debian/0000755000000000000000000000000012165334507007174 5ustar debian/rules0000755000000000000000000000334012072252074010247 0ustar #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk INSTALL = install INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 PROGRAM = $(shell dh_listpackages) DESTDIR = $(CURDIR)/debian/$(PROGRAM)/ DESTDIR_BIN = $(CURDIR)/debian/$(PROGRAM)/usr/bin/ DESTDIR_SBIN = $(CURDIR)/debian/$(PROGRAM)/usr/sbin/ DESTDIR_ETC = $(CURDIR)/debian/$(PROGRAM)/etc/$(PROGRAM)/ build: build-arch build-indep build-arch: build-stamp build-stamp: dh_testdir make all touch $@ build-indep: clean: dh_testdir dh_testroot $(MAKE) clean dh_clean build-stamp install: dh_testdir dh_testroot dh_prep dh_installdirs $(INSTALL_PROGRAM) $(PROGRAM) $(DESTDIR_SBIN) $(INSTALL_PROGRAM) psadwatchd $(DESTDIR_SBIN) $(INSTALL_PROGRAM) kmsgsd $(DESTDIR_SBIN) $(INSTALL_PROGRAM) nf2csv $(DESTDIR_BIN) $(INSTALL_PROGRAM) fwcheck_psad.pl $(DESTDIR_SBIN)fwcheck_psad $(INSTALL_DATA) protocols $(DESTDIR_ETC) $(INSTALL_DATA) signatures $(DESTDIR_ETC) $(INSTALL_DATA) auto_dl $(DESTDIR_ETC) $(INSTALL_DATA) psad.conf $(DESTDIR_ETC) $(INSTALL_DATA) pf.os $(DESTDIR_ETC) $(INSTALL_DATA) ip_options $(DESTDIR_ETC) $(INSTALL_DATA) snort_rule_dl $(DESTDIR_ETC) $(INSTALL_DATA) posf $(DESTDIR_ETC) $(INSTALL_DATA) icmp_types $(DESTDIR_ETC) $(INSTALL_DATA) icmp6_types $(DESTDIR_ETC) binary-indep: binary-arch: build-arch install dh_testdir dh_testroot dh_installdocs dh_installinit dh_installman dh_installchangelogs dh_strip dh_compress dh_fixperms dh_installdeb dh_shlibdeps dh_perl dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install build-indep debian/psad.manpages0000644000000000000000000000006512072252074011634 0ustar nf2csv.1 psadwatchd.8 kmsgsd.8 psad.8 fwcheck_psad.8 debian/control0000644000000000000000000000302212072252074010567 0ustar Source: psad Section: admin Priority: optional Maintainer: Franck Joncourt Uploaders: Daniel Gubser Build-Depends: debhelper (>= 7), dpkg-dev (>= 1.16.1~) Standards-Version: 3.9.4 Vcs-git: git://git.debian.org/git/collab-maint/psad.git Vcs-Browser: http://git.debian.org/?p=collab-maint/psad.git Homepage: http://www.cipherdyne.org/psad/ Package: psad Architecture: linux-any Depends: ${misc:Depends}, ${shlibs:Depends}, ${perl:Depends}, libunix-syslog-perl, iptables, rsyslog | system-log-daemon, libnet-ip-perl, libdate-calc-perl, libcarp-clan-perl, whois, psmisc, libiptables-parse-perl, libiptables-chainmgr-perl, default-mta | mail-transport-agent, bsd-mailx | mailx | mailutils, lsb-base, initscripts (>= 2.88dsf-13.3) Suggests: fwsnort, bastille Description: Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. debian/psad.default0000644000000000000000000000043212072252074011463 0ustar # Default settings for psad. # Add any options you would like to pass to the daemon when started # For example if you would like to add an override file for your setup, this # can be achived this way: # # DAEMON_ARGS="--Override-config /root/psad.override.conf" DAEMON_ARGS="" debian/source/0000755000000000000000000000000012072252074010467 5ustar debian/source/format0000644000000000000000000000001412072252074011675 0ustar 3.0 (quilt) debian/changelog0000644000000000000000000005361212165334507011055 0ustar psad (2.2.1-2.1) unstable; urgency=low * Non-maintainer upload with maintainer's permission. * Fix "prompting due to modified conffiles which were not modified by the user": d/psad.preinst: also revert changes to conffile when we install with an old version. (Closes: #675231) -- gregor herrmann Thu, 04 Jul 2013 20:04:45 +0200 psad (2.2.1-2) unstable; urgency=low * Enabled back the kmsgsd daemon. - Refreshed patch fixes_build.diff. - d.rules: Added back the kmsgsd daemon. * d.rules: Added missing protocols files into /etc/psad. -- Franck Joncourt Sun, 06 Jan 2013 11:35:21 +0100 psad (2.2.1-1) unstable; urgency=low * Acknowledged NMU (2.2-3.1). * d.rules : do not install the kmsgd daemon anymore since it is not used anymore. * Allowed the makefile to use the hardening flags : - d.rules : added the hardening stanza - fixes_build.diff : updated the Makefile to use the CFLAGS, CPPFLAGS and LDFLAGS. - d.control : Added BD on dpkg-dev (>= 1.16.1~) * Imported Upstream version 2.2.1 - Removed applied patch t_upstream_hyphen.diff. * Bumped up Standards-Version to 3.9.4: - Added dependency ind.control against initscripts (>= 2.88dsf-13.3) to ensure the run directory is available. * d.control: Removed BD against lsb-base. -- Franck Joncourt Thu, 03 Jan 2013 22:38:09 +0100 psad (2.2-3.1) unstable; urgency=low * Non-maintainer upload with maintainer's approval. * Fix "modifies conffiles (policy 10.7.3): /etc/psad/psad.conf", second try: - add back changes to d.psad.preinst that revert changes to /etc/psad/psad.conf - but only for upgrades from versions before 2.2-3 (Closes: #688891) -- gregor herrmann Sun, 18 Nov 2012 22:25:13 +0100 psad (2.2-3) unstable; urgency=low * Fix "modifies conffiles (policy 10.7.3): /etc/psad/psad.conf" (Closes: #688891). Thanks gregoa to help me fix this. - Reverted the changes from 2.2-2 in d.psad.preinst. - Removed the d.psad.postinst script which updated the HOSTNAME variable from psad.conf. The psad daemon can start without the default value in psad.conf (_CHANGEME_). * Removed the /var/run/psad directory in d.psad.postrm when purging the package. -- Franck Joncourt Sun, 28 Oct 2012 15:47:04 +0100 psad (2.2-2) unstable; urgency=low * d.psad.preinst: Revert the changes done by the postinst script in the preinst script so that dpkg does not see any configuration changes and does not trigger the user during upgrade. (Closes: #675231). -- Franck Joncourt Tue, 05 Jun 2012 23:06:42 +0200 psad (2.2-1) unstable; urgency=low * Imported Upstream version 2.2 + Bug fix for ICMP packet handling (Closes: #596240 ) + Bug fix for 'qw(...) usage as parenthesis' warnings for perl > 5.14 (Closes: #655040) + Updated perl dependency from libnetwork-ipv4addr-perl to libnet-ip-perl in d.control. + Added the icmp6_types file in /etc/psad through d.rules. * Refreshed patch fixes_build.diff. * Bumped up Standards-Version to 3.9.3: + Refreshed copyright holders and updated d.copyright to comply with the 1.0 machine-readable copyright file specification. * d.psad.init: + Added LSB description in d.psad.init. + Added use of log_daemon_msg, log_end_msg... + Made the initscript to end successfully when a start action is performed and the daemon is already running -- Franck Joncourt Mon, 28 May 2012 22:27:17 +0200 psad (2.1.7-1.1) unstable; urgency=low * Non-maintainer upload. * Set Architecture to linux-any. (Closes: #647657) -- Robert Millan Sun, 22 Apr 2012 16:24:00 +0200 psad (2.1.7-1) unstable; urgency=low * New upstream release. -- Franck Joncourt Sun, 25 Jul 2010 19:40:52 +0200 psad (2.1.6-1) unstable; urgency=low * New upstream release: + Alternate configuration files can be specified to override the default psad.conf. (Closes: #409815) + Removed fixes_spelling.diff applied patch. * Refreshed packaging to handle the brand new override-config feature from upstream: + Added psad.default file to allow the user to specify argument he wants to pass to psad when invoking through the initscript. + Refreshed initscript to handle the new variable DAEMON_ARGS which is defined in /etc/default/psad. + Updated d.NEWS accordingly. * Moved Homepage field to the upper section in d.control. * Updated dependencies: + Used default-mta rather than exim4. + Moved bastille from Recommends to Suggests, and removed Conflicts since it only affected old releases of Bastille. * Bumped up Standards-Version to 3.9.0 (no changes). * Added new patch t_upstream_hyphen.diff to fix hyphen in manual page. -- Franck Joncourt Sun, 11 Jul 2010 18:56:54 +0200 psad (2.1.5-3) unstable; urgency=low * Set /me as main maintainer. * Switch to dpkg-source 3.0 (quilt) format: + Removed useless README.source which only documented quilt usage. + Remved BD on quilt. + Removed quilt framework from d.rules. * Bumped up Standards-Version to 3.8.4 (no changes). * Added Vcs fields in d.control. * Refreshed long description with patch from Justin B Rye. (Closes: #567897) * Added patch fixes_spelling.diff to fix spelling errors in the manpages. * Added dependency against lsb-base (>= 3.0-6) to ensure the /lib/lsb/init-functions can be sourced through the initscript. * Refreshed d.watch so that we do not use uupdate anymore, since it is useless with my workflow. * Refreshed d.copyright following DEP5 guideline. * Refreshed d.psad.docs: + Removed README.SYSLOG from the docs since psad do not use the fwdata file anymore. + Removed duplicate entry for FW_HELP. -- Franck Joncourt Sat, 13 Feb 2010 20:10:12 +0100 psad (2.1.5-2) unstable; urgency=low * Added a dependency on bsd-mailx | mailx | mailutils package to provide the mail command. (Closes: #521683) * Added a dependency on exim4 | mail-transport-agent to provide the sendmail command. * Bumped up Standards-Version to 3.8.3. + Handled the DEB_BUILD_OPTIONS: Updated d.rules to handle the new options. Added quilt framework. Added patch fixes_build.diff to pass OPTS to the makefile, and honour DEB_BUILD_OPTIONS. -- Franck Joncourt Sat, 24 Oct 2009 14:18:17 +0200 psad (2.1.5-1) unstable; urgency=low * New upstream release * Use of dh_installman: - Updated install target in d.rules to remove manpages installation. - Added dh_installman to the binary-arch target. - Listed all manpages in psad.manpages. - Removed the man page directory from d.dirs. * Use nf2csv.1 instead of nfcsv.8 (not in upstream source anymore). * Added the new fwcheck_psad.8 manpage. (Closes: #277457) * Updated d.control + Add fwsnort to the Suggests field. + Add /me to Uploaders. + Set compatibility level to 7 along with d.compat. + Removed old ipchains dependency. + Replaced the old default log daemon (sysklogd) by the new one (rsyslog). * Created new init script from scratch. (Closes: #504567) * Created psad.preinst (Closes: #497574). * Removed psad.debhelper.log from the debian directory. * Removed preinst script whose goal was to stop the daemon through the initscript. (Debhelper can handle that alone). * Updated postinst script. + Do not do backup of configuration files anymore (let dpkg do its work). + Update HOSTNAME variable in psad.conf automatically. + Do not create the fifo file. Psad's default behavior has changed. * Updated postrm script and removed prerm script. We take care of the cleaning in postrm. * Added d.NEWS to report important changes in the package. -- Franck Joncourt Sat, 21 Feb 2009 15:40:31 +0100 psad (2.1.4-1) unstable; urgency=low * New upstream release * Acknowledge NMU. -- Daniel Gubser Mon, 25 Aug 2008 14:10:58 +0200 psad (2.1.3-1.2) unstable; urgency=low * applied patch for removing psad with /var/run/ mounted as tmpfs (Closes: #491558) -- Daniel Gubser Fri, 22 Aug 2008 17:09:30 +0200 psad (2.1.3-1.1) unstable; urgency=low * Remove of old, stale config files (Closes #455031) -- Daniel Gubser Mon, 30 Jun 2008 16:17:37 +0200 psad (2.1.3-1) unstable; urgency=low * New upstream release -- Daniel Gubser Tue, 17 Jun 2008 13:16:49 +0200 psad (2.1.2-1.1) unstable; urgency=low * Non-maintainer upload. * Add both libiptables-parse-perl and libiptables-chainmgr-perl as new dependencies. * Replace /etc/init.d by invoke-rc.d in the preinst file. * Compat version is now set through the compat file. * Add copyright notice in copyright file. * Remove /usr/share/psad from the dirs file. * Do not ignore make errors anymore in the clean stage. -- Franck Joncourt Sun, 04 May 2008 23:10:44 +0200 psad (2.1.2-1) unstable; urgency=low * New upstream release -- Daniel Gubser Wed, 9 Apr 2008 12:49:33 +0200 psad (2.1.1-1.1) unstable; urgency=low * Non-maintainer upload to solve release goal. * Add LSB dependency header to init.d scripts (Closes: #465412). * Fix bashism in postinst script (Closes: #472237). -- Petter Reinholdtsen Sat, 29 Mar 2008 21:05:52 +0100 psad (2.1.1-1) unstable; urgency=low * New upstream release * changed dependency for syslod daemon to "Depends: $preferred_syslog | system-log-daemon (Closes: #464006) -- Daniel Gubser Tue, 29 Jan 2008 06:39:54 +0100 psad (2.1-1) unstable; urgency=low * New upstream release -- Daniel Gubser Wed, 31 Oct 2007 10:32:30 +0100 psad (2.0.8-1) unstable; urgency=low * New upstream release -- Daniel Gubser Mon, 3 Sep 2007 14:07:45 +0200 psad (2.0.7-1) unstable; urgency=low * New upstream release * snort_rule_dl should be checked (Closes: #418777) -- Daniel Gubser Fri, 1 Jun 2007 13:59:32 +0200 psad (2.0.6-1) unstable; urgency=low * New upstream release -- Daniel Gubser Tue, 27 Mar 2007 09:42:43 +0200 psad (2.0.5-1) unstable; urgency=low * New upstream release * saving old config files: alert, fw_search, kmsgsd and psadwatchd -- Daniel Gubser Tue, 27 Mar 2007 08:33:39 +0100 psad (2.0.4-1) unstable; urgency=low * New upstream release -- Daniel Gubser Mon, 29 Jan 2007 07:52:27 +0100 psad (2.0.3-1) unstable; urgency=low * New upstream release * Finaly checking of /usr/lib/psad/ was removed (Closes: #403566) * Psad.pm, kmsgsd.pl and psadwatchd.pl removed -- Daniel Gubser Tue, 2 Jan 2007 12:27:13 +0100 psad (2.0.2-1) unstable; urgency=low * New upstream release * Removed check of /usr/lib/psad/ by Michael Rash (Closes: #403566) -- Daniel Gubser Tue, 26 Dec 2006 11:52:27 +0100 psad (2.0.1-2) unstable; urgency=low * changed some text in README.Debian * added the ip_options file -- Daniel Gubser Mon, 18 Dec 2006 09:12:41 +0100 psad (2.0.1-1) unstable; urgency=low * New upstream release -- Daniel Gubser Tue, 12 Dec 2006 14:45:26 +0100 psad (1.4.8-1) unstable; urgency=low * New upstream release -- Daniel Gubser Tue, 17 Oct 2006 06:50:43 +0200 psad (1.4.7-1) unstable; urgency=low * New upstream release * IPTABLES_AUTO_RULENUM variable removed by Upstream (Closes: #351196) * ChainMgr.pm fixed by Upstream (Closes: #351191) -- Daniel Gubser Tue, 12 Sep 2006 06:33:09 +0200 psad (1.4.6-1) unstable; urgency=low * New upstream release * added FW_HELP to Docs * new files: snort_rule_dl, snort_rules/classification.config and snort_rules/reference.config -- Daniel Gubser Tue, 13 Jun 2006 15:06:41 +0200 psad (1.4.5-1) unstable; urgency=low * New upstream release -- Daniel Gubser Fri, 20 Jan 2006 06:34:44 +0100 psad (1.4.4-1) unstable; urgency=low * New upstream release * added proxyscan.freenode.net to auto_dl (Closes: #339486) -- Daniel Gubser Mon, 28 Nov 2005 14:49:53 +0100 psad (1.4.3-1) unstable; urgency=low * New upstream release * added Depends for metalog (Closes: #306367) but support is shaky * upstream fixed auto-blocking code (Closes: #319525) * added README.SYSLOG in debian/docs -- Daniel Gubser Wed, 28 Sep 2005 07:46:18 +0200 psad (1.4.2-1) unstable; urgency=low * New upstream release -- Daniel Gubser Wed, 20 Jul 2005 06:43:57 +0200 psad (1.4.1-1) unstable; urgency=low * New upstream release * included FW_HELP from upstream * added IPTables-ChainMgr from upstream -- Daniel Gubser Tue, 15 Mar 2005 06:24:55 +0100 psad (1.4.0-1) unstable; urgency=low * New upstream release * corrected man page for psadfifo (Closes: #283337) * added Depends for libcarp-clan-perl -- Daniel Gubser Tue, 30 Nov 2004 06:06:11 +0100 psad (1.3.4-2) unstable; urgency=low * cleaned building IPTables::Parse so it will build again (Closes: #277674) -- Daniel Gubser Wed, 3 Nov 2004 06:38:45 +0100 psad (1.3.4-1) unstable; urgency=low * New upstream release * Removed Depends for libbit-vector-perl as libdate-calc-perl already depends on it * Uptream changed firewall parsing code (Closes: #260549) -- Daniel Gubser Mon, 18 Oct 2004 08:52:48 +0200 psad (1.3.3-2) unstable; urgency=low * corrected README.Debian for syslog-ng instructions (Closes: #274959) * added check for missing psad.conf (Closes: #273740) * Depends new on psmisc (for killall) (Closes: #273582) -- Daniel Gubser Tue, 5 Oct 2004 06:09:38 +0200 psad (1.3.3-1) unstable; urgency=low * New upstream release * commented signatures, snort_rules and auto_dl out in the init.d file as all is configured in the psad.conf file (Closes: #264493) -- Daniel Gubser Tue, 14 Sep 2004 06:24:57 +0200 psad (1.3.2-3) unstable; urgency=low * corrected typo in psad.conf for syslog-ng entry (was syslogd-ng) -- Daniel Gubser Wed, 11 Aug 2004 16:28:13 +0200 psad (1.3.2-2) unstable; urgency=low * re-adjusted the psad-init-file for the new conffiles (Closes: #257543) * outcommentet syslogcmd in psad.conf so postinst can choose between sysklogd and syslog-ng (Closes: #260552) -- Daniel Gubser Fri, 6 Aug 2004 06:54:18 +0200 psad (1.3.2-1) unstable; urgency=low * New upstream release * depends now on whois (not recommends any more) (Closes: #250049) * added new conffile fw_search.conf and fwcheck_psad * added also new conffile auto_dl, icmp_types and posf (for psad_auto_ips, psad_icmp_types and psad_posf) -- Daniel Gubser Fri, 25 Jun 2004 06:09:15 +0200 psad (1.3.1-1) unstable; urgency=low * New upstream release * added psad_icmp_type to /etc/psad -- Daniel Gubser Wed, 24 Dec 2003 06:36:31 +0100 psad (1.3-1) unstable; urgency=low * New upstream release * removed saving option for diskmond.conf -- Daniel Gubser Thu, 4 Dec 2003 06:57:06 +0100 psad (1.2.4-1) unstable; urgency=low * New upstream release * deleted debian/conffiles for all files in /etc/ are conffiles * added depencies for libbit-vector-perl * changed Perl Vendor files form /usr/share/perl5 to /usr/lib/perl5 * removed diskmond and diskmond as it is now integrated with psad -- Daniel Gubser Mon, 20 Oct 2003 06:34:31 +0200 psad (1.2.3-2) unstable; urgency=low * changed build-temp-dir for correct debhelper * moved Perl vendor modules from /usr/share/perl5 to /usr/lib/perl5 (thanks to Martin Michlmayr for both) -- Daniel Gubser Tue, 7 Oct 2003 14:20:44 +0200 psad (1.2.3-1) unstable; urgency=low * New upstream release -- Daniel Gubser Wed, 17 Sep 2003 10:46:22 +0200 psad (1.2.2-1) unstable; urgency=low * New upstream release -- Daniel Gubser Tue, 26 Aug 2003 06:29:54 +0200 psad (1.2.1-2) unstable; urgency=low * changed depends from "libc6 (>> 2.3)" to "${shlibs:Depends}" (Closes: #202049) -- Daniel Gubser Tue, 22 Jul 2003 07:38:54 +0200 psad (1.2.1-1) unstable; urgency=low * New upstream release -- Daniel Gubser Mon, 14 Jul 2003 07:10:17 +0200 psad (1.2-3) unstable; urgency=low * changed syslog example in psad.8 with "|" (Closes: #200685) -- Daniel Gubser Thu, 10 Jul 2003 06:39:20 +0200 psad (1.2-2) unstable; urgency=low * Sponsored upload to Debian. -- Javier Fernandez-Sanguino Pen~a Mon, 7 Jul 2003 20:19:35 +0200 psad (1.2-1) unstable; urgency=low * New upstream release * added depencies to libc6 (>> 2.3) (Closes: #195967) * upstream fixed bug with syslog-ng (Closes: #194662) -- Daniel Gubser Fri, 20 Jun 2003 07:39:54 +0200 psad (1.1.1-2) unstable; urgency=low * Sponsored upload to Debian (Closes: #184996) -- Javier Fernandez-Sanguino Pen~a Mon, 12 May 2003 23:41:33 +0200 psad (1.1.1-1) unstable; urgency=low * New upstream release * changes all doc's for psadfifo (Closes: #184996) * added IPTables-Parse * added snort_rules (also in psad.init) -- Daniel Gubser Sun, 11 May 2003 14:55:59 +0200 psad (1.0-2) unstable; urgency=low * Sponsored upload of this new upstream. * Now works with syslog-ng (Closes: #174926) * Slight changes to the debian/psad.init file so that it does not send errors if the file do not exist. Also, cleaner check to test the config files (remove comments) * Fixed the prerm script for it to work when /var/run/psad is empty (otherwise you cannot install/uninstall the package if psad has never run) -- Javier Fernandez-Sanguino Pen~a Sat, 15 Mar 2003 11:15:12 +0100 psad (1.0-1) unstable; urgency=low * New upstream release -- Daniel Gubser Fri, 28 Feb 2003 16:37:31 +0100 psad (1.0.0-pre5-1) unstable; urgency=low * New upstream release * works now with syslog-ng (Closes: #174926) * all manpages now in upstream version -- Daniel Gubser Wed, 19 Feb 2003 07:21:08 +0100 psad (1.0.0-pre4-1) unstable; urgency=low * New upstream release * changes Architecture from all to any for kmsgsd and psadwatchd are now written in C * new location for psadfifo is now in /var/lib/psad/ -- Daniel Gubser Tue, 7 Jan 2003 07:03:13 +0100 psad (0.9.9-12) unstable; urgency=low * Adopted Daniel's version and submitted to the archive. This version fixes the architecture (to all) and provides new manpages (Closes: #168059) -- Javier Fernandez-Sanguino Pena Mon, 16 Dec 2002 22:59:48 +0100 psad (0.9.9-11) unstable; urgency=low * removed man page for pscan (which is not part of this package) -- Daniel Gubser Mon, 2 Dec 2002 10:09:07 +0100 psad (0.9.9-10) unstable; urgency=low * changed Architecture to all instead any (Closes: #168059) * added man pages for diskmond, kmsgsd, pscan, psadwatchd -- Daniel Gubser Mon, 26 Nov 2002 16:32:29 +0100 psad (0.9.9-9) unstable; urgency=low * Fixed init.d file to check properly when the daemon is stopped * Adopted Daniel's new version (Closes: #167877) -- Javier Fernandez-Sanguino Pen~a Wed, 6 Nov 2002 13:31:11 +0100 psad (0.9.9-8) unstable; urgency=low * changed lockfile for init from /var/lock/subsys/psad to /var/run/psad.lock (former was for RH) (Closes: #167877) -- Daniel Gubser Wed, 6 Nov 2002 11:37:43 +0100 psad (0.9.9-7) unstable; urgency=low * Fixed dependancies. Psad cannot work without a firewalling code package. -- Javier Fernandez-Sanguino Pen~a Mon, 28 Oct 2002 19:14:21 +0100 psad (0.9.9-6) unstable; urgency=low * changes short description psad: s/post/port/. (Closes: #164560) -- Daniel Gubser Thu, 24 Oct 2002 06:34:23 +0200 psad (0.9.9-5) unstable; urgency=low * Closes: #164560 psad: s/post/port/ in short description -- Daniel Gubser Sun, 20 Oct 2002 13:03:19 +0200 psad (0.9.9-4) unstable; urgency=low * cleaned up the initd file so it will stop properly -- Daniel Gubser Fri, 27 Sep 2002 16:12:05 +0200 psad (0.9.9-3) unstable; urgency=low * Added a conflict line with previous versions of Bastille. -- Javier Fernandez-Sanguino Pen~a Mon, 2 Sep 2002 13:44:50 +0200 psad (0.9.9-2) unstable; urgency=low * Fixed the package to remove lintian warnings (remember: bugs need to be file against the missing manpages) * Changed the information on coments on the debian/rules (removed debhelper's default) * Reformated the debian/control file for easier reading. * Removed configure-stamp from debian/rules. * Added /var/run to debian/dirs. * Removed debhelper examples * Changed the manpage regarding changes to syslog. * Changed the initd file so that it checks if the changes to syslog.conf have been done. * Removed (commented out) the changes to syslog.conf since they are against policy. -- Javier Fernandez-Sanguino Pen~a Tue, 20 Aug 2002 21:21:32 +0200 psad (0.9.9-1) unstable; urgency=low * Initial Release. * This is my first Debian package. -- Daniel Gubser Wed, 14 Aug 2002 13:34:17 +0200 debian/NEWS0000644000000000000000000000157112072252074007672 0ustar psad (2.1.6-1) unstable; urgency=low It is now possible to pass arguments to psad through the /etc/default/psad file. It makes possible to handle override files, and thus keep your settings in a dedicated directory without having to recheck them after each upgrade of psad. -- Franck Joncourt Sun, 11 Jul 2010 15:16:16 +0200 psad (2.1.5-1) unstable; urgency=low The Snort rules are not bundled anymore in the package. Therefore you may want to install Fwsnort (suggested package) to handle your iptables ruleset according to the Snort rules, and update the Psad configuration to point to the directory where you keep them (SNORT_RULE_DL_FILE variable in psad.conf). The HOSTNAME variable in psad.conf is now set automatically during the install process. -- Franck Joncourt Sun, 01 Mar 2009 18:38:48 +0100 debian/psad.docs0000644000000000000000000000007512072252074010772 0ustar README BENCHMARK CREDITS FW_EXAMPLE_RULES FW_HELP SCAN_LOG debian/psad.init0000644000000000000000000001047712072252074011014 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: psad # Required-Start: $remote_fs # Required-Stop: $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Port Scan Attack Detector (psad) # Description: Enable the Port Scan Attack Detector (psad) ### END INIT INFO # Author: Franck Joncourt PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="Port Scan Attack Detector" NAME=psad DAEMON=/usr/sbin/$NAME PIDDIR=/var/run/psad SCRIPTNAME=/etc/init.d/psad # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Load user options to pass to psad daemon DAEMON_ARGS="" [ -r /etc/default/psad ] && . /etc/default/psad # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that checks if all of the configuration files exist # # Return # 0 : all of the configuration files exist # 6 : at least one file is missing check_config() { local retval local file_list retval=0 file_list="/etc/psad/psad.conf" for ConfFile in $file_list; do if [ ! -f "$ConfFile" ]; then retval=6 break fi done return $retval } # # Function to check if psad is running # # 0 : the psad.pid file has been found ; we assume the daemon is running # 1 : no pid file has been found ; we assume the daemon is not running # is_psad_running() { local pidfile="$PIDDIR/psad.pid" local retval retval=0 if [ -r "$pidfile" ]; then retval=1 fi return $retval } # # Function that starts the daemon/service # # 0 : daemon has been started or was already running # 1 : generic or unspecified errors (could not be started) # 6 : program is not configured (missing configuration files) do_start() { local retval mkdir -p $PIDDIR chmod 755 $PIDDIR # Check psad configuration check_config retval=$? # Try to start psad is_psad_running if [ "$?" = 1 ]; then log_action_msg "The psad daemon is already running" retval=0 elif [ "$retval" = "0" ]; then start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS retval="$?" fi # Handle return status codes case "$retval" in 0) ;; 6) log_action_msg "You are missing the configuration file $ConfFile" || true ;; 9) retval=0 ;; *) retval=1 log_action_msg "Unable to start the daemon" || true ;; esac log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true log_end_msg $retval || true return $retval } # # Function that stops the daemon/service # # The upstream author has allowed the daemon to be killed through the # following command-line : psad --Kill # # As psad starts kmsgsd and psadwatchd on its own, we need to stop them before. # # Return # 0 : daemon has been stopped or was already stopped # 1 : daemon could not be stopped do_stop() { local retval="0" local status kill_status local pid pidfile local process_list="psadwatchd kmsgsd psad" # For each process for process in $process_list; do pidfile="$PIDDIR/$process.pid" status="0" kill_status="1" log_action_msg "Stopping the $process process" # Try to kill the process associated to the pid if [ -r "$pidfile" ]; then pid=`cat "$pidfile" 2>/dev/null` kill -0 "${pid:-}" 2>/dev/null kill_status="$?" fi # Stop the process if [ "$kill_status" = "0" ]; then start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile" status="$?" fi # Remove its pid file if [ -r "$pidfile" ] && [ "$status" = "0" ]; then rm -f "$pidfile" 2>/dev/null status="$?" fi [ "$status" = "0" ] || retval="1" done if [ "$retval" != "0" ]; then log_action_msg "One or more process could not be stopped" || true fi log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true log_end_msg $retval || true return $retval } # # Function that returns the daemon status # do_status() { echo "Status of $DESC:" $DAEMON --Status } case "$1" in start) do_start ;; stop) do_stop ;; restart|force-reload) do_stop sleep 1 do_start ;; status) do_status exit $? ;; *) log_success_msg "Usage: $0 {start|stop|restart|status}" >&2 exit 1 ;; esac exit debian/compat0000644000000000000000000000000212072252074010365 0ustar 7 debian/psad.postrm0000644000000000000000000000164012072252074011365 0ustar #!/bin/sh set -e # In case the user want to purge all files of the psad package, we must remove # manually pid, fifo and log files before the main directories are removed. if [ "$1" = "purge" ]; then # Handle the /var/run/psad directory that contains pid and socket files if [ -d /var/run/psad ];then find /var/run/psad/ -type f -exec rm {} \; find /var/run/psad/ -type s -exec rm {} \; rmdir /var/run/psad fi # Clean the config directory /etc/psad if [ -d /etc/psad/archive ]; then find /etc/psad/archive/ -type f -exec rm {} \; rmdir /etc/psad/archive fi # Remove the fifo file which psad creates if [ -d /var/lib/psad ]; then find /var/lib/psad -type p -exec rm {} \; fi # Handle the /var/log/psad directory that contains log files if [ -d /var/log/psad ]; then rm -rf /var/log/psad/* fi fi #DEBHELPER# exit 0 debian/psad.preinst0000644000000000000000000000355112164337044011533 0ustar #!/bin/sh # # Update_conf # # This function searchs a key entry in a file and updates its value with the new # one. # # Syntax: # # update_conf new_val key conffile # -> new_val ... : Value to set for the key value # -> key ....... : Name of the key to be updated # -> conffile .. : File to search # update_conf () { local new_val local key local conffile new_val=$1 key=$2 conffile=$3 cp $conffile $conffile.old old_val=`awk '$1 == "'$key'" { print $2 }' $conffile` awk '$1 == "'$key'" { gsub("'$old_val'","'$new_val';",$0); \ print $0 } \ $1 != "'$key'" { print $0 }' \ $conffile.old > $conffile rm $conffile.old } if [ "$1" = "upgrade" -o "$1" = "install" ]; then # Revert changes added to the configuration file by the postinst script # if we are upgrading from a version which changed it (#688891) # or if we are installed with a prior version (#675231) if [ -n "$2" ] && dpkg --compare-versions 2.2-3 gt $2 ; then update_conf "_CHANGEME_" "HOSTNAME" "/etc/psad/psad.conf" fi fi if [ "$1" = "upgrade" ]; then # This script is only intended to fix bug #497574. # We check for an upgrade from Psad older than 2.1.5 and remove the old # Psad process if needed. # # NB: As some commands can return an exit code other than 0 we do not use # *set -e* at the beginning. status=1; if [ -x "`which dpkg 2>/dev/null`" ]; then dpkg --compare-versions 2.1.5 gt $2 status=$? fi if [ $status = 0 ]; then echo -n "Removing old Psad process ... " process_list="psadwatchd kmsgsd psad" for process in $process_list; do pkill $process 2>/dev/null done echo "Done." fi fi set -e #DEBHELPER# exit 0 debian/psad.dirs0000644000000000000000000000011112072252074010772 0ustar usr/bin usr/sbin var/log/psad var/lib/psad etc/psad etc/psad/snort_rules debian/patches/0000755000000000000000000000000012072252074010616 5ustar debian/patches/fixes_build.diff0000644000000000000000000000204112072252074013742 0ustar From: Franck Joncourt Subject: [PATCH] fixes/build Allow the Makefile to handle options from the command-line so that we can honour the DEB_BUILD_OPTIONS. Signed-off-by: Franck Joncourt --- Makefile | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) --- a/Makefile +++ b/Makefile @@ -24,10 +24,12 @@ ########################################################################## # +OPTS = -Wall -O + ### default -all : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h - /usr/bin/gcc -Wall -O kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd - /usr/bin/gcc -Wall -O psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd +all : psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h + /usr/bin/gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd + /usr/bin/gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd ### debug mode debug : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h debian/patches/series0000644000000000000000000000002112072252074012024 0ustar fixes_build.diff debian/copyright0000644000000000000000000000630412072252074011125 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Contact: Michael B. Rash Upstream-Name: Psad Source: http://www.cipherdyne.org/psad/download Files: * Copyright: 1999-2009, Michael B. Rash License: GPL-2+ Files: logrotate.psad Copyright: 2006, Albert Whale, ABS Computer Technology, Inc License: GPL-2+ Files: packaging/psad.ebuild Copyright: 1999-2006 Gentoo Foundation License: GPL-2+ Files: pf.os Copyright: Copyright 2000-2003 by Michal Zalewski Copyright 2003 by Mike Frantzen License: other Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Files: strlcpy.c strlcat.c Copyright: 1998 Todd C. Miller License: other Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: debian/* Copyright: 2002-2010, Daniel Gubser 2009-2012, Franck Joncourt License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. You can find a copy of it in your Debian system under /usr/share/common-licenses/ debian/watch0000644000000000000000000000011612072252074010216 0ustar version=3 http://www.cipherdyne.com/psad/download/psad-nodeps-(.*)\.tar\.gz debian/README.debian0000644000000000000000000000021212072252074011263 0ustar TODO + check if it works with Bastille (also any new versions) -- Daniel Gubser Tue January 27 06:22:12 CET 2004