[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2020-10-09 Thread Marek Szuba
commit: a8e82003db4b6ef62cf260263bafc1cc32f33acc
Author: Marek Szuba  gentoo  org>
AuthorDate: Fri Oct  9 12:09:22 2020 +
Commit: Marek Szuba  gentoo  org>
CommitDate: Fri Oct  9 12:14:16 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8e82003

net-analyzer/suricata: bump to 6.0.0

Okay, this has turned out to be easier than I thought it might be.
Note to self: since suricata-6 no longer supports unified2 output and
suricata-5 is still supported upstream (even 4 will only reach end of
life on 2020-12-31), keep the latter around for at least a bit longer.

Signed-off-by: Marek Szuba  gentoo.org>

 net-analyzer/suricata/Manifest |   1 +
 .../files/suricata-6.0.0_default-config.patch  |  27 +++
 net-analyzer/suricata/suricata-6.0.0.ebuild| 203 +
 3 files changed, 231 insertions(+)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 06edb9b7cc8..fde179dd2cb 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1 +1,2 @@
 DIST suricata-5.0.4.tar.gz 29091046 BLAKE2B 
38526ca39d2460d630fdd9e804f36c74bfcde54a529748896779b549ed1b55174d6080ddad8933ddfd26004f4e78748a503832f47ee5f52d84a133643aef482b
 SHA512 
e5da14f80b628968e146839b828971e888fd0158b2ecbbcc15c0f42fda2bdcc8ad89632ba05cc45c88d88e537452e77f8e2f3a5e09ecd038d0d38b1a8cf8cea6
+DIST suricata-6.0.0.tar.gz 30832555 BLAKE2B 
9cea05b07520924706e961efed6a45b9ba73388a25777f43c1a90497aa00ec200bad15863b7b17b84e622c79309365596853423776da9c3d103c2a8c1126a0d2
 SHA512 
3c30f6f57c0e8a24992ff2b4ce8ce166d3c0d4b28c8f5e79434d04de9f2016773be01a1689fedfc9e54ff1c8bc9838206bc28f3ff2e47d60102a7016f1062ec3

diff --git a/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch 
b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch
new file mode 100644
index 000..03e0f1cda94
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-6.0.0_default-config.patch
@@ -0,0 +1,27 @@
+--- a/suricata.yaml.in
 b/suricata.yaml.in
+@@ -209,8 +209,9 @@
+ # 
https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
+ 
+ # As of Suricata 5.0, version 2 of the eve dns output
+-# format is the default.
+-#version: 2
++# format is the default - but the daemon produces a warning to 
that effect
++# at start-up if this isn't explicitly set.
++version: 2
+ 
+ # Enable/disable this logger. Default: enabled.
+ #enabled: yes
+@@ -988,9 +989,9 @@
+ ##
+ 
+ # Run Suricata with a specific user-id and group-id:
+-#run-as:
+-#  user: suri
+-#  group: suri
++run-as:
++  user: suricata
++  group: suricata
+ 
+ # Some logging modules will use that name in event as identifier. The default
+ # value is the hostname

diff --git a/net-analyzer/suricata/suricata-6.0.0.ebuild 
b/net-analyzer/suricata/suricata-6.0.0.ebuild
new file mode 100644
index 000..5f5d14e3eec
--- /dev/null
+++ b/net-analyzer/suricata/suricata-6.0.0.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit autotools flag-o-matic linux-info python-single-r1 systemd
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring 
engine"
+HOMEPAGE="https://suricata-ids.org/;
+SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened 
logrotate lua luajit lz4 nflog +nfqueue redis systemd test"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+   ?? ( lua luajit )
+   bpf? ( af-packet )"
+
+RDEPEND="${PYTHON_DEPS}
+   acct-group/suricata
+   acct-user/suricata
+   dev-libs/jansson
+   dev-libs/libpcre
+   dev-libs/libyaml
+   net-libs/libnet:*
+   net-libs/libnfnetlink
+   dev-libs/nspr
+   dev-libs/nss
+   $(python_gen_cond_dep '
+   dev-python/pyyaml[${PYTHON_USEDEP}]
+   ')
+   >=net-libs/libhtp-0.5.35
+   net-libs/libpcap
+   sys-apps/file
+   sys-libs/libcap-ng
+   bpf?( >=dev-libs/libbpf-0.1.0 )
+   cuda?   ( dev-util/nvidia-cuda-toolkit )
+   geoip?  ( dev-libs/libmaxminddb )
+   logrotate?  ( app-admin/logrotate )
+   lua?( dev-lang/lua:* )
+   luajit? ( dev-lang/luajit:* )
+   lz4?( app-arch/lz4 )
+   nflog?  ( net-libs/libnetfilter_log )
+   nfqueue?( net-libs/libnetfilter_queue )
+   redis?  ( dev-libs/hiredis )"
+DEPEND="${RDEPEND}
+   >=sys-devel/autoconf-2.69-r5
+   virtual/rust"
+
+PATCHES=(
+   "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
+   "${FILESDIR}/${PN}-6.0.0_default-config.patch"
+)
+
+pkg_pretend() {
+   

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2019-12-18 Thread Marek Szuba
commit: 4bbf99b0dbf76f352c0b123cba32cfbd90080fb3
Author: Marek Szuba  gentoo  org>
AuthorDate: Wed Dec 18 14:17:32 2019 +
Commit: Marek Szuba  gentoo  org>
CommitDate: Wed Dec 18 14:21:49 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bbf99b0

net-analyzer/suricata: bump to 5.0.1

Further clean-up of old ebuilds, tools are no longer optional, there is
now a config phase to download an initial rule set using
suricata-update.

Closes: https://bugs.gentoo.org/703184
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba  gentoo.org>

 net-analyzer/suricata/Manifest |   1 +
 net-analyzer/suricata/files/suricata-5.0.1-conf|  62 +++
 net-analyzer/suricata/files/suricata-5.0.1-init| 147 
 ...suricata-5.0.1_configure-no-lz4-automagic.patch |  23 +++
 .../files/suricata-5.0.1_default-config.patch  |  27 +++
 net-analyzer/suricata/files/suricata.service   |   2 +-
 net-analyzer/suricata/files/suricata.tmpfiles  |   2 +-
 net-analyzer/suricata/suricata-5.0.1.ebuild| 196 +
 8 files changed, 458 insertions(+), 2 deletions(-)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 16a7c6ae731..9247b853f30 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1 +1,2 @@
 DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 
701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa
 SHA512 
0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e
+DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 
529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624
 SHA512 
db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6

diff --git a/net-analyzer/suricata/files/suricata-5.0.1-conf 
b/net-analyzer/suricata/files/suricata-5.0.1-conf
new file mode 100644
index 000..7f22113dbf0
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-5.0.1-conf
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can 
configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic 
for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You 
can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below 
(optional).
+# This allows you to use the same yaml config file for multiple instances as 
long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting 
logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with 
/etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="--af-packet"
+
+# Log paths listed here will be created by the init script and will override 
the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml 
config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata 
for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from 

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2019-12-16 Thread Marek Szuba
commit: da28437322994c655e77d94dcd82d01d575fce58
Author: Marek Szuba  gentoo  org>
AuthorDate: Mon Dec 16 15:56:33 2019 +
Commit: Marek Szuba  gentoo  org>
CommitDate: Mon Dec 16 16:05:06 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da284373

net-analyzer/suricata: bump to 5.0.0 and EAPI 7

Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba  gentoo.org>

 net-analyzer/suricata/Manifest |   1 +
 .../files/suricata-5.0.0_configure-lua-flags.patch |  16 ++
 ...suricata-5.0.0_configure-no-lz4-automagic.patch |  23 +++
 .../files/suricata-5.0.0_default-config.patch  |  61 +++
 net-analyzer/suricata/files/suricata.service   |  21 +++
 net-analyzer/suricata/files/suricata.tmpfiles  |   1 +
 net-analyzer/suricata/metadata.xml |   6 +-
 net-analyzer/suricata/suricata-5.0.0.ebuild| 185 +
 8 files changed, 313 insertions(+), 1 deletion(-)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index fe67675774d..72532b86510 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1 +1,2 @@
 DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B 
d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0
 SHA512 
6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e
+DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 
701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa
 SHA512 
0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e

diff --git 
a/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch 
b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch
new file mode 100644
index 000..be956fd94d4
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch
@@ -0,0 +1,16 @@
+--- a/configure.ac
 b/configure.ac
+@@ -1749,11 +1749,11 @@
+   # liblua
+ AC_ARG_ENABLE(lua,
+   AS_HELP_STRING([--enable-lua],[Enable Lua support]),
+-  [ enable_lua="$enableval"],
++  [],
+   [ enable_lua="no"])
+ AC_ARG_ENABLE(luajit,
+   AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
+-  [ enable_luajit="$enableval"],
++  [],
+   [ enable_luajit="no"])
+ if test "$enable_lua" = "yes"; then
+ if test "$enable_luajit" = "yes"; then

diff --git 
a/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch 
b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch
new file mode 100644
index 000..5efce46f6d9
--- /dev/null
+++ 
b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch
@@ -0,0 +1,23 @@
+--- a/configure.ac
 b/configure.ac
+@@ -2292,7 +2292,11 @@
+ fi
+ 
+ # Check for lz4
+-enable_liblz4="yes"
++AC_ARG_ENABLE(lz4,
++   AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using 
liblz4]),
++   [enable_liblz4=$enableval],
++   [enable_liblz4=yes])
++if test "x$enable_liblz4" != "xno"; then
+ AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
+ 
+ if test "$enable_liblz4" = "no"; then
+@@ -2306,6 +2310,7 @@
+ echo "   yum install lz4-devel"
+ echo
+ fi
++fi
+ 
+ # get cache line size
+ AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")

diff --git a/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch 
b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch
new file mode 100644
index 000..07a45c9a574
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch
@@ -0,0 +1,61 @@
+--- a/suricata.yaml.in
 b/suricata.yaml.in
+@@ -203,8 +203,9 @@
+ # 
https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
+ 
+ # As of Suricata 5.0, version 2 of the eve dns output
+-# format is the default.
+-#version: 2
++# format is the default - but the daemon produces a warning to 
that effect
++# at start-up if this isn't explicitly set.
++version: 2
+ 
+ # Enable/disable this logger. Default: enabled.
+ #enabled: yes
+@@ -978,9 +979,9 @@
+ ##
+ 
+ # Run suricata as user and group.
+-#run-as:
+-#  user: suri
+-#  group: suri
++run-as:
++  user: suricata
++  group: suricata
+ 
+ # Some logging module will use that name in event as identifier. The default
+ # value is the hostname
+@@ -1806,16 +1807,28 @@
+ hashmode: hash5tuplesorted
+ 
+ ##
+-## Configure Suricata to load Suricata-Update managed rules.
+-##
+-## If this section is completely commented out move 

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2019-09-08 Thread Slawek Lis
commit: bbf4c30078e27adf7f6af90223cf03a333b2eb28
Author: Slawomir Lis  gentoo  org>
AuthorDate: Sun Sep  8 19:02:22 2019 +
Commit: Slawek Lis  gentoo  org>
CommitDate: Sun Sep  8 19:24:41 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbf4c300

net-analyzer/suricata: Updated init.d and conf.d default pathes

Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Slawek Lis  gentoo.org>

 .../suricata/files/{suricata-4.0.3-conf => suricata-4.0.4-conf}   | 0
 .../suricata/files/{suricata-4.0.3-init => suricata-4.0.4-init}   | 2 +-
 net-analyzer/suricata/suricata-4.0.4.ebuild   | 4 ++--
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-4.0.3-conf 
b/net-analyzer/suricata/files/suricata-4.0.4-conf
similarity index 100%
rename from net-analyzer/suricata/files/suricata-4.0.3-conf
rename to net-analyzer/suricata/files/suricata-4.0.4-conf

diff --git a/net-analyzer/suricata/files/suricata-4.0.3-init 
b/net-analyzer/suricata/files/suricata-4.0.4-init
similarity index 99%
rename from net-analyzer/suricata/files/suricata-4.0.3-init
rename to net-analyzer/suricata/files/suricata-4.0.4-init
index f54ba3a5e23..1db8137f31a 100644
--- a/net-analyzer/suricata/files/suricata-4.0.3-init
+++ b/net-analyzer/suricata/files/suricata-4.0.4-init
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 SURICATA_BIN=/usr/bin/suricata

diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild 
b/net-analyzer/suricata/suricata-4.0.4.ebuild
index f476bfe2ae2..eea47cd01bd 100644
--- a/net-analyzer/suricata/suricata-4.0.4.ebuild
+++ b/net-analyzer/suricata/suricata-4.0.4.ebuild
@@ -131,8 +131,8 @@ src_install() {
fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
 
-   newinitd "${FILESDIR}/${PN}-4.0.3-init" ${PN}
-   newconfd "${FILESDIR}/${PN}-4.0.3-conf" ${PN}
+   newinitd "${FILESDIR}/${P}-init" ${PN}
+   newconfd "${FILESDIR}/${P}-conf" ${PN}
 
if use logrotate; then
insopts -m0644



[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2018-06-11 Thread Marek Szuba
commit: c35f490c5944f47bdcc633d70056ee8f433c3a44
Author: Marek Szuba  gentoo  org>
AuthorDate: Mon Jun 11 14:02:10 2018 +
Commit: Marek Szuba  gentoo  org>
CommitDate: Mon Jun 11 14:04:06 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c35f490c

net-analyzer/suricata: bump to 4.0.4 + fix Lua USE flags

Invoking maintainer timeout on both issues.

Closes: https://bugs.gentoo.org/652344
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 net-analyzer/suricata/Manifest |   1 +
 .../files/suricata-4.0.4_configure-lua-flags.patch |  16 ++
 net-analyzer/suricata/suricata-4.0.4.ebuild| 168 +
 3 files changed, 185 insertions(+)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index b3ab446f9d9..cc70d0f7283 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1 +1,2 @@
 DIST suricata-4.0.3.tar.gz 12392388 BLAKE2B 
9b6338b343ff85f070d61608ff9dc7f25df868fdffbc13b5a8d245cb3db5cd757cb1785c827c388653b2f8a7977129259671900bc1abfebeb878a668b4058bdf
 SHA512 
aa6b6d1ae86efad0184ba4fa06375f34334e07c22b7b1f82bf17fcb0ae48ad7f867bced57ab4f713de01583965e1260cb82e1355f78002071b6893b53892
+DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B 
d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0
 SHA512 
6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e

diff --git 
a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch 
b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch
new file mode 100644
index 000..bad66359afa
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch
@@ -0,0 +1,16 @@
+--- a/configure.ac
 b/configure.ac
+@@ -1749,11 +1749,11 @@
+   # liblua
+ AC_ARG_ENABLE(lua,
+   AS_HELP_STRING([--enable-lua],[Enable Lua support]),
+-  [ enable_lua="yes"],
++  [],
+   [ enable_lua="no"])
+ AC_ARG_ENABLE(luajit,
+   AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
+-  [ enable_luajit="yes"],
++  [],
+   [ enable_luajit="no"])
+ if test "$enable_lua" = "yes"; then
+ if test "$enable_luajit" = "yes"; then

diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild 
b/net-analyzer/suricata/suricata-4.0.4.ebuild
new file mode 100644
index 000..2622dccdb3b
--- /dev/null
+++ b/net-analyzer/suricata/suricata-4.0.4.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring 
engine"
+HOMEPAGE="https://suricata-ids.org/;
+SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate 
lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+   >=dev-libs/jansson-2.2
+   dev-libs/libpcre
+   dev-libs/libyaml
+   net-libs/libnet:*
+   net-libs/libnfnetlink
+   dev-libs/nspr
+   dev-libs/nss
+   >=net-libs/libhtp-0.5.20
+   net-libs/libpcap
+   sys-apps/file
+   cuda?   ( dev-util/nvidia-cuda-toolkit )
+   geoip?  ( dev-libs/geoip )
+   lua?( dev-lang/lua:* )
+   luajit? ( dev-lang/luajit:* )
+   nflog?  ( net-libs/libnetfilter_log )
+   nfqueue?( net-libs/libnetfilter_queue )
+   redis?  ( dev-libs/hiredis )
+   logrotate?  ( app-admin/logrotate )
+   sys-libs/libcap-ng
+"
+# #446814
+#  prelude?( dev-libs/libprelude )
+#  pfring? ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+   enewgroup ${PN}
+   enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+   epatch "${FILESDIR}"/${P}_configure-lua-flags.patch
+   eautoreconf
+}
+
+src_configure() {
+   local myeconfargs=(
+   "--localstatedir=/var/" \
+   "--enable-non-bundled-htp" \
+   $(use_enable af-packet) \
+   $(use_enable detection) \
+   $(use_enable nfqueue) \
+   $(use_enable test coccinelle) \
+   $(use_enable test unittests) \
+   $(use_enable control-socket unix-socket)
+   )
+
+   if use cuda ; then
+   myeconfargs+=( $(use_enable cuda) )
+   fi
+   if use geoip ; then
+   myeconfargs+=( $(use_enable geoip) )
+   fi
+   if use hardened ; then
+   myeconfargs+=( $(use_enable hardened gccprotect) )
+   fi
+   if use nflog ; then
+   myeconfargs+=( $(use_enable nflog) )
+   fi
+   

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2016-12-28 Thread Slawek Lis
commit: 2c174cb604c2c99f9d9e8ac4fab438d0aedf7ab1
Author: Slawomir Lis  gentoo  org>
AuthorDate: Wed Dec 28 12:59:11 2016 +
Commit: Slawek Lis  gentoo  org>
CommitDate: Wed Dec 28 12:59:11 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c174cb6

net-analyzer/suricata: Dropping user privs in init script

Bug #602590

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf | 12 -
 net-analyzer/suricata/files/suricata-3.2-init | 39 ---
 net-analyzer/suricata/suricata-3.2-r1.ebuild  |  5 ++--
 3 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf 
b/net-analyzer/suricata/files/suricata-3.2-conf
index fc6885d..d8466b4 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -29,7 +29,7 @@
 # SURICATA_CONF="suricata.yaml"
 
 # You can define the options here:
-# NB: avoid using -l, -c and setting logging.outputs.1.file.filename as the 
init script will try to set them for you.
+# NB: avoid using -l, -c, --user, --group and setting 
logging.outputs.1.file.filename as the init script will try to set them for you.
 
 # SURICATA_OPTS_q0="-q 0"
 # SURICATA_OPTS_q1="-q 1"
@@ -44,3 +44,13 @@ SURICATA_OPTS="-i eth0"
 # SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
 # SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
 # SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml 
config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata 
for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"

diff --git a/net-analyzer/suricata/files/suricata-3.2-init 
b/net-analyzer/suricata/files/suricata-3.2-init
index 1717dbb..b276f49 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -13,13 +13,19 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; 
then
 SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
 eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
 eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
 else
 SURICATACONF=${SURICATA_CONF}
 [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" 
|| SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
 SURICATAPID="/var/run/suricata/suricata.pid"
 SURICATAOPTS=${SURICATA_OPTS}
 SURICATALOGPATH=${SURICATA_LOG_FILE}
+SURICATAUSER=${SURICATA_USER}
+SURICATAGROUP=${SURICATA_GROUP}
 fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
 [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
 
 description="Suricata IDS/IPS"
@@ -37,11 +43,6 @@ depend() {
 }
 
 checkconfig() {
-   if [ ! -e ${SURICATACONF} ] ; then
-   einfo "The configuration file ${SURICATACONF} was not found."
-   einfo "If this is OK then make sure you set enough options for 
${SVCNAME} in /etc/conf.d/suricata."
-   einfo "Take a look at the suricata arguments --set and 
--dump-config."
-   fi
if [ ! -d "/var/run/suricata" ] ; then
checkpath -d /var/run/suricata
fi
@@ -52,9 +53,22 @@ checkconfig() {
if [ ! -d "${SURICATALOGPATH}" ] ; then
checkpath -d "${SURICATALOGPATH}"
fi
+   if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && 
[ -e "${SURICATALOGPATH}" ]; then
+   chown ${SURICATAUSER}:${SURICATAGROUP} 
"${SURICATALOGPATH}" || return 1
+   chown ${SURICATAUSER}:${SURICATAGROUP} 
"${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+   fi
SURICATAOPTS="${SURICATAOPTS} --set 
logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
SURICATALOGPATH="-l ${SURICATALOGPATH}"
fi
+   if [ ! -e ${SURICATACONF} ] ; then
+   einfo "The configuration file ${SURICATACONF} was not found."
+   einfo "If this is OK then make sure you set enough options for 
${SVCNAME} in /etc/conf.d/suricata."
+   einfo "Take a look at the suricata arguments --set and 
--dump-config."
+   fi
+   if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+   einfo "${SVCNAME} will run as user 
${SURICATAUSER}:${SURICATAGROUP}."
+   SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} 
--group=${SURICATAGROUP}"
+   fi
 }
 
 initpidinfo() {
@@ -77,8 +91,7 @@ checkpidinfo() {
  

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2016-12-28 Thread Slawek Lis
commit: a382935f837f6a18529793813228cb2731e9d36f
Author: Slawomir Lis  gentoo  org>
AuthorDate: Wed Dec 28 09:34:11 2016 +
Commit: Slawek Lis  gentoo  org>
CommitDate: Wed Dec 28 09:34:11 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a382935f

net-analyzer/suricata: Updated suricata logging and added logrotate file

I've also bumped revision number, as there are many changes, and those fixes
should finally close bug 602590.

Thanks to Vieri  yahoo.com> for support.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf  |  11 +-
 net-analyzer/suricata/files/suricata-3.2-init  |  28 +++--
 net-analyzer/suricata/files/suricata-logrotate |   6 +
 net-analyzer/suricata/metadata.xml |   1 +
 net-analyzer/suricata/suricata-3.2-r1.ebuild   | 161 +
 5 files changed, 189 insertions(+), 18 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf 
b/net-analyzer/suricata/files/suricata-3.2-conf
index d900ade..fc6885d 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -41,11 +41,6 @@ SURICATA_OPTS="-i eth0"
 
 # Log paths listed here will be created by the init script and will override 
the log path
 # set in the yaml file, if present.
-# SURICATA_LOG_PATH_q0="/var/log/suricata/q0"
-# SURICATA_LOG_PATH_q1="/var/log/suricata/q1"
-# SURICATA_LOG_PATH="/var/log/suricata"
-# SURICATA_LOG_FILE="suricata.log"
-
-# You can view all the available options you can set with --set
-# and check the full config settings in an easily parsable format.
-# SURICATA_DUMP=1
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"

diff --git a/net-analyzer/suricata/files/suricata-3.2-init 
b/net-analyzer/suricata/files/suricata-3.2-init
index 3ec6afd..1717dbb 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -12,18 +12,23 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; 
then
 [ ${#SURICATACONF} -eq 0 ] && 
SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || 
SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
 SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
 eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
-eval SURICATALOGPATH=\$SURICATA_LOG_PATH_${SURICATAID}
+eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
 else
 SURICATACONF=${SURICATA_CONF}
 [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" 
|| SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
 SURICATAPID="/var/run/suricata/suricata.pid"
 SURICATAOPTS=${SURICATA_OPTS}
-SURICATALOGPATH=${SURICATA_LOG_PATH}
+SURICATALOGPATH=${SURICATA_LOG_FILE}
 fi
 [ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
 
-extra_commands="checkconfig"
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
 extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
 
 depend() {
need net
@@ -41,10 +46,12 @@ checkconfig() {
checkpath -d /var/run/suricata
fi
if [ ${#SURICATALOGPATH} -gt 0 ]; then
+   SURICATALOGFILE=$( basename ${SURICATA_LOG_FILE} )
+   SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+   SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
if [ ! -d "${SURICATALOGPATH}" ] ; then
checkpath -d "${SURICATALOGPATH}"
fi
-   SURICATALOGFILE=${SURICATA_LOG_FILE:-suricata.log}
SURICATAOPTS="${SURICATAOPTS} --set 
logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
SURICATALOGPATH="-l ${SURICATALOGPATH}"
fi
@@ -77,12 +84,6 @@ checkpidinfo() {
 
 start() {
checkconfig || return 1
-   if [ $((SURICATA_DUMP)) -eq 1 ]; then
-   einfo "Dumping ${SVCNAME} config values and quitting."
-   ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} 
${SURICATAOPTS} ${SURICATALOGPATH}
-   einfo "You need to disable SURICATA_DUMP to start ${SVCNAME}."
-   return 1
-   fi
ebegin "Starting ${SVCNAME}"
start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} 
${SURICATALOGPATH} >/dev/null 2>&1
@@ -145,3 +146,10 @@ relog() {
start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
eend $?
 }
+
+dump() {
+   checkconfig || return 1
+   ebegin "Dumping ${SVCNAME} config values and quitting."
+   ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} 

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2016-12-26 Thread Slawek Lis
commit: a43050c1456321619ef97dfdeb5a158593fef58d
Author: Slawomir Lis  gentoo  org>
AuthorDate: Tue Dec 27 07:33:10 2016 +
Commit: Slawek Lis  gentoo  org>
CommitDate: Tue Dec 27 07:33:10 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43050c1

net-analyzer/suricata: updated init script and config file

Updated way the script starts suricata, it allows to define config values
inline now.

Details in bug 602590.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 net-analyzer/suricata/files/suricata-3.2-conf |  4 ++--
 net-analyzer/suricata/files/suricata-3.2-init | 26 --
 net-analyzer/suricata/suricata-3.2.ebuild |  2 --
 3 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/net-analyzer/suricata/files/suricata-3.2-conf 
b/net-analyzer/suricata/files/suricata-3.2-conf
index bc6e281..61715ba 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -23,8 +23,8 @@
 # 
 # You can then define the following options here:
 
-# SURICATA_OPTS_q0="-i eth0"
-# SURICATA_OPTS_q1="-i eth1"
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
 
 # If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with 
/etc/init.d/suricata
 # then you can set:

diff --git a/net-analyzer/suricata/files/suricata-3.2-init 
b/net-analyzer/suricata/files/suricata-3.2-init
index 3a9c356..d612815 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -16,6 +16,7 @@ else
 SURICATAPID="/var/run/suricata/suricata.pid"
 SURICATAOPTS=${SURICATA_OPTS}
 fi
+[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}"
 
 extra_commands="checkconfig"
 extra_started_commands="reload relog"
@@ -28,8 +29,9 @@ depend() {
 
 checkconfig() {
if [ ! -e ${SURICATACONF} ] ; then
-   eerror "You need to create ${SURICATACONF} to run ${SVCNAME}."
-   return 1
+   einfo "The configuration file ${SURICATACONF} was not found."
+   einfo "If this is OK then make sure you set enough options for 
${SVCNAME} in /etc/conf.d/suricata."
+   einfo "Take a look at the suricata arguments --set and 
--dump-config."
fi
if [ ! -d "/var/run/suricata" ] ; then
checkpath -d /var/run/suricata
@@ -37,7 +39,7 @@ checkconfig() {
 }
 
 initpidinfo() {
-   [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+   [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
if [ ${#SUR_PID} -gt 0 ]; then
SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
@@ -46,7 +48,7 @@ initpidinfo() {
 
 checkpidinfo() {
initpidinfo
-if [ ! -f ${SURICATAPID} ]; then
+if [ ! -e ${SURICATAPID} ]; then
eerror "${SVCNAME} isn't running"
 return 1
elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
@@ -65,12 +67,11 @@ start() {
checkconfig || return 1
ebegin "Starting ${SVCNAME}"
start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-   -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \
--c ${SURICATACONF} >/dev/null 2>&1
+   -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1
local SUR_EXIT=$?
if [ $((SUR_EXIT)) -ne 0 ]; then
einfo "Could not start ${SURICATA_BIN} with:"
-   einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c 
${SURICATACONF}"
+   einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}"
einfo "Exit code ${SUR_EXIT}"
fi
eend ${SUR_EXIT}
@@ -80,14 +81,13 @@ stop() {
ebegin "Stopping ${SVCNAME}"
initpidinfo
start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 
2>&1
-   einfon "Waiting for ${SVCNAME} to shut down. This can take a while..."
-   echo
+   einfo "Waiting for ${SVCNAME} to shut down. This can take a while..."
# max wait: 5 minutes as it can take quite a while on some systems with 
heavy traffic
local cnt=300
-   while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do
+   while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do
cnt=$(expr $cnt - 1)
sleep 1
-   echo -ne "$cnt seconds left before we give up checking the PID 
file...\r"
+   einfo -ne "$cnt seconds left before we give up checking the PID 
file...\r"
done
# under certain conditions suricata can be pretty slow and the PID can 
persist long after the pidfile has been removed
# max wait for process to terminate: 1 minute
@@ -95,19 +95,17 @@ stop() {
cnt=60
SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
if [ $((SUR_PID_CHECK)) -ne 0 ]; then
-   echo
einfo "The PID file ${SURICATAPID} is 

[gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/

2015-11-29 Thread Slawek Lis
commit: 17fc24794b31f27225822e9017bdf39187e5
Author: Slawomir Lis  gentoo  org>
AuthorDate: Mon Nov 30 06:13:41 2015 +
Commit: Slawek Lis  gentoo  org>
CommitDate: Mon Nov 30 06:13:41 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17fc

Added suricata ebuild (#437564)

Package-Manager: portage-2.2.26

 net-analyzer/suricata/Manifest |   1 +
 .../suricata/files/fortify_source-numeric.patch|  11 ++
 net-analyzer/suricata/files/json.patch |  10 ++
 net-analyzer/suricata/files/magic-location.patch   |  13 +++
 net-analyzer/suricata/metadata.xml |  16 +++
 net-analyzer/suricata/suricata-2.0.10.ebuild   | 119 +
 6 files changed, 170 insertions(+)

diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
new file mode 100644
index 000..77f17d0
--- /dev/null
+++ b/net-analyzer/suricata/Manifest
@@ -0,0 +1 @@
+DIST suricata-2.0.10.tar.gz 3090730 SHA256 
c8d1d3b6ce3d2a56577fca224424071afd921739d3859efc8a62229556d4beef SHA512 
fa3683a93d85b26166b0f67a85f1a498941aadf4372ef98bd7fe62fcdef150af46b65456e3a764e054c385abbf44138ae6f70882c68ba320508eade6e181f2c6
 WHIRLPOOL 
b867003e76df2b0b1b56c89415ed96acbf9d8966739d77aa303055d29ae5cdad8ad0b58e969336f0c1fc2e5d9990941622c19c062828dae58bf062f5662225f3

diff --git a/net-analyzer/suricata/files/fortify_source-numeric.patch 
b/net-analyzer/suricata/files/fortify_source-numeric.patch
new file mode 100644
index 000..0a7f482
--- /dev/null
+++ b/net-analyzer/suricata/files/fortify_source-numeric.patch
@@ -0,0 +1,11 @@
+--- a/src/suricata.c   2015-10-02 00:21:55.634213646 +0200
 b/src/suricata.c   2015-10-02 00:22:39.143940007 +0200
+@@ -774,7 +774,7 @@
+ printf("compiled with -fstack-protector-all\n");
+ #endif
+ #ifdef _FORTIFY_SOURCE
+-printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
++printf("compiled with _FORTIFY_SOURCE\n");
+ #endif
+ #ifdef CLS
+ printf("L1 cache line size (CLS)=%d\n", CLS);

diff --git a/net-analyzer/suricata/files/json.patch 
b/net-analyzer/suricata/files/json.patch
new file mode 100644
index 000..a542f35
--- /dev/null
+++ b/net-analyzer/suricata/files/json.patch
@@ -0,0 +1,10 @@
+--- src/output-json.h.orig 2015-11-21 21:56:24.996289587 +0100
 src/output-json.h  2015-11-21 21:57:11.419622642 +0100
+@@ -28,6 +28,7 @@
+ 
+ #ifdef HAVE_LIBJANSSON
+ 
++#include 
+ #include "suricata-common.h"
+ #include "util-buffer.h"
+ #include "util-logopenfile.h"

diff --git a/net-analyzer/suricata/files/magic-location.patch 
b/net-analyzer/suricata/files/magic-location.patch
new file mode 100644
index 000..02681f9
--- /dev/null
+++ b/net-analyzer/suricata/files/magic-location.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 8b41eb0..3cdf0e7 100644
+--- a/configure.ac
 b/configure.ac
+@@ -182,7 +182,7 @@
+ fi
+ echo -n "installation for $host OS... "
+ 
+-e_magic_file="/usr/share/file/magic"
++e_magic_file="/usr/share/misc/magic.mgc"
+ case "$host" in
+ *-*-*freebsd*)
+ LUA_PC_NAME="lua-5.1"

diff --git a/net-analyzer/suricata/metadata.xml 
b/net-analyzer/suricata/metadata.xml
new file mode 100644
index 000..34c1b31
--- /dev/null
+++ b/net-analyzer/suricata/metadata.xml
@@ -0,0 +1,16 @@
+
+http://www.gentoo.org/dtd/metadata.dtd;>
+
+  
+s...@gentoo.org
+  
+  
+Enable AF_PACKET support
+Enable unix socket
+Enable NVIDIA Cuda computations support
+Enable Luajit support
+Enable libnetfilter_log support
+Enable AF_PACKET support
+Enable AF_PACKET support
+  
+

diff --git a/net-analyzer/suricata/suricata-2.0.10.ebuild 
b/net-analyzer/suricata/suricata-2.0.10.ebuild
new file mode 100644
index 000..40b2740
--- /dev/null
+++ b/net-analyzer/suricata/suricata-2.0.10.ebuild
@@ -0,0 +1,119 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring 
engine"
+HOMEPAGE="http://suricata-ids.org/;
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug geoip hardened lua luajit nflog 
+nfqueue +rules test"
+
+DEPEND="
+   >=dev-libs/jansson-2.2
+   dev-libs/libpcre
+   dev-libs/libyaml
+   net-libs/libnet:*
+   net-libs/libnfnetlink
+   dev-libs/nspr
+   dev-libs/nss
+   net-libs/libpcap
+   sys-apps/file
+   cuda?   ( dev-util/nvidia-cuda-toolkit )
+   geoip?  ( dev-libs/geoip )
+   lua?( dev-lang/lua:* )
+   luajit? ( dev-lang/luajit:* )
+   nflog?  ( net-libs/libnetfilter_log )
+   nfqueue?( net-libs/libnetfilter_queue )
+"
+# #446814
+#  prelude?( dev-libs/libprelude )
+#  pfring? (