mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-05 16:52:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
aports/testing/psad/APKBUILD
Stuart Cardall bedbf48969 /testing/PSAD - version bump to 2.2.3 
Version bump to PSAD 2.2.3

ChangeLog

psad-2.2.3 (03/01/2014):
    - Added compatibility with 'upstart' init daemons with assistance from Tim
      Kramer.  This change adds a new config variable 'ENABLE_PSADWATCHD' that
      can be used to disable psadwatchd when deployed with upstart since it
      has built-in process monitoring and restarting capabilities.  By default
      psadwatchd is not enabled anymore since this variable is set to "N". The
      reason for this change is that psad is extremely stable and so almost
      never needs to be restarted in practice, and process monitoring is
      better provided via other solutions (like upstart) anyway.  In addition,
      a new init script located at init-scripts/upstart/psad.conf has been
      added that is compatible with upstart - this script is meant to be copied
      to the /etc/init/ directory.
    - (Wolfgang Breyha) Bug fix to allow VLAN interfaces and interface aliases
      in IGNORE_INTERFACES.  This fixes issue #8 on github.
    - Bug fix to not modify /etc/hosts.deny permissions when removing
      tcpwrappers auto-block rules. This issue was reported as Debian bug
      #724267 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724267) and
      relayed via Franck Joncourt. Closes issue #7 on github.

psad-2.2.2 (01/13/2014):
    - Added detection for Errata Security's "Masscan" port scanner that was
      used in an Internet-wide scan for port 22 on Sept. 12, 2013 (see:
      http://blog.erratasec.com/2013/09/we-scanned-internet-for-port-22.html).
      The detection strategy used by psad relies on the fact that masscan does
      not appear to set the options portion of the TCP header, and if the
      iptables LOG rules that generate log data for psad are built with the
      --log-tcp-options switch, then no options in a SYN scan can be seen.
      This is not to say that other scanning software always sets TCP options -
      Scapy seems to not set options by default when issuing a SYN scan like
      this either: http://www.secdev.org/projects/scapy/doc/usage.html#syn-scans
      There is a new psad.conf variable "EXPECT_TCP_OPTIONS" to assist with
      Masscan detection as well.  When looking for Masscan SYN scans, psad
      requires at least one TCP options field to be populated within a LOG
      message (so that it knows --log-tcp-options has been set for at least
      some logged traffic), and after seeing this then SYN packets with no
      options are attributed to Masscan traffic.  All usual psad threshold
      variables continue to apply however, so (by default) a single Masscan
      SYN packet will not trigger a psad alert.  Masscan detection can be
      disabled altogether by setting EXPECT_TCP_OPTIONS to "N", and this will
      not affect any other psad detection techniques such as passive OS
      fingerprinting, etc.
    - RPM bug fix to include the protocols file.
2014-03-31 11:52:41 +00:00

109 lines
5.1 KiB
Plaintext
Raw Blame History

# Contributor: IT Offshore <developer@it-offshore.co.uk>
# Maintainer:
pkgname=psad
pkgver=2.2.3
pkgrel=0
pkgdesc="3 lightweight system daemons that analyze iptables log messages to detect port scans and other suspicious traffic"
url="http://cipherdyne.org/psad/"
arch="all"
license="GPL"
depends="perl iptables ip6tables ssmtp mailx psmisc perl-bit-vector perl-date-calc perl-iptables-chainmgr perl-iptables-parse perl-net-ipv4addr perl-unix-syslog net-tools"
subpackages="$pkgname-doc"
source="http://cipherdyne.org/psad/download/$pkgname-nodeps-$pkgver.tar.gz
psad.initd
psad.confd
"
_builddir="$srcdir"/$pkgname-$pkgver
build() {
cd "$_builddir"
#Set the config dirs
sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
-e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
-e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
./install.pl -i
#/usr/sbin/psadwatchd set with last cmd
sed -e "s|/var/log/psad|$pkgdir&|" \
-e "s|/var/run/psad|$pkgdir&|" \
-e "s|/var/lib/psad|$pkgdir&|" \
-e "s|/usr/lib/psad|$pkgdir&|" \
-e "s|/etc/psad|$pkgdir&|" \
-e "s|/usr/bin/whois_psad|$pkgdir/usr/bin/whois|" \
-e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
-e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
-e "s|/usr/sbin/psad|$pkgdir&|" \
./psad.conf -i
# set mail command to mailx
sed -e 's|/bin/mail;|/usr/bin/mail;|g' -i ./psad.conf
#Disable install of generic init script & setting numeric run level
START=$(sed -n '/if ($init_dir and &is_root()) {/=' ./install.pl)
END=$(expr $START + 7)
#Busybox sed does not support +7d
sed -e ''$START','$END'd' ./install.pl -i
#populate install.answers so build does not wait for them
echo -e "Would you like to merge the config from the existing psad installation:\t n;" > ./install.answers
echo -e "Preserve any user modfications in etc psad signatures:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad icmp_types:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad icmp6_types:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad posf:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad auto_dl:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad snort_rule_dl:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad pf os:\t y;" >> ./install.answers
echo -e "Preserve any user modfications in etc psad ip_options:\t y;" >> ./install.answers
echo -e "Would you like alerts sent to a different address:\t y;" >> ./install.answers
echo -e "Email addresses:\t root@localhost;" >> ./install.answers
echo -e "Would you like psad to only parse specific strings in iptables messages:\t n;" >> ./install.answers
echo -e "First is it ok to leave the HOME_NET setting as any:\t y;" >> ./install.answers
echo -e "Would you like to enable DShield alerts:\t n;" >> ./install.answers
echo -e "Would you like to install the latest signatures from http www cipherdyne org psad signatures:\t n;" >> ./install.answers
echo -e "Enable psad at boot time:\t n;" >> ./install.answers
}
package() {
cd "$_builddir"
mkdir -p $pkgdir/etc/psad \
$pkgdir/usr/bin \
$pkgdir/usr/sbin \
$pkgdir/usr/share/man/man8 \
$pkgdir/var/lib/psad \
$pkgdir/var/log/psad \
$pkgdir/var/run/psad
# add dummy whois so build completes
ln -s /bin/busybox $pkgdir/usr/bin/whois
# dummy runlevel 1 / skip perl module installation
./install.pl --runlevel 1 --Use-answers --Skip-mod-install
#Set correct permissions
chmod -R o+r $pkgdir/etc/psad
chmod -R o+r $pkgdir/usr/sbin/*
chmod 0700 $pkgdir/var/lib/psad
#remove whois symbolic link
rm -rf $pkgdir/usr/bin/whois
# Fix the config
sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
#install init script & config defaults
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/$pkgname || return 1
install -m644 -D "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/$pkgname || return 1
}
md5sums="c01dbd4f08d6d77ccdc0a27d1f21be91 psad-nodeps-2.2.3.tar.gz
e079dfcd533bc9bcf6f32525868fdd9b psad.initd
bc07efebb41cc23c4be129bbbacc874b psad.confd"
sha256sums="e8f1d31555156dc4e71869f48312978d8432d74d4f9a475817b9ac43a8868274 psad-nodeps-2.2.3.tar.gz
f1570450fd5e4e6a6e044b52ecd342d8f2bc2034ec8699c244b9f1a79d38026c psad.initd
74c72225fa37c367a458321b737050cacaf262f32b0cc13babc54468ff1988b9 psad.confd"
sha512sums="8ab5684708b538266526bd0fdfcc0044acb1c59630e3c16dd4573105e8e703a037b446398e2c9f50be24ef5ae70bf46d98b59f11b6c5e81fc5b11abe0b1bde33 psad-nodeps-2.2.3.tar.gz
e4daea5c93b72d9818388435dd90d24360336cc3a46c698feb01162e40b78a0f96241054368303b3093e64f1cd517db08de4b6e128a8e0ec77e6b9770e10cec9 psad.initd
a80666f59356cc6157a9f5dca132991d4f1e0afda8f673d602de2557219d5521bec9ae148330e98d9483175d14d96e4cc2ccd11541d8b187b0e47f44ba4ada54 psad.confd"
Reference in New Issue View Git Blame Copy Permalink