diff options
author | GI_Jack | 2021-08-13 16:09:22 -0400 |
---|---|---|
committer | GI_Jack | 2021-08-13 16:09:22 -0400 |
commit | 691ffa9f9e8275b793e45db7ff369884df8b10b5 (patch) | |
tree | f2bbc8696b9847ed73f7e07425456573f5938f16 | |
parent | d35b6aed85c2365744d4af34bdee908e3f2ca8cb (diff) | |
download | aur-691ffa9f9e8275b793e45db7ff369884df8b10b5.tar.gz |
Big fix.
* Now actually installs, big fixes
* now compiles C daemons
* use upstream systemd unit(albeit with corrected paths)
* lets sed, more patch
* kmsgsd and psadwatchd now have systemd units
* s-nail is now a hard dep for 2.4.6
* added smtp-server for optdepends for mailing alerts
-rw-r--r-- | .SRCINFO | 21 | ||||
-rw-r--r-- | PKGBUILD | 69 | ||||
-rw-r--r-- | kmsgsd.service | 11 | ||||
-rw-r--r-- | psad-systemdinit.archlinux | 12 | ||||
-rw-r--r-- | psad.patch | 165 | ||||
-rw-r--r-- | psadwatchd.service | 11 |
6 files changed, 217 insertions, 72 deletions
@@ -1,7 +1,9 @@ +# Generated by mksrcinfo(replacement shim) v8 +# Fri Aug 13 04:09:16 PM EDT 2021 pkgbase = psad - pkgdesc = A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic + pkgdesc = Port Scan Attack Detector: Makes use of iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic pkgver = 2.4.6 - pkgrel = 1 + pkgrel = 2 url = http://cipherdyne.org/psad/ arch = i686 arch = x86_64 @@ -14,14 +16,17 @@ pkgbase = psad depends = perl-storable depends = perl-unix-syslog depends = net-tools - source = http://cipherdyne.org/psad/download/psad-2.4.6.tar.gz + depends = s-nail + optdepends = smtp-server: For Sending Email alerts + source = https://github.com/mrash/psad/archive/refs/tags/2.4.6.tar.gz source = responses - source = psad-systemdinit.archlinux + source = psadwatchd.service + source = kmsgsd.service source = psad.patch - sha256sums = 3d9eba09111fc51668a4e6c26cd791c0b322ff2b6f1e71d48b9c9582b63aa8e6 + sha256sums = 2001f6f6d8eaa50e74c3a8c346d885e9578f15578b54669ef56c2d301d8b45d4 sha256sums = 0f1116e25f43f1562764d81ebd232ed807f2249058f0cfb0cb4d06d99bd600d8 - sha256sums = 9db280ba745205b188333267f05cf7cf1a75300789c92c48075625e64f37ff34 - sha256sums = 9137ea481f1cad79d62d3a7cf1ac22bbc85cccc7e18d49e1c092b38beec36170 + sha256sums = 426b9e1ff9fd3b9f802b418790d54881087d7b92f4ddb4026ba70fbabb5c9da2 + sha256sums = 0cda106fa0add325c8b91fbb9d6dca5bda825c7a589d4d3b6c757342b606af96 + sha256sums = 6155bd90a071a27f04dfb515a495def85507c0d1671df8fa1ba10dce58540bd6 pkgname = psad - @@ -1,12 +1,13 @@ -# Maintainer: Felix Golatofski <contact@xdfr.de> +# Maintainer: GI Jack <GI_Jack@hackermail.com> # Contributor: Dimitris Kiziridis <ragouel at outlook dot com> # Contributor: Marcin Wieczorek <marcin@marcin.co> # Contributor: Anthony C <kurodroid.1@gmail.com> +# Contributor: Felix Golatofski <contact@xdfr.de> pkgname=psad pkgver=2.4.6 -pkgrel=1 -pkgdesc='A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic' +pkgrel=2 +pkgdesc='Port Scan Attack Detector: Makes use of iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic' arch=('i686' 'x86_64') url='http://cipherdyne.org/psad/' license=('GPL') @@ -17,47 +18,33 @@ depends=('perl-bit-vector' 'perl-net-ipv4addr' 'perl-storable' 'perl-unix-syslog' - 'net-tools') - -source=("http://cipherdyne.org/psad/download/${pkgname}-${pkgver}.tar.gz" + 'net-tools' + 's-nail') +optdepends=('smtp-server: For Sending Email alerts') +source=("https://github.com/mrash/psad/archive/refs/tags/${pkgver}.tar.gz" 'responses' - 'psad-systemdinit.archlinux' + 'psadwatchd.service' + 'kmsgsd.service' 'psad.patch') -sha256sums=('3d9eba09111fc51668a4e6c26cd791c0b322ff2b6f1e71d48b9c9582b63aa8e6' +sha256sums=('2001f6f6d8eaa50e74c3a8c346d885e9578f15578b54669ef56c2d301d8b45d4' '0f1116e25f43f1562764d81ebd232ed807f2249058f0cfb0cb4d06d99bd600d8' - '9db280ba745205b188333267f05cf7cf1a75300789c92c48075625e64f37ff34' - '9137ea481f1cad79d62d3a7cf1ac22bbc85cccc7e18d49e1c092b38beec36170') + '426b9e1ff9fd3b9f802b418790d54881087d7b92f4ddb4026ba70fbabb5c9da2' + '0cda106fa0add325c8b91fbb9d6dca5bda825c7a589d4d3b6c757342b606af96' + '6155bd90a071a27f04dfb515a495def85507c0d1671df8fa1ba10dce58540bd6') prepare() { cd "${pkgname}-${pkgver}" + make clean if [ ! -e responses ]; then ln "${srcdir}/responses" responses -s; fi + # because people who write Perl don't care about how things are done in + # the 21st century + patch -N -p1 < "${srcdir}/psad.patch" +} - #Set the config dirs - #'/usr/sbin' and '/var/run' are just symlinks and makepkg -i doesn't like that. - #Just sed '/usr/sbin' to '/usr/bin' and '/var/run' to 'run' - #Also, '/lib' should really be '/usr/lib' - sed -e "s|'/usr/sbin'|'$pkgdir/usr/bin'|" \ - -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \ - -e "s|'/var/run'|'$pkgdir/run'|" \ - -e "s|'/lib/systemd/system'|'$pkgdir/usr/lib/systemd/system'|" \ - -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \ - ./install.pl -i - - #Same cure applies to config file - sed -e "s|/var/log/psad|$pkgdir&|" \ - -e "s|/var/run|/run|" \ - -e "s|/run/psad|$pkgdir&|" \ - -e "s|/var/lib/psad|$pkgdir&|" \ - -e "s|/usr/lib/psad|$pkgdir&|" \ - -e "s|/etc/psad|$pkgdir&|" \ - -e "s|/usr/bin/whois_psad|$pkgdir&|" \ - -e "s|/usr/sbin|/usr/bin|" \ - -e "s|/usr/bin/fwcheck_psad|$pkgdir&|" \ - -e "s|/usr/bin/psadwatchd|$pkgdir&|" \ - -e "s|/usr/bin/kmsgsd|$pkgdir&|" \ - -e "s|/usr/bin/psad|$pkgdir&|" \ - ./psad.conf -i +build() { + cd "${pkgname}-${pkgver}" + make all } package () { @@ -71,7 +58,7 @@ package () { "$pkgdir/usr/lib/psad" \ "$pkgdir/usr/lib/systemd/system" - ./install.pl --init-dir="$pkgdir" < responses + ./install.pl --runlevel 3 --install-root="${pkgdir}" --systemd-init-dir="${pkgdir}/usr/lib/systemd/system" < responses #Set correct permissions chmod -R o+r "$pkgdir/etc/psad" @@ -80,10 +67,14 @@ package () { chmod 0755 "$pkgdir/run" #add the systemd service file in '/usr/lib' - cp "$srcdir/psad-systemdinit.archlinux" "$pkgdir/usr/lib/systemd/system/psad.service" - + cp "$srcdir/psadwatchd.service" "$pkgdir/usr/lib/systemd/system/psadwatchd.service" + cp "$srcdir/kmsgsd.service" "$pkgdir/usr/lib/systemd/system/kmsgsd.service" + + # Fix systemd unit # Fix the config - sed -e "s|$pkgdir||g" "$pkgdir/etc/psad/psad.conf" -i + sed -e "s|/usr/sbin|/usr/bin|g" "$pkgdir/usr/lib/systemd/system/psad.service" -i + sed -e "s|/var/run|/run|g" "$pkgdir/usr/lib/systemd/system/psad.service" -i + sed -e "s|$pkgdir|/|g" "$pkgdir/etc/psad/psad.conf" -i sed -e "s|$pkgdir||g" "$pkgdir/var/log/psad/install.log" -i } # vim:set ts=2 sw=2 et: diff --git a/kmsgsd.service b/kmsgsd.service new file mode 100644 index 000000000000..384683046bc5 --- /dev/null +++ b/kmsgsd.service @@ -0,0 +1,11 @@ +[Unit] +Description=KMSG Daemon(PSAD) +Documentation=man:kmsgsd(8) https://www.cipherdyne.org/psad/docs/manpages/kmsgsd.html +After=psad.service + +[Service] +ExecStart=/usr/bin/kmsgsd +Type=forking + +[Install] +WantedBy=multi-user.target diff --git a/psad-systemdinit.archlinux b/psad-systemdinit.archlinux deleted file mode 100644 index 991aa74230da..000000000000 --- a/psad-systemdinit.archlinux +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Port scan attack detector -After=iptables.service - -[Service] -ExecStart=/usr/sbin/psad -ExecStop=/usr/sbin/psad --Kill -Type=oneshot -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/psad.patch b/psad.patch index 11220074bf03..6c733bb72d8e 100644 --- a/psad.patch +++ b/psad.patch @@ -1,6 +1,66 @@ ---- a/install.pl 2017-03-29 00:58:58.151686321 +0200 -+++ b/install.pl 2017-03-29 01:01:33.861628259 +0200 -@@ -773,6 +773,8 @@ +diff -u psad-2.4.6/install.pl psad-2.4.6-1/install.pl +--- psad-2.4.6/install.pl 2018-07-31 20:41:59.000000000 -0400 ++++ psad-2.4.6-1/install.pl 2021-08-13 14:41:54.730087506 -0400 +@@ -39,21 +39,21 @@ + use strict; + + #============== config =============== +-my $USRSBIN_DIR = '/usr/sbin'; ### consistent with FHS (Filesystem ++my $USRSBIN_DIR = '/usr/bin'; ### consistent with FHS (Filesystem + ### Hierarchy Standard) + my $USRBIN_DIR = '/usr/bin'; ### consistent with FHS + + my $psad_conf_file = 'psad.conf'; + + ### system binaries ### +-my $chkconfigCmd = '/sbin/chkconfig'; +-my $rcupdateCmd = '/sbin/rc-update'; ### Gentoo +-my $updatercdCmd = '/usr/sbin/update-rc.d'; ### Ubuntu ++my $chkconfigCmd = '/usr/bin/chkconfig'; ++my $rcupdateCmd = '/usr/bin/rc-update'; ### Gentoo ++my $updatercdCmd = '/usr/bin/update-rc.d'; ### Ubuntu + my $makeCmd = '/usr/bin/make'; + my $perlCmd = '/usr/bin/perl'; + my $wgetCmd = '/usr/bin/wget'; +-my $runlevelCmd = '/sbin/runlevel'; +-my $systemctlCmd = '/bin/systemctl'; ++my $runlevelCmd = '/usr/bin/runlevel'; ++my $systemctlCmd = '/usr/bin/systemctl'; + + my $install_root = '/'; + +@@ -136,12 +136,8 @@ + my %cmds = (); + + my @cmd_search_paths = qw( +- /bin +- /sbin + /usr/bin +- /usr/sbin + /usr/local/bin +- /usr/local/sbin + ); + + ### IP regex +@@ -178,7 +174,7 @@ + my $no_locale = 0; + my $deps_dir = 'deps'; + my $init_dir = '/etc/init.d'; +-my $systemd_init_dir = '/lib/systemd/system'; ++my $systemd_init_dir = '/usr/lib/systemd/system'; + my $init_name = 'psad'; + my $systemd_init_name = 'psad.service'; + my $install_syslog_fifo = 0; +@@ -490,7 +486,7 @@ + } + + ### put the nf2csv script in place +- unlink '/usr/sbin/nf2csv' if -e '/usr/sbin/nf2csv'; ### old path ++ unlink '/usr/bin/nf2csv' if -e '/usr/bin/nf2csv'; ### old path + &logr("[+] Copying nf2csv -> ${USRBIN_DIR}/nf2csv\n"); + unlink "${USRBIN_DIR}/nf2csv" if -e "${USRBIN_DIR}/nf2csv"; + copy 'nf2csv', "${USRBIN_DIR}/nf2csv" or die "[*] Could ", +@@ -773,6 +769,8 @@ $init_file = 'init-scripts/psad-init.redhat'; } elsif ($distro eq 'fedora') { $init_file = 'init-scripts/psad-init.fedora'; @@ -9,13 +69,92 @@ } elsif ($distro eq 'gentoo') { $init_file = 'init-scripts/psad-init.gentoo'; } else { -@@ -801,7 +803,8 @@ - if ($preserve_rv) { - &logr("\n[+] psad has been installed (with your original config merged).\n"); - } else { -- &logr("\n[+] psad has been installed.\n"); -+ &logr("\n[+] psad has been compiled.\n"); -+ &logr("\n[+] use pacman -U to install.\n"); - } - if ($installed_init_script) { - if ($init_dir) { +@@ -1434,7 +1432,7 @@ + unless ($found) { + &logr("[+] Modifying $syslog_conf to write kern.info messages " . + "to\n $config{'PSAD_FIFO_FILE'} " . +- "(with script /usr/sbin/psadpipe.sh)"); ++ "(with script /usr/bin/psadpipe.sh)"); + unless (-e "$syslog_conf.orig") { + copy $syslog_conf, "$syslog_conf.orig" or die "[*] Could not copy ", + "$syslog_conf -> $syslog_conf.orig: $!"; +@@ -1446,16 +1444,16 @@ + "\nPSAD :\n", + " facility = \"kern\"\n", + ' command = ', +- "\"/usr/sbin/psadpipe.sh\"\n"; ++ "\"/usr/bin/psadpipe.sh\"\n"; + close METALOG; + +- open PIPESCRIPT, '> /usr/sbin/psadpipe.sh' or +- die "[*] Unable to open /usr/sbin/psadpipe.sh: $!"; ++ open PIPESCRIPT, '> /usr/bin/psadpipe.sh' or ++ die "[*] Unable to open /usr/bin/psadpipe.sh: $!"; + print PIPESCRIPT "#!/bin/sh\n\n", + "echo \"\$3\" >> $config{'PSAD_FIFO_FILE'}\n"; + close PIPESCRIPT; +- chmod 0700, '/usr/sbin/psadpipe.sh'; +- &logr('[+] Generated /usr/sbin/psadpipe.sh ' . ++ chmod 0700, '/usr/bin/psadpipe.sh'; ++ &logr('[+] Generated /usr/bin/psadpipe.sh ' . + "which writes to $config{'PSAD_FIFO_FILE'}"); + + ### (Dennis Freise <cat@final-frontier.ath.cx>) +diff -u psad-2.4.6/psad.conf psad-2.4.6-1/psad.conf +--- psad-2.4.6/psad.conf 2018-07-31 20:41:59.000000000 -0400 ++++ psad-2.4.6-1/psad.conf 2021-08-13 14:44:36.501561557 -0400 +@@ -586,9 +586,9 @@ + PSADWATCHD_MAX_RETRIES 10; + + ### Directories +-INSTALL_ROOT /; ++INSTALL_ROOT /home/jack/Documents/archpackages/psad/pkg/psad; + PSAD_DIR $INSTALL_ROOT/var/log/psad; +-PSAD_RUN_DIR $INSTALL_ROOT/var/run/psad; ++PSAD_RUN_DIR $INSTALL_ROOT/run/psad; + PSAD_FIFO_DIR $INSTALL_ROOT/var/lib/psad; + PSAD_LIBS_DIR $INSTALL_ROOT/usr/lib/psad; + PSAD_CONF_DIR $INSTALL_ROOT/etc/psad; +@@ -671,23 +671,23 @@ + IPT_ERROR_PATTERN psad_ipterr.XXXXXX; + + ### system binaries +-iptablesCmd /sbin/iptables; +-ip6tablesCmd /sbin/ip6tables; +-shCmd /bin/sh; ++iptablesCmd /usr/bin/iptables; ++ip6tablesCmd /usr/bin/ip6tables; ++shCmd /usr/bin/sh; + wgetCmd /usr/bin/wget; +-gzipCmd /bin/gzip; +-mknodCmd /bin/mknod; +-psCmd /bin/ps; +-mailCmd /bin/mail; +-sendmailCmd /usr/sbin/sendmail; +-ifconfigCmd /sbin/ifconfig; +-ipCmd /sbin/ip; ++gzipCmd /usr/bin/gzip; ++mknodCmd /usr/bin/mknod; ++psCmd /usr/bin/ps; ++mailCmd /usr/bin/mail; ++sendmailCmd /usr/bin/sendmail; ++ifconfigCmd /usr/bin/ifconfig; ++ipCmd /usr/bin/ip; + killallCmd /usr/bin/killall; +-netstatCmd /bin/netstat; +-unameCmd /bin/uname; ++netstatCmd /usr/bin/netstat; ++unameCmd /usr/bin/uname; + whoisCmd $INSTALL_ROOT/usr/bin/whois_psad; +-dfCmd /bin/df; +-fwcheck_psadCmd $INSTALL_ROOT/usr/sbin/fwcheck_psad; +-psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd; +-kmsgsdCmd $INSTALL_ROOT/usr/sbin/kmsgsd; +-psadCmd $INSTALL_ROOT/usr/sbin/psad; ++dfCmd /usr/bin/df; ++fwcheck_psadCmd $INSTALL_ROOT/usr/bin/fwcheck_psad; ++psadwatchdCmd $INSTALL_ROOT/usr/bin/psadwatchd; ++kmsgsdCmd $INSTALL_ROOT/usr/bin/kmsgsd; ++psadCmd $INSTALL_ROOT/usr/bin/psad; + + diff --git a/psadwatchd.service b/psadwatchd.service new file mode 100644 index 000000000000..eae7e4f8ccd0 --- /dev/null +++ b/psadwatchd.service @@ -0,0 +1,11 @@ +[Unit] +Description=PSAD Watcher +Documentation=man:psadwatchd(8) https://www.cipherdyne.org/psad/docs/manpages/psadwatchd.html +After=psad.service kmsgsd.service + +[Service] +ExecStart=/usr/bin/psadwatchd +Type=forking + +[Install] +WantedBy=multi-user.target |