guardian: Update to 2.0.

Update guardian to the re-written version. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2016-07-04 11:49:39 +02:00
parent f617f21cc0
commit a11aaa91b3
12 changed files with 169 additions and 22 deletions
--- a/config/backup/includes/guardian
+++ b/config/backup/includes/guardian
@@ -0,0 +1,4 @@
+/var/ipfire/guardian/guardian.conf
+/var/ipfire/guardian/guardian.ignore
+/var/ipfire/guardian/settings
+/var/ipfire/guardian/ignored
--- a/config/guardian/guardian.logrotate
+++ b/config/guardian/guardian.logrotate
@@ -0,0 +1,12 @@
+lastaction
+	/usr/bin/guardianctrl logrotate &>/dev/null
+endscript
+
+/var/log/guardian/guardian.log {
+    weekly
+    rotate 4
+    copytruncate
+    compress
+    notifempty
+    missingok
+}
--- a/config/menu/EX-guardian.menu
+++ b/config/menu/EX-guardian.menu
@@ -0,0 +1,6 @@
+$subservices->{'65.guardian'} = {
+				'caption' => $Lang::tr{'guardian'},
+				'uri' => '/cgi-bin/guardian.cgi',
+				'title' => "$Lang::tr{'guardian'}",
+				'enabled' => '1',
+				};
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -36,6 +36,7 @@ etc/rc.d/init.d/firstsetup
 etc/rc.d/init.d/fsresize
 etc/rc.d/init.d/functions
 #etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
 etc/rc.d/init.d/halt
 #etc/rc.d/init.d/haproxy
 #etc/rc.d/init.d/hostapd
@@ -92,6 +93,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
 etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -110,6 +110,7 @@ var/ipfire/menu.d/70-log.menu
 #var/ipfire/menu.d/EX-apcupsd.menu
 #var/ipfire/menu.d/EX-asterisk.menu
 #var/ipfire/menu.d/EX-bluetooth.menu
+#var/ipfire/menu.d/EX-guardian.menu
 #var/ipfire/menu.d/EX-imspector.menu
 #var/ipfire/menu.d/EX-mpfire.menu
 #var/ipfire/menu.d/EX-samba.menu
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup
 etc/rc.d/init.d/fsresize
 etc/rc.d/init.d/functions
 #etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
 etc/rc.d/init.d/halt
 #etc/rc.d/init.d/haproxy
 #etc/rc.d/init.d/hostapd
@@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
 etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -23,6 +23,7 @@ srv/web/ipfire/cgi-bin/fireinfo.cgi
 srv/web/ipfire/cgi-bin/firewall.cgi
 srv/web/ipfire/cgi-bin/fwhosts.cgi
 srv/web/ipfire/cgi-bin/geoip-block.cgi
+#srv/web/ipfire/cgi-bin/guardian.cgi
 srv/web/ipfire/cgi-bin/gpl.cgi
 srv/web/ipfire/cgi-bin/gui.cgi
 srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup
 etc/rc.d/init.d/fsresize
 etc/rc.d/init.d/functions
 #etc/rc.d/init.d/gnump3d
+#etc/rc.d/init.d/guardian
 etc/rc.d/init.d/halt
 #etc/rc.d/init.d/haproxy
 #etc/rc.d/init.d/hostapd
@@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
 etc/rc.d/init.d/networking/red.up/24-RS-qos
 etc/rc.d/init.d/networking/red.up/27-RS-squid
 etc/rc.d/init.d/networking/red.up/30-ddns
+#etc/rc.d/init.d/networking/red.up/35-guardian
 etc/rc.d/init.d/networking/red.up/40-ipac
 etc/rc.d/init.d/networking/red.up/50-ipsec
 etc/rc.d/init.d/networking/red.up/50-ovpn
--- a/config/rootfiles/packages/guardian
+++ b/config/rootfiles/packages/guardian
@@ -1,8 +1,23 @@
-usr/local/bin/guardian.pl
-usr/local/bin/guardian_block.sh
-usr/local/bin/guardian_unblock.sh
+etc/logrotate.d/guardian
+etc/rc.d/init.d/guardian
+etc/rc.d/init.d/networking/red.up/35-guardian
+etc/rc.d/rc0.d/K76guardian
+etc/rc.d/rc3.d/S45guardian
+etc/rc.d/rc6.d/K76guardian
+srv/web/ipfire/cgi-bin/guardian.cgi
+usr/bin/guardianctrl
+#usr/lib/perl5/site_perl/5.12.3/Guardian
+usr/lib/perl5/site_perl/5.12.3/Guardian/Base.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Config.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Daemon.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Events.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/IPtables.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Logger.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Parser.pm
+usr/lib/perl5/site_perl/5.12.3/Guardian/Socket.pm
+usr/sbin/guardian
+var/ipfire/backup/addons/includes/guardian
 var/ipfire/guardian
-var/ipfire/guardian/guardian.conf
-var/ipfire/guardian/guardian.ignore
+var/ipfire/menu.d/EX-guardian.menu
 var/log/guardian
 var/log/guardian/guardian.log
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -24,46 +24,89 @@

 include Config

-VER        = ipfire
+VER        = 2.0

 THISAPP    = guardian-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
-PROG       = guardian
-PAK_VER    = 9

-DEPS       = ""
+PROG       = guardian
+PAK_VER    = 10
+
+DEPS       = "perl-inotify2 perl-Net-IP"
+

 ###############################################################################
 # Top-level Rules
 ###############################################################################

-objects =
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 5ddabfb89900d5232809a0d9ff9b8e9e

 install : $(TARGET)

-check : 
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))

-download :
+download :$(patsubst %,$(DIR_DL)/%,$(objects))

-md5 : 
+md5 : $(subst %,%_MD5,$(objects))

-dist: 
+dist:
 	@$(PAK)

+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
 ###############################################################################
 # Installation Details
 ###############################################################################

 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
-	-mkdir -p /var/ipfire/guardian /var/log/guardian
-	touch /var/log/guardian/guardian.log
-	touch /var/ipfire/guardian/guardian.ignore
-	install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/
-	install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/
-	install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/
-	install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE)
+
+	# Adjust path for firewall binaries.
+	cd $(DIR_APP) && sed -i "s|/usr/sbin/|/sbin/|g" modules/IPtables.pm
+
+	cd $(DIR_APP) && make
+	cd $(DIR_APP) && make install
+
+	# Create config directory and create files.
+	-mkdir -pv /var/ipfire/guardian
 	chown nobody.nobody /var/ipfire/guardian
-	chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore}
+
+	# Create directory and file for logging.
+	-mkdir -pv /var/log/guardian
+	touch /var/log/guardian/guardian.log
+
+	# Create symlinks for runlevel interaction.
+	ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc3.d/S45guardian
+	ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc0.d/K76guardian
+	ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc6.d/K76guardian
+
+	# Install include file for backup.
+	install -v -m 644 $(DIR_SRC)/config/backup/includes/guardian \
+		/var/ipfire/backup/addons/includes/guardian
+
+	# Logrotate.
+	-mkdir -pv /etc/logrotate.d
+	install -v -m 644 $(DIR_SRC)/config/guardian/guardian.logrotate \
+		/etc/logrotate.d/guardian
+
+	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/src/initscripts/init.d/guardian
+++ b/src/initscripts/init.d/guardian
@@ -0,0 +1,56 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/guardian
+#
+# Description : Guardian Initscript
+#
+# Authors     : Kim Wölfel for ipfire.org
+#
+# Version     : 01.00
+#
+# Notes       :
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+eval $(/usr/local/bin/readhash /var/ipfire/guardian/settings)
+
+function guardian_is_enabled() {
+	[ "${GUARDIAN_ENABLED}" = "on" ]
+}
+
+case "$1" in
+        start)
+			guardian_is_enabled || exit 0
+
+			boot_mesg "Starting Guardian..."
+			loadproc /usr/sbin/guardian -c /var/ipfire/guardian/guardian.conf
+	;;
+
+	stop)
+		if ([ -f /run/guardian/guardian.pid ]); then
+			boot_mesg "Stopping Guardian..."
+			kill $(cat /run/guardian/guardian.pid)
+			sleep 1;
+		fi
+	;;
+
+        status)
+		statusproc /usr/sbin/guardian
+	;;
+
+	restart)
+		$0 stop
+		sleep 2
+		$0 start
+	;;
+
+	*)
+		echo "Usage: $0 {start|stop|restart|status}"
+		exit 1
+	;;
+esac
+
+# End $rc_base/init.d/guardian
--- a/src/initscripts/init.d/networking/red.up/35-guardian
+++ b/src/initscripts/init.d/networking/red.up/35-guardian
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec /usr/bin/guardianctrl reload-ignore-list 2&>/dev/null