diff options
author | William Bowman <wilbowma@indiana.edu> | 2011-12-20 23:19:12 -0600 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2011-12-20 23:19:12 -0600 |
commit | cf8d6e29ed99b62469a816f3d96885073909a548 (patch) | |
tree | 79a66e2ecd62170e88d084e172bf9d5e729f8991 | |
parent | c36593f743727071b5334fdd643f62e29e445dcf (diff) |
network/havp: Added (HTTP Anti Virus Proxy)
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
-rw-r--r-- | network/havp/README | 16 | ||||
-rw-r--r-- | network/havp/README.setup | 18 | ||||
-rw-r--r-- | network/havp/doinst.sh | 29 | ||||
-rw-r--r-- | network/havp/havp.SlackBuild | 113 | ||||
-rw-r--r-- | network/havp/havp.info | 10 | ||||
-rw-r--r-- | network/havp/patches/fixup_and_install_init_script.diff | 38 | ||||
-rw-r--r-- | network/havp/patches/put_templates_in_usrshare.diff | 46 | ||||
-rw-r--r-- | network/havp/patches/use_clamav_group_by_default.diff | 16 | ||||
-rw-r--r-- | network/havp/patches/use_vartmphavp_for_tempdir.diff | 26 | ||||
-rw-r--r-- | network/havp/slack-desc | 19 |
10 files changed, 331 insertions, 0 deletions
diff --git a/network/havp/README b/network/havp/README new file mode 100644 index 0000000000000..1f5aa3d1337d9 --- /dev/null +++ b/network/havp/README @@ -0,0 +1,16 @@ +HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. +The main aims are continuous, non-blocking downloads and smooth scanning +of dynamic and password protected HTTP traffic. Havp antivirus proxy has +a parent and transparent proxy mode. It can be used with squid or standalone. + +This requires mandatory locks on the scanning find system unless you +add --disable-locking to the configuration (enabled by default for +performance). + +This requires clamav. Also, see README.setup for some configuration hints. + +You need an "havp" user (and a "clamav" group, due to the dependency on +clamav noted above) to be present during compilation and installation. +Suggested means of accomplishing this are as follows: + groupadd -g 210 clamav + useradd -u 256 -d /dev/null -s /bin/false -g clamav havp diff --git a/network/havp/README.setup b/network/havp/README.setup new file mode 100644 index 0000000000000..0053bc4d0bb80 --- /dev/null +++ b/network/havp/README.setup @@ -0,0 +1,18 @@ +README.setup for havp + +After installing, edit /etc/havp/havp.conf according to the comments. +At a minimum, you'll need to pay attention to these two lines: + + # REMOVETHISLINE deleteme + ENABLECLAMLIB true + +You'll probably want to make /var/tmp/havp a ram-based filesystem, +so something like this in /etc/fstab will suffice: + + tmpfs /var/tmp/havp tmpfs mand,uid=havp,gid=clamav,mode=0775 0 0 + +Finally, start clamav and havp: + + /etc/rc.d/rc.clamav start + /etc/rc.d/rc.havp start + diff --git a/network/havp/doinst.sh b/network/havp/doinst.sh new file mode 100644 index 0000000000000..d7e2071f92e14 --- /dev/null +++ b/network/havp/doinst.sh @@ -0,0 +1,29 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +config etc/havp/blacklist.new +config etc/havp/havp.config.new +config etc/havp/whitelist.new +preserve_perms etc/rc.d/rc.havp.new + diff --git a/network/havp/havp.SlackBuild b/network/havp/havp.SlackBuild new file mode 100644 index 0000000000000..b9df40ae60a29 --- /dev/null +++ b/network/havp/havp.SlackBuild @@ -0,0 +1,113 @@ +#!/bin/sh + +# Slackware build script for HAVP + +# Written by William Bowman <wilbowma@indiana.edu> + +PRGNAM=havp +VERSION=${VERSION:-0.92a} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +bailout() { + printf "\n You must have a \"havp\" user and \"clamav\" group in order + to run this script. Add them with something like this + (the uid and gid are only suggestions): + groupadd -g 210 clamav + useradd -u 256 -d /dev/null -s /bin/false -g clamav havp \n" + exit 1 +} + +if ! getent group clamav 2>&1 >/dev/null; then + bailout ; +elif ! getent passwd havp 2>&1 > /dev/null; then + bailout ; +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +# See the patch headers for details +patch -p1 < $CWD/patches/fixup_and_install_init_script.diff +patch -p1 < $CWD/patches/use_clamav_group_by_default.diff +patch -p1 < $CWD/patches/put_templates_in_usrshare.diff +patch -p1 < $CWD/patches/use_vartmphavp_for_tempdir.diff + +CFLAGS="$SLKCFLAGS" +./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --datadir=/usr/share \ + --localstatedir=/var \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --enable-ssl-tunnel \ + --build=$ARCH-slackware-linux + +make CFLAGS="$SLKCFLAGS -Wall -g" +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +# Let's not clobber configs +for file in blacklist whitelist havp.config ; do + mv $PKG/etc/havp/$file $PKG/etc/havp/$file.new ; +done + +# Note that /var/log/havp should probably not be operated on by logrotate, +# since it runs as root, and the directory is controlled by a non-root +# process. This is mitigated in logrotate-3.8.0+ with an "su" directive +# to logrotate, but it's not available in 13.37. +chown havp:clamav $PKG/var/{log,run,tmp}/havp +chmod 0775 $PKG/var/tmp/havp + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a INSTALL COPYING ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +cat $CWD/README.setup > $PKG/usr/doc/$PRGNAM-$VERSION/README.setup + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +cat $CWD/doinst.sh > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/network/havp/havp.info b/network/havp/havp.info new file mode 100644 index 0000000000000..918de0182667f --- /dev/null +++ b/network/havp/havp.info @@ -0,0 +1,10 @@ +PRGNAM="havp" +VERSION="0.92a" +HOMEPAGE="http://sourceforge.net/projects/havp/" +DOWNLOAD="http://downloads.sourceforge.net/havp/havp-0.92a.tar.gz" +MD5SUM="f9a37411116eceea579b9034c5fa8a69" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="William Bowman" +EMAIL="wilbowma@indiana.edu" +APPROVED="rworkman" diff --git a/network/havp/patches/fixup_and_install_init_script.diff b/network/havp/patches/fixup_and_install_init_script.diff new file mode 100644 index 0000000000000..80ea40ba33ce3 --- /dev/null +++ b/network/havp/patches/fixup_and_install_init_script.diff @@ -0,0 +1,38 @@ +Fix paths to havp binary, config file, and init script, and make +sure the init script is installed to the correct directory. + +diff -Nur havp-0.92a.orig/etc/init.d/havp havp-0.92a/etc/init.d/havp +--- havp-0.92a.orig/etc/init.d/havp 2006-03-24 11:26:26.000000000 -0600 ++++ havp-0.92a/etc/init.d/havp 2011-12-20 10:28:49.449889309 -0600 +@@ -9,8 +9,8 @@ + # Any configuration of HAVP is done in havp.config + # Type havp --help for help and read havp.config you should have received. + +-HAVP_BIN=/usr/local/sbin/havp +-HAVP_CONFIG=/usr/local/etc/havp/havp.config ++HAVP_BIN=/usr/sbin/havp ++HAVP_CONFIG=/etc/havp/havp.config + PIDFILE=/var/run/havp/havp.pid + + # Return values acc. to LSB for all commands but status: +@@ -54,6 +54,7 @@ + echo "Error: $HAVP_BIN not found" + exit 5 + fi ++ mkdir -p `dirname $PIDFILE` + $HAVP_BIN -c $HAVP_CONFIG + exit $? + ;; +diff -Nur havp-0.92a.orig/havp/Makefile.in havp-0.92a/havp/Makefile.in +--- havp-0.92a.orig/havp/Makefile.in 2007-09-11 13:42:44.000000000 -0500 ++++ havp-0.92a/havp/Makefile.in 2011-12-20 10:27:42.992846172 -0600 +@@ -29,7 +29,8 @@ + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/log/havp + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/tmp/havp + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/run/havp +- $(INSTALL) -d $(DESTDIR)/etc/init.d ++ $(INSTALL) -d $(DESTDIR)/etc/rc.d ++ $(INSTALL) -m 755 ../etc/init.d/havp $(DESTDIR)/etc/rc.d/rc.havp.new + $(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config.default + @if [ ! -f $(DESTDIR)$(sysconfdir)/havp/havp.config ]; then \ + echo "$(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config"; \ diff --git a/network/havp/patches/put_templates_in_usrshare.diff b/network/havp/patches/put_templates_in_usrshare.diff new file mode 100644 index 0000000000000..5bf54cfa29e77 --- /dev/null +++ b/network/havp/patches/put_templates_in_usrshare.diff @@ -0,0 +1,46 @@ +Use @datadir@/havp/ (e.g. /usr/share/havp) instead of +@sysconfdir@/havp (e.g. /etc/havp) for the templates +(use for error messages and such) + +diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in +--- havp-0.92a.orig/etc/havp/havp.config.in 2011-12-20 22:00:20.651052966 -0600 ++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 22:00:06.253243044 -0600 +@@ -203,7 +203,7 @@ + # Path to template files. + # + # Default: +-# TEMPLATEPATH @sysconfdir@/havp/templates/en ++TEMPLATEPATH @datadir@/havp/templates/en + + # + # Set to true if you want to prefer Whitelist. +diff -Nur havp-0.92a.orig/havp/Makefile.in havp-0.92a/havp/Makefile.in +--- havp-0.92a.orig/havp/Makefile.in 2011-12-20 21:59:41.434570700 -0600 ++++ havp-0.92a/havp/Makefile.in 2011-12-20 22:02:28.130369990 -0600 +@@ -9,6 +9,7 @@ + sbindir = @sbindir@ + sysconfdir = @sysconfdir@ + localstatedir = @localstatedir@ ++datadir = @datadir@ + + OBJECTS = helper.o logfile.o scannerhandler.o connectiontobrowser.o \ + genericscanner.o httphandler.o params.o sockethandler.o \ +@@ -29,6 +30,7 @@ + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/log/havp + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/tmp/havp + $(INSTALL) -d -m 755 $(DESTDIR)$(localstatedir)/run/havp ++ $(INSTALL) -d -m 755 $(DESTDIR)$(datadir)/havp + $(INSTALL) -d $(DESTDIR)/etc/rc.d + $(INSTALL) -m 755 ../etc/init.d/havp $(DESTDIR)/etc/rc.d/rc.havp.new + $(INSTALL) -m 644 ../etc/havp/havp.config $(DESTDIR)$(sysconfdir)/havp/havp.config.default +@@ -49,8 +51,8 @@ + else \ + echo "Not overwriting old $(DESTDIR)$(sysconfdir)/havp/blacklist"; \ + fi +- cp -r ../etc/havp/templates $(DESTDIR)$(sysconfdir)/havp/ +- chmod -R a+rX $(DESTDIR)$(sysconfdir)/havp/templates ++ cp -r ../etc/havp/templates $(DESTDIR)$(datadir)/havp/ ++ chmod -R a+rX $(DESTDIR)$(datadir)/havp/templates + + clean: + cd scanners && $(MAKE) clean diff --git a/network/havp/patches/use_clamav_group_by_default.diff b/network/havp/patches/use_clamav_group_by_default.diff new file mode 100644 index 0000000000000..d7b1099421415 --- /dev/null +++ b/network/havp/patches/use_clamav_group_by_default.diff @@ -0,0 +1,16 @@ +Set user and group to havp:clamav by default in the config file + +diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in +--- havp-0.92a.orig/etc/havp/havp.config.in 2010-04-02 08:33:34.000000000 -0500 ++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 21:56:34.749035312 -0600 +@@ -24,8 +24,8 @@ + # used by any other program. + # + # Default: +-# USER havp +-# GROUP havp ++USER havp ++GROUP clamav + + # If this is true HAVP is running as daemon in background. + # For testing you may run HAVP at your text console. diff --git a/network/havp/patches/use_vartmphavp_for_tempdir.diff b/network/havp/patches/use_vartmphavp_for_tempdir.diff new file mode 100644 index 0000000000000..b114afdca1b44 --- /dev/null +++ b/network/havp/patches/use_vartmphavp_for_tempdir.diff @@ -0,0 +1,26 @@ +Set the working dir (TEMPDIR) to /var/tmp/havp instead of /var/tmp + +diff -Nur havp-0.92a.orig/etc/havp/havp.config.in havp-0.92a/etc/havp/havp.config.in +--- havp-0.92a.orig/etc/havp/havp.config.in 2011-12-20 22:08:18.907739050 -0600 ++++ havp-0.92a/etc/havp/havp.config.in 2011-12-20 22:08:55.267259030 -0600 +@@ -120,7 +120,7 @@ + # Needs to be writable by HAVP user. Use ramdisk for best performance. + # + # Default: +-# TEMPDIR /var/tmp ++# TEMPDIR /var/tmp/havp + + # + # HAVP reloads scanners virus database by receiving a signal +diff -Nur havp-0.92a.orig/havp/params.cpp havp-0.92a/havp/params.cpp +--- havp-0.92a.orig/havp/params.cpp 2010-04-02 08:32:42.000000000 -0500 ++++ havp-0.92a/havp/params.cpp 2011-12-20 22:08:44.061406971 -0600 +@@ -70,7 +70,7 @@ + SetConfig("WHITELIST", WHITELISTFILE); + SetConfig("BLACKLIST", BLACKLISTFILE); + SetConfig("TEMPLATEPATH", TEMPLATEPATH); +- SetConfig("TEMPDIR", "/var/tmp"); ++ SetConfig("TEMPDIR", "/var/tmp/havp"); + SetConfig("SCANTEMPFILE", "/var/tmp/havp/havp-XXXXXX"); + SetConfig("PIDFILE", PIDFILE); + SetConfig("TRANSPARENT", "false"); diff --git a/network/havp/slack-desc b/network/havp/slack-desc new file mode 100644 index 0000000000000..c91e5d2ded7b5 --- /dev/null +++ b/network/havp/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +havp: HAVP (HTTP Anti Virus Proxy) +havp: +havp: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus +havp: scanner. The main aims are continuous, non-blocking downloads and +havp: smooth scanning of dynamic and password protected HTTP traffic. Havp +havp: antivirus proxy has a parent and transparent proxy mode. It can be +havp: used with squid or standalone. +havp: +havp: http://www.server-side.de/ +havp: +havp: |