commit: c0f80ffc742747068ff2850114a76afb05ffea09 Author: Slawomir Lis <slis <AT> gentoo <DOT> org> AuthorDate: Thu Dec 15 06:16:44 2016 +0000 Commit: Slawek Lis <slis <AT> gentoo <DOT> org> CommitDate: Thu Dec 15 06:16:44 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f80ffc
net-analyzer/suricata: Version bump to 3.2 Reported in bug 602590. Reported-By: Vieri <rentorbuy <AT> yahoo.com> Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/files/suricata-3.2-conf | 31 ++++++ net-analyzer/suricata/files/suricata-3.2-init | 82 +++++++++++++++ net-analyzer/suricata/suricata-3.2.ebuild | 139 ++++++++++++++++++++++++++ 4 files changed, 253 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index a2dfaa8..82918e3 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25 DIST suricata-3.1.2.tar.gz 3338099 SHA256 f9e7742580849f202254e75d9fc245ba53f4d7490f47a6d30f02a7b10aacc512 SHA512 93332193d424b44a7bad5e49132b652a87bcfde3959ab8d0f8229ff41c7db63f49511899a709bb12431c57ded8ddbca8a596a83dde01f979154a4412ae2dc316 WHIRLPOOL 369c5ac924f64bbc79d9233912b3b6b66424b02f6b2af721c19e571d23465ca3f9d6ee2ada15499bb29abe987788a4a59f0a8dd7145a14055b12bf22cb40a9fd DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe DIST suricata-3.1.tar.gz 3327181 SHA256 a05aa534166495a4d9ea6104a936bc8edb49376aeb3ba0b1b2a4d9687d016669 SHA512 64483951136f064ed3ad0e01276ac633e53aed511d5517b67d6ab2b81e7c2af436dcece7f8a2576c741cd79d19176da622775ff580f2f0cf747fd134ddcfd352 WHIRLPOOL 39a79626ab496789676a39f62cf2c6cfdfc592d0d04add63f711d7487364fcdd54be63d73b0529b39a5ef9aa30dadaf5ae5af57ff51cf65d9ecfd2ea5f2451ff +DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15 diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf new file mode 100644 index 00000000..dfb1471 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -0,0 +1,31 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# Suppose you configured iptables to use queues 0 and 1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# mkdir /var/log/suricata/q{0,1} +# Edit both suricata-q{0,1}.yaml files and set values accordingly (eg. set the suricata.log file path to +# a dedicated dir in the section "logging:outputs:-file"). +# You can then define the following options here: + +# SURICATA_OPTS[q0]="-q 0 -l /var/log/suricata/q0" +# SURICATA_OPTS[q1]="-q 1 -l /var/log/suricata/q1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +# SURICATA_OPTIONS="-i eth0" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init new file mode 100644 index 00000000..2a9d46f --- /dev/null +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -0,0 +1,82 @@ +#!/sbin/openrc-run +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SURICATA_DIR=${SURICATA_DIR:-/etc/suricata} +SURICATA=${SVCNAME#*.} +if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then + SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" + SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" + SURICATAOPTS=${SURICATA_OPTS[${SURICATA}]} +else + SURICATACONF="${SURICATA_DIR}/suricata.yaml" + SURICATAPID="/var/run/suricata/suricata.pid" + SURICATAOPTS=${SURICATA_OPTIONS} +fi + +extra_commands="checkconfig" +extra_started_commands="reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e ${SURICATACONF} ] ; then + eerror "You need to create ${SURICATACONF} to run ${SVCNAME}." + return 1 + fi + if [ ! -d "/var/run/suricata" ] ; then + checkpath -d /var/run/suricata + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet --exec /usr/bin/suricata \ + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \ + -c ${SURICATACONF} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 + einfon "Waiting for ${SVCNAME} to shut down. This can take a while..." + echo + # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic + cnt=300 + while [ -f ${SURICATAPID} ]; do + cnt=$(expr $cnt - 1) + if [ $cnt -lt 1 ] ; then + echo + eend 1 "Failed." + break + fi + sleep 1 + echo -ne "$cnt seconds left before we give up\r" + done + eend $? +} + +reload() { + + local SUR_PID="`cat ${SURICATAPID}`" + local SUR_USER="`ps -p ${SUR_PID} --no-headers -o user`" + + if [ ! -f ${SURICATAPID} ]; then + eerror "${SVCNAME} isn't running" + return 1 + elif [ ${SUR_USER} != root ]; then + eerror "${SVCNAME} must be running as root for reload to work!" + return 1 + else + checkconfig || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile ${SURICATAPID} + fi +} diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild new file mode 100644 index 00000000..2bd57bd --- /dev/null +++ b/net-analyzer/suricata/suricata-3.2.ebuild @@ -0,0 +1,139 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="http://suricata-ids.org/"; +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue redis +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua? ( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue? ( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) +" +# #446814 +# prelude? ( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use debug ; then + myeconfargs+=( $(use_enable debug) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi + if use redis ; then + myeconfargs+=( $(use_enable redis hiredis) ) + fi + # not supported yet (no pfring in portage) +# if use pfring ; then +# myeconfargs+=( $(use_enable pfring) ) +# fi + # no libprelude in portage +# if use prelude ; then +# myeconfargs+=( $(use_enable prelude) ) +# fi + if use lua ; then + myeconfargs+=( $(use_enable lua) ) + fi + if use luajit ; then + myeconfargs+=( $(use_enable luajit) ) + fi + +# this should be used when pf_ring use flag support will be added +# LIBS+="-lrt -lnuma" + + econf LIBS="${LIBS}" ${myeconfargs[@]} +} + +src_install() { + emake DESTDIR="${D}" install + + insinto "/etc/${PN}" + doins {classification,reference,threshold}.config suricata.yaml + + if use rules ; then + insinto "/etc/${PN}/rules" + doins rules/*.rules + fi + + dodir "/var/lib/${PN}" + dodir "/var/log/${PN}" + dodir "/var/log/${PN}" \ + "/var/lib/${PN}" + + fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + + newinitd "${FILESDIR}/${P}-init" ${PN} + newconfd "${FILESDIR}/${P}-conf" ${PN} +} + +pkg_postinst() { + elog "The ${PN} init script expects to find the path to the configuration" + elog "file as well as extra options in /etc/conf.d." + elog "" + elog "To create more than one ${PN} service, simply create a new .yaml file for it" + elog "then create a symlink to the init script from a link called" + elog "${PN}.foo - like so" + elog " cd /etc/${PN}" + elog " ${EDITOR##*/} suricata-foo.yaml" + elog " cd /etc/init.d" + elog " ln -s ${PN} ${PN}.foo" + elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." + elog "" + elog "You can create as many ${PN}.foo* services as you wish." +}
