Import
This commit is contained in:
commit
d9f509b936
|
@ -0,0 +1,34 @@
|
|||
#!/usr/bin/perl -w
|
||||
|
||||
use esmith::Build::CreateLinks qw(:all);
|
||||
|
||||
service_link_enhanced("ntop", "S93", "7");
|
||||
service_link_enhanced("ntop", "K83", "6");
|
||||
service_link_enhanced("ntop", "K83", "0");
|
||||
|
||||
safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/ntop');
|
||||
safe_symlink("/var/service/ntop" , 'root/service/ntop');
|
||||
|
||||
safe_touch("root/var/service/ntop/down");
|
||||
|
||||
templates2events("/etc/ntop.conf", "ntop-update");
|
||||
templates2events("/etc/ntop.conf", "remoteaccess-update");
|
||||
templates2events("/etc/ntop.conf", "network-create");
|
||||
templates2events("/etc/ntop.conf", "network-delete");
|
||||
templates2events("/etc/ntop.conf", "bootstrap-console-save");
|
||||
templates2events("/etc/httpd/conf/httpd.conf", "ntop-update");
|
||||
templates2events("/etc/services", "ntop-update");
|
||||
templates2events("/etc/hosts.allow", "ntop-update");
|
||||
templates2events("/etc/ntop/protocols.list", "ntop-update");
|
||||
templates2events("/etc/ntop/protocols.list", "bootstrap-console-save");
|
||||
|
||||
foreach my $event (qw/ipasserelle-update bootstrap-ldap-save ntop-update/){
|
||||
event_link("ntop-init-domain", "$event", "90");
|
||||
}
|
||||
|
||||
for my $event qw(ntop-update remoteaccess-update network-create network-delete){
|
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ntop");
|
||||
}
|
||||
|
||||
safe_symlink("sigusr1", "root/etc/e-smith/events/ntop-update/services2adjust/httpd-e-smith");
|
||||
|
|
@ -0,0 +1 @@
|
|||
3000
|
|
@ -0,0 +1 @@
|
|||
private
|
|
@ -0,0 +1 @@
|
|||
enabled
|
|
@ -0,0 +1 @@
|
|||
service
|
|
@ -0,0 +1,50 @@
|
|||
#!/usr/bin/perl -w
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2010-2011 Firewall-Services
|
||||
# daniel@firewall-services.com
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Technical support for this program is available from Mitel Networks
|
||||
# Please visit our web site www.mitel.com/sme/ for details.
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use esmith::DomainsDB;
|
||||
use esmith::ConfigDB;
|
||||
|
||||
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n";
|
||||
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n";
|
||||
|
||||
my $domain = $c->get('DomainName')->value;
|
||||
my $vhost = $d->get("ntop.$domain");
|
||||
|
||||
if (!$vhost){
|
||||
$d->new_record("ntop.$domain",{
|
||||
type => 'domain',
|
||||
Content => 'Primary',
|
||||
Description => "Ntop",
|
||||
Nameservers => 'internet',
|
||||
TemplatePath => 'WebAppVirtualHost',
|
||||
Removable => 'no',
|
||||
ProxyPassTarget => 'http://127.0.0.1:3000/'
|
||||
});
|
||||
|
||||
unless ( system("/sbin/e-smith/signal-event", "domain-create", "ntop.$domain") == 0 ){
|
||||
die "Failed to create domain ntop.$domain\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
$DB->hosts_allow_spec('ntop');
|
||||
}
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
### Sets the user that ntop runs as.
|
||||
### NOTE: This should not be root unless you really understand the security risks.
|
||||
--user ntop
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
### Sets the directory that ntop runs from.
|
||||
--db-file-path /var/lib/ntop
|
||||
--output-packet-path /var/lib/ntop/pcap
|
|
@ -0,0 +1,20 @@
|
|||
### Interface(s) that ntop will capture on (default: eth0)
|
||||
{
|
||||
my $if = $InternalInterface{'Name'} || 'eth0';
|
||||
my $mode = $SystemMode || 'serveronly';
|
||||
if ($mode ne 'serveronly'){
|
||||
my $extif = $ExternalInteraface{'Name'} || 'eth1';
|
||||
$if .= ",$extif";
|
||||
}
|
||||
# Now, do we have some VPN interface to look at ?
|
||||
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
|
||||
my $s2s = ${'openvpn-s2s'}{'status'} || 'disabled';
|
||||
if (defined $ovpndb && $s2s eq 'enabled'){
|
||||
foreach my $vpn ($ovpndb->get_all_by_prop(type=>'client'),$ovpndb->get_all_by_prop(type=>'server')){
|
||||
my $name = $vpn->key;
|
||||
$if .= ",tun$name";
|
||||
}
|
||||
}
|
||||
$OUT .= "--interface $if\n";
|
||||
}
|
||||
--no-interface-merge
|
|
@ -0,0 +1,8 @@
|
|||
### Sets the port that the HTTP webserver listens on
|
||||
### NOTE: --http-server 3000 is the default
|
||||
--w3c
|
||||
{
|
||||
my $port = $ntop{'TCPPort'} || '3000';
|
||||
$OUT .= "--http-server 127.0.0.1:$port\n";
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
### Sets the networks that ntop should consider as local.
|
||||
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24
|
||||
### The addresses of the interfaces are always local and don't need to be specified.
|
||||
#--local-subnets xx.xx.xx.xx/yy
|
||||
|
||||
{
|
||||
use esmith::NetworksDB;
|
||||
my $ndb = esmith::NetworksDB->open_ro() ||
|
||||
die('Can not open Networks DB');
|
||||
|
||||
my $networks = '';
|
||||
my @nets = $ndb->networks();
|
||||
foreach my $net (@nets){
|
||||
my $key = $net->key;
|
||||
my $mask = $net->prop('Mask');
|
||||
$networks .= "$key/$mask".',';
|
||||
}
|
||||
$OUT .= "--local-subnets $networks\n" if ($networks ne '');
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
|
||||
{
|
||||
my $decoder = $ntop{'Decoders'} || 'enabled';
|
||||
my $localonly = $ntop{'LocalOnly'} || 'no';
|
||||
my $filter = $ntop{'Filter'} || '';
|
||||
my $pcap = $ntop{'SaveSuspuciousPackets'} || 'disabled';
|
||||
|
||||
if ($decoder eq 'disabled'){
|
||||
$OUT .= "--disable-decoders\n";
|
||||
}
|
||||
if ($localonly eq 'yes'){
|
||||
$OUT .= "--track-local-hosts\n";
|
||||
}
|
||||
if ($filter ne ''){
|
||||
$OUT .= "--filter-expression=\"$filter\"\n";
|
||||
}
|
||||
if ($pcap eq 'enabled'){
|
||||
$OUT .= "--create-suspicious-packets\n";
|
||||
}
|
||||
|
||||
$OUT .=<<"HERE";
|
||||
|
||||
--refresh-time=180
|
||||
--skip-version-check
|
||||
--disable-mutexextrainfo
|
||||
--no-fc
|
||||
|
||||
HERE
|
||||
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
--protocols=/etc/ntop/protocols.list
|
|
@ -0,0 +1,11 @@
|
|||
Mail=pop3|pop3s|imap|imaps|smtp|smtps|submission
|
||||
Web=http|https|squid|webcache|http-alt
|
||||
FTP=ftp|ftp-data|tftp
|
||||
Netbios=netbios-ns|netbios-dgm|netbios-ssn
|
||||
SSH=ssh
|
||||
DNS=domain
|
||||
DHCP=bootps|bootpc
|
||||
Messenger=1863|5000|5001|5190-5193|5222|5223|5269|irc|ircs|ircd
|
||||
VoIP=5060|10000-20000|4569
|
||||
VPN=1194
|
||||
P2P=6881-6999|6346|6347|6348|4661-4665
|
|
@ -0,0 +1 @@
|
|||
ntop { ${'ntop'}{TCPPort} }/tcp # Ntop Web frontend
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
exec \
|
||||
/usr/local/bin/setuidgid smelog \
|
||||
/usr/local/bin/multilog t s5000000 \
|
||||
/var/log/ntop
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
exec 2>&1
|
||||
|
||||
[ -e /var/lib/ntop/ntop_pw.db ] || exec /usr/sbin/ntop --set-admin-password=admin
|
||||
|
||||
exec /usr/sbin/ntop @/etc/ntop.conf
|
||||
|
|
@ -0,0 +1,91 @@
|
|||
# $Id: smeserver-ntop.spec,v 1.24 2009/05/26 09:48:21 vip-ire Exp $
|
||||
# Authority: vip-ire
|
||||
# Name: Daniel Berteaud
|
||||
|
||||
Summary: Ntop integration in SME Server
|
||||
%define name smeserver-ntop
|
||||
Name: %{name}
|
||||
%define version 0.1.0
|
||||
%define release 1
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
Group: Applications/System
|
||||
Source: %{name}-%{version}.tar.gz
|
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: e-smith-devtools
|
||||
|
||||
Requires: ntop
|
||||
Requires: e-smith-base
|
||||
Requires: smeserver-webapps-common
|
||||
|
||||
%description
|
||||
This package contains all the needed scripts and templates
|
||||
to run ntop on your SME Server
|
||||
|
||||
%changelog
|
||||
* Thu May 31 2012 Daniel B. <daniel@firewall-services.com> 0.1.0-1
|
||||
- Move to GIT
|
||||
|
||||
* Tue Feb 21 2012 Daniel B. <daniel@firewall-services.com> 0.1-6
|
||||
- Expand ntop conf in bootstrap-console-save
|
||||
|
||||
* Wed Dec 07 2011 Daniel B. <daniel@firewall-services.com> 0.1-5
|
||||
- templates cleanup
|
||||
- fix Decoders prop
|
||||
- create pcap dir
|
||||
- Add some more default options
|
||||
- Define displayed protocols instead of defaults ones
|
||||
- Make save-suspicious-packets optional
|
||||
|
||||
* Thu Oct 20 2011 Daniel B. <daniel@firewall-services.com> 0.1-4
|
||||
- Add VPN (openvpn-s2s) interfaces
|
||||
|
||||
* Wed Oct 12 2011 Daniel B. <daniel@firewall-services.com> 0.1-3
|
||||
- Don't merge traffic on different interfaces
|
||||
|
||||
* Thu Feb 24 2011 Daniel B. <daniel@firewall-services.com> 0.1-2
|
||||
- stop requiring mod_proxy_html, use a vhost for proxypass instead
|
||||
- remove link from the server-manager
|
||||
- Make it working with the EPEL version of ntop
|
||||
|
||||
* Tue Nov 16 2010 Daniel B. <daniel@firewall-services.com> 0.1-1
|
||||
- initiale release
|
||||
|
||||
%prep
|
||||
|
||||
%setup -q -n %{name}-%{version}
|
||||
|
||||
%build
|
||||
perl createlinks
|
||||
%{__mkdir_p} root/var/log/ntop
|
||||
%{__mkdir_p} root/var/lib/ntop/pcap
|
||||
|
||||
|
||||
%install
|
||||
/bin/rm -rf $RPM_BUILD_ROOT
|
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
|
||||
/bin/rm -f %{name}-%{version}-filelist
|
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
|
||||
--file /var/service/ntop/run 'attr(0755,root,root)' \
|
||||
--file /var/service/ntop/log/run 'attr(0755,root,root)' \
|
||||
--dir /var/log/ntop 'attr(0750,smelog,smelog)' \
|
||||
--dir /var/lib/ntop/pcap 'attr(0750,ntop,ntop)' \
|
||||
> %{name}-%{version}-filelist
|
||||
|
||||
%files -f %{name}-%{version}-filelist
|
||||
%defattr(-,root,root)
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%post
|
||||
|
||||
%preun
|
||||
|
||||
true
|
||||
|
Loading…
Reference in New Issue