From f0e02726302feb62c2c5817f42ec142fcdfc5b22 Mon Sep 17 00:00:00 2001 From: Dominik 'Rathann' Mierzejewski Date: Feb 25 2019 13:46:16 +0000 Subject: stop shipping obsolete binaries kmsgsd and psadwatchd switch to noarch --- diff --git a/psad-fedora.patch b/psad-fedora.patch index 337e355..abff1a0 100644 --- a/psad-fedora.patch +++ b/psad-fedora.patch @@ -1,6 +1,6 @@ -diff -up psad-2.4.5/init-scripts/systemd/psad.service.f psad-2.4.5/init-scripts/systemd/psad.service ---- psad-2.4.5/init-scripts/systemd/psad.service.f 2017-06-14 04:23:48.000000000 +0200 -+++ psad-2.4.5/init-scripts/systemd/psad.service 2018-02-13 14:46:47.995387999 +0100 +diff -up psad-2.4.6/init-scripts/systemd/psad.service.f psad-2.4.6/init-scripts/systemd/psad.service +--- psad-2.4.6/init-scripts/systemd/psad.service.f 2018-08-01 02:41:59.000000000 +0200 ++++ psad-2.4.6/init-scripts/systemd/psad.service 2019-02-25 14:44:49.309638099 +0100 @@ -1,6 +1,7 @@ [Unit] Description=The Port Scan Attack Detector (psad) @@ -9,25 +9,9 @@ diff -up psad-2.4.5/init-scripts/systemd/psad.service.f psad-2.4.5/init-scripts/ [Service] Type=forking -diff -up psad-2.4.5/Makefile.f psad-2.4.5/Makefile ---- psad-2.4.5/Makefile.f 2017-06-14 04:23:48.000000000 +0200 -+++ psad-2.4.5/Makefile 2018-02-13 14:46:47.995387999 +0100 -@@ -25,9 +25,10 @@ - # - - ### default -+OPTS=-O - all : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h -- /usr/bin/gcc -Wall -O kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd -- /usr/bin/gcc -Wall -O psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd -+ /usr/bin/gcc -Wall $(OPTS) kmsgsd.c psad_funcs.c strlcpy.c strlcat.c -o kmsgsd -+ /usr/bin/gcc -Wall $(OPTS) psadwatchd.c psad_funcs.c strlcpy.c strlcat.c -o psadwatchd - - ### debug mode - debug : kmsgsd.c psadwatchd.c psad_funcs.c strlcpy.c strlcat.c psad.h -diff -up psad-2.4.5/psad.conf.f psad-2.4.5/psad.conf ---- psad-2.4.5/psad.conf.f 2017-06-14 04:23:48.000000000 +0200 -+++ psad-2.4.5/psad.conf 2018-02-13 14:47:45.046745650 +0100 +diff -up psad-2.4.6/psad.conf.f psad-2.4.6/psad.conf +--- psad-2.4.6/psad.conf.f 2018-08-01 02:41:59.000000000 +0200 ++++ psad-2.4.6/psad.conf 2019-02-25 14:45:01.145742138 +0100 @@ -24,7 +24,7 @@ EMAIL_ADDRESSES root@localhost; @@ -57,7 +41,7 @@ diff -up psad-2.4.5/psad.conf.f psad-2.4.5/psad.conf FW_MSG_READ_CMD /bin/journalctl; FW_MSG_READ_CMD_ARGS -f -k; USE_FW_MSG_READ_CMD_ARGS Y; -@@ -586,7 +586,7 @@ PSAD_FIFO_DIR $INSTALL_ROO +@@ -593,7 +593,7 @@ PSAD_FIFO_DIR $INSTALL_ROO PSAD_LIBS_DIR $INSTALL_ROOT/usr/lib/psad; PSAD_CONF_DIR $INSTALL_ROOT/etc/psad; PSAD_ERR_DIR $PSAD_DIR/errs; @@ -66,7 +50,7 @@ diff -up psad-2.4.5/psad.conf.f psad-2.4.5/psad.conf SCAN_DATA_ARCHIVE_DIR $PSAD_DIR/scan_archive; ANALYSIS_MODE_DIR $PSAD_DIR/ipt_analysis; SNORT_RULES_DIR $PSAD_CONF_DIR/snort_rules; -@@ -678,7 +678,7 @@ ipCmd /sbin/ip; +@@ -685,9 +685,7 @@ ipCmd /sbin/ip; killallCmd /usr/bin/killall; netstatCmd /bin/netstat; unameCmd /bin/uname; @@ -74,4 +58,6 @@ diff -up psad-2.4.5/psad.conf.f psad-2.4.5/psad.conf +whoisCmd /usr/bin/whois; dfCmd /bin/df; fwcheck_psadCmd $INSTALL_ROOT/usr/sbin/fwcheck_psad; - psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd; +-psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd; +-kmsgsdCmd $INSTALL_ROOT/usr/sbin/kmsgsd; + psadCmd $INSTALL_ROOT/usr/sbin/psad; diff --git a/psad.spec b/psad.spec index 8319c84..8ce5bf5 100644 --- a/psad.spec +++ b/psad.spec @@ -17,8 +17,9 @@ Source4: psad-tmpfiles.conf Patch0: psad-fedora.patch # https://github.com/mrash/psad/issues/53 Patch1: psad-issue53.patch +BuildArch: noarch +Obsoletes: psad < 2.4.6-3 BuildRequires: %{_bindir}/gpgv2 -BuildRequires: gcc BuildRequires: perl-generators BuildRequires: systemd # works with system one, but doesn't crash or break without it @@ -46,8 +47,8 @@ Requires(post): %{_sbindir}/semodule Requires(postun): %{_sbindir}/semodule %description -Port Scan Attack Detector (psad) is a collection of three lightweight -system daemons written in Perl and in C that are designed to work with Linux +Port Scan Attack Detector (psad) is a lightweight +system daemon written in Perl designed to work with Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, @@ -73,12 +74,11 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} rm -r deps/{Bit-Vector,Carp-Clan,Date-Calc,IPTables-ChainMgr,IPTables-Parse,NetAddr-IP,Storable,Unix-Syslog,whois} %build -%set_build_flags -make OPTS="$CFLAGS" %{?_smp_mflags} +echo Nothing to build. %install install -dm755 %{buildroot}{%{_mandir}/man{1,8},%{_sbindir},%{_sysconfdir}/%{name}} -install -pm755 -t %{buildroot}%{_sbindir} kmsgsd psad{,watchd} +install -pm755 -t %{buildroot}%{_sbindir} psad install -Dpm755 fwcheck_psad.pl %{buildroot}%{_sbindir}/fwcheck_psad install -Dpm755 nf2csv %{buildroot}%{_bindir}/nf2csv install -Dpm644 misc/logrotate.psad %{buildroot}%{_sysconfdir}/logrotate.d/psad @@ -94,7 +94,7 @@ install -pm644 -t %{buildroot}%{_sysconfdir}/%{name} \ signatures \ snort_rule_dl \ -install -pm644 -t %{buildroot}%{_mandir}/man8 doc/{fwcheck_psad,kmsgsd,psad{,watchd}}.8 +install -pm644 -t %{buildroot}%{_mandir}/man8 doc/{fwcheck_psad,psad}.8 install -pm644 -t %{buildroot}%{_mandir}/man1 doc/nf2csv.1 cp -pr deps/snort_rules %{buildroot}%{_sysconfdir}/%{name} @@ -165,14 +165,10 @@ exit 0 %doc doc/BENCHMARK ChangeLog CREDITS doc/FW_EXAMPLE_RULES README.md doc/README.SYSLOG doc/SCAN_LOG %{_bindir}/nf2csv %{_sbindir}/fwcheck_psad -%{_sbindir}/kmsgsd %{_sbindir}/psad -%{_sbindir}/psadwatchd %{_mandir}/man1/nf2csv.1* %{_mandir}/man8/fwcheck_psad.8* -%{_mandir}/man8/kmsgsd.8* %{_mandir}/man8/psad.8* -%{_mandir}/man8/psadwatchd.8* %{_tmpfilesdir}/psad.conf %{_unitdir}/psad.service %dir %{_sysconfdir}/%{name} @@ -200,6 +196,8 @@ exit 0 * Mon Feb 25 2019 Dominik Mierzejewski - 2.4.6-3 - silence sys_ptrace AVC denials (#1615087) - use upstream patch to drop net-tools dependency (#1496149) +- stop shipping obsolete binaries kmsgsd and psadwatchd +- switch to noarch * Sat Feb 02 2019 Fedora Release Engineering - 2.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild