From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B08A9138247 for ; Mon, 18 Nov 2013 02:48:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A4942E0999; Mon, 18 Nov 2013 02:48:13 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 16E33E0999 for ; Mon, 18 Nov 2013 02:48:13 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D2AB033F141 for ; Mon, 18 Nov 2013 02:48:11 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 29ACFE5459 for ; Mon, 18 Nov 2013 02:48:09 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1384742905.a3750b3c562ab7524427f0c6d6bcb2b3c1bbad2d.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-dev:uclibc commit in: app-admin/syslog-ng/files/3.4/, app-admin/syslog-ng/files/, app-admin/syslog-ng/ X-VCS-Repository: proj/hardened-dev X-VCS-Files: app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-autotools.patch app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-compile.patch app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-uclibc.patch app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened app-admin/syslog-ng/files/3.4/syslog-ng.confd app-admin/syslog-ng/files/3.4/syslog-ng.rc6 app-admin/syslog-ng/files/README.hardened app-admin/syslog-ng/files/syslog-ng.confd app-admin/syslog-ng/files/syslog-ng.logrotate app-admin/syslog-ng/files/syslog-ng.logrotate.hardened app-admin/syslog-ng/metadata.xml app-admin/syslog-ng/syslog-ng-3.4.2-r99.ebuild X-VCS-Directories: app-admin/syslog-ng/files/3.4/ app-admin/syslog-ng/files/ app-admin/syslog-ng/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: a3750b3c562ab7524427f0c6d6bcb2b3c1bbad2d X-VCS-Branch: uclibc Date: Mon, 18 Nov 2013 02:48:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 372d624c-f49d-475a-8e36-c4c859a29b91 X-Archives-Hash: 101638dd2c31bb88f54e608eea9a46e8 commit: a3750b3c562ab7524427f0c6d6bcb2b3c1bbad2d Author: Anthony G. Basile gentoo org> AuthorDate: Mon Nov 18 02:48:25 2013 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Mon Nov 18 02:48:25 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=a3750b3c app-admin/syslog-ng: disable afamqp module Package-Manager: portage-2.2.7 RepoMan-Options: --force Manifest-Sign-Key: 0xF52D4BBA --- .../files/3.4/syslog-ng-3.4.2-autotools.patch | 38 +++++++ .../files/3.4/syslog-ng-3.4.2-compile.patch | 10 ++ .../files/3.4/syslog-ng-3.4.2-uclibc.patch | 6 ++ .../syslog-ng/files/3.4/syslog-ng.conf.gentoo | 37 +++++++ .../syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd | 25 +++++ .../files/3.4/syslog-ng.conf.gentoo.hardened | 115 +++++++++++++++++++++ app-admin/syslog-ng/files/3.4/syslog-ng.confd | 42 ++++++++ app-admin/syslog-ng/files/3.4/syslog-ng.rc6 | 59 +++++++++++ app-admin/syslog-ng/files/README.hardened | 13 +++ app-admin/syslog-ng/files/syslog-ng.confd | 6 ++ app-admin/syslog-ng/files/syslog-ng.logrotate | 13 +++ .../syslog-ng/files/syslog-ng.logrotate.hardened | 76 ++++++++++++++ app-admin/syslog-ng/metadata.xml | 14 +++ app-admin/syslog-ng/syslog-ng-3.4.2-r99.ebuild | 105 +++++++++++++++++++ 14 files changed, 559 insertions(+) diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-autotools.patch b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-autotools.patch new file mode 100644 index 0000000..c57f9f5 --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-autotools.patch @@ -0,0 +1,38 @@ +--- syslog-ng-3.4.1.orig/configure.in ++++ syslog-ng-3.4.1/configure.in +@@ -68,7 +68,7 @@ + pidfiledir='${localstatedir}' + moduledir='${exec_prefix}/lib/syslog-ng' + +-AM_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADERS(config.h) + + dnl *************************************************************************** + dnl Arguments +@@ -227,7 +227,6 @@ + dnl *************************************************************************** + dnl Checks for programs. + AC_PROG_CC +-AM_PROG_CC_STDC + AC_PROG_CC_C99 + if test "x$ac_cv_prog_cc_c99" = "xno"; then + AC_MSG_ERROR("C99 standard compliant C compiler required. Try GCC 3.x or later.") +--- syslog-ng-3.4.1.orig/modules/afmongodb/libmongo-client/configure.ac ++++ syslog-ng-3.4.1/modules/afmongodb/libmongo-client/configure.ac +@@ -15,7 +15,7 @@ + + AC_CONFIG_MACRO_DIR([m4]) + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +-AM_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADERS(config.h) + + AC_ARG_WITH([versioned-symbols], AC_HELP_STRING([--with-versioned-symbols],[Use versioned symbols]),[dnl + vsymldflags="-Wl,--version-script,\${srcdir}/libmongo-client.ver -Wl,-O1" +@@ -24,7 +24,6 @@ + dnl *************************************************************************** + dnl Checks for programs. + AC_PROG_CC +-AM_PROG_CC_STDC + AC_PROG_MAKE_SET + PKG_PROG_PKG_CONFIG + LT_INIT([shared]) diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-compile.patch b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-compile.patch new file mode 100644 index 0000000..ad72bdb --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-compile.patch @@ -0,0 +1,10 @@ +--- syslog-ng-3.4.1/lib/persist-state.c ++++ syslog-ng-3.4-master/lib/persist-state.c +@@ -26,6 +26,7 @@ + #include "serialize.h" + #include "messages.h" + #include "mainloop.h" ++#include "misc.h" + + #include + #include diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-uclibc.patch b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-uclibc.patch new file mode 100644 index 0000000..28efd80 --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng-3.4.2-uclibc.patch @@ -0,0 +1,6 @@ +diff -Naur syslog-ng-3.4.2.orig/modules/Makefile.am syslog-ng-3.4.2/modules/Makefile.am +--- syslog-ng-3.4.2.orig/modules/Makefile.am 2013-01-06 20:40:30.000000000 +0000 ++++ syslog-ng-3.4.2/modules/Makefile.am 2013-11-18 02:15:28.421222811 +0000 +@@ -1 +1 @@ +-SUBDIRS = syslogformat afsocket afsql afstreams affile afprog afuser afamqp afmongodb afsmtp csvparser confgen system-source pacctformat basicfuncs cryptofuncs dbparser json tfgeoip ++SUBDIRS = syslogformat afsocket afsql afstreams affile afprog afuser afmongodb afsmtp csvparser confgen system-source pacctformat basicfuncs cryptofuncs dbparser json tfgeoip diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo new file mode 100644 index 0000000..e8d3b4f --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo @@ -0,0 +1,37 @@ +@version: 3.4 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo,v 1.2 2013/06/02 01:18:35 mr_bones_ Exp $ +# +# Syslog-ng default configuration file for Gentoo Linux + +# https://bugs.gentoo.org/show_bug.cgi?id=426814 +@include "scl.conf" + +options { + threaded(yes); + chain_hostnames(no); + + # The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0). + stats_freq(43200); + # The default action of syslog-ng is to log a MARK line + # to the file every 20 minutes. That's seems high for most + # people so turn it down to once an hour. Set it to zero + # if you don't want the functionality at all. + mark_freq(3600); +}; + +source src { system(); internal(); }; + +destination messages { file("/var/log/messages"); }; + +# By default messages are logged to tty12... +destination console_all { file("/dev/tty12"); }; +# ...if you intend to use /dev/console for programs like xconsole +# you can comment out the destination line above that references /dev/tty12 +# and uncomment the line below. +#destination console_all { file("/dev/console"); }; + +log { source(src); destination(messages); }; +log { source(src); destination(console_all); }; diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd new file mode 100644 index 0000000..66130be --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd @@ -0,0 +1,25 @@ +@version: 3.4 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.fbsd,v 1.2 2013/06/02 01:18:35 mr_bones_ Exp $ +# +# Syslog-ng default configuration file for Gentoo FreeBSD +# + +# https://bugs.gentoo.org/show_bug.cgi?id=426814 +@include "scl.conf" + +options { + threaded(yes); + chain_hostnames(no); + + # The default action of syslog-ng is to log a STATS line + # to the file every 10 minutes. That's pretty ugly after a while. + # Change it to every 12 hours so you get a nice daily update of + # how many messages syslog-ng missed (0). + stats_freq(43200); +}; + +source src { system(); internal(); }; + +destination messages { file("/var/log/messages"); }; + +log { source(src); destination(messages); }; diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened new file mode 100644 index 0000000..3df0808 --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened @@ -0,0 +1,115 @@ +@version: 3.4 +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.conf.gentoo.hardened,v 1.1 2013/04/28 04:50:34 mr_bones_ Exp $ + +# https://bugs.gentoo.org/show_bug.cgi?id=426814 +@include "scl.conf" + +# +# Syslog-ng configuration file, compatible with default hardened installations. +# + +options { + threaded(yes); + chain_hostnames(no); + stats_freq(43200); +}; + +source src { + unix-dgram("/dev/log"); + internal(); +}; +source kernsrc { + file("/proc/kmsg"); +}; + +#source net { udp(); }; +#log { source(net); destination(net_logs); }; +#destination net_logs { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); }; + +destination authlog { file("/var/log/auth.log"); }; +destination _syslog { file("/var/log/syslog"); }; +destination cron { file("/var/log/cron.log"); }; +destination daemon { file("/var/log/daemon.log"); }; +destination kern { file("/var/log/kern.log"); file("/dev/tty12"); }; +destination lpr { file("/var/log/lpr.log"); }; +destination user { file("/var/log/user.log"); }; +destination uucp { file("/var/log/uucp.log"); }; +#destination ppp { file("/var/log/ppp.log"); }; +destination mail { file("/var/log/mail.log"); }; + +destination avc { file("/var/log/avc.log"); }; +destination audit { file("/var/log/audit.log"); }; +destination pax { file("/var/log/pax.log"); }; +destination grsec { file("/var/log/grsec.log"); }; + +destination mailinfo { file("/var/log/mail.info"); }; +destination mailwarn { file("/var/log/mail.warn"); }; +destination mailerr { file("/var/log/mail.err"); }; + +destination newscrit { file("/var/log/news/news.crit"); }; +destination newserr { file("/var/log/news/news.err"); }; +destination newsnotice { file("/var/log/news/news.notice"); }; + +destination debug { file("/var/log/debug"); }; +destination messages { file("/var/log/messages"); }; +destination console { usertty("root"); }; +destination console_all { file("/dev/tty12"); }; +#destination loghost { udp("loghost" port(999)); }; + +destination xconsole { pipe("/dev/xconsole"); }; + +filter f_auth { facility(auth); }; +filter f_authpriv { facility(auth, authpriv); }; +filter f_syslog { not facility(authpriv, mail); }; +filter f_cron { facility(cron); }; +filter f_daemon { facility(daemon); }; +filter f_kern { facility(kern); }; +filter f_lpr { facility(lpr); }; +filter f_mail { facility(mail); }; +filter f_user { facility(user); }; +filter f_uucp { facility(uucp); }; +#filter f_ppp { facility(ppp); }; +filter f_news { facility(news); }; +filter f_debug { not facility(auth, authpriv, news, mail); }; +filter f_messages { level(info..warn) + and not facility(auth, authpriv, mail, news); }; +filter f_emergency { level(emerg); }; + +filter f_info { level(info); }; + +filter f_notice { level(notice); }; +filter f_warn { level(warn); }; +filter f_crit { level(crit); }; +filter f_err { level(err); }; + +filter f_avc { message(".*avc: .*"); }; +filter f_audit { message("^(\\[.*\..*\] |)audit.*") and not message(".*avc: .*"); }; +filter f_pax { message("^(\\[.*\..*\] |)PAX:.*"); }; +filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); }; + +log { source(src); filter(f_authpriv); destination(authlog); }; +log { source(src); filter(f_syslog); destination(_syslog); }; +log { source(src); filter(f_cron); destination(cron); }; +log { source(src); filter(f_daemon); destination(daemon); }; +log { source(kernsrc); filter(f_kern); destination(kern); }; +log { source(src); filter(f_lpr); destination(lpr); }; +log { source(src); filter(f_mail); destination(mail); }; +log { source(src); filter(f_user); destination(user); }; +log { source(src); filter(f_uucp); destination(uucp); }; +log { source(kernsrc); filter(f_pax); destination(pax); }; +log { source(kernsrc); filter(f_grsec); destination(grsec); }; +log { source(kernsrc); filter(f_audit); destination(audit); }; +log { source(kernsrc); filter(f_avc); destination(avc); }; +log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; +log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; +log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; +log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; +log { source(src); filter(f_news); filter(f_err); destination(newserr); }; +log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; +log { source(src); filter(f_debug); destination(debug); }; +log { source(src); filter(f_messages); destination(messages); }; +log { source(src); filter(f_emergency); destination(console); }; +#log { source(src); filter(f_ppp); destination(ppp); }; +log { source(src); destination(console_all); }; diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng.confd b/app-admin/syslog-ng/files/3.4/syslog-ng.confd new file mode 100644 index 0000000..6a437d1 --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng.confd @@ -0,0 +1,42 @@ +# Config file for /etc/init.d/syslog-ng + +# If you are not using network logging, this entire section should be +# commented out. Otherwise, choose one of the settings below based on +# how you are configuring your network. +# +# If you are using the net.* scripts to configure your network, you should +# set rc_need to match the interface through which your logging server +# can be reached. +#rc_need="net.eth0" +# +# If you are using an interface manager like wicd, dhcpcd in standalone +# mode, networkmanager, etc to control your interfaces, set rc_need to +# the name of that service. +# rc_need="dhcpcd" +#rc_need="networkmanager" +# +# If you are using newnet and configuring your interface statically with +# the network script, you should use this setting. +#rc_need="network" +# +# You can use this setting, but I do not recommend relying on it. +#rc_need="net" +# +# You may also want to uncomment the following if you are using network +# logging. +#rc_use="stunnel" + +# For very customized setups these variables can be adjusted as needed +# but for most situations they should remain commented: +# SYSLOG_NG_CONFIGFILE=/etc/syslog-ng/syslog-ng.conf +# SYSLOG_NG_STATEFILE_DIR=/var/lib/syslog-ng +# SYSLOG_NG_STATEFILE=${SYSLOG_NG_STATEFILE_DIR}/syslog-ng.persist +# SYSLOG_NG_PIDFILE_DIR=/var/run +# SYSLOG_NG_PIDFILE=${SYSLOG_NG_PIDFILE_DIR}/syslog-ng.pid +# SYSLOG_NG_GROUP=root +# SYSLOG_NG_USER=root + +# Put any additional options for syslog-ng here. +# See syslog-ng(8) for more information. + +SYSLOG_NG_OPTS="" diff --git a/app-admin/syslog-ng/files/3.4/syslog-ng.rc6 b/app-admin/syslog-ng/files/3.4/syslog-ng.rc6 new file mode 100644 index 0000000..eb28bb8 --- /dev/null +++ b/app-admin/syslog-ng/files/3.4/syslog-ng.rc6 @@ -0,0 +1,59 @@ +#!/sbin/runscript +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/3.4/syslog-ng.rc6,v 1.6 2013/08/31 17:44:03 mr_bones_ Exp $ + +SYSLOG_NG_CONFIGFILE=${SYSLOG_NG_CONFIGFILE:-/etc/syslog-ng/${RC_SVCNAME}.conf} +SYSLOG_NG_STATEFILE_DIR=${SYSLOG_NG_STATEFILE_DIR:-/var/lib/syslog-ng} +SYSLOG_NG_STATEFILE=${SYSLOG_NG_STATEFILE:-${SYSLOG_NG_STATEFILE_DIR}/syslog-ng.persist} +SYSLOG_NG_PIDFILE_DIR=${SYSLOG_NG_PIDFILE_DIR:-/var/run} +SYSLOG_NG_PIDFILE=${SYSLOG_NG_PIDFILE:-${SYSLOG_NG_PIDFILE_DIR}/${RC_SVCNAME}.pid} + +SYSLOG_NG_GROUP=${SYSLOG_NG_GROUP:-root} +SYSLOG_NG_USER=${SYSLOG_NG_USER:-root} + +command="/usr/sbin/syslog-ng" +command_args="--persist-file \"${SYSLOG_NG_STATEFILE}\" --cfgfile \"${SYSLOG_NG_CONFIGFILE}\" --pidfile \"${SYSLOG_NG_PIDFILE}\" ${SYSLOG_NG_OPTS}" +extra_commands="checkconfig" +extra_started_commands="reload" +pidfile="${SYSLOG_NG_PIDFILE}" +start_stop_daemon_args="--user \"${SYSLOG_NG_USER}\":\"${SYSLOG_NG_GROUP}\"" +description="Syslog-ng is a syslog replacement with advanced filtering features." +description_checkconfig="Check the configuration file that will be used by \"start\"" +description_reload="Reload the configuration without exiting" +required_files="${SYSLOG_NG_CONFIGFILE}" +required_dirs="${SYSLOG_NG_PIDFILE_DIR}" + +depend() { + use clock + need hostname localmount + after bootmisc + provide logger +} + +checkconfig() { + ebegin "Checking your configfile (${SYSLOG_NG_CONFIGFILE})" + syslog-ng -s -f "${SYSLOG_NG_CONFIGFILE}" + eend $? "Configuration error. Please fix your configfile (${SYSLOG_NG_CONFIGFILE})" +} + +start_pre() { + checkconfig || return 1 + checkpath \ + -d \ + --mode 0700 \ + --owner "${SYSLOG_NG_OWNER}:${SYSLOG_NG_GROUP}" \ + "${SYSLOG_NG_STATEFILE_DIR}" +} + +stop_pre() { + [ "$RC_CMD" = restart ] && sleep 1 + return 0 +} + +reload() { + checkconfig || return 1 + ebegin "Reloading configuration and re-opening log files" + start-stop-daemon --signal HUP --pidfile "${pidfile}" + eend $? +} diff --git a/app-admin/syslog-ng/files/README.hardened b/app-admin/syslog-ng/files/README.hardened new file mode 100644 index 0000000..dcb0fc3 --- /dev/null +++ b/app-admin/syslog-ng/files/README.hardened @@ -0,0 +1,13 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +If you intend to use syslog-ng together with the systemd journal, +please be sure to configure it to listen accordingly, e.g. replace + + unix-dgram("/dev/log"); + +with + + unix-dgram("/run/systemd/journal/syslog"); + +in /etc/syslog-ng/syslog-ng.conf diff --git a/app-admin/syslog-ng/files/syslog-ng.confd b/app-admin/syslog-ng/files/syslog-ng.confd new file mode 100644 index 0000000..170862f --- /dev/null +++ b/app-admin/syslog-ng/files/syslog-ng.confd @@ -0,0 +1,6 @@ +# Config file for /etc/init.d/syslog-ng + +# Put any additional options for syslog-ng here. +# See syslog-ng(8) for more information. + +SYSLOG_NG_OPTS="" diff --git a/app-admin/syslog-ng/files/syslog-ng.logrotate b/app-admin/syslog-ng/files/syslog-ng.logrotate new file mode 100644 index 0000000..e982686 --- /dev/null +++ b/app-admin/syslog-ng/files/syslog-ng.logrotate @@ -0,0 +1,13 @@ +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate,v 1.3 2008/10/15 20:46:12 mr_bones_ Exp $ +# +# Syslog-ng logrotate snippet for Gentoo Linux +# contributed by Michael Sterrett +# + +/var/log/messages { + missingok + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened b/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened new file mode 100644 index 0000000..b743b14 --- /dev/null +++ b/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened @@ -0,0 +1,76 @@ +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $ +# +# Syslog-ng logrotate snippet for Hardened Gentoo Linux +# contributed by Maciej Grela +# +# Updated bug #284669 + +# Generic +/var/log/debug /var/log/syslog /var/log/kern.log { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# System services +/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# User log +/var/log/user.log { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# News system +/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# Mail system +/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# Hardened logs +/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log { + sharedscripts + missingok + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# Authentication +/var/log/auth.log { + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} + +# the rest +/var/log/messages { + sharedscripts + postrotate + /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true + endscript +} diff --git a/app-admin/syslog-ng/metadata.xml b/app-admin/syslog-ng/metadata.xml new file mode 100644 index 0000000..10496dd --- /dev/null +++ b/app-admin/syslog-ng/metadata.xml @@ -0,0 +1,14 @@ + + + + + mr_bones_@gentoo.org + Michael Sterrett + + + Enable support for SMTP destinations + Enable support for spoofed source addresses + Enable support for JSON template formatting via dev-libs/json-glib + Enable support for mongodb destinations + + diff --git a/app-admin/syslog-ng/syslog-ng-3.4.2-r99.ebuild b/app-admin/syslog-ng/syslog-ng-3.4.2-r99.ebuild new file mode 100644 index 0000000..a3a7025 --- /dev/null +++ b/app-admin/syslog-ng/syslog-ng-3.4.2-r99.ebuild @@ -0,0 +1,105 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/syslog-ng-3.4.2.ebuild,v 1.12 2013/11/13 17:29:42 mr_bones_ Exp $ + +EAPI=5 +inherit autotools eutils multilib systemd + +MY_PV=${PV/_/} +DESCRIPTION="syslog replacement with advanced filtering features" +HOMEPAGE="http://www.balabit.com/network-security/syslog-ng" +SRC_URI="http://www.balabit.com/downloads/files/syslog-ng/sources/${MY_PV}/source/syslog-ng_${MY_PV}.tar.gz" + +LICENSE="GPL-2+ LGPL-2.1+" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86 ~x86-fbsd" +IUSE="caps dbi geoip ipv6 json mongodb +pcre smtp spoof-source ssl tcpd" +RESTRICT="test" + +RDEPEND=" + pcre? ( dev-libs/libpcre ) + spoof-source? ( net-libs/libnet:1.1 ) + ssl? ( dev-libs/openssl:= ) + smtp? ( net-libs/libesmtp ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + >=dev-libs/eventlog-0.2.12 + >=dev-libs/glib-2.10.1:2 + json? ( >=dev-libs/json-c-0.9 ) + caps? ( sys-libs/libcap ) + geoip? ( >=dev-libs/geoip-1.5.0 ) + dbi? ( >=dev-db/libdbi-0.8.3 )" +DEPEND="${RDEPEND} + virtual/pkgconfig + sys-devel/flex" + +S=${WORKDIR}/${PN}-${MY_PV} + +src_prepare() { + epatch \ + "${FILESDIR}"/${PV%.*}/${P}-compile.patch \ + "${FILESDIR}"/${PV%.*}/${P}-autotools.patch \ + "${FILESDIR}"/${PV%.*}/${P}-uclibc.patch + mv configure.in configure.ac || die + eautoreconf +} + +src_configure() { + econf \ + --with-ivykis=internal \ + --with-libmongo-client=internal \ + --sysconfdir=/etc/syslog-ng \ + --localstatedir=/var/lib/syslog-ng \ + --with-pidfile-dir=/var/run \ + --with-module-dir=/usr/$(get_libdir)/syslog-ng \ + $(systemd_with_unitdir) \ + $(use_enable caps linux-caps) \ + $(use_enable geoip) \ + $(use_enable ipv6) \ + $(use_enable json) \ + $(use_enable mongodb) \ + $(use_enable pcre) \ + $(use_enable smtp) \ + $(use_enable spoof-source) \ + $(use_enable dbi sql) \ + $(use_enable ssl) \ + $(use_enable tcpd tcp-wrapper) +} + +src_install() { + emake -j1 DESTDIR="${D}" install + + dodoc AUTHORS ChangeLog NEWS contrib/syslog-ng.conf* contrib/syslog2ng \ + "${FILESDIR}/${PV%.*}/syslog-ng.conf.gentoo.hardened" \ + "${FILESDIR}/syslog-ng.logrotate.hardened" \ + "${FILESDIR}/README.hardened" + + # Install default configuration + insinto /etc/syslog-ng + if use userland_BSD ; then + newins "${FILESDIR}/${PV%.*}/syslog-ng.conf.gentoo.fbsd" syslog-ng.conf + else + newins "${FILESDIR}/${PV%.*}/syslog-ng.conf.gentoo" syslog-ng.conf + fi + + insinto /etc/logrotate.d + newins "${FILESDIR}/syslog-ng.logrotate" syslog-ng + + newinitd "${FILESDIR}/${PV%.*}/syslog-ng.rc6" syslog-ng + newconfd "${FILESDIR}/${PV%.*}/syslog-ng.confd" syslog-ng + keepdir /etc/syslog-ng/patterndb.d /var/lib/syslog-ng + prune_libtool_files --modules +} + +pkg_postinst() { + elog "For detailed documentation please see the upstream website:" + elog "http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.4-guides/en/syslog-ng-ose-v3.4-guide-admin/html/index.html" + + # bug #355257 + if ! has_version app-admin/logrotate ; then + echo + elog "It is highly recommended that app-admin/logrotate be emerged to" + elog "manage the log files. ${PN} installs a file in /etc/logrotate.d" + elog "for logrotate to use." + echo + fi +}