7 files changed, 459 insertions, 0 deletions
diff --git a/system/ntopng/README b/system/ntopng/README
new file mode 100644
index 0000000000..90ce3d179d
--- /dev/null
+++ b/system/ntopng/README
@@ -0,0 +1,99 @@
+ntopng is a network probe that shows network usage in a way similar to
+what top does for processes. It acts as a Web
+server, creating an HTML dump of the network status.
+
+It is a successor to ntop, which is discontinued. Main differences seem
+to be:
+
+a. No terminal interface present. Only web.
+b. No built-in flow collector, at least not for NetFlow or sFlow.
+
+When installing ntopng, pay attention to the following:
+
+1. UID/GID
+ntopng needs to run under its own user/group. This has been assigned to
+the following by SlackBuilds.org, but feel free to change it on your
+system for consistency with local assignments.
+  User:   ntopng            UID: 212        GID: 212
+  group:  ntopng                            GID: 212
+You can change pass alternate values for the user and group using
+NTOPUSER and NTOPGROUP variables when running the build script.
+
+The build script will suggest creating these groups if they are not
+present.
+
+2. Log rotation.
+
+Logs are placed in /var/log/ntopng/ and will be rotated every week. The
+log rotation will restart the ntopng server which will reset the ntopng
+statistics. If you want to keep the statistics you have to edit or
+delete the /etc/logrotate.d/ntopng file.
+
+3. Flow collection
+
+ntopng now uses a custom flow collection format, based on zeromq. To
+convert a standard NetFlow or sFlow into this format, the developer
+suggess bying their commercial tool called nProbe.
+
+However, there exists a free software flow collection (supporting only)
+NetFlowV9, called netflow2ng. It is not available on SBo, but there is
+an unfinished SlackBuild for it, which can be found on
+
+https://gitlab.com/Lockywolf/lwfslackbuilds/-/raw/master/\
+10_unfit-for-sbo-require-network/netflow2ng/\
+netflow2ng.SlackBuild?ref_type=heads
+
+4. Geoidentification and dynamic data
+
+ntopng depends on some dynamic data in order to display relevant
+information about the flows.
+
+a. Geographical distribution of IP addresses. ntopng can use both
+   maxmind, and db-ip information, both free-low-quality, and
+   paid-high-quality. Maxmind data can be updated by running
+   geoipupdate from cron on a weekly basis. These data are usually
+   installed globally, into /var/lib/GeoIP/. For more information,
+   consult doc/README.geolocation.md, and keep in mind that ntopng-data
+   does not exist on Slackware, but geoipupdate does.
+b. Various lists:
+'Abuse.ch URLhaus' [https://urlhaus.abuse.ch/downloads/hostfile/]
+'Emerging Threats' [https://rules.emergingthreats.net/fwrules/\
+emerging-Block-IPs.txt]
+'NoCoin Filter List' [https://raw.githubusercontent.com/hoshsadiq/\
+adblock-nocoin-list/master/hosts.txt]
+'SSLBL Botnet C2 IP Blacklist' [https://sslbl.abuse.ch/blacklist/\
+sslipblacklist.txt]
+'Stratosphere Lab' [https://mcfp.felk.cvut.cz/publicDatasets/\
+CTU-AIPP-BlackList/Todays-Blacklists/\
+AIP_historical_blacklist_prioritized_by_newest_attackers.csv]
+'ThreatFox' [https://threatfox.abuse.ch/downloads/hostfile/]
+'dshield 7 days' [https://raw.githubusercontent.com/firehol/\
+blocklist-ipsets/master/dshield_7d.netset]
+        Those lists are updated automatically by ntopng, periodically.
+        There is a configuration option to disable these updates.
+
+
+5. nDPI
+
+ntopng depends on nDPI, a Deep Packet Inspection library. SBo has a
+SlackBuild for nDPI, however, in recent versions ntopng prefers to use
+its own version of nDPI, linked-in statically. If you find that the
+built-in version deviates in features from the standalone one, you are
+welcome to report this.
+
+6. redis
+
+ntopng requires redis. The version on SBo is enough, but it needs to
+be running before ntopng can be started.
+
+7. ntopng crashes when started as a daemon. I am not sure why. The
+initscript at the moment just starts it in the background and disowns.
+ntopng also does not terminate on sigterm normally, hence the rc script
+kill-9's it. If you have better ideas, submit a patch to the slackbuild.
+Due to all this stupidities, rc.ntopng is a .new script, so it will not
+be overwritten on upgrade. We really need a better version.
+
+8. ntopng goes insane when it sees "virtual ethernets" that are usually
+created to communicate between network namespaces. Do not be surprised
+if weird effect appear, and possibly remove those virtual ethernets
+from the listening list.
diff --git a/system/ntopng/doinst.sh b/system/ntopng/doinst.sh
new file mode 100644
index 0000000000..1250e7e18c
--- /dev/null
+++ b/system/ntopng/doinst.sh
@@ -0,0 +1,25 @@
+config() {
+    NEW="$1"
+    OLD="$(dirname $NEW)/$(basename $NEW .new)"
+    # If there's no config file by that name, mv it over:
+    if [ ! -r $OLD ]; then
+        mv $NEW $OLD
+    elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+        rm $NEW
+    fi
+    # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ -e $OLD ]; then
+    cp -a $OLD ${NEW}.incoming
+    cat $NEW > ${NEW}.incoming
+    mv ${NEW}.incoming $NEW
+  fi
+  config $NEW
+}
+
+preserve_perms etc/rc.d/rc.ntopng.new
+config etc/logrotate.d/ntopng.new
diff --git a/system/ntopng/ntopng.SlackBuild b/system/ntopng/ntopng.SlackBuild
new file mode 100644
index 0000000000..f0e662cb46
--- /dev/null
+++ b/system/ntopng/ntopng.SlackBuild
@@ -0,0 +1,187 @@
+#!/bin/bash
+
+# Slackware build script for ntopng
+
+# Copyright 2023, Lockywolf
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PRGNAM=ntopng
+PRGNAM2=nDPI
+VERSION=${VERSION:-6.0}
+VERSION2=${VERSION2:-4.8}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+PKGTYPE=${PKGTYPE:-tgz}
+
+MUID=${MUID:-212}
+MGID=${MGID:-212}
+NTOPUSER=${NTOPUSER:-ntopng}
+NTOPGROUP=${NTOPGROUP:-ntopng}
+
+if ! getent group ntopng 2>&1 > /dev/null; then
+  echo "  You must have an ntopng group to run this script."
+  echo "    # groupadd -g $MGID ntopng"
+  exit 1
+elif ! getent passwd ntopng 2>&1 > /dev/null; then
+  echo "  You must have a ntopng user to run this script."
+  echo "    # useradd -u $MUID -g $MGID -d /var/lib/ntopng ntopng"
+  exit 1
+fi
+
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
+  exit 0
+fi
+
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O0 -fPIC -ggdb"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION $PRGNAM2-$VERSION2
+#tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+tar xvf $CWD/$PRGNAM2-$VERSION2.tar.gz
+cd $PRGNAM2-$VERSION2
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} + -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} +
+
+./autogen.sh
+CXX='ccache g++' \
+CC='ccache gcc'   \
+   CFLAGS="$SLKCFLAGS" \
+   CXXFLAGS="$SLKCFLAGS" ./configure  --with-pcre \
+  --with-maxminddb
+make
+
+export NDPI_HOME=$TMP/$PRGNAM2-$VERSION2
+
+rm -rf ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687
+tar xvf $CWD/ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687.tar.gz
+
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+
+#cd ../$PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} + -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} +
+
+rmdir httpdocs/dist
+mv ../ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687 httpdocs/dist
+
+./autogen.sh
+CXX='ccache g++' \
+CC='ccache gcc'   \
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --datadir=/var/lib/ntopng \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --disable-static \
+  --with-pcre \
+  --with-maxminddb \
+  --build=$ARCH-slackware-linux
+sed -i 's|-lhiredis|-lhiredis -lpcre|g' Makefile
+
+sed -i  's|callbacks_dir = ntop->getValidPath(callbacks_dir);|callbacks_dir = "/usr/share/ntopng/scripts/callbacks";|g' src/Prefs.cpp
+
+make
+make install DESTDIR=$PKG
+cp packages/wizard/ntopng-config $PKG/usr/bin
+
+strip $PKG/usr/bin/ntopng
+
+rm $PKG/usr/share/ntopng/httpdocs/geoip/README.geolocation.md
+
+install -D -m 0644 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
+
+mkdir -p $PKG/var/{lib,log}/$PRGNAM
+chown ntopng:ntopng $PKG/var/{lib,log}/$PRGNAM
+
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/etc/logrotate.d $PKG/etc/rc.d
+install -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
+# sed \
+#   -e "s%@NTOPUSER@%$NTOPUSER%" \
+#   -e "s%@NTOPGROUP@%$NTOPGROUP%" \
+#   $CWD/rc.ntopng > $PKG/etc/rc.d/rc.ntopng.new
+cat $CWD/rc.ntopng > $PKG/etc/rc.d/rc.ntopng.new
+
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/nDPI
+
+cp -a *.md COPYING LICENSE $PKG/usr/doc/$PRGNAM-$VERSION
+
+( cd $TMP/$PRGNAM2-$VERSION2
+  cp -a *.md COPYING $PKG/usr/doc/$PRGNAM-$VERSION/nDPI )
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/system/ntopng/ntopng.info b/system/ntopng/ntopng.info
new file mode 100644
index 0000000000..02764f6a21
--- /dev/null
+++ b/system/ntopng/ntopng.info
@@ -0,0 +1,14 @@
+PRGNAM="ntopng"
+VERSION="6.0"
+HOMEPAGE="https://www.ntop.org"
+DOWNLOAD="https://github.com/ntop/ntopng/archive/6.0/ntopng-6.0.tar.gz \
+https://github.com/ntop/nDPI/archive/4.8/nDPI-4.8.tar.gz \
+https://github.com/ntop/ntopng-dist/archive/222d5a0e9ce7b60689b014898f3fc84b3c493687/ntopng-dist-222d5a0e9ce7b60689b014898f3fc84b3c493687.tar.gz"
+MD5SUM="a6f2a09a3114841ea020b23de6db9081 \
+41a5437fa7d274f59f852b17b776558f \
+488fe73c0a221bdab7c74f21720dbe41"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="GeoIP graphviz rrdtool redis hiredis zeromq libmaxminddb"
+MAINTAINER="Lockywolf"
+EMAIL="for_sbo.ntopng_2023-11-20@lockywolf.net"
diff --git a/system/ntopng/ntopng.logrotate b/system/ntopng/ntopng.logrotate
new file mode 100644
index 0000000000..05c75dea39
--- /dev/null
+++ b/system/ntopng/ntopng.logrotate
@@ -0,0 +1,11 @@
+/var/log/ntopng {
+    # based on ntopng.logrotate included in the ntopng/debian source.
+    weekly
+    missingok
+    rotate 4
+    # ntopng doesn't handle SIGHUP
+    copytruncate
+    nocompress
+    notifempty
+    create 640 root wheel
+}
diff --git a/system/ntopng/rc.ntopng b/system/ntopng/rc.ntopng
new file mode 100644
index 0000000000..b05335359d
--- /dev/null
+++ b/system/ntopng/rc.ntopng
@@ -0,0 +1,104 @@
+#!/bin/sh
+
+# /etc/rc.d/rc.ntopng : start/stop/restart ntopng
+# usage: ./rc.ntopng { start | stop | restart }
+
+# Thanks to andarius <andarius@errantnutron.com> for donating
+# time and the various cleanups in the script and the start|stop|restart
+# functions.
+
+NTOPUID=ntopng
+NTOPGID=ntopng
+NTOPLOG=/var/log/ntopng/ntopng.log
+DATE=$(date +%a\ %b\ %d\ %T\ %Y)
+RETVAL=0
+
+# Sanity Checking
+if [  ! -r "/var/lib/ntopng/" ]; then
+    echo "Can not read ntopng state directory. Exiting..."
+    exit 1
+fi
+
+ntopng_start() {
+    echo -n $"Starting ntopng ...  "
+    if [ -r /var/run/ntopng.pid ]; then
+        if $(! /sbin/pidof ntopng > /dev/null 2>&1 ) ; then
+            echo "Removing an old /var/run/ntopng.pid"
+            rm -f /var/run/ntopng.pid
+        fi
+    fi
+
+    /usr/bin/ntopng   --scripts-dir=/usr/share/ntopng/scripts \
+                      --install-dir=/usr/share/ntopng \
+                      --httpdocs-dir=/usr/share/ntopng/httpdocs \
+                      --user=$NTOPUID \
+                      --daemon \
+                      --pid=/var/run/ntopng.pid >> $NTOPLOG 2>&1 &
+    disown
+    return 0
+    RETVAL=$?
+
+    if [ $RETVAL -eq 0 ]; then
+        touch /var/lock/ntopng
+        sleep 2
+        echo "Done"
+    else
+        echo "Failed"
+    fi
+    return $RETVAL
+}
+
+ntopng_stop() {
+    echo -n $"Stopping ntopng ...  "
+    RETVAL=$?
+    if [ $RETVAL -eq 0 ]; then
+        if [ -r /var/run/ntopng.pid ]; then
+            pkill ntopng
+            # Give it some time to die gracefully
+            for second in 0 1 2 3 4 5 6 7 8 9 10 ; do
+                if $(! /sbin/pidof ntopng > /dev/null 2>&1 ) ; then
+                    # ntopng is a dirty little daemon:
+                    rm -f /var/run/ntopng.pid
+                    break
+                fi
+                sleep 1
+            done
+
+            if [ "$second" = "10" ]; then
+              echo "\nWARNING: ntopng did not exit normally, killing!"
+              pkill ntopng
+              sleep 10
+            else
+                # Yes there are two spaces as this is the way ntopng writes
+                # their logfiles.
+                echo "$DATE  EXIT: ntopng stopped by user: $USER (UID: $EUID)" >> $NTOPLOG
+                echo "Done"
+            fi
+        fi
+        rm -f /var/lock/ntopng
+    fi
+    return $RETVAL
+}
+
+# Lets see how we are being called:
+case "$1" in
+    start)
+        ntopng_start
+        ;;
+    stop)
+        ntopng_stop
+        ;;
+    restart|reload)
+        ntopng_stop
+        # Takes a few to recover and be able to start again:
+        sleep 10
+        ntopng_start
+        ;;
+    *)
+        echo ""
+        echo "Usage: $(basename $0) {start | stop | restart }"
+        RETVAL=1
+esac
+
+exit $RETVAL
+#EOF
diff --git a/system/ntopng/slack-desc b/system/ntopng/slack-desc
new file mode 100644
index 0000000000..2d610c8b73
--- /dev/null
+++ b/system/ntopng/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+      |-----handy-ruler------------------------------------------------------|
+ntopng: ntopng (Network usage with shiny graphs)
+ntopng:
+ntopng: ntopng is a network probe that shows network usage in a way similar to
+ntopng: what top does for processes. In interactive mode, it displays the
+ntopng: network status on the user's terminal. In Web mode, it acts as a Web
+ntopng: server, creating an HTML dump of the network status.
+ntopng:
+ntopng: It sports a NetFlow/sFlow emitter/collector, an HTTP-based client
+ntopng: interface for creating ntopng-centric monitoring applications, and
+ntopng: RRD for persistently storing traffic statistics.
+ntopng: