1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
%define name mandi
%define version 0.7.4
%define release 1mdk
Summary: Monitoring daemon bridge
Name: %{name}
Version: %{version}
Release: %{release}
Source0: %{name}-%{version}.tar.bz2
License: GPL
Group: Networking/Other
Url: http://cvs.mandriva.com/cgi-bin/cvsweb.cgi/soft/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
BuildRequires: dbus-devel
Requires(post): rpm-helper
Requires: dbus
%description
Mandi is a monitoring daemon which acts as a bridge from root
monitoring libraries to user applications, using D-Bus.
Its plugin system allows to monitor different kind of events.
A built-in plugin forwards wireless scan results from wpa_supplicant
to user applications.
Mandi ain't no daemon, idiot! (c) rgs
%package ifw
Summary: Firewall rules for Interactive Firewall
Group: Networking/Other
Requires(post): shorewall
Requires: mandi = %{version}
Requires: ipset
%description ifw
This package contains the iptables rules used to forward intrusion
detections to the mandi daemon.
It is a component of Interactive Firewall.
%prep
%setup -q
%build
%make
%install
rm -rf $RPM_BUILD_ROOT
install -D -m755 src/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name}
install -D -m644 conf/%{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}/dbus-1/system.d/%{name}.conf
install -D -m755 scripts/%{name}.init %buildroot%{_initrddir}/%{name}
install -d -m755 %buildroot%{_sysconfdir}/ifw/rules.d/
install -m644 rules.d/* %buildroot%{_sysconfdir}/ifw/rules.d/
install -m644 scripts/{start,stop} $RPM_BUILD_ROOT%{_sysconfdir}/ifw
%clean
rm -rf $RPM_BUILD_ROOT
%post
%_post_service mandi
%preun
%_preun_service mandi
%triggerpostun ifw -- mandi-ifw < 0.7.2-2mdk
STARTFILE=%{_sysconfdir}/shorewall/start
if [ -f $STARTFILE ]; then
grep -v -E "^INCLUDE ifw$" $STARTFILE > $STARTFILE.new
mv -f $STARTFILE.new $STARTFILE
fi
%files
%defattr(-,root,root)
%{_sbindir}/%{name}
%config %{_sysconfdir}/dbus-1/system.d/%{name}.conf
%{_initrddir}/mandi
%files ifw
%dir %{_sysconfdir}/ifw/
%{_sysconfdir}/ifw/start
%{_sysconfdir}/ifw/stop
%{_sysconfdir}/ifw/rules.d/*
%changelog
* Fri Sep 23 2005 Olivier Blin <oblin@mandriva.com> 0.7.4-1mdk
- 0.7.4:
o fix saving whitelist
o don't skip reports when a another attack is being reported
* Thu Sep 8 2005 Olivier Blin <oblin@mandrakesoft.com> 0.7.3-1mdk
- 0.7.3:
o fix stop script to remove all entries in the Ifw rule
o fix D-Bus message order for blacklist notification
* Sun Sep 4 2005 Olivier Blin <oblin@mandriva.com> 0.7.2-2mdk
- remove "INCLUDE ifw" in shorewall start file on upgrade
* Thu Sep 1 2005 Olivier Blin <oblin@mandriva.com> 0.7.2-1mdk
- mandi: save white list right after adding/modifying entries
* Thu Sep 1 2005 Olivier Blin <oblin@mandriva.com> 0.7.1-1mdk
- 0.7.1:
o add start/stop scripts
o add rules.d directorty, with a sample psd rule
o shorewall isn't required by the package anymore
o remove shorewall workarounds, it'is better done by drakfirewall now
o notify attacks even if attacker is already present in log
o don't create ipsets in the daemon
* Thu Aug 25 2005 Olivier Blin <oblin@mandriva.com> 0.7-2mdk
- use clean tarball (fix build on 64 bits, thanks couriousous)
* Wed Aug 24 2005 Olivier Blin <oblin@mandriva.com> 0.7-1mdk
- 0.7, IFW plugin improvements:
o keep logs and allow to clear them
o allow applications to notify themselves when the user has
checked reports or asked to manage the lists
o send notifications in automatic mode too
* Mon Aug 22 2005 Olivier Blin <oblin@mandriva.com> 0.6-4mdk
- do not match for ESTABLISHED,RELATED connections (Samir),
this should avoid DNS blacklist
* Mon Aug 22 2005 Olivier Blin <oblin@mandriva.com> 0.6-3mdk
- remove ifw inclusion in shorewall on full removal only
* Sat Aug 20 2005 Olivier Blin <oblin@mandriva.com> 0.6-2mdk
- really fix dbus permissions
* Fri Aug 19 2005 Olivier Blin <oblin@mandriva.com> 0.6-1mdk
- 0.6
o create ipsets in shorewall start script
o start mandi service after messagebus
o allow console users to use Interactive Firewall
* Thu Aug 18 2005 Olivier Blin <oblin@mandriva.com> 0.5-1mdk
- 0.5
o use an Ifw chain in shorewall/iptables
o handle blacklist and whitelist in the Ifw chain
* Thu Aug 18 2005 Olivier Blin <oblin@mandriva.com> 0.4-1mdk
- 0.4 (ignore notifications from the loopback interface)
- start mandi daemon as a service
- add a mandi-ifw subpackage to insert Interactive Firewall in
shorewall start rules
- use psd to detect port scans
* Thu Aug 11 2005 Olivier Blin <oblin@mandriva.com> 0.3-1mdk
- 0.3, Interactive Firewall improvements:
o really support ipset (using iptrees)
o use correct byte order to add IP addresses in iptrees
o send only one attack report per IP address
o fix description (thanks to Mathieu Geli)
* Fri Jul 29 2005 Olivier Blin <oblin@mandriva.com> 0.2-1mdk
- 0.2 (small bugfix)
- Requires ipset
* Thu Jul 28 2005 Olivier Blin <oblin@mandriva.com> 0.1-1mdk
- allow to select a wireless network
- enable fake Active Firewall mode
* Fri Jul 15 2005 Olivier Blin <oblin@mandriva.com> 0.1-0.1mdk
- initial release
|