| /CHANGELOG |
|---|
| 5,11 → 5,13 |
| --------------- SVN revision: XXXX ------------ |
| NEWS |
| CHANGES |
| - kernel 5.15.126 + Let's Encrypt ACME V3.0.7 |
| ACC |
| - add organism name in menu frame to distinguish several alcasar |
| - Update jquery-ui (1.13.) |
| BUGS |
| - gammu systemd unit : it should wait mysqld to start |
| - update NTP option in DHCP response in coova conf file (alcasar-conf.sh) |
| - update NTP option in DHCP response in coova conf file (alcasar-conf.sh) |
| SECURITY |
| - fixe a CSRF+RCE vulnerability in activity.php |
| WEB |
| 21,7 → 23,7 |
| CHANGES |
| - Add SHA256 in PAP protocol (coovachilli). Thanks to Paul BAESKENS (aka StaringCat) |
| - Remove "dnsmasq" resolver used with whitelist filtering system (we now use ipset capabilities of "unbound") |
| - Let's Encrypt ACME.sh V3.0.5 |
| - Let's Encrypt ACME V3.0.5 |
| - Manage the update between versions of Mageia |
| ACC |
| - phpsysinfo 3.4.2 - Vnstat-frontend fork by "tomangert" |
| 56,7 → 58,7 |
| NEWS |
| - Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job) |
| CHANGES |
| - kernel 5.10.46 + ipt_NETFLOW 2.6 + ACME 2.9.0 (letsencrypt) + nfdump 1.6.23 |
| - kernel 5.10.46 + ipt_NETFLOW 2.6 + Let's Encrypt ACME 2.9.0 + nfdump 1.6.23 |
| - Bypass mode works now also in dhcp |
| - After the system has been updated (every day at 3 am), check if reboot is needed |
| - phpsysinfo 3.3.4 |
| /rpms/ipt-netflow-2.6.spec |
|---|
| 1,4 → 1,4 |
| %define kversion 5.15.82-server-1.mga8 |
| %define kversion 5.15.126-server-1.mga8 |
| %define debug_package %{nil} |
| Name: ipt-netflow |
| Version: 2.6 |
| 19,7 → 19,7 |
| %setup -q -n ipt-netflow-%{version} |
| %build |
| ./configure --kdir=/usr/src/kernel-5.15.82-server-1.mga8 --disable-dkms --disable-snmp-agent |
| ./configure --kdir=/usr/src/kernel-5.15.126-server-1.mga8 --disable-dkms --disable-snmp-agent |
| %make_build |
| %install |
| 44,6 → 44,8 |
| /lib/modules/%kversion/extra/ipt_NETFLOW.ko |
| %changelog |
| * Fri Nov 14 2023 Richard REY <Rexy> |
| - Version 2.6 for the kernel 5.15.126 (ALCASAR 3.6.1) |
| * Fri Dec 30 2022 Richard REY <Rexy> |
| - Version 2.6 for the kernel 5.15.86 (ALCASAR 3.6.0) |
| * Thu Jul 08 2021 Richard REY <Rexy> |
| /rpms/rpm-build-howto |
|---|
| 5,7 → 5,7 |
| - ipt_netflow kernel module (netflow log system) |
| - wkhtmltopdf (html to pdf renderer) |
| - nfdump (collector & processor for netflow data) |
| - havp (http antivirus proxy) used before ALCASAR V3.5 |
| - havp (http antivirus proxy) used only before ALCASAR V3.5 |
| This howto explains how to build RPM of these programs in order to keep the distribution clean |
| The compilation options are set in /etc/rpm/macro.d/* |
| 12,7 → 12,7 |
| The .spec & RPM can be test with the tool "rpmlint" |
| **** Prepare the RPM creation structure *** |
| - upadate your system : urpmi --auto-update |
| - update your system : urpmi --auto-update |
| - install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool |
| - create directories structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp} |
| - Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory |
| 44,8 → 44,9 |
| **** For ipt_netflow **** |
| - Must be complied on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot) |
| - install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel" |
| - download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory. The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so) |
| - test the module : go to the directory of sources and try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to verify. Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok. |
| - download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so) |
| - test the module : go to the directory of sources and try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to verify that the module is corectly loaded). |
| - Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok. |
| - if all is ok, copy the tarball in rpmbuild/SOURCES. |
| - Copy and adapt the .spec in rpmbuild/SPECS (change the versions of kernel, kernel source and rpm). |
| - Run "rpmbuild -bb ****.spec" |
| /rpms/x86_64/ipt-netflow-2.6-0.mga8.x86_64.rpm |
|---|
| Cannot display: file marked as a binary type. |
| svn:mime-type = application/octet-stream |
| /scripts/alcasar-rpm-download.sh |
|---|
| 11,7 → 11,7 |
| VERSION="8" |
| ARCH="x86_64" |
| # The kernel version we compile netflow for |
| KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8" |
| KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8" |
| # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
| # (old) perl-Socket6 : needed by nfsen |
| # "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf |
| /scripts/alcasar-rpm.sh |
|---|
| 12,7 → 12,7 |
| VERSION="8" |
| ARCH="x86_64" |
| # The kernel version we compile netflow for |
| KERNEL="kernel-server-5.15.82-1.mga8-1-1.mga8" |
| KERNEL="kernel-server-5.15.126-1.mga8-1-1.mga8" |
| # ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
| # (old) perl-Socket6 : needed by nfsen |
| # "fonts-dejavu-common" & "fonts-ttf-dejavu" : fonts needed by wkhtmltopdf |