--- picalib-0.1.5.orig/VERSION
+++ picalib-0.1.5/VERSION
@@ -0,0 +1 @@
+VERSION=0.1.5
--- picalib-0.1.5.orig/picalib.pod
+++ picalib-0.1.5/picalib.pod
@@ -0,0 +1,548 @@
+=head1 NAME
+
+picalib - Set of PICA helper scripts and configuration files
+
+
+=head1 DESCRIPTION
+
+PICALib is a set of PICA-related files to help in several system
+administration tasks, like filesystem integrity checks, package update
+automation, backups, NTP configuration, anti-virus protection, etc. It is a
+collection of "modules", documented independently.
+
+
+=head1 ADMIN DOMAINS
+
+Most of the alarms included use the concept of "admindomains". An admindomain
+is a group of administratively related hosts. The idea is that within PICA
+only hosts in the same admindomain will interact with each other.
+
+For example, the NTP module generates a configuration where hosts belonging
+to the ntpservers synchronize with each other, But you don't want servers
+from client (or network) A synchronizing with servers from client B. The
+answer is to define different admindomains for each client and include the
+clients' hosts in that group.
+
+This is done in a very simple way. Including all the hosts in a group
+and defining the variable "admindomain" for that group:
+
+ hostgroup clientA {
+ members { host1, host2, host3 }
+ vars {
+ admindomain = 'clientA';
+ }
+ }
+
+
+=head1 DNS - CONFIGURATION FOR THE DNS SERVICE
+
+This module can be used to generate a basic DNS configuration. It can
+generate a normal or split DNS configuration. Split DNS means that you will
+have two different views of the domain, depending on the source IP address
+of the query. This is very usefull in firewalls because you can give
+different info to the internal and external networks.
+
+This modules is related to the DHCP module in the way that it will allow
+dynamic DNS updates from the DHCP server if you set C<$ddns> in the DHCP
+module. This updates will be cryptographically authenticated.
+
+=over
+
+=item
+
+Variables shared with the DHCP module
+
+=over
+
+=item domainname
+
+DNS domain name
+
+=item netprefix
+
+Network prefix (3 bytes). If you have network C<192.168.1.0/24> it
+will be C<192.168.1>.
+
+=back
+
+=item
+
+Variables for the basic configuration:
+
+=over
+
+=item forwarders
+
+List of dns forwarders to use (optional)
+
+=item rndckey
+
+key to sign the control commands send with rndc. Generate it with dns-keygen
+
+=item dnsmasters
+
+list of dns master servers. Only needed if you have slave servers
+
+=item distzonefiles
+
+set this variable if you want to distribute the zone files using pica. If you
+do, you must create the zone files with the apropriate name (see below) in the
+PICA server. If you don't use this feature, you have to create those files in
+the DNS server
+
+=back
+
+=item
+
+Additional variables for splitdns:
+
+=over
+
+=item splitdns
+
+Set this variable if you want to generate a splitdns configuration
+
+=item dnsextmasters
+
+list of master servers for the external zone
+
+=back
+
+=item
+
+Zone files
+
+This modules assumes the zone files will be named:
+
+=over
+
+=item ${domainname}.db
+
+for the zone
+
+=item ${domainname}-ext.db
+
+for the EXTERNAL zone
+
+=item ${netprefix}.db
+
+for the reverse zone
+
+=back
+
+You can use example.com.db and 192.168.1.db as a model to create your zone
+file
+
+=back
+
+
+=head1 DHCP - CONFIGURATION FOR THE DHCP SERVICE
+
+This module generates a simple DHCP configuration. It basically creates a
+dynamic range for the given network prefix.
+
+The variables you should configure are:
+
+=over
+
+=item domainname
+
+DNS domain name for the clients
+
+=item netprefix
+
+IP network prefix (3 bytes). Ex. 192.168.1
+
+=item router
+
+the default gateway for this network
+
+=item dnsservers
+
+list of DNS servers for this network
+
+=item nbservers
+
+NetBIOS name server (Could be Samba or a WINS server)
+
+=back
+
+The following options are needed only if you want the DHCP server to
+dynamically update the DNS zone for the given domain.
+
+=over
+
+=item ddns
+
+Do we want ddns?
+
+=item dhcpkey
+
+a key allowed to send updates to the server (generate with dns-keygen). The
+server must be configured to allow updates signed with this key. The PICA
+group DNS does this automagically ;)
+
+=back
+
+=head2 NOTES
+
+This group only works with DHCPv3!!! If you want to use an older version, you
+can't use the DDNS feature...
+
+The DHCP server and the DDNS server MUST be the same host. If you don't like
+this restriction change the primary 127.0.0.1 entries in dhcpd.conf...
+
+
+=head1 NTP - CONFIGURATION FOR THE NTP SERVICE
+
+This module generates a very simple NTP configuration. It assumes two kinds
+of NTP servers in an organization:
+
+=over
+
+=item ntpservers
+
+Main NTP servers in the admingroup. They will be synchronized to various
+public stratum-1 servers (they will be stratum-2). The will also act as NTP
+peers (all the servers in this group will synchronize with each other). You
+will need AT LEAST ONE server in this group for each admingroup.
+
+=item ntpclients
+
+NTP clients. They will be synchronized to all the ntpservers in the same
+admingroup. This is why you need at least one "ntpserver" host.
+
+=back
+
+
+=head1 Backup - BACKUP SERVICE
+
+This module generates a client/server configuration of Amanda. It uses two
+hostgroups:
+
+=over
+
+=item bckservers
+
+The tape server
+
+=item bckclients
+
+The clients we want to backup
+
+=back
+
+The clients will be configured to only allow connections from the tape
+server.
+
+The backup will be configured to do full backups on fridays. On thursday the
+system will check if everything is OK for friday's backup.
+
+If this configuration suits your needs, you will only need to label the
+tapes...
+
+=head2 INSTALLATION NOTES
+
+To install the Backup service ypou first have to set all needed variables
+(see sample F). These variables are:
+
+=over
+
+
+=item amcfg
+
+The amanda configuration name. Amanda uses this name to be refer to a backup
+configuration. You can have many backup configurations in the same server as
+long as this name is different
+
+=item amorg
+
+Organization name. Amanda will put this in the subject of any email report it
+sends. Put something to quickly identify this configuration
+
+=item ammailto
+
+email address where amanda will send backup reports
+
+=item amtapecycle
+
+Number of tapes we have for rotation
+
+=item amsrvip & amsrvfqdn
+
+IP and full name of the tape server. To setup the access restrictions
+
+=item amdisklist
+
+disklist file to use, relative to the Backup dir in picalib. This variable
+exists because you probably want different disklist files for each backup
+group
+
+=back
+
+
+=head1 AntiVirus - CONFIGURATION FOR THE ANTIVIRUS SERVICE
+
+This Antivirus service includes two alarms to automatically scan
+filesystems and update the virus databases. It also integrates cleanly
+with PostFix.
+
+This alarm needs the following software installed:
+
+=over
+
+=item
+
+Kaspersky Antivirus for Linux
+
+=item
+
+avcheck
+
+=back
+
+
+=head1 Info - INFO DIRECTORY FOR PICA
+
+This module contains some misc. files, as a proposed MOTD and webpage for
+PICA-administered hosts.
+
+
+=head1 Snort - CONFIGURATION FOR THE SNORT SERVICE
+
+Snort is an excelent Inrusion Detection System (IDS). This module installs
+Snort in all hosts included in the C group.
+
+After installing this module you will need to edit the
+F
+file to set the device and C
+
+The script B is used to automatically check for new snort rules.
+The F directory must be owned by the user that runs B
+(shoud NOT be root)
+
+This alarm needs the following software installed:
+
+=over
+
+=item
+
+Snort
+
+=item
+
+SnortSnarf
+
+=item
+
+oinkmaster
+
+=back
+
+
+=head1 FireWall - CONFIGURATION FOR THE FIREWALL SERVICE
+
+This group includes a simple but powerful B based firewall. It can
+protect the host where it is running and/or an internal network. It can also
+do destination NAT to allow access to internal hosts using private IP
+addresses.
+
+See F for configuration.
+
+
+=head1 PIFIA - PICA FRAMEWORK FOR INTEGRATED ALARMS
+
+This directory contains the PIFIA files. To use PIFIA based alarms in the
+target hosts, you shoud C<#include> in the toplevel of your F
+the F file located in the F directory.
+
+
+=head1 genalarms - GENERAL ALARMS
+
+This directory contains alarms to make critical checks on servers:
+
+=over
+
+=item DfChk
+
+Checks filesystem usage and notifies if a given threshold (default 90%) is
+reached
+
+=item PermsChk
+
+Check permissions and owner on a list of files and directories. This list is
+read from an object file (Perms.obj). If the "proactive" flag is set to 1, it
+will correct the anomalous situations
+
+=item ProcChk
+
+Checks if critical services are running. This services are read from an object
+file (Procs.obj). If the "proactive flag is set to 1, it will correct the
+anomalous situations
+
+=back
+
+
+=head1 TripWire - CONFIGURATION AND ALARM FILES FOR TRIPWIRE INTEGRITY CHECKER
+
+To Install this group in a host
+
+=over
+
+=item 1.
+
+Add the host to the hostgroup tripwire
+
+=item 2.
+
+Install the tripwire group in the host:
+
+ pica -iv +F triwire +H host
+
+=item 3.
+
+Install the tripwire software on the host. If you already installed APTChk you
+can just do:
+
+ pica -xv +F "APTChk -p -v" +H host
+
+=item 4.
+
+You need to initialize Tripwire in the host. To do it run:
+
+ /etc/tripwire/twinstall
+
+It will ask you passwords for the site and local keys. The site key is
+used to sign/encryt the config and policy files. The local key is used to
+sign the tripwire database and reports. It's supposed to have only one
+site key for the whole organization and a local key for each server, but
+this group doesn't currently support this configuration. So you will have
+a site and local key pair for each host.
+
+=item 5.
+
+Initialize the tripwire database:
+
+ tripwire --init
+
+That's it, TWChk will check your filesystem integrity every night. If it
+finds any change, it will notify you. If the changes are authorized you
+should update the tripwire database with:
+
+=over
+
+=item 1.
+
+Run twupdate in the host or:
+
+ pica -xv +F twupdate +H host
+
+in the PICA master (this way you can update all servers)
+
+=item 2.
+
+It will open en editor (vi) with the last tripwire report to let you specify
+what changes to update. If you want to update all of them just save and exit.
+
+=item 3.
+
+It will then ask you for the password of the local key to update the
+
+ tripwire database
+
+=back
+
+Also, anytime you change the policy file (twpol.cfg) you will have to
+sign it on every host. twpol.txt will remind you anytime you install it:
+
+ # pica -iv +F twpol.txt +H tripwire
+ twpol -> /etc/tripwire/twpol.txt 0.0 600 0
+ ***********************************************
+ NOTE: Remember to run twadmin -m P twpol.txt!!!
+ ***********************************************
+
+You can sign it on many servers at once running:
+
+ pica -xv +F "twadmin -m P twpol.txt" +H host1 host2 ...
+
+
+=head1 APTChk - APTCHECK ALARMS
+
+This module contains the files and alarms used to make sure all the
+servers have the latest critical packages installed (either by apt-get or
+apt-rpm).
+
+For this service we use B (B if the machine is in the
+C group) and a simple alarm that runs nightly. This alarm updates the
+RPM database from a central B repository and can install any needed
+update.
+
+We have the RPM repository in a central host where we mirror redhat updates
+nightly. We also have some directories containing aditional RPM packages.
+
+We also distribute a file containing the critical packages needed by every
+server, so the alarm can check and install it as needed.
+
+=head2 APT-RPM REPOSITORY SERVER
+
+These are the steps to setup an APT-RPM Repository server.
+
+=over
+
+=item 1. Setup a redhat mirror...
+
+You will need at least the distribution binaries and the updates section. I
+recommend using the B alarm to make mirrors using B. It's MUCH
+faster than FTP or HTTP. With the default configuration, the RedHat mirror
+generates the following tree:
+
+ $localdir/redhat
+ 7.2/
+ i386/ -> RH 7.2 binary mirror
+ RedHat/
+ RPMS -> RH 7.2 binary RPM packages
+ SRPMS -> RH 7.2 source packages
+ updates/i386 -> RH 7.2 updates RPM Packages
+ SRPMS -> RH 7.2 updates source Packages
+
+=item 2. Setup de APT-RPM repository
+
+APT needs a repository tree with the following structure:
+
+ $aptrepdir/
+ 7.2/
+ SRPMS.main -> RedHat 7.2 distro SRPMS packages
+ SRPMS.updates -> RedHat 7.2 updates SRPMS packages
+ SRPMS.custom -> Custom SRPMS for RH 7.2
+ i386/
+ RPMS.main -> RedHat 7.2 distro binary RPMS packages
+ RPMS.updates -> RedHat 7.2 updates binary RPMS packages
+ RPMS.custom -> Custom binary RPMS for RH 7.2
+ base/ -> Directory where APT saves the databases
+
+Since the RedHat tree has a different structure, I usually mirror RedHat
+with their structure and creates the APT structure creating symlinks.
+
+This symlinks should be RELATIVE if this is going to be accesible via
+anonymous FTP.
+
+=item 3. Generate the APT databases
+
+The alarm B will generate the APT repositories for you. You just have
+to define the repositories and modules in the variable C<$aptreps>.
+
+This alarm will be run nightly, but you can force APT repository
+regeneration with:
+
+ pica -xv +F "APTRep -v" +H aptserver
+
+=back
+
+
+=head1 AUTHOR
+
+B and its documentation was written by Miguel Armas del Río
+Ekuko@maarmas.comE. It was converted to POD by Esteban Manchado
+Velázquez Ezoso@demiurgo.orgE.
+
+=cut
--- picalib-0.1.5.orig/etc/hosts.conf
+++ picalib-0.1.5/etc/hosts.conf
@@ -93,7 +93,7 @@
}
## APT clients
-hostgroup apt-clients {
+hostgroup apt-rpm-clients {
members { host2, host1, host5, host62, host63,
host4,
indigo,
--- picalib-0.1.5.orig/etc/picalib.conf
+++ picalib-0.1.5/etc/picalib.conf
@@ -13,8 +13,8 @@
####################
## NOTE: This variables can be changed in each group's var environment
## PICALib path (MANDATORY)
-picalib = '/opt/picalib';
-picalibconf = '/opt/picalib/conf';
+picalib = '/usr/share/picalib';
+picalibconf = '/etc/picalib';
## VARIABLES FOR PIFIA
# Where to send mail notifications
--- picalib-0.1.5.orig/info/Info.conf
+++ picalib-0.1.5/info/Info.conf
@@ -24,11 +24,11 @@
}
file picapowered {
path = '/var/www/html/pica-powered.png';
- source = '<#$picalibconf#>/Info/pica-powered.png';
+ source = '<#$picalib#>/Info/pica-powered.png';
}
file rhpowered {
path = '/var/www/html/poweredby.png';
- source = '<#$picalibconf#>/Info/poweredby.png';
+ source = '<#$picalib#>/Info/poweredby.png';
}
}
#fi
--- picalib-0.1.5.orig/FireWall/firewall
+++ picalib-0.1.5/FireWall/firewall
@@ -24,7 +24,7 @@
# FUNCTION: validate()
# DESCRIPCION: Validate a port string from the config file
-function validate {
+validate () {
token=$1
type=$2
sip="";sport="";dip="";dport="";proto=""
@@ -56,7 +56,7 @@
fi
if [ "x$sip" != "x" ]; then
# In NAT rules, $sip is the original destination ip
- if [ "x$type" == "xNAT" -o "x$type" == "xNPROTO" ]; then
+ if [ "x$type" = "xNAT" -o "x$type" = "xNPROTO" ]; then
sip="-d $sip"
else
sip="-s $sip"
@@ -64,10 +64,10 @@
fi
if [ "x$sport" != "x" ]; then
# In NAT rules, $sport is the original destination port
- if [ "x$type" == "xNAT" ]; then
+ if [ "x$type" = "xNAT" ]; then
sport="--dport $sport"
# In proto rules, sport doesn't make sense...
- elif [ "x$type" == "xPROTO" -a "x$type" == "xNPROTO" ]; then
+ elif [ "x$type" = "xPROTO" -a "x$type" = "xNPROTO" ]; then
echo "ERROR: Source port in protocol rule ($token)"
sport=""
else
@@ -79,7 +79,7 @@
dip="-d $dip"
fi
else
- if [ "x$type" == "xNAT" -o "x$type" == "xNPROTO" ]; then
+ if [ "x$type" = "xNAT" -o "x$type" = "xNPROTO" ]; then
echo "ERROR: dest IP is MANDATORY in NAT rules ($token)"
return 1
fi
@@ -89,10 +89,10 @@
dport="--dport $dport"
fi
else
- if [ "x$type" == "xNAT" ]; then
+ if [ "x$type" = "xNAT" ]; then
echo "ERROR: dest port is MANDATORY in NAT rules ($token)"
return 1
- elif [ "x$type" == "xPROTO" -o "x$type" == "xNPROTO" ]; then
+ elif [ "x$type" = "xPROTO" -o "x$type" = "xNPROTO" ]; then
echo "ERROR: proto is MANDATORY in PROTOCOL rules ($token)"
fi
--- picalib-0.1.5.orig/pifia/pifia.conf
+++ picalib-0.1.5/pifia/pifia.conf
@@ -52,7 +52,7 @@
# Cron file
file pifia.cron {
source = '<#$picalibconf#>/PIFIA/pifia.cron';
- path = '/etc/cron.d/pifia.cron';
+ path = '/etc/cron.d/pifia';
perms = '644';
}
# PIFIA lib (Perl package)
--- picalib-0.1.5.orig/debian/control
+++ picalib-0.1.5/debian/control
@@ -0,0 +1,17 @@
+Source: picalib
+Section: admin
+Priority: optional
+Maintainer: Esteban Manchado Velázquez
+Build-Depends-Indep: debhelper (>= 4)
+Standards-Version: 3.6.0
+
+Package: picalib
+Architecture: all
+Depends: pica, ${perl:Depends}
+Recommends: libmldbm-perl
+Description: Set of PICA helper scripts and configuration files
+ PICA is a PIKT-like program for system administration.
+ .
+ PICALib is a set of PICA-related files to help in several system
+ administration tasks, like filesystem integrity checks, package update
+ automation, backups, NTP configuration, anti-virus protection, etc.
--- picalib-0.1.5.orig/debian/rules
+++ picalib-0.1.5/debian/rules
@@ -0,0 +1,113 @@
+#!/usr/bin/make -f
+# GNU copyright 1997 to 1999 by Joey Hess.
+# copyright by Esteban Manchado Velázquez
+
+
+
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -g
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+ INSTALL_PROGRAM += -s
+endif
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ # No configuration needed
+ touch configure-stamp
+
+
+build: build-stamp
+
+build-stamp: configure-stamp
+ dh_testdir
+ # No compilation needed, but need to update the manpage
+ pod2man -s 7 picalib.pod >picalib.7
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+ rm -f picalib.7 # Remove generated manpage
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Install in /etc/picalib and /usr/share/picalib
+ LIBDIR=$(CURDIR)/debian/picalib/usr/share/picalib \
+ CONFDIR=$(CURDIR)/debian/picalib/etc/picalib ./install
+ # Delete MODINFO files
+ find $(CURDIR)/debian/picalib -name MODINFO -exec rm -f {} \;
+ # Delete aux module
+ rm -rf $(CURDIR)/debian/picalib/etc/picalib/aux \
+ $(CURDIR)/debian/picalib/usr/share/picalib/aux
+ # Delete configuration examples (moved to /usr/share/picalib)
+ rm -rf $(CURDIR)/debian/picalib/etc/picalib/etc
+ # Copy examples to /usr/share/picalib and make symlinks to them
+ mkdir -p $(CURDIR)/debian/picalib/usr/share/picalib
+ mkdir -p $(CURDIR)/debian/picalib/usr/share/doc/picalib/examples/DNS
+ for i in hosts.conf objects.conf; do cp etc/$$i $(CURDIR)/debian/picalib/usr/share/picalib/$$i.sample; ln -s ../../../picalib/$$i.sample $(CURDIR)/debian/picalib/usr/share/doc/picalib/examples/$$i.sample; done
+ # Move some more examples in /etc/picalib
+ mv $(CURDIR)/debian/picalib/etc/picalib/DNS/example.com* $(CURDIR)/debian/picalib/usr/share/picalib/DNS
+ ln -s ../../../../picalib/DNS/example.com.db $(CURDIR)/debian/picalib/usr/share/doc/picalib/examples/DNS
+ ln -s ../../../../picalib/DNS/example.com-ext.db $(CURDIR)/debian/picalib/usr/share/doc/picalib/examples/DNS
+ # Move README files to documentation directory
+ for dir in PICALib DNS NTP Backup DHCP AntiVirus Info Snort FireWall \
+ PIFIA genalarms TripWire APTChk; do \
+ mkdir -p $(CURDIR)/debian/picalib/usr/share/doc/picalib/$$dir; \
+ done
+ for file in PICALib/README DNS/README NTP/README Backup/README \
+ Backup/README.Amanda DHCP/README AntiVirus/README \
+ Info/README Snort/README FireWall/README PIFIA/README \
+ genalarms/README TripWire/README \
+ TripWire/README.tripwire APTChk/README \
+ APTChk/RedHat_Mirrors.txt; do \
+ mv $(CURDIR)/debian/picalib/etc/picalib/$$file \
+ $(CURDIR)/debian/picalib/usr/share/doc/picalib/$$file; \
+ done
+ # Move misc. things from /etc/picalib (documentation, changelogs...)
+ mv $(CURDIR)/debian/picalib/etc/picalib/Info/pica-powered.png $(CURDIR)/debian/picalib/usr/share/picalib/Info
+ mv $(CURDIR)/debian/picalib/etc/picalib/Info/poweredby.png $(CURDIR)/debian/picalib/usr/share/picalib/Info
+ mv $(CURDIR)/debian/picalib/etc/picalib/PICALib/NOTES $(CURDIR)/debian/picalib/usr/share/doc/picalib
+ rm -rf $(CURDIR)/debian/picalib/etc/picalib/PICALib
+
+
+
+# Build architecture-independent files here.
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_install
+# dh_installdebconf
+ dh_installdocs
+# dh_installexamples
+ dh_installmenu
+# dh_installlogrotate
+# dh_installinit
+# dh_installcron
+ dh_installman picalib.7
+# dh_installinfo
+# dh_undocumented
+ dh_installchangelogs ChangeLog
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_perl
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# No architecture-dependent files
+binary-arch: build install
+
+binary: binary-indep
+.PHONY: build clean binary-indep binary-arch binary install configure
--- picalib-0.1.5.orig/debian/changelog
+++ picalib-0.1.5/debian/changelog
@@ -0,0 +1,31 @@
+picalib (0.1.5-4) unstable; urgency=low
+
+ * Fix another bashism, this time in Firewall script (Closes: #489640).
+ Thanks to Chris Lamb.
+
+ -- Esteban Manchado Velázquez Thu, 28 Aug 2008 19:21:34 +0200
+
+picalib (0.1.5-3) unstable; urgency=low
+
+ * Fix bashism in debian/rules (Closes: #457438). Thanks to Michael Bienia.
+
+ -- Esteban Manchado Velázquez Thu, 03 Jan 2008 22:50:33 +0100
+
+picalib (0.1.5-2) unstable; urgency=low
+
+ * Fixed typo in APTChk.
+ * "/etc/init.d/sshd" -> "/etc/init.d/ssh" in ProcChk.obj.
+ * Bumped Standard-Version (converted changelog to UTF-8).
+ * Changed name of apt-clients hostgroup and apt-client file group to
+ "apt-rpm-clients" and "apt-rpm-client", to make clear it's only for
+ apt-rpm.
+ * Changed Maintainer field to match UTF-8 change.
+
+ -- Esteban Manchado Velázquez Fri, 8 Aug 2003 00:04:53 +0100
+
+picalib (0.1.5-1) unstable; urgency=low
+
+ * First upload (closes: Bug#152667).
+
+ -- Esteban Manchado Velázquez Wed, 18 Sep 2002 23:12:22 +0100
+
--- picalib-0.1.5.orig/debian/compat
+++ picalib-0.1.5/debian/compat
@@ -0,0 +1 @@
+4
--- picalib-0.1.5.orig/debian/README.Debian
+++ picalib-0.1.5/debian/README.Debian
@@ -0,0 +1,34 @@
+picalib for Debian
+------------------
+
+To install, include the following line in your hosts.conf
+(/etc/pica/hosts.conf) default vars section:
+
+#include "/etc/picalib/picalib.conf"
+
+and the following one to your objects.conf (/etc/pica/objects.conf), at the
+topllevel, *if* you want to use any alarm (the most probable case, anyway):
+
+#include "/etc/picalib/PIFIA/pifia.conf"
+
+You'll then have to customize the contents of /etc/picalib/picalib.conf (this
+step is mandatory). After that, read the documentation for each module, which
+is included in the picalib(7) manpage and in /usr/share/doc/picalib.
+
+ Basically, you will have to include the main .conf file of the module(s) you
+want to use, and install the object(s) you want to use (see the object list in
+the include file and configuration details in picalib(7) and in
+/usr/share/doc/picalib). Note that most alarms depend on PIFIA, so you will
+have to include and install that on every machine you want to execute alarms
+in.
+
+Note about alarms
+-----------------
+
+Most alarms here need libmldbm-perl to work (every alarm using the PIFIA
+module). That means that you'll have to install the MLDBM Perl package (via the
+libmldbm-perl Debian package, for example) in the machines you want the alarms
+to operate on, which may or may not have PICA installed. If you're going to use
+only the configuration files you don't have to install it.
+
+ -- Esteban Manchado Velázquez , Wed, 26 Jun 2002 11:52:53 +0100
--- picalib-0.1.5.orig/debian/copyright
+++ picalib-0.1.5/debian/copyright
@@ -0,0 +1,11 @@
+This package was debianized by Esteban Manchado Velázquez on
+Wed, 26 Jun 2002 11:52:53 +0100.
+
+It was downloaded from http://prdownloads.sourceforge.net/pica/picalib-0.1.5.tgz?download
+
+Upstream Author: Miguel Armas
+
+Copyright:
+
+This package is distributed under the GNU GPL version 2. See
+/usr/share/common-licenses/GPL-2 for details.
--- picalib-0.1.5.orig/debian/picalib.install
+++ picalib-0.1.5/debian/picalib.install
@@ -0,0 +1 @@
+etc/picalib.conf etc/picalib
--- picalib-0.1.5.orig/debian/picalib.dirs
+++ picalib-0.1.5/debian/picalib.dirs
@@ -0,0 +1,12 @@
+/etc/picalib/DNS
+/etc/picalib/NTP
+/etc/picalib/Backup
+/etc/picalib/DHCP
+/etc/picalib/AntiVirus
+/etc/picalib/Info
+/etc/picalib/Snort
+/etc/picalib/FireWall
+/etc/picalib/PIFIA
+/etc/picalib/genalarms
+/etc/picalib/TripWire
+/etc/picalib/APTChk
--- picalib-0.1.5.orig/debian/picalib.docs
+++ picalib-0.1.5/debian/picalib.docs
@@ -0,0 +1 @@
+README
--- picalib-0.1.5.orig/genalarms/genalarms.conf
+++ picalib-0.1.5/genalarms/genalarms.conf
@@ -10,14 +10,6 @@
###################
### GENERAL ALARMS
###################
-## The MLDBM package needed by many alarms
-file MLDBM {
- source = '<#$picalib#>/aux/MLDBM/';
- path = '/usr/local/lib/site_perl';
- verbatim = 1;
- perms = '755';
-}
-
group genalarms {
## General Server Alarms
# Name : ProcChk
--- picalib-0.1.5.orig/genalarms/ProcChk.obj
+++ picalib-0.1.5/genalarms/ProcChk.obj
@@ -12,33 +12,33 @@
## Processes that should be running in ALL hosts
#if (ingroup('ssh2'))
-sshd /etc/rc.d/init.d/sshd2 restart
+sshd /etc/init.d/ssh restart
#else
-sshd /etc/rc.d/init.d/sshd restart
+sshd /etc/init.d/ssh restart
#fi
## Processes that should NOT be running in ANY hosts
-!lpd /etc/rc.d/init.d/lpd stop
+!lpd /etc/init.d/lpd stop
##
## Conditional processess (by hostgroup)
##
#if (ingroup('webservers'))
-httpd /etc/rc.d/init.d/httpd restart
+apache /etc/init.d/apache restart
#else
-!httpd /etc/rc.d/init.d/httpd stop
+!apache /etc/init.d/apache stop
#fi
#if (ingroup('sendmail'))
-sendmail /etc/rc.d/init.d/sendmail restart
+sendmail /etc/init.d/sendmail restart
#else
# NOTE: We shouldn't try to stop sendmail, because it could be SENDING email
-#!sendmail /etc/rc.d/init.d/sendmail stop
+#!sendmail /etc/init.d/sendmail stop
#fi
#if (ingroup('squid'))
-squid /etc/rc.d/init.d/squid restart
+squid /etc/init.d/squid restart
#else
-!squid /etc/rc.d/init.d/squid stop
+!squid /etc/init.d/squid stop
#fi
--- picalib-0.1.5.orig/APTChk/APTChk.conf
+++ picalib-0.1.5/APTChk/APTChk.conf
@@ -8,9 +8,10 @@
# HOW IT WORKS:
# We have two groups related to this alarms:
-# apt-client: group of objects to be installed in the hosts that will use this
-# alarm to automatically update packages. This group will only be
-# installed in hosts belonging to the apt-clients hostgroup
+# apt-rpm-client: group of objects to be installed in the hosts that will use
+# this alarm to automatically update packages. This group will
+# only be installed in hosts belonging to the apt-rpm-clients
+# hostgroup
# apt-rep: group of objects to be installed in the repository server (the
# host) that contains the package repository. These objects are
# needed to create the repository database. This group will only be
@@ -18,11 +19,11 @@
#
# To use this checks you need to create the package repository in one (or
# more) host, add ths host to the apt-rep hostgroup, and add the client hosts
-# to the apt-clients hostgroup
+# to the apt-rpm-clients hostgroup
## Objects for the APT clients
-#if (ingroup('apt-clients'))
-group apt-client {
+#if (ingroup('apt-rpm-clients'))
+group apt-rpm-client {
## APT sources.list file
file sources.list {
source = '<#$picalibconf#>/APTChk/sources.list';
--- picalib-0.1.5.orig/APTChk/APTChk
+++ picalib-0.1.5/APTChk/APTChk
@@ -19,7 +19,7 @@
# Package query command
my $pkgchk;
#if (ingroup('debian'))
-$pkgchk = '/usr/bin/dkpg -s $pkgname | awk \'/Package/ { name = $2} /Version/ { gsub("-", " "); print name, $2" "$3 }\'';
+$pkgchk = '/usr/bin/dpkg -s $pkgname | awk \'/Package/ { name = $2} /Version/ { gsub("-", " "); print name, $2" "$3 }\'';
#else
$pkgchk = '/bin/rpm -q --queryformat "%{name} %{version} %{release}" $pkgname';
#fi