Remove incrond usage to improve compatability

firewall/debian/control

@@ -9,7 +9,7 @@ XS-Ruby-Versions: all
 
 Package: sympl-firewall
 Architecture: any
-Depends: iptables, ruby, sympl-core (>= 9.0.190611.0), libruby, ruby-sqlite3, incron, ${shlibs:Depends}, ${misc:Depends}
+Depends: iptables, ruby, sympl-core (>= 9.0.190611.0), libruby, ruby-sqlite3, ${shlibs:Depends}, ${misc:Depends}
 Replaces: symbiosis-firewall
 Provides: symbiosis-firewall
 Conflicts: symbiosis-firewall
@@ -17,7 +17,3 @@ Description: Sympl firewall generator
  This package contains a firewall generator which makes it simple to restrict
  the incoming and outgoing connections a machine is permitted to accept or
  initiate.
- .
- The firewall also allows the user to restrict the abilities of the
- www-data user  which will ensure that any PHP, or website, compromises
- do not propagate.

firewall/debian/postinst

@@ -22,20 +22,12 @@ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 
 #DEBHELPER#
 
-#
-# Add symlinks for the monit script
-# 
-monit_dir="/etc/sympl/monit.d"
-mkdir -p "$monit_dir"
-
-for i in incrond; do
-  monit_script="/usr/share/sympl/monit/checks/$i"
-  link_target="$monit_dir/$i"
-
-  if [ -x "$monit_script" ] && [ ! -e "$link_target" ]; then
-    echo "I: Adding symlink for Sympl Monit script for $i"
-    ln -s "$monit_script" "$link_target" || true
-  fi
-done
+if [ -f /etc/incron.d/sympl-firewall]; then
+  rm /etc/incron.d/sympl-firewall
+fi
+
+if [ -f /etc/sympl/monit.d/incrond]; then
+  rm /etc/sympl/monit.d/incrond
+fi
 
 exit 0

firewall/incron.d/sympl-firewall

-/etc/sympl/firewall/incoming.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 load
-/etc/sympl/firewall/outgoing.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 load
-/etc/sympl/firewall/whitelist.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 reload-whitelist
-/etc/sympl/firewall/blacklist.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR /usr/sbin/sympl-firewall -s 5 reload-blacklist
-/etc/sympl/firewall/local.d IN_NO_LOOP,IN_CREATE,IN_DELETE,IN_MOVE,IN_CLOSE_WRITE,IN_ONLYDIR,IN_ATTRIB /usr/sbin/sympl-firewall -s 5 load

firewall/monit.d/incrond

-#!/usr/bin/ruby
-#
-require 'symbiosis/monitor/check'
-
-# ensure that Incrond is running
-class IncrondCheck < Symbiosis::Monitor::Check
-  def initialize
-    super pid_file: '/var/run/incrond.pid',
-          init_script: '/etc/init.d/incron',
-          unit_name: 'incron',
-          process_name: 'incrond'
-  end
-end
-
-exit IncrondCheck.new.do_check if $PROGRAM_NAME == __FILE__

firewall/sbin/sympl-firewall-blacklist

@@ -320,5 +320,15 @@ end
 puts "Expiring done - removed #{expired} file(s)" if ( $VERBOSELOCAL )
 
 #
-# Updating the firewall is now done by the inotify cronjob
-#
+# Re-generate the blacklist chain
+#
+if ( updated || expired > 0 || force )
+  cmd = %w(/usr/sbin/sympl-firewall)
+  cmd << "--verbose" if $VERBOSELOCAL
+  cmd << "--no-execute" unless execute
+  cmd << "--no-delete"  unless delete
+  cmd += ["--prefix", base_dir]
+  cmd << "reload-blacklist"
+  puts "Running #{cmd.join(" ")}" if $VERBOSELOCAL
+  exec(*cmd)
+end

firewall/sbin/sympl-firewall-whitelist

@@ -335,6 +335,15 @@ end
 puts "Expiring done - removed #{expired} file(s)" if ( $VERBOSELOCAL )
 
 #
-# Updating the firewall is now done by the inotify cronjob.
-#
-
+# Re-generate the whitelist chain
+#
+if ( updated || expired > 0 || force )
+  cmd = %w(/usr/sbin/sympl-firewall)
+  cmd << "--verbose" if $VERBOSELOCAL
+  cmd << "--no-execute" unless execute
+  cmd << "--no-delete"  unless delete
+  cmd += ["--prefix", base_dir]
+  cmd << "reload-whitelist"
+  puts "Executing #{cmd.join(" ")}" if $VERBOSELOCAL
+  exec(*cmd)
+end