webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-25 18:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'stevee/guardian-2.0' into next

Browse Source
This commit is contained in:
Michael Tremer
2016-08-02 12:18:29 +01:00
parent de5627819b e73a5ce77a
commit afc0f6e884
30 changed files with 1630 additions and 607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/backup/includes/guardian Normal file
View File

@@ -0,0 +1,4 @@
/var/ipfire/guardian/guardian.conf
/var/ipfire/guardian/guardian.ignore
/var/ipfire/guardian/settings
/var/ipfire/guardian/ignored

33
config/guardian/guardian.conf
View File

@@ -1,33 +0,0 @@
# The machines IP address that is visable to the internet
# If this is left undefined, then guardian will attempt to get the information
# from ifconfig, as long as it has an interface to use. This would be useful
# for people on ppp links, or dhcp machines, or if you are lazy :)
# HostIpAddr
# Here we define the interface which we will use to guess the IP address, and
# block incoming offending packets. This is the only option that is required
# for guardian to run. If the rest are undefined, guardian will use the default.
Interface ppp0
# The last octet of the ip address, which gives us the gateway address.
HostGatewayByte 1
# Guardian's log file
LogFile /var/log/guardian/guardian.log
# Snort's alert file. This can be the snort.alert file, or a syslog file
# There might be some snort alerts that get logged to syslog which guardian
# might not see..
AlertFile /var/log/snort/alert
# The list of ip addresses to ignore
IgnoreFile /var/ipfire/guardian/guardian.ignore
# This is a list of IP addresses on the current host, in case there is more
# than one. If this file doesn't exist, then it will assume you want to run
# with the default setup (machine's ip address, and broadcast/network).
TargetFile /var/ipfire/guardian/guardian.target
# The time in seconds to keep a host blocked. If undefined, it defaults to
# 99999999, which basicly disables the feature.
TimeLimit 86400

12
config/guardian/guardian.logrotate Normal file
View File

@@ -0,0 +1,12 @@
lastaction
/usr/bin/guardianctrl logrotate &>/dev/null
endscript
/var/log/guardian/guardian.log {
weekly
rotate 4
copytruncate
compress
notifempty
missingok
}

431
config/guardian/guardian.pl
View File

@@ -1,431 +0,0 @@
#!/usr/bin/perl
# based on V 1.7 guardian enhanced for IPFire and snort 2.8
# Read the readme file for changes
#
# Enhanced for IPFire by IPFire Team
# Added Portscan detection for non syslog system
# Added SSH-Watch for SSH-Bruteforce Attacks
# An suppected IP will be blocked on all interfaces
$OS=`uname`;
chomp $OS;
print "OS shows $OS\n";
require 'getopts.pl';
&Getopts ('hc:d');
if (defined($opt_h)) {
print "Guardian v1.7 \n";
print "guardian.pl [-hd] <-c config>\n";
print " -h shows help\n";
print " -d run in debug mode (doesn't fork, output goes to STDOUT)\n";
print " -c specifiy a configuration file other than the default (/etc/guardian.conf)\n";
exit;
}
&load_conf;
&sig_handler_setup;
print "My ip address and interface are: $hostipaddr $interface\n";
if ($hostipaddr !~ /\d+\.\d+\.\d+\.\d+/) {
print "This ip address is bad : $hostipaddr\n";
die "I need a good host ipaddress\n";
}
$networkaddr = $hostipaddr;
$networkaddr =~ s/\d+$/0/;
$gatewayaddr = `cat /var/ipfire/red/remote-ipaddress 2>/dev/null`;
$broadcastaddr = $hostipaddr;
$broadcastaddr =~ s/\d+$/255/;
&build_ignore_hash;
print "My gatewayaddess is: $gatewayaddr\n";
# This is the target hash. If a packet was destened to any of these, then the
# sender of that packet will get denied, unless it is on the ignore list..
%targethash = ( "$networkaddr" => 1,
"$broadcastaddr" => 1,
"0" => 1, # This is what gets sent to &checkem if no
# destination was found.
"$hostipaddr" => 1);
&get_aliases;
%sshhash = ();
if ( -e $targetfile ) {
&load_targetfile;
}
if (!defined($opt_d)) {
print "Becoming a daemon..\n";
&daemonize;
} else { print "Running in debug mode..\n"; }
open (ALERT, $alert_file) or die "can't open alert file: $alert_file: $!\n";
seek (ALERT, 0, 2); # set the position to EOF.
# this is the same as a tail -f :)
$counter=0;
open (ALERT2, "/var/log/messages" ) or die "can't open /var/log/messages: $!\n";
seek (ALERT2, 0, 2); # set the position to EOF.
# this is the same as a tail -f :)
for (;;) {
sleep 1;
if (seek(ALERT,0,1)){
while (<ALERT>) {
chop;
if (defined($opt_d)) {
print "$_\n";
}
if (/\[\*\*\]\s+(.*)\s+\[\*\*\]/){
$type=$1;
}
if (/(\d+\.\d+\.\d+\.\d+):\d+ -\> (\d+\.\d+\.\d+\.\d+):\d+/) {
&checkem ($1, $2, $type);
}
if (/(\d+\.\d+\.\d+\.\d+)+ -\> (\d+\.\d+\.\d+\.\d+)+/) {
&checkem ($1, $2, $type);
}
}
}
sleep 1;
if (seek(ALERT2,0,1)){
while (<ALERT2>) {
chop;
if ($_=~/.*sshd.*Failed password for .* from.*/) {
my @array=split(/ /,$_);
my $temp = "";
if ( $array[11] eq "port" ) {
$temp = $array[10];
} elsif ( $array[11] eq "from" ) {
$temp = $array[12];
} else {
$temp = $array[11];
}
&checkssh ($temp, "possible SSH-Bruteforce Attack");}
# This should catch Bruteforce Attacks with enabled preauth
if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):.*\[preauth\]/) {
&checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");}
}
}
# Run this stuff every 30 seconds..
if ($counter == 30) {
&remove_blocks; # This might get moved elsewhere, depending on how much load
# it puts on the system..
&check_log_name;
$counter=0;
} else {
$counter=$counter+1;
}
}
sub check_log_name {
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
$atime,$mtime,$ctime,$blksize,$blocks) = stat($alert_file);
if ($size < $previous_size) { # The filesize is smaller than last
close (ALERT); # we checked, so we need to reopen it
open (ALERT, "$alert_file"); # This should still work in our main while
$previous_size=$size; # loop (I hope)
write_log ("Log filename changed. Reopening $alert_file\n");
} else {
$previous_size=$size;
}
}
sub checkem {
my ($source, $dest,$type) = @_;
my $flag=0;
return 1 if ($source eq $hostipaddr);
# this should prevent is from nuking ourselves
return 1 if ($source eq $gatewayaddr); # or our gateway
if ($ignore{$source} == 1) { # check our ignore list..
&write_log("$source\t$type\n");
&write_log("Ignoring attack because $source is in my ignore list\n");
return 1;
}
# if the offending packet was sent to us, the network, or the broadcast, then
if ($targethash{$dest} == 1) {
&ipchain ($source, $dest, $type);
}
# you will see this if the destination was not in the $targethash, and the
# packet was not ignored before the target check..
else {
&write_log ("Odd.. source = $source, dest = $dest - No action done.\n");
if (defined ($opt_d)) {
foreach $key (keys %targethash) {
&write_log ("targethash{$key} = $targethash{$key}\n");
}
}
}
}
sub checkssh {
my ($source,$type) = @_;
my $flag=0;
return 1 if ($source eq $hostipaddr);
# this should prevent is from nuking ourselves
return 1 if ($source eq $gatewayaddr); # or our gateway
return 0 if ($sshhash{$source} > 4); # allready blocked
if ( ($ignore{$source} == 1) ){
&write_log("Ignoring attack because $source is in my ignore list\n");
return 1;
}
if ($sshhash{$source} == 4 ) {
&write_log ("source = $source, blocking for ssh attack.\n");
&ipchain ($source, "", $type);
$sshhash{$source} = $sshhash{$source}+1;
return 0;
}
if ($sshhash{$source} eq "" ){
$sshhash{$source} = 1;
&write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n");
return 0;
}
$sshhash{$source} = $sshhash{$source}+1;
&write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n");
}
sub ipchain {
my ($source, $dest, $type) = @_;
&write_log ("$source\t$type\n");
if ($hash{$source} eq "") {
&write_log ("Running '$blockpath $source $interface'\n");
system ("$blockpath $source $interface");
$hash{$source} = time() + $TimeLimit;
} else {
# We have already blocked this one, but snort detected another attack. So
# we should update the time blocked..
$hash{$source} = time() + $TimeLimit;
}
}
sub build_ignore_hash {
# This would cause is to ignore all broadcasts if it
# got set.. However if unset, then the attacker could spoof the packet to make
# it look like it came from the network, and a reply to the spoofed packet
# could be seen if the attacker were on the local network.
# $ignore{$networkaddr}=1;
# same thing as above, just with the broadcast instead of the network.
# $ignore{$broadcastaddr}=1;
my $count =0;
$ignore{$gatewayaddr}=1;
$ignore{$hostipaddr}=1;
if ($ignorefile ne "") {
open (IGNORE, $ignorefile);
while (<IGNORE>) {
$_=~ s/\s+$//;
chomp;
next if (/\#/); #skip comments
next if (/^\s*$/); # and blank lines
$ignore{$_}=1;
$count++;
}
close (IGNORE);
&write_log("Loaded $count addresses from $ignorefile\n");
} else {
&write_log("No ignore file was loaded!\n");
}
}
sub load_conf {
if ($opt_c eq "") {
$opt_c = "/etc/guardian.conf";
}
if (! -e $opt_c) {
die "Need a configuration file.. please use to the -c option to name a configuration file\n";
}
open (CONF, $opt_c) or die "Cannot read the config file $opt_c, $!\n";
while (<CONF>) {
chop;
next if (/^\s*$/); #skip blank lines
next if (/^#/); # skip comment lines
if (/LogFile\s+(.*)/) {
$logfile = $1;
}
if (/Interface\s+(.*)/) {
$interface = $1;
if ( $interface eq "" ) {
$interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`;
}
}
if (/AlertFile\s+(.*)/) {
$alert_file = $1;
}
if (/IgnoreFile\s+(.*)/) {
$ignorefile = $1;
}
if (/TargetFile\s+(.*)/) {
$targetfile = $1;
}
if (/TimeLimit\s+(.*)/) {
$TimeLimit = $1;
}
if (/HostIpAddr\s+(.*)/) {
$hostipaddr = $1;
}
if (/HostGatewayByte\s+(.*)/) {
$hostgatewaybyte = $1;
}
}
if ($alert_file eq "") {
print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n";
$alert_file="/var/log/snort.alert";
}
if ($hostipaddr eq "") {
print "Warning! HostIpAddr is undefined! Attempting to guess..\n";
$hostipaddr = `cat /var/ipfire/red/local-ipaddress`;
print "Got it.. your HostIpAddr is $hostipaddr\n";
}
if ($ignorefile eq "") {
print "Warning! IgnoreFile is undefined.. going with default ignore list (hostname and gateway)!\n";
}
if ($hostgatewaybyte eq "") {
print "Warning! HostGatewayByte is undefined.. gateway will not be in ignore list!\n";
}
if ($logfile eq "") {
print "Warning! LogFile is undefined.. Assuming debug mode, output to STDOUT\n";
$opt_d = 1;
}
if (! -w $logfile) {
print "Warning! Logfile is not writeable! Engaging debug mode, output to STDOUT\n";
$opt_d = 1;
}
foreach $mypath (split (/:/, $ENV{PATH})) {
if (-x "$mypath/guardian_block.sh") {
$blockpath = "$mypath/guardian_block.sh";
}
if (-x "$mypath/guardian_unblock.sh") {
$unblockpath = "$mypath/guardian_unblock.sh";
}
}
if ($blockpath eq "") {
print "Error! Could not find guardian_block.sh. Please consult the README. \n";
exit;
}
if ($unblockpath eq "") {
print "Warning! Could not find guardian_unblock.sh. Guardian will not be\n";
print "able to remove blocked ip addresses. Please consult the README file\n";
}
if ($TimeLimit eq "") {
print "Warning! Time limit not defined. Defaulting to absurdly long time limit\n";
$TimeLimit = 999999999;
}
}
sub write_log {
my $message = $_[0];
my $date = localtime();
if (defined($opt_d)) { # we are in debug mode, and not daemonized
print STDOUT $message;
} else {
open (LOG, ">>$logfile");
print LOG $date.": ".$message;
close (LOG);
}
}
sub daemonize {
my ($home);
if (fork()) {
# parent
exit(0);
} else {
# child
&write_log ("Guardian process id $$\n");
$home = (getpwuid($>))[7] || die "No home directory!\n";
chdir($home); # go to my homedir
setpgrp(0,0); # become process leader
close(STDOUT);
close(STDIN);
close(STDERR);
print "Testing...\n";
}
}
sub sig_handler_setup {
$SIG{INT} = \&clean_up_and_exit; # kill -2
$SIG{TERM} = \&clean_up_and_exit; # kill -9
$SIG{QUIT} = \&clean_up_and_exit; # kill -3
# $SIG{HUP} = \&flush_and_reload; # kill -1
}
sub remove_blocks {
my $source;
my $time = time();
foreach $source (keys %hash) {
if ($hash{$source} < $time) {
&call_unblock ($source, "expiring block of $source\n");
delete ($hash{$source});
}
}
}
sub call_unblock {
my ($source, $message) = @_;
&write_log ("$message");
system ("$unblockpath $source $interface");
}
sub clean_up_and_exit {
my $source;
&write_log ("received kill sig.. shutting down\n");
foreach $source (keys %hash) {
&call_unblock ($source, "removing $source for shutdown\n");
}
exit;
}
sub load_targetfile {
my $count = 0;
open (TARG, "$targetfile") or die "Cannot open $targetfile\n";
while (<TARG>) {
chop;
next if (/\#/); #skip comments
next if (/^\s*$/); # and blank lines
$targethash{$_}=1;
$count++;
}
close (TARG);
print "Loaded $count addresses from $targetfile\n";
}
sub get_aliases {
my $ip;
print "Scanning for aliases on $interface and add them to the target hash...";
open (IFCONFIG, "/sbin/ip addr show $interface |");
my @lines = <IFCONFIG>;
close(IFCONFIG);
foreach $line (@lines) {
if ( $line =~ /inet (\d+\.\d+\.\d+\.\d+)/) {
$ip = $1;
print " got $ip on $interface ... ";
$targethash{'$ip'} = "1";
}
}
print "done \n";
}

12
config/guardian/guardian_block.sh
View File

@@ -1,12 +0,0 @@
#!/bin/sh
# this is a sample block script for guardian. This should work with ipchains.
# This command gets called by guardian as such:
# guardian_block.sh <source_ip> <interface>
# and the script will issue a command to block all traffic from that source ip
# address. The logic of weither or not it is safe to block that address is
# done inside guardian itself.
source=$1
interface=$2
/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP

10
config/guardian/guardian_unblock.sh
View File

@@ -1,10 +0,0 @@
#!/bin/sh
# this is a sample unblock script for guardian. This should work with ipchains.
# This command gets called by guardian as such:
# unblock.sh <source_ip> <interface>
# and the script will issue a command to remove the block that was created with # block.sh address.
source=$1
interface=$2
/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP

6
config/menu/EX-guardian.menu Normal file
View File

@@ -0,0 +1,6 @@
$subservices->{'65.guardian'} = {
'caption' => $Lang::tr{'guardian'},
'uri' => '/cgi-bin/guardian.cgi',
'title' => "$Lang::tr{'guardian'}",
'enabled' => '1',
};

2
config/rootfiles/common/armv5tel/initscripts
View File

@@ -36,6 +36,7 @@ etc/rc.d/init.d/firstsetup
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
@@ -92,6 +93,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn

1
config/rootfiles/common/configroot
View File

@@ -110,6 +110,7 @@ var/ipfire/menu.d/70-log.menu
#var/ipfire/menu.d/EX-apcupsd.menu
#var/ipfire/menu.d/EX-asterisk.menu
#var/ipfire/menu.d/EX-bluetooth.menu
#var/ipfire/menu.d/EX-guardian.menu
#var/ipfire/menu.d/EX-imspector.menu
#var/ipfire/menu.d/EX-mpfire.menu
#var/ipfire/menu.d/EX-samba.menu

2
config/rootfiles/common/i586/initscripts
View File

@@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
@@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn

1
config/rootfiles/common/web-user-interface
View File

@@ -23,6 +23,7 @@ srv/web/ipfire/cgi-bin/fireinfo.cgi
srv/web/ipfire/cgi-bin/firewall.cgi
srv/web/ipfire/cgi-bin/fwhosts.cgi
srv/web/ipfire/cgi-bin/geoip-block.cgi
#srv/web/ipfire/cgi-bin/guardian.cgi
srv/web/ipfire/cgi-bin/gpl.cgi
srv/web/ipfire/cgi-bin/gui.cgi
srv/web/ipfire/cgi-bin/hardwaregraphs.cgi

2
config/rootfiles/common/x86_64/initscripts
View File

@@ -37,6 +37,7 @@ etc/rc.d/init.d/firstsetup
etc/rc.d/init.d/fsresize
etc/rc.d/init.d/functions
#etc/rc.d/init.d/gnump3d
#etc/rc.d/init.d/guardian
etc/rc.d/init.d/halt
#etc/rc.d/init.d/haproxy
#etc/rc.d/init.d/hostapd
@@ -94,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/init.d/networking/red.up/40-ipac
etc/rc.d/init.d/networking/red.up/50-ipsec
etc/rc.d/init.d/networking/red.up/50-ovpn

3
config/rootfiles/core/104/filelists/files
View File

@@ -2,9 +2,12 @@ etc/system-release
etc/issue
etc/collectd.conf
etc/httpd/conf/global.conf
etc/rc.d/init.d/snort
opt/pakfire/lib/functions.sh
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/proxy.cgi
srv/web/ipfire/cgi-bin/logs.cgi/log.dat
srv/web/ipfire/html/themes/ipfire/include/functions.pl
srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js
var/ipfire/langs
var/ipfire/updatexlrator/bin/download

25
config/rootfiles/packages/guardian
View File

@@ -1,8 +1,23 @@
usr/local/bin/guardian.pl
usr/local/bin/guardian_block.sh
usr/local/bin/guardian_unblock.sh
etc/logrotate.d/guardian
etc/rc.d/init.d/guardian
etc/rc.d/init.d/networking/red.up/35-guardian
etc/rc.d/rc0.d/K76guardian
etc/rc.d/rc3.d/S45guardian
etc/rc.d/rc6.d/K76guardian
srv/web/ipfire/cgi-bin/guardian.cgi
usr/bin/guardianctrl
#usr/lib/perl5/site_perl/5.12.3/Guardian
usr/lib/perl5/site_perl/5.12.3/Guardian/Base.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Config.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Daemon.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Events.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/IPtables.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Logger.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Parser.pm
usr/lib/perl5/site_perl/5.12.3/Guardian/Socket.pm
usr/sbin/guardian
var/ipfire/backup/addons/includes/guardian
var/ipfire/guardian
var/ipfire/guardian/guardian.conf
var/ipfire/guardian/guardian.ignore
var/ipfire/menu.d/EX-guardian.menu
var/log/guardian
var/log/guardian/guardian.log

6
config/rootfiles/packages/perl-Net-IP Normal file
View File

@@ -0,0 +1,6 @@
#usr/bin/ipcount
#usr/bin/iptab
usr/lib/perl5/site_perl/5.12.3/Net/IP.pm
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP/.packlist
#usr/share/man/man3/Net::IP.3

7
config/rootfiles/packages/perl-common-sense Normal file
View File

@@ -0,0 +1,7 @@
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense/.packlist
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pm
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pod
#usr/share/man/man3/common::sense.3

8
config/rootfiles/packages/perl-inotify2 Normal file
View File

@@ -0,0 +1,8 @@
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux/Inotify2.pm
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/.packlist
#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.bs
usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.so
#usr/share/man/man3/Linux::Inotify2.3

1129
html/cgi-bin/guardian.cgi Normal file
View File

File diff suppressed because it is too large Load Diff

71
html/cgi-bin/ids.cgi
View File

@@ -55,16 +55,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off';
$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
$snortsettings{'ENABLE_GUARDIAN'} = 'off';
$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`;
$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1';
$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log';
$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert';
$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore';
$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target';
$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400';
$snortsettings{'ACTION'} = '';
$snortsettings{'ACTION2'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
$snortsettings{'INSTALLDATE'} = '';
@@ -311,39 +302,11 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e
} else {
unlink "${General::swroot}/snort/enable_preprocessor_http_inspect";
}
if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
{
system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
} else {
unlink "${General::swroot}/guardian/enable";
}
system('/usr/local/bin/snortctrl restart >/dev/null');
} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){
foreach my $key (keys %snortsettings){
if ( $key !~ /^GUARDIAN/ ){
delete $snortsettings{$key};
}
}
&General::writehashpart("${General::swroot}/snort/settings", \%snortsettings);
open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}";
print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'};
close(IGNOREFILE);
open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf";
print GUARDIAN <<END
Interface $snortsettings{'GUARDIAN_INTERFACE'}
HostGatewayByte $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'}
LogFile $snortsettings{'GUARDIAN_LOGFILE'}
AlertFile $snortsettings{'GUARDIAN_ALERTFILE'}
IgnoreFile $snortsettings{'GUARDIAN_IGNOREFILE'}
TargetFile $snortsettings{'GUARDIAN_TARGETFILE'}
TimeLimit $snortsettings{'GUARDIAN_TIMELIMIT'}
END
;
close(GUARDIAN);
system('/usr/local/bin/snortctrl restart >/dev/null');
}
# INSTALLMD5 is not in the form, so not retrieved by getcgihash
&General::readhash("${General::swroot}/snort/settings", \%snortsettings);
@@ -400,9 +363,6 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
$checked{'ENABLE_GUARDIAN'}{'off'} = '';
$checked{'ENABLE_GUARDIAN'}{'on'} = '';
$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'emerging'} = '';
@@ -504,9 +464,6 @@ if ($netsettings{'ORANGE_DEV'} ne '') {
print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
}
print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
if ( -e "/var/ipfire/guardian/guardian.conf" ) {
print "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type='checkbox' name='ENABLE_GUARDIAN' $checked{'ENABLE_GUARDIAN'}{'on'} /> Guardian";
}
print <<END
</td></tr>
@@ -564,32 +521,6 @@ if ($results ne '') {
&Header::closebox();
####################### Added for guardian control ####################################
if ( -e "/var/ipfire/guardian/guardian.conf" ) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
<tr><td align='left' width='40%'>$Lang::tr{'guardian interface'}</td><td align='left'><input type='text' name='GUARDIAN_INTERFACE' value='$snortsettings{'GUARDIAN_INTERFACE'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'guardian timelimit'}</td><td align='left'><input type='text' name='GUARDIAN_TIMELIMIT' value='$snortsettings{'GUARDIAN_TIMELIMIT'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'guardian logfile'}</td><td align='left'><input type='text' name='GUARDIAN_LOGFILE' value='$snortsettings{'GUARDIAN_LOGFILE'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'guardian alertfile'}</td><td align='left'><input type='text' name='GUARDIAN_ALERTFILE' value='$snortsettings{'GUARDIAN_ALERTFILE'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'guardian ignorefile'}</td><td align='left'><textarea name='GUARDIAN_IGNOREFILE_CONTENT' cols='32' rows='6' wrap='off'>
END
;
print `cat /var/ipfire/guardian/guardian.ignore`;
print <<END
</textarea></td></tr>
<tr><td align='right' colspan='2'><input type='hidden' name='ACTION2' value='guardian' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td></tr>
</table>
</form>
END
;
&Header::closebox();
}
####################### Added for snort rules control #################################
if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'});

6
html/cgi-bin/logs.cgi/log.dat
View File

@@ -67,7 +67,8 @@ my %sections = (
'pakfire' => '(pakfire:) ',
'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:) ',
'squid' => '(squid\[.*\]: |squid: )',
'snort' => '(snort\[.*\]: )'
'snort' => '(snort\[.*\]: )',
'guardian' => '(guardian\[.*\]: )'
);
# Translations for the %sections array.
@@ -90,7 +91,8 @@ my %trsections = (
'pakfire' => 'Pakfire',
'wireless' => 'Wireless',
'squid' => "$Lang::tr{'web proxy'}",
'snort' => "$Lang::tr{'intrusion detection'}"
'snort' => "$Lang::tr{'intrusion detection'}",
'guardian' => "$Lang::tr{'guardian'}"
);

26
langs/de/cgi-bin/de.pl
View File

@@ -1217,12 +1217,30 @@
'green interface' => 'Grünes Interface',
'grouptype' => 'Gruppentyp:',
'guaranteed bandwith' => 'Garantierte Bandbreite',
'guardian alertfile' => 'Alertfile',
'guardian' => 'Guardian',
'guardian block a host' => 'Host blocken',
'guardian blocked hosts' => 'Aktuell geblockte Hosts',
'guardian blockcount' => 'Block-count',
'guardian blocktime' => 'Blockzeit',
'guardian blocking of this address is not allowed' => 'Diese Addresse darf nicht gelockt werden.',
'guardian configuration' => 'Guardian Konfiguration',
'guardian ignorefile' => 'Ignorefile',
'guardian interface' => 'Interface',
'guardian common settings' => 'Allgemeine Einstellungen',
'guardian daemon' => 'Daemon',
'guardian enabled' => 'Guardian aktivieren',
'guardian empty input' => 'Fehlende Angabe: Bitte eine gültige IP-Addresse oder Netzwerk angeben.',
'guardian firewallaction' => 'Firewall-Aktion',
'guardian ignored hosts' => 'Ignorierte Hosts',
'guardian invalid address or subnet' => 'Ungültige Host-Addresse oder Netzwerk.',
'guardian logfacility' => 'Logziel',
'guardian logfile' => 'Logfile',
'guardian timelimit' => 'Timelimit',
'guardian loglevel' => 'Loglevel',
'guardian no entries' => 'Keine Einträge vorhanden.',
'guardian priority level' => 'Prioritätslevel',
'guardian service' => 'Guardian Dienst',
'guardian watch snort alertfile' => 'Snort alertfile auswerten',
'guardian block ssh brute-force' => 'SSH Brute-force-erkennung',
'guardian block httpd brute-force' => 'HTTPD Brute-force-erkennung',
'guardian block owncloud brute-force' => 'Owncloud Brute-force-erkennung',
'guest ok' => 'Gastzugang gewähren',
'gui settings' => 'Benutzeroberfläche',
'gz with key' => 'Nur ein verschlüsseltes Archiv kann auf dieser Maschine wiederhergestellt werden.',

30
langs/en/cgi-bin/en.pl
View File

@@ -1246,12 +1246,32 @@
'green interface' => 'Green Interface',
'grouptype' => 'Grouptype:',
'guaranteed bandwith' => 'Guaranteed bandwith',
'guardian alertfile' => 'Alertfile',
'guardian' => 'Guardian',
'guardian block a host' => 'Block host',
'guardian blocked hosts' => 'Currently blocked hosts',
'guardian blockcount' => 'Block count',
'guardian blocktime' => 'Block time',
'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.',
'guardian configuration' => 'Guardian Configuration',
'guardian ignorefile' => 'Ignorefile',
'guardian interface' => 'Interface',
'guardian logfile' => 'Logfile',
'guardian timelimit' => 'Timelimit',
'guardian common settings' => 'Common settings',
'guardian daemon' => 'Daemon',
'guardian enabled' => 'Enable guardian',
'guardian empty input' => 'Empty input: Please perform a valid host address or subnet.',
'guardian firewallaction' => 'Firewall action',
'guardian ignored hosts' => 'Ignored Hosts',
'guardian invalid address or subnet' => 'Invalid host address or subnet.',
'guardian logfacility' => 'Log facility',
'guardian logfile' => 'Log file',
'guardian loglevel' => 'Log level',
'guardian no entries' => 'No entries at the moment.',
'guardian not running no hosts can be blocked' => 'Guardian is not running. No hosts will be blocked.',
'guardian priority level' => 'Priority level',
'guardian service' => 'Guardian Service',
'guardian snort alertfile' => 'Alertfile from Snort',
'guardian watch snort alertfile' => 'Monitor Snort alertfile',
'guardian block ssh brute-force' => 'SSH Brute-force detection',
'guardian block httpd brute-force' => 'HTTPD Brute-force detection',
'guardian block owncloud brute-force' => 'Owncloud Brute-force detection',
'guest ok' => 'allow guests to access',
'gui settings' => 'GUI Settings',
'gz with key' => 'Only an encrypted archive can be restored on this machine.',

77
lfs/guardian
View File

@@ -24,46 +24,89 @@
include Config
VER = ipfire
VER = 2.0
THISAPP = guardian-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = guardian
PAK_VER = 9
DEPS = ""
PROG = guardian
PAK_VER = 10
DEPS = "perl-inotify2 perl-Net-IP"
###############################################################################
# Top-level Rules
###############################################################################
objects =
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 15be3b14a70e21502368deca74903f5c
install : $(TARGET)
check :
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 :
md5 : $(subst %,%_MD5,$(objects))
dist:
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
-mkdir -p /var/ipfire/guardian /var/log/guardian
touch /var/log/guardian/guardian.log
touch /var/ipfire/guardian/guardian.ignore
install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/
install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/
install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/
install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE)
# Adjust path for firewall binaries.
cd $(DIR_APP) && sed -i "s|/usr/sbin/|/sbin/|g" modules/IPtables.pm
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
# Create config directory and create files.
-mkdir -pv /var/ipfire/guardian
chown nobody.nobody /var/ipfire/guardian
chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore}
# Create directory and file for logging.
-mkdir -pv /var/log/guardian
touch /var/log/guardian/guardian.log
# Create symlinks for runlevel interaction.
ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc3.d/S45guardian
ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc0.d/K76guardian
ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc6.d/K76guardian
# Install include file for backup.
install -v -m 644 $(DIR_SRC)/config/backup/includes/guardian \
/var/ipfire/backup/addons/includes/guardian
# Logrotate.
-mkdir -pv /etc/logrotate.d
install -v -m 644 $(DIR_SRC)/config/guardian/guardian.logrotate \
/etc/logrotate.d/guardian
@rm -rf $(DIR_APP)
@$(POSTBUILD)

83
lfs/perl-Net-IP Normal file
View File

@@ -0,0 +1,83 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.26
THISAPP = Net-IP-$(VER)
DL_FILE = ${THISAPP}.tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = perl-Net-IP
DEPS = ""
PAK_VER = 1
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 3a98e3ac45d69ea38a63a7e678bd716d
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && perl Makefile.PL
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

83
lfs/perl-common-sense Normal file
View File

@@ -0,0 +1,83 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2011 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 3.74
THISAPP = common-sense-$(VER)
DL_FILE = ${THISAPP}.tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = perl-common-sense
DEPS = ""
PAK_VER = 1
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 35b273147200c4c95eef7816f83e572d
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && perl Makefile.PL
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

85
lfs/perl-inotify2 Normal file
View File

@@ -0,0 +1,85 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 1.22
THISAPP = Linux-Inotify2-$(VER)
DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = perl-inotify2
DEPS = "perl-common-sense"
PAK_VER = 1
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = bc0a86f04476f9e0aaab026b8081f097
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && perl Makefile.PL
cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)

3
make.sh
View File

@@ -870,6 +870,9 @@ buildipfire() {
ipfiremake libyajl
ipfiremake libvirt
ipfiremake freeradius
ipfiremake perl-common-sense
ipfiremake perl-inotify2
ipfiremake perl-Net-IP
}
buildinstaller() {

56
src/initscripts/init.d/guardian Executable file
View File

@@ -0,0 +1,56 @@
#!/bin/sh
########################################################################
# Begin $rc_base/init.d/guardian
#
# Description : Guardian Initscript
#
# Authors : Kim Wölfel for ipfire.org
#
# Version : 01.00
#
# Notes :
#
########################################################################
. /etc/sysconfig/rc
. ${rc_functions}
eval $(/usr/local/bin/readhash /var/ipfire/guardian/settings)
function guardian_is_enabled() {
[ "${GUARDIAN_ENABLED}" = "on" ]
}
case "$1" in
start)
guardian_is_enabled || exit 0
boot_mesg "Starting Guardian..."
loadproc /usr/sbin/guardian -c /var/ipfire/guardian/guardian.conf
;;
stop)
if ([ -f /run/guardian/guardian.pid ]); then
boot_mesg "Stopping Guardian..."
kill $(cat /run/guardian/guardian.pid)
sleep 1;
fi
;;
status)
statusproc /usr/sbin/guardian
;;
restart)
$0 stop
sleep 2
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/guardian

3
src/initscripts/init.d/networking/red.up/35-guardian Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
exec /usr/bin/guardianctrl reload-ignore-list 2&>/dev/null

20
src/initscripts/init.d/snort
View File

@@ -94,19 +94,8 @@ case "$1" in
sleep 1
chmod 644 /var/run/snort_$DEVICE.pid
done
if [ -r /var/ipfire/guardian/enable ]; then
IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
sed -e "s/^Interface.*/Interface ${IFACE}/" /var/ipfire/guardian/guardian.conf > temp
mv temp /var/ipfire/guardian/guardian.conf
chown nobody.root /var/ipfire/guardian/guardian.conf
boot_mesg "Starting Guardian..."
loadproc /usr/local/bin/guardian.pl -c /var/ipfire/guardian/guardian.conf
fi
;;
;;
stop)
DEVICES=""
if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
@@ -132,11 +121,6 @@ case "$1" in
done
rm /var/run/snort_* >/dev/null 2>/dev/null
if ([ -r /var/ipfire/guardian/enable ] || [ ! -z $(pidofproc /usr/local/bin/guardian.pl) ]); then
boot_mesg "Stopping Guardian..."
killproc /usr/local/bin/guardian.pl
fi
# Don't report returncode of rm if snort was not started
exit 0