Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2767 → Rev 2768

/alcasar.sh
1379,6 → 1379,7
$SED "s?^# SERVERNUMBER.*?SERVERNUMBER 10?g" /etc/havp/havp.config # 10 daemons are started simultaneously
$SED "s?^# SCANIMAGES.*?SCANIMAGES false?g" /etc/havp/havp.config # doesn't scan image files
$SED "s?^# SKIPMIME.*?SKIPMIME image\/\* video\/\* audio\/\*?g" /etc/havp/havp.config # doesn't scan some multimedia files
$SED "s?^# SCANTEMPFILE.*?SCANTEMPFILE /var/tmp/havp/havp-XXXXXX?g" /etc/havp/havp.config # Use our special tmp FS (memfs)
# skip checking of youtube flow (too heavy load / risk too low)
[ -e /etc/havp/whitelist.default ] || cp /etc/havp/whitelist /etc/havp/whitelist.default
echo "# Whitelist youtube flow" >> /etc/havp/whitelist
1386,10 → 1387,8
# adapt init script and systemd unit
[ -e /etc/init.d/havp.default ] || cp /etc/init.d/havp /etc/init.d/havp.default
cp -f $DIR_CONF/havp-init /etc/init.d/havp
[ -e /lib/systemd/system/havp.service.default ] || cp /lib/systemd/system/havp.service /lib/systemd/system/havp.service.default
$SED "/^PIDFile/i ExecStartPre=/bin/mkdir -p /var/run/havp" /lib/systemd/system/havp.service
$SED "/^PIDFile/i ExecStartPre=/bin/chown -R havp:havp /var/run/havp /var/log/havp" /lib/systemd/system/havp.service
# replace of the intercept page (template)
cp -f $DIR_CONF/havp.service /lib/systemd/system/
# replace of the intercept page (template)
cp -f $DIR_CONF/virus-fr.html /etc/havp/templates/fr/virus.html
cp -f $DIR_CONF/virus-en.html /etc/havp/templates/en/virus.html
# update virus database every 4 hours (24h/6)
/conf/havp.service
0,0 → 1,25
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This unit launches HAVP
[Unit]
Description=HAVP
After=network.target
 
[Service]
RemainAfterExit=yes
ExecStartPre=/bin/mkdir -p /var/run/havp
ExecStartPre=/bin/chown -R havp:havp /var/run/havp /var/log/havp
ExecStartPre=/bin/mkdir -p /var/run/havp
ExecStartPre=/bin/chown -R havp:havp /var/run/havp /var/log/havp
PIDFile=/var/run/havp/havp.pid
ExecStart=/etc/init.d/havp start
ExecStop=/etc/init.d/havp stop
ExecReload=/etc/init.d/havp restart
 
[Install]
WantedBy=multi-user.target
/rpms/ipt-netflow-master-11-2019.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/coova-chilli-1.4.tar.gz
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/havp-0.93-1.0.spec
0,0 → 1,115
Summary: HTTP anti-virus proxy filter
Name: havp
Version: 0.93
Release: 1%{?dist}
License: GPLv2
Group: Security
URL: https://sourceforge.net/projects/havp/
Source: %{name}-%{version}.tar.gz
Patch1: havp-init.diff
Packager: Richard REY (Rexy)
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: clamav-devel
 
%description
HAVP (HTTP AntiVirus proxy) is a proxy with an anti-virus filter.
It does not cache or filter content. At the moment the complete
traffic is scanned. The reason for this is the chance of malicious
code in nearly every filetype e.g. HTML (JavaScript) or Jpeg.
 
I aim to stop especially dialer or browser exploits. But writing
a http Anti Virus Proxy is a real dilemma! Huge downloads are
a problem for virus scanning proxies. A Client should not receive
data which is unchecked by the virus scanner, but big downloads
should not timeout.
 
%prep
%setup
%patch1 -p0
%build
%configure
%make
 
%install
rm -rf %{buildroot}
install -d %{buildroot}%{_initrddir}
cp /etc/init.d/havp %{buildroot}%{_initrddir}/havp
install -d %{buildroot}%{_localstatedir}/run/havp/
install -d %{buildroot}%{_localstatedir}/log/havp/
%makeinstall
 
%pre
if ! /usr/bin/id havp &>/dev/null; then
/usr/sbin/useradd -r -d %{_localstatedir}/log/havp -s /bin/sh -c "havp" havp || \
%logmsg "Unexpected error adding user \"havp\". Aborting installation."
fi
 
%post
/usr/bin/systemctl -q enable havp.service
 
%preun
if [ $1 -eq 0 ]; then
/usr/bin/systemctl stop havp.service
/usr/bin/systemctl -q disable havp.service
fi
 
%postun
if [ $1 -eq 0 ]; then
/usr/sbin/userdel havp || %logmsg "User \"havp\" could not be deleted."
fi
 
%files
%defattr(-, root, root, 0755)
%doc ChangeLog COPYING INSTALL update-conf
%config %{_sysconfdir}/havp/
%config %{_initrddir}/havp
%{_sbindir}/havp
 
%defattr(-, havp, havp, 0755)
%{_localstatedir}/log/havp/
%{_localstatedir}/run/havp/
 
%changelog
* Sat Nov 23 2019 Rexy for ALCASAR project
- Rebuild 0.93 for MGA7
 
* Sun Apr 3 2016 Rexy for ALCASAR project
- Rebuild 0.92a.1 for Mga5
 
* Thu Jul 07 2014 jb <jeanbaptiste.couprit@gmail.com> - 0.92-1.1
- Created .spec file to build rpms for Mageia4 (x86_64 & i586).
- Created two rpms : havp-0.92a-1-1.mga4.x86_64.rpm & havp-0.92a-1-1.mga4.i586.rpm with Libclamav patch (OpenSSL)
 
* Tue Apr 30 2013 Crox <ptitois@gmail.com> - 0.92-1.1
- Created .spec file to build rpms for Mageia2 (x86_64 & i586).
 
* Sun Nov 21 2010 Rexy <richard@rexy.fr> - 0.92-1
- Updated to release 0.92a.
 
* Sun May 9 2010 Rexy <richard@irexy.fr> - 0.91-1
- Updated to release 0.91.
 
* Tue Apr 7 2009 Dries Verachtert <dries@ulyssis.org> - 0.90-1
- Updated to release 0.90.
 
* Wed Aug 13 2008 Dries Verachtert <dries@ulyssis.org> - 0.89-1
- Updated to release 0.89.
 
* Sun Apr 20 2008 Dries Verachtert <dries@ulyssis.org> - 0.88-1
- Updated to release 0.88.
 
* Mon Jul 23 2007 Dries Verachtert <dries@ulyssis.org> - 0.86-1
- Updated to release 0.86.
 
* Tue Aug 22 2006 Dag Wieers <dag@wieers.com> - 0.7.9-1
- Cosmetic changes.
 
* Wed May 31 2006 Bernard 'Tux' Lheureux <tux at portalinux dot org> 0.7.9-2
- Corrected the specfile to make it installable on CentOS 4.x
- Created and applied some patches to make it chkconfig compatible
- Created and applied a patch to make config reflect the correct location of the files
 
* Tue May 30 2006 Jim Perrin <jperrin at gmail dot com> 0.7.9-1
- Initial build for CentOS,
- Specfile generation... still some work to do...
 
/rpms/havp-init.diff
8,7 → 8,7
+# description: starts HAVP the High Availability Antivirus Proxy
+#
-HAVP_BIN=/usr/local/bin/havp
-HAVP_BIN=/usr/local/sbin/havp
-HAVP_CONFIG=/usr/local/etc/havp/havp.config
+HAVP_BIN=/usr/sbin/havp
+HAVP_CONFIG=/etc/havp/havp.config
/rpms/x86_64/havp-0.92a-1.mga5.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Deleted: svn:mime-type
-application/octet-stream
\ No newline at end of property
/rpms/x86_64/gammu-1.41.0-1.mga7.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/rpms/x86_64/havp-0.93-1.mga7.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/rpms/x86_64/lib64gammu8-1.41.0-1.mga7.x86_64.rpm
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Property changes:
Added: svn:mime-type
+application/octet-stream
\ No newline at end of property
/scripts/alcasar-uninstall.sh
124,7 → 124,7
[ -e /etc/havp/havp.config.default ] && mv /etc/havp/havp.config.default /etc/havp/havp.config && echo -n "1, "
userdel -r havp 2>/dev/null && echo -n "2, "
[ -e /etc/init.d/havp.default ] && mv /etc/init.d/havp.default /etc/init.d/havp && echo -n "3, "
[ -e /lib/systemd/system/havp.service.default ] && mv /lib/systemd/system/havp.service.default /lib/systemd/system/havp.service && echo -n "4, "
[ -e /lib/systemd/system/havp.service ] && rm /lib/systemd/system/havp.service && echo -n "4, "
[ -e /etc/freshclam.conf.default ] && mv /etc/freshclam.conf.default /etc/freshclam.conf && echo -n "5"
else echo -n "already uninstalled"
fi
/scripts/alcasar-urpmi.sh
223,13 → 223,16
# Save chilli launch script (erase with new rpm one)
[ -e /etc/chilli.conf ] && cp /etc/chilli.conf /tmp/
# Install home made RPMs
urpmi --no-verify --auto rpms/$ARCH/*.rpm
for pkg in `ls rpms/$ARCH/*.rpm`
do
urpmi --no-verify --auto $pkg
done
# restore chilli launch script
[ -e /tmp/chilli.conf ] && mv /tmp/chilli.conf /etc/
# Clean the RPM cache
urpmi --clean
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated)
/sbin/depmod -a
# the ipt-netflow RPM add the kernel module ipt_NETFLOW (the modules dependance tree need to be updated). "2>/dev/null" in order not to display a error (the running kernel is not the ALCASAR one during the installation process)
/sbin/depmod -a 2>/dev/null
# test if all needed rpms are correctly installed
count_pkg=0; nb_pkg=0;
for pkg in $PACKAGES
246,19 → 249,18
exit 1
fi
# test if all custom rpms are correctly installed
#count_pkg=0; nb_pkg=0;
#for pkg in `ls rpms/$ARCH/|tr -d .rpm`
#do
# nb_pkg=`expr $nb_pkg + 1`
# if rpm -q --quiet $pkg ; then
# count_pkg=`expr $count_pkg + 1`
# else
# echo "error installing $pkg"
# fi
#done
#if [ $count_pkg -ne $nb_pkg ]
#then
# exit 1
#fi
 
count_pkg=0; nb_pkg=0;
for pkg in `ls rpms/$ARCH/|sed 's/.x86_64.rpm//'`
do
nb_pkg=`expr $nb_pkg + 1`
if rpm -q --quiet $pkg ; then
count_pkg=`expr $count_pkg + 1`
else
echo "error installing $pkg"
fi
done
if [ $count_pkg -ne $nb_pkg ]
then
exit 1
fi
exit 0