commit
d9f509b936
19 changed files with 297 additions and 0 deletions
@ -0,0 +1,34 @@ |
|||||||
|
#!/usr/bin/perl -w |
||||||
|
|
||||||
|
use esmith::Build::CreateLinks qw(:all); |
||||||
|
|
||||||
|
service_link_enhanced("ntop", "S93", "7"); |
||||||
|
service_link_enhanced("ntop", "K83", "6"); |
||||||
|
service_link_enhanced("ntop", "K83", "0"); |
||||||
|
|
||||||
|
safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/ntop'); |
||||||
|
safe_symlink("/var/service/ntop" , 'root/service/ntop'); |
||||||
|
|
||||||
|
safe_touch("root/var/service/ntop/down"); |
||||||
|
|
||||||
|
templates2events("/etc/ntop.conf", "ntop-update"); |
||||||
|
templates2events("/etc/ntop.conf", "remoteaccess-update"); |
||||||
|
templates2events("/etc/ntop.conf", "network-create"); |
||||||
|
templates2events("/etc/ntop.conf", "network-delete"); |
||||||
|
templates2events("/etc/ntop.conf", "bootstrap-console-save"); |
||||||
|
templates2events("/etc/httpd/conf/httpd.conf", "ntop-update"); |
||||||
|
templates2events("/etc/services", "ntop-update"); |
||||||
|
templates2events("/etc/hosts.allow", "ntop-update"); |
||||||
|
templates2events("/etc/ntop/protocols.list", "ntop-update"); |
||||||
|
templates2events("/etc/ntop/protocols.list", "bootstrap-console-save"); |
||||||
|
|
||||||
|
foreach my $event (qw/ipasserelle-update bootstrap-ldap-save ntop-update/){ |
||||||
|
event_link("ntop-init-domain", "$event", "90"); |
||||||
|
} |
||||||
|
|
||||||
|
for my $event qw(ntop-update remoteaccess-update network-create network-delete){ |
||||||
|
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ntop"); |
||||||
|
} |
||||||
|
|
||||||
|
safe_symlink("sigusr1", "root/etc/e-smith/events/ntop-update/services2adjust/httpd-e-smith"); |
||||||
|
|
@ -0,0 +1 @@ |
|||||||
|
3000 |
@ -0,0 +1 @@ |
|||||||
|
private |
@ -0,0 +1 @@ |
|||||||
|
enabled |
@ -0,0 +1 @@ |
|||||||
|
service |
@ -0,0 +1,50 @@ |
|||||||
|
#!/usr/bin/perl -w |
||||||
|
#---------------------------------------------------------------------- |
||||||
|
# copyright (C) 2010-2011 Firewall-Services |
||||||
|
# daniel@firewall-services.com |
||||||
|
# |
||||||
|
# This program is free software; you can redistribute it and/or modify |
||||||
|
# it under the terms of the GNU General Public License as published by |
||||||
|
# the Free Software Foundation; either version 2 of the License, or |
||||||
|
# (at your option) any later version. |
||||||
|
# |
||||||
|
# This program is distributed in the hope that it will be useful, |
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||||
|
# GNU General Public License for more details. |
||||||
|
# |
||||||
|
# You should have received a copy of the GNU General Public License |
||||||
|
# along with this program; if not, write to the Free Software |
||||||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
||||||
|
# |
||||||
|
# Technical support for this program is available from Mitel Networks |
||||||
|
# Please visit our web site www.mitel.com/sme/ for details. |
||||||
|
#---------------------------------------------------------------------- |
||||||
|
|
||||||
|
use strict; |
||||||
|
use warnings; |
||||||
|
use esmith::DomainsDB; |
||||||
|
use esmith::ConfigDB; |
||||||
|
|
||||||
|
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n"; |
||||||
|
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n"; |
||||||
|
|
||||||
|
my $domain = $c->get('DomainName')->value; |
||||||
|
my $vhost = $d->get("ntop.$domain"); |
||||||
|
|
||||||
|
if (!$vhost){ |
||||||
|
$d->new_record("ntop.$domain",{ |
||||||
|
type => 'domain', |
||||||
|
Content => 'Primary', |
||||||
|
Description => "Ntop", |
||||||
|
Nameservers => 'internet', |
||||||
|
TemplatePath => 'WebAppVirtualHost', |
||||||
|
Removable => 'no', |
||||||
|
ProxyPassTarget => 'http://127.0.0.1:3000/' |
||||||
|
}); |
||||||
|
|
||||||
|
unless ( system("/sbin/e-smith/signal-event", "domain-create", "ntop.$domain") == 0 ){ |
||||||
|
die "Failed to create domain ntop.$domain\n"; |
||||||
|
} |
||||||
|
} |
||||||
|
|
@ -0,0 +1,4 @@ |
|||||||
|
{ |
||||||
|
$DB->hosts_allow_spec('ntop'); |
||||||
|
} |
||||||
|
|
@ -0,0 +1,4 @@ |
|||||||
|
### Sets the user that ntop runs as. |
||||||
|
### NOTE: This should not be root unless you really understand the security risks. |
||||||
|
--user ntop |
||||||
|
|
@ -0,0 +1,3 @@ |
|||||||
|
### Sets the directory that ntop runs from. |
||||||
|
--db-file-path /var/lib/ntop |
||||||
|
--output-packet-path /var/lib/ntop/pcap |
@ -0,0 +1,20 @@ |
|||||||
|
### Interface(s) that ntop will capture on (default: eth0) |
||||||
|
{ |
||||||
|
my $if = $InternalInterface{'Name'} || 'eth0'; |
||||||
|
my $mode = $SystemMode || 'serveronly'; |
||||||
|
if ($mode ne 'serveronly'){ |
||||||
|
my $extif = $ExternalInteraface{'Name'} || 'eth1'; |
||||||
|
$if .= ",$extif"; |
||||||
|
} |
||||||
|
# Now, do we have some VPN interface to look at ? |
||||||
|
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s'); |
||||||
|
my $s2s = ${'openvpn-s2s'}{'status'} || 'disabled'; |
||||||
|
if (defined $ovpndb && $s2s eq 'enabled'){ |
||||||
|
foreach my $vpn ($ovpndb->get_all_by_prop(type=>'client'),$ovpndb->get_all_by_prop(type=>'server')){ |
||||||
|
my $name = $vpn->key; |
||||||
|
$if .= ",tun$name"; |
||||||
|
} |
||||||
|
} |
||||||
|
$OUT .= "--interface $if\n"; |
||||||
|
} |
||||||
|
--no-interface-merge |
@ -0,0 +1,8 @@ |
|||||||
|
### Sets the port that the HTTP webserver listens on |
||||||
|
### NOTE: --http-server 3000 is the default |
||||||
|
--w3c |
||||||
|
{ |
||||||
|
my $port = $ntop{'TCPPort'} || '3000'; |
||||||
|
$OUT .= "--http-server 127.0.0.1:$port\n"; |
||||||
|
} |
||||||
|
|
@ -0,0 +1,21 @@ |
|||||||
|
### Sets the networks that ntop should consider as local. |
||||||
|
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24 |
||||||
|
### The addresses of the interfaces are always local and don't need to be specified. |
||||||
|
#--local-subnets xx.xx.xx.xx/yy |
||||||
|
|
||||||
|
{ |
||||||
|
use esmith::NetworksDB; |
||||||
|
my $ndb = esmith::NetworksDB->open_ro() || |
||||||
|
die('Can not open Networks DB'); |
||||||
|
|
||||||
|
my $networks = ''; |
||||||
|
my @nets = $ndb->networks(); |
||||||
|
foreach my $net (@nets){ |
||||||
|
my $key = $net->key; |
||||||
|
my $mask = $net->prop('Mask'); |
||||||
|
$networks .= "$key/$mask".','; |
||||||
|
} |
||||||
|
$OUT .= "--local-subnets $networks\n" if ($networks ne ''); |
||||||
|
|
||||||
|
} |
||||||
|
|
@ -0,0 +1,30 @@ |
|||||||
|
|
||||||
|
{ |
||||||
|
my $decoder = $ntop{'Decoders'} || 'enabled'; |
||||||
|
my $localonly = $ntop{'LocalOnly'} || 'no'; |
||||||
|
my $filter = $ntop{'Filter'} || ''; |
||||||
|
my $pcap = $ntop{'SaveSuspuciousPackets'} || 'disabled'; |
||||||
|
|
||||||
|
if ($decoder eq 'disabled'){ |
||||||
|
$OUT .= "--disable-decoders\n"; |
||||||
|
} |
||||||
|
if ($localonly eq 'yes'){ |
||||||
|
$OUT .= "--track-local-hosts\n"; |
||||||
|
} |
||||||
|
if ($filter ne ''){ |
||||||
|
$OUT .= "--filter-expression=\"$filter\"\n"; |
||||||
|
} |
||||||
|
if ($pcap eq 'enabled'){ |
||||||
|
$OUT .= "--create-suspicious-packets\n"; |
||||||
|
} |
||||||
|
|
||||||
|
$OUT .=<<"HERE"; |
||||||
|
|
||||||
|
--refresh-time=180 |
||||||
|
--skip-version-check |
||||||
|
--disable-mutexextrainfo |
||||||
|
--no-fc |
||||||
|
|
||||||
|
HERE |
||||||
|
|
||||||
|
} |
@ -0,0 +1 @@ |
|||||||
|
--protocols=/etc/ntop/protocols.list |
@ -0,0 +1,11 @@ |
|||||||
|
Mail=pop3|pop3s|imap|imaps|smtp|smtps|submission |
||||||
|
Web=http|https|squid|webcache|http-alt |
||||||
|
FTP=ftp|ftp-data|tftp |
||||||
|
Netbios=netbios-ns|netbios-dgm|netbios-ssn |
||||||
|
SSH=ssh |
||||||
|
DNS=domain |
||||||
|
DHCP=bootps|bootpc |
||||||
|
Messenger=1863|5000|5001|5190-5193|5222|5223|5269|irc|ircs|ircd |
||||||
|
VoIP=5060|10000-20000|4569 |
||||||
|
VPN=1194 |
||||||
|
P2P=6881-6999|6346|6347|6348|4661-4665 |
@ -0,0 +1 @@ |
|||||||
|
ntop { ${'ntop'}{TCPPort} }/tcp # Ntop Web frontend |
@ -0,0 +1,7 @@ |
|||||||
|
#!/bin/sh |
||||||
|
|
||||||
|
exec \ |
||||||
|
/usr/local/bin/setuidgid smelog \ |
||||||
|
/usr/local/bin/multilog t s5000000 \ |
||||||
|
/var/log/ntop |
||||||
|
|
@ -0,0 +1,8 @@ |
|||||||
|
#!/bin/sh |
||||||
|
|
||||||
|
exec 2>&1 |
||||||
|
|
||||||
|
[ -e /var/lib/ntop/ntop_pw.db ] || exec /usr/sbin/ntop --set-admin-password=admin |
||||||
|
|
||||||
|
exec /usr/sbin/ntop @/etc/ntop.conf |
||||||
|
|
@ -0,0 +1,91 @@ |
|||||||
|
# $Id: smeserver-ntop.spec,v 1.24 2009/05/26 09:48:21 vip-ire Exp $ |
||||||
|
# Authority: vip-ire |
||||||
|
# Name: Daniel Berteaud |
||||||
|
|
||||||
|
Summary: Ntop integration in SME Server |
||||||
|
%define name smeserver-ntop |
||||||
|
Name: %{name} |
||||||
|
%define version 0.1.0 |
||||||
|
%define release 1 |
||||||
|
Version: %{version} |
||||||
|
Release: %{release}%{?dist} |
||||||
|
License: GPL |
||||||
|
Group: Applications/System |
||||||
|
Source: %{name}-%{version}.tar.gz |
||||||
|
|
||||||
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
||||||
|
BuildArch: noarch |
||||||
|
|
||||||
|
BuildRequires: e-smith-devtools |
||||||
|
|
||||||
|
Requires: ntop |
||||||
|
Requires: e-smith-base |
||||||
|
Requires: smeserver-webapps-common |
||||||
|
|
||||||
|
%description |
||||||
|
This package contains all the needed scripts and templates |
||||||
|
to run ntop on your SME Server |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Thu May 31 2012 Daniel B. <daniel@firewall-services.com> 0.1.0-1 |
||||||
|
- Move to GIT |
||||||
|
|
||||||
|
* Tue Feb 21 2012 Daniel B. <daniel@firewall-services.com> 0.1-6 |
||||||
|
- Expand ntop conf in bootstrap-console-save |
||||||
|
|
||||||
|
* Wed Dec 07 2011 Daniel B. <daniel@firewall-services.com> 0.1-5 |
||||||
|
- templates cleanup |
||||||
|
- fix Decoders prop |
||||||
|
- create pcap dir |
||||||
|
- Add some more default options |
||||||
|
- Define displayed protocols instead of defaults ones |
||||||
|
- Make save-suspicious-packets optional |
||||||
|
|
||||||
|
* Thu Oct 20 2011 Daniel B. <daniel@firewall-services.com> 0.1-4 |
||||||
|
- Add VPN (openvpn-s2s) interfaces |
||||||
|
|
||||||
|
* Wed Oct 12 2011 Daniel B. <daniel@firewall-services.com> 0.1-3 |
||||||
|
- Don't merge traffic on different interfaces |
||||||
|
|
||||||
|
* Thu Feb 24 2011 Daniel B. <daniel@firewall-services.com> 0.1-2 |
||||||
|
- stop requiring mod_proxy_html, use a vhost for proxypass instead |
||||||
|
- remove link from the server-manager |
||||||
|
- Make it working with the EPEL version of ntop |
||||||
|
|
||||||
|
* Tue Nov 16 2010 Daniel B. <daniel@firewall-services.com> 0.1-1 |
||||||
|
- initiale release |
||||||
|
|
||||||
|
%prep |
||||||
|
|
||||||
|
%setup -q -n %{name}-%{version} |
||||||
|
|
||||||
|
%build |
||||||
|
perl createlinks |
||||||
|
%{__mkdir_p} root/var/log/ntop |
||||||
|
%{__mkdir_p} root/var/lib/ntop/pcap |
||||||
|
|
||||||
|
|
||||||
|
%install |
||||||
|
/bin/rm -rf $RPM_BUILD_ROOT |
||||||
|
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) |
||||||
|
/bin/rm -f %{name}-%{version}-filelist |
||||||
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
||||||
|
--file /var/service/ntop/run 'attr(0755,root,root)' \ |
||||||
|
--file /var/service/ntop/log/run 'attr(0755,root,root)' \ |
||||||
|
--dir /var/log/ntop 'attr(0750,smelog,smelog)' \ |
||||||
|
--dir /var/lib/ntop/pcap 'attr(0750,ntop,ntop)' \ |
||||||
|
> %{name}-%{version}-filelist |
||||||
|
|
||||||
|
%files -f %{name}-%{version}-filelist |
||||||
|
%defattr(-,root,root) |
||||||
|
|
||||||
|
%clean |
||||||
|
rm -rf $RPM_BUILD_ROOT |
||||||
|
|
||||||
|
|
||||||
|
%post |
||||||
|
|
||||||
|
%preun |
||||||
|
|
||||||
|
true |
||||||
|
|
Loading…
Reference in new issue