1 |
commit: a382935f837f6a18529793813228cb2731e9d36f |
2 |
Author: Slawomir Lis <slis <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Dec 28 09:34:11 2016 +0000 |
4 |
Commit: Slawek Lis <slis <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Dec 28 09:34:11 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f |
7 |
|
8 |
net-analyzer/suricata: Updated suricata logging and added logrotate file |
9 |
|
10 |
I've also bumped revision number, as there are many changes, and those fixes |
11 |
should finally close bug 602590. |
12 |
|
13 |
Thanks to Vieri <rentorbuy <AT> yahoo.com> for support. |
14 |
|
15 |
Package-Manager: Portage-2.3.3, Repoman-2.3.1 |
16 |
|
17 |
net-analyzer/suricata/files/suricata-3.2-conf | 11 +- |
18 |
net-analyzer/suricata/files/suricata-3.2-init | 28 +++-- |
19 |
net-analyzer/suricata/files/suricata-logrotate | 6 + |
20 |
net-analyzer/suricata/metadata.xml | 1 + |
21 |
net-analyzer/suricata/suricata-3.2-r1.ebuild | 161 +++++++++++++++++++++++++ |
22 |
5 files changed, 189 insertions(+), 18 deletions(-) |
23 |
|
24 |
diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf |
25 |
index d900ade..fc6885d 100644 |
26 |
--- a/net-analyzer/suricata/files/suricata-3.2-conf |
27 |
+++ b/net-analyzer/suricata/files/suricata-3.2-conf |
28 |
@@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0" |
29 |
|
30 |
# Log paths listed here will be created by the init script and will override the log path |
31 |
# set in the yaml file, if present. |
32 |
-# SURICATA_LOG_PATH_q0="/var/log/suricata/q0" |
33 |
-# SURICATA_LOG_PATH_q1="/var/log/suricata/q1" |
34 |
-# SURICATA_LOG_PATH="/var/log/suricata" |
35 |
-# SURICATA_LOG_FILE="suricata.log" |
36 |
- |
37 |
-# You can view all the available options you can set with --set |
38 |
-# and check the full config settings in an easily parsable format. |
39 |
-# SURICATA_DUMP=1 |
40 |
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" |
41 |
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" |
42 |
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" |
43 |
|
44 |
diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init |
45 |
index 3ec6afd..1717dbb 100644 |
46 |
--- a/net-analyzer/suricata/files/suricata-3.2-init |
47 |
+++ b/net-analyzer/suricata/files/suricata-3.2-init |
48 |
@@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then |
49 |
[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" |
50 |
SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" |
51 |
eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} |
52 |
- eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID} |
53 |
+ eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} |
54 |
else |
55 |
SURICATACONF=${SURICATA_CONF} |
56 |
[ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" |
57 |
SURICATAPID="/var/run/suricata/suricata.pid" |
58 |
SURICATAOPTS=${SURICATA_OPTS} |
59 |
- SURICATALOGPATH=${SURICATA_LOG_PATH} |
60 |
+ SURICATALOGPATH=${SURICATA_LOG_FILE} |
61 |
fi |
62 |
[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" |
63 |
|
64 |
-extra_commands="checkconfig" |
65 |
+description="Suricata IDS/IPS" |
66 |
+extra_commands="checkconfig dump" |
67 |
+description_checkconfig="Check config for ${SVCNAME}" |
68 |
+description_dump="List all config values that can be used with --set" |
69 |
extra_started_commands="reload relog" |
70 |
+description_reload="Live rule and config reload" |
71 |
+description_relog="Close and re-open all log files" |
72 |
|
73 |
depend() { |
74 |
need net |
75 |
@@ -41,10 +46,12 @@ checkconfig() { |
76 |
checkpath -d /var/run/suricata |
77 |
fi |
78 |
if [ ${#SURICATALOGPATH} -gt 0 ]; then |
79 |
+ SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} ) |
80 |
+ SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} |
81 |
+ SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) |
82 |
if [ ! -d "${SURICATALOGPATH}" ] ; then |
83 |
checkpath -d "${SURICATALOGPATH}" |
84 |
fi |
85 |
- SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log} |
86 |
SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" |
87 |
SURICATALOGPATH="-l ${SURICATALOGPATH}" |
88 |
fi |
89 |
@@ -77,12 +84,6 @@ checkpidinfo() { |
90 |
|
91 |
start() { |
92 |
checkconfig || return 1 |
93 |
- if [ $((SURICATA_DUMP)) -eq 1 ]; then |
94 |
- einfo "Dumping ${SVCNAME} config values and quitting." |
95 |
- ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} |
96 |
- einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}." |
97 |
- return 1 |
98 |
- fi |
99 |
ebegin "Starting ${SVCNAME}" |
100 |
start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ |
101 |
-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 |
102 |
@@ -145,3 +146,10 @@ relog() { |
103 |
start-stop-daemon --signal HUP --pidfile ${SURICATAPID} |
104 |
eend $? |
105 |
} |
106 |
+ |
107 |
+dump() { |
108 |
+ checkconfig || return 1 |
109 |
+ ebegin "Dumping ${SVCNAME} config values and quitting." |
110 |
+ ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} |
111 |
+ eend $? |
112 |
+} |
113 |
|
114 |
diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate |
115 |
new file mode 100644 |
116 |
index 00000000..0dc145b |
117 |
--- /dev/null |
118 |
+++ b/net-analyzer/suricata/files/suricata-logrotate |
119 |
@@ -0,0 +1,6 @@ |
120 |
+/var/log/suricata/* { |
121 |
+ missingok |
122 |
+ postrotate |
123 |
+ /etc/init.d/suricata reload |
124 |
+ endscript |
125 |
+} |
126 |
|
127 |
diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml |
128 |
index e538ae1..58878c6 100644 |
129 |
--- a/net-analyzer/suricata/metadata.xml |
130 |
+++ b/net-analyzer/suricata/metadata.xml |
131 |
@@ -14,5 +14,6 @@ |
132 |
<flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag> |
133 |
<flag name="redis">Enable Redis support</flag> |
134 |
<flag name="rules">Install default ruleset</flag> |
135 |
+ <flag name="logrotate">Install logrotate rule</flag> |
136 |
</use> |
137 |
</pkgmetadata> |
138 |
|
139 |
diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild |
140 |
new file mode 100644 |
141 |
index 00000000..816a69d |
142 |
--- /dev/null |
143 |
+++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild |
144 |
@@ -0,0 +1,161 @@ |
145 |
+# Copyright 1999-2016 Gentoo Foundation |
146 |
+# Distributed under the terms of the GNU General Public License v2 |
147 |
+# $Id$ |
148 |
+ |
149 |
+EAPI=5 |
150 |
+ |
151 |
+inherit autotools eutils user |
152 |
+ |
153 |
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" |
154 |
+HOMEPAGE="http://suricata-ids.org/" |
155 |
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz" |
156 |
+ |
157 |
+LICENSE="GPL-2" |
158 |
+SLOT="0" |
159 |
+KEYWORDS="~amd64 ~x86" |
160 |
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" |
161 |
+ |
162 |
+DEPEND=" |
163 |
+ >=dev-libs/jansson-2.2 |
164 |
+ dev-libs/libpcre |
165 |
+ dev-libs/libyaml |
166 |
+ net-libs/libnet:* |
167 |
+ net-libs/libnfnetlink |
168 |
+ dev-libs/nspr |
169 |
+ dev-libs/nss |
170 |
+ >=net-libs/libhtp-0.5.20 |
171 |
+ net-libs/libpcap |
172 |
+ sys-apps/file |
173 |
+ cuda? ( dev-util/nvidia-cuda-toolkit ) |
174 |
+ geoip? ( dev-libs/geoip ) |
175 |
+ lua? ( dev-lang/lua:* ) |
176 |
+ luajit? ( dev-lang/luajit:* ) |
177 |
+ nflog? ( net-libs/libnetfilter_log ) |
178 |
+ nfqueue? ( net-libs/libnetfilter_queue ) |
179 |
+ redis? ( dev-libs/hiredis ) |
180 |
+ logrotate? ( app-admin/logrotate ) |
181 |
+" |
182 |
+# #446814 |
183 |
+# prelude? ( dev-libs/libprelude ) |
184 |
+# pfring? ( sys-process/numactl net-libs/pf_ring) |
185 |
+RDEPEND="${DEPEND}" |
186 |
+ |
187 |
+pkg_setup() { |
188 |
+ enewgroup ${PN} |
189 |
+ enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" |
190 |
+} |
191 |
+ |
192 |
+src_prepare() { |
193 |
+ eautoreconf |
194 |
+} |
195 |
+ |
196 |
+src_configure() { |
197 |
+ local myeconfargs=( |
198 |
+ "--localstatedir=/var/" \ |
199 |
+ "--enable-non-bundled-htp" \ |
200 |
+ $(use_enable af-packet) \ |
201 |
+ $(use_enable detection) \ |
202 |
+ $(use_enable nfqueue) \ |
203 |
+ $(use_enable test coccinelle) \ |
204 |
+ $(use_enable test unittests) \ |
205 |
+ $(use_enable control-socket unix-socket) |
206 |
+ ) |
207 |
+ |
208 |
+ if use cuda ; then |
209 |
+ myeconfargs+=( $(use_enable cuda) ) |
210 |
+ fi |
211 |
+ if use geoip ; then |
212 |
+ myeconfargs+=( $(use_enable geoip) ) |
213 |
+ fi |
214 |
+ if use hardened ; then |
215 |
+ myeconfargs+=( $(use_enable hardened gccprotect) ) |
216 |
+ fi |
217 |
+ if use nflog ; then |
218 |
+ myeconfargs+=( $(use_enable nflog) ) |
219 |
+ fi |
220 |
+ if use redis ; then |
221 |
+ myeconfargs+=( $(use_enable redis hiredis) ) |
222 |
+ fi |
223 |
+ # not supported yet (no pfring in portage) |
224 |
+# if use pfring ; then |
225 |
+# myeconfargs+=( $(use_enable pfring) ) |
226 |
+# fi |
227 |
+ # no libprelude in portage |
228 |
+# if use prelude ; then |
229 |
+# myeconfargs+=( $(use_enable prelude) ) |
230 |
+# fi |
231 |
+ if use lua ; then |
232 |
+ myeconfargs+=( $(use_enable lua) ) |
233 |
+ fi |
234 |
+ if use luajit ; then |
235 |
+ myeconfargs+=( $(use_enable luajit) ) |
236 |
+ fi |
237 |
+ |
238 |
+# this should be used when pf_ring use flag support will be added |
239 |
+# LIBS+="-lrt -lnuma" |
240 |
+ |
241 |
+ # avoid upstream configure script trying to add -march=native to CFLAGS |
242 |
+ myeconfargs+=( --enable-gccmarch-native=no ) |
243 |
+ |
244 |
+ if use debug ; then |
245 |
+ myeconfargs+=( $(use_enable debug) ) |
246 |
+ # so we can get a backtrace according to "reporting bugs" on upstream web site |
247 |
+ CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]} |
248 |
+ else |
249 |
+ econf LIBS="${LIBS}" ${myeconfargs[@]} |
250 |
+ fi |
251 |
+} |
252 |
+ |
253 |
+src_install() { |
254 |
+ emake DESTDIR="${D}" install |
255 |
+ |
256 |
+ insinto "/etc/${PN}" |
257 |
+ doins {classification,reference,threshold}.config suricata.yaml |
258 |
+ |
259 |
+ if use rules ; then |
260 |
+ insinto "/etc/${PN}/rules" |
261 |
+ doins rules/*.rules |
262 |
+ fi |
263 |
+ |
264 |
+ dodir "/var/lib/${PN}" |
265 |
+ dodir "/var/log/${PN}" |
266 |
+ dodir "/var/log/${PN}" \ |
267 |
+ "/var/lib/${PN}" |
268 |
+ |
269 |
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" |
270 |
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" |
271 |
+ |
272 |
+ newinitd "${FILESDIR}/${P}-init" ${PN} |
273 |
+ newconfd "${FILESDIR}/${P}-conf" ${PN} |
274 |
+ |
275 |
+ if use logrotate; then |
276 |
+ insopts -m0644 |
277 |
+ insinto /etc/logrotate.d |
278 |
+ newins "${FILESDIR}"/${PN}.logrotate ${PN} |
279 |
+ fi |
280 |
+} |
281 |
+ |
282 |
+pkg_postinst() { |
283 |
+ elog "The ${PN} init script expects to find the path to the configuration" |
284 |
+ elog "file as well as extra options in /etc/conf.d." |
285 |
+ elog "" |
286 |
+ elog "To create more than one ${PN} service, simply create a new .yaml file for it" |
287 |
+ elog "then create a symlink to the init script from a link called" |
288 |
+ elog "${PN}.foo - like so" |
289 |
+ elog " cd /etc/${PN}" |
290 |
+ elog " ${EDITOR##*/} suricata-foo.yaml" |
291 |
+ elog " cd /etc/init.d" |
292 |
+ elog " ln -s ${PN} ${PN}.foo" |
293 |
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." |
294 |
+ elog "" |
295 |
+ elog "You can create as many ${PN}.foo* services as you wish." |
296 |
+ |
297 |
+ if use logrotate; then |
298 |
+ elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logortate config file in /etc/logrotate.d/." |
299 |
+ fi |
300 |
+ |
301 |
+ if use debug; then |
302 |
+ elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" |
303 |
+ elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" |
304 |
+ fi |
305 |
+} |