* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/sguil-sensor/, net-analyzer/sguil-sensor/files/, profiles/
@ 2022-09-18 21:23 John Helmert III
0 siblings, 0 replies; only message in thread
From: John Helmert III @ 2022-09-18 21:23 UTC (permalink / raw
To: gentoo-commits
commit: 31c1a39700a70382a13f65f6bef70698c174d8b4
Author: John Helmert III <ajak <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 18 21:19:57 2022 +0000
Commit: John Helmert III <ajak <AT> gentoo <DOT> org>
CommitDate: Sun Sep 18 21:19:57 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31c1a397
net-analyzer/sguil-sensor: treeclean
Bug: https://bugs.gentoo.org/630752
Signed-off-by: John Helmert III <ajak <AT> gentoo.org>
net-analyzer/sguil-sensor/Manifest | 1 -
net-analyzer/sguil-sensor/files/log_packets.confd | 18 -----
net-analyzer/sguil-sensor/files/log_packets.initd | 91 ----------------------
net-analyzer/sguil-sensor/files/sensor_agent.initd | 29 -------
net-analyzer/sguil-sensor/metadata.xml | 12 ---
.../sguil-sensor/sguil-sensor-1.0.0-r3.ebuild | 81 -------------------
profiles/package.mask | 5 --
7 files changed, 237 deletions(-)
diff --git a/net-analyzer/sguil-sensor/Manifest b/net-analyzer/sguil-sensor/Manifest
deleted file mode 100644
index 6a6586972b73..000000000000
--- a/net-analyzer/sguil-sensor/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST sguil-1.0.0.tar.gz 892934 BLAKE2B 69459eed682d91a1b57ba08c141dd655dbbfaa0d9d2956e6a26065f1b6820307b0e0e4dcbcad89537eba7499aea38f81739c351246e3dd6c46cab46bdf0d054f SHA512 fc3007383f90c99a0ace3eeebac75864f9aa549676e784c7bf1d81222282e3a5a3d5290b121097ae3c027dee3dd35bbe8ac9dfede04dbd561edfd3948a0465ab
diff --git a/net-analyzer/sguil-sensor/files/log_packets.confd b/net-analyzer/sguil-sensor/files/log_packets.confd
deleted file mode 100644
index 93bdc772bff7..000000000000
--- a/net-analyzer/sguil-sensor/files/log_packets.confd
+++ /dev/null
@@ -1,18 +0,0 @@
-# Config file for /etc/init.d/log_packets
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# This tell snort which interface to listen on (any for every interface)
-IFACE=eth1
-
-# Make sure this matches your IFACE
-PIDFILE=/run/sguil-log_packets_$IFACE.pid
-
-# You probably don't want to change this, but in case you do
-LOGDIR="/var/lib/sguil"
-
-# Percentage of disk to try and maintain
-MAX_DISK_USE=95
-
-# This pulls in the options above
-OPTIONS="-m 122 -u sguil -g sguil"
diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd
deleted file mode 100644
index f372c82c905b..000000000000
--- a/net-analyzer/sguil-sensor/files/log_packets.initd
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="cleandisk"
-
-LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs"
-
-start() {
- ebegin "Starting Log_packest"
- if [ ! -x /usr/bin/snort ]
- then
- eerror "No snort - cannot start"
- eend 1
- return 1
- fi
-
- if [ ! -d ${LOG_DIR} ]
- then
- mkdir -p ${LOG_DIR}
- chmod 770 ${LOG_DIR}
- fi
-
- today=$(date '+%Y-%m-%d')
-
- if [ ! -d "${LOG_DIR}/${today}" ]
- then
- mkdir "${LOG_DIR}/${today}"
- chmod 770 "${LOG_DIR}/${today}"
- chown root:sguil "${LOG_DIR}/${today}"
- fi
- start-stop-daemon --start --quiet -b -m --pidfile "${PIDFILE}" \
- --exec /usr/bin/snort \
- -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}"
- real_cleandisk
- eend $?
-}
-
-stop() {
- ebegin "Stopping Sensor Agent"
- start-stop-daemon --stop --quiet --pidfile "${PIDFILE}"
- eend $?
-}
-
-cleandisk() {
- ebegin "Cleaning Disk"
- real_cleandisk
- eend $?
-}
-
-# This func checks the current space being used by LOG_DIR
-# and rm's data as necessary.
-real_cleandisk() {
- einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..."
- # grep, awk, tr...woohoo!
- CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %)
- einfo " Current Disk Use: ${CUR_USE}%"
-
- if [ ${CUR_USE} -gt ${MAX_DISK_USE} ]
- then
- # If we are here then we passed our disk limit
- # First find the oldest DIR
- cd "${LOG_DIR}"
- # Can't use -t on the ls since the mod time changes each time we
- # delete a file. Good thing we use YYYY-MM-DD so we can sort.
- OLDEST_DIR=$(ls | sort | head -n 1)
- cd "${OLDEST_DIR}"
-
- OLDEST_FILE=$(ls -t | tail -n 1)
-
- if [ -f "${OLDEST_FILE}" ]
- then
- einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}"
- rm -f "${OLDEST_FILE}"
- else
- einfo " Removing empty dir: ${OLDEST_DIR}"
- cd ..
- rm -rf "${OLDEST_DIR}"
- fi
-
- # Run cleandisk again as rm'ing one file might been enough
- # but we wait 5 secs in hopes any open writes are done.
- sync
- einfo " Waiting 5 secs for disk to sync..."
- sleep 5
- real_cleandisk
- else
- einfo "Done."
- fi
-}
-
diff --git a/net-analyzer/sguil-sensor/files/sensor_agent.initd b/net-analyzer/sguil-sensor/files/sensor_agent.initd
deleted file mode 100644
index 08b45e511f8c..000000000000
--- a/net-analyzer/sguil-sensor/files/sensor_agent.initd
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- need net
-}
-
-checkconfig() {
- if [ ! -e /etc/sguil/sensor_agent.conf ] ; then
- eerror "You need an /etc/snort/sensor_agent.conf to run the Sensor Agent"
- return 1
- fi
-}
-
-start() {
- checkconfig || return 1
- ebegin "Starting Sensor Agent"
- start-stop-daemon --start -c sguil --quiet --exec /usr/bin/sensor_agent.tcl \
- -- -D -c "/etc/sguil/sensor_agent.conf">/dev/null 2>&1
- eend $?
-}
-
-stop() {
- ebegin "Stopping Sensor Agent"
- start-stop-daemon --stop --quiet --pidfile /run/sguil-sensor.pid
- eend $?
-}
-
diff --git a/net-analyzer/sguil-sensor/metadata.xml b/net-analyzer/sguil-sensor/metadata.xml
deleted file mode 100644
index e0c75486e6c0..000000000000
--- a/net-analyzer/sguil-sensor/metadata.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="project">
- <email>netmon@gentoo.org</email>
- <name>Gentoo network monitoring and analysis project</name>
- </maintainer>
- <upstream>
- <remote-id type="github">bammv/sguil</remote-id>
- <remote-id type="sourceforge">sguil</remote-id>
- </upstream>
-</pkgmetadata>
diff --git a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild
deleted file mode 100644
index 0403ede4f1b6..000000000000
--- a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild
+++ /dev/null
@@ -1,81 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-MY_PV="${PV/_p/p}"
-DESCRIPTION="Sensor part of sguil Network Security Monitoring"
-HOMEPAGE="https://github.com/bammv/sguil"
-SRC_URI="https://github.com/bammv/sguil/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz"
-S="${WORKDIR}/sguil-${MY_PV}"
-
-LICENSE="GPL-3 GPL-2+ QPL-1.0 GPL-2" # GPL-2 for init script
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-
-DEPEND="
- acct-group/sguil
- acct-user/sguil
-"
-
-RDEPEND="
- ${DEPEND}
- >=dev-lang/tcl-8.3:0=[-threads]
- >=dev-tcltk/tclx-8.3
- dev-tcltk/tls
- >=net-analyzer/barnyard-0.2.0-r1
- >=net-analyzer/snort-2.4.1-r1
- dev-ml/pcre-ocaml:=
- net-analyzer/sancp
-"
-
-src_prepare() {
- default
-
- sed -i \
- -e "s:gateway:${HOSTNAME}:" \
- -e 's:/snort_data:/var/lib/sguil:' \
- -e 's:DAEMON 0:DAEMON 1:' \
- -e 's:DEBUG 1:DEBUG 0:g' \
- sensor/sensor_agent.conf || die
-
- sed -i \
- -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \
- sensor/sensor_agent.tcl || die
-}
-
-src_install() {
- dodoc doc/*
-
- dobin sensor/sensor_agent.tcl
-
- newinitd "${FILESDIR}/log_packets.initd" log_packets
- newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent
- newconfd "${FILESDIR}/log_packets.confd" log_packets
- insinto /etc/sguil
- doins sensor/sensor_agent.conf
-
- # Create the directory structure
- diropts -g sguil -o sguil
- keepdir /var/lib/sguil/archive \
- "/var/lib/sguil/${HOSTNAME}" \
- "/var/lib/sguil/${HOSTNAME}/portscans" \
- "/var/lib/sguil/${HOSTNAME}/ssn_logs" \
- "/var/lib/sguil/${HOSTNAME}/dailylogs" \
- "/var/lib/sguil/${HOSTNAME}/sancp"
-
-}
-
-pkg_postinst() {
- elog
- elog "You should check /etc/sguil/sensor_agent.conf and"
- elog "/etc/init.d/logpackets and ensure that they are accurate"
- elog "for your environment. They should work providing that you"
- elog "are running the sensor on the same machine as the server."
- elog "This ebuild assumes that you are running a single sensor"
- elog "environment, if this is not the case then you must make sure"
- elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable."
- elog "You should crontab the /etc/init.d/log_packets script to restart"
- elog "each hour."
- elog
-}
diff --git a/profiles/package.mask b/profiles/package.mask
index 0e6cf6ef83b9..5776d5f009c7 100644
--- a/profiles/package.mask
+++ b/profiles/package.mask
@@ -337,11 +337,6 @@ dev-python/pyside6-tools
# Removal on 2022-09-10. Bug #864889.
dev-libs/libdivsufsort
-# John Helmert III <ajak@gentoo.org> (2022-08-10)
-# Root privilege escalation vulnerability, many open bugs. Removal in 30
-# days, bug 630752
-net-analyzer/sguil-sensor
-
# John Helmert III <ajak@gentoo.org> (2022-08-10)
# Root privilege escalation vulnerability, unmaintained since the git
# transition, multiple open bugs. Removal in 30 days, bug 630752
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-09-18 21:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-18 21:23 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/sguil-sensor/, net-analyzer/sguil-sensor/files/, profiles/ John Helmert III
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox