commit: 3a233c7192c7c95146c9f0dfd5f601deaf23a202
Author: Thomas Andrejak <thomas.andrejak <AT> gmail <DOT> com>
AuthorDate: Sun Jul 17 13:13:05 2016 +0000
Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
CommitDate: Fri Aug 5 01:10:12 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a233c71
net-analyzer/prelude-lml: New package
Prelude-LML is a log analyser that allows Prelude to collect and
analyze information from all kind of applications emitting logs or
syslog messages in order to detect suspicious activities and transform
them into Prelude-IDMEF alerts.
net-analyzer/prelude-lml/Manifest | 1 +
.../prelude-lml/files/prelude-lml-3.0.0-conf.patch | 22 ++++++++
.../files/prelude-lml-3.0.0-configure.patch | 35 +++++++++++++
.../prelude-lml/files/prelude-lml-3.0.0-run.patch | 14 +++++
net-analyzer/prelude-lml/files/prelude-lml.initd | 27 ++++++++++
net-analyzer/prelude-lml/files/prelude-lml.run | 4 ++
net-analyzer/prelude-lml/files/prelude-lml.service | 13 +++++
net-analyzer/prelude-lml/metadata.xml | 23 +++++++++
net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild | 59 ++++++++++++++++++++++
9 files changed, 198 insertions(+)
diff --git a/net-analyzer/prelude-lml/Manifest
b/net-analyzer/prelude-lml/Manifest
new file mode 100644
index 0000000..021270e
--- /dev/null
+++ b/net-analyzer/prelude-lml/Manifest
@@ -0,0 +1 @@
+DIST prelude-lml-3.0.0.tar.gz 1391203 SHA256
53e3ccba2e3842e583739234366b6a5241dc6a8d18da501e6c9ff5e2b9792814 SHA512
f206407f99df394186466566608b434a94d4fdce3e5e8991a4236f2ee670f6ae2573adea22bc248fdfea760588e94160faa7260257aeaeb35c938e1bb886ee6c
WHIRLPOOL
2b8ff99576e502461625897251726dd7c1e3a849e27816c64e931548d0ae76f12c125f444096f1aa1894c5f0fce206a7aa436de754a0ff8a3cc25fd475913fc6
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch
b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch
new file mode 100644
index 0000000..dab4ea8
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch
@@ -0,0 +1,22 @@
+--- a/prelude-lml.conf
++++ b/prelude-lml.conf
+@@ -92,7 +92,7 @@
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+)
(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+ file = /var/log/messages
+-file = /var/log/secure
++file = /var/log/auth.log
+ # udp-server = 0.0.0.0
+ # tcp-server = 0.0.0.0
+ # tcp-tls-server = 0.0.0.0
+--- a/prelude-lml.conf.in
++++ b/prelude-lml.conf.in
+@@ -92,7 +92,7 @@
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+)
(?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+ file = /var/log/messages
+-file = /var/log/secure
++file = /var/log/auth.log
+ # udp-server = 0.0.0.0
+ # tcp-server = 0.0.0.0
+ # tcp-tls-server = 0.0.0.0
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch
b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch
new file mode 100644
index 0000000..154a261
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch
@@ -0,0 +1,35 @@
+--- a/configure.in
++++ b/configure.in
+@@ -107,10 +107,13 @@
+ dnl **************************************************
+ GNUTLS_MIN_VERSION=1.0.17
+
+-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [],
+- [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes,
enable_gnutls=no)])
+-
+-AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no)
++AC_ARG_ENABLE(gnutls, AC_HELP_STRING(--enable-gnutls, Define whether GnuTLS
provides gnutls_hash_get_len function), , enable_gnutls="yes")
++if test x$enable_gnutls = xyes; then
++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [],
++ [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION,
enable_gnutls=yes, enable_gnutls=no)])
++
++ AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no)
++fi
+
+ if test x$enable_gnutls = xyes; then
+ AC_DEFINE_UNQUOTED(HAVE_GNUTLS, , Tell whether GnuTLS is available
for TCP-TLS support)
+@@ -125,8 +128,12 @@
+ dnl * Check for libICU *
+ dnl **************************************************
+
+-PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes],
+- [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)])
++AC_ARG_ENABLE(icu, AC_HELP_STRING(--enable-icu, Tell whether libicu is
available for encoding convertion), , enable_icu="yes")
++
++if test x$enable_icu = xyes; then
++ PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes],
++ [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)])
++fi
+ if test x$enable_icu = xyes; then
+ AC_DEFINE_UNQUOTED(HAVE_LIBICU, , Tell whether libicu is available
for encoding convertion)
+ fi
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch
b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch
new file mode 100644
index 0000000..8b4e652
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch
@@ -0,0 +1,14 @@
+--- a/configure.in
++++ b/configure.in
+@@ -187,9 +187,9 @@
+ configdir=$SYSCONFDIR/prelude-lml
+ prelude_lml_conf=$configdir/prelude-lml.conf
+ regex_conf=$configdir/plugins.rules
+-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml
++metadata_dir=$LOCALSTATEDIR/prelude-lml
+ plugindir=$LIBDIR/prelude-lml
+-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml
++lml_run_dir=/run/prelude-lml
+
+ AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML
configuration file)
+ AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin
directory)
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.initd
b/net-analyzer/prelude-lml/files/prelude-lml.initd
new file mode 100755
index 0000000..411e027
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+BIN_LML=/usr/bin/prelude-lml
+PID_LML=/run/prelude-lml/prelude-lml.pid
+
+depend() {
+ need net
+ after prelude-manager
+}
+
+start() {
+ ebegin "Starting prelude-lml"
+ checkpath -d -m 0755 -o root:root /run/prelude-lml
+ start-stop-daemon --start --exec $BIN_LML \
+ --pidfile $PID_LML -- -d -P $PID_LML
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping prelude-lml"
+ start-stop-daemon --stop --exec $BIN_LML \
+ --pidfile $PID_LML
+ eend $?
+}
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.run
b/net-analyzer/prelude-lml/files/prelude-lml.run
new file mode 100644
index 0000000..75f2ef8
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.run
@@ -0,0 +1,4 @@
+# Configuration to create /run/prelude-lml directory
+# Used as part of systemd's tmpfiles
+
+d /run/prelude-lml 0755 root root
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.service
b/net-analyzer/prelude-lml/files/prelude-lml.service
new file mode 100644
index 0000000..9d9230c
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Prelude-LML service
+DefaultDependencies=no
+After=remote_fs.target prelude-manager.service
+
+[Service]
+ExecStart=/usr/bin/prelude-lml -d -P /run/prelude-lml/prelude-lml.pid
+Type=forking
+PIDFile=/run/prelude-lml/prelude-lml.pid
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/prelude-lml/metadata.xml
b/net-analyzer/prelude-lml/metadata.xml
new file mode 100644
index 0000000..9aa9094
--- /dev/null
+++ b/net-analyzer/prelude-lml/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>thomas.andre...@gmail.com</email>
+ <name>Thomas Andrejak</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-ma...@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <longdescription lang="en">
+ Prelude-LML is a log analyser that allows Prelude to collect and
+ analyze information from all kind of applications emitting logs
or
+ syslog messages in order to detect suspicious activities and
transform
+ them into Prelude-IDMEF alerts. Prelude-LML handles events
generated
+ by a large set of applications
+ </longdescription>
+ <use>
+ <flag name="tls">Enables Prelude LML support Syslog through TLS
+ using <pkg>net-libs/gnutls</pkg>.</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild
b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild
new file mode 100644
index 0000000..6d57560
--- /dev/null
+++ b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools eutils systemd
+
+DESCRIPTION="The prelude log analyzer"
+HOMEPAGE="https://www.prelude-siem.org";
+SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz";
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="tls icu"
+
+RDEPEND="dev-libs/libprelude
+ dev-libs/libpcre
+ icu? ( dev-libs/icu )
+ tls? ( net-libs/gnutls )"
+
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${P}-configure.patch"
+ "${FILESDIR}/${P}-conf.patch"
+ "${FILESDIR}/${P}-run.patch"
+)
+
+src_prepare() {
+ default_src_prepare
+
+ mv "${S}/configure.in" "${S}/configure.ac" || die "mv failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir=/var \
+ $(use_enable icu) \
+ $(use_enable tls gnutls)
+}
+
+src_install() {
+ default_src_install
+
+ rm -rv "${D}/run" || die "rm failed"
+ keepdir /var/${PN}
+
+ prune_libtool_files --modules
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf"
+
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+}
