diff options
Diffstat (limited to 'sentinel-fwlogs')
-rw-r--r-- | sentinel-fwlogs/Makefile | 69 | ||||
-rw-r--r-- | sentinel-fwlogs/files/defaults.sh | 2 | ||||
-rwxr-xr-x | sentinel-fwlogs/files/init | 25 | ||||
-rwxr-xr-x | sentinel-fwlogs/files/restart-proxy-hook.sh | 5 | ||||
-rwxr-xr-x | sentinel-fwlogs/files/sentinel-firewall.sh | 37 | ||||
-rwxr-xr-x | sentinel-fwlogs/files/uci-defaults | 19 |
6 files changed, 0 insertions, 157 deletions
diff --git a/sentinel-fwlogs/Makefile b/sentinel-fwlogs/Makefile deleted file mode 100644 index 32874a9..0000000 --- a/sentinel-fwlogs/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -# -## Copyright (C) 2020 CZ.NIC z.s.p.o. (https://www.nic.cz/) -# -## This is free software, licensed under the GNU General Public License v3. -# See /LICENSE for more information. -# # -# -include $(TOPDIR)/rules.mk - -PKG_NAME:=sentinel-fwlogs -PKG_VERSION:=0.0.1 -PKG_RELEASE:=4 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/fwlogs.git -#PKG_SOURCE_VERSION:=v$(PKG_VERSION) -PKG_SOURCE_VERSION:=2b4d3924d213696cb93d2e2690a84b947ff187df - -PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz> -PKG_LICENSE:=GPL-3.0-or-later -PKG_LICENSE_FILES:=LICENSE - -PKG_BUILD_DEPENDS:=argp-standalone - -PKG_INSTALL:=1 -PKG_FIXUP:=autoreconf - -include $(INCLUDE_DIR)/package.mk - -define Package/sentinel-fwlogs - SECTION:=collect - CATEGORY:=Collect - SUBMENU:=Sentinel - TITLE:=FWLogs - URL:=https://gitlab.nic.cz/turris/sentinel/fwlogs - DEPENDS:=\ - +czmq \ - +msgpack-c \ - +logc +logc-argp \ - +libnetfilter-log \ - +sentinel-firewall +iptables-mod-nflog \ - +sentinel-proxy - PROVIDES:=sentinel-nikola - CONFLICTS:=sentinel-nikola -endef - -define Package/sentinel-fwlogs/description - Collector of firewall logs using libnetfilter-log for Turris Sentinel. -endef - -define Package/sentinel-fwlogs/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel-fwlogs $(1)/usr/bin/sentinel-fwlogs - - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-fwlogs - - $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-fwlogs - - $(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d - $(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/60-fwlogs.sh - $(INSTALL_DATA) ./files/defaults.sh $(1)/usr/libexec/sentinel/fwlogs-defaults.sh - - $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d - $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/50_nikola.sh -endef - -$(eval $(call BuildPackage,sentinel-fwlogs)) diff --git a/sentinel-fwlogs/files/defaults.sh b/sentinel-fwlogs/files/defaults.sh deleted file mode 100644 index 78345b4..0000000 --- a/sentinel-fwlogs/files/defaults.sh +++ /dev/null @@ -1,2 +0,0 @@ -DEFAULT_NFLOG_GROUP="1914" -DEFAULT_NFLOG_THRESHOLD="32" diff --git a/sentinel-fwlogs/files/init b/sentinel-fwlogs/files/init deleted file mode 100755 index 955b333..0000000 --- a/sentinel-fwlogs/files/init +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh /etc/rc.common - -USE_PROCD=1 -START=99 -STOP=10 - - -start_service() { - source /lib/functions/sentinel.sh - source /usr/libexec/sentinel/fwlogs-defaults.sh - allowed_to_run "fwlogs" || return 1 - - config_load sentinel - local nflog_group nflog_threshold - config_get nflog_group fwlogs nflog_group "$DEFAULT_NFLOG_GROUP" - - procd_open_instance - procd_set_param command /usr/bin/sentinel-fwlogs - procd_append_param command --nflog-group="$nflog_group" - procd_set_param respawn 3600 5 5 - procd_set_param stdout 1 - procd_set_param stderr 1 - procd_set_param file /etc/config/sentinel - procd_close_instance -} diff --git a/sentinel-fwlogs/files/restart-proxy-hook.sh b/sentinel-fwlogs/files/restart-proxy-hook.sh deleted file mode 100755 index 938adf4..0000000 --- a/sentinel-fwlogs/files/restart-proxy-hook.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -# restart Sentinel:FWLogs service -/etc/init.d/sentinel-fwlogs restart -# Apply logging rules -/etc/init.d/firewall reload diff --git a/sentinel-fwlogs/files/sentinel-firewall.sh b/sentinel-fwlogs/files/sentinel-firewall.sh deleted file mode 100755 index e066b16..0000000 --- a/sentinel-fwlogs/files/sentinel-firewall.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -set -e -. "${0%/*}/common.sh" -. /lib/functions.sh -. /lib/functions/sentinel.sh -. /usr/libexec/sentinel/fwlogs-defaults.sh - -allowed_to_run "fwlogs" 2>/dev/null || return 0 - - -config_load "sentinel" -config_get nflog_group fwlogs nflog_group "$DEFAULT_NFLOG_GROUP" -config_get nflog_threshold fwlogs nflog_threshold "$DEFAULT_NFLOG_THRESHOLD" - - -fwlogs_logging() { - local config_section="$1" - local zone enabled - config_get zone "$config_section" "name" - config_get_bool enabled "$config_section" "sentinel_fwlogs" "0" - [ "$enabled" = "1" ] || return 0 - - report_operation "Logging of zone '$zone'" - for fate in DROP REJECT; do - local chain="zone_${zone}_src_${fate}" - iptables_chain_exists "$chain" || continue - report_info "$fate" - iptables -I "$chain" 1 \ - -m comment --comment "!sentinel: fwlogs" \ - -j NFLOG \ - --nflog-group "$nflog_group" \ - --nflog-threshold "$nflog_threshold" - done -} - -config_load "firewall" -config_foreach fwlogs_logging "zone" diff --git a/sentinel-fwlogs/files/uci-defaults b/sentinel-fwlogs/files/uci-defaults deleted file mode 100755 index c3c2644..0000000 --- a/sentinel-fwlogs/files/uci-defaults +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -set -e -. /lib/functions/sentinel-firewall.sh - -# fwlogs entry in sentinel config -if [ "$(uci -q get sentinel.fwlogs)" != "fwlogs" ]; then - uci -q batch <<EOT - delete sentinel.fwlogs - set sentinel.fwlogs='fwlogs' - commit sentinel.fwlogs -EOT -fi - - -# Enable for default interface -config_firewall_default_enable "sentinel_fwlogs" - -# Always reload firewall to use latest version of sentinel-firewall script -/etc/init.d/firewall reload |