commit:     a382935f837f6a18529793813228cb2731e9d36f
Author:     Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 28 09:34:11 2016 +0000
Commit:     Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Wed Dec 28 09:34:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f

net-analyzer/suricata: Updated suricata logging and added logrotate file

I've also bumped revision number, as there are many changes, and those fixes
should finally close bug 602590.

Thanks to Vieri <rentorbuy <AT> yahoo.com> for support.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf  |  11 +-
 net-analyzer/suricata/files/suricata-3.2-init  |  28 +++--
 net-analyzer/suricata/files/suricata-logrotate |   6 +
 net-analyzer/suricata/metadata.xml             |   1 +
 net-analyzer/suricata/suricata-3.2-r1.ebuild   | 161 +++++++++++++++++++++++++
 5 files changed, 189 insertions(+), 18 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf 
b/net-analyzer/suricata/files/suricata-3.2-conf
index d900ade..fc6885d 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0"
 
 # Log paths listed here will be created by the init script and will override 
the log path
 # set in the yaml file, if present.
-# SURICATA_LOG_PATH_q0="/var/log/suricata/q0"
-# SURICATA_LOG_PATH_q1="/var/log/suricata/q1"
-# SURICATA_LOG_PATH="/var/log/suricata"
-# SURICATA_LOG_FILE="suricata.log"
-
-# You can view all the available options you can set with --set
-# and check the full config settings in an easily parsable format.
-# SURICATA_DUMP=1
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"

diff --git a/net-analyzer/suricata/files/suricata-3.2-init 
b/net-analyzer/suricata/files/suricata-3.2-init
index 3ec6afd..1717dbb 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; 
then
     [ ${#SURICATACONF} -eq 0 ] && 
SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || 
SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
     SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
     eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
-    eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
 else
     SURICATACONF=${SURICATA_CONF}
     [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" 
|| SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
     SURICATAPID="/var/run/suricata/suricata.pid"
     SURICATAOPTS=${SURICATA_OPTS}
-    SURICATALOGPATH=${SURICATA_LOG_PATH}
+    SURICATALOGPATH=${SURICATA_LOG_FILE}
 fi
 [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
 
-extra_commands="checkconfig"
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
 extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
 
 depend() {
        need net
@@ -41,10 +46,12 @@ checkconfig() {
                checkpath -d /var/run/suricata
        fi
        if [ ${#SURICATALOGPATH} -gt 0 ]; then
+               SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} )
+               SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+               SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
                if [ ! -d "${SURICATALOGPATH}" ] ; then
                        checkpath -d "${SURICATALOGPATH}"
                fi
-               SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log}
                SURICATAOPTS="${SURICATAOPTS} --set 
logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
                SURICATALOGPATH="-l ${SURICATALOGPATH}"
        fi
@@ -77,12 +84,6 @@ checkpidinfo() {
 
 start() {
        checkconfig || return 1
-       if [ $((SURICATA_DUMP)) -eq 1 ]; then
-           einfo "Dumping ${SVCNAME} config values and quitting."
-           ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} 
${SURICATAOPTS} ${SURICATALOGPATH}
-           einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}."
-           return 1
-       fi
        ebegin "Starting ${SVCNAME}"
        start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
                -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} 
${SURICATALOGPATH} >/dev/null 2>&1
@@ -145,3 +146,10 @@ relog() {
        start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
        eend $?
 }
+
+dump() {
+       checkconfig || return 1
+       ebegin "Dumping ${SVCNAME} config values and quitting."
+       ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} 
${SURICATALOGPATH}
+       eend $?
+}

diff --git a/net-analyzer/suricata/files/suricata-logrotate 
b/net-analyzer/suricata/files/suricata-logrotate
new file mode 100644
index 00000000..0dc145b
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-logrotate
@@ -0,0 +1,6 @@
+/var/log/suricata/* {
+       missingok
+       postrotate
+               /etc/init.d/suricata reload
+       endscript
+}

diff --git a/net-analyzer/suricata/metadata.xml 
b/net-analyzer/suricata/metadata.xml
index e538ae1..58878c6 100644
--- a/net-analyzer/suricata/metadata.xml
+++ b/net-analyzer/suricata/metadata.xml
@@ -14,5 +14,6 @@
     <flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag>
     <flag name="redis">Enable Redis support</flag>
     <flag name="rules">Install default ruleset</flag>
+    <flag name="logrotate">Install logrotate rule</flag>
   </use>
 </pkgmetadata>

diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild 
b/net-analyzer/suricata/suricata-3.2-r1.ebuild
new file mode 100644
index 00000000..816a69d
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring 
engine"
+HOMEPAGE="http://suricata-ids.org/";
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate 
lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+       >=dev-libs/jansson-2.2
+       dev-libs/libpcre
+       dev-libs/libyaml
+       net-libs/libnet:*
+       net-libs/libnfnetlink
+       dev-libs/nspr
+       dev-libs/nss
+       >=net-libs/libhtp-0.5.20
+       net-libs/libpcap
+       sys-apps/file
+       cuda?       ( dev-util/nvidia-cuda-toolkit )
+       geoip?      ( dev-libs/geoip )
+       lua?        ( dev-lang/lua:* )
+       luajit?     ( dev-lang/luajit:* )
+       nflog?      ( net-libs/libnetfilter_log )
+       nfqueue?    ( net-libs/libnetfilter_queue )
+       redis?      ( dev-libs/hiredis )
+       logrotate?      ( app-admin/logrotate )
+"
+# #446814
+#      prelude?    ( dev-libs/libprelude )
+#      pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+       enewgroup ${PN}
+       enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+       eautoreconf
+}
+
+src_configure() {
+       local myeconfargs=(
+               "--localstatedir=/var/" \
+               "--enable-non-bundled-htp" \
+               $(use_enable af-packet) \
+               $(use_enable detection) \
+               $(use_enable nfqueue) \
+               $(use_enable test coccinelle) \
+               $(use_enable test unittests) \
+               $(use_enable control-socket unix-socket)
+       )
+
+       if use cuda ; then
+               myeconfargs+=( $(use_enable cuda) )
+       fi
+       if use geoip ; then
+               myeconfargs+=( $(use_enable geoip) )
+       fi
+       if use hardened ; then
+               myeconfargs+=( $(use_enable hardened gccprotect) )
+       fi
+       if use nflog ; then
+               myeconfargs+=( $(use_enable nflog) )
+       fi
+       if use redis ; then
+               myeconfargs+=( $(use_enable redis hiredis) )
+       fi
+       # not supported yet (no pfring in portage)
+#      if use pfring ; then
+#              myeconfargs+=( $(use_enable pfring) )
+#      fi
+       # no libprelude in portage
+#      if use prelude ; then
+#              myeconfargs+=( $(use_enable prelude) )
+#      fi
+       if use lua ; then
+               myeconfargs+=( $(use_enable lua) )
+       fi
+       if use luajit ; then
+               myeconfargs+=( $(use_enable luajit) )
+       fi
+
+# this should be used when pf_ring use flag support will be added
+#      LIBS+="-lrt -lnuma"
+
+       # avoid upstream configure script trying to add -march=native to CFLAGS
+       myeconfargs+=( --enable-gccmarch-native=no )
+
+       if use debug ; then
+               myeconfargs+=( $(use_enable debug) )
+               # so we can get a backtrace according to "reporting bugs" on 
upstream web site
+               CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+       else
+               econf LIBS="${LIBS}" ${myeconfargs[@]}
+       fi
+}
+
+src_install() {
+       emake DESTDIR="${D}" install
+
+       insinto "/etc/${PN}"
+       doins {classification,reference,threshold}.config suricata.yaml
+
+       if use rules ; then
+               insinto "/etc/${PN}/rules"
+               doins rules/*.rules
+       fi
+
+       dodir "/var/lib/${PN}"
+       dodir "/var/log/${PN}"
+       dodir "/var/log/${PN}" \
+               "/var/lib/${PN}"
+
+       fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+       fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+       newinitd "${FILESDIR}/${P}-init" ${PN}
+       newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+       if use logrotate; then
+               insopts -m0644
+               insinto /etc/logrotate.d
+               newins "${FILESDIR}"/${PN}.logrotate ${PN}
+       fi
+}
+
+pkg_postinst() {
+       elog "The ${PN} init script expects to find the path to the 
configuration"
+       elog "file as well as extra options in /etc/conf.d."
+       elog ""
+       elog "To create more than one ${PN} service, simply create a new .yaml 
file for it"
+       elog "then create a symlink to the init script from a link called"
+       elog "${PN}.foo - like so"
+       elog "   cd /etc/${PN}"
+       elog "   ${EDITOR##*/} suricata-foo.yaml"
+       elog "   cd /etc/init.d"
+       elog "   ln -s ${PN} ${PN}.foo"
+       elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible 
options for foo."
+       elog ""
+       elog "You can create as many ${PN}.foo* services as you wish."
+
+       if use logrotate; then
+               elog "You enabled the logrotate USE flag. Please make sure you 
correctly set up the ${PN} logortate config file in /etc/logrotate.d/."
+       fi
+
+       if use debug; then
+               elog "You enabled the debug USE flag. Please read this link to 
report bugs upstream:"
+               elog 
"https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs";
+       fi
+}

Reply via email to