From a02270531690c9dd076b8ea1e7badb9f332a4e00 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 2 Jul 2012 22:20:31 +0200 Subject: [PATCH 1/4] premier commit --- createlinks | 8 +++ .../db/configuration/defaults/clamrt/status | 1 + .../db/configuration/defaults/clamrt/type | 1 + .../e-smith/templates/etc/clamrt.list/00setup | 9 ++++ .../templates/etc/clamrt.list/10shares | 10 ++++ .../e-smith/templates/etc/clamrt.list/20ibays | 10 ++++ .../e-smith/templates/etc/clamrt.list/30tmp | 4 ++ root/var/service/clamrt/log/run | 6 +++ root/var/service/clamrt/run | 41 +++++++++++++++ smeserver-clamrt.spec | 52 +++++++++++++++++++ 10 files changed, 142 insertions(+) create mode 100644 createlinks create mode 100644 root/etc/e-smith/db/configuration/defaults/clamrt/status create mode 100644 root/etc/e-smith/db/configuration/defaults/clamrt/type create mode 100644 root/etc/e-smith/templates/etc/clamrt.list/00setup create mode 100644 root/etc/e-smith/templates/etc/clamrt.list/10shares create mode 100644 root/etc/e-smith/templates/etc/clamrt.list/20ibays create mode 100644 root/etc/e-smith/templates/etc/clamrt.list/30tmp create mode 100644 root/var/service/clamrt/log/run create mode 100644 root/var/service/clamrt/run create mode 100644 smeserver-clamrt.spec diff --git a/createlinks b/createlinks new file mode 100644 index 0000000..93209be --- /dev/null +++ b/createlinks @@ -0,0 +1,8 @@ +#!/usr/bin/perl -w + +use esmith::Build::CreateLinks qw(:all); + +foreach my $event (qw/bootstrap-console-save share-modify ibay-modify/){ + templates2events("/etc/clamrt.list", $event); + safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/clamrt"); +} diff --git a/root/etc/e-smith/db/configuration/defaults/clamrt/status b/root/etc/e-smith/db/configuration/defaults/clamrt/status new file mode 100644 index 0000000..86981e6 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamrt/status @@ -0,0 +1 @@ +enabled diff --git a/root/etc/e-smith/db/configuration/defaults/clamrt/type b/root/etc/e-smith/db/configuration/defaults/clamrt/type new file mode 100644 index 0000000..24e1098 --- /dev/null +++ b/root/etc/e-smith/db/configuration/defaults/clamrt/type @@ -0,0 +1 @@ +service diff --git a/root/etc/e-smith/templates/etc/clamrt.list/00setup b/root/etc/e-smith/templates/etc/clamrt.list/00setup new file mode 100644 index 0000000..affb737 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamrt.list/00setup @@ -0,0 +1,9 @@ +{ + +use esmith::AccountsDB; +my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsDB\n"; + +my @ibays = $a->ibays(); +my @shares = $a->get_all_by_prop(type=>'share'); + +} diff --git a/root/etc/e-smith/templates/etc/clamrt.list/10shares b/root/etc/e-smith/templates/etc/clamrt.list/10shares new file mode 100644 index 0000000..5da45c8 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamrt.list/10shares @@ -0,0 +1,10 @@ +{ + +foreach my $share (@shares){ + my $name = $share->key; + my $av = $share->prop('ClamRT') || 'disabled'; + next unless ($av eq 'enabled'); + $OUT .= "/home/e-smith/files/shares/$name/files\n"; +} + +} diff --git a/root/etc/e-smith/templates/etc/clamrt.list/20ibays b/root/etc/e-smith/templates/etc/clamrt.list/20ibays new file mode 100644 index 0000000..4d56142 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamrt.list/20ibays @@ -0,0 +1,10 @@ +{ + +foreach my $ibay (@ibays){ + my $name = $ibay->key; + my $av = $ibay->prop('ClamRT') || 'disabled'; + next unless ($av eq 'enabled'); + $OUT .= "/home/e-smith/files/ibays/$name\n"; +} + +} diff --git a/root/etc/e-smith/templates/etc/clamrt.list/30tmp b/root/etc/e-smith/templates/etc/clamrt.list/30tmp new file mode 100644 index 0000000..44acdf7 --- /dev/null +++ b/root/etc/e-smith/templates/etc/clamrt.list/30tmp @@ -0,0 +1,4 @@ +{ +# Just a dummy rep so there's always a rep to watch +} +/tmp diff --git a/root/var/service/clamrt/log/run b/root/var/service/clamrt/log/run new file mode 100644 index 0000000..44df54c --- /dev/null +++ b/root/var/service/clamrt/log/run @@ -0,0 +1,6 @@ +#!/bin/sh + +exec \ + /usr/local/bin/setuidgid smelog \ + /usr/local/bin/multilog t s5000000 \ + /var/log/clamrt diff --git a/root/var/service/clamrt/run b/root/var/service/clamrt/run new file mode 100644 index 0000000..f28ca5c --- /dev/null +++ b/root/var/service/clamrt/run @@ -0,0 +1,41 @@ +#!/bin/bash + +# Daniel Berteaud +# Inspired by Clam Temps Reel from Hackurx +# http://hackurx.wordpress.com +# Licence: GPL v3 + +exec 2>&1 + +CLAMD=$(/sbin/e-smith/db configuration getprop clamd status || \ + echo 'disabled') +if [ "$CLAMD" = "disabled" ]; then + sv d . + exit +fi + +MAIL=$(/sbin/e-smith/db configuration getprop clamrt SendEmail || \ + echo 'enabled') +MAIL_MSG=$(/sbin/e-smith/db configuration getprop clamrt EmailMessage || \ + echo 'A virus was found in ${!FILE}. This file has been moved to quarantine') +MAIL_SUBJ=$(/sbin/e-smith/db configuration getprop clamrt EmailSubject || \ + echo 'A virus was found') +MAIL_DEST=$(/sbin/e-smith/db configuration getprop clamrt EmailDest || \ + echo 'admin') +QUARANTINE=$(/sbin/e-smith/db configuration getprop clamav QuarantineDirectory || \ + echo '/var/spool/clamav/quarantine') + +/usr/bin/inotifywait -q -m -r -e create,modify,access --fromfile=/etc/clamrt.list \ + --timefmt %M --format '%w%f|%T|%e' | \ + perl -laF: -ne '$| = 1; print unless $_{$F[0]}++' | \ + sed --unbuffered 's/|.*//g' | + +while read FILE; do + echo "Scanning: $FILE" + [ -e "$FILE" ] && clamdscan --fdpass --quiet -m --move=$QUARANTINE "$FILE" + if [ "$?" == "1" ]; then + echo "Malware found: $FILE quarantined ($QUARANTINE/$(basename $FILE))" + [ "$MAIL" = "enabled" ] && echo $MAIL_MSG | mail -s "$MAIL_SUBJ" $MAIL_DEST + fi +done + diff --git a/smeserver-clamrt.spec b/smeserver-clamrt.spec new file mode 100644 index 0000000..16c9d5a --- /dev/null +++ b/smeserver-clamrt.spec @@ -0,0 +1,52 @@ +# Authority: VIP-ire +# Name: Daniel B. + +Summary: On access AV scanner +%define name smeserver-clamrt +Name: %{name} +%define version 0.0.1 +%define release 1.beta0 +Version: %{version} +Release: %{release}%{?dist} +License: GPL +Group: SMEServer/addon + +Source: %{name}-%{version}.tar.gz + +URL: http://www.firewall-services.com/ +BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot +BuildArchitectures: noarch +Requires: e-smith-base +Requires: smeserver-clamav +Requires: inotify-tools +BuildRequires: e-smith-devtools + +%description +Provides on access AV scan for shares and ibays + +%changelog + +%prep +%setup + +%build +perl createlinks +%{__mkdir_p} root/var/log/clamrt + +%install +/bin/rm -rf $RPM_BUILD_ROOT +(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) +/bin/rm -f %{name}-%{version}-filelist +/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ + --file /var/service/clamrt/run 'attr(0755,root,root)' \ + --file /var/service/clamrt/log/run 'attr(0755,root,root)' \ + --dir /var/log/clamrt 'attr(0750,smelog,smelog)' \ + > %{name}-%{version}-filelist +echo "%doc CHANGELOG.git" >> %{name}-%{version}-filelist + +%files -f %{name}-%{version}-filelist +%defattr(-,root,root) + +%clean +rm -rf $RPM_BUILD_ROOT + From 42a8ead6ea2151387ca5515e990a025271a661c2 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 2 Jul 2012 22:30:46 +0200 Subject: [PATCH 2/4] Ajout des liens symboliques pour daemontools --- createlinks | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/createlinks b/createlinks index 93209be..ce508a6 100644 --- a/createlinks +++ b/createlinks @@ -6,3 +6,7 @@ foreach my $event (qw/bootstrap-console-save share-modify ibay-modify/){ templates2events("/etc/clamrt.list", $event); safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/clamrt"); } +safe_touch("root/var/service/clamrt/down"); +safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/clamrt'); +safe_symlink("/var/service/clamrt" , 'root/service/clamrt'); + From 9f61b64bb9acbe4bbfc8f6086a49314d6cbe1949 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 2 Jul 2012 22:44:07 +0200 Subject: [PATCH 3/4] Fix templates clamrt.list --- root/etc/e-smith/templates/etc/clamrt.list/00setup | 2 ++ root/etc/e-smith/templates/etc/clamrt.list/10shares | 2 +- root/etc/e-smith/templates/etc/clamrt.list/20ibays | 2 +- root/etc/e-smith/templates/etc/clamrt.list/template-begin | 0 4 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 root/etc/e-smith/templates/etc/clamrt.list/template-begin diff --git a/root/etc/e-smith/templates/etc/clamrt.list/00setup b/root/etc/e-smith/templates/etc/clamrt.list/00setup index affb737..4ed13de 100644 --- a/root/etc/e-smith/templates/etc/clamrt.list/00setup +++ b/root/etc/e-smith/templates/etc/clamrt.list/00setup @@ -6,4 +6,6 @@ my $a = esmith::AccountsDB->open_ro || die "Couldn't open AccountsDB\n"; my @ibays = $a->ibays(); my @shares = $a->get_all_by_prop(type=>'share'); +$OUT .= ''; + } diff --git a/root/etc/e-smith/templates/etc/clamrt.list/10shares b/root/etc/e-smith/templates/etc/clamrt.list/10shares index 5da45c8..b79775a 100644 --- a/root/etc/e-smith/templates/etc/clamrt.list/10shares +++ b/root/etc/e-smith/templates/etc/clamrt.list/10shares @@ -6,5 +6,5 @@ foreach my $share (@shares){ next unless ($av eq 'enabled'); $OUT .= "/home/e-smith/files/shares/$name/files\n"; } - +$OUT .= ''; } diff --git a/root/etc/e-smith/templates/etc/clamrt.list/20ibays b/root/etc/e-smith/templates/etc/clamrt.list/20ibays index 4d56142..ac47154 100644 --- a/root/etc/e-smith/templates/etc/clamrt.list/20ibays +++ b/root/etc/e-smith/templates/etc/clamrt.list/20ibays @@ -6,5 +6,5 @@ foreach my $ibay (@ibays){ next unless ($av eq 'enabled'); $OUT .= "/home/e-smith/files/ibays/$name\n"; } - +$OUT .= ''; } diff --git a/root/etc/e-smith/templates/etc/clamrt.list/template-begin b/root/etc/e-smith/templates/etc/clamrt.list/template-begin new file mode 100644 index 0000000..e69de29 From c99401afc73e86cc62d04be2dab94651b24af879 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Mon, 2 Jul 2012 22:48:05 +0200 Subject: [PATCH 4/4] =?UTF-8?q?ne=20pas=20scanner=20/tmp=20pour=20=C3=A9vi?= =?UTF-8?q?ter=20les=20boucles=20infinies?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../etc/e-smith/templates/etc/clamrt.list/{30tmp => 30netlogon} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename root/etc/e-smith/templates/etc/clamrt.list/{30tmp => 30netlogon} (61%) diff --git a/root/etc/e-smith/templates/etc/clamrt.list/30tmp b/root/etc/e-smith/templates/etc/clamrt.list/30netlogon similarity index 61% rename from root/etc/e-smith/templates/etc/clamrt.list/30tmp rename to root/etc/e-smith/templates/etc/clamrt.list/30netlogon index 44acdf7..c6642e5 100644 --- a/root/etc/e-smith/templates/etc/clamrt.list/30tmp +++ b/root/etc/e-smith/templates/etc/clamrt.list/30netlogon @@ -1,4 +1,4 @@ { # Just a dummy rep so there's always a rep to watch } -/tmp +/home/e-smith/files/samba/netlogon