1 |
commit: a43050c1456321619ef97dfdeb5a158593fef58d |
2 |
Author: Slawomir Lis <slis <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Dec 27 07:33:10 2016 +0000 |
4 |
Commit: Slawek Lis <slis <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 27 07:33:10 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43050c1 |
7 |
|
8 |
net-analyzer/suricata: updated init script and config file |
9 |
|
10 |
Updated way the script starts suricata, it allows to define config values |
11 |
inline now. |
12 |
|
13 |
Details in bug 602590. |
14 |
|
15 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
16 |
|
17 |
net-analyzer/suricata/files/suricata-3.2-conf | 4 ++-- |
18 |
net-analyzer/suricata/files/suricata-3.2-init | 26 ++++++++++++-------------- |
19 |
net-analyzer/suricata/suricata-3.2.ebuild | 2 -- |
20 |
3 files changed, 14 insertions(+), 18 deletions(-) |
21 |
|
22 |
diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf |
23 |
index bc6e281..61715ba 100644 |
24 |
--- a/net-analyzer/suricata/files/suricata-3.2-conf |
25 |
+++ b/net-analyzer/suricata/files/suricata-3.2-conf |
26 |
@@ -23,8 +23,8 @@ |
27 |
# |
28 |
# You can then define the following options here: |
29 |
|
30 |
-# SURICATA_OPTS_q0="-i eth0" |
31 |
-# SURICATA_OPTS_q1="-i eth1" |
32 |
+# SURICATA_OPTS_q0="-q 0" |
33 |
+# SURICATA_OPTS_q1="-q 1" |
34 |
|
35 |
# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata |
36 |
# then you can set: |
37 |
|
38 |
diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init |
39 |
index 3a9c356..d612815 100644 |
40 |
--- a/net-analyzer/suricata/files/suricata-3.2-init |
41 |
+++ b/net-analyzer/suricata/files/suricata-3.2-init |
42 |
@@ -16,6 +16,7 @@ else |
43 |
SURICATAPID="/var/run/suricata/suricata.pid" |
44 |
SURICATAOPTS=${SURICATA_OPTS} |
45 |
fi |
46 |
+[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" |
47 |
|
48 |
extra_commands="checkconfig" |
49 |
extra_started_commands="reload relog" |
50 |
@@ -28,8 +29,9 @@ depend() { |
51 |
|
52 |
checkconfig() { |
53 |
if [ ! -e ${SURICATACONF} ] ; then |
54 |
- eerror "You need to create ${SURICATACONF} to run ${SVCNAME}." |
55 |
- return 1 |
56 |
+ einfo "The configuration file ${SURICATACONF} was not found." |
57 |
+ einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." |
58 |
+ einfo "Take a look at the suricata arguments --set and --dump-config." |
59 |
fi |
60 |
if [ ! -d "/var/run/suricata" ] ; then |
61 |
checkpath -d /var/run/suricata |
62 |
@@ -37,7 +39,7 @@ checkconfig() { |
63 |
} |
64 |
|
65 |
initpidinfo() { |
66 |
- [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" |
67 |
+ [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" |
68 |
if [ ${#SUR_PID} -gt 0 ]; then |
69 |
SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" |
70 |
SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)" |
71 |
@@ -46,7 +48,7 @@ initpidinfo() { |
72 |
|
73 |
checkpidinfo() { |
74 |
initpidinfo |
75 |
- if [ ! -f ${SURICATAPID} ]; then |
76 |
+ if [ ! -e ${SURICATAPID} ]; then |
77 |
eerror "${SVCNAME} isn't running" |
78 |
return 1 |
79 |
elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then |
80 |
@@ -65,12 +67,11 @@ start() { |
81 |
checkconfig || return 1 |
82 |
ebegin "Starting ${SVCNAME}" |
83 |
start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ |
84 |
- -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \ |
85 |
- -c ${SURICATACONF} >/dev/null 2>&1 |
86 |
+ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1 |
87 |
local SUR_EXIT=$? |
88 |
if [ $((SUR_EXIT)) -ne 0 ]; then |
89 |
einfo "Could not start ${SURICATA_BIN} with:" |
90 |
- einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c ${SURICATACONF}" |
91 |
+ einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}" |
92 |
einfo "Exit code ${SUR_EXIT}" |
93 |
fi |
94 |
eend ${SUR_EXIT} |
95 |
@@ -80,14 +81,13 @@ stop() { |
96 |
ebegin "Stopping ${SVCNAME}" |
97 |
initpidinfo |
98 |
start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 |
99 |
- einfon "Waiting for ${SVCNAME} to shut down. This can take a while..." |
100 |
- echo |
101 |
+ einfo "Waiting for ${SVCNAME} to shut down. This can take a while..." |
102 |
# max wait: 5 minutes as it can take quite a while on some systems with heavy traffic |
103 |
local cnt=300 |
104 |
- while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do |
105 |
+ while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do |
106 |
cnt=$(expr $cnt - 1) |
107 |
sleep 1 |
108 |
- echo -ne "$cnt seconds left before we give up checking the PID file...\r" |
109 |
+ einfo -ne "$cnt seconds left before we give up checking the PID file...\r" |
110 |
done |
111 |
# under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed |
112 |
# max wait for process to terminate: 1 minute |
113 |
@@ -95,19 +95,17 @@ stop() { |
114 |
cnt=60 |
115 |
SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" |
116 |
if [ $((SUR_PID_CHECK)) -ne 0 ]; then |
117 |
- echo |
118 |
einfo "The PID file ${SURICATAPID} is gone but the ${SVCNAME} PID ${SUR_PID} is still running." |
119 |
einfo "Waiting for process to shut down on its own. This can take a while..." |
120 |
fi |
121 |
while [ $((SUR_PID_CHECK)) -ne 0 ]; do |
122 |
cnt=$(expr $cnt - 1) |
123 |
if [ $cnt -lt 1 ] ; then |
124 |
- echo |
125 |
eend 1 "Failed. You might need to kill PID ${SUR_PID} or find out why it can't be stopped." |
126 |
break |
127 |
fi |
128 |
sleep 1 |
129 |
- echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r" |
130 |
+ einfo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r" |
131 |
SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" |
132 |
done |
133 |
fi |
134 |
|
135 |
diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild |
136 |
index 078186b..ba4903c 100644 |
137 |
--- a/net-analyzer/suricata/suricata-3.2.ebuild |
138 |
+++ b/net-analyzer/suricata/suricata-3.2.ebuild |
139 |
@@ -118,8 +118,6 @@ src_install() { |
140 |
|
141 |
dodir "/var/lib/${PN}" |
142 |
dodir "/var/log/${PN}" |
143 |
- dodir "/var/log/${PN}" \ |
144 |
- "/var/lib/${PN}" |
145 |
|
146 |
fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" |
147 |
fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" |