[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     46b93f31143ddd9e2c0d2d45332a0feeefc3df84
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 27 10:43:03 2016 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Tue Dec 27 10:43:03 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46b93f31

net-analyzer/suricata: Updated init script

Now it's able to override config filename and point to log directory.
Related to #602590

Thanks to Vieri <rentorbuy <AT> yahoo.com>

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf | 23 ++++++++++++++++++--
 net-analyzer/suricata/files/suricata-3.2-init | 30 +++++++++++++++++++++------
 2 files changed, 45 insertions(+), 8 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
index 61715ba..d900ade 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -19,9 +19,17 @@
 # ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
 # cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
 # cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
 # Edit both suricata-q{0,1}.yaml files and set values accordingly.
-# 
-# You can then define the following options here:
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c and setting logging.outputs.1.file.filename as the init script will try to set them for you.
 
 # SURICATA_OPTS_q0="-q 0"
 # SURICATA_OPTS_q1="-q 1"
@@ -30,3 +38,14 @@
 # then you can set:
 
 SURICATA_OPTS="-i eth0"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_PATH_q0="/var/log/suricata/q0"
+# SURICATA_LOG_PATH_q1="/var/log/suricata/q1"
+# SURICATA_LOG_PATH="/var/log/suricata"
+# SURICATA_LOG_FILE="suricata.log"
+
+# You can view all the available options you can set with --set
+# and check the full config settings in an easily parsable format.
+# SURICATA_DUMP=1

diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
index d612815..3ec6afd 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -8,13 +8,17 @@ SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
 SURICATA=${SVCNAME#*.}
 SURICATAID=$(shell_var "${SURICATA}")
 if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
-    SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml"
+    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
     SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
     eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID}
 else
-    SURICATACONF="${SURICATA_DIR}/suricata.yaml"
+    SURICATACONF=${SURICATA_CONF}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
     SURICATAPID="/var/run/suricata/suricata.pid"
     SURICATAOPTS=${SURICATA_OPTS}
+    SURICATALOGPATH=${SURICATA_LOG_PATH}
 fi
 [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
 
@@ -36,6 +40,14 @@ checkconfig() {
 	if [ ! -d "/var/run/suricata" ] ; then
 		checkpath -d /var/run/suricata
 	fi
+	if [ ${#SURICATALOGPATH} -gt 0 ]; then
+		if [ ! -d "${SURICATALOGPATH}" ] ; then
+			checkpath -d "${SURICATALOGPATH}"
+		fi
+		SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log}
+		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+		SURICATALOGPATH="-l ${SURICATALOGPATH}"
+	fi
 }
 
 initpidinfo() {
@@ -65,13 +77,19 @@ checkpidinfo() {
 
 start() {
 	checkconfig || return 1
+	if [ $((SURICATA_DUMP)) -eq 1 ]; then
+	    einfo "Dumping ${SVCNAME} config values and quitting."
+	    ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+	    einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}."
+	    return 1
+	fi
 	ebegin "Starting ${SVCNAME}"
 	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1
+		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
 	local SUR_EXIT=$?
 	if [ $((SUR_EXIT)) -ne 0 ]; then
 	    einfo "Could not start ${SURICATA_BIN} with:"
-	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}"
+	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
 	    einfo "Exit code ${SUR_EXIT}"
 	fi
 	eend ${SUR_EXIT}
@@ -87,7 +105,7 @@ stop() {
 	while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do
 	    cnt=$(expr $cnt - 1)
 	    sleep 1
-	    einfo -ne "$cnt seconds left before we give up checking the PID file...\r"
+	    echo -ne "$cnt seconds left before we give up checking the PID file...\r"
 	done
 	# under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed
 	# max wait for process to terminate: 1 minute
@@ -105,7 +123,7 @@ stop() {
 		    break
 		fi
 		sleep 1
-		einfo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r"
+		echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r"
 		SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
 	    done
 	fi

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     f3eaaf161bf666f9c10b6e333bfaaf1a55a81a0b
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 29 06:23:33 2016 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Thu Dec 29 06:23:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3eaaf16

net-analyzer/suricata: fix in init script

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-init | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
index b276f49..9ffedf4 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -26,7 +26,7 @@ else
 fi
 SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
 SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
-[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
 
 description="Suricata IDS/IPS"
 extra_commands="checkconfig dump"
@@ -47,7 +47,7 @@ checkconfig() {
 		checkpath -d /var/run/suricata
 	fi
 	if [ ${#SURICATALOGPATH} -gt 0 ]; then
-		SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} )
+		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
 		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
 		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
 		if [ ! -d "${SURICATALOGPATH}" ] ; then

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     4b0a9ae167be4dc0cc9db385c84fd705a1b64301
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 30 07:53:42 2016 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Fri Dec 30 07:53:42 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b0a9ae1

net-analyzer/suricata: updated logrotate config file

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-logrotate | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate
index 0dc145b..a8edcc6 100644
--- a/net-analyzer/suricata/files/suricata-logrotate
+++ b/net-analyzer/suricata/files/suricata-logrotate
@@ -1,6 +1,15 @@
-/var/log/suricata/* {
-	missingok
-	postrotate
-		/etc/init.d/suricata reload
-	endscript
-}
+--- /usr/portage/net-analyzer/suricata/files/suricata-logrotate	2016-12-28 10:34:11.000000000 +0100
++++ /usr/local/portage/net-analyzer/suricata/files/suricata-logrotate	2016-12-29 08:59:51.390256659 +0100
+@@ -1,6 +1,10 @@
+-/var/log/suricata/* {
++/var/log/suricata/*.log /var/log/suricata/*.json {
++	rotate 3
+ 	missingok
++	nocompress
++	create
++	sharedscripts
+ 	postrotate
+-		/etc/init.d/suricata reload
++		/etc/init.d/suricata relog
+ 	endscript
+ }

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     0ec42d4b8fe37e81b2d54a51ce2463ca1ba31080
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 07:21:33 2017 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 07:21:49 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ec42d4b

net-analyzer/suricata: fixed logrotate file

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-logrotate | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate
index a8edcc6..7b22283 100644
--- a/net-analyzer/suricata/files/suricata-logrotate
+++ b/net-analyzer/suricata/files/suricata-logrotate
@@ -1,15 +1,10 @@
---- /usr/portage/net-analyzer/suricata/files/suricata-logrotate	2016-12-28 10:34:11.000000000 +0100
-+++ /usr/local/portage/net-analyzer/suricata/files/suricata-logrotate	2016-12-29 08:59:51.390256659 +0100
-@@ -1,6 +1,10 @@
--/var/log/suricata/* {
-+/var/log/suricata/*.log /var/log/suricata/*.json {
-+	rotate 3
- 	missingok
-+	nocompress
-+	create
-+	sharedscripts
- 	postrotate
--		/etc/init.d/suricata reload
-+		/etc/init.d/suricata relog
- 	endscript
- }
+/var/log/suricata/*.log /var/log/suricata/*.json {
+	rotate 3
+	missingok
+	nocompress
+	create
+	sharedscripts
+	postrotate
+		/etc/init.d/suricata relog
+	endscript
+}

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     33f785f6d2650b7bd8556bb58c95468b4d3a0ac1
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 12:25:22 2017 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 12:25:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33f785f6

net-analyzer/suricata: updated init script

As reported in bug #605754, updated init script stop()
function to take correct method of stopping long-running
suricata shutdown

Reported-by: Vieri <rentorbuy <AT> yahoo.com>

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-init | 36 +++------------------------
 1 file changed, 4 insertions(+), 32 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
index 9ffedf4..05f05dd 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -27,6 +27,7 @@ fi
 SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
 SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
 [ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
 
 description="Suricata IDS/IPS"
 extra_commands="checkconfig dump"
@@ -111,37 +112,8 @@ start() {
 
 stop() {
 	ebegin "Stopping ${SVCNAME}"
-	initpidinfo
-	start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
-	einfo "Waiting for ${SVCNAME} to shut down. This can take a while..."
-	# max wait: 5 minutes as it can take quite a while on some systems with heavy traffic
-	local cnt=300
-	while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do
-	    cnt=$(expr $cnt - 1)
-	    sleep 1
-	    echo -ne "$cnt seconds left before we give up checking the PID file...\r"
-	done
-	# under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed
-	# max wait for process to terminate: 1 minute
-	if [ ${#SUR_PID} -gt 0 ]; then
-	    cnt=60
-	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
-	    if [ $((SUR_PID_CHECK)) -ne 0 ]; then
-		einfo "The PID file ${SURICATAPID} is gone but the ${SVCNAME} PID ${SUR_PID} is still running."
-		einfo "Waiting for process to shut down on its own. This can take a while..."
-	    fi
-	    while [ $((SUR_PID_CHECK)) -ne 0 ]; do
-		cnt=$(expr $cnt - 1)
-		if [ $cnt -lt 1 ] ; then
-		    eend 1 "Failed. You might need to kill PID ${SUR_PID} or find out why it can't be stopped."
-		    break
-		fi
-		sleep 1
-		echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r"
-		SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
-	    done
-	fi
-	eend 0
+	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+	eend $?
 }
 
 reload() {

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     52c57d2e8707113c2b019013c83706b584b59bc7
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 16 12:27:54 2017 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Mon Jan 16 12:27:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52c57d2e

net-analyzer/suricata: updated config file

Bug report: #605754

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
index d8466b4..655b947 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -54,3 +54,9 @@ SURICATA_OPTS="-i eth0"
 # SURICATA_GROUP_q1="suricata"
 # SURICATA_USER="suricata"
 # SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     8a31f163e2cf8cc4e5f003a984ad06e070fefe17
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 23 18:56:59 2018 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Tue Jan 23 18:57:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a31f163

net-analyzer/suricata: added missed conf.d and init.d files

Closes: https://bugs.gentoo.org/645484
Package-Manager: Portage-2.3.20, Repoman-2.3.6

 net-analyzer/suricata/files/suricata-4.0.3-conf |  62 ++++++++++
 net-analyzer/suricata/files/suricata-4.0.3-init | 147 ++++++++++++++++++++++++
 2 files changed, 209 insertions(+)

diff --git a/net-analyzer/suricata/files/suricata-4.0.3-conf b/net-analyzer/suricata/files/suricata-4.0.3-conf
new file mode 100644
index 00000000000..655b947fdd9
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-4.0.3-conf
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="-i eth0"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"

diff --git a/net-analyzer/suricata/files/suricata-4.0.3-init b/net-analyzer/suricata/files/suricata-4.0.3-init
new file mode 100644
index 00000000000..f54ba3a5e23
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-4.0.3-init
@@ -0,0 +1,147 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
+    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+    SURICATACONF=${SURICATA_CONF}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.pid"
+    SURICATAOPTS=${SURICATA_OPTS}
+    SURICATALOGPATH=${SURICATA_LOG_FILE}
+    SURICATAUSER=${SURICATA_USER}
+    SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+	need net
+	after mysql
+	after postgresql
+}
+
+checkconfig() {
+	if [ ! -d "/var/run/suricata" ] ; then
+		checkpath -d /var/run/suricata
+	fi
+	if [ ${#SURICATALOGPATH} -gt 0 ]; then
+		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+		if [ ! -d "${SURICATALOGPATH}" ] ; then
+			checkpath -d "${SURICATALOGPATH}"
+		fi
+		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+		fi
+		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+		SURICATALOGPATH="-l ${SURICATALOGPATH}"
+	fi
+	if [ ! -e ${SURICATACONF} ] ; then
+		einfo "The configuration file ${SURICATACONF} was not found."
+		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+		einfo "Take a look at the suricata arguments --set and --dump-config."
+	fi
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+	fi
+}
+
+initpidinfo() {
+	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+	if [ ${#SUR_PID} -gt 0 ]; then
+	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+	fi
+}
+
+checkpidinfo() {
+	initpidinfo
+        if [ ! -e ${SURICATAPID} ]; then
+        	eerror "${SVCNAME} isn't running"
+                return 1
+	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+		return 1
+	elif [ ${#SUR_USER} -eq 0 ]; then
+		eerror "Unable to determine user running ${SVCNAME}!"
+		return 1
+	elif [ "x${SUR_USER}" != "xroot" ]; then
+		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+	local SUR_EXIT=$?
+	if [ $((SUR_EXIT)) -ne 0 ]; then
+	    einfo "Could not start ${SURICATA_BIN} with:"
+	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+	    einfo "Exit code ${SUR_EXIT}"
+	fi
+	eend ${SUR_EXIT}
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+relog() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+dump() {
+	checkconfig || return 1
+	ebegin "Dumping ${SVCNAME} config values and quitting."
+	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+	eend $?
+}

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Slawek Lis]

commit:     7d77530345a974246cf27c24e66233448b4ae7dd
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 24 07:25:41 2018 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Wed Jan 24 07:26:04 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d775303

net-analyzer/suricata: cleaned unneeded patch files

Package-Manager: Portage-2.3.20, Repoman-2.3.6

 .../suricata/files/fortify_source-numeric.patch    |  11 --
 net-analyzer/suricata/files/json.patch             |  10 --
 net-analyzer/suricata/files/magic-location.patch   |  13 --
 net-analyzer/suricata/files/suricata-3.2-conf      |  62 ---------
 net-analyzer/suricata/files/suricata-3.2-init      | 147 ---------------------
 net-analyzer/suricata/files/suricata-3.2.1-conf    |  62 ---------
 net-analyzer/suricata/files/suricata-3.2.1-init    | 147 ---------------------
 7 files changed, 452 deletions(-)

diff --git a/net-analyzer/suricata/files/fortify_source-numeric.patch b/net-analyzer/suricata/files/fortify_source-numeric.patch
deleted file mode 100644
index 0a7f4827ea0..00000000000
--- a/net-analyzer/suricata/files/fortify_source-numeric.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/suricata.c	2015-10-02 00:21:55.634213646 +0200
-+++ b/src/suricata.c	2015-10-02 00:22:39.143940007 +0200
-@@ -774,7 +774,7 @@
-     printf("compiled with -fstack-protector-all\n");
- #endif
- #ifdef _FORTIFY_SOURCE
--    printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
-+    printf("compiled with _FORTIFY_SOURCE\n");
- #endif
- #ifdef CLS
-     printf("L1 cache line size (CLS)=%d\n", CLS);

diff --git a/net-analyzer/suricata/files/json.patch b/net-analyzer/suricata/files/json.patch
deleted file mode 100644
index a542f351640..00000000000
--- a/net-analyzer/suricata/files/json.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/output-json.h.orig	2015-11-21 21:56:24.996289587 +0100
-+++ src/output-json.h	2015-11-21 21:57:11.419622642 +0100
-@@ -28,6 +28,7 @@
- 
- #ifdef HAVE_LIBJANSSON
- 
-+#include <jansson.h>
- #include "suricata-common.h"
- #include "util-buffer.h"
- #include "util-logopenfile.h"

diff --git a/net-analyzer/suricata/files/magic-location.patch b/net-analyzer/suricata/files/magic-location.patch
deleted file mode 100644
index 02681f934b0..00000000000
--- a/net-analyzer/suricata/files/magic-location.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 8b41eb0..3cdf0e7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -182,7 +182,7 @@
-     fi
-     echo -n "installation for $host OS... "
- 
--    e_magic_file="/usr/share/file/magic"
-+    e_magic_file="/usr/share/misc/magic.mgc"
-     case "$host" in
-         *-*-*freebsd*)
-             LUA_PC_NAME="lua-5.1"

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
deleted file mode 100644
index 655b947fdd9..00000000000
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Config file for /etc/init.d/suricata*
-
-# Where config files are stored. Default:
-
-# SURICATA_DIR="/etc/suricata"
-
-# Pass options to each suricata service.
-#
-# You can launch more than one service at the same time with different options.
-# This can be useful in a multi-queue gateway, for example.
-# You can expand on the Suricata inline example found at:
-# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
-# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
-# on several queues. You can then have a Suricata instance processing traffic for each queue.
-# This should help improve performance on the gateway/firewall.
-#
-# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
-#
-# Edit both suricata-q{0,1}.yaml files and set values accordingly.
-# You can override these yaml config file names with SURICATA_CONF* below (optional).
-# This allows you to use the same yaml config file for multiple instances as long as you override
-# sensible options such as the log file paths.
-# SURICATA_CONF_q0="suricata-queues.yaml"
-# SURICATA_CONF_q1="suricata-queues.yaml"
-# SURICATA_CONF="suricata.yaml"
-
-# You can define the options here:
-# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
-
-# SURICATA_OPTS_q0="-q 0"
-# SURICATA_OPTS_q1="-q 1"
-
-# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
-# then you can set:
-
-SURICATA_OPTS="-i eth0"
-
-# Log paths listed here will be created by the init script and will override the log path
-# set in the yaml file, if present.
-# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
-# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
-# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
-
-# Run as user/group.
-# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
-# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
-# SURICATA_USER_q0="suricata"
-# SURICATA_GROUP_q0="suricata"
-# SURICATA_USER_q1="suricata"
-# SURICATA_GROUP_q1="suricata"
-# SURICATA_USER="suricata"
-# SURICATA_GROUP="suricata"
-
-# Suricata processes can take a long time to shut down.
-# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
-# Examples:
-# SURICATA_MAX_WAIT_ON_STOP="300"
-# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"

diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
deleted file mode 100644
index 76dd521d7ad..00000000000
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-SURICATA_BIN=/usr/bin/suricata
-SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
-SURICATA=${SVCNAME#*.}
-SURICATAID=$(shell_var "${SURICATA}")
-if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
-    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
-    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
-    SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
-    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
-    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
-    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
-    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
-else
-    SURICATACONF=${SURICATA_CONF}
-    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
-    SURICATAPID="/var/run/suricata/suricata.pid"
-    SURICATAOPTS=${SURICATA_OPTS}
-    SURICATALOGPATH=${SURICATA_LOG_FILE}
-    SURICATAUSER=${SURICATA_USER}
-    SURICATAGROUP=${SURICATA_GROUP}
-fi
-SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
-SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
-[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
-[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
-
-description="Suricata IDS/IPS"
-extra_commands="checkconfig dump"
-description_checkconfig="Check config for ${SVCNAME}"
-description_dump="List all config values that can be used with --set"
-extra_started_commands="reload relog"
-description_reload="Live rule and config reload"
-description_relog="Close and re-open all log files"
-
-depend() {
-	need net
-	after mysql
-	after postgresql
-}
-
-checkconfig() {
-	if [ ! -d "/var/run/suricata" ] ; then
-		checkpath -d /var/run/suricata
-	fi
-	if [ ${#SURICATALOGPATH} -gt 0 ]; then
-		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
-		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
-		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
-		if [ ! -d "${SURICATALOGPATH}" ] ; then
-			checkpath -d "${SURICATALOGPATH}"
-		fi
-		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
-			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
-			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
-		fi
-		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
-		SURICATALOGPATH="-l ${SURICATALOGPATH}"
-	fi
-	if [ ! -e ${SURICATACONF} ] ; then
-		einfo "The configuration file ${SURICATACONF} was not found."
-		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
-		einfo "Take a look at the suricata arguments --set and --dump-config."
-	fi
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
-		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
-	fi
-}
-
-initpidinfo() {
-	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
-	if [ ${#SUR_PID} -gt 0 ]; then
-	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
-	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
-	fi
-}
-
-checkpidinfo() {
-	initpidinfo
-        if [ ! -e ${SURICATAPID} ]; then
-        	eerror "${SVCNAME} isn't running"
-                return 1
-	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
-		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
-		return 1
-	elif [ ${#SUR_USER} -eq 0 ]; then
-		eerror "Unable to determine user running ${SVCNAME}!"
-		return 1
-	elif [ "x${SUR_USER}" != "xroot" ]; then
-		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
-        fi
-}
-
-start() {
-	checkconfig || return 1
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
-	local SUR_EXIT=$?
-	if [ $((SUR_EXIT)) -ne 0 ]; then
-	    einfo "Could not start ${SURICATA_BIN} with:"
-	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
-	    einfo "Exit code ${SUR_EXIT}"
-	fi
-	eend ${SUR_EXIT}
-}
-
-stop() {
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
-	eend $?
-}
-
-reload() {
-	checkpidinfo || return 1
-	checkconfig || return 1
-	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
-	else
-		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
-	fi
-	eend $?
-}
-
-relog() {
-	checkpidinfo || return 1
-	checkconfig || return 1
-	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
-	else
-		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
-	fi
-	eend $?
-}
-
-dump() {
-	checkconfig || return 1
-	ebegin "Dumping ${SVCNAME} config values and quitting."
-	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
-	eend $?
-}

diff --git a/net-analyzer/suricata/files/suricata-3.2.1-conf b/net-analyzer/suricata/files/suricata-3.2.1-conf
deleted file mode 100644
index 655b947fdd9..00000000000
--- a/net-analyzer/suricata/files/suricata-3.2.1-conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Config file for /etc/init.d/suricata*
-
-# Where config files are stored. Default:
-
-# SURICATA_DIR="/etc/suricata"
-
-# Pass options to each suricata service.
-#
-# You can launch more than one service at the same time with different options.
-# This can be useful in a multi-queue gateway, for example.
-# You can expand on the Suricata inline example found at:
-# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
-# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
-# on several queues. You can then have a Suricata instance processing traffic for each queue.
-# This should help improve performance on the gateway/firewall.
-#
-# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
-#
-# Edit both suricata-q{0,1}.yaml files and set values accordingly.
-# You can override these yaml config file names with SURICATA_CONF* below (optional).
-# This allows you to use the same yaml config file for multiple instances as long as you override
-# sensible options such as the log file paths.
-# SURICATA_CONF_q0="suricata-queues.yaml"
-# SURICATA_CONF_q1="suricata-queues.yaml"
-# SURICATA_CONF="suricata.yaml"
-
-# You can define the options here:
-# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
-
-# SURICATA_OPTS_q0="-q 0"
-# SURICATA_OPTS_q1="-q 1"
-
-# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
-# then you can set:
-
-SURICATA_OPTS="-i eth0"
-
-# Log paths listed here will be created by the init script and will override the log path
-# set in the yaml file, if present.
-# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
-# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
-# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
-
-# Run as user/group.
-# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
-# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
-# SURICATA_USER_q0="suricata"
-# SURICATA_GROUP_q0="suricata"
-# SURICATA_USER_q1="suricata"
-# SURICATA_GROUP_q1="suricata"
-# SURICATA_USER="suricata"
-# SURICATA_GROUP="suricata"
-
-# Suricata processes can take a long time to shut down.
-# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
-# Examples:
-# SURICATA_MAX_WAIT_ON_STOP="300"
-# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"

diff --git a/net-analyzer/suricata/files/suricata-3.2.1-init b/net-analyzer/suricata/files/suricata-3.2.1-init
deleted file mode 100644
index 76dd521d7ad..00000000000
--- a/net-analyzer/suricata/files/suricata-3.2.1-init
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-SURICATA_BIN=/usr/bin/suricata
-SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
-SURICATA=${SVCNAME#*.}
-SURICATAID=$(shell_var "${SURICATA}")
-if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
-    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
-    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
-    SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
-    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
-    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
-    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
-    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
-else
-    SURICATACONF=${SURICATA_CONF}
-    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
-    SURICATAPID="/var/run/suricata/suricata.pid"
-    SURICATAOPTS=${SURICATA_OPTS}
-    SURICATALOGPATH=${SURICATA_LOG_FILE}
-    SURICATAUSER=${SURICATA_USER}
-    SURICATAGROUP=${SURICATA_GROUP}
-fi
-SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
-SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
-[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
-[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
-
-description="Suricata IDS/IPS"
-extra_commands="checkconfig dump"
-description_checkconfig="Check config for ${SVCNAME}"
-description_dump="List all config values that can be used with --set"
-extra_started_commands="reload relog"
-description_reload="Live rule and config reload"
-description_relog="Close and re-open all log files"
-
-depend() {
-	need net
-	after mysql
-	after postgresql
-}
-
-checkconfig() {
-	if [ ! -d "/var/run/suricata" ] ; then
-		checkpath -d /var/run/suricata
-	fi
-	if [ ${#SURICATALOGPATH} -gt 0 ]; then
-		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
-		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
-		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
-		if [ ! -d "${SURICATALOGPATH}" ] ; then
-			checkpath -d "${SURICATALOGPATH}"
-		fi
-		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
-			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
-			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
-		fi
-		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
-		SURICATALOGPATH="-l ${SURICATALOGPATH}"
-	fi
-	if [ ! -e ${SURICATACONF} ] ; then
-		einfo "The configuration file ${SURICATACONF} was not found."
-		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
-		einfo "Take a look at the suricata arguments --set and --dump-config."
-	fi
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
-		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
-	fi
-}
-
-initpidinfo() {
-	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
-	if [ ${#SUR_PID} -gt 0 ]; then
-	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
-	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
-	fi
-}
-
-checkpidinfo() {
-	initpidinfo
-        if [ ! -e ${SURICATAPID} ]; then
-        	eerror "${SVCNAME} isn't running"
-                return 1
-	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
-		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
-		return 1
-	elif [ ${#SUR_USER} -eq 0 ]; then
-		eerror "Unable to determine user running ${SVCNAME}!"
-		return 1
-	elif [ "x${SUR_USER}" != "xroot" ]; then
-		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
-        fi
-}
-
-start() {
-	checkconfig || return 1
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
-	local SUR_EXIT=$?
-	if [ $((SUR_EXIT)) -ne 0 ]; then
-	    einfo "Could not start ${SURICATA_BIN} with:"
-	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
-	    einfo "Exit code ${SUR_EXIT}"
-	fi
-	eend ${SUR_EXIT}
-}
-
-stop() {
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
-	eend $?
-}
-
-reload() {
-	checkpidinfo || return 1
-	checkconfig || return 1
-	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
-	else
-		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
-	fi
-	eend $?
-}
-
-relog() {
-	checkpidinfo || return 1
-	checkconfig || return 1
-	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
-	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
-		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
-	else
-		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
-	fi
-	eend $?
-}
-
-dump() {
-	checkconfig || return 1
-	ebegin "Dumping ${SVCNAME} config values and quitting."
-	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
-	eend $?
-}

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Marek Szuba]

commit:     53159693f527b217acadfb345933d9fd16c46e2c
Author:     Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 17 00:16:19 2019 +0000
Commit:     Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Tue Dec 17 00:16:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53159693

net-analyzer/suricata: tweak the systemd unit a bit

Some of the ideas I picked up from
https://gist.github.com/stupidpupil/4edcbe2046b3b22c81c606efee0492d7 do
not quite work at present, namely:
 - limiting capabilities to CAP_NET_ADMIN causes problems e.g. when
   switching to an unprivileged user or while trying to load eBPF files.
   Just get rid of it;
 - suricata can now be launched just fine without Type=forking.

Moreover, /run is now used instead of /var/run in the unit file so that
systemd doesn't complain about the use of legacy paths.

No revbump because even the updated unit does not run out of the box due
to specifying neither an interface nor a mode of operations on the
command line.

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>

 net-analyzer/suricata/files/suricata.service | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata.service b/net-analyzer/suricata/files/suricata.service
index 5e617388018..294ec637348 100644
--- a/net-analyzer/suricata/files/suricata.service
+++ b/net-analyzer/suricata/files/suricata.service
@@ -6,11 +6,9 @@ Documentation=man:suricata(8) man:suricatasc(8)
 Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
 
 [Service]
-Type=forking
-Environment=OPTIONS='-c /etc/suricata/suricata.yaml'
-CapabilityBoundingSet=CAP_NET_ADMIN
-PIDFile=/var/run/suricata/suricata.pid
-ExecStart=/usr/bin/suricata --pidfile /var/run/suricata/suricata.pid $OPTIONS
+Environment=OPTIONS='-c /etc/suricata/suricata.yaml --af-packet'
+PIDFile=/run/suricata/suricata.pid
+ExecStart=/usr/bin/suricata --pidfile /run/suricata/suricata.pid $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 ExecStop=/bin/kill $MAINPID
 PrivateTmp=yes

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/

[Marek Szuba]

commit:     4b9cd1de4a4962f4d2df2b65ff31f0ec1a97de2d
Author:     Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 22 11:48:28 2020 +0000
Commit:     Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Jan 22 11:50:58 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b9cd1de

net-analyzer/suricata: remove custom logrotate config

Recent versions of suricata come with official logrotate configuration
and older versions have since been removed from the tree.

Suggested-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/14404

Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>

 net-analyzer/suricata/files/suricata-logrotate | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate
deleted file mode 100644
index 7b22283ec7c..00000000000
--- a/net-analyzer/suricata/files/suricata-logrotate
+++ /dev/null
@@ -1,10 +0,0 @@
-/var/log/suricata/*.log /var/log/suricata/*.json {
-	rotate 3
-	missingok
-	nocompress
-	create
-	sharedscripts
-	postrotate
-		/etc/init.d/suricata relog
-	endscript
-}