[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 07e1f3e359b3cfe01d8ef3a1e263af2f8acc23b4 Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 28 21:34:39 2024 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 28 21:46:10 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e1f3e3 net-analyzer/suricata: drop 6.0.15 No versions affected by the latest batch of CVEs left in the tree. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 2 - 6_configure-no-sphinx-pdflatex-automagic.patch | 26 --- net-analyzer/suricata/suricata-6.0.15.ebuild | 212 - 3 files changed, 240 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 241154b314b8..9e0bba5db148 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,2 @@ -DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 -DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf diff --git a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch deleted file mode 100644 index be5805e67f87.. --- a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch +++ /dev/null @@ -1,26 +0,0 @@ -No configure options to disable looking for these, redundant for releases -because the tarballs already contain both PDF documentation and man pages, -and as of 2021-05-11 doc generation is not compatible with sphinx-4.0.0+ -due to conf.py calling long-deprecated app.add_stylesheet() rather -than app.add_css_file(). - a/configure.ac -+++ b/configure.ac -@@ -2423,7 +2423,7 @@ - fi - - # sphinx for documentation --AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no") -+HAVE_SPHINXBUILD="no" - if test "$HAVE_SPHINXBUILD" = "no"; then -enable_sphinxbuild=no -if test -e "$srcdir/doc/userguide/suricata.1"; then -@@ -2434,7 +2434,7 @@ - AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"]) - - # pdflatex for the pdf version of the user manual --AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no") -+HAVE_PDFLATEX="no" - if test "$HAVE_PDFLATEX" = "no"; then -enable_pdflatex=no - fi diff --git a/net-analyzer/suricata/suricata-6.0.15.ebuild b/net-analyzer/suricata/suricata-6.0.15.ebuild deleted file mode 100644 index 045ebbc38788.. --- a/net-analyzer/suricata/suricata-6.0.15.ebuild +++ /dev/null @@ -1,212 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -LUA_COMPAT=( lua5-1 luajit ) -PYTHON_COMPAT=( python3_{10..12} ) - -inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata.io/"; -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz - verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )" - -LICENSE="GPL-2" -SLOT="0/6" -KEYWORDS="~amd64 ~riscv ~x86" -IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test" -VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc" - -RESTRICT="!test? ( test )" - -REQUIRED_USE="${PYTHON_REQUIRED_USE} - bpf? ( af-packet ) - lua? ( ${LUA_REQUIRED_USE} )" - -RDEPEND="${PYTHON_DEPS} - acct-group/suricata - acct-user/suricata - dev-libs/jansson:= - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep ' -
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 4c54d76e8fab4063a74490103bace21d972a4d9d Author: Marek Szuba gentoo org> AuthorDate: Wed Feb 28 21:25:33 2024 + Commit: Marek Szuba gentoo org> CommitDate: Wed Feb 28 21:46:09 2024 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4c54d76e net-analyzer/suricata: add 7.0.3, remove 7.0.2 and 7.0.2-r1 Includes Brahmajit's patch for the gcc-14 issue, as it is yet to be fixed upstream. Closes: https://bugs.gentoo.org/925011 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 4 +- .../suricata-7.0.3_fix-build-with-gcc14.patch | 39 net-analyzer/suricata/suricata-7.0.2.ebuild| 221 - ...icata-7.0.2-r1.ebuild => suricata-7.0.3.ebuild} | 3 +- 4 files changed, 43 insertions(+), 224 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index adabc7aa76bc..241154b314b8 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,4 @@ DIST suricata-6.0.15.tar.gz 27903106 BLAKE2B cf5c2d5760e52f0b4eb0276feb89e056d74ef5478e3158a047fbdec14022aa6e0ba986b7ee9f9ec49e2ebb3f206c7d71ad8ce8dc4eb9a6b48b4ba38c96c2f1c6 SHA512 ec9904fdc57e594653e3f48794c602429412fc85377630600b96081cfeb21361c353ce54d564c01ef0400885c508b49bd8c7a5d8b4482d45155b2007907107a9 DIST suricata-6.0.15.tar.gz.sig 566 BLAKE2B f9f5fd9df55c9854f4da3765673df094a3979324714b0f81f787abc3eaa811d01e42cf8b892c5ae558e5f453b82f84dcebd4548a0cfafca00582adc595a11bbf SHA512 e938715fe22699b623d70bcd70e69d3acb2bfa322ecb9a8a19b272eb5ba378b34974c3114419bbb07fb46b805bc160344d0bdb567acb887832e4c18734fef9a8 -DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95 -DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056 +DIST suricata-7.0.3.tar.gz 23599903 BLAKE2B b42044428ae5ac4ecd6b41d083f0f3ac5839bf9a0734c3a64bb5e9a6f1a0ffe0c1f5da262f4e167461836bd26ebf9238ec9c0c213ba61f6419b6af1314f3becb SHA512 5a19a00118b86cd9c9b8a4b8399d8deda23beb19a6a6ed49e82240a1a5d4549490f3ce72743f5990c200850e8a64e3a51f45b8c1b8088bdd16aa12341dbf64aa +DIST suricata-7.0.3.tar.gz.sig 566 BLAKE2B 3befe75463a26493b660dc21721e2628a4889d5397d0ada6aa51bd9c748487130dfb56f3fa25b5514411adeaf0b385ee7e9d664ab0af9b6b0a2bef719bdc904f SHA512 a08274708f3aee891b018da613fa60cf66ca09b41f70ed1e89b57d5e778bf97058d71c6ad8c529926783287ddd0f20337957e03ff59b3500c207a4ef7936bfdf diff --git a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch new file mode 100644 index ..7ebacf76852c --- /dev/null +++ b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch @@ -0,0 +1,39 @@ +Bug: From b5280929c58559c178415ce199157b5c87171258 Mon Sep 17 00:00:00 2001 +From: Brahmajit Das +Date: Tue, 20 Feb 2024 12:05:57 +0530 +Subject: [PATCH 1/1] Fix passing incompatible pointer type with GCC 14 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC 14 (and newer compilers like Clang 16) enables +-Wincompatible-pointer-types by default, along with some other flags. +Thus resulting in build errors such as + +util-host-info.c: In function ‘SCKernelVersionIsAtLeast’: +util-host-info.c:94:31: error: passing argument 1 of ‘pcre2_substring_list_free_8’ from incompatible pointer type [-Wincompatible-pointer-types] + 94 | pcre2_substring_list_free((PCRE2_SPTR *)list); + | ^~ + | | + | const PCRE2_UCHAR8 ** {aka const unsigned char **} + +Removing the casting make suricata build with GCC 14. + +First discovered on Gentoo Linux with GCC 14 + +Bug: https://bugs.gentoo.org/925011 +Signed-off-by: Brahmajit Das +--- a/src/util-host-info.c b/src/util-host-info.c +@@ -91,7 +91,7 @@ int SCKernelVersionIsAtLeast(int major, int minor) + err = true; + } + +-pcre2_substring_list_free((PCRE2_SPTR *)list); ++pcre2_substring_list_free(list); + pcre2_match_data_free(version_regex_match); + pcre2_code_free(version_regex); + +-- +2.43.2 + diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild b/net-analyzer/suricata/suricata-7.0.2.ebuild deleted file mode 100644 index 93fe2558be37.. --- a/net-analyzer/suricata/suricata-7.0.2.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed unde
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a8e82003db4b6ef62cf260263bafc1cc32f33acc Author: Marek Szuba gentoo org> AuthorDate: Fri Oct 9 12:09:22 2020 + Commit: Marek Szuba gentoo org> CommitDate: Fri Oct 9 12:14:16 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8e82003 net-analyzer/suricata: bump to 6.0.0 Okay, this has turned out to be easier than I thought it might be. Note to self: since suricata-6 no longer supports unified2 output and suricata-5 is still supported upstream (even 4 will only reach end of life on 2020-12-31), keep the latter around for at least a bit longer. Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + .../files/suricata-6.0.0_default-config.patch | 27 +++ net-analyzer/suricata/suricata-6.0.0.ebuild| 203 + 3 files changed, 231 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 06edb9b7cc8..fde179dd2cb 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b SHA512 e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6 +DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2 SHA512 3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3 diff --git a/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch new file mode 100644 index 000..03e0f1cda94 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch @@ -0,0 +1,27 @@ +--- a/suricata.yaml.in b/suricata.yaml.in +@@ -209,8 +209,9 @@ + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output +-# format is the default. +-#version: 2 ++# format is the default - but the daemon produces a warning to that effect ++# at start-up if this isn't explicitly set. ++version: 2 + + # Enable/disable this logger. Default: enabled. + #enabled: yes +@@ -988,9 +989,9 @@ + ## + + # Run Suricata with a specific user-id and group-id: +-#run-as: +-# user: suri +-# group: suri ++run-as: ++ user: suricata ++ group: suricata + + # Some logging modules will use that name in event as identifier. The default + # value is the hostname diff --git a/net-analyzer/suricata/suricata-6.0.0.ebuild b/net-analyzer/suricata/suricata-6.0.0.ebuild new file mode 100644 index 000..5f5d14e3eec --- /dev/null +++ b/net-analyzer/suricata/suricata-6.0.0.ebuild @@ -0,0 +1,203 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..9} ) + +inherit autotools flag-o-matic linux-info python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/"; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + ?? ( lua luajit ) + bpf? ( af-packet )" + +RDEPEND="${PYTHON_DEPS} + acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep ' + dev-python/pyyaml[${PYTHON_USEDEP}] + ') + >=net-libs/libhtp-0.5.35 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf?( >=dev-libs/libbpf-0.1.0 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + lz4?( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${RDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-6.0.0_default-config.patch" +) + +pkg_pretend() { +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 4bbf99b0dbf76f352c0b123cba32cfbd90080fb3 Author: Marek Szuba gentoo org> AuthorDate: Wed Dec 18 14:17:32 2019 + Commit: Marek Szuba gentoo org> CommitDate: Wed Dec 18 14:21:49 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bbf99b0 net-analyzer/suricata: bump to 5.0.1 Further clean-up of old ebuilds, tools are no longer optional, there is now a config phase to download an initial rule set using suricata-update. Closes: https://bugs.gentoo.org/703184 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/files/suricata-5.0.1-conf| 62 +++ net-analyzer/suricata/files/suricata-5.0.1-init| 147 ...suricata-5.0.1_configure-no-lz4-automagic.patch | 23 +++ .../files/suricata-5.0.1_default-config.patch | 27 +++ net-analyzer/suricata/files/suricata.service | 2 +- net-analyzer/suricata/files/suricata.tmpfiles | 2 +- net-analyzer/suricata/suricata-5.0.1.ebuild| 196 + 8 files changed, 458 insertions(+), 2 deletions(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 16a7c6ae731..9247b853f30 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e +DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 diff --git a/net-analyzer/suricata/files/suricata-5.0.1-conf b/net-analyzer/suricata/files/suricata-5.0.1-conf new file mode 100644 index 000..7f22113dbf0 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.1-conf @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="--af-packet" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: da28437322994c655e77d94dcd82d01d575fce58 Author: Marek Szuba gentoo org> AuthorDate: Mon Dec 16 15:56:33 2019 + Commit: Marek Szuba gentoo org> CommitDate: Mon Dec 16 16:05:06 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da284373 net-analyzer/suricata: bump to 5.0.0 and EAPI 7 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Marek Szuba gentoo.org> net-analyzer/suricata/Manifest | 1 + .../files/suricata-5.0.0_configure-lua-flags.patch | 16 ++ ...suricata-5.0.0_configure-no-lz4-automagic.patch | 23 +++ .../files/suricata-5.0.0_default-config.patch | 61 +++ net-analyzer/suricata/files/suricata.service | 21 +++ net-analyzer/suricata/files/suricata.tmpfiles | 1 + net-analyzer/suricata/metadata.xml | 6 +- net-analyzer/suricata/suricata-5.0.0.ebuild| 185 + 8 files changed, 313 insertions(+), 1 deletion(-) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index fe67675774d..72532b86510 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e +DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch new file mode 100644 index 000..be956fd94d4 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch @@ -0,0 +1,16 @@ +--- a/configure.ac b/configure.ac +@@ -1749,11 +1749,11 @@ + # liblua + AC_ARG_ENABLE(lua, + AS_HELP_STRING([--enable-lua],[Enable Lua support]), +- [ enable_lua="$enableval"], ++ [], + [ enable_lua="no"]) + AC_ARG_ENABLE(luajit, + AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), +- [ enable_luajit="$enableval"], ++ [], + [ enable_luajit="no"]) + if test "$enable_lua" = "yes"; then + if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch new file mode 100644 index 000..5efce46f6d9 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch @@ -0,0 +1,23 @@ +--- a/configure.ac b/configure.ac +@@ -2292,7 +2292,11 @@ + fi + + # Check for lz4 +-enable_liblz4="yes" ++AC_ARG_ENABLE(lz4, ++ AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using liblz4]), ++ [enable_liblz4=$enableval], ++ [enable_liblz4=yes]) ++if test "x$enable_liblz4" != "xno"; then + AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no") + + if test "$enable_liblz4" = "no"; then +@@ -2306,6 +2310,7 @@ + echo " yum install lz4-devel" + echo + fi ++fi + + # get cache line size + AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") diff --git a/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch new file mode 100644 index 000..07a45c9a574 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch @@ -0,0 +1,61 @@ +--- a/suricata.yaml.in b/suricata.yaml.in +@@ -203,8 +203,9 @@ + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output +-# format is the default. +-#version: 2 ++# format is the default - but the daemon produces a warning to that effect ++# at start-up if this isn't explicitly set. ++version: 2 + + # Enable/disable this logger. Default: enabled. + #enabled: yes +@@ -978,9 +979,9 @@ + ## + + # Run suricata as user and group. +-#run-as: +-# user: suri +-# group: suri ++run-as: ++ user: suricata ++ group: suricata + + # Some logging module will use that name in event as identifier. The default + # value is the hostname +@@ -1806,16 +1807,28 @@ + hashmode: hash5tuplesorted + + ## +-## Configure Suricata to load Suricata-Update managed rules. +-## +-## If this section is completely commented out move dow
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: bbf4c30078e27adf7f6af90223cf03a333b2eb28 Author: Slawomir Lis gentoo org> AuthorDate: Sun Sep 8 19:02:22 2019 + Commit: Slawek Lis gentoo org> CommitDate: Sun Sep 8 19:24:41 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbf4c300 net-analyzer/suricata: Updated init.d and conf.d default pathes Package-Manager: Portage-2.3.75, Repoman-2.3.17 Signed-off-by: Slawek Lis gentoo.org> .../suricata/files/{suricata-4.0.3-conf => suricata-4.0.4-conf} | 0 .../suricata/files/{suricata-4.0.3-init => suricata-4.0.4-init} | 2 +- net-analyzer/suricata/suricata-4.0.4.ebuild | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-4.0.3-conf b/net-analyzer/suricata/files/suricata-4.0.4-conf similarity index 100% rename from net-analyzer/suricata/files/suricata-4.0.3-conf rename to net-analyzer/suricata/files/suricata-4.0.4-conf diff --git a/net-analyzer/suricata/files/suricata-4.0.3-init b/net-analyzer/suricata/files/suricata-4.0.4-init similarity index 99% rename from net-analyzer/suricata/files/suricata-4.0.3-init rename to net-analyzer/suricata/files/suricata-4.0.4-init index f54ba3a5e23..1db8137f31a 100644 --- a/net-analyzer/suricata/files/suricata-4.0.3-init +++ b/net-analyzer/suricata/files/suricata-4.0.4-init @@ -1,5 +1,5 @@ #!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 SURICATA_BIN=/usr/bin/suricata diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild index f476bfe2ae2..eea47cd01bd 100644 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -131,8 +131,8 @@ src_install() { fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - newinitd "${FILESDIR}/${PN}-4.0.3-init" ${PN} - newconfd "${FILESDIR}/${PN}-4.0.3-conf" ${PN} + newinitd "${FILESDIR}/${P}-init" ${PN} + newconfd "${FILESDIR}/${P}-conf" ${PN} if use logrotate; then insopts -m0644
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: c35f490c5944f47bdcc633d70056ee8f433c3a44 Author: Marek Szuba gentoo org> AuthorDate: Mon Jun 11 14:02:10 2018 + Commit: Marek Szuba gentoo org> CommitDate: Mon Jun 11 14:04:06 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c35f490c net-analyzer/suricata: bump to 4.0.4 + fix Lua USE flags Invoking maintainer timeout on both issues. Closes: https://bugs.gentoo.org/652344 Package-Manager: Portage-2.3.40, Repoman-2.3.9 net-analyzer/suricata/Manifest | 1 + .../files/suricata-4.0.4_configure-lua-flags.patch | 16 ++ net-analyzer/suricata/suricata-4.0.4.ebuild| 168 + 3 files changed, 185 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index b3ab446f9d9..cc70d0f7283 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1 +1,2 @@ DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf SHA512 aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892 +DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch new file mode 100644 index 000..bad66359afa --- /dev/null +++ b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch @@ -0,0 +1,16 @@ +--- a/configure.ac b/configure.ac +@@ -1749,11 +1749,11 @@ + # liblua + AC_ARG_ENABLE(lua, + AS_HELP_STRING([--enable-lua],[Enable Lua support]), +- [ enable_lua="yes"], ++ [], + [ enable_lua="no"]) + AC_ARG_ENABLE(luajit, + AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), +- [ enable_luajit="yes"], ++ [], + [ enable_luajit="no"]) + if test "$enable_lua" = "yes"; then + if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild new file mode 100644 index 000..2622dccdb3b --- /dev/null +++ b/net-analyzer/suricata/suricata-4.0.4.ebuild @@ -0,0 +1,168 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/"; +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) + logrotate? ( app-admin/logrotate ) + sys-libs/libcap-ng +" +# #446814 +# prelude?( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + epatch "${FILESDIR}"/${P}_configure-lua-flags.patch + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi +
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 2c174cb604c2c99f9d9e8ac4fab438d0aedf7ab1 Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 12:59:11 2016 + Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 12:59:11 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c174cb6 net-analyzer/suricata: Dropping user privs in init script Bug #602590 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 12 - net-analyzer/suricata/files/suricata-3.2-init | 39 --- net-analyzer/suricata/suricata-3.2-r1.ebuild | 5 ++-- 3 files changed, 43 insertions(+), 13 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index fc6885d..d8466b4 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -29,7 +29,7 @@ # SURICATA_CONF="suricata.yaml" # You can define the options here: -# NB: avoid using -l, -c and setting logging.outputs.1.file.filename as the init script will try to set them for you. +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. # SURICATA_OPTS_q0="-q 0" # SURICATA_OPTS_q1="-q 1" @@ -44,3 +44,13 @@ SURICATA_OPTS="-i eth0" # SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" # SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" # SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 1717dbb..b276f49 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -13,13 +13,19 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} +eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} +eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID} else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} SURICATALOGPATH=${SURICATA_LOG_FILE} +SURICATAUSER=${SURICATA_USER} +SURICATAGROUP=${SURICATA_GROUP} fi +SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}} +SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}} [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" description="Suricata IDS/IPS" @@ -37,11 +43,6 @@ depend() { } checkconfig() { - if [ ! -e ${SURICATACONF} ] ; then - einfo "The configuration file ${SURICATACONF} was not found." - einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." - einfo "Take a look at the suricata arguments --set and --dump-config." - fi if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata fi @@ -52,9 +53,22 @@ checkconfig() { if [ ! -d "${SURICATALOGPATH}" ] ; then checkpath -d "${SURICATALOGPATH}" fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1 + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1 + fi SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" SURICATALOGPATH="-l ${SURICATALOGPATH}" fi + if [ ! -e ${SURICATACONF} ] ; then + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." + fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then + einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}." + SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}" + fi } initpidinfo() { @@ -77,8 +91,7 @@ checkpidinfo() {
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a382935f837f6a18529793813228cb2731e9d36f Author: Slawomir Lis gentoo org> AuthorDate: Wed Dec 28 09:34:11 2016 + Commit: Slawek Lis gentoo org> CommitDate: Wed Dec 28 09:34:11 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f net-analyzer/suricata: Updated suricata logging and added logrotate file I've also bumped revision number, as there are many changes, and those fixes should finally close bug 602590. Thanks to Vieri yahoo.com> for support. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 11 +- net-analyzer/suricata/files/suricata-3.2-init | 28 +++-- net-analyzer/suricata/files/suricata-logrotate | 6 + net-analyzer/suricata/metadata.xml | 1 + net-analyzer/suricata/suricata-3.2-r1.ebuild | 161 + 5 files changed, 189 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index d900ade..fc6885d 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0" # Log paths listed here will be created by the init script and will override the log path # set in the yaml file, if present. -# SURICATA_LOG_PATH_q0="/var/log/suricata/q0" -# SURICATA_LOG_PATH_q1="/var/log/suricata/q1" -# SURICATA_LOG_PATH="/var/log/suricata" -# SURICATA_LOG_FILE="suricata.log" - -# You can view all the available options you can set with --set -# and check the full config settings in an easily parsable format. -# SURICATA_DUMP=1 +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3ec6afd..1717dbb 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} -eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID} +eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} -SURICATALOGPATH=${SURICATA_LOG_PATH} +SURICATALOGPATH=${SURICATA_LOG_FILE} fi [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" -extra_commands="checkconfig" +description="Suricata IDS/IPS" +extra_commands="checkconfig dump" +description_checkconfig="Check config for ${SVCNAME}" +description_dump="List all config values that can be used with --set" extra_started_commands="reload relog" +description_reload="Live rule and config reload" +description_relog="Close and re-open all log files" depend() { need net @@ -41,10 +46,12 @@ checkconfig() { checkpath -d /var/run/suricata fi if [ ${#SURICATALOGPATH} -gt 0 ]; then + SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} ) + SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} + SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) if [ ! -d "${SURICATALOGPATH}" ] ; then checkpath -d "${SURICATALOGPATH}" fi - SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log} SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" SURICATALOGPATH="-l ${SURICATALOGPATH}" fi @@ -77,12 +84,6 @@ checkpidinfo() { start() { checkconfig || return 1 - if [ $((SURICATA_DUMP)) -eq 1 ]; then - einfo "Dumping ${SVCNAME} config values and quitting." - ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} - einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}." - return 1 - fi ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 @@ -145,3 +146,10 @@ relog() { start-stop-daemon --signal HUP --pidfile ${SURICATAPID} eend $? } + +dump() { + checkconfig || return 1 + ebegin "Dumping ${SVCNAME} config values and quitting." + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOP
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: a43050c1456321619ef97dfdeb5a158593fef58d Author: Slawomir Lis gentoo org> AuthorDate: Tue Dec 27 07:33:10 2016 + Commit: Slawek Lis gentoo org> CommitDate: Tue Dec 27 07:33:10 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43050c1 net-analyzer/suricata: updated init script and config file Updated way the script starts suricata, it allows to define config values inline now. Details in bug 602590. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 4 ++-- net-analyzer/suricata/files/suricata-3.2-init | 26 -- net-analyzer/suricata/suricata-3.2.ebuild | 2 -- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index bc6e281..61715ba 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -23,8 +23,8 @@ # # You can then define the following options here: -# SURICATA_OPTS_q0="-i eth0" -# SURICATA_OPTS_q1="-i eth1" +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" # If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata # then you can set: diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3a9c356..d612815 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -16,6 +16,7 @@ else SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} fi +[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" extra_commands="checkconfig" extra_started_commands="reload relog" @@ -28,8 +29,9 @@ depend() { checkconfig() { if [ ! -e ${SURICATACONF} ] ; then - eerror "You need to create ${SURICATACONF} to run ${SVCNAME}." - return 1 + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." fi if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata @@ -37,7 +39,7 @@ checkconfig() { } initpidinfo() { - [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" + [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" if [ ${#SUR_PID} -gt 0 ]; then SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)" @@ -46,7 +48,7 @@ initpidinfo() { checkpidinfo() { initpidinfo -if [ ! -f ${SURICATAPID} ]; then +if [ ! -e ${SURICATAPID} ]; then eerror "${SVCNAME} isn't running" return 1 elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then @@ -65,12 +67,11 @@ start() { checkconfig || return 1 ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ - -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \ --c ${SURICATACONF} >/dev/null 2>&1 + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1 local SUR_EXIT=$? if [ $((SUR_EXIT)) -ne 0 ]; then einfo "Could not start ${SURICATA_BIN} with:" - einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c ${SURICATACONF}" + einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}" einfo "Exit code ${SUR_EXIT}" fi eend ${SUR_EXIT} @@ -80,14 +81,13 @@ stop() { ebegin "Stopping ${SVCNAME}" initpidinfo start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 - einfon "Waiting for ${SVCNAME} to shut down. This can take a while..." - echo + einfo "Waiting for ${SVCNAME} to shut down. This can take a while..." # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic local cnt=300 - while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do + while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do cnt=$(expr $cnt - 1) sleep 1 - echo -ne "$cnt seconds left before we give up checking the PID file...\r" + einfo -ne "$cnt seconds left before we give up checking the PID file...\r" done # under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed # max wait for process to terminate: 1 minute @@ -95,19 +95,17 @@ stop() { cnt=60 SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" if [ $((SUR_PID_CHECK)) -ne 0 ]; then - echo einfo "The PID file ${SURICATAPID} is gon
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/
commit: 17fc24794b31f27225822e9017bdf39187e5 Author: Slawomir Lis gentoo org> AuthorDate: Mon Nov 30 06:13:41 2015 + Commit: Slawek Lis gentoo org> CommitDate: Mon Nov 30 06:13:41 2015 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17fc Added suricata ebuild (#437564) Package-Manager: portage-2.2.26 net-analyzer/suricata/Manifest | 1 + .../suricata/files/fortify_source-numeric.patch| 11 ++ net-analyzer/suricata/files/json.patch | 10 ++ net-analyzer/suricata/files/magic-location.patch | 13 +++ net-analyzer/suricata/metadata.xml | 16 +++ net-analyzer/suricata/suricata-2.0.10.ebuild | 119 + 6 files changed, 170 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest new file mode 100644 index 000..77f17d0 --- /dev/null +++ b/net-analyzer/suricata/Manifest @@ -0,0 +1 @@ +DIST suricata-2.0.10.tar.gz 3090730 SHA256 c8d1d3b6ce3d2a56577fca224424071afd921739d3859efc8a62229556d4beef SHA512 fa3683a93d85b26166b0f67a85f1a498941aadf4372ef98bd7fe62fcdef150af46b65456e3a764e054c385abbf44138ae6f70882c68ba320508eade6e181f2c6 WHIRLPOOL b867003e76df2b0b1b56c89415ed96acbf9d8966739d77aa303055d29ae5cdad8ad0b58e969336f0c1fc2e5d9990941622c19c062828dae58bf062f5662225f3 diff --git a/net-analyzer/suricata/files/fortify_source-numeric.patch b/net-analyzer/suricata/files/fortify_source-numeric.patch new file mode 100644 index 000..0a7f482 --- /dev/null +++ b/net-analyzer/suricata/files/fortify_source-numeric.patch @@ -0,0 +1,11 @@ +--- a/src/suricata.c 2015-10-02 00:21:55.634213646 +0200 b/src/suricata.c 2015-10-02 00:22:39.143940007 +0200 +@@ -774,7 +774,7 @@ + printf("compiled with -fstack-protector-all\n"); + #endif + #ifdef _FORTIFY_SOURCE +-printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE); ++printf("compiled with _FORTIFY_SOURCE\n"); + #endif + #ifdef CLS + printf("L1 cache line size (CLS)=%d\n", CLS); diff --git a/net-analyzer/suricata/files/json.patch b/net-analyzer/suricata/files/json.patch new file mode 100644 index 000..a542f35 --- /dev/null +++ b/net-analyzer/suricata/files/json.patch @@ -0,0 +1,10 @@ +--- src/output-json.h.orig 2015-11-21 21:56:24.996289587 +0100 src/output-json.h 2015-11-21 21:57:11.419622642 +0100 +@@ -28,6 +28,7 @@ + + #ifdef HAVE_LIBJANSSON + ++#include + #include "suricata-common.h" + #include "util-buffer.h" + #include "util-logopenfile.h" diff --git a/net-analyzer/suricata/files/magic-location.patch b/net-analyzer/suricata/files/magic-location.patch new file mode 100644 index 000..02681f9 --- /dev/null +++ b/net-analyzer/suricata/files/magic-location.patch @@ -0,0 +1,13 @@ +diff --git a/configure.ac b/configure.ac +index 8b41eb0..3cdf0e7 100644 +--- a/configure.ac b/configure.ac +@@ -182,7 +182,7 @@ + fi + echo -n "installation for $host OS... " + +-e_magic_file="/usr/share/file/magic" ++e_magic_file="/usr/share/misc/magic.mgc" + case "$host" in + *-*-*freebsd*) + LUA_PC_NAME="lua-5.1" diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml new file mode 100644 index 000..34c1b31 --- /dev/null +++ b/net-analyzer/suricata/metadata.xml @@ -0,0 +1,16 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + +s...@gentoo.org + + +Enable AF_PACKET support +Enable unix socket +Enable NVIDIA Cuda computations support +Enable Luajit support +Enable libnetfilter_log support +Enable AF_PACKET support +Enable AF_PACKET support + + diff --git a/net-analyzer/suricata/suricata-2.0.10.ebuild b/net-analyzer/suricata/suricata-2.0.10.ebuild new file mode 100644 index 000..40b2740 --- /dev/null +++ b/net-analyzer/suricata/suricata-2.0.10.ebuild @@ -0,0 +1,119 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="http://suricata-ids.org/"; +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug geoip hardened lua luajit nflog +nfqueue +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua?( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue?( net-libs/libnetfilter_queue ) +" +# #446814 +# prelude?( dev-libs/libprelude ) +# pfring? (