From eadf0256139ab6119be9dcc04df58ac4bef2918a Mon Sep 17 00:00:00 2001 From: IT Offshore Date: Sun, 10 Nov 2013 09:58:58 +0000 Subject: testing/fwsnort: new aport Application layer IDS/IPS by translating snort rules into iptables http://www.cipherdyne.org/fwsnort/ re-submitted complete patch for FWSNORT correcting: periodic.daily - now updates the SNORT rules / PSAD signatures daily. fwsnort.post-install - now just shows a message to update signatures manually (to avoid any problems with installations on tmpfs). Now uses the system terminal colours $STRONG $GREEN. fwsnort.update - update script for FWSNORT & PSAD (if PSAD exists). fwsnort.up - lives in /etc/network/if-pre-up.d/ to put the SNORT rules into iptables every time networking comes up. --- testing/fwsnort/APKBUILD | 81 ++++++++++++++++++++++++++++++++++++ testing/fwsnort/fwsnort.post-install | 16 +++++++ testing/fwsnort/fwsnort.up | 5 +++ testing/fwsnort/fwsnort.update | 15 +++++++ testing/fwsnort/periodic.daily | 5 +++ 5 files changed, 122 insertions(+) create mode 100644 testing/fwsnort/APKBUILD create mode 100644 testing/fwsnort/fwsnort.post-install create mode 100644 testing/fwsnort/fwsnort.up create mode 100644 testing/fwsnort/fwsnort.update create mode 100644 testing/fwsnort/periodic.daily (limited to 'testing') diff --git a/testing/fwsnort/APKBUILD b/testing/fwsnort/APKBUILD new file mode 100644 index 0000000000..c2e48c57d8 --- /dev/null +++ b/testing/fwsnort/APKBUILD @@ -0,0 +1,81 @@ +# Contributor: IT Offshore +# Maintainer: +pkgname=fwsnort +pkgver=1.6.3 +pkgrel=0 +pkgdesc="Application layer IDS/IPS by translating snort rules into iptables" +url="http://www.cipherdyne.org/fwsnort/" +arch="noarch" +license="GPL" +depends="perl perl-netaddr-ip perl-iptables-parse iptables ip6tables net-tools" +depends_dev="wget" +makedepends="$depends_dev" +install="$pkgname.post-install" +source="http://www.cipherdyne.org/$pkgname/download/$pkgname-nodeps-$pkgver.tar.gz + fwsnort.up + fwsnort.update + periodic.daily + " + +_builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$_builddir" + + #Disable Root requirement to build + START=$(sed -n '/$< == 0 && $> == 0 or die "You need to be root (or equivalent UID 0",/=' ./install.pl) + END=$(expr $START + 1) + #Busybox sed does not support +1d + sed -e ''$START','$END'd' ./install.pl -i + + #prevent chmod 0500 halting the build + sed -e "s|0500|0755|" ./install.pl -i + + #change MAN path so package builds + sed -e "s|/usr/share/man/man8|$pkgdir&|" ./install.pl -i + + # --install-test-dir sets the INSTALL_ROOT to $src/../test/fwsnort-test + # avoids installation attempted into /etc /usr /var + # -S disables dependency installs (we also build with the nodep sources) + ./install.pl -S --install-test-dir +} + +package() { + cd "$_builddir" + + #create destinations before fakeroot runs + mkdir -p $pkgdir/etc \ + $pkgdir/usr \ + $pkgdir/usr + + cp -rf $srcdir/fwsnort-$pkgver/test/fwsnort-install/* $pkgdir + + # delete references to $pkgdir made by the installer + cp -f $srcdir/fwsnort-$pkgver/fwsnort.conf $pkgdir/etc/fwsnort/fwsnort.conf + + #fix permissions + chmod 0500 $pkgdir/etc/fwsnort $pkgdir/etc/fwsnort/snort_rules + chmod 0500 $pkgdir/usr/sbin/fwsnort + chmod 0600 $pkgdir/etc/fwsnort/fwsnort.conf + + # install rule / signature update script + install -Dm755 "$srcdir"/fwsnort.update "$pkgdir"/usr/bin/update-fwsnort + # install iptables rule splicing script + install -Dm755 "$srcdir"/fwsnort.up "$pkgdir"/etc/network/if-pre-up.d/fwsnort + # install daily cron + install -Dm755 "$srcdir"/periodic.daily "$pkgdir"/etc/periodic/daily/fwsnort + +} + +md5sums="7a61a03c4b523b4fb2b1cc73bcb3bac7 fwsnort-nodeps-1.6.3.tar.gz +442039bc04d553c7c5f9d3fc4269cc71 fwsnort.up +ab969dd4b3154f8ce663e51473eda6c7 fwsnort.update +80bd0a7b0c1392e8a279d95e06120ca4 periodic.daily" +sha256sums="d2110508f61c31d5ca5ddbb2452d0b10ae533e094499bc287f3382371c8bd5f2 fwsnort-nodeps-1.6.3.tar.gz +8caf113ff779a02fe97288d545f029111151fac9f342be9b40aa9f80e49dd359 fwsnort.up +a015a512ba9c7b3de7a8da42b33fd1eace25544b4d8b25c3a5f465c8d765a384 fwsnort.update +f080f4cb0b8e915a5d3af798b46b13fee0d2258d9c8c9dffafa4ecc0b9e1bbe6 periodic.daily" +sha512sums="abf03d9c42b24abdb5798f7e9becffd203eb4579eb3682fc975ff51714010c3ee4541da1675efee9a03e09323089219c57c58574ef6c5b587c38761c167eac48 fwsnort-nodeps-1.6.3.tar.gz +3c97b5f4bb922086acd62305baae4ba1d91e6e627d063f131f98e08da3f57b607b35558eae2cf292b3997d25f09147039f95123161f8f29c5b97b71c80811e9f fwsnort.up +2a1e7ca6dc1c4a6e59907175c3483736f0efe1dcd8035dae2b903cd22fe953d29333939ad9e0a6f446480eda55370f4b11a77016932bef73e769b5e5401e92c0 fwsnort.update +763b459d43319e9b6678a5addd96b3542c629379f9f11095bc158b1ef08b039cd776ceedd6207953ab01000804d7580a3a8223b352b407d3cc6a05c27d96fcb0 periodic.daily" diff --git a/testing/fwsnort/fwsnort.post-install b/testing/fwsnort/fwsnort.post-install new file mode 100644 index 0000000000..b4e80d6c5c --- /dev/null +++ b/testing/fwsnort/fwsnort.post-install @@ -0,0 +1,16 @@ +#!/bin/sh +# fwsnort post install script +############################# + +NORMAL="\033[1;0m" +STRONG="\033[1;1m" +GREEN="\033[1;32m" + +print_strong() { + local prompt="${STRONG}$1 ${GREEN}$2${NORMAL}" + printf "${prompt} %s\n" +} + +print_strong "\nFWSNORT installed & daily signature updates configured.\n\nTo update now run:" "\t/usr/bin/update-fwsnort\n" +exit 0 + diff --git a/testing/fwsnort/fwsnort.up b/testing/fwsnort/fwsnort.up new file mode 100644 index 0000000000..b750f59098 --- /dev/null +++ b/testing/fwsnort/fwsnort.up @@ -0,0 +1,5 @@ +#!/bin/sh + +#splice fwsnort rules into iptables whenever the network comes up +/var/lib/fwsnort/fwsnort.sh + diff --git a/testing/fwsnort/fwsnort.update b/testing/fwsnort/fwsnort.update new file mode 100644 index 0000000000..41dc608f6d --- /dev/null +++ b/testing/fwsnort/fwsnort.update @@ -0,0 +1,15 @@ +#!/bin/sh + +# update fwsnort rules / psad signatures +/usr/sbin/fwsnort --update-rules +#generate iptables ruleset +/usr/sbin/fwsnort +#splice rules into iptables +/var/lib/fwsnort/fwsnort.sh + +if ps aux | grep psad; then + psad --sig-update + echo "running 'psad -H'" + psad -H +fi + diff --git a/testing/fwsnort/periodic.daily b/testing/fwsnort/periodic.daily new file mode 100644 index 0000000000..ffc785d82d --- /dev/null +++ b/testing/fwsnort/periodic.daily @@ -0,0 +1,5 @@ +#!/bin/sh +#update FWSNORT Rules & PSAD signatures daily +/usr/bin/update-fwsnort +exit 0 + -- cgit v1.2.3