1 |
commit: 3a233c7192c7c95146c9f0dfd5f601deaf23a202 |
2 |
Author: Thomas Andrejak <thomas.andrejak <AT> gmail <DOT> com> |
3 |
AuthorDate: Sun Jul 17 13:13:05 2016 +0000 |
4 |
Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Aug 5 01:10:12 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a233c71 |
7 |
|
8 |
net-analyzer/prelude-lml: New package |
9 |
|
10 |
Prelude-LML is a log analyser that allows Prelude to collect and |
11 |
analyze information from all kind of applications emitting logs or |
12 |
syslog messages in order to detect suspicious activities and transform |
13 |
them into Prelude-IDMEF alerts. |
14 |
|
15 |
net-analyzer/prelude-lml/Manifest | 1 + |
16 |
.../prelude-lml/files/prelude-lml-3.0.0-conf.patch | 22 ++++++++ |
17 |
.../files/prelude-lml-3.0.0-configure.patch | 35 +++++++++++++ |
18 |
.../prelude-lml/files/prelude-lml-3.0.0-run.patch | 14 +++++ |
19 |
net-analyzer/prelude-lml/files/prelude-lml.initd | 27 ++++++++++ |
20 |
net-analyzer/prelude-lml/files/prelude-lml.run | 4 ++ |
21 |
net-analyzer/prelude-lml/files/prelude-lml.service | 13 +++++ |
22 |
net-analyzer/prelude-lml/metadata.xml | 23 +++++++++ |
23 |
net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild | 59 ++++++++++++++++++++++ |
24 |
9 files changed, 198 insertions(+) |
25 |
|
26 |
diff --git a/net-analyzer/prelude-lml/Manifest b/net-analyzer/prelude-lml/Manifest |
27 |
new file mode 100644 |
28 |
index 0000000..021270e |
29 |
--- /dev/null |
30 |
+++ b/net-analyzer/prelude-lml/Manifest |
31 |
@@ -0,0 +1 @@ |
32 |
+DIST prelude-lml-3.0.0.tar.gz 1391203 SHA256 53e3ccba2e3842e583739234366b6a5241dc6a8d18da501e6c9ff5e2b9792814 SHA512 f206407f99df394186466566608b434a94d4fdce3e5e8991a4236f2ee670f6ae2573adea22bc248fdfea760588e94160faa7260257aeaeb35c938e1bb886ee6c WHIRLPOOL 2b8ff99576e502461625897251726dd7c1e3a849e27816c64e931548d0ae76f12c125f444096f1aa1894c5f0fce206a7aa436de754a0ff8a3cc25fd475913fc6 |
33 |
|
34 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch |
35 |
new file mode 100644 |
36 |
index 0000000..dab4ea8 |
37 |
--- /dev/null |
38 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch |
39 |
@@ -0,0 +1,22 @@ |
40 |
+--- a/prelude-lml.conf |
41 |
++++ b/prelude-lml.conf |
42 |
+@@ -92,7 +92,7 @@ |
43 |
+ time-format = "%b %d %H:%M:%S" |
44 |
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" |
45 |
+ file = /var/log/messages |
46 |
+-file = /var/log/secure |
47 |
++file = /var/log/auth.log |
48 |
+ # udp-server = 0.0.0.0 |
49 |
+ # tcp-server = 0.0.0.0 |
50 |
+ # tcp-tls-server = 0.0.0.0 |
51 |
+--- a/prelude-lml.conf.in |
52 |
++++ b/prelude-lml.conf.in |
53 |
+@@ -92,7 +92,7 @@ |
54 |
+ time-format = "%b %d %H:%M:%S" |
55 |
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" |
56 |
+ file = /var/log/messages |
57 |
+-file = /var/log/secure |
58 |
++file = /var/log/auth.log |
59 |
+ # udp-server = 0.0.0.0 |
60 |
+ # tcp-server = 0.0.0.0 |
61 |
+ # tcp-tls-server = 0.0.0.0 |
62 |
|
63 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch |
64 |
new file mode 100644 |
65 |
index 0000000..154a261 |
66 |
--- /dev/null |
67 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch |
68 |
@@ -0,0 +1,35 @@ |
69 |
+--- a/configure.in |
70 |
++++ b/configure.in |
71 |
+@@ -107,10 +107,13 @@ |
72 |
+ dnl ************************************************** |
73 |
+ GNUTLS_MIN_VERSION=1.0.17 |
74 |
+ |
75 |
+-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], |
76 |
+- [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) |
77 |
+- |
78 |
+-AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) |
79 |
++AC_ARG_ENABLE(gnutls, AC_HELP_STRING(--enable-gnutls, Define whether GnuTLS provides gnutls_hash_get_len function), , enable_gnutls="yes") |
80 |
++if test x$enable_gnutls = xyes; then |
81 |
++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], |
82 |
++ [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) |
83 |
++ |
84 |
++ AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) |
85 |
++fi |
86 |
+ |
87 |
+ if test x$enable_gnutls = xyes; then |
88 |
+ AC_DEFINE_UNQUOTED(HAVE_GNUTLS, , Tell whether GnuTLS is available for TCP-TLS support) |
89 |
+@@ -125,8 +128,12 @@ |
90 |
+ dnl * Check for libICU * |
91 |
+ dnl ************************************************** |
92 |
+ |
93 |
+-PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], |
94 |
+- [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) |
95 |
++AC_ARG_ENABLE(icu, AC_HELP_STRING(--enable-icu, Tell whether libicu is available for encoding convertion), , enable_icu="yes") |
96 |
++ |
97 |
++if test x$enable_icu = xyes; then |
98 |
++ PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], |
99 |
++ [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) |
100 |
++fi |
101 |
+ if test x$enable_icu = xyes; then |
102 |
+ AC_DEFINE_UNQUOTED(HAVE_LIBICU, , Tell whether libicu is available for encoding convertion) |
103 |
+ fi |
104 |
|
105 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch |
106 |
new file mode 100644 |
107 |
index 0000000..8b4e652 |
108 |
--- /dev/null |
109 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch |
110 |
@@ -0,0 +1,14 @@ |
111 |
+--- a/configure.in |
112 |
++++ b/configure.in |
113 |
+@@ -187,9 +187,9 @@ |
114 |
+ configdir=$SYSCONFDIR/prelude-lml |
115 |
+ prelude_lml_conf=$configdir/prelude-lml.conf |
116 |
+ regex_conf=$configdir/plugins.rules |
117 |
+-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml |
118 |
++metadata_dir=$LOCALSTATEDIR/prelude-lml |
119 |
+ plugindir=$LIBDIR/prelude-lml |
120 |
+-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml |
121 |
++lml_run_dir=/run/prelude-lml |
122 |
+ |
123 |
+ AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML configuration file) |
124 |
+ AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin directory) |
125 |
|
126 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.initd b/net-analyzer/prelude-lml/files/prelude-lml.initd |
127 |
new file mode 100755 |
128 |
index 0000000..411e027 |
129 |
--- /dev/null |
130 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml.initd |
131 |
@@ -0,0 +1,27 @@ |
132 |
+#!/sbin/runscript |
133 |
+# Copyright 1999-2016 Gentoo Foundation |
134 |
+# Distributed under the terms of the GNU General Public License v2 |
135 |
+# $Id$ |
136 |
+ |
137 |
+BIN_LML=/usr/bin/prelude-lml |
138 |
+PID_LML=/run/prelude-lml/prelude-lml.pid |
139 |
+ |
140 |
+depend() { |
141 |
+ need net |
142 |
+ after prelude-manager |
143 |
+} |
144 |
+ |
145 |
+start() { |
146 |
+ ebegin "Starting prelude-lml" |
147 |
+ checkpath -d -m 0755 -o root:root /run/prelude-lml |
148 |
+ start-stop-daemon --start --exec $BIN_LML \ |
149 |
+ --pidfile $PID_LML -- -d -P $PID_LML |
150 |
+ eend $? |
151 |
+} |
152 |
+ |
153 |
+stop() { |
154 |
+ ebegin "Stopping prelude-lml" |
155 |
+ start-stop-daemon --stop --exec $BIN_LML \ |
156 |
+ --pidfile $PID_LML |
157 |
+ eend $? |
158 |
+} |
159 |
|
160 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.run b/net-analyzer/prelude-lml/files/prelude-lml.run |
161 |
new file mode 100644 |
162 |
index 0000000..75f2ef8 |
163 |
--- /dev/null |
164 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml.run |
165 |
@@ -0,0 +1,4 @@ |
166 |
+# Configuration to create /run/prelude-lml directory |
167 |
+# Used as part of systemd's tmpfiles |
168 |
+ |
169 |
+d /run/prelude-lml 0755 root root |
170 |
|
171 |
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.service b/net-analyzer/prelude-lml/files/prelude-lml.service |
172 |
new file mode 100644 |
173 |
index 0000000..9d9230c |
174 |
--- /dev/null |
175 |
+++ b/net-analyzer/prelude-lml/files/prelude-lml.service |
176 |
@@ -0,0 +1,13 @@ |
177 |
+[Unit] |
178 |
+Description=Prelude-LML service |
179 |
+DefaultDependencies=no |
180 |
+After=remote_fs.target prelude-manager.service |
181 |
+ |
182 |
+[Service] |
183 |
+ExecStart=/usr/bin/prelude-lml -d -P /run/prelude-lml/prelude-lml.pid |
184 |
+Type=forking |
185 |
+PIDFile=/run/prelude-lml/prelude-lml.pid |
186 |
+Restart=always |
187 |
+ |
188 |
+[Install] |
189 |
+WantedBy=multi-user.target |
190 |
|
191 |
diff --git a/net-analyzer/prelude-lml/metadata.xml b/net-analyzer/prelude-lml/metadata.xml |
192 |
new file mode 100644 |
193 |
index 0000000..9aa9094 |
194 |
--- /dev/null |
195 |
+++ b/net-analyzer/prelude-lml/metadata.xml |
196 |
@@ -0,0 +1,23 @@ |
197 |
+<?xml version="1.0" encoding="UTF-8"?> |
198 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
199 |
+<pkgmetadata> |
200 |
+ <maintainer type="person"> |
201 |
+ <email>thomas.andrejak@×××××.com</email> |
202 |
+ <name>Thomas Andrejak</name> |
203 |
+ </maintainer> |
204 |
+ <maintainer type="project"> |
205 |
+ <email>proxy-maint@g.o</email> |
206 |
+ <name>Proxy Maintainers</name> |
207 |
+ </maintainer> |
208 |
+ <longdescription lang="en"> |
209 |
+ Prelude-LML is a log analyser that allows Prelude to collect and |
210 |
+ analyze information from all kind of applications emitting logs or |
211 |
+ syslog messages in order to detect suspicious activities and transform |
212 |
+ them into Prelude-IDMEF alerts. Prelude-LML handles events generated |
213 |
+ by a large set of applications |
214 |
+ </longdescription> |
215 |
+ <use> |
216 |
+ <flag name="tls">Enables Prelude LML support Syslog through TLS |
217 |
+ using <pkg>net-libs/gnutls</pkg>.</flag> |
218 |
+ </use> |
219 |
+</pkgmetadata> |
220 |
|
221 |
diff --git a/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild |
222 |
new file mode 100644 |
223 |
index 0000000..6d57560 |
224 |
--- /dev/null |
225 |
+++ b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild |
226 |
@@ -0,0 +1,59 @@ |
227 |
+# Copyright 1999-2016 Gentoo Foundation |
228 |
+# Distributed under the terms of the GNU General Public License v2 |
229 |
+# $Id$ |
230 |
+ |
231 |
+EAPI=6 |
232 |
+ |
233 |
+inherit autotools eutils systemd |
234 |
+ |
235 |
+DESCRIPTION="The prelude log analyzer" |
236 |
+HOMEPAGE="https://www.prelude-siem.org" |
237 |
+SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz" |
238 |
+ |
239 |
+LICENSE="GPL-2+" |
240 |
+SLOT="0" |
241 |
+KEYWORDS="~amd64 ~x86" |
242 |
+IUSE="tls icu" |
243 |
+ |
244 |
+RDEPEND="dev-libs/libprelude |
245 |
+ dev-libs/libpcre |
246 |
+ icu? ( dev-libs/icu ) |
247 |
+ tls? ( net-libs/gnutls )" |
248 |
+ |
249 |
+DEPEND="${RDEPEND} |
250 |
+ virtual/pkgconfig" |
251 |
+ |
252 |
+PATCHES=( |
253 |
+ "${FILESDIR}/${P}-configure.patch" |
254 |
+ "${FILESDIR}/${P}-conf.patch" |
255 |
+ "${FILESDIR}/${P}-run.patch" |
256 |
+) |
257 |
+ |
258 |
+src_prepare() { |
259 |
+ default_src_prepare |
260 |
+ |
261 |
+ mv "${S}/configure.in" "${S}/configure.ac" || die "mv failed" |
262 |
+ |
263 |
+ eautoreconf |
264 |
+} |
265 |
+ |
266 |
+src_configure() { |
267 |
+ econf \ |
268 |
+ --localstatedir=/var \ |
269 |
+ $(use_enable icu) \ |
270 |
+ $(use_enable tls gnutls) |
271 |
+} |
272 |
+ |
273 |
+src_install() { |
274 |
+ default_src_install |
275 |
+ |
276 |
+ rm -rv "${D}/run" || die "rm failed" |
277 |
+ keepdir /var/${PN} |
278 |
+ |
279 |
+ prune_libtool_files --modules |
280 |
+ |
281 |
+ systemd_dounit "${FILESDIR}/${PN}.service" |
282 |
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf" |
283 |
+ |
284 |
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
285 |
+} |