diff options
author | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
---|---|---|
committer | aurelien <aurelien@cwb.io> | 2012-11-22 10:59:05 +0100 |
commit | f97ff910471fb3ae2c8ea69befecaae8cbf6dbea (patch) | |
tree | 297ea34dee3ae68d71ca4a5175d1d478ce69be76 /pcr/psad | |
parent | 9cce2f098d5d77a2748952e1221127b9f0614566 (diff) |
+ barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork snort vuurmuur xtables-addons
Diffstat (limited to 'pcr/psad')
-rw-r--r-- | pcr/psad/PKGBUILD | 66 | ||||
-rw-r--r-- | pcr/psad/psad-systemdinit.archlinux | 12 | ||||
-rw-r--r-- | pcr/psad/psad-sysvinit.archlinux | 52 | ||||
-rw-r--r-- | pcr/psad/psad.patch1 | 37 | ||||
-rw-r--r-- | pcr/psad/responses | 7 |
5 files changed, 174 insertions, 0 deletions
diff --git a/pcr/psad/PKGBUILD b/pcr/psad/PKGBUILD new file mode 100644 index 000000000..145625e89 --- /dev/null +++ b/pcr/psad/PKGBUILD @@ -0,0 +1,66 @@ +# Maintainer: Artur Wojcik <xartii at gmail dot com> +# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO> + +pkgname=psad +pkgver=2.2 +pkgrel=2 +pkgdesc="A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic" +arch=('i686 x86_64') +url="http://cipherdyne.org/psad/" +license=('GPL') +depends=('perl-bit-vector' 'perl-date-calc' 'perl-iptables-chainmgr' 'perl-iptables-parse' 'perl-net-ipv4addr' 'perl-storable' 'perl-unix-syslog' 'net-tools') +source=("http://cipherdyne.org/psad/download/$pkgname-$pkgver.tar.gz" "responses" "psad-sysvinit.archlinux" "psad-systemdinit.archlinux" "psad.patch1") + +build() { + cd "$srcdir/$pkgname-$pkgver" + cp $srcdir/psad-sysvinit.archlinux init-scripts/psad-init.archlinux + if [ ! -e responses ]; then + ln $srcdir/responses responses -s; + fi + patch -p1 -i $srcdir/psad.patch1 + + #Create the dirs it will need to make the program + mkdir -p $pkgdir/etc/psad \ + $pkgdir/etc/rc.d \ + $pkgdir/usr/bin \ + $pkgdir/usr/sbin \ + $pkgdir/usr/share/man/man8 \ + $pkgdir/var/lib/psad \ + $pkgdir/var/log/psad \ + $pkgdir/var/run/psad \ + $pkgdir/usr/lib/psad \ + $pkgdir/usr/lib/systemd/system + #Set the config dirs + sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \ + -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \ + -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \ + ./install.pl -i + sed -e "s|/var/log/psad|$pkgdir&|" \ + -e "s|/var/run/psad|$pkgdir&|" \ + -e "s|/var/lib/psad|$pkgdir&|" \ + -e "s|/usr/lib/psad|$pkgdir&|" \ + -e "s|/etc/psad|$pkgdir&|" \ + -e "s|/usr/bin/whois_psad|$pkgdir&|" \ + -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \ + -e "s|/usr/sbin/psadwatchd|$pkgdir&|" \ + -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \ + -e "s|/usr/sbin/psad|$pkgdir&|" \ + ./psad.conf -i + + #hope that things work + ./install.pl --init-dir "$pkgdir/etc/rc.d/" < responses + + #add the systemd service file + cp $srcdir/psad-systemdinit.archlinux $pkgdir/usr/lib/systemd/system/psad.service + + # Fix the config + sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i + sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i + + #Set correct permissions + chmod 0700 $pkgdir/var/lib/psad + + +} + +# vim:set ts=2 sw=2 et: diff --git a/pcr/psad/psad-systemdinit.archlinux b/pcr/psad/psad-systemdinit.archlinux new file mode 100644 index 000000000..991aa7423 --- /dev/null +++ b/pcr/psad/psad-systemdinit.archlinux @@ -0,0 +1,12 @@ +[Unit] +Description=Port scan attack detector +After=iptables.service + +[Service] +ExecStart=/usr/sbin/psad +ExecStop=/usr/sbin/psad --Kill +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/pcr/psad/psad-sysvinit.archlinux b/pcr/psad/psad-sysvinit.archlinux new file mode 100644 index 000000000..6b4e76042 --- /dev/null +++ b/pcr/psad/psad-sysvinit.archlinux @@ -0,0 +1,52 @@ +#!/bin/bash +# +# Startup script for psad +# +# chkconfig: 345 99 05 +# description: The Port Scan Attack Detector (psad) +# processname: psad +# pidfile: /var/run/psad.pid +# config: /etc/psad/psad.conf +# +# $Id: psad-init.archlinux + +. /etc/rc.conf +. /etc/rc.d/functions +. /etc/conf.d/sshd + +PID=`cat /var/run/psad.pid` +# See how we were called. +case "$1" in +start) + stat_busy "Starting psad" + [ -z "$PID" ] && /usr/sbin/psad + if [ $? -gt 0 ]; then + stat_fail + else + #let psad take care of the pid; we don't need to + add_daemon psad + stat_done + fi + ;; +stop) + stat_busy "Stopping psad" + /usr/sbin/psad --Kill + if [ $? -gt 0 ]; then + stat_fail + else + #let psad take care of the pid; we don't need to + rm_daemon psad + stat_done + fi + ;; +status) + /usr/sbin/psad --Status + ;; +restart) + $0 stop + $0 start + ;; +*) + echo "Usage: psad {start|stop|status|restart}" + exit 1 +esac diff --git a/pcr/psad/psad.patch1 b/pcr/psad/psad.patch1 new file mode 100644 index 000000000..98ddd9a60 --- /dev/null +++ b/pcr/psad/psad.patch1 @@ -0,0 +1,37 @@ +--- psad-2.2/install.pl 2012-04-21 04:43:46.000000000 +0200 ++++ psad-2.2/install.pl 2012-10-13 16:05:03.302818330 +0200 +@@ -752,6 +752,8 @@ + $init_file = 'init-scripts/psad-init.fedora'; + } elsif ($distro eq 'gentoo') { + $init_file = 'init-scripts/psad-init.gentoo'; ++ } elsif ($distro eq 'archlinux') { ++ $init_file = 'init-scripts/psad-init.archlinux'; + } else { + $init_file = 'init-scripts/psad-init.generic'; + } +@@ -773,13 +775,14 @@ + if ($preserve_rv) { + &logr("\n[+] psad has been installed (with your original config merged).\n"); + } else { +- &logr("\n[+] psad has been installed.\n"); ++ &logr("\n[+] psad has been compiled.\n"); ++ &logr("\n[+] use pacman -U to install.\n"); + } + if ($installed_init_script) { + if ($init_dir) { +- &logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n"); ++ #&logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n"); + } else { +- &logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n"); ++ #&logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n"); + } + } + +@@ -1748,6 +1751,7 @@ + + sub get_distro() { + return 'gentoo' if -e '/etc/gentoo-release'; ++ return 'archlinux' if -e '/etc/archlinux-release'; + if (-e '/etc/issue') { + ### Red Hat Linux release 6.2 (Zoot) + open ISSUE, '< /etc/issue' or diff --git a/pcr/psad/responses b/pcr/psad/responses new file mode 100644 index 000000000..715dfaf1a --- /dev/null +++ b/pcr/psad/responses @@ -0,0 +1,7 @@ +n +n +y +n +n +n + |