commit: 8613b63b558801c7a1c904358505b65b5906d1a3 Author: Slawomir Lis <slis <AT> gentoo <DOT> org> AuthorDate: Fri Feb 17 05:39:45 2017 +0000 Commit: Slawek Lis <slis <AT> gentoo <DOT> org> CommitDate: Fri Feb 17 05:39:45 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8613b63b
net-analyzer/suricata: version bump to 3.2.1 Reported in #609426 Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/Manifest | 1 + net-analyzer/suricata/files/suricata-3.2.1-conf | 62 +++++++++ net-analyzer/suricata/files/suricata-3.2.1-init | 148 ++++++++++++++++++++++ net-analyzer/suricata/suricata-3.2.1.ebuild | 162 ++++++++++++++++++++++++ 4 files changed, 373 insertions(+) diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 4730f83276..06c2f94487 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,4 +1,5 @@ DIST suricata-2.0.11.tar.gz 3091124 SHA256 c607f1e18e5636830f42a83f7c67e1466f07db82853f3a9dba4ab8c6c3bc656e SHA512 659e893fef3cdcca8440f2af7596d5cc58b142d3350b9ea5ba57d855c6759a00adafeb15a1dfe91dd55eca1437487eb4e842b4e2913d12417f0b906ca3d54ec9 WHIRLPOOL 5cfa55abd90284a0a3441853af9db18075a23fa5661d89448b409b8fdd1031ad348d76d455b7dfe7b2688e69633f5bbb65dc060cc2426af017ab1bcb824c9ac5 DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26 SHA512 cd10f5b19dd7b6ccbed668263b54d93738842191e71391b040aa7fc2049ac597feb38cd333f07b15d30ebeaf778f6abe18b72215e609891608dca094531c7fd8 WHIRLPOOL a1f6c8ee760cac9e3daa3358e89d30b4a24441fb975214ae2fe165fcb697b4292e035007323041febdc0d8f09b16666515aba76f60f1e437d865193db3deb25d DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe +DIST suricata-3.2.1.tar.gz 11754332 SHA256 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 WHIRLPOOL 6469191d11f8bd3cf4fab80650d4fbf380c74e3502867e446f57fd297d3f8bbd9b23e452dcb2c559496e8f64f9e9822c5f0303a6351ec13a32fd172a39d3ca05 DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15 diff --git a/net-analyzer/suricata/files/suricata-3.2.1-conf b/net-analyzer/suricata/files/suricata-3.2.1-conf new file mode 100644 index 0000000000..655b947fdd --- /dev/null +++ b/net-analyzer/suricata/files/suricata-3.2.1-conf @@ -0,0 +1,62 @@ +# Config file for /etc/init.d/suricata* + +# Where config files are stored. Default: + +# SURICATA_DIR="/etc/suricata" + +# Pass options to each suricata service. +# +# You can launch more than one service at the same time with different options. +# This can be useful in a multi-queue gateway, for example. +# You can expand on the Suricata inline example found at: +# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html +# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance" +# on several queues. You can then have a Suricata instance processing traffic for each queue. +# This should help improve performance on the gateway/firewall. +# +# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following: +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0 +# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1 +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml +# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml +# +# Edit both suricata-q{0,1}.yaml files and set values accordingly. +# You can override these yaml config file names with SURICATA_CONF* below (optional). +# This allows you to use the same yaml config file for multiple instances as long as you override +# sensible options such as the log file paths. +# SURICATA_CONF_q0="suricata-queues.yaml" +# SURICATA_CONF_q1="suricata-queues.yaml" +# SURICATA_CONF="suricata.yaml" + +# You can define the options here: +# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you. + +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" + +# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata +# then you can set: + +SURICATA_OPTS="-i eth0" + +# Log paths listed here will be created by the init script and will override the log path +# set in the yaml file, if present. +# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log" +# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log" +# SURICATA_LOG_FILE="/var/log/suricata/suricata.log" + +# Run as user/group. +# Do not define if you want to run as root or as the user defined in the yaml config file (run-as). +# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below. +# SURICATA_USER_q0="suricata" +# SURICATA_GROUP_q0="suricata" +# SURICATA_USER_q1="suricata" +# SURICATA_GROUP_q1="suricata" +# SURICATA_USER="suricata" +# SURICATA_GROUP="suricata" + +# Suricata processes can take a long time to shut down. +# If necessary, adjust timeout in seconds to be used when calling stop from the init script. +# Examples: +# SURICATA_MAX_WAIT_ON_STOP="300" +# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30" diff --git a/net-analyzer/suricata/files/suricata-3.2.1-init b/net-analyzer/suricata/files/suricata-3.2.1-init new file mode 100644 index 0000000000..05f05dd9c5 --- /dev/null +++ b/net-analyzer/suricata/files/suricata-3.2.1-init @@ -0,0 +1,148 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +SURICATA_BIN=/usr/bin/suricata +SURICATA_DIR=${SURICATA_DIR:-/etc/suricata} +SURICATA=${SVCNAME#*.} +SURICATAID=$(shell_var "${SURICATA}") +if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then + eval SURICATACONF=\$SURICATA_CONF_${SURICATAID} + [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" + SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" + eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} + eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} + eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} + eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID} +else + SURICATACONF=${SURICATA_CONF} + [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" + SURICATAPID="/var/run/suricata/suricata.pid" + SURICATAOPTS=${SURICATA_OPTS} + SURICATALOGPATH=${SURICATA_LOG_FILE} + SURICATAUSER=${SURICATA_USER} + SURICATAGROUP=${SURICATA_GROUP} +fi +SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}} +SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}} +[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}" +[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}" + +description="Suricata IDS/IPS" +extra_commands="checkconfig dump" +description_checkconfig="Check config for ${SVCNAME}" +description_dump="List all config values that can be used with --set" +extra_started_commands="reload relog" +description_reload="Live rule and config reload" +description_relog="Close and re-open all log files" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -d "/var/run/suricata" ] ; then + checkpath -d /var/run/suricata + fi + if [ ${#SURICATALOGPATH} -gt 0 ]; then + SURICATALOGFILE=$( basename ${SURICATALOGPATH} ) + SURICATALOGFILE=${SURICATALOGFILE:-suricata.log} + SURICATALOGPATH=$( dirname ${SURICATALOGPATH} ) + if [ ! -d "${SURICATALOGPATH}" ] ; then + checkpath -d "${SURICATALOGPATH}" + fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1 + chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1 + fi + SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}" + SURICATALOGPATH="-l ${SURICATALOGPATH}" + fi + if [ ! -e ${SURICATACONF} ] ; then + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." + fi + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then + einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}." + SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}" + fi +} + +initpidinfo() { + [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" + if [ ${#SUR_PID} -gt 0 ]; then + SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" + SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)" + fi +} + +checkpidinfo() { + initpidinfo + if [ ! -e ${SURICATAPID} ]; then + eerror "${SVCNAME} isn't running" + return 1 + elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then + eerror "Could not determine PID of ${SVCNAME}! Did the service crash?" + return 1 + elif [ ${#SUR_USER} -eq 0 ]; then + eerror "Unable to determine user running ${SVCNAME}!" + return 1 + elif [ "x${SUR_USER}" != "xroot" ]; then + ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work." + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1 + local SUR_EXIT=$? + if [ $((SUR_EXIT)) -ne 0 ]; then + einfo "Could not start ${SURICATA_BIN} with:" + einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}" + einfo "Exit code ${SUR_EXIT}" + fi + eend ${SUR_EXIT} +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 + eend $? +} + +reload() { + checkpidinfo || return 1 + checkconfig || return 1 + ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload." + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then + start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID} + else + start-stop-daemon --signal USR2 --pidfile ${SURICATAPID} + fi + eend $? +} + +relog() { + checkpidinfo || return 1 + checkconfig || return 1 + ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files." + if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then + start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID} + else + start-stop-daemon --signal HUP --pidfile ${SURICATAPID} + fi + eend $? +} + +dump() { + checkconfig || return 1 + ebegin "Dumping ${SVCNAME} config values and quitting." + ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH} + eend $? +} diff --git a/net-analyzer/suricata/suricata-3.2.1.ebuild b/net-analyzer/suricata/suricata-3.2.1.ebuild new file mode 100644 index 0000000000..9d39b833ee --- /dev/null +++ b/net-analyzer/suricata/suricata-3.2.1.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit autotools eutils user + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="http://suricata-ids.org/"; +SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" + +DEPEND=" + >=dev-libs/jansson-2.2 + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + >=net-libs/libhtp-0.5.20 + net-libs/libpcap + sys-apps/file + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/geoip ) + lua? ( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue? ( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis ) + logrotate? ( app-admin/logrotate ) + sys-libs/libcap-ng +" +# #446814 +# prelude? ( dev-libs/libprelude ) +# pfring? ( sys-process/numactl net-libs/pf_ring) +RDEPEND="${DEPEND}" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" +} + +src_prepare() { + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var/" \ + "--enable-non-bundled-htp" \ + $(use_enable af-packet) \ + $(use_enable detection) \ + $(use_enable nfqueue) \ + $(use_enable test coccinelle) \ + $(use_enable test unittests) \ + $(use_enable control-socket unix-socket) + ) + + if use cuda ; then + myeconfargs+=( $(use_enable cuda) ) + fi + if use geoip ; then + myeconfargs+=( $(use_enable geoip) ) + fi + if use hardened ; then + myeconfargs+=( $(use_enable hardened gccprotect) ) + fi + if use nflog ; then + myeconfargs+=( $(use_enable nflog) ) + fi + if use redis ; then + myeconfargs+=( $(use_enable redis hiredis) ) + fi + # not supported yet (no pfring in portage) +# if use pfring ; then +# myeconfargs+=( $(use_enable pfring) ) +# fi + # no libprelude in portage +# if use prelude ; then +# myeconfargs+=( $(use_enable prelude) ) +# fi + if use lua ; then + myeconfargs+=( $(use_enable lua) ) + fi + if use luajit ; then + myeconfargs+=( $(use_enable luajit) ) + fi + +# this should be used when pf_ring use flag support will be added +# LIBS+="-lrt -lnuma" + + # avoid upstream configure script trying to add -march=native to CFLAGS + myeconfargs+=( --enable-gccmarch-native=no ) + + if use debug ; then + myeconfargs+=( $(use_enable debug) ) + # so we can get a backtrace according to "reporting bugs" on upstream web site + CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]} + else + econf LIBS="${LIBS}" ${myeconfargs[@]} + fi +} + +src_install() { + emake DESTDIR="${D}" install + + insinto "/etc/${PN}" + doins {classification,reference,threshold}.config suricata.yaml + + if use rules ; then + insinto "/etc/${PN}/rules" + doins rules/*.rules + fi + + dodir "/var/lib/${PN}" + dodir "/var/log/${PN}" + + fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + + newinitd "${FILESDIR}/${P}-init" ${PN} + newconfd "${FILESDIR}/${P}-conf" ${PN} + + if use logrotate; then + insopts -m0644 + insinto /etc/logrotate.d + newins "${FILESDIR}"/${PN}-logrotate ${PN} + fi +} + +pkg_postinst() { + elog "The ${PN} init script expects to find the path to the configuration" + elog "file as well as extra options in /etc/conf.d." + elog "" + elog "To create more than one ${PN} service, simply create a new .yaml file for it" + elog "then create a symlink to the init script from a link called" + elog "${PN}.foo - like so" + elog " cd /etc/${PN}" + elog " ${EDITOR##*/} suricata-foo.yaml" + elog " cd /etc/init.d" + elog " ln -s ${PN} ${PN}.foo" + elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." + elog "" + elog "You can create as many ${PN}.foo* services as you wish." + + if use logrotate; then + elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/." + fi + + if use debug; then + elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"; + elog "You need to also ensure the FEATURES variable in make.conf contains the" + elog "'nostrip' option to produce useful core dumps or back traces." + fi +}
