diff options
author | Jamie Lenehan <lenehan@twibble.org> | 2006-10-06 08:07:54 +0000 |
---|---|---|
committer | Jamie Lenehan <lenehan@twibble.org> | 2006-10-06 08:07:54 +0000 |
commit | e56b975bb45bbbc4f0b99b502b3288737eb02e45 (patch) | |
tree | 01d71dd87db8d5f11cefde6e76dd06ed34f50906 | |
parent | 1fee1949586215f9019770dd889d3631cdf1bf07 (diff) |
havp 0.82: Add HAVP, a HTTP antivirus proxy which uses clamav to scan
http traffic passing through the proxy. It can act as either a
transparent proxy or as a manual proxy.
-rw-r--r-- | packages/havp/.mtn2git_empty | 0 | ||||
-rw-r--r-- | packages/havp/files/.mtn2git_empty | 0 | ||||
-rw-r--r-- | packages/havp/files/doc.configure.txt | 21 | ||||
-rw-r--r-- | packages/havp/files/havp.init | 33 | ||||
-rw-r--r-- | packages/havp/files/sysconfdir-is-etc.patch | 26 | ||||
-rw-r--r-- | packages/havp/files/volatiles.05_havp | 5 | ||||
-rw-r--r-- | packages/havp/havp_0.82.bb | 89 |
7 files changed, 174 insertions, 0 deletions
diff --git a/packages/havp/.mtn2git_empty b/packages/havp/.mtn2git_empty new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/packages/havp/.mtn2git_empty diff --git a/packages/havp/files/.mtn2git_empty b/packages/havp/files/.mtn2git_empty new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/packages/havp/files/.mtn2git_empty diff --git a/packages/havp/files/doc.configure.txt b/packages/havp/files/doc.configure.txt new file mode 100644 index 0000000000..f88fb405ec --- /dev/null +++ b/packages/havp/files/doc.configure.txt @@ -0,0 +1,21 @@ +The following items needs to be considered when using havp: + +1. Madatory locking + + The filesystem on which SCANTEMPFILE lives must have madatory + locking enabled (mand option to mount). Note that nfs does not + support madatory locking. + +2. Scanning directory size + + If you have limited space on the SCANTEMPFILE then you will need + to set MAXSCANSIZE. + +3. Transparent proxy + + For transparent proxying you need an IP tables rule such as: + + iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 + + where eth0 is the incomming port, and 8080 is the port that havp + is running on. diff --git a/packages/havp/files/havp.init b/packages/havp/files/havp.init new file mode 100644 index 0000000000..245a28e7bc --- /dev/null +++ b/packages/havp/files/havp.init @@ -0,0 +1,33 @@ +#!/bin/sh +DAEMON=/usr/sbin/havp +HAVP_CONFIG=/etc/havp/havp.config +PIDFILE=/var/run/havp/havp.pid +NAME="havp" +DESC="HAVP" + +test -r /etc/default/havp && . /etc/default/havp +test -x "$DAEMON" || exit 0 +test ! -r "$HAVP_CONFIG" && exit 0 + +case "$1" in + start) + echo "Starting $DESC: " + start-stop-daemon --oknodo -S -x $DAEMON -- -c $HAVP_CONFIG + echo "$NAME." + ;; + + stop) + echo "Stopping $DESC:" + start-stop-daemon -K -p $PIDFILE + ;; + + restart) + $0 stop >/dev/null 2>&1 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart}" + exit 0 + ;; +esac diff --git a/packages/havp/files/sysconfdir-is-etc.patch b/packages/havp/files/sysconfdir-is-etc.patch new file mode 100644 index 0000000000..518a56f440 --- /dev/null +++ b/packages/havp/files/sysconfdir-is-etc.patch @@ -0,0 +1,26 @@ +--- havp-0.82/havp/default.h.in 2006/10/05 09:05:18 1.1 ++++ havp-0.82/havp/default.h.in 2006/10/05 09:05:31 +@@ -51,7 +51,7 @@ + "ENABLEAVAST","AVASTSOCKET","AVASTSERVER","AVASTPORT" + //SCANNERS + +-#define CONFIGFILE "/usr/local/etc/havp/havp.config" ++#define CONFIGFILE "/etc/havp/havp.config" + + + //############################################################## +--- havp-0.82/havp/params.cpp 2006/10/05 09:04:45 1.1 ++++ havp-0.82/havp/params.cpp 2006/10/05 09:05:06 +@@ -58,9 +58,9 @@ + SetConfig("KEEPBACKTIME", "5"); + SetConfig("TRICKLING", "30"); + SetConfig("WHITELISTFIRST", "true"); +- SetConfig("WHITELIST", "/usr/local/etc/havp/whitelist"); +- SetConfig("BLACKLIST", "/usr/local/etc/havp/blacklist"); +- SetConfig("TEMPLATEPATH", "/usr/local/etc/havp/templates/en"); ++ SetConfig("WHITELIST", "/etc/havp/whitelist"); ++ SetConfig("BLACKLIST", "/etc/havp/blacklist"); ++ SetConfig("TEMPLATEPATH", "/etc/havp/templates/en"); + SetConfig("TEMPDIR", "/var/tmp"); + SetConfig("SCANTEMPFILE", "/var/tmp/havp/havp-XXXXXX"); + SetConfig("PIDFILE", "/var/run/havp/havp.pid"); diff --git a/packages/havp/files/volatiles.05_havp b/packages/havp/files/volatiles.05_havp new file mode 100644 index 0000000000..3a9551fc1f --- /dev/null +++ b/packages/havp/files/volatiles.05_havp @@ -0,0 +1,5 @@ +# <type> <owner> <group> <mode> <path> <linksource> +d havp havp 0775 /var/log/havp none +d havp havp 0755 /var/lib/havp none +d havp havp 0755 /var/run/havp none +d havp havp 0755 /var/tmp/havp none diff --git a/packages/havp/havp_0.82.bb b/packages/havp/havp_0.82.bb new file mode 100644 index 0000000000..a0e1a00d64 --- /dev/null +++ b/packages/havp/havp_0.82.bb @@ -0,0 +1,89 @@ +DESCRIPTION = "HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV \ +anti-virus scanner. The main aims are continuous, non-blocking \ +downloads and smooth scanning of dynamic and password protected HTTP \ +traffic. Havp antivirus proxy has a parent and transparent proxy \ +mode. It can be used with squid or standalone." +HOMEPAGE = "http://www.server-side.de" +SECTION = "network" +LICENSE = "GPLv2" +DEPENDS = "clamav" +RDEPENDS_${PN} += "${PN}-templates-css2 ${PN}-templates-en" +PR = "r0" + +SRC_URI = "http://www.server-side.de/download/havp-${PV}.tar.gz \ + file://sysconfdir-is-etc.patch;patch=1 \ + file://havp.init \ + file://doc.configure.txt \ + file://volatiles.05_havp" + +inherit autotools + +EXTRA_OECONF = "--with-scanner=libclamav" + +do_configure_append () { + # Change the paths for /usr/local/etc (patch was applied to change them) + # And enable clamav as the scanner that is to be used. + sed -e 's:ENABLECLAMLIB false:ENABLECLAMLIB true:' \ + -e 's:/usr/local/etc:/etc:' \ + etc/havp/havp.config > etc/havp/havp.config.oe +} +do_install () { + install -m 0755 -d ${D}${sbindir} ${D}${sysconfdir}/havp \ + ${D}${sysconfdir}/init.d ${D}${docdir}/havp \ + ${D}${sysconfdir}/default/volatiles + install -m 755 havp/havp ${D}${sbindir} + install -m 755 ${WORKDIR}/havp.init ${D}${sysconfdir}/init.d/havp + install -m 755 INSTALL ${D}${docdir}/havp + install -m 755 ${WORKDIR}/doc.configure.txt ${D}${docdir}/havp/configure.txt + install -m 644 etc/havp/havp.config.oe ${D}${sysconfdir}/havp/havp.config + install -m 644 etc/havp/havp.config.oe ${D}${docdir}/havp/havp.config.default + + for i in whitelist blacklist; do + install -m 644 etc/havp/$i ${D}${sysconfdir}/havp/$i + done + cp -r etc/havp/templates ${D}${sysconfdir}/havp + chmod -R a+rX ${D}${sysconfdir}/havp/templates + + # We need some /var directories + for i in 05_havp; do + install -m 0644 ${WORKDIR}/volatiles.$i ${D}${sysconfdir}/default/volatiles/$i + done +} + +PACKAGES = "${PN}-dbg ${PN}-doc \ + ${PN}-templates-br ${PN}-templates-css2 ${PN}-templates-de \ + ${PN}-templates-en ${PN}-templates-es ${PN}-templates-fr \ + ${PN}-templates-it ${PN}-templates-nl ${PN}-templates-pf \ + ${PN}-templates-pl ${PN}-templates-ru ${PN}-templates-sv \ + ${PN}" + +FILES_${PN} = "${sysconfdir}/havp/blacklist ${sysconfdir}/havp/whitelist \ + ${sysconfdir}/havp/havp.config* \ + ${sysconfdir}/init.d ${sysconfdir}/default ${sbindir}" +FILES_${PN}-templates-br = "${sysconfdir}/havp/templates/br" +FILES_${PN}-templates-css2 = "${sysconfdir}/havp/templates/css2" +FILES_${PN}-templates-de = "${sysconfdir}/havp/templates/de" +FILES_${PN}-templates-en = "${sysconfdir}/havp/templates/en" +FILES_${PN}-templates-es = "${sysconfdir}/havp/templates/es" +FILES_${PN}-templates-fr = "${sysconfdir}/havp/templates/fr" +FILES_${PN}-templates-it = "${sysconfdir}/havp/templates/it" +FILES_${PN}-templates-nl = "${sysconfdir}/havp/templates/nl" +FILES_${PN}-templates-pf = "${sysconfdir}/havp/templates/pf" +FILES_${PN}-templates-pl = "${sysconfdir}/havp/templates/pl" +FILES_${PN}-templates-ru = "${sysconfdir}/havp/templates/ru" +FILES_${PN}-templates-sv = "${sysconfdir}/havp/templates/sv" + +# Add havp's user and groups +pkg_postinst_${PN} () { + grep -q havp: /etc/group || addgroup havp + grep -q havp: /etc/passwd || \ + adduser --disabled-password --home=${localstatedir}/lib/havp/ --system \ + --ingroup havp --no-create-home -g "HAVP" havp + /etc/init.d/populate-volatile.sh +} + +CONFFILES_${PN} = "${sysconfdir}/havp/havp.config \ + ${sysconfdir}/havp/blacklist ${sysconfdir}/havp/whitelist" + +INITSCRIPT_NAME_${PN} = "havp" +INITSCRIPT_PARAMS_${PN} = "defaults 55 45" |