Tripwire-Policy gefixt.

Backupctrl zur ISO gefuegt.
Das logger-Tool loggt nicht korrekt in eine Datei.
Unser IPSec-restart-Problem mit einem kleinem Patch behoben.
  Das das ifconfig Fehler liefert nehmen wir IP.
  Bitte testet dies noch einmal langfristig!!!


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@713 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

config/etc/syslog.conf

@@ -5,10 +5,10 @@
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
 # local0.* any dhcpcd log (even debug) in messages
-daemon.*;local0.*;local2.*;*.info;mail.none;authpriv.*	-/var/log/messages
+daemon.*;local0.*;local2.*;*.info;mail.none;authpriv.*	/var/log/messages
 
 # Log crons
-#cron.*										-/var/log/cron.log
+#cron.*										/var/log/cron.log
 
 # Everybody gets emergency messages
 *.emerg										*
@@ -23,4 +23,4 @@ local7.*									/var/log/boot.log
 #*.*											@hostname.domain
 
 # Postfix logs
-mail.*										-/var/log/mail
+mail.*										/var/log/mail

config/rootfiles/common/misc-progs

@@ -1,3 +1,6 @@
+#usr/local/bin/applejuicectrl
+usr/local/bin/backupctrl
+#usr/local/bin/clamavctrl
 usr/local/bin/dhcpctrl
 usr/local/bin/extrahdctrl
 usr/local/bin/getipstat
@@ -6,12 +9,13 @@ usr/local/bin/ipfirereboot
 usr/local/bin/ipsecctrl
 usr/local/bin/launch-ether-wake
 usr/local/bin/logwatch
+#usr/local/bin/mpfirectrl
 usr/local/bin/openvpnctrl
 usr/local/bin/outgoingfwctrl
+usr/local/bin/pakfire
 usr/local/bin/qosctrl
 usr/local/bin/rebuildhosts
 usr/local/bin/redctrl
-usr/local/bin/pakfire
 usr/local/bin/restartssh
 usr/local/bin/restartsyslogd
 usr/local/bin/restartwireless
@@ -25,4 +29,5 @@ usr/local/bin/smartctrl
 usr/local/bin/snortctrl
 usr/local/bin/squidctrl
 usr/local/bin/timectrl
+#usr/local/bin/tripwirectrl
 usr/local/bin/upnpctrl

config/tripwire/twpol.txt

@@ -39,7 +39,7 @@ SIG_HI        = 100 ;                # Critical files that are significant point
   /sbin                            -> $(SEC_CRIT) ;
   /usr                             -> $(SEC_CRIT) ;
   !/usr/src                                       ;
-  !usr/share/clamav                               ;
+  !/usr/share/clamav                               ;
   /etc/mtab                        -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
 
   #don't scan the individual reports

lfs/openswan

@@ -89,5 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	ln -sf $(CONFIG_ROOT)/ca    /etc/ipsec.d/cacerts
 	ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
 	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
+	
+	patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-startklips-1.patch
+	
 	#@rm -rf $(DIR_APP)
 	@$(POSTBUILD)

src/install+setup/install/main.c

@@ -159,8 +159,12 @@ int main(int argc, char *argv[])
 		if (strstr (line, "unattended") != NULL) {
 		    unattended = 1;
 		}
-		// Loading the cdrom-filesystem
+		// Loading the cdrom-filesystem and ext2
 		mysystem("/sbin/modprobe iso9660");
+		mysystem("/sbin/modprobe ext2");
+		
+		// Loading the via_rhine driver because it isn't detected correctly
+		mysystem("/sbin/modprobe via_rhine");
 	}
 
 	if (unattended) {

src/pakfire/lib/functions.pl

@@ -66,7 +66,10 @@ sub message {
 
 sub logger {
 	my $log = shift;
-	system("logger -f /var/log/pakfire.log -t pakfire \"$log\"") if "$log";
+	if ($log) {
+		system("echo \"`date`: $log\" >> /var/log/pakfire.log");
+		#system("logger -t pakfire \"$log\"");
+	}
 }
 
 sub usage {

src/patches/openswan-2.4.9-startklips-1.patch

@@ -0,0 +1,52 @@
+--- /usr/lib/ipsec/_startklips_old	2007-07-16 04:14:15.000000000 +0000
++++ /usr/lib/ipsec/_startklips	2007-07-19 22:12:37.000000000 +0000
+@@ -104,23 +104,23 @@
+ 
+ 	# figure out ifconfig for interface
+ 	addr=
+-	eval `ifconfig $phys |
+-		awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
+-			gsub(/:/, " ", $0)
+-			print "addr=" $3
+-			other = $5
+-			if ($4 == "Bcast")
+-				print "type=broadcast"
+-			else if ($4 == "P-t-P")
+-				print "type=pointopoint"
+-			else if (NF == 5) {
+-				print "type="
+-				other = ""
+-			} else
+-				print "type=unknown"
+-			print "otheraddr=" other
+-			print "mask=" $NF
+-		}'`
++	eval `ip addr show red0 | awk '$1 == "inet"  { gsub(/\//, " "); 
++				print "addr=" $2;
++				print "mask=" $3;
++				print "otheraddr=" $5;
++			}'`
++	eval `ip addr show red0 | awk '$3 ~ /BROADCAST|POINTTOPOINT/ { 
++				if ($3 ~ /BROADCAST/) 
++					print "type=broadcast"; 
++				else if ($3 ~ /POINTTOPOINT/) 
++					print "type=pointtopoint";
++				else {
++					print "type=";
++					print "otheraddr=";
++				}
++			}'`
++	eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'`
++	
+ 	if test " $addr" = " "
+ 	then
+ 		echo "unable to determine address of \`$phys'"
+@@ -129,7 +129,7 @@
+ 	if test " $type" = " unknown"
+ 	then
+ 		echo "\`$phys' is of an unknown type"
+-		exit 1
++		exit 1 
+ 	fi
+ 	if test " $omtu" != " "
+ 	then