From f97ff910471fb3ae2c8ea69befecaae8cbf6dbea Mon Sep 17 00:00:00 2001
From: aurelien <aurelien@cwb.io>
Date: Thu, 22 Nov 2012 10:59:05 +0100
Subject: + barnyard2 perl-iptables-parse perl-unix-syslog psad pulledpork
 snort vuurmuur xtables-addons

---
 pcr/psad/PKGBUILD                   | 66 +++++++++++++++++++++++++++++++++++++
 pcr/psad/psad-systemdinit.archlinux | 12 +++++++
 pcr/psad/psad-sysvinit.archlinux    | 52 +++++++++++++++++++++++++++++
 pcr/psad/psad.patch1                | 37 +++++++++++++++++++++
 pcr/psad/responses                  |  7 ++++
 5 files changed, 174 insertions(+)
 create mode 100644 pcr/psad/PKGBUILD
 create mode 100644 pcr/psad/psad-systemdinit.archlinux
 create mode 100644 pcr/psad/psad-sysvinit.archlinux
 create mode 100644 pcr/psad/psad.patch1
 create mode 100644 pcr/psad/responses

(limited to 'pcr/psad')

diff --git a/pcr/psad/PKGBUILD b/pcr/psad/PKGBUILD
new file mode 100644
index 000000000..145625e89
--- /dev/null
+++ b/pcr/psad/PKGBUILD
@@ -0,0 +1,66 @@
+# Maintainer: Artur Wojcik <xartii at gmail dot com>
+# Maintainer : Parabola GNU / Linux-libre Aurelien Desbrieres <aurelien@cwb.IO>
+
+pkgname=psad
+pkgver=2.2
+pkgrel=2
+pkgdesc="A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic"
+arch=('i686 x86_64')
+url="http://cipherdyne.org/psad/"
+license=('GPL')
+depends=('perl-bit-vector' 'perl-date-calc' 'perl-iptables-chainmgr' 'perl-iptables-parse' 'perl-net-ipv4addr' 'perl-storable' 'perl-unix-syslog' 'net-tools')
+source=("http://cipherdyne.org/psad/download/$pkgname-$pkgver.tar.gz" "responses" "psad-sysvinit.archlinux" "psad-systemdinit.archlinux" "psad.patch1")
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  cp $srcdir/psad-sysvinit.archlinux init-scripts/psad-init.archlinux
+  if [ ! -e responses ]; then 
+    ln $srcdir/responses responses -s; 
+  fi
+  patch -p1 -i $srcdir/psad.patch1
+
+  #Create the dirs it will need to make the program
+  mkdir -p $pkgdir/etc/psad \
+           $pkgdir/etc/rc.d \
+           $pkgdir/usr/bin \
+           $pkgdir/usr/sbin \
+           $pkgdir/usr/share/man/man8 \
+           $pkgdir/var/lib/psad \
+           $pkgdir/var/log/psad \
+           $pkgdir/var/run/psad \
+           $pkgdir/usr/lib/psad \
+           $pkgdir/usr/lib/systemd/system 
+  #Set the config dirs
+  sed -e "s|'/usr/sbin'|'$pkgdir/usr/sbin'|" \
+      -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
+      -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
+          ./install.pl -i
+  sed -e "s|/var/log/psad|$pkgdir&|" \
+      -e "s|/var/run/psad|$pkgdir&|" \
+      -e "s|/var/lib/psad|$pkgdir&|" \
+      -e "s|/usr/lib/psad|$pkgdir&|" \
+      -e "s|/etc/psad|$pkgdir&|" \
+      -e "s|/usr/bin/whois_psad|$pkgdir&|" \
+      -e "s|/usr/sbin/fwcheck_psad|$pkgdir&|" \
+      -e "s|/usr/sbin/psadwatchd|$pkgdir&|" \
+      -e "s|/usr/sbin/kmsgsd|$pkgdir&|" \
+      -e "s|/usr/sbin/psad|$pkgdir&|" \
+        ./psad.conf -i
+
+  #hope that things work
+  ./install.pl --init-dir "$pkgdir/etc/rc.d/" < responses
+
+  #add the systemd service file
+  cp $srcdir/psad-systemdinit.archlinux $pkgdir/usr/lib/systemd/system/psad.service
+
+  # Fix the config
+  sed -e "s|$pkgdir||" $pkgdir/etc/psad/psad.conf -i
+  sed -e "s|$pkgdir||" $pkgdir/var/log/psad/install.log -i
+
+  #Set correct permissions  
+  chmod 0700 $pkgdir/var/lib/psad
+   
+
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/pcr/psad/psad-systemdinit.archlinux b/pcr/psad/psad-systemdinit.archlinux
new file mode 100644
index 000000000..991aa7423
--- /dev/null
+++ b/pcr/psad/psad-systemdinit.archlinux
@@ -0,0 +1,12 @@
+[Unit]
+Description=Port scan attack detector
+After=iptables.service
+
+[Service]
+ExecStart=/usr/sbin/psad
+ExecStop=/usr/sbin/psad --Kill
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/psad/psad-sysvinit.archlinux b/pcr/psad/psad-sysvinit.archlinux
new file mode 100644
index 000000000..6b4e76042
--- /dev/null
+++ b/pcr/psad/psad-sysvinit.archlinux
@@ -0,0 +1,52 @@
+#!/bin/bash
+#
+# Startup script for psad
+#
+# chkconfig: 345 99 05
+# description: The Port Scan Attack Detector (psad)
+# processname: psad
+# pidfile: /var/run/psad.pid
+# config: /etc/psad/psad.conf
+#
+# $Id: psad-init.archlinux
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+. /etc/conf.d/sshd
+
+PID=`cat /var/run/psad.pid`
+# See how we were called.
+case "$1" in
+start)
+    stat_busy "Starting psad"
+    [ -z "$PID" ] && /usr/sbin/psad
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      #let psad take care of the pid; we don't need to
+      add_daemon psad
+      stat_done
+    fi
+    ;;
+stop)
+    stat_busy "Stopping psad"
+    /usr/sbin/psad --Kill
+    if [ $? -gt 0 ]; then
+      stat_fail
+    else
+      #let psad take care of the pid; we don't need to
+      rm_daemon psad
+      stat_done
+    fi
+    ;;
+status)
+    /usr/sbin/psad --Status
+    ;;
+restart)
+    $0 stop
+    $0 start
+    ;;
+*)
+    echo "Usage: psad {start|stop|status|restart}"
+    exit 1
+esac
diff --git a/pcr/psad/psad.patch1 b/pcr/psad/psad.patch1
new file mode 100644
index 000000000..98ddd9a60
--- /dev/null
+++ b/pcr/psad/psad.patch1
@@ -0,0 +1,37 @@
+--- psad-2.2/install.pl	2012-04-21 04:43:46.000000000 +0200
++++ psad-2.2/install.pl	2012-10-13 16:05:03.302818330 +0200
+@@ -752,6 +752,8 @@
+         $init_file = 'init-scripts/psad-init.fedora';
+     } elsif ($distro eq 'gentoo') {
+         $init_file = 'init-scripts/psad-init.gentoo';
++    } elsif ($distro eq 'archlinux') {
++        $init_file = 'init-scripts/psad-init.archlinux';
+     } else {
+         $init_file = 'init-scripts/psad-init.generic';
+     }
+@@ -773,13 +775,14 @@
+     if ($preserve_rv) {
+         &logr("\n[+] psad has been installed (with your original config merged).\n");
+     } else {
+-        &logr("\n[+] psad has been installed.\n");
++        &logr("\n[+] psad has been compiled.\n");
++        &logr("\n[+] use pacman -U to install.\n");
+     }
+     if ($installed_init_script) {
+         if ($init_dir) {
+-            &logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n");
++            #&logr("\n[+] To start psad, run \"${init_dir}/psad start\"\n");
+         } else {
+-            &logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n");
++            #&logr("\n[+] To start psad, run ${USRSBIN_DIR}/psad\"\n");
+         }
+     }
+ 
+@@ -1748,6 +1751,7 @@
+ 
+ sub get_distro() {
+     return 'gentoo' if -e '/etc/gentoo-release';
++    return 'archlinux' if -e '/etc/archlinux-release';
+     if (-e '/etc/issue') {
+         ### Red Hat Linux release 6.2 (Zoot)
+         open ISSUE, '< /etc/issue' or
diff --git a/pcr/psad/responses b/pcr/psad/responses
new file mode 100644
index 000000000..715dfaf1a
--- /dev/null
+++ b/pcr/psad/responses
@@ -0,0 +1,7 @@
+n
+n
+y
+n
+n
+n
+
-- 
cgit v1.2.3