/CHANGELOG |
---|
5,11 → 5,13 |
--------------- SVN revision: XXXX ------------ |
NEWS |
CHANGES |
- kernel 5.15.126 + Let's Encrypt ACME V3.0.7 |
ACC |
- add organism name in menu frame to distinguish several alcasar |
- Update jquery-ui (1.13.) |
BUGS |
- gammu systemd unit : it should wait mysqld to start |
- update NTP option in DHCP response in coova conf file (alcasar-conf.sh) |
- update NTP option in DHCP response in coova conf file (alcasar-conf.sh) |
SECURITY |
- fixe a CSRF+RCE vulnerability in activity.php |
WEB |
21,7 → 23,7 |
CHANGES |
- Add SHA256 in PAP protocol (coovachilli). Thanks to Paul BAESKENS (aka StaringCat) |
- Remove "dnsmasq" resolver used with whitelist filtering system (we now use ipset capabilities of "unbound") |
- Let's Encrypt ACME.sh V3.0.5 |
- Let's Encrypt ACME V3.0.5 |
- Manage the update between versions of Mageia |
ACC |
- phpsysinfo 3.4.2 - Vnstat-frontend fork by "tomangert" |
56,7 → 58,7 |
NEWS |
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job) |
CHANGES |
- kernel 5.10.46 + ipt_NETFLOW 2.6 + ACME 2.9.0 (letsencrypt) + nfdump 1.6.23 |
- kernel 5.10.46 + ipt_NETFLOW 2.6 + Let's Encrypt ACME 2.9.0 + nfdump 1.6.23 |
- Bypass mode works now also in dhcp |
- After the system has been updated (every day at 3 am), check if reboot is needed |
- phpsysinfo 3.3.4 |
/rpms/ipt-netflow-2.6.spec |
---|
1,4 → 1,4 |
%define kversion 5.15.82-server-1.mga8 |
%define kversion 5.15.126-server-1.mga8 |
%define debug_package %{nil} |
Name: ipt-netflow |
Version: 2.6 |
19,7 → 19,7 |
%setup -q -n ipt-netflow-%{version} |
%build |
./configure --kdir=/usr/src/kernel-5.15.82-server-1.mga8 --disable-dkms --disable-snmp-agent |
./configure --kdir=/usr/src/kernel-5.15.126-server-1.mga8 --disable-dkms --disable-snmp-agent |
%make_build |
%install |
44,6 → 44,8 |
/lib/modules/%kversion/extra/ipt_NETFLOW.ko |
%changelog |
* Fri Nov 14 2023 Richard REY <Rexy> |
- Version 2.6 for the kernel 5.15.126 (ALCASAR 3.6.1) |
* Fri Dec 30 2022 Richard REY <Rexy> |
- Version 2.6 for the kernel 5.15.86 (ALCASAR 3.6.0) |
* Thu Jul 08 2021 Richard REY <Rexy> |
/rpms/rpm-build-howto |
---|
5,7 → 5,7 |
- ipt_netflow kernel module (netflow log system) |
- wkhtmltopdf (html to pdf renderer) |
- nfdump (collector & processor for netflow data) |
- havp (http antivirus proxy) used before ALCASAR V3.5 |
- havp (http antivirus proxy) used only before ALCASAR V3.5 |
This howto explains how to build RPM of these programs in order to keep the distribution clean |
The compilation options are set in /etc/rpm/macro.d/* |
12,7 → 12,7 |
The .spec & RPM can be test with the tool "rpmlint" |
**** Prepare the RPM creation structure *** |
- upadate your system : urpmi --auto-update |
- update your system : urpmi --auto-update |
- install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool |
- create directories structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp} |
- Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory |
44,8 → 44,9 |
**** For ipt_netflow **** |
- Must be complied on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot) |
- install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel" |
- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory. The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so) |
- test the module : go to the directory of sources and try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to verify. Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok. |
- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so) |
- test the module : go to the directory of sources and try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to verify that the module is corectly loaded). |
- Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok. |
- if all is ok, copy the tarball in rpmbuild/SOURCES. |
- Copy and adapt the .spec in rpmbuild/SPECS (change the versions of kernel, kernel source and rpm). |
- Run "rpmbuild -bb ****.spec" |
/rpms/x86_64/ipt-netflow-2.6-0.mga8.x86_64.rpm |
---|
Cannot display: file marked as a binary type. |
svn:mime-type = application/octet-stream |
/scripts/alcasar-rpm-download.sh |
---|
11,7 → 11,7 |
VERSION="8" |
ARCH="x86_64" |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8" |
KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
# (old) perl-Socket6 : needed by nfsen |
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf |
/scripts/alcasar-rpm.sh |
---|
12,7 → 12,7 |
VERSION="8" |
ARCH="x86_64" |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8" |
KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
# (old) perl-Socket6 : needed by nfsen |
# "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf |