diff options
author | Thomas Andrejak <thomas.andrejak@gmail.com> | 2016-07-17 15:13:05 +0200 |
---|---|---|
committer | Göktürk Yüksek <gokturk@gentoo.org> | 2016-08-04 21:10:12 -0400 |
commit | 3a233c7192c7c95146c9f0dfd5f601deaf23a202 (patch) | |
tree | 0471fe963d4c2b35e3e34395aab6324bca435be2 /net-analyzer | |
parent | app-admin/prelude-manager: New package (diff) | |
download | gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.tar.gz gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.tar.bz2 gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.zip |
net-analyzer/prelude-lml: New package
Prelude-LML is a log analyser that allows Prelude to collect and
analyze information from all kind of applications emitting logs or
syslog messages in order to detect suspicious activities and transform
them into Prelude-IDMEF alerts.
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/prelude-lml/Manifest | 1 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch | 22 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch | 35 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch | 14 | ||||
-rwxr-xr-x | net-analyzer/prelude-lml/files/prelude-lml.initd | 27 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/files/prelude-lml.run | 4 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/files/prelude-lml.service | 13 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/metadata.xml | 23 | ||||
-rw-r--r-- | net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild | 59 |
9 files changed, 198 insertions, 0 deletions
diff --git a/net-analyzer/prelude-lml/Manifest b/net-analyzer/prelude-lml/Manifest new file mode 100644 index 000000000000..021270e8ad2a --- /dev/null +++ b/net-analyzer/prelude-lml/Manifest @@ -0,0 +1 @@ +DIST prelude-lml-3.0.0.tar.gz 1391203 SHA256 53e3ccba2e3842e583739234366b6a5241dc6a8d18da501e6c9ff5e2b9792814 SHA512 f206407f99df394186466566608b434a94d4fdce3e5e8991a4236f2ee670f6ae2573adea22bc248fdfea760588e94160faa7260257aeaeb35c938e1bb886ee6c WHIRLPOOL 2b8ff99576e502461625897251726dd7c1e3a849e27816c64e931548d0ae76f12c125f444096f1aa1894c5f0fce206a7aa436de754a0ff8a3cc25fd475913fc6 diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch new file mode 100644 index 000000000000..dab4ea8a6bb1 --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch @@ -0,0 +1,22 @@ +--- a/prelude-lml.conf ++++ b/prelude-lml.conf +@@ -92,7 +92,7 @@ + time-format = "%b %d %H:%M:%S" + prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" + file = /var/log/messages +-file = /var/log/secure ++file = /var/log/auth.log + # udp-server = 0.0.0.0 + # tcp-server = 0.0.0.0 + # tcp-tls-server = 0.0.0.0 +--- a/prelude-lml.conf.in ++++ b/prelude-lml.conf.in +@@ -92,7 +92,7 @@ + time-format = "%b %d %H:%M:%S" + prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" + file = /var/log/messages +-file = /var/log/secure ++file = /var/log/auth.log + # udp-server = 0.0.0.0 + # tcp-server = 0.0.0.0 + # tcp-tls-server = 0.0.0.0 diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch new file mode 100644 index 000000000000..154a261eb5ad --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch @@ -0,0 +1,35 @@ +--- a/configure.in ++++ b/configure.in +@@ -107,10 +107,13 @@ + dnl ************************************************** + GNUTLS_MIN_VERSION=1.0.17 + +-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], +- [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) +- +-AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) ++AC_ARG_ENABLE(gnutls, AC_HELP_STRING(--enable-gnutls, Define whether GnuTLS provides gnutls_hash_get_len function), , enable_gnutls="yes") ++if test x$enable_gnutls = xyes; then ++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], ++ [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) ++ ++ AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) ++fi + + if test x$enable_gnutls = xyes; then + AC_DEFINE_UNQUOTED(HAVE_GNUTLS, , Tell whether GnuTLS is available for TCP-TLS support) +@@ -125,8 +128,12 @@ + dnl * Check for libICU * + dnl ************************************************** + +-PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], +- [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) ++AC_ARG_ENABLE(icu, AC_HELP_STRING(--enable-icu, Tell whether libicu is available for encoding convertion), , enable_icu="yes") ++ ++if test x$enable_icu = xyes; then ++ PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], ++ [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) ++fi + if test x$enable_icu = xyes; then + AC_DEFINE_UNQUOTED(HAVE_LIBICU, , Tell whether libicu is available for encoding convertion) + fi diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch new file mode 100644 index 000000000000..8b4e65216cca --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch @@ -0,0 +1,14 @@ +--- a/configure.in ++++ b/configure.in +@@ -187,9 +187,9 @@ + configdir=$SYSCONFDIR/prelude-lml + prelude_lml_conf=$configdir/prelude-lml.conf + regex_conf=$configdir/plugins.rules +-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml ++metadata_dir=$LOCALSTATEDIR/prelude-lml + plugindir=$LIBDIR/prelude-lml +-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml ++lml_run_dir=/run/prelude-lml + + AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML configuration file) + AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin directory) diff --git a/net-analyzer/prelude-lml/files/prelude-lml.initd b/net-analyzer/prelude-lml/files/prelude-lml.initd new file mode 100755 index 000000000000..411e02762455 --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.initd @@ -0,0 +1,27 @@ +#!/sbin/runscript +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +BIN_LML=/usr/bin/prelude-lml +PID_LML=/run/prelude-lml/prelude-lml.pid + +depend() { + need net + after prelude-manager +} + +start() { + ebegin "Starting prelude-lml" + checkpath -d -m 0755 -o root:root /run/prelude-lml + start-stop-daemon --start --exec $BIN_LML \ + --pidfile $PID_LML -- -d -P $PID_LML + eend $? +} + +stop() { + ebegin "Stopping prelude-lml" + start-stop-daemon --stop --exec $BIN_LML \ + --pidfile $PID_LML + eend $? +} diff --git a/net-analyzer/prelude-lml/files/prelude-lml.run b/net-analyzer/prelude-lml/files/prelude-lml.run new file mode 100644 index 000000000000..75f2ef89adda --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.run @@ -0,0 +1,4 @@ +# Configuration to create /run/prelude-lml directory +# Used as part of systemd's tmpfiles + +d /run/prelude-lml 0755 root root diff --git a/net-analyzer/prelude-lml/files/prelude-lml.service b/net-analyzer/prelude-lml/files/prelude-lml.service new file mode 100644 index 000000000000..9d9230c6ff4c --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.service @@ -0,0 +1,13 @@ +[Unit] +Description=Prelude-LML service +DefaultDependencies=no +After=remote_fs.target prelude-manager.service + +[Service] +ExecStart=/usr/bin/prelude-lml -d -P /run/prelude-lml/prelude-lml.pid +Type=forking +PIDFile=/run/prelude-lml/prelude-lml.pid +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/prelude-lml/metadata.xml b/net-analyzer/prelude-lml/metadata.xml new file mode 100644 index 000000000000..9aa90946ee78 --- /dev/null +++ b/net-analyzer/prelude-lml/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>thomas.andrejak@gmail.com</email> + <name>Thomas Andrejak</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en"> + Prelude-LML is a log analyser that allows Prelude to collect and + analyze information from all kind of applications emitting logs or + syslog messages in order to detect suspicious activities and transform + them into Prelude-IDMEF alerts. Prelude-LML handles events generated + by a large set of applications + </longdescription> + <use> + <flag name="tls">Enables Prelude LML support Syslog through TLS + using <pkg>net-libs/gnutls</pkg>.</flag> + </use> +</pkgmetadata> diff --git a/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild new file mode 100644 index 000000000000..6d57560ab95a --- /dev/null +++ b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit autotools eutils systemd + +DESCRIPTION="The prelude log analyzer" +HOMEPAGE="https://www.prelude-siem.org" +SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="tls icu" + +RDEPEND="dev-libs/libprelude + dev-libs/libpcre + icu? ( dev-libs/icu ) + tls? ( net-libs/gnutls )" + +DEPEND="${RDEPEND} + virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${P}-configure.patch" + "${FILESDIR}/${P}-conf.patch" + "${FILESDIR}/${P}-run.patch" +) + +src_prepare() { + default_src_prepare + + mv "${S}/configure.in" "${S}/configure.ac" || die "mv failed" + + eautoreconf +} + +src_configure() { + econf \ + --localstatedir=/var \ + $(use_enable icu) \ + $(use_enable tls gnutls) +} + +src_install() { + default_src_install + + rm -rv "${D}/run" || die "rm failed" + keepdir /var/${PN} + + prune_libtool_files --modules + + systemd_dounit "${FILESDIR}/${PN}.service" + systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf" + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" +} |