diff options
| author |   Benjamin Smee <strerror@gentoo.org> | 2005-10-09 13:54:39 +0000 |
|---|---|---|
| committer | Benjamin Smee <strerror@gentoo.org> | 2005-10-09 13:54:39 +0000 |
| commit | 19b913caa5809642ec768b18fc943de0e5d36d7e (patch) | |
| tree | 4b3661a7b42d0b2a1079d6e1dc402654eb033c19 /net-analyzer/sguil-sensor | |
| parent | Check if the freebsd patch was already applied when it fails to apply. (diff) | |
| download | gentoo-2-19b913caa5809642ec768b18fc943de0e5d36d7e.tar.gz gentoo-2-19b913caa5809642ec768b18fc943de0e5d36d7e.tar.bz2 gentoo-2-19b913caa5809642ec768b18fc943de0e5d36d7e.zip | |
New log_packets initd and confd. Changed einfo
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-analyzer/sguil-sensor')
| -rw-r--r-- | net-analyzer/sguil-sensor/ChangeLog | 8 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/Manifest | 9 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3-r1 | 1 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/log_packets.confd | 20 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/files/log_packets.initd | 17 | ||||
| -rw-r--r-- | net-analyzer/sguil-sensor/sguil-sensor-0.5.3-r1.ebuild | 89 |
6 files changed, 132 insertions, 12 deletions
diff --git a/net-analyzer/sguil-sensor/ChangeLog b/net-analyzer/sguil-sensor/ChangeLog index c7fbef3b990c..a5b864f9f2f0 100644 --- a/net-analyzer/sguil-sensor/ChangeLog +++ b/net-analyzer/sguil-sensor/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/sguil-sensor # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/ChangeLog,v 1.1 2005/10/08 14:04:11 strerror Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/ChangeLog,v 1.2 2005/10/09 13:54:39 strerror Exp $ + +*sguil-sensor-0.5.3-r1 (09 Oct 2005) + + 09 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/log_packets.confd, + files/log_packets.initd, +sguil-sensor-0.5.3-r1.ebuild: + New log_packets initd and confd. Changed einfo *sguil-sensor-0.5.3 (08 Oct 2005) diff --git a/net-analyzer/sguil-sensor/Manifest b/net-analyzer/sguil-sensor/Manifest index 3711513f4f71..cbd2f8b625b5 100644 --- a/net-analyzer/sguil-sensor/Manifest +++ b/net-analyzer/sguil-sensor/Manifest @@ -1,6 +1,9 @@ +MD5 b3896e4b977e661e1431e2c844bcb84e sguil-sensor-0.5.3.ebuild 2454 MD5 5f29597e62a3bdc8b3ae18d2a04b1cee ChangeLog 427 +MD5 5355b4f79a0130d075711f0a54840239 metadata.xml 223 +MD5 72a0831b474069dd84915629d93a6b5e sguil-sensor-0.5.3-r1.ebuild 2565 MD5 7dea1d8d6ed9dadaa3768e6ba138fe76 files/digest-sguil-sensor-0.5.3 69 -MD5 803ece3f96486fc2665c7dacda1b9bb0 files/log_packets.initd 2215 +MD5 b00be8c2354effc6b8d51da0ca0a02da files/log_packets.confd 553 +MD5 3eba40238db34240e75318875c6c6e18 files/log_packets.initd 2364 MD5 eafeeec66dc5b155a58067d03baccc8b files/sensor_agent.initd 794 -MD5 5355b4f79a0130d075711f0a54840239 metadata.xml 223 -MD5 b3896e4b977e661e1431e2c844bcb84e sguil-sensor-0.5.3.ebuild 2454 +MD5 7dea1d8d6ed9dadaa3768e6ba138fe76 files/digest-sguil-sensor-0.5.3-r1 69 diff --git a/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3-r1 b/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3-r1 new file mode 100644 index 000000000000..e75aa2ff25cd --- /dev/null +++ b/net-analyzer/sguil-sensor/files/digest-sguil-sensor-0.5.3-r1 @@ -0,0 +1 @@ +MD5 681fa7e99aa674c0e2be4788ef503d69 sguil-sensor-0.5.3.tar.gz 89816 diff --git a/net-analyzer/sguil-sensor/files/log_packets.confd b/net-analyzer/sguil-sensor/files/log_packets.confd new file mode 100644 index 000000000000..591454bd6b2f --- /dev/null +++ b/net-analyzer/sguil-sensor/files/log_packets.confd @@ -0,0 +1,20 @@ +# Config file for /etc/init.d/log_packets + +# This tell snort which interface to listen on (any for every interface) +IFACE=eth1 + +# Make sure this matches your IFACE +PIDFILE=/var/run/log_packets_$IFACE.pid + +# You probably don't want to change this, but in case you do +LOGDIR="/var/lib/sguil" + +# Probably not this either +CONF=/etc/snort/snort.conf + +# Percentage of disk to try and maintain +MAX_DISK_USE=95 + +# This pulls in the options above +#SNORT_OPTS="-D -m 122 -u sguil -g sguil -A none -i $IFACE -l $LOGDIR -c $CONF" +OPTIONS="-m 122 -u sguil -g sguil" diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd index 470d34a5c306..db9ae1000490 100644 --- a/net-analyzer/sguil-sensor/files/log_packets.initd +++ b/net-analyzer/sguil-sensor/files/log_packets.initd @@ -1,21 +1,22 @@ #!/sbin/runscript # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/files/log_packets.initd,v 1.1 2005/10/08 14:04:11 strerror Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/files/log_packets.initd,v 1.2 2005/10/09 13:54:39 strerror Exp $ opts="start stop cleandisk" -[ -d "${LOG_DIR}" ] && LOGDIR="/var/log/sguild" - start() { - ebegin "Starting Sensor Agent" + ebegin "Starting Log_packest" if [ ! -x /usr/bin/snort ] then eerror "No snort - cannot start" eend 1 return 1 fi + + LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs" + if [ ! -d ${LOG_DIR} ] then mkdir -p ${LOG_DIR} @@ -29,9 +30,9 @@ start() { mkdir "${LOG_DIR}/${today}" chmod 770 "${LOG_DIR}/${today}" fi - start-stop-daemon --start -c sguil --pidfile /var/run/sguil/logpackets.pid \ + start-stop-daemon --start --quiet -b -m --pidfile /var/run/sguil/logpackets.pid \ --exec /usr/bin/snort \ - -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${INTERFACE}" "${FILTER}" + -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}" real_cleandisk eend $? } @@ -53,10 +54,10 @@ cleandisk() { real_cleandisk() { einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..." # grep, awk, tr...woohoo! - CUR_USE=$(df ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %) + CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %) einfo " Current Disk Use: ${CUR_USE}%" - if [ ${CUR_USE} -gt ${MAX_DISK_USE }] + if [ ${CUR_USE} -gt ${MAX_DISK_USE} ] then # If we are here then we passed our disk limit # First find the oldest DIR diff --git a/net-analyzer/sguil-sensor/sguil-sensor-0.5.3-r1.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-0.5.3-r1.ebuild new file mode 100644 index 000000000000..fdc789da2d92 --- /dev/null +++ b/net-analyzer/sguil-sensor/sguil-sensor-0.5.3-r1.ebuild @@ -0,0 +1,89 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/sguil-sensor-0.5.3-r1.ebuild,v 1.1 2005/10/09 13:54:39 strerror Exp $ + +inherit eutils + +DESCRIPTION="Sensor part of sguil Network Security Monitoring" +HOMEPAGE="http://sguil.sourceforge.net" +SRC_URI="mirror://sourceforge/sguil/sguil-sensor-${PV}.tar.gz" + +LICENSE="QPL" +SLOT="0" +KEYWORDS="~x86" +IUSE="" + +DEPEND=">=dev-lang/tcl-8.3" +RDEPEND="${DEPEND} + >=net-analyzer/snort-2.4.1-r1 + >=net-analyzer/barnyard-0.2.0-r1 + net-analyzer/sancp + dev-ml/pcre-ocaml" + +S=${WORKDIR}/sguil-${PV} + +pkg_setup() { + if built_with_use tcl threads ; then + eerror + eerror "Sguil does not run when tcl was built with threading enabled." + eerror "Please rebuild tcl without threads and reemerge this ebuild." + eerror + die + fi + + if ! built_with_use snort sguil ; then + eerror + eerror "You need to emerge snort with 'sguil' USE flag to get" + eerror "the full sguil functionality" + eerror + die + fi + enewgroup sguil + enewuser sguil -1 -1 /var/lib/sguil sguil +} + +src_unpack() { + unpack ${A} + cd ${S}/sensor + sed -i -e 's:192.168.8.1:127.0.0.1:' -e "s:gateway:${HOSTNAME}:" \ + -e 's:/snort_data:/var/lib/sguil:' -e 's:DAEMON 0:DAEMON 1:' \ + -e 's:DEBUG 1:DEBUG 0:g' sensor_agent.conf || die "sed failed" +} + +src_install() { + + dodoc doc/* + + dobin sensor/sensor_agent.tcl + + newinitd "${FILESDIR}/log_packets.initd" log_packets + newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent + newconfd "${FILESDIR}/log_packets.confd" log_packets + insinto /etc/sguil + doins sensor/sensor_agent.conf + + # Create the directory structure + diropts -g sguil -o sguil + keepdir /var/lib/sguil /var/run/sguil /var/run/sguil/archive \ + "/var/lib/sguil/${HOSTNAME}" \ + "/var/lib/sguil/${HOSTNAME}/portscans" \ + "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ + "/var/lib/sguil/${HOSTNAME}/dailylogs" \ + "/var/lib/sguil/${HOSTNAME}/sancp" + +} + +pkg_postinst() { + einfo + einfo "You should check /etc/sguil/sensor_agent.conf and" + einfo "/etc/init.d/logpackets and ensure that they are accurate" + einfo "for your environment. They should work providing that you" + einfo "are running the sensor on the same machine as the server." + einfo "This ebuild assumes that you are running a single sensor" + einfo "environment, if this is not the case then you must make sure" + einfo "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." + einfo "You should crontab the /etc/init.d/log_packets script to restart" + einfo "each hour." + einfo +} + |