From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id AEE37139085 for ; Wed, 28 Dec 2016 09:34:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F1041E0CA8; Wed, 28 Dec 2016 09:34:25 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BC61FE0CA8 for ; Wed, 28 Dec 2016 09:34:25 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7DFF5341142 for ; Wed, 28 Dec 2016 09:34:24 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E5E044A0 for ; Wed, 28 Dec 2016 09:34:22 +0000 (UTC) From: "Slawek Lis" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Slawek Lis" Message-ID: <1482917651.a382935f837f6a18529793813228cb2731e9d36f.slis@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-analyzer/suricata/files/suricata-3.2-conf net-analyzer/suricata/files/suricata-3.2-init net-analyzer/suricata/files/suricata-logrotate net-analyzer/suricata/metadata.xml net-analyzer/suricata/suricata-3.2-r1.ebuild X-VCS-Directories: net-analyzer/suricata/ net-analyzer/suricata/files/ X-VCS-Committer: slis X-VCS-Committer-Name: Slawek Lis X-VCS-Revision: a382935f837f6a18529793813228cb2731e9d36f X-VCS-Branch: master Date: Wed, 28 Dec 2016 09:34:22 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4d579cf8-de81-4844-9026-57e9f9fbb84c X-Archives-Hash: f6637e29d06d5ab10652ec6aa45f2ead commit: a382935f837f6a18529793813228cb2731e9d36f Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 09:34:11 2016 +0000 Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 09:34:11 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f net-analyzer/suricata: Updated suricata logging and added logrotate file I've also bumped revision number, as there are many changes, and those fixes should finally close bug 602590. Thanks to Vieri yahoo.com> for support. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 11 +- net-analyzer/suricata/files/suricata-3.2-init | 28 +++-- net-analyzer/suricata/files/suricata-logrotate | 6 + net-analyzer/suricata/metadata.xml | 1 + net-analyzer/suricata/suricata-3.2-r1.ebuild | 161 +++++++++++++++++++++++++ 5 files changed, 189 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index d900ade..fc6885d 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0" # Log paths listed here will be created by the init script and will override the log path # set in the yaml file, if present. -# SURICATA_LOG_PATH_q0="/var/log/suricata/q0" -# SURICATA_LOG_PATH_q1="/var/log/suricata/q1" -# SURICATA_LOG_PATH="/var/log/suricata" -# SURICATA_LOG_FILE="suricata.log" - -# You can view all the available options you can set with --set -# and check the full config settings in an easily parsable format. -# SURICATA_DUMP=1 +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3ec6afd..1717dbb 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} - eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID} + eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} - SURICATALOGPATH=${SURICATA_LOG_PATH} + SURICATALOGPATH=${SURICATA_LOG_FILE} fi [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" -extra_commands="checkconfig" +description="Suricata IDS/IPS" +extra_commands="checkconfig dump" +description_checkconfig="Check config for ${SVCNAME}" +description_dump="List all config values that can be used with --set" extra_started_commands="reload relog" +description_reload="Live rule and config reload" +description_relog="Close and re-open all log files" depend() { need net @@ -41,10 +46,12 @@ checkconfig() { checkpath -d /var/run/suricata fi if [ ${#SURICATALOGPATH} -gt 0 ]; then + SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} ) + SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} + SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) if [ ! -d "${SURICATALOGPATH}" ] ; then checkpath -d "${SURICATALOGPATH}" fi - SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log} SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" SURICATALOGPATH="-l ${SURICATALOGPATH}" fi @@ -77,12 +84,6 @@ checkpidinfo() { start() { checkconfig || return 1 - if [ $((SURICATA_DUMP)) -eq 1 ]; then - einfo "Dumping ${SVCNAME} config values and quitting." - ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} - einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}." - return 1 - fi ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 @@ -145,3 +146,10 @@ relog() { start-stop-daemon --signal HUP --pidfile ${SURICATAPID} eend $? } + +dump() { + checkconfig || return 1 + ebegin "Dumping ${SVCNAME} config values and quitting." + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} + eend $? +} diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate new file mode 100644 index 00000000..0dc145b --- /dev/null +++ b/net-analyzer/suricata/files/suricata-logrotate @@ -0,0 +1,6 @@ +/var/log/suricata/* { + missingok + postrotate + /etc/init.d/suricata reload + endscript +} diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index e538ae1..58878c6 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -14,5 +14,6 @@ Enable NFQUEUE support for inline IDP Enable Redis support Install default ruleset + Install logrotate rule diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild new file mode 100644 index 00000000..816a69d --- /dev/null +++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="http://suricata-ids.org/" +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua? ( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue? ( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) + logrotate? ( app-admin/logrotate ) +" +# #446814 +# prelude? ( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi + if use redis ; then + myeconfargs+=( $(use_enable redis hiredis) ) + fi + # not supported yet (no pfring in portage) +# if use pfring ; then +# myeconfargs+=( $(use_enable pfring) ) +# fi + # no libprelude in portage +# if use prelude ; then +# myeconfargs+=( $(use_enable prelude) ) +# fi + if use lua ; then + myeconfargs+=( $(use_enable lua) ) + fi + if use luajit ; then + myeconfargs+=( $(use_enable luajit) ) + fi + +# this should be used when pf_ring use flag support will be added +# LIBS+="-lrt -lnuma" + + # avoid upstream configure script trying to add -march=native to CFLAGS + myeconfargs+=( --enable-gccmarch-native=no ) + + if use debug ; then + myeconfargs+=( $(use_enable debug) ) + # so we can get a backtrace according to "reporting bugs" on upstream web site + CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]} + else + econf LIBS="${LIBS}" ${myeconfargs[@]} + fi +} + +src_install() { + emake DESTDIR="${D}" install + + insinto "/etc/${PN}" + doins {classification,reference,threshold}.config suricata.yaml + + if use rules ; then + insinto "/etc/${PN}/rules" + doins rules/*.rules + fi + + dodir "/var/lib/${PN}" + dodir "/var/log/${PN}" + dodir "/var/log/${PN}" \ + "/var/lib/${PN}" + + fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + + newinitd "${FILESDIR}/${P}-init" ${PN} + newconfd "${FILESDIR}/${P}-conf" ${PN} + + if use logrotate; then + insopts -m0644 + insinto /etc/logrotate.d + newins "${FILESDIR}"/${PN}.logrotate ${PN} + fi +} + +pkg_postinst() { + elog "The ${PN} init script expects to find the path to the configuration" + elog "file as well as extra options in /etc/conf.d." + elog "" + elog "To create more than one ${PN} service, simply create a new .yaml file for it" + elog "then create a symlink to the init script from a link called" + elog "${PN}.foo - like so" + elog " cd /etc/${PN}" + elog " ${EDITOR##*/} suricata-foo.yaml" + elog " cd /etc/init.d" + elog " ln -s ${PN} ${PN}.foo" + elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." + elog "" + elog "You can create as many ${PN}.foo* services as you wish." + + if use logrotate; then + elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logortate config file in /etc/logrotate.d/." + fi + + if use debug; then + elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" + fi +}