Gentoo Archives: gentoo-commits

From: Slawek Lis <slis@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
Date: Wed, 28 Dec 2016 09:34:26
Message-Id: 1482917651.a382935f837f6a18529793813228cb2731e9d36f.slis@gentoo
1 commit: a382935f837f6a18529793813228cb2731e9d36f
2 Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
3 AuthorDate: Wed Dec 28 09:34:11 2016 +0000
4 Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
5 CommitDate: Wed Dec 28 09:34:11 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f
7
8 net-analyzer/suricata: Updated suricata logging and added logrotate file
9
10 I've also bumped revision number, as there are many changes, and those fixes
11 should finally close bug 602590.
12
13 Thanks to Vieri <rentorbuy <AT> yahoo.com> for support.
14
15 Package-Manager: Portage-2.3.3, Repoman-2.3.1
16
17 net-analyzer/suricata/files/suricata-3.2-conf | 11 +-
18 net-analyzer/suricata/files/suricata-3.2-init | 28 +++--
19 net-analyzer/suricata/files/suricata-logrotate | 6 +
20 net-analyzer/suricata/metadata.xml | 1 +
21 net-analyzer/suricata/suricata-3.2-r1.ebuild | 161 +++++++++++++++++++++++++
22 5 files changed, 189 insertions(+), 18 deletions(-)
23
24 diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
25 index d900ade..fc6885d 100644
26 --- a/net-analyzer/suricata/files/suricata-3.2-conf
27 +++ b/net-analyzer/suricata/files/suricata-3.2-conf
28 @@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0"
29
30 # Log paths listed here will be created by the init script and will override the log path
31 # set in the yaml file, if present.
32 -# SURICATA_LOG_PATH_q0="/var/log/suricata/q0"
33 -# SURICATA_LOG_PATH_q1="/var/log/suricata/q1"
34 -# SURICATA_LOG_PATH="/var/log/suricata"
35 -# SURICATA_LOG_FILE="suricata.log"
36 -
37 -# You can view all the available options you can set with --set
38 -# and check the full config settings in an easily parsable format.
39 -# SURICATA_DUMP=1
40 +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
41 +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
42 +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
43
44 diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
45 index 3ec6afd..1717dbb 100644
46 --- a/net-analyzer/suricata/files/suricata-3.2-init
47 +++ b/net-analyzer/suricata/files/suricata-3.2-init
48 @@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
49 [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
50 SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
51 eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
52 - eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID}
53 + eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
54 else
55 SURICATACONF=${SURICATA_CONF}
56 [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
57 SURICATAPID="/var/run/suricata/suricata.pid"
58 SURICATAOPTS=${SURICATA_OPTS}
59 - SURICATALOGPATH=${SURICATA_LOG_PATH}
60 + SURICATALOGPATH=${SURICATA_LOG_FILE}
61 fi
62 [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
63
64 -extra_commands="checkconfig"
65 +description="Suricata IDS/IPS"
66 +extra_commands="checkconfig dump"
67 +description_checkconfig="Check config for ${SVCNAME}"
68 +description_dump="List all config values that can be used with --set"
69 extra_started_commands="reload relog"
70 +description_reload="Live rule and config reload"
71 +description_relog="Close and re-open all log files"
72
73 depend() {
74 need net
75 @@ -41,10 +46,12 @@ checkconfig() {
76 checkpath -d /var/run/suricata
77 fi
78 if [ ${#SURICATALOGPATH} -gt 0 ]; then
79 + SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} )
80 + SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
81 + SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
82 if [ ! -d "${SURICATALOGPATH}" ] ; then
83 checkpath -d "${SURICATALOGPATH}"
84 fi
85 - SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log}
86 SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
87 SURICATALOGPATH="-l ${SURICATALOGPATH}"
88 fi
89 @@ -77,12 +84,6 @@ checkpidinfo() {
90
91 start() {
92 checkconfig || return 1
93 - if [ $((SURICATA_DUMP)) -eq 1 ]; then
94 - einfo "Dumping ${SVCNAME} config values and quitting."
95 - ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
96 - einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}."
97 - return 1
98 - fi
99 ebegin "Starting ${SVCNAME}"
100 start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
101 -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
102 @@ -145,3 +146,10 @@ relog() {
103 start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
104 eend $?
105 }
106 +
107 +dump() {
108 + checkconfig || return 1
109 + ebegin "Dumping ${SVCNAME} config values and quitting."
110 + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
111 + eend $?
112 +}
113
114 diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate
115 new file mode 100644
116 index 00000000..0dc145b
117 --- /dev/null
118 +++ b/net-analyzer/suricata/files/suricata-logrotate
119 @@ -0,0 +1,6 @@
120 +/var/log/suricata/* {
121 + missingok
122 + postrotate
123 + /etc/init.d/suricata reload
124 + endscript
125 +}
126
127 diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml
128 index e538ae1..58878c6 100644
129 --- a/net-analyzer/suricata/metadata.xml
130 +++ b/net-analyzer/suricata/metadata.xml
131 @@ -14,5 +14,6 @@
132 <flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag>
133 <flag name="redis">Enable Redis support</flag>
134 <flag name="rules">Install default ruleset</flag>
135 + <flag name="logrotate">Install logrotate rule</flag>
136 </use>
137 </pkgmetadata>
138
139 diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild
140 new file mode 100644
141 index 00000000..816a69d
142 --- /dev/null
143 +++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild
144 @@ -0,0 +1,161 @@
145 +# Copyright 1999-2016 Gentoo Foundation
146 +# Distributed under the terms of the GNU General Public License v2
147 +# $Id$
148 +
149 +EAPI=5
150 +
151 +inherit autotools eutils user
152 +
153 +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
154 +HOMEPAGE="http://suricata-ids.org/"
155 +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
156 +
157 +LICENSE="GPL-2"
158 +SLOT="0"
159 +KEYWORDS="~amd64 ~x86"
160 +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
161 +
162 +DEPEND="
163 + >=dev-libs/jansson-2.2
164 + dev-libs/libpcre
165 + dev-libs/libyaml
166 + net-libs/libnet:*
167 + net-libs/libnfnetlink
168 + dev-libs/nspr
169 + dev-libs/nss
170 + >=net-libs/libhtp-0.5.20
171 + net-libs/libpcap
172 + sys-apps/file
173 + cuda? ( dev-util/nvidia-cuda-toolkit )
174 + geoip? ( dev-libs/geoip )
175 + lua? ( dev-lang/lua:* )
176 + luajit? ( dev-lang/luajit:* )
177 + nflog? ( net-libs/libnetfilter_log )
178 + nfqueue? ( net-libs/libnetfilter_queue )
179 + redis? ( dev-libs/hiredis )
180 + logrotate? ( app-admin/logrotate )
181 +"
182 +# #446814
183 +# prelude? ( dev-libs/libprelude )
184 +# pfring? ( sys-process/numactl net-libs/pf_ring)
185 +RDEPEND="${DEPEND}"
186 +
187 +pkg_setup() {
188 + enewgroup ${PN}
189 + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
190 +}
191 +
192 +src_prepare() {
193 + eautoreconf
194 +}
195 +
196 +src_configure() {
197 + local myeconfargs=(
198 + "--localstatedir=/var/" \
199 + "--enable-non-bundled-htp" \
200 + $(use_enable af-packet) \
201 + $(use_enable detection) \
202 + $(use_enable nfqueue) \
203 + $(use_enable test coccinelle) \
204 + $(use_enable test unittests) \
205 + $(use_enable control-socket unix-socket)
206 + )
207 +
208 + if use cuda ; then
209 + myeconfargs+=( $(use_enable cuda) )
210 + fi
211 + if use geoip ; then
212 + myeconfargs+=( $(use_enable geoip) )
213 + fi
214 + if use hardened ; then
215 + myeconfargs+=( $(use_enable hardened gccprotect) )
216 + fi
217 + if use nflog ; then
218 + myeconfargs+=( $(use_enable nflog) )
219 + fi
220 + if use redis ; then
221 + myeconfargs+=( $(use_enable redis hiredis) )
222 + fi
223 + # not supported yet (no pfring in portage)
224 +# if use pfring ; then
225 +# myeconfargs+=( $(use_enable pfring) )
226 +# fi
227 + # no libprelude in portage
228 +# if use prelude ; then
229 +# myeconfargs+=( $(use_enable prelude) )
230 +# fi
231 + if use lua ; then
232 + myeconfargs+=( $(use_enable lua) )
233 + fi
234 + if use luajit ; then
235 + myeconfargs+=( $(use_enable luajit) )
236 + fi
237 +
238 +# this should be used when pf_ring use flag support will be added
239 +# LIBS+="-lrt -lnuma"
240 +
241 + # avoid upstream configure script trying to add -march=native to CFLAGS
242 + myeconfargs+=( --enable-gccmarch-native=no )
243 +
244 + if use debug ; then
245 + myeconfargs+=( $(use_enable debug) )
246 + # so we can get a backtrace according to "reporting bugs" on upstream web site
247 + CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
248 + else
249 + econf LIBS="${LIBS}" ${myeconfargs[@]}
250 + fi
251 +}
252 +
253 +src_install() {
254 + emake DESTDIR="${D}" install
255 +
256 + insinto "/etc/${PN}"
257 + doins {classification,reference,threshold}.config suricata.yaml
258 +
259 + if use rules ; then
260 + insinto "/etc/${PN}/rules"
261 + doins rules/*.rules
262 + fi
263 +
264 + dodir "/var/lib/${PN}"
265 + dodir "/var/log/${PN}"
266 + dodir "/var/log/${PN}" \
267 + "/var/lib/${PN}"
268 +
269 + fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
270 + fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
271 +
272 + newinitd "${FILESDIR}/${P}-init" ${PN}
273 + newconfd "${FILESDIR}/${P}-conf" ${PN}
274 +
275 + if use logrotate; then
276 + insopts -m0644
277 + insinto /etc/logrotate.d
278 + newins "${FILESDIR}"/${PN}.logrotate ${PN}
279 + fi
280 +}
281 +
282 +pkg_postinst() {
283 + elog "The ${PN} init script expects to find the path to the configuration"
284 + elog "file as well as extra options in /etc/conf.d."
285 + elog ""
286 + elog "To create more than one ${PN} service, simply create a new .yaml file for it"
287 + elog "then create a symlink to the init script from a link called"
288 + elog "${PN}.foo - like so"
289 + elog " cd /etc/${PN}"
290 + elog " ${EDITOR##*/} suricata-foo.yaml"
291 + elog " cd /etc/init.d"
292 + elog " ln -s ${PN} ${PN}.foo"
293 + elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
294 + elog ""
295 + elog "You can create as many ${PN}.foo* services as you wish."
296 +
297 + if use logrotate; then
298 + elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logortate config file in /etc/logrotate.d/."
299 + fi
300 +
301 + if use debug; then
302 + elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
303 + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
304 + fi
305 +}