad-2.1.2-initscript.patch:
--- NEW FILE psad-2.1.2-initscript.patch ---
diff -up psad-2.1.3/init-scripts/psad-init.fedora.init psad-2.1.3/init-scripts/psad-init.fedora
--- psad-2.1.3/init-scripts/psad-init.fedora.init 2005-06-14 03:00:35.000000000 +0200
+++ psad-2.1.3/init-scripts/psad-init.fedora 2008-08-14 13:33:22.000000000 +0200
@@ -4,14 +4,40 @@
#
# Starts the psad daemon
#
-# chkconfig: 345 95 5
+# chkconfig: - 95 5
# description: The Port Scan Attack Detector (psad)
# processname: psad
+#
+# Return values according to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - insufficient privilege
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+#
+
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
+prog="psad"
# Source function library.
. /etc/init.d/functions
-test -x /usr/sbin/psad || exit 0
+# Allow anyone to run status
+if [ "$1" = "status" ] ; then
+ if [ -f /var/run/psad/kmsgsd.pid ]; then
+ status /usr/sbin/kmsgsd
+ fi
+ status /usr/sbin/psadwatchd
+ status /usr/sbin/psad
+ RETVAL=$?
+ exit $RETVAL
+fi
+
+# Check that we are root ... so non-root users stop here
+test $EUID = 0 || exit 4
RETVAL=0
@@ -19,16 +45,34 @@ RETVAL=0
# See how we were called.
#
-prog="psad"
start() {
+ echo -n $"Starting $prog: "
+ test -x /usr/sbin/psad || exit 5
+ test -f /etc/psad/psad.conf || exit 6
+
# Check if psad is already running
if [ ! -f /var/lock/subsys/psad ]; then
- echo -n $"Starting $prog: "
+ # Create empty fwdata file if it doesn't exist
+ /bin/touch /var/log/psad/fwdata
+ chown root.root /var/log/psad/fwdata
+ chmod 0600 /var/log/psad/fwdata
+ # Create fifo if it doesn't exist
+ if [ ! -p /var/lib/psad/psadfifo ]; then
+ [ -e /var/lib/psad/psadfifo ] && \
+ /bin/rm -f /var/lib/psad/psadfifo
+ /bin/mknod -m 600 /var/lib/psad/psadfifo p
+ fi
+ chown root.root /var/lib/psad/psadfifo
+ chmod 0600 /var/lib/psad/psadfifo
+
+ unset HOME MAIL USER USERNAME
daemon /usr/sbin/psad
RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/psad
echo
+ if test $RETVAL = 0 ; then
+ touch /var/lock/subsys/psad
+ fi
fi
return $RETVAL
}
@@ -53,17 +97,10 @@ restart() {
}
reload() {
+ test -f /etc/psad/psad.conf || exit 6
restart
}
-status_psad() {
- if [ -f /var/run/psad/kmsgsd.pid ]; then
- status /usr/sbin/kmsgsd
- fi
- status /usr/sbin/psadwatchd
- status /usr/sbin/psad
-}
-
case "$1" in
start)
start
@@ -79,13 +116,9 @@ condrestart)
restart
fi
;;
-status)
- status_psad
- ;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
- exit 1
+ RETVAL=3
esac
-exit $?
exit $RETVAL
--- NEW FILE psad.spec ---
%define psadlogdir %{_localstatedir}/log/psad
%define psadrundir %{_localstatedir}/run/psad
%define psadvarlibdir %{_localstatedir}/lib/psad
Summary: Port Scan Attack Detector (psad) watches for suspect traffic
Name: psad
Version: 2.1.3
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Daemons
Url: http://www.cipherdyne.org/psad/
Source: http://www.cipherdyne.org/psad/download/%name-%version.tar.gz
Patch1: psad-2.1.2-initscript.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: iptables
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts
Requires(postun): initscripts
# The automatic dependency generator doesn't find this
Requires: perl(IPTables::ChainMgr)
Requires: perl(Net::IPv4Addr)
Requires: perl(Date::Calc)
Requires: perl(Unix::Syslog)
%description
Port Scan Attack Detector (psad) is a collection of three lightweight
system daemons written in Perl and in C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting. In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (http://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap. psad can also
alert on snort signatures that are logged via fwsnort
(http://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.
%prep
%setup -q
%patch1 -p1 -b .init
sed -i 's,_CHANGEME_,localhost,' psad.conf
%build
### build psad binaries (kmsgsd and psadwatchd)
make OPTS="$RPM_OPT_FLAGS" %{?_smp_mflags}
### build the whois client
make OPTS="$RPM_OPT_FLAGS" -C whois
%install
rm -rf $RPM_BUILD_ROOT
### log directory
mkdir -p $RPM_BUILD_ROOT%psadlogdir
### dir for psadfifo
mkdir -p $RPM_BUILD_ROOT%psadvarlibdir
### dir for pidfiles
mkdir -p $RPM_BUILD_ROOT%psadrundir
### whois_psad binary
mkdir -p $RPM_BUILD_ROOT%{_bindir}
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
### psad config
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
### psad init script
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
### psad
install -p -m 755 psad $RPM_BUILD_ROOT%{_sbindir}/
install -p -m 755 kmsgsd $RPM_BUILD_ROOT%{_sbindir}/
install -p -m 755 psadwatchd $RPM_BUILD_ROOT%{_sbindir}/
install -p -m 755 fwcheck_psad.pl $RPM_BUILD_ROOT%{_sbindir}/fwcheck_psad
install -p -m 755 whois/whois $RPM_BUILD_ROOT/%{_bindir}/whois_psad
install -p -m 755 nf2csv $RPM_BUILD_ROOT/%{_bindir}/nf2csv
install -p -m 755 init-scripts/psad-init.fedora $RPM_BUILD_ROOT/etc/rc.d/init.d/psad
install -p -m 644 logrotate.psad $RPM_BUILD_ROOT/etc/logrotate.d/psad
install -p -m 644 psad.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 signatures $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 icmp_types $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 ip_options $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 auto_dl $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 snort_rule_dl $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 pf.os $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 posf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/
install -p -m 644 *.8 $RPM_BUILD_ROOT%{_mandir}/man8/
install -p -m 644 nf2csv.1 $RPM_BUILD_ROOT%{_mandir}/man1/
### install snort rules files
cp -r snort_rules $RPM_BUILD_ROOT%{_sysconfdir}/%{name}
%clean
rm -rf $RPM_BUILD_ROOT
%post
/sbin/chkconfig --add psad
%preun
if [ $1 -eq 0 ]; then
/sbin/service psad stop > /dev/null 2>&1
/sbin/chkconfig --del psad
fi
%postun
if [ $1 -ge 1 ]; then
/sbin/service psad condrestart >/dev/null 2>&1 || :
fi
%files
%defattr(-,root,root)
%doc BENCHMARK FW_HELP FW_EXAMPLE_RULES README README.SYSLOG SCAN_LOG
%{_sbindir}/*
%{_bindir}/*
%{_mandir}/man1/*
%{_mandir}/man8/*
%{_initrddir}/psad
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/psad
%config(noreplace) %{_sysconfdir}/%{name}/*.conf
%config(noreplace) %{_sysconfdir}/%{name}/signatures
%config(noreplace) %{_sysconfdir}/%{name}/auto_dl
%config(noreplace) %{_sysconfdir}/%{name}/ip_options
%config(noreplace) %{_sysconfdir}/%{name}/snort_rule_dl
%config(noreplace) %{_sysconfdir}/%{name}/posf
%config(noreplace) %{_sysconfdir}/%{name}/pf.os
%config(noreplace) %{_sysconfdir}/%{name}/icmp_types
%dir %{_sysconfdir}/%{name}/snort_rules
%config(noreplace) %{_sysconfdir}/%{name}/snort_rules/*
%dir %psadlogdir
%dir %psadvarlibdir
%dir %psadrundir
%changelog
* Wed Aug 13 2008 Peter Vrabec <pvrabec at redhat.com> 2.1.3-1
- some adjustments to meet fedora standartds
* Sun Apr 27 2008 Steve Grubb <sgrubb at redhat.com> 2.1.2-1
- Initial packaging
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/psad/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 23 Aug 2008 17:22:37 -0000 1.1
+++ .cvsignore 25 Aug 2008 13:43:27 -0000 1.2
@@ -0,0 +1 @@
+psad-2.1.3.tar.gz
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/psad/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 23 Aug 2008 17:22:37 -0000 1.1
+++ sources 25 Aug 2008 13:43:27 -0000 1.2
@@ -0,0 +1 @@
+3acf5577f0728a76c2fba758b2cb948f psad-2.1.3.tar.gz
More information about the scm-commits
mailing list