blob: 244cfece8308b7b41d072affce0dd38a54dbd867 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# Maintainer: AlphaJack <alphajack at tuta dot io>
# Contributor Bjoern Franke <bjo+aur@schafweide.org>
# Contributor: G. Schlisio <x-git@dukun.de>
# Contributor: Matt Harrison <matt@hallme.com>
# Contributor: Sergey Mamonov <mrqwer88@gmail.com>
pkgname="maldet"
pkgver=1.6.5
pkgrel=2
pkgdesc="Linux malware scanner designed around threats faced in shared host environments"
url="https://www.rfxn.com/projects/linux-malware-detect/"
license=("GPL2")
arch=("any")
provides=("linux-malware-detect")
depends=("ed" "inetutils" "inotify-tools" "perl" "systemd")
source=("https://github.com/rfxn/linux-malware-detect/archive/$pkgver.tar.gz"
"maldet-update-signatures.service"
"maldet-update-signatures.timer")
backup=("etc/maldet/hookscan.conf"
"etc/maldet/ignore_file_ext"
"etc/maldet/ignore_inotify"
"etc/maldet/ignore_paths"
"etc/maldet/ignore_sigs"
"etc/maldet/internals.conf"
"etc/maldet/maldet.conf"
"etc/maldet/monitor_paths"
)
sha256sums=('23c7cf5649b0f1c1d4e2ab78961eb58453ed01aeffb53926fde6f2baa7f61e68'
'172486c33905df4032d74dd7f79c6dafce64df2006a037fba3c6aded99eaaba1'
'0d6d61dadb72eec8ded0d7e97d4b723fd2e4323e68852add59d372ef3f4e7b00')
install="maldet.install"
prepare(){
## TODO upstream setup tries to overwrite clamav's rfxn.* and lmd.user.* files
# seems to run with root-privs, so check for overwrites anywhere (best in a VM)
# file system privileges - depends on root/user
cd "linux-malware-detect-$pkgver"
# use arch linux file hierarchy
sed -i "files/maldet" \
-e "s|^inspath='/usr/local/maldetect'|inspath='/usr/share/maldet'|" \
-e 's|^intcnf="\$inspath/internals/internals.conf"|intcnf="/etc/maldet/internals.conf"|'
sed -i "files/hookscan.sh" \
-e "s|^inspath='/usr/local/maldetect'|inspath=\"/usr/share/maldet\"|" \
-e 's|^intcnf="$inspath/internals/internals.conf"|intcnf="/etc/maldet/internals.conf"|' \
-e 's|hookcnf="$inspath/conf.maldet.hookscan"|hookcnf="/etc/maldet/hookscan.conf"|' \
-e 's|$inspath/maldet|/usr/bin/maldet|' \
-e 's|tmpdir=/var/tmp|tmpdir=/var/lib/maldet/tmp|'
cat > "files/conf.maldet.hookscan" <<CONTENT
#quarantine_hits=1
#quarantine_clean=0
#scan_tmpdir_paths=''
#hscan=1
CONTENT
sed -i "files/conf.maldet" \
-e "s|/usr/local/maldetect/tmp|/var/lib/maldet/tmp|" \
-e "s|/usr/local/maldetect/monitor_paths|/etc/maldet/monitor_paths|"
sed -i "files/ignore_inotify" \
-e 's|\^/usr/local/maldetect\*|\^/var/lib/maldetect\*\n\^/usr/share/maldetect\*|'
sed -i "files/ignore_paths" \
-e "s|/usr/local/maldetect|/var/lib/maldet\n/usr/share/maldet|" \
-e "s|/usr/local/sbin/maldet|/usr/bin/maldet|"
sed -i "files/internals/functions" \
-e 's|$inspath/maldet|/usr/bin/maldet|'
sed -i "files/internals/hexfifo.pl" \
-e "s|/usr/local/maldetect/internals|/usr/share/maldetect/internals|"
sed -i "files/internals/importconf" \
-e "s|/usr/local/maldetect/conf.maldet|/etc/maldet/maldet.conf|" \
-e "s|/usr/local/maldetect/tmp|/var/lib/maldet/tmp|" \
-e "s|/usr/local/maldetect/monitor_paths|/etc/maldet/monitor_paths|"
sed -i "files/internals/internals.conf" \
-e 's|^logdir="\$inspath/logs"|logdir="/var/log/maldet"|' \
-e 's|^inspath=/usr/local/maldetect|inspath="/usr/share/maldet"|' \
-e 's|^intcnf="$inspath/internals/internals.conf"|intcnf="/etc/maldet/internals.conf"|' \
-e 's|^confpath="\$inspath"|confpath="/etc/maldet"|' \
-e 's|^cnffile="conf.maldet"|cnffile="maldet.conf"|' \
-e 's|^varlibpath="\$inspath"|varlibpath="/var/lib/maldet"|' \
-e 's|^tmpdir="\$inspath/tmp"|tmpdir="$varlibpath/tmp"|' \
-e 's|^inotify_log="\$inspath/logs/inotify_log"|inotify_log="$logdir/inotify_log"|'
sed -i "files/internals/scan.etpl" \
-e "s|/usr/local/sbin/maldet|/usr/bin/maldet|"
sed -i "files/internals/tlog" \
-e "s|/usr/local/maldetect/tmp|/var/lib/maldet/tmp|"
sed -i "files/service/maldet.service" \
-e "s|/usr/local/maldetect/maldet|/usr/bin/maldet|" \
-e "s|--monitor /usr/local/maldetect/monitor_paths|--monitor /etc/maldet/monitor_paths|" \
-e "s|^PIDFile=.*|PIDFile=/var/lib/maldet/tmp/inotifywait.pid|" \
-e "s|^EnvironmentFile=.*|EnvironmentFile=/etc/maldet/maldet.conf|"
}
package(){
cd "linux-malware-detect-$pkgver"
# main executables
install -d "$pkgdir/usr/bin/"
install -D -m 755 "files/maldet" "$pkgdir/usr/bin/maldet"
install -D -m 755 "files/hookscan.sh" "$pkgdir/usr/bin/hookscan"
ln -s "/usr/bin/hookscan" "$pkgdir/usr/bin/modsec"
# program files
install -d "$pkgdir/usr/share/maldet"
cp -ar "files/"* "$pkgdir/usr/share/maldet"
# systemd files
install -D -m 644 "files/service/maldet.service" "$pkgdir/usr/lib/systemd/system/maldet.service"
install -D -m 644 "$srcdir/maldet-update-signatures.service" "$pkgdir/usr/lib/systemd/system/maldet-update-signatures.service"
install -D -m 644 "$srcdir/maldet-update-signatures.timer" "$pkgdir/usr/lib/systemd/system/maldet-update-signatures.timer"
# program data
install -d "$pkgdir/var/lib/maldet/"{internals,quarantine,sess,sigs,clean,tmp,pub}
install -d "$pkgdir/var/log/maldet"
# configurations
# must be readable by those who can execute maldet
install -d "$pkgdir/etc/maldet"
install -m 644 "files/conf.maldet" "$pkgdir/etc/maldet/maldet.conf"
install -m 644 "files/conf.maldet.hookscan" "$pkgdir/etc/maldet/hookscan.conf"
install -m 644 "files/internals/internals.conf" "$pkgdir/etc/maldet/internals.conf"
install -m 644 "files/monitor_paths" "$pkgdir/etc/maldet/monitor_paths"
cp -ra "files/"ignore_* "$pkgdir/etc/maldet/"
# man pages
install -d "$pkgdir/usr/share/man/man1/"
gzip -f9 "files/maldet.1"
install -D -m 644 "files/maldet.1.gz" "$pkgdir/usr/share/man/man1/maldet.1.gz"
# documentation
install -d "$pkgdir/usr/share/doc/maldet/"
install -D -m 644 "CHANGELOG" "$pkgdir/usr/share/doc/maldet/CHANGELOG"
install -D -m 644 "COPYING.GPL" "$pkgdir/usr/share/license/maldet/COPYING"
install -D -m 644 "README" "$pkgdir/usr/share/doc/maldet/README"
# cleanup
rm -r "$pkgdir/usr/share/maldet/cron"
rm "$pkgdir/usr/share/maldet/conf.maldet"
rm "$pkgdir/usr/share/maldet/conf.maldet.cron"
rm "$pkgdir/usr/share/maldet/conf.maldet.hookscan"
rm "$pkgdir/usr/share/maldet/hookscan.sh"
rm "$pkgdir/usr/share/maldet/"ignore_*
rm "$pkgdir/usr/share/maldet/internals/internals.conf"
rm "$pkgdir/usr/share/maldet/maldet"
rm "$pkgdir/usr/share/maldet/maldet.1"
rm "$pkgdir/usr/share/maldet/modsec.sh"
rm "$pkgdir/usr/share/maldet/monitor_paths"
rm -r "$pkgdir/usr/share/maldet/service"
rm "$pkgdir/usr/share/maldet/uninstall.sh"
}
|