commit
d9f509b936
19 changed files with 297 additions and 0 deletions
@ -0,0 +1,34 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
use esmith::Build::CreateLinks qw(:all); |
||||
|
||||
service_link_enhanced("ntop", "S93", "7"); |
||||
service_link_enhanced("ntop", "K83", "6"); |
||||
service_link_enhanced("ntop", "K83", "0"); |
||||
|
||||
safe_symlink("../daemontools" , 'root/etc/rc.d/init.d/supervise/ntop'); |
||||
safe_symlink("/var/service/ntop" , 'root/service/ntop'); |
||||
|
||||
safe_touch("root/var/service/ntop/down"); |
||||
|
||||
templates2events("/etc/ntop.conf", "ntop-update"); |
||||
templates2events("/etc/ntop.conf", "remoteaccess-update"); |
||||
templates2events("/etc/ntop.conf", "network-create"); |
||||
templates2events("/etc/ntop.conf", "network-delete"); |
||||
templates2events("/etc/ntop.conf", "bootstrap-console-save"); |
||||
templates2events("/etc/httpd/conf/httpd.conf", "ntop-update"); |
||||
templates2events("/etc/services", "ntop-update"); |
||||
templates2events("/etc/hosts.allow", "ntop-update"); |
||||
templates2events("/etc/ntop/protocols.list", "ntop-update"); |
||||
templates2events("/etc/ntop/protocols.list", "bootstrap-console-save"); |
||||
|
||||
foreach my $event (qw/ipasserelle-update bootstrap-ldap-save ntop-update/){ |
||||
event_link("ntop-init-domain", "$event", "90"); |
||||
} |
||||
|
||||
for my $event qw(ntop-update remoteaccess-update network-create network-delete){ |
||||
safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ntop"); |
||||
} |
||||
|
||||
safe_symlink("sigusr1", "root/etc/e-smith/events/ntop-update/services2adjust/httpd-e-smith"); |
||||
|
@ -0,0 +1 @@ |
||||
3000 |
@ -0,0 +1 @@ |
||||
private |
@ -0,0 +1 @@ |
||||
enabled |
@ -0,0 +1 @@ |
||||
service |
@ -0,0 +1,50 @@ |
||||
#!/usr/bin/perl -w |
||||
#---------------------------------------------------------------------- |
||||
# copyright (C) 2010-2011 Firewall-Services |
||||
# daniel@firewall-services.com |
||||
# |
||||
# This program is free software; you can redistribute it and/or modify |
||||
# it under the terms of the GNU General Public License as published by |
||||
# the Free Software Foundation; either version 2 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
||||
# |
||||
# Technical support for this program is available from Mitel Networks |
||||
# Please visit our web site www.mitel.com/sme/ for details. |
||||
#---------------------------------------------------------------------- |
||||
|
||||
use strict; |
||||
use warnings; |
||||
use esmith::DomainsDB; |
||||
use esmith::ConfigDB; |
||||
|
||||
my $d = esmith::DomainsDB->open or die "Couldn't open DomainsDB\n"; |
||||
my $c = esmith::ConfigDB->open_ro() or die "Couldn't open ConfigDB\n"; |
||||
|
||||
my $domain = $c->get('DomainName')->value; |
||||
my $vhost = $d->get("ntop.$domain"); |
||||
|
||||
if (!$vhost){ |
||||
$d->new_record("ntop.$domain",{ |
||||
type => 'domain', |
||||
Content => 'Primary', |
||||
Description => "Ntop", |
||||
Nameservers => 'internet', |
||||
TemplatePath => 'WebAppVirtualHost', |
||||
Removable => 'no', |
||||
ProxyPassTarget => 'http://127.0.0.1:3000/' |
||||
}); |
||||
|
||||
unless ( system("/sbin/e-smith/signal-event", "domain-create", "ntop.$domain") == 0 ){ |
||||
die "Failed to create domain ntop.$domain\n"; |
||||
} |
||||
} |
||||
|
@ -0,0 +1,4 @@ |
||||
{ |
||||
$DB->hosts_allow_spec('ntop'); |
||||
} |
||||
|
@ -0,0 +1,4 @@ |
||||
### Sets the user that ntop runs as. |
||||
### NOTE: This should not be root unless you really understand the security risks. |
||||
--user ntop |
||||
|
@ -0,0 +1,3 @@ |
||||
### Sets the directory that ntop runs from. |
||||
--db-file-path /var/lib/ntop |
||||
--output-packet-path /var/lib/ntop/pcap |
@ -0,0 +1,20 @@ |
||||
### Interface(s) that ntop will capture on (default: eth0) |
||||
{ |
||||
my $if = $InternalInterface{'Name'} || 'eth0'; |
||||
my $mode = $SystemMode || 'serveronly'; |
||||
if ($mode ne 'serveronly'){ |
||||
my $extif = $ExternalInteraface{'Name'} || 'eth1'; |
||||
$if .= ",$extif"; |
||||
} |
||||
# Now, do we have some VPN interface to look at ? |
||||
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s'); |
||||
my $s2s = ${'openvpn-s2s'}{'status'} || 'disabled'; |
||||
if (defined $ovpndb && $s2s eq 'enabled'){ |
||||
foreach my $vpn ($ovpndb->get_all_by_prop(type=>'client'),$ovpndb->get_all_by_prop(type=>'server')){ |
||||
my $name = $vpn->key; |
||||
$if .= ",tun$name"; |
||||
} |
||||
} |
||||
$OUT .= "--interface $if\n"; |
||||
} |
||||
--no-interface-merge |
@ -0,0 +1,8 @@ |
||||
### Sets the port that the HTTP webserver listens on |
||||
### NOTE: --http-server 3000 is the default |
||||
--w3c |
||||
{ |
||||
my $port = $ntop{'TCPPort'} || '3000'; |
||||
$OUT .= "--http-server 127.0.0.1:$port\n"; |
||||
} |
||||
|
@ -0,0 +1,21 @@ |
||||
### Sets the networks that ntop should consider as local. |
||||
### NOTE: Uses dotted decimal and CIDR notation. Example: 192.168.0.0/24 |
||||
### The addresses of the interfaces are always local and don't need to be specified. |
||||
#--local-subnets xx.xx.xx.xx/yy |
||||
|
||||
{ |
||||
use esmith::NetworksDB; |
||||
my $ndb = esmith::NetworksDB->open_ro() || |
||||
die('Can not open Networks DB'); |
||||
|
||||
my $networks = ''; |
||||
my @nets = $ndb->networks(); |
||||
foreach my $net (@nets){ |
||||
my $key = $net->key; |
||||
my $mask = $net->prop('Mask'); |
||||
$networks .= "$key/$mask".','; |
||||
} |
||||
$OUT .= "--local-subnets $networks\n" if ($networks ne ''); |
||||
|
||||
} |
||||
|
@ -0,0 +1,30 @@ |
||||
|
||||
{ |
||||
my $decoder = $ntop{'Decoders'} || 'enabled'; |
||||
my $localonly = $ntop{'LocalOnly'} || 'no'; |
||||
my $filter = $ntop{'Filter'} || ''; |
||||
my $pcap = $ntop{'SaveSuspuciousPackets'} || 'disabled'; |
||||
|
||||
if ($decoder eq 'disabled'){ |
||||
$OUT .= "--disable-decoders\n"; |
||||
} |
||||
if ($localonly eq 'yes'){ |
||||
$OUT .= "--track-local-hosts\n"; |
||||
} |
||||
if ($filter ne ''){ |
||||
$OUT .= "--filter-expression=\"$filter\"\n"; |
||||
} |
||||
if ($pcap eq 'enabled'){ |
||||
$OUT .= "--create-suspicious-packets\n"; |
||||
} |
||||
|
||||
$OUT .=<<"HERE"; |
||||
|
||||
--refresh-time=180 |
||||
--skip-version-check |
||||
--disable-mutexextrainfo |
||||
--no-fc |
||||
|
||||
HERE |
||||
|
||||
} |
@ -0,0 +1 @@ |
||||
--protocols=/etc/ntop/protocols.list |
@ -0,0 +1,11 @@ |
||||
Mail=pop3|pop3s|imap|imaps|smtp|smtps|submission |
||||
Web=http|https|squid|webcache|http-alt |
||||
FTP=ftp|ftp-data|tftp |
||||
Netbios=netbios-ns|netbios-dgm|netbios-ssn |
||||
SSH=ssh |
||||
DNS=domain |
||||
DHCP=bootps|bootpc |
||||
Messenger=1863|5000|5001|5190-5193|5222|5223|5269|irc|ircs|ircd |
||||
VoIP=5060|10000-20000|4569 |
||||
VPN=1194 |
||||
P2P=6881-6999|6346|6347|6348|4661-4665 |
@ -0,0 +1 @@ |
||||
ntop { ${'ntop'}{TCPPort} }/tcp # Ntop Web frontend |
@ -0,0 +1,7 @@ |
||||
#!/bin/sh |
||||
|
||||
exec \ |
||||
/usr/local/bin/setuidgid smelog \ |
||||
/usr/local/bin/multilog t s5000000 \ |
||||
/var/log/ntop |
||||
|
@ -0,0 +1,8 @@ |
||||
#!/bin/sh |
||||
|
||||
exec 2>&1 |
||||
|
||||
[ -e /var/lib/ntop/ntop_pw.db ] || exec /usr/sbin/ntop --set-admin-password=admin |
||||
|
||||
exec /usr/sbin/ntop @/etc/ntop.conf |
||||
|
@ -0,0 +1,91 @@ |
||||
# $Id: smeserver-ntop.spec,v 1.24 2009/05/26 09:48:21 vip-ire Exp $ |
||||
# Authority: vip-ire |
||||
# Name: Daniel Berteaud |
||||
|
||||
Summary: Ntop integration in SME Server |
||||
%define name smeserver-ntop |
||||
Name: %{name} |
||||
%define version 0.1.0 |
||||
%define release 1 |
||||
Version: %{version} |
||||
Release: %{release}%{?dist} |
||||
License: GPL |
||||
Group: Applications/System |
||||
Source: %{name}-%{version}.tar.gz |
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
||||
BuildArch: noarch |
||||
|
||||
BuildRequires: e-smith-devtools |
||||
|
||||
Requires: ntop |
||||
Requires: e-smith-base |
||||
Requires: smeserver-webapps-common |
||||
|
||||
%description |
||||
This package contains all the needed scripts and templates |
||||
to run ntop on your SME Server |
||||
|
||||
%changelog |
||||
* Thu May 31 2012 Daniel B. <daniel@firewall-services.com> 0.1.0-1 |
||||
- Move to GIT |
||||
|
||||
* Tue Feb 21 2012 Daniel B. <daniel@firewall-services.com> 0.1-6 |
||||
- Expand ntop conf in bootstrap-console-save |
||||
|
||||
* Wed Dec 07 2011 Daniel B. <daniel@firewall-services.com> 0.1-5 |
||||
- templates cleanup |
||||
- fix Decoders prop |
||||
- create pcap dir |
||||
- Add some more default options |
||||
- Define displayed protocols instead of defaults ones |
||||
- Make save-suspicious-packets optional |
||||
|
||||
* Thu Oct 20 2011 Daniel B. <daniel@firewall-services.com> 0.1-4 |
||||
- Add VPN (openvpn-s2s) interfaces |
||||
|
||||
* Wed Oct 12 2011 Daniel B. <daniel@firewall-services.com> 0.1-3 |
||||
- Don't merge traffic on different interfaces |
||||
|
||||
* Thu Feb 24 2011 Daniel B. <daniel@firewall-services.com> 0.1-2 |
||||
- stop requiring mod_proxy_html, use a vhost for proxypass instead |
||||
- remove link from the server-manager |
||||
- Make it working with the EPEL version of ntop |
||||
|
||||
* Tue Nov 16 2010 Daniel B. <daniel@firewall-services.com> 0.1-1 |
||||
- initiale release |
||||
|
||||
%prep |
||||
|
||||
%setup -q -n %{name}-%{version} |
||||
|
||||
%build |
||||
perl createlinks |
||||
%{__mkdir_p} root/var/log/ntop |
||||
%{__mkdir_p} root/var/lib/ntop/pcap |
||||
|
||||
|
||||
%install |
||||
/bin/rm -rf $RPM_BUILD_ROOT |
||||
(cd root ; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) |
||||
/bin/rm -f %{name}-%{version}-filelist |
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
||||
--file /var/service/ntop/run 'attr(0755,root,root)' \ |
||||
--file /var/service/ntop/log/run 'attr(0755,root,root)' \ |
||||
--dir /var/log/ntop 'attr(0750,smelog,smelog)' \ |
||||
--dir /var/lib/ntop/pcap 'attr(0750,ntop,ntop)' \ |
||||
> %{name}-%{version}-filelist |
||||
|
||||
%files -f %{name}-%{version}-filelist |
||||
%defattr(-,root,root) |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
|
||||
%post |
||||
|
||||
%preun |
||||
|
||||
true |
||||
|
Loading…
Reference in new issue