koozali
/
smeserver-ntop
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import

This commit is contained in:
Daniel Berteaud 2012-05-31 09:27:35 +02:00
commit d9f509b936
19 changed files with 297 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
createlinks Normal file
View File

@ -0,0 +1,34 @@
#!/usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
service_link_enhanced("ntop", "S93", "7");
service_link_enhanced("ntop", "K83", "6");
service_link_enhanced("ntop", "K83", "0");
safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/ntop');
safe_symlink("/var/service/ntop" , 'root/service/ntop');
safe_touch("root/var/service/ntop/down");
templates2events("/etc/ntop.conf", "ntop-update");
templates2events("/etc/ntop.conf", "remoteaccess-update");
templates2events("/etc/ntop.conf", "network-create");
templates2events("/etc/ntop.conf", "network-delete");
templates2events("/etc/ntop.conf", "bootstrap-console-save");
templates2events("/etc/httpd/conf/httpd.conf", "ntop-update");
templates2events("/etc/services", "ntop-update");
templates2events("/etc/hosts.allow", "ntop-update");
templates2events("/etc/ntop/protocols.list", "ntop-update");
templates2events("/etc/ntop/protocols.list", "bootstrap-console-save");
foreach my $event (qw/ipasserelle-update bootstrap-ldap-save ntop-update/){
event_link("ntop-init-domain", "$event", "90");
}
for my $event qw(ntop-update remoteaccess-update network-create network-delete){
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ntop");
}
safe_symlink("sigusr1", "root/etc/e-smith/events/ntop-update/services2adjust/httpd-e-smith");

1
root/etc/e-smith/db/configuration/defaults/ntop/TCPPort Normal file
View File

@ -0,0 +1 @@
3000

1
root/etc/e-smith/db/configuration/defaults/ntop/access Normal file
View File

@ -0,0 +1 @@
private

1
root/etc/e-smith/db/configuration/defaults/ntop/status Normal file
View File

@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/ntop/type Normal file
View File

@ -0,0 +1 @@
service

50
root/etc/e-smith/events/actions/ntop-init-domain Normal file
View File

@ -0,0 +1,50 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010-2011 Firewall-Services
# daniel@firewall-services.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.mitel.com/sme/ for details.
#----------------------------------------------------------------------
use strict;
use warnings;
use esmith::DomainsDB;
use esmith::ConfigDB;
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
my $domain = $c->get('DomainName')->value;
my $vhost = $d->get("ntop.$domain");
if (!$vhost){
$d->new_record("ntop.$domain",{
type => 'domain',
Content => 'Primary',
Description => "Ntop",
Nameservers => 'internet',
TemplatePath => 'WebAppVirtualHost',
Removable => 'no',
ProxyPassTarget => 'http://127.0.0.1:3000/'
});
unless ( system("/sbin/e-smith/signal-event", "domain-create", "ntop.$domain") == 0 ){
die "Failed to create domain ntop.$domain\n";
}
}

4
root/etc/e-smith/templates/etc/hosts.allow/ntop Normal file
View File

@ -0,0 +1,4 @@
{
$DB->hosts_allow_spec('ntop');
}

4
root/etc/e-smith/templates/etc/ntop.conf/10user Normal file
View File

@ -0,0 +1,4 @@
### Sets the user that ntop runs as.
### NOTE: This should not be root unless you really understand the security risks.
--user ntop

3
root/etc/e-smith/templates/etc/ntop.conf/20db Normal file
View File

@ -0,0 +1,3 @@
### Sets the directory that ntop runs from.
--db-file-path /var/lib/ntop
--output-packet-path /var/lib/ntop/pcap

20
root/etc/e-smith/templates/etc/ntop.conf/30interface Normal file
View File

@ -0,0 +1,20 @@
### Interface(s) that ntop will capture on (default: eth0)
{
my $if = $InternalInterface{'Name'} || 'eth0';
my $mode = $SystemMode || 'serveronly';
if ($mode ne 'serveronly'){
my $extif = $ExternalInteraface{'Name'} || 'eth1';
$if .= ",$extif";
}
# Now, do we have some VPN interface to look at ?
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
my $s2s = ${'openvpn-s2s'}{'status'} || 'disabled';
if (defined $ovpndb && $s2s eq 'enabled'){
foreach my $vpn ($ovpndb->get_all_by_prop(type=>'client'),$ovpndb->get_all_by_prop(type=>'server')){
my $name = $vpn->key;
$if .= ",tun$name";
}
}
$OUT .= "--interface $if\n";
}
--no-interface-merge

8
root/etc/e-smith/templates/etc/ntop.conf/40httpServer Normal file
View File

@ -0,0 +1,8 @@
### Sets the port that the HTTP webserver listens on
### NOTE: --http-server 3000 is the default
--w3c
{
my $port = $ntop{'TCPPort'} || '3000';
$OUT .= "--http-server 127.0.0.1:$port\n";
}

21
root/etc/e-smith/templates/etc/ntop.conf/50localNet Normal file
View File

@ -0,0 +1,21 @@
### Sets the networks that ntop should consider as local.
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
### The addresses of the interfaces are always local and don't need to be specified.
#--local-subnets xx.xx.xx.xx/yy
{
use esmith::NetworksDB;
my $ndb = esmith::NetworksDB->open_ro() ||
die('Can not open Networks DB');
my $networks = '';
my @nets = $ndb->networks();
foreach my $net (@nets){
my $key = $net->key;
my $mask = $net->prop('Mask');
$networks .= "$key/$mask".',';
}
$OUT .= "--local-subnets $networks\n" if ($networks ne '');
}

30
root/etc/e-smith/templates/etc/ntop.conf/60options Normal file
View File

@ -0,0 +1,30 @@
{
my $decoder = $ntop{'Decoders'} || 'enabled';
my $localonly = $ntop{'LocalOnly'} || 'no';
my $filter = $ntop{'Filter'} || '';
my $pcap = $ntop{'SaveSuspuciousPackets'} || 'disabled';
if ($decoder eq 'disabled'){
$OUT .= "--disable-decoders\n";
}
if ($localonly eq 'yes'){
$OUT .= "--track-local-hosts\n";
}
if ($filter ne ''){
$OUT .= "--filter-expression=\"$filter\"\n";
}
if ($pcap eq 'enabled'){
$OUT .= "--create-suspicious-packets\n";
}
$OUT .=<<"HERE";
--refresh-time=180
--skip-version-check
--disable-mutexextrainfo
--no-fc
HERE
}

1
root/etc/e-smith/templates/etc/ntop.conf/70protocols Normal file
View File

@ -0,0 +1 @@
--protocols=/etc/ntop/protocols.list

11
root/etc/e-smith/templates/etc/ntop/protocols.list/10Mail Normal file
View File

@ -0,0 +1,11 @@
Mail=pop3|pop3s|imap|imaps|smtp|smtps|submission
Web=http|https|squid|webcache|http-alt
FTP=ftp|ftp-data|tftp
Netbios=netbios-ns|netbios-dgm|netbios-ssn
SSH=ssh
DNS=domain
DHCP=bootps|bootpc
Messenger=1863|5000|5001|5190-5193|5222|5223|5269|irc|ircs|ircd
VoIP=5060|10000-20000|4569
VPN=1194
P2P=6881-6999|6346|6347|6348|4661-4665

1
root/etc/e-smith/templates/etc/services/20ntop Normal file
View File

@ -0,0 +1 @@
ntop { ${'ntop'}{TCPPort} }/tcp # Ntop Web frontend

7
root/var/service/ntop/log/run Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
exec \
/usr/local/bin/setuidgid smelog \
/usr/local/bin/multilog t s5000000 \
/var/log/ntop

8
root/var/service/ntop/run Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
exec 2>&1
[ -e /var/lib/ntop/ntop_pw.db ] || exec /usr/sbin/ntop --set-admin-password=admin
exec /usr/sbin/ntop @/etc/ntop.conf

91
smeserver-ntop.spec Normal file
View File

@ -0,0 +1,91 @@
# $Id: smeserver-ntop.spec,v 1.24 2009/05/26 09:48:21 vip-ire Exp $
# Authority: vip-ire
# Name: Daniel Berteaud
Summary: Ntop integration in SME Server
%define name smeserver-ntop
Name: %{name}
%define version 0.1.0
%define release 1
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Applications/System
Source: %{name}-%{version}.tar.gz
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArch: noarch
BuildRequires: e-smith-devtools
Requires: ntop
Requires: e-smith-base
Requires: smeserver-webapps-common
%description
This package contains all the needed scripts and templates
to run ntop on your SME Server
%changelog
* Thu May 31 2012 Daniel B. <daniel@firewall-services.com> 0.1.0-1
- Move to GIT
* Tue Feb 21 2012 Daniel B. <daniel@firewall-services.com> 0.1-6
- Expand ntop conf in bootstrap-console-save
* Wed Dec 07 2011 Daniel B. <daniel@firewall-services.com> 0.1-5
- templates cleanup
- fix Decoders prop
- create pcap dir
- Add some more default options
- Define displayed protocols instead of defaults ones
- Make save-suspicious-packets optional
* Thu Oct 20 2011 Daniel B. <daniel@firewall-services.com> 0.1-4
- Add VPN (openvpn-s2s) interfaces
* Wed Oct 12 2011 Daniel B. <daniel@firewall-services.com> 0.1-3
- Don't merge traffic on different interfaces
* Thu Feb 24 2011 Daniel B. <daniel@firewall-services.com> 0.1-2
- stop requiring mod_proxy_html, use a vhost for proxypass instead
- remove link from the server-manager
- Make it working with the EPEL version of ntop
* Tue Nov 16 2010 Daniel B. <daniel@firewall-services.com> 0.1-1
- initiale release
%prep
%setup -q -n %{name}-%{version}
%build
perl createlinks
%{__mkdir_p} root/var/log/ntop
%{__mkdir_p} root/var/lib/ntop/pcap
%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
--file /var/service/ntop/run 'attr(0755,root,root)' \
--file /var/service/ntop/log/run 'attr(0755,root,root)' \
--dir /var/log/ntop 'attr(0750,smelog,smelog)' \
--dir /var/lib/ntop/pcap 'attr(0750,ntop,ntop)' \
> %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%clean
rm -rf $RPM_BUILD_ROOT
%post
%preun
true