summaryrefslogtreecommitdiff
path: root/sentinel-fwlogs
diff options
context:
space:
mode:
Diffstat (limited to 'sentinel-fwlogs')
-rw-r--r--sentinel-fwlogs/Makefile69
-rw-r--r--sentinel-fwlogs/files/defaults.sh2
-rwxr-xr-xsentinel-fwlogs/files/init25
-rwxr-xr-xsentinel-fwlogs/files/restart-proxy-hook.sh5
-rwxr-xr-xsentinel-fwlogs/files/sentinel-firewall.sh37
-rwxr-xr-xsentinel-fwlogs/files/uci-defaults19
6 files changed, 0 insertions, 157 deletions
diff --git a/sentinel-fwlogs/Makefile b/sentinel-fwlogs/Makefile
deleted file mode 100644
index 32874a9..0000000
--- a/sentinel-fwlogs/Makefile
+++ /dev/null
@@ -1,69 +0,0 @@
-#
-## Copyright (C) 2020 CZ.NIC z.s.p.o. (https://www.nic.cz/)
-#
-## This is free software, licensed under the GNU General Public License v3.
-# See /LICENSE for more information.
-# #
-#
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=sentinel-fwlogs
-PKG_VERSION:=0.0.1
-PKG_RELEASE:=4
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/fwlogs.git
-#PKG_SOURCE_VERSION:=v$(PKG_VERSION)
-PKG_SOURCE_VERSION:=2b4d3924d213696cb93d2e2690a84b947ff187df
-
-PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
-PKG_LICENSE:=GPL-3.0-or-later
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_BUILD_DEPENDS:=argp-standalone
-
-PKG_INSTALL:=1
-PKG_FIXUP:=autoreconf
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/sentinel-fwlogs
- SECTION:=collect
- CATEGORY:=Collect
- SUBMENU:=Sentinel
- TITLE:=FWLogs
- URL:=https://gitlab.nic.cz/turris/sentinel/fwlogs
- DEPENDS:=\
- +czmq \
- +msgpack-c \
- +logc +logc-argp \
- +libnetfilter-log \
- +sentinel-firewall +iptables-mod-nflog \
- +sentinel-proxy
- PROVIDES:=sentinel-nikola
- CONFLICTS:=sentinel-nikola
-endef
-
-define Package/sentinel-fwlogs/description
- Collector of firewall logs using libnetfilter-log for Turris Sentinel.
-endef
-
-define Package/sentinel-fwlogs/install
- $(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel-fwlogs $(1)/usr/bin/sentinel-fwlogs
-
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-fwlogs
-
- $(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-fwlogs
-
- $(INSTALL_DIR) $(1)/usr/libexec/sentinel/firewall.d
- $(INSTALL_BIN) ./files/sentinel-firewall.sh $(1)/usr/libexec/sentinel/firewall.d/60-fwlogs.sh
- $(INSTALL_DATA) ./files/defaults.sh $(1)/usr/libexec/sentinel/fwlogs-defaults.sh
-
- $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d
- $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/50_nikola.sh
-endef
-
-$(eval $(call BuildPackage,sentinel-fwlogs))
diff --git a/sentinel-fwlogs/files/defaults.sh b/sentinel-fwlogs/files/defaults.sh
deleted file mode 100644
index 78345b4..0000000
--- a/sentinel-fwlogs/files/defaults.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-DEFAULT_NFLOG_GROUP="1914"
-DEFAULT_NFLOG_THRESHOLD="32"
diff --git a/sentinel-fwlogs/files/init b/sentinel-fwlogs/files/init
deleted file mode 100755
index 955b333..0000000
--- a/sentinel-fwlogs/files/init
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-START=99
-STOP=10
-
-
-start_service() {
- source /lib/functions/sentinel.sh
- source /usr/libexec/sentinel/fwlogs-defaults.sh
- allowed_to_run "fwlogs" || return 1
-
- config_load sentinel
- local nflog_group nflog_threshold
- config_get nflog_group fwlogs nflog_group "$DEFAULT_NFLOG_GROUP"
-
- procd_open_instance
- procd_set_param command /usr/bin/sentinel-fwlogs
- procd_append_param command --nflog-group="$nflog_group"
- procd_set_param respawn 3600 5 5
- procd_set_param stdout 1
- procd_set_param stderr 1
- procd_set_param file /etc/config/sentinel
- procd_close_instance
-}
diff --git a/sentinel-fwlogs/files/restart-proxy-hook.sh b/sentinel-fwlogs/files/restart-proxy-hook.sh
deleted file mode 100755
index 938adf4..0000000
--- a/sentinel-fwlogs/files/restart-proxy-hook.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-# restart Sentinel:FWLogs service
-/etc/init.d/sentinel-fwlogs restart
-# Apply logging rules
-/etc/init.d/firewall reload
diff --git a/sentinel-fwlogs/files/sentinel-firewall.sh b/sentinel-fwlogs/files/sentinel-firewall.sh
deleted file mode 100755
index e066b16..0000000
--- a/sentinel-fwlogs/files/sentinel-firewall.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh
-set -e
-. "${0%/*}/common.sh"
-. /lib/functions.sh
-. /lib/functions/sentinel.sh
-. /usr/libexec/sentinel/fwlogs-defaults.sh
-
-allowed_to_run "fwlogs" 2>/dev/null || return 0
-
-
-config_load "sentinel"
-config_get nflog_group fwlogs nflog_group "$DEFAULT_NFLOG_GROUP"
-config_get nflog_threshold fwlogs nflog_threshold "$DEFAULT_NFLOG_THRESHOLD"
-
-
-fwlogs_logging() {
- local config_section="$1"
- local zone enabled
- config_get zone "$config_section" "name"
- config_get_bool enabled "$config_section" "sentinel_fwlogs" "0"
- [ "$enabled" = "1" ] || return 0
-
- report_operation "Logging of zone '$zone'"
- for fate in DROP REJECT; do
- local chain="zone_${zone}_src_${fate}"
- iptables_chain_exists "$chain" || continue
- report_info "$fate"
- iptables -I "$chain" 1 \
- -m comment --comment "!sentinel: fwlogs" \
- -j NFLOG \
- --nflog-group "$nflog_group" \
- --nflog-threshold "$nflog_threshold"
- done
-}
-
-config_load "firewall"
-config_foreach fwlogs_logging "zone"
diff --git a/sentinel-fwlogs/files/uci-defaults b/sentinel-fwlogs/files/uci-defaults
deleted file mode 100755
index c3c2644..0000000
--- a/sentinel-fwlogs/files/uci-defaults
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-set -e
-. /lib/functions/sentinel-firewall.sh
-
-# fwlogs entry in sentinel config
-if [ "$(uci -q get sentinel.fwlogs)" != "fwlogs" ]; then
- uci -q batch <<EOT
- delete sentinel.fwlogs
- set sentinel.fwlogs='fwlogs'
- commit sentinel.fwlogs
-EOT
-fi
-
-
-# Enable for default interface
-config_firewall_default_enable "sentinel_fwlogs"
-
-# Always reload firewall to use latest version of sentinel-firewall script
-/etc/init.d/firewall reload