From 78962e919e3c73dbd8c245cdb06db13050efb992 Mon Sep 17 00:00:00 2001 From: mhoellein Date: Fri, 15 Mar 2024 10:08:18 +0100 Subject: [PATCH] committing changes in /etc made by "apt-get install clamav" Package changes: +clamav 0.103.11+dfsg-0ubuntu0.20.04.1 amd64 +clamav-base 0.103.11+dfsg-0ubuntu0.20.04.1 all +clamav-freshclam 0.103.11+dfsg-0ubuntu0.20.04.1 amd64 +libclamav9 0.103.11+dfsg-0ubuntu0.20.04.1 amd64 +libmspack0 0.10.1-2 amd64 +libtfm1 0.13-4 amd64 --- .etckeeper | 17 + aliases | 1 + aliases.db | Bin 12288 -> 12288 bytes apparmor.d/local/usr.bin.freshclam | 0 apparmor.d/usr.bin.freshclam | 47 +++ clamav/freshclam.conf | 27 ++ group | 1 + group- | 1 + gshadow | 1 + gshadow- | 1 + init.d/clamav-freshclam | 343 ++++++++++++++++++ logcheck/ignore.d.server/clamav-freshclam | 7 + logrotate.d/clamav-freshclam | 15 + network/if-down.d/clamav-freshclam-ifupdown | 78 ++++ network/if-up.d/clamav-freshclam-ifupdown | 78 ++++ passwd | 1 + passwd- | 2 +- ppp/ip-down.d/clamav-freshclam-ifupdown | 78 ++++ ppp/ip-up.d/clamav-freshclam-ifupdown | 78 ++++ rc0.d/K01clamav-freshclam | 1 + rc1.d/K01clamav-freshclam | 1 + rc2.d/S01clamav-freshclam | 1 + rc3.d/S01clamav-freshclam | 1 + rc4.d/S01clamav-freshclam | 1 + rc5.d/S01clamav-freshclam | 1 + rc6.d/K01clamav-freshclam | 1 + shadow | 1 + shadow- | 3 +- .../clamav-freshclam.service | 1 + 29 files changed, 786 insertions(+), 2 deletions(-) create mode 100644 apparmor.d/local/usr.bin.freshclam create mode 100644 apparmor.d/usr.bin.freshclam create mode 100644 clamav/freshclam.conf create mode 100755 init.d/clamav-freshclam create mode 100644 logcheck/ignore.d.server/clamav-freshclam create mode 100644 logrotate.d/clamav-freshclam create mode 100755 network/if-down.d/clamav-freshclam-ifupdown create mode 100755 network/if-up.d/clamav-freshclam-ifupdown create mode 100755 ppp/ip-down.d/clamav-freshclam-ifupdown create mode 100755 ppp/ip-up.d/clamav-freshclam-ifupdown create mode 120000 rc0.d/K01clamav-freshclam create mode 120000 rc1.d/K01clamav-freshclam create mode 120000 rc2.d/S01clamav-freshclam create mode 120000 rc3.d/S01clamav-freshclam create mode 120000 rc4.d/S01clamav-freshclam create mode 120000 rc5.d/S01clamav-freshclam create mode 120000 rc6.d/K01clamav-freshclam create mode 120000 systemd/system/multi-user.target.wants/clamav-freshclam.service diff --git a/.etckeeper b/.etckeeper index ada384a85..4518b35af 100755 --- a/.etckeeper +++ b/.etckeeper @@ -8,6 +8,8 @@ mkdir -p './apt/auth.conf.d' mkdir -p './apt/preferences.d' mkdir -p './binfmt.d' mkdir -p './ca-certificates/update.d' +mkdir -p './clamav/onerrorexecute.d' +mkdir -p './clamav/onupdateexecute.d' mkdir -p './dbus-1/session.d' mkdir -p './dconf/db' mkdir -p './dovecot/private' @@ -635,6 +637,7 @@ maybe chmod 0644 'apparmor.d/local/README' maybe chmod 0644 'apparmor.d/local/lsb_release' maybe chmod 0644 'apparmor.d/local/nvidia_modprobe' maybe chmod 0644 'apparmor.d/local/sbin.dhclient' +maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/local/usr.bin.man' maybe chmod 0644 'apparmor.d/local/usr.lib.ipsec.charon' maybe chmod 0644 'apparmor.d/local/usr.lib.ipsec.stroke' @@ -665,6 +668,7 @@ maybe chmod 0644 'apparmor.d/tunables/sys' maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs' maybe chmod 0755 'apparmor.d/tunables/xdg-user-dirs.d' maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs.d/site.local' +maybe chmod 0644 'apparmor.d/usr.bin.freshclam' maybe chmod 0644 'apparmor.d/usr.bin.man' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.charon' maybe chmod 0644 'apparmor.d/usr.lib.ipsec.stroke' @@ -776,6 +780,12 @@ maybe chmod 0644 'calendar/default' maybe chmod 0755 'carbon' maybe chmod 0644 'carbon/carbon.conf' maybe chmod 0644 'carbon/storage-schemas.conf' +maybe chmod 0755 'clamav' +maybe chown 'clamav' 'clamav/freshclam.conf' +maybe chgrp 'adm' 'clamav/freshclam.conf' +maybe chmod 0444 'clamav/freshclam.conf' +maybe chmod 0755 'clamav/onerrorexecute.d' +maybe chmod 0755 'clamav/onupdateexecute.d' maybe chmod 0755 'console-setup' maybe chmod 0644 'console-setup/ISO-8859-1.acm' maybe chmod 0644 'console-setup/Uni2-Fixed16.psf.gz' @@ -1489,6 +1499,7 @@ maybe chmod 0755 'init.d/apache-htcacheclean' maybe chmod 0755 'init.d/apache2' maybe chmod 0755 'init.d/apparmor' maybe chmod 0755 'init.d/carbon-cache' +maybe chmod 0755 'init.d/clamav-freshclam' maybe chmod 0755 'init.d/console-setup.sh' maybe chmod 0755 'init.d/coturn' maybe chmod 0755 'init.d/cron' @@ -18856,6 +18867,7 @@ maybe chmod 0755 'logcheck/ignore.d.paranoid' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_7' maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-8_0' maybe chmod 0755 'logcheck/ignore.d.server' +maybe chmod 0644 'logcheck/ignore.d.server/clamav-freshclam' maybe chmod 0644 'logcheck/ignore.d.server/gpg-agent' maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules' maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_7' @@ -18877,6 +18889,7 @@ maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/bootlog' maybe chmod 0644 'logrotate.d/btmp' maybe chmod 0644 'logrotate.d/certbot' +maybe chmod 0644 'logrotate.d/clamav-freshclam' maybe chmod 0644 'logrotate.d/dbconfig-common' maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/fail2ban' @@ -19002,9 +19015,11 @@ maybe chmod 0644 'netplan/01-netcfg.yaml' maybe chmod 0755 'network' maybe chmod 0755 'network/if-down.d' maybe chmod 0755 'network/if-down.d/bind9' +maybe chmod 0755 'network/if-down.d/clamav-freshclam-ifupdown' maybe chmod 0755 'network/if-down.d/postfix' maybe chmod 0755 'network/if-up.d' maybe chmod 0755 'network/if-up.d/bind9' +maybe chmod 0755 'network/if-up.d/clamav-freshclam-ifupdown' maybe chmod 0755 'network/if-up.d/postfix' maybe chmod 0644 'network/interfaces' maybe chmod 0755 'networkd-dispatcher' @@ -19219,9 +19234,11 @@ maybe chmod 0644 'postfix/without_ptr.db' maybe chmod 0755 'ppp' maybe chmod 0755 'ppp/ip-down.d' maybe chmod 0755 'ppp/ip-down.d/bind9' +maybe chmod 0755 'ppp/ip-down.d/clamav-freshclam-ifupdown' maybe chmod 0755 'ppp/ip-down.d/postfix' maybe chmod 0755 'ppp/ip-up.d' maybe chmod 0755 'ppp/ip-up.d/bind9' +maybe chmod 0755 'ppp/ip-up.d/clamav-freshclam-ifupdown' maybe chmod 0755 'ppp/ip-up.d/postfix' maybe chmod 0644 'profile' maybe chmod 0755 'profile.d' diff --git a/aliases b/aliases index 8d428e9dd..e9154f663 100644 --- a/aliases +++ b/aliases @@ -1,3 +1,4 @@ # See man 5 aliases for format postmaster: root root: root@hoellein.online +clamav: root diff --git a/aliases.db b/aliases.db index 09c63a24b0c40fce5a8bffb904450aa887266013..16951d9c5961318c4f1585782367fd7d6038ec7b 100644 GIT binary patch delta 127 zcmZojXh@h~!oP@-iGk@a14BtgPnvR(+2sHHqKs@CBX{%5@i5f!Gw}Z9|Hc23{~rH& z{$2c=_}B0+;Ge}mg};t}W1$cK +# Last Modified: Sun Aug 3 09:39:03 2008 + +#include + +/usr/bin/freshclam flags=(attach_disconnected) { + #include + #include + #include + #include + + capability dac_override, + capability chown, + + capability setgid, + capability setuid, + + @{PROC}/filesystems r, + owner @{PROC}/[0-9]*/status r, + + /etc/clamav/clamd.conf r, + /etc/clamav/freshclam.conf r, + /etc/clamav/onerrorexecute.d/* mr, + /etc/clamav/onupdateexecute.d/* mr, + /etc/clamav/virusevent.d/* mr, + + owner @{HOME}/.clamtk/db/ rw, + owner @{HOME}/.clamtk/db/** rwk, + + owner @{HOME}/.klamav/database/ rw, + owner @{HOME}/.klamav/database/** rwk, + + /usr/bin/freshclam mr, + + /var/lib/clamav/ r, + /var/lib/clamav/** krw, + + /var/log/clamav/* krw, + /{,var/}run/clamav/freshclam.pid w, + /{,var/}run/clamav/clamd.ctl rw, + + deny /{,var/}run/samba/{gencache,unexpected}.tdb mrwkl, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/clamav/freshclam.conf b/clamav/freshclam.conf new file mode 100644 index 000000000..b1e1237a1 --- /dev/null +++ b/clamav/freshclam.conf @@ -0,0 +1,27 @@ +# Automatically created by the clamav-freshclam postinst +# Comments will get lost when you reconfigure the clamav-freshclam package + +DatabaseOwner clamav +UpdateLogFile /var/log/clamav/freshclam.log +LogVerbose false +LogSyslog false +LogFacility LOG_LOCAL6 +LogFileMaxSize 0 +LogRotate true +LogTime true +Foreground false +Debug false +MaxAttempts 5 +DatabaseDirectory /var/lib/clamav +DNSDatabaseInfo current.cvd.clamav.net +ConnectTimeout 30 +ReceiveTimeout 0 +TestDatabases yes +ScriptedUpdates yes +CompressLocalDatabase no +Bytecode true +NotifyClamd /etc/clamav/clamd.conf +# Check for new database 24 times a day +Checks 24 +DatabaseMirror db.local.clamav.net +DatabaseMirror database.clamav.net diff --git a/group b/group index fbb42396e..1c2d7e7ac 100644 --- a/group +++ b/group @@ -75,3 +75,4 @@ _graphite:x:132: netdata:x:998: cool:x:133: turnserver:x:134: +clamav:x:135: diff --git a/group- b/group- index 6603f2d5d..fbb42396e 100644 --- a/group- +++ b/group- @@ -74,3 +74,4 @@ icingacmd:x:131:www-data _graphite:x:132: netdata:x:998: cool:x:133: +turnserver:x:134: diff --git a/gshadow b/gshadow index efe3d2544..2fec5bbcd 100644 --- a/gshadow +++ b/gshadow @@ -75,3 +75,4 @@ _graphite:!:: netdata:!:: cool:!:: turnserver:!:: +clamav:!:: diff --git a/gshadow- b/gshadow- index 5e93bef65..efe3d2544 100644 --- a/gshadow- +++ b/gshadow- @@ -74,3 +74,4 @@ icingacmd:!::www-data _graphite:!:: netdata:!:: cool:!:: +turnserver:!:: diff --git a/init.d/clamav-freshclam b/init.d/clamav-freshclam new file mode 100755 index 000000000..4dcc4b343 --- /dev/null +++ b/init.d/clamav-freshclam @@ -0,0 +1,343 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: clamav-freshclam +# Required-Start: $remote_fs $syslog +# Should-Start: clamav-daemon +# Required-Stop: $remote_fs $syslog +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ClamAV virus database updater +# Description: Clam AntiVirus virus database updater +### END INIT INFO + +# The exit status codes should comply with LSB. +# https://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html + +DAEMON=/usr/bin/freshclam +NAME=freshclam +DESC="ClamAV virus database updater" + +# required by Debian policy 9.3.2 +[ -x $DAEMON ] || exit 0 + +CLAMAV_CONF_FILE=/etc/clamav/clamd.conf +FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf + +to_lower() +{ + word="$1" + lcword=$(echo "$word" | tr A-Z a-z) + echo "$lcword" +} + +is_true() +{ + var="$1" + lcvar=$(to_lower "$var") + [ 'true' = "$lcvar" ] || [ 'yes' = "$lcvar" ] || [ 1 = "$lcvar" ] + return $? +} + +is_false() +{ + var="$1" + lcvar=$(to_lower "$var") + [ 'false' = "$lcvar" ] || [ 'no' = "$lcvar" ] || [ 0 = "$lcvar" ] + return $? +} + +ucf_cleanup() +{ + # This only does something if I've fucked up before + # Not entirely impossible :( + + configfile=$1 + + if [ `grep "$configfile" /var/lib/ucf/hashfile | wc -l` -gt 1 ]; then + grep -v "$configfile" /var/lib/ucf/hashfile > /var/lib/ucf/hashfile.tmp + grep "$configfile" /var/lib/ucf/hashfile | tail -n 1 >> /var/lib/ucf/hashfile.tmp + mv /var/lib/ucf/hashfile.tmp /var/lib/ucf/hashfile + fi +} + +add_to_ucf() +{ + configfile=$1 + ucffile=$2 + + if ! grep -q "$configfile" /var/lib/ucf/hashfile; then + md5sum $configfile >> /var/lib/ucf/hashfile + cp $configfile $ucffile + fi +} + +ucf_upgrade_check() +{ + configfile=$1 + sourcefile=$2 + ucffile=$3 + + if [ -f "$configfile" ]; then + add_to_ucf $configfile $ucffile + ucf --three-way --debconf-ok "$sourcefile" "$configfile" + else + [ -d /var/lib/ucf/cache ] || mkdir -p /var/lib/ucf/cache + pathfind restorecon && restorecon /var/lib/ucf/cache + cp $sourcefile $configfile + add_to_ucf $configfile $ucffile + fi +} + +slurp_config() +{ + CLAMAVCONF="$1" + + if [ -e "$CLAMAVCONF" ]; then + for variable in `egrep -a -v '^[[:space:]]*(#|$)' "$CLAMAVCONF" | awk '{print $1}'`; do + case "$variable" in + DatabaseMirror) + if [ -z "$DatabaseMirror" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + DatabaseCustomURL) + if [ -z "$DatabaseCustomURL" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + IncludePUA) + if [ -z "$IncludePUA" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$i $value" + done + else + continue + fi + ;; + ExcludePUA) + if [ -z "$ExcludePUA" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$i $value" + done + else + continue + fi + ;; + ExtraDatabase) + if [ -z "$ExtraDatabase" ]; then + for i in `grep -a ^$variable $CLAMAVCONF | awk '{print $2}'`; do + value="$value $i" + done + else + continue + fi + ;; + VirusEvent|OnUpdateExecute|OnErrorExecute|RejectMsg) + value=`grep -a ^$variable $CLAMAVCONF | head -n1 | sed -e s/$variable\ //` + ;; + *) + value=`grep -a "^$variable[[:space:]]" $CLAMAVCONF | head -n1 | awk '{print $2}'` + ;; + esac + if [ -z "$value" ]; then + export "$variable"="true" + elif [ "$value" != "$variable" ]; then + export "$variable"="$value" + else + export "$variable"="true" + fi + unset value + done + fi +} + +pathfind() { + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$*" ]; then + IFS="$OLDIFS" + return 0 + fi + done + IFS="$OLDIFS" + return 1 +} + +set_debconf_value() +{ +prog=$1 +name=$2 +eval variable="\$${name}" +if [ -n "$variable" ]; then + db_set clamav-$prog/$name "$variable" || true +fi +} + +make_dir() +{ + DIR=$1 + if [ -d "$DIR" ]; then + return 0; + fi + [ -n "$User" ] || User=clamav + mkdir -p -m 0755 "$DIR" + chown "$User" "$DIR" + pathfind restorecon && restorecon "$DIR" +} + +# Debconf Functions + +isdigit () +{ + case $1 in + [[:digit:]]*) + ISDIGIT=1 + ;; + *) + ISDIGIT=0 + ;; + esac +} + +inputdigit () +{ + ISDIGIT=0 + while [ "$ISDIGIT" = '0' ]; do + db_input "$1" "$2" || true + if ! db_go; then + return 30 + fi + db_get $2 || true + isdigit $RET + if [ "$ISDIGIT" = '0' ]; then + db_input critical clamav-base/numinfo || true + db_go + fi + done + return 0 +} + +StateGeneric() +{ + PRIO=$1 + QUESTION=$2 + NEXT=$3 + LAST=$4 + + db_input $PRIO $QUESTION || true + if db_go; then + STATE=$NEXT + else + STATE=$LAST + fi +} + +StateGenericDigit() +{ + PRIO=$1 + QUESTION=$2 + NEXT=$3 + LAST=$4 + + inputdigit $PRIO $QUESTION || true + if db_go; then + STATE=$NEXT + else + STATE=$LAST + fi +} + + +. /lib/lsb/init-functions + +slurp_config "$FRESHCLAM_CONF_FILE" + +if [ -z "$PidFile" ] +then + # Set the default PidFile. + PidFile='/run/clamav/freshclam.pid' +fi +[ -n "$DataBaseDirectory" ] || DataBaseDirectory=/var/run/clamav + +make_dir "$DataBaseDirectory" +make_dir $(dirname "$PidFile") + +[ -z "$UpdateLogFile" ] && UpdateLogFile=/var/log/clamav/freshclam.log +[ -z "$DatabaseDirectory" ] && DatabaseDirectory=/var/lib/clamav/ +[ -n "$DatabaseOwner" ] || DatabaseOwner=clamav + +case "$1" in + no-daemon) + su "$DatabaseOwner" -p -s /bin/sh -c "freshclam -l $UpdateLogFile --datadir $DatabaseDirectory" + ;; + start) + if [ ! -f "$PidFile" ]; then + # If clamd is run under a different UID than freshclam then we need + # to make sure the PidFile can be written or else we won't be able to + # kill it. + touch $PidFile + chown $DatabaseOwner $PidFile + fi + # If user wants it run from cron, we only accept no-daemon and stop + if [ -f /etc/cron.d/clamav-freshclam ]; then + log_warning_msg "Not starting $NAME - cron option selected" + log_warning_msg "Run the init script with the 'no-daemon' option" + # this is similar to the daemon already running + exit 0 + fi + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --oknodo -c "$DatabaseOwner" --exec $DAEMON --pidfile $PidFile --quiet -- -d --quiet --config-file=$FRESHCLAM_CONF_FILE --pid=$PidFile + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --oknodo --name $NAME --pidfile $PidFile --quiet --retry TERM/30/KILL/5 + log_end_msg $? + ;; + restart|force-reload) + $0 stop + $0 start + ;; + reload-log) + # If user wants it run from cron, we only accept no-daemon and stop + if [ -f /etc/cron.d/clamav-freshclam ]; then + log_warning_msg "Not reloading log for $NAME - cron option selected" + # log-reloading is not needed, because freshclam is not run as daemon + exit 0 + fi + log_daemon_msg "Reloading $DESC" "$NAME" + pkill -HUP -F $PidFile $NAME + log_end_msg $? + ;; + skip) + ;; + status) + start-stop-daemon --status --name $NAME --pidfile $PidFile + ret="$?" + if [ "$ret" = 0 ]; then + log_success_msg "$NAME is running" + exit 0 + else + log_failure_msg "$NAME is not running" + exit "$ret" + fi + ;; + *) + log_action_msg "Usage: $0 {no-daemon|start|stop|restart|force-reload|reload-log|skip|status}" >&2 + # invalid arguments + exit 2 + ;; +esac + +exit 0 diff --git a/logcheck/ignore.d.server/clamav-freshclam b/logcheck/ignore.d.server/clamav-freshclam new file mode 100644 index 000000000..2608bd396 --- /dev/null +++ b/logcheck/ignore.d.server/clamav-freshclam @@ -0,0 +1,7 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update process started at .*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal: (wake up|re-opening log file)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (bytecode|daily|main)\.c(l|v)d (is up to date|updated) \(version: [0-9]+, sigs: [0-9]+, f-level: [0-9]+, builder: \w+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Clamd successfully notified about the update\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: --------------------------------------$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Database updated \([0-9]+ signatures\) from .* \(IP: [0-9.]+\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading daily-[0-9]+.cdiff \[100%\] ?$ diff --git a/logrotate.d/clamav-freshclam b/logrotate.d/clamav-freshclam new file mode 100644 index 000000000..9e0f2e016 --- /dev/null +++ b/logrotate.d/clamav-freshclam @@ -0,0 +1,15 @@ +/var/log/clamav/freshclam.log { + rotate 12 + weekly + compress + delaycompress + missingok + create 640 clamav adm + postrotate + if [ -d /run/systemd/system ]; then + systemctl -q is-active clamav-freshclam && systemctl kill --signal=SIGHUP clamav-freshclam || true + else + invoke-rc.d clamav-freshclam reload-log > /dev/null || true + fi + endscript + } diff --git a/network/if-down.d/clamav-freshclam-ifupdown b/network/if-down.d/clamav-freshclam-ifupdown new file mode 100755 index 000000000..875c0ccaa --- /dev/null +++ b/network/if-down.d/clamav-freshclam-ifupdown @@ -0,0 +1,78 @@ +#!/bin/sh +# 2004-01-25, Thomas Lamy +# From Magnus Ekdahl's clamav-freshclam-handledaemon(8) + +set -e + +[ -e /var/lib/clamav/interface ] || exit 0 + +INIT=invoke-rc.d clamav-freshclam +CLAMAV_CONF_FILE=/etc/clamav/clamd.conf +FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf + +INTERNETIFACE=`cat /var/lib/clamav/interface` + +if grep -q freshclam /proc/*/stat 2>/dev/null; then + IS_RUNNING=true +else + IS_RUNNING=false +fi + +# $IFACE is set by ifup/down, $PPP_IFACE by pppd +[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE + +# This is sloppy - woody's pppd exports variables, while sid's passes them as +# arguments and exports them. + +if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd + shift 6 # and we already know the interface +fi # Dump the arguments passed. + +if [ -z "$1" ]; then + case $(dirname "$0") in + */if-up.d|*/ip-up.d) + # Short circuit and exit early if freshclam is already running + [ "$IS_RUNNING" = 'true' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=start + break + else + FMODE=skip + fi + done + ;; + */if-down.d|*/ip-down.d) + # Short circuit and exit early if freshclam is not already running + [ "$IS_RUNNING" = 'false' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=stop + break + else + FMODE=skip + fi + done + ;; + *) + FMODE=skip + ;; + esac +else + FMODE="$1" +fi + +case "$FMODE" in + start|stop) + IFACE="$IFACE" $INIT $FMODE + ;; + skip) + ;; + *) + echo "Usage: $0 {start|stop|skip}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/network/if-up.d/clamav-freshclam-ifupdown b/network/if-up.d/clamav-freshclam-ifupdown new file mode 100755 index 000000000..875c0ccaa --- /dev/null +++ b/network/if-up.d/clamav-freshclam-ifupdown @@ -0,0 +1,78 @@ +#!/bin/sh +# 2004-01-25, Thomas Lamy +# From Magnus Ekdahl's clamav-freshclam-handledaemon(8) + +set -e + +[ -e /var/lib/clamav/interface ] || exit 0 + +INIT=invoke-rc.d clamav-freshclam +CLAMAV_CONF_FILE=/etc/clamav/clamd.conf +FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf + +INTERNETIFACE=`cat /var/lib/clamav/interface` + +if grep -q freshclam /proc/*/stat 2>/dev/null; then + IS_RUNNING=true +else + IS_RUNNING=false +fi + +# $IFACE is set by ifup/down, $PPP_IFACE by pppd +[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE + +# This is sloppy - woody's pppd exports variables, while sid's passes them as +# arguments and exports them. + +if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd + shift 6 # and we already know the interface +fi # Dump the arguments passed. + +if [ -z "$1" ]; then + case $(dirname "$0") in + */if-up.d|*/ip-up.d) + # Short circuit and exit early if freshclam is already running + [ "$IS_RUNNING" = 'true' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=start + break + else + FMODE=skip + fi + done + ;; + */if-down.d|*/ip-down.d) + # Short circuit and exit early if freshclam is not already running + [ "$IS_RUNNING" = 'false' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=stop + break + else + FMODE=skip + fi + done + ;; + *) + FMODE=skip + ;; + esac +else + FMODE="$1" +fi + +case "$FMODE" in + start|stop) + IFACE="$IFACE" $INIT $FMODE + ;; + skip) + ;; + *) + echo "Usage: $0 {start|stop|skip}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/passwd b/passwd index 1da47c98f..aef980fd1 100644 --- a/passwd +++ b/passwd @@ -47,3 +47,4 @@ _graphite:x:123:132:Graphite User,,,:/var/lib/graphite:/bin/false netdata:x:997:998::/var/lib/netdata:/bin/sh cool:x:124:133::/opt/cool:/usr/sbin/nologin turnserver:x:125:134:turnserver daemon,,,:/:/bin/false +clamav:x:126:135::/var/lib/clamav:/bin/false diff --git a/passwd- b/passwd- index 6ed69a7eb..1da47c98f 100644 --- a/passwd- +++ b/passwd- @@ -46,4 +46,4 @@ icingadirector:x:998:130::/var/lib/icingadirector:/bin/false _graphite:x:123:132:Graphite User,,,:/var/lib/graphite:/bin/false netdata:x:997:998::/var/lib/netdata:/bin/sh cool:x:124:133::/opt/cool:/usr/sbin/nologin -turnserver:x:125:134::/:/bin/false +turnserver:x:125:134:turnserver daemon,,,:/:/bin/false diff --git a/ppp/ip-down.d/clamav-freshclam-ifupdown b/ppp/ip-down.d/clamav-freshclam-ifupdown new file mode 100755 index 000000000..875c0ccaa --- /dev/null +++ b/ppp/ip-down.d/clamav-freshclam-ifupdown @@ -0,0 +1,78 @@ +#!/bin/sh +# 2004-01-25, Thomas Lamy +# From Magnus Ekdahl's clamav-freshclam-handledaemon(8) + +set -e + +[ -e /var/lib/clamav/interface ] || exit 0 + +INIT=invoke-rc.d clamav-freshclam +CLAMAV_CONF_FILE=/etc/clamav/clamd.conf +FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf + +INTERNETIFACE=`cat /var/lib/clamav/interface` + +if grep -q freshclam /proc/*/stat 2>/dev/null; then + IS_RUNNING=true +else + IS_RUNNING=false +fi + +# $IFACE is set by ifup/down, $PPP_IFACE by pppd +[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE + +# This is sloppy - woody's pppd exports variables, while sid's passes them as +# arguments and exports them. + +if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd + shift 6 # and we already know the interface +fi # Dump the arguments passed. + +if [ -z "$1" ]; then + case $(dirname "$0") in + */if-up.d|*/ip-up.d) + # Short circuit and exit early if freshclam is already running + [ "$IS_RUNNING" = 'true' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=start + break + else + FMODE=skip + fi + done + ;; + */if-down.d|*/ip-down.d) + # Short circuit and exit early if freshclam is not already running + [ "$IS_RUNNING" = 'false' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=stop + break + else + FMODE=skip + fi + done + ;; + *) + FMODE=skip + ;; + esac +else + FMODE="$1" +fi + +case "$FMODE" in + start|stop) + IFACE="$IFACE" $INIT $FMODE + ;; + skip) + ;; + *) + echo "Usage: $0 {start|stop|skip}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/ppp/ip-up.d/clamav-freshclam-ifupdown b/ppp/ip-up.d/clamav-freshclam-ifupdown new file mode 100755 index 000000000..875c0ccaa --- /dev/null +++ b/ppp/ip-up.d/clamav-freshclam-ifupdown @@ -0,0 +1,78 @@ +#!/bin/sh +# 2004-01-25, Thomas Lamy +# From Magnus Ekdahl's clamav-freshclam-handledaemon(8) + +set -e + +[ -e /var/lib/clamav/interface ] || exit 0 + +INIT=invoke-rc.d clamav-freshclam +CLAMAV_CONF_FILE=/etc/clamav/clamd.conf +FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf + +INTERNETIFACE=`cat /var/lib/clamav/interface` + +if grep -q freshclam /proc/*/stat 2>/dev/null; then + IS_RUNNING=true +else + IS_RUNNING=false +fi + +# $IFACE is set by ifup/down, $PPP_IFACE by pppd +[ -n "$PPP_IFACE" ] && IFACE=$PPP_IFACE + +# This is sloppy - woody's pppd exports variables, while sid's passes them as +# arguments and exports them. + +if [ "$1" = "$IFACE" ]; then # We're called by sid's pppd + shift 6 # and we already know the interface +fi # Dump the arguments passed. + +if [ -z "$1" ]; then + case $(dirname "$0") in + */if-up.d|*/ip-up.d) + # Short circuit and exit early if freshclam is already running + [ "$IS_RUNNING" = 'true' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=start + break + else + FMODE=skip + fi + done + ;; + */if-down.d|*/ip-down.d) + # Short circuit and exit early if freshclam is not already running + [ "$IS_RUNNING" = 'false' ] && exit 0 + for interface in $INTERNETIFACE; do + if [ "$interface" = "$IFACE" ]; then + FMODE=stop + break + else + FMODE=skip + fi + done + ;; + *) + FMODE=skip + ;; + esac +else + FMODE="$1" +fi + +case "$FMODE" in + start|stop) + IFACE="$IFACE" $INIT $FMODE + ;; + skip) + ;; + *) + echo "Usage: $0 {start|stop|skip}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/rc0.d/K01clamav-freshclam b/rc0.d/K01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc0.d/K01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc1.d/K01clamav-freshclam b/rc1.d/K01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc1.d/K01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc2.d/S01clamav-freshclam b/rc2.d/S01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc2.d/S01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc3.d/S01clamav-freshclam b/rc3.d/S01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc3.d/S01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc4.d/S01clamav-freshclam b/rc4.d/S01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc4.d/S01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc5.d/S01clamav-freshclam b/rc5.d/S01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc5.d/S01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/rc6.d/K01clamav-freshclam b/rc6.d/K01clamav-freshclam new file mode 120000 index 000000000..8fbc8ddf3 --- /dev/null +++ b/rc6.d/K01clamav-freshclam @@ -0,0 +1 @@ +../init.d/clamav-freshclam \ No newline at end of file diff --git a/shadow b/shadow index 4e447e413..c47527213 100644 --- a/shadow +++ b/shadow @@ -47,3 +47,4 @@ _graphite:*:18452:0:99999:7::: netdata:!:18774:::::: cool:*:18984:0:99999:7::: turnserver:!:18984:0:99999:7::: +clamav:!:19797:0:99999:7::: diff --git a/shadow- b/shadow- index ed9699cfc..c47527213 100644 --- a/shadow- +++ b/shadow- @@ -1,4 +1,4 @@ -root:$6$L8E35mM5uHa29IkZ$xH2Px4JVa2nIDg9iTnfd1nJQnm6KZX4PCMUKdV1iaLRBruaVM6k8.iDBrRh35UfR/CyP8RL.vJtAg2QZcLake0:17832:0:99999:7::: +root:$6$PUGChnI.hsnFVXFT$nMZGXQosH3dIO1wpciP00h/LjGWjtKSEd4OO1TC6LwjLrZOrLu/.YodRt0EYuO8WzVtMENtSayQBroj4fiICA1:19025:0:99999:7::: daemon:*:17832:0:99999:7::: bin:*:17832:0:99999:7::: sys:*:17832:0:99999:7::: @@ -47,3 +47,4 @@ _graphite:*:18452:0:99999:7::: netdata:!:18774:::::: cool:*:18984:0:99999:7::: turnserver:!:18984:0:99999:7::: +clamav:!:19797:0:99999:7::: diff --git a/systemd/system/multi-user.target.wants/clamav-freshclam.service b/systemd/system/multi-user.target.wants/clamav-freshclam.service new file mode 120000 index 000000000..3adbc672b --- /dev/null +++ b/systemd/system/multi-user.target.wants/clamav-freshclam.service @@ -0,0 +1 @@ +/lib/systemd/system/clamav-freshclam.service \ No newline at end of file -- 2.43.0