mirror of
https://github.com/unman/shaker.git
synced 2024-10-01 01:25:41 -04:00
45 lines
1.5 KiB
RPMSpec
45 lines
1.5 KiB
RPMSpec
Name: 3isec-qubes-monitor
|
|
Version: 1
|
|
Release: 2%{?dist}
|
|
Summary: Prepares qube for network monitoring in Qubes
|
|
|
|
License: GPLv3+
|
|
SOURCE0: monitor
|
|
|
|
%description
|
|
This package creates a template, with tools installed for network monitoring.
|
|
An AppVM named sys-monitor, is created from that template.
|
|
The template, template-monitor, is cloned from the debian-12-minimal template.
|
|
If the debian-12-minimal template is not present, it will be downloaded
|
|
and installed - this may take some time depending on your net connection.
|
|
sys-monitor is created with `provides_network` set, so you can attach qubes to it, setting it as netvm.
|
|
Wireshark, suricata, tcpdump, and tcpflow are installed and ready to run.
|
|
The template has passwordless root installed, so you can run packet captures using `sudo..`.
|
|
If you want to run wireshark as an ordinary user, you will have to follow the instructions in `/srv/salt/monitor/README.md` to reconfigure the package.
|
|
|
|
|
|
%install
|
|
rm -rf %{buildroot}
|
|
mkdir -p %{buildroot}/srv/salt
|
|
cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
|
|
|
|
%files
|
|
%defattr(-,root,root,-)
|
|
/srv/salt/monitor/*
|
|
|
|
%post
|
|
if [ $1 -eq 1 ]; then
|
|
qubesctl state.apply monitor.create
|
|
qubesctl --skip-dom0 --targets=template-monitor state.apply monitor.install
|
|
qubesctl --skip-dom0 --targets=sys-monitor state.apply monitor.configure
|
|
fi
|
|
|
|
%preun
|
|
|
|
|
|
%changelog
|
|
* Sat Jul 27 2024 unman <unman@thirdeyesecurity.org> - 1.2
|
|
- Make suricata logs persistent
|
|
* Thu Jul 25 2024 unman <unman@thirdeyesecurity.org> - 1.1
|
|
- First Build
|