From a11aaa91b36761f07f05db5cc1a3efd27cf0bf88 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Mon, 4 Jul 2016 11:49:39 +0200 Subject: [PATCH] guardian: Update to 2.0. Update guardian to the re-written version. Signed-off-by: Stefan Schantl --- config/backup/includes/guardian | 4 + config/guardian/guardian.logrotate | 12 +++ config/menu/EX-guardian.menu | 6 ++ config/rootfiles/common/armv5tel/initscripts | 2 + config/rootfiles/common/configroot | 1 + config/rootfiles/common/i586/initscripts | 2 + config/rootfiles/common/web-user-interface | 1 + config/rootfiles/common/x86_64/initscripts | 2 + config/rootfiles/packages/guardian | 25 +++++-- lfs/guardian | 75 +++++++++++++++---- src/initscripts/init.d/guardian | 56 ++++++++++++++ .../init.d/networking/red.up/35-guardian | 3 + 12 files changed, 168 insertions(+), 21 deletions(-) create mode 100644 config/backup/includes/guardian create mode 100644 config/guardian/guardian.logrotate create mode 100644 config/menu/EX-guardian.menu create mode 100755 src/initscripts/init.d/guardian create mode 100644 src/initscripts/init.d/networking/red.up/35-guardian diff --git a/config/backup/includes/guardian b/config/backup/includes/guardian new file mode 100644 index 0000000000..e5433f0b8a --- /dev/null +++ b/config/backup/includes/guardian @@ -0,0 +1,4 @@ +/var/ipfire/guardian/guardian.conf +/var/ipfire/guardian/guardian.ignore +/var/ipfire/guardian/settings +/var/ipfire/guardian/ignored diff --git a/config/guardian/guardian.logrotate b/config/guardian/guardian.logrotate new file mode 100644 index 0000000000..42f4817f5f --- /dev/null +++ b/config/guardian/guardian.logrotate @@ -0,0 +1,12 @@ +lastaction + /usr/bin/guardianctrl logrotate &>/dev/null +endscript + +/var/log/guardian/guardian.log { + weekly + rotate 4 + copytruncate + compress + notifempty + missingok +} diff --git a/config/menu/EX-guardian.menu b/config/menu/EX-guardian.menu new file mode 100644 index 0000000000..89cda9d35d --- /dev/null +++ b/config/menu/EX-guardian.menu @@ -0,0 +1,6 @@ +$subservices->{'65.guardian'} = { + 'caption' => $Lang::tr{'guardian'}, + 'uri' => '/cgi-bin/guardian.cgi', + 'title' => "$Lang::tr{'guardian'}", + 'enabled' => '1', + }; diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index c6f4dbcfbc..29b3290194 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -36,6 +36,7 @@ etc/rc.d/init.d/firstsetup etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -92,6 +93,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index f37f97e212..7552b96c43 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -110,6 +110,7 @@ var/ipfire/menu.d/70-log.menu #var/ipfire/menu.d/EX-apcupsd.menu #var/ipfire/menu.d/EX-asterisk.menu #var/ipfire/menu.d/EX-bluetooth.menu +#var/ipfire/menu.d/EX-guardian.menu #var/ipfire/menu.d/EX-imspector.menu #var/ipfire/menu.d/EX-mpfire.menu #var/ipfire/menu.d/EX-samba.menu diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 16ccfe2353..443dee3c2b 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index b9780ea4f2..8c94d2e16e 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -23,6 +23,7 @@ srv/web/ipfire/cgi-bin/fireinfo.cgi srv/web/ipfire/cgi-bin/firewall.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi srv/web/ipfire/cgi-bin/geoip-block.cgi +#srv/web/ipfire/cgi-bin/guardian.cgi srv/web/ipfire/cgi-bin/gpl.cgi srv/web/ipfire/cgi-bin/gui.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 16ccfe2353..443dee3c2b 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/packages/guardian b/config/rootfiles/packages/guardian index 2ebdf1e8bf..9eb3fedfe6 100644 --- a/config/rootfiles/packages/guardian +++ b/config/rootfiles/packages/guardian @@ -1,8 +1,23 @@ -usr/local/bin/guardian.pl -usr/local/bin/guardian_block.sh -usr/local/bin/guardian_unblock.sh +etc/logrotate.d/guardian +etc/rc.d/init.d/guardian +etc/rc.d/init.d/networking/red.up/35-guardian +etc/rc.d/rc0.d/K76guardian +etc/rc.d/rc3.d/S45guardian +etc/rc.d/rc6.d/K76guardian +srv/web/ipfire/cgi-bin/guardian.cgi +usr/bin/guardianctrl +#usr/lib/perl5/site_perl/5.12.3/Guardian +usr/lib/perl5/site_perl/5.12.3/Guardian/Base.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Config.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Daemon.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Events.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/IPtables.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Logger.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Parser.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Socket.pm +usr/sbin/guardian +var/ipfire/backup/addons/includes/guardian var/ipfire/guardian -var/ipfire/guardian/guardian.conf -var/ipfire/guardian/guardian.ignore +var/ipfire/menu.d/EX-guardian.menu var/log/guardian var/log/guardian/guardian.log diff --git a/lfs/guardian b/lfs/guardian index a91fbd9ab0..c26460ee6f 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -24,46 +24,89 @@ include Config -VER = ipfire +VER = 2.0 THISAPP = guardian-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) + PROG = guardian -PAK_VER = 9 +PAK_VER = 10 + +DEPS = "perl-inotify2 perl-Net-IP" -DEPS = "" ############################################################################### # Top-level Rules ############################################################################### -objects = +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 5ddabfb89900d5232809a0d9ff9b8e9e install : $(TARGET) -check : +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) -download : +download :$(patsubst %,$(DIR_DL)/%,$(objects)) -md5 : +md5 : $(subst %,%_MD5,$(objects)) -dist: +dist: @$(PAK) +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + ############################################################################### # Installation Details ############################################################################### $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - -mkdir -p /var/ipfire/guardian /var/log/guardian - touch /var/log/guardian/guardian.log - touch /var/ipfire/guardian/guardian.ignore - install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/ + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE) + + # Adjust path for firewall binaries. + cd $(DIR_APP) && sed -i "s|/usr/sbin/|/sbin/|g" modules/IPtables.pm + + cd $(DIR_APP) && make + cd $(DIR_APP) && make install + + # Create config directory and create files. + -mkdir -pv /var/ipfire/guardian chown nobody.nobody /var/ipfire/guardian - chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore} + + # Create directory and file for logging. + -mkdir -pv /var/log/guardian + touch /var/log/guardian/guardian.log + + # Create symlinks for runlevel interaction. + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc3.d/S45guardian + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc0.d/K76guardian + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc6.d/K76guardian + + # Install include file for backup. + install -v -m 644 $(DIR_SRC)/config/backup/includes/guardian \ + /var/ipfire/backup/addons/includes/guardian + + # Logrotate. + -mkdir -pv /etc/logrotate.d + install -v -m 644 $(DIR_SRC)/config/guardian/guardian.logrotate \ + /etc/logrotate.d/guardian + + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/init.d/guardian b/src/initscripts/init.d/guardian new file mode 100755 index 0000000000..0ff59b7151 --- /dev/null +++ b/src/initscripts/init.d/guardian @@ -0,0 +1,56 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/guardian +# +# Description : Guardian Initscript +# +# Authors : Kim Wölfel for ipfire.org +# +# Version : 01.00 +# +# Notes : +# +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +eval $(/usr/local/bin/readhash /var/ipfire/guardian/settings) + +function guardian_is_enabled() { + [ "${GUARDIAN_ENABLED}" = "on" ] +} + +case "$1" in + start) + guardian_is_enabled || exit 0 + + boot_mesg "Starting Guardian..." + loadproc /usr/sbin/guardian -c /var/ipfire/guardian/guardian.conf + ;; + + stop) + if ([ -f /run/guardian/guardian.pid ]); then + boot_mesg "Stopping Guardian..." + kill $(cat /run/guardian/guardian.pid) + sleep 1; + fi + ;; + + status) + statusproc /usr/sbin/guardian + ;; + + restart) + $0 stop + sleep 2 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/guardian diff --git a/src/initscripts/init.d/networking/red.up/35-guardian b/src/initscripts/init.d/networking/red.up/35-guardian new file mode 100644 index 0000000000..587762b53d --- /dev/null +++ b/src/initscripts/init.d/networking/red.up/35-guardian @@ -0,0 +1,3 @@ +#!/bin/bash + +exec /usr/bin/guardianctrl reload-ignore-list 2&>/dev/null -- 2.39.2