summaryrefslogtreecommitdiff
path: root/app-admin/sagan
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /app-admin/sagan
reinit the tree, so we can have metadata
Diffstat (limited to 'app-admin/sagan')
-rw-r--r--app-admin/sagan/Manifest12
-rw-r--r--app-admin/sagan/files/mysql_check.patch26
-rw-r--r--app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch55
-rw-r--r--app-admin/sagan/files/sagan.confd9
-rw-r--r--app-admin/sagan/files/sagan.init17
-rw-r--r--app-admin/sagan/files/sagan.init-r117
-rw-r--r--app-admin/sagan/metadata.xml15
-rw-r--r--app-admin/sagan/sagan-0.2.3.ebuild85
-rw-r--r--app-admin/sagan/sagan-1.0.0_rc3.ebuild89
9 files changed, 325 insertions, 0 deletions
diff --git a/app-admin/sagan/Manifest b/app-admin/sagan/Manifest
new file mode 100644
index 000000000000..e0eb8b2cf6e7
--- /dev/null
+++ b/app-admin/sagan/Manifest
@@ -0,0 +1,12 @@
+AUX mysql_check.patch 944 SHA256 61d570ffb48659837adaa61d76c1d7e61f4bc42910f8bf814153b911f061fde9 SHA512 5758990b9c85a73d38c00d03a0ff9812e3ffe18a8831daebc01329c2db9253d75467b341aeffe563adcbd4fc907c510991ccf2e9bd8d9c6e7b6b353e7d2a4412 WHIRLPOOL 4a76da71cdca1eb14b30823f33f56216f443b72d8d74f1271c8ec123fec3285c69e103fc7261d59abfc040ef2ecdc479c68911d3518997742d7e71dc9426ca4e
+AUX sagan-1.0.0-liblognorm-json-c.patch 2840 SHA256 5ccefeb90b357f58064f7095b7b74e63938e01d8ae235cde523e14754c9b36d8 SHA512 1aa092351d317c373416a98ca6bbab19a070e43d0d4b82fe6dd1ac5a7cbb67741247ca2655e905a682ef5527fbf139c70a469a960be1dfdaa05c643a9749a4e9 WHIRLPOOL 98eb3b5c8876fd8c4acf9cb796961125886bba400542b2555e9e73d6797c2be07d35919403c66b8903ce932128b70ab1d3fdd897e04e143ffda2a4dea72cbfb6
+AUX sagan.confd 239 SHA256 ef5a99015369648e88e32ec8325261b1bdf53900543f86b77fea5aeb6387de51 SHA512 7ee746984d3bb3361e3155860d54e307f9b94b9e3f98c09c29b4259cd37d7aefe969b5b942c04048328ec23265a2689b22403c32e3552b8062201aca2ef3ac34 WHIRLPOOL 0c0e580d220d5abec71d888531554f9b9a4848dc6bc21bff98931082618cf4b446197ec1a6a38c83d4950d878dfd87050ba8112468ec8d361b63a77541a47d8c
+AUX sagan.init 432 SHA256 d99023e31a965434b621f00bab7f242e22c119cbdf0e5d35ba130ab0e2f602cb SHA512 c5ec82e48ac33785a0e63deb6b2079e97a2f9b5f96682ccbf646b4deae5782cbceb5756b17fdff7af8cafd4e561e298d842c4c4f4aa5229ccc58f5f0fc06e6f7 WHIRLPOOL 95808a41472475c660d95b6d3d437ee9a01e2b062621e622f4f7c5e8ecbc5642809196e5832946f633fa13f6661c0887354a9527b2e408897e57c4513c3e6552
+AUX sagan.init-r1 424 SHA256 8b29fca7655772b26b26237c8862acc05d9a29a502aad3a40a32e2c3d373a351 SHA512 341754a9b18fa4b4082a852cec2eaa5ea78be33eb9d8cdef5b7ec61a9d67d3b264b2c6a2aef030bd85d3644539447345c88fd23ebe99145e40f990f565706809 WHIRLPOOL 24e770a94deca73ab422f43624dedb9a349f3818a6d02e1e88e1bec2fb8de714905b25c79333736ec602666cfcb0e8ae505cb88a7fbe7da58e61cd14bb56dc34
+DIST sagan-0.2.3.tar.gz 231774 SHA256 fc50697cf8ce0fe7c1c662a57a9526710e649c2bf8088acdef46010e06e5ddf2 SHA512 2110f3d34db69cb5c453b8e37d06debeea7531ebf15a9b78954ac1657ddce34feaaff87d14695759c3deb2eed5ecc0e6fec5881fb5037af8efa6c3c9600242cc WHIRLPOOL 417d78263a907c89a865a41228ffc6e2184e1d37d1d583ee0c42da991c411cd40e99b2d537e11a7712615643f57b406439cb5af84a1eacc12a2ef7ca96c72533
+DIST sagan-1.0.0RC3.tar.gz 285207 SHA256 527ddcb583f362c92eca5557cda2116a64200da3f868b512f42abbf78b961508 SHA512 29388a339b290bb4de2359c0c54b9e1d43ef207b223a499a1a4faa36de4d9590a777a796dd773948e995d052b71f3ef47ca5bad5c133116c4dbb53b4fe336123 WHIRLPOOL 35e18084056d15dae578378df4c335fb98ebbb1514b0762a573e4b3507253ac00ee944f06f2f443a2e8cef44c19d312e936923f9223314d8970cec4ae332f36e
+EBUILD sagan-0.2.3.ebuild 2022 SHA256 941dfbf239cabf10d4d23e68e871cfd28f83a433a4a02bd9f176b023fe96a107 SHA512 46f78738deaceb631487177347dae35cc5c3289738f17437d78afb3a70b39b4349faf250e1ea226fcd42e0c26e3c9432aa721fccade95ea6517ad9532e9cdac8 WHIRLPOOL 9ff98252f7f41a1c224ef7078cd8530328448b14555721adcd3773917dbd11a2ccbc59f2ca8384ebd8d20b4218a01a6d23b11328e4753cc99948ea3f5aaad3c5
+EBUILD sagan-1.0.0_rc3.ebuild 2078 SHA256 b74f373f0caa423c22a4f89a98bce75356805424bb1a1db29789141d0c4970e1 SHA512 c607009d57d03ddac2cd3793dcb653f268a5bd22d9f9926384c1a2ad9b213d830528e709c7a4d919bc52e517bee12513c21ec16f63cf7b9d53c4ac01fe2af28a WHIRLPOOL 018fdd5389899b78b157a7396f5cd31100c83e1e1de97ed642058afb3afac29cab4a393251b0553d1d496c96dc0db2d8d187e4f0e3b50d893d08e3c50a4c2ac4
+MISC ChangeLog 4500 SHA256 d2f9145d32180a78c0447acb82b007125c798eaaf4b64de4b288054b6303abfe SHA512 6aa63a942d97cb7d1e2d1b6fcfdd59c345046fd12d1966e41c8c927644aaf5a8fee32bfa8e38de954069b51760401d419248288a215f3b57d292347784b420ab WHIRLPOOL 97943207512885971a8e4bc3022706a49f966f19b9272aa73fb75ad0388edc86f31ac3bf11cb3ed5a7a0ea31a4de9bd102283b821720ee0d7ba239422221baba
+MISC ChangeLog-2015 4561 SHA256 02442352cdc3e2334c6c6de92a97be3a6d9c9349d0df3330b7a95d35c01e3453 SHA512 e9e451bdd0585e26c76e877b630a6160ad8f3ffcae2dfcc34ca70e7c132f0d148421a3f3c8cd6d6eed8f55ecaaac20e005047c117af9253f599de50dc11827c4 WHIRLPOOL f60b36d66edcb4099b1a285539a85bb44d3c81b6bec7226d9c46ef1ae16b773f09b8490d39b353d0eb43b25ce732ffe1f63cf22461f230eb318850f2d665ef0b
+MISC metadata.xml 711 SHA256 ebff359dc39537473536a42dcb182a944a440af02fd3e07dbd9006c10bb22039 SHA512 0ddee4d50afea4e3813b9ffc57d444b95c56773f58a469e28d99a85bda787143a23f4adae995632283b2ec5269cbe38e3ffecd294448c675169c4ef10033afb6 WHIRLPOOL 806ff18cb87653a6977e666d6f93ca8d0cd9d1a84147266282e57c2f1065cb137c09590fff9729c9e19d23f356b62c0b6e744c8a618347cfdfb443975b812d3d
diff --git a/app-admin/sagan/files/mysql_check.patch b/app-admin/sagan/files/mysql_check.patch
new file mode 100644
index 000000000000..d2247aab571e
--- /dev/null
+++ b/app-admin/sagan/files/mysql_check.patch
@@ -0,0 +1,26 @@
+diff --git a/configure.in b/configure.ac
+rename from configure.in
+rename to configure.ac
+--- a/configure.in
++++ b/configure.ac
+@@ -215,13 +215,17 @@
+ AC_CHECK_LIB(pthread, main,,AC_MSG_ERROR(Sagan needs pthreads!))
+ AC_CHECK_LIB(m, main,,AC_MSG_ERROR(Sagan needs libm!))
+
++save_LIBS=$LIBS
+ if test "$MYSQL" = "yes"; then
+ AC_MSG_RESULT([------- MySQL support is enabled -------])
++ AC_CHECK_PROGS(MYSQL_CONFIG, mysql_config)
+ AC_CHECK_HEADER([mysql/mysql.h])
+ AC_CHECK_HEADER([mysql/errmsg.h])
+- AC_CHECK_LIB(mysqlclient_r, main,,AC_MSG_ERROR(The MySQL library libmysqlclient_r is missing!
+-If you're not interested in MySQL support use the --disable-mysql flag.))
+- fi
++ LIBS=$(mysql_config --libs_r)
++ AC_CHECK_LIB(mysqlclient_r, main,,AC_MSG_ERROR(The MySQL library libmysqlclient_r is missing!))
++fi
++LIBS="$save_LIBS $LIBS"
++
+
+ if test "$POSTGRES" = "yes"; then
+ AC_MSG_RESULT([------- PostgreSQL support is enabled -------])
diff --git a/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch b/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch
new file mode 100644
index 000000000000..f9540652717a
--- /dev/null
+++ b/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch
@@ -0,0 +1,55 @@
+diff -rupN old/sagan-1.0.0RC3/configure.ac new/sagan-1.0.0RC3/configure.ac
+--- old/sagan-1.0.0RC3/configure.ac 2014-06-16 22:23:22.000000000 +0200
++++ new/sagan-1.0.0RC3/configure.ac 2015-10-11 21:04:26.493632624 +0200
+@@ -192,29 +192,15 @@ If you're not interested in libesmtp sup
+ fi
+
+ if test "$LOGNORM" = "yes"; then
+- AC_MSG_RESULT([------- liblognorm support is enabled -------])
+- AC_CHECK_HEADER([liblognorm.h])
+- AC_CHECK_HEADERS([json/json.h json.h], [break], [AC_MSG_ERROR([json-c headers not found or not usable.
+-This library is important for the correlation aspects of Sagan! Please see
+-https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature
+-use the --disable-lognorm flag.])])
+- AC_CHECK_LIB(estr, main,,AC_MSG_ERROR(The libestr library cannot be found.
+-This library is important for the correlation aspects of Sagan! Please see
+-https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature
+-use the --disable-lognorm flag. ))
+- AC_CHECK_LIB(ee, main,,AC_MSG_ERROR(The libee library cannot be found.
+-This library is important for the correlation aspects of Sagan! Please see
+-https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature
+-use the --disable-lognorm flag. ))
+- AC_CHECK_LIB(lognorm, main,,AC_MSG_ERROR(The liblognorm library cannot be found.
+-This library is important for the correlation aspects of Sagan! Please see
+-https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature
+-use the --disable-lognorm flag. ))
+- AC_CHECK_LIB(json, json_object_put,, [ AC_CHECK_LIB(json-c, json_object_put,,AC_MSG_ERROR(The json library cannot be found.
+-This library is important for the correlation aspects of Sagan! Please see
+-https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature
+-use the --disable-lognorm flag.)) ],)
+- fi
++ AC_MSG_RESULT([------- liblognorm support is enabled -------])
++
++ PKG_CHECK_MODULES(LIBEE, libee >= 0.3.2)
++ PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.9)
++ PKG_CHECK_MODULES([JSON_C], [json-c],, [
++ PKG_CHECK_MODULES([JSON_C], [json],,)
++ ])
++ PKG_CHECK_MODULES(LIBLOGNORM, lognorm >= 1.0.2)
++fi
+
+ if test "$LIBPCAP" = "yes"; then
+ AC_MSG_RESULT([------- libpcap support is enabled -------])
+diff -rupN old/sagan-1.0.0RC3/src/Makefile.am new/sagan-1.0.0RC3/src/Makefile.am
+--- old/sagan-1.0.0RC3/src/Makefile.am 2014-06-16 22:23:22.000000000 +0200
++++ new/sagan-1.0.0RC3/src/Makefile.am 2015-10-11 21:05:28.754492699 +0200
+@@ -2,6 +2,9 @@ AUTOMAKE_OPIONS=foreign no-dependencies
+
+ bin_PROGRAMS = sagan
+
++sagan_CFLAGS = $(JSON_C_CFLAGS) $(LIBESTR_CFLAGS) $(LIBLOGNORM_CFLAGS)
++sagan_LDFLAGS = $(JSON_C_LIBS) $(LIBESTR_LIBS) $(LIBLOGNORM_LIBS)
++
+ sagan_SOURCES = sagan.c \
+ sagan-classifications.c \
+ sagan-config.c \
diff --git a/app-admin/sagan/files/sagan.confd b/app-admin/sagan/files/sagan.confd
new file mode 100644
index 000000000000..cab6db55ccf0
--- /dev/null
+++ b/app-admin/sagan/files/sagan.confd
@@ -0,0 +1,9 @@
+# Copyright 1999-2011 Gentoo Foundation
+# # Distributed under the terms of the GNU General Public License v2
+
+# Sagan daemon configuration file
+# Make debug mode
+# SAGAN_OPTS = " --debug "
+#
+# Run as user, default sagan
+SAGAN_USER="sagan"
diff --git a/app-admin/sagan/files/sagan.init b/app-admin/sagan/files/sagan.init
new file mode 100644
index 000000000000..99f1f24e3bfa
--- /dev/null
+++ b/app-admin/sagan/files/sagan.init
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+pidfile="/var/run/sagan/sagan.pid"
+command="/usr/bin/sagan"
+command_args="-D \"${SAGAN_OPTS}\" -u \"${SAGAN_USER}\""
+
+depend() {
+ use logger mysql postgresql
+ need localmount
+}
+
+start_pre() {
+ checkpath -d -o sagan /var/run/sagan
+ checkpath -p -o sagan -m 0644 /var/run/sagan/sagan.fifo
+}
diff --git a/app-admin/sagan/files/sagan.init-r1 b/app-admin/sagan/files/sagan.init-r1
new file mode 100644
index 000000000000..f0d556583c43
--- /dev/null
+++ b/app-admin/sagan/files/sagan.init-r1
@@ -0,0 +1,17 @@
+#!/sbin/openrc-run
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+pidfile="/var/run/sagan/sagan.pid"
+command="/usr/bin/sagan"
+command_args="-D \"${SAGAN_OPTS}\" -u \"${SAGAN_USER}\""
+
+depend() {
+ use logger mysql postgresql
+ need localmount
+}
+
+start_pre() {
+ checkpath -d -o sagan /run/sagan
+ checkpath -p -o sagan -m 0644 /run/sagan/sagan.fifo
+}
diff --git a/app-admin/sagan/metadata.xml b/app-admin/sagan/metadata.xml
new file mode 100644
index 000000000000..3e12feb4a2b3
--- /dev/null
+++ b/app-admin/sagan/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>maksbotan@gentoo.org</email>
+ <name>Maxim Koltsov</name>
+ </maintainer>
+ <use>
+ <flag name="smtp">Build witch SMTP (E-Mail) support</flag>
+ <flag name="lognorm">Add support for log/rules normalizations via <pkg>dev-libs/liblognorm</pkg></flag>
+ <flag name="pcap">Add support for network packet capture via <pkg>net-libs/libpcap</pkg></flag>
+ <flag name="libdnet">Add support for <pkg>dev-libs/libdnet</pkg></flag>
+ <flag name="snort">Add support to interact with Snort IDE using <pkg>net-analyzer/snortsam</pkg>'</flag>
+ </use>
+</pkgmetadata>
diff --git a/app-admin/sagan/sagan-0.2.3.ebuild b/app-admin/sagan/sagan-0.2.3.ebuild
new file mode 100644
index 000000000000..2196d8eb46ff
--- /dev/null
+++ b/app-admin/sagan/sagan-0.2.3.ebuild
@@ -0,0 +1,85 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+AUTOTOOLS_AUTORECONF=1
+AUTOTOOLS_IN_SOURCE_BUILD=1
+
+inherit eutils autotools-utils user
+
+DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system"
+HOMEPAGE="http://sagan.quadrantsec.com/"
+SRC_URI="http://sagan.quadrantsec.com/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="+libdnet +lognorm mysql +pcap postgres smtp snort"
+
+RDEPEND="dev-libs/libpcre
+ app-admin/sagan-rules[lognorm?]
+ smtp? ( net-libs/libesmtp )
+ pcap? ( net-libs/libpcap )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql )
+ lognorm? ( dev-libs/liblognorm )
+ libdnet? ( dev-libs/libdnet )
+ snort? ( >=net-analyzer/snortsam-2.50 )
+ "
+
+DEPEND="virtual/pkgconfig
+ ${RDEPEND}"
+
+DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO )
+PATCHES=( "${FILESDIR}"/mysql_check.patch )
+
+pkg_setup() {
+ enewgroup sagan
+ enewuser sagan -1 -1 /dev/null sagan
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable mysql)
+ $(use_enable postgres postgresql)
+ $(use_enable smtp esmtp)
+ $(use_enable lognorm)
+ $(use_enable libdnet)
+ $(use_enable pcap libpcap)
+ $(use_enable snort snortsam)
+ --disable-prelude
+ )
+
+ autotools-utils_src_configure
+}
+
+src_install() {
+ autotools-utils_src_install
+
+ diropts -g sagan -o sagan -m 775
+
+ dodir /var/log/sagan
+
+ keepdir /var/log/sagan
+
+ touch "${ED}"/var/log/sagan/sagan.log
+ chown sagan.sagan "${ED}"/var/log/sagan/sagan.log
+
+ newinitd "${FILESDIR}"/sagan.init sagan
+ newconfd "${FILESDIR}"/sagan.confd sagan
+
+ insinto /usr/share/doc/${PF}/examples
+ doins -r extra/*
+}
+
+pkg_postinst() {
+ if use smtp; then
+ ewarn "You have enabled smtp use flag. If you plan on using Sagan with"
+ ewarn "email, create valid writable home directory for user 'sagan'"
+ ewarn "For security reasons it was created with /dev/null home directory"
+ fi
+
+ einfo "For configuration assistance see"
+ einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO"
+}
diff --git a/app-admin/sagan/sagan-1.0.0_rc3.ebuild b/app-admin/sagan/sagan-1.0.0_rc3.ebuild
new file mode 100644
index 000000000000..d41b3e3d471b
--- /dev/null
+++ b/app-admin/sagan/sagan-1.0.0_rc3.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+AUTOTOOLS_AUTORECONF=1
+AUTOTOOLS_IN_SOURCE_BUILD=1
+
+inherit eutils autotools-utils user
+
+DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system"
+HOMEPAGE="http://sagan.quadrantsec.com/"
+SRC_URI="http://sagan.quadrantsec.com/download/sagan-1.0.0RC3.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="geoip +libdnet +lognorm mysql +pcap smtp snort"
+
+RDEPEND="dev-libs/libpcre
+ app-admin/sagan-rules[lognorm?]
+ smtp? ( net-libs/libesmtp )
+ pcap? ( net-libs/libpcap )
+ mysql? ( virtual/mysql )
+ lognorm? (
+ dev-libs/liblognorm
+ dev-libs/json-c
+ dev-libs/libee
+ dev-libs/libestr
+ )
+ libdnet? ( dev-libs/libdnet )
+ snort? ( >=net-analyzer/snortsam-2.50 )
+ geoip? ( dev-libs/geoip )
+ "
+
+DEPEND="virtual/pkgconfig
+ ${RDEPEND}"
+
+DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO )
+PATCHES=( "${FILESDIR}"/${PN}-1.0.0-liblognorm-json-c.patch )
+S="${WORKDIR}/sagan-1.0.0RC3/"
+
+pkg_setup() {
+ enewgroup sagan
+ enewuser sagan -1 -1 /dev/null sagan
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable smtp esmtp)
+ $(use_enable lognorm)
+ $(use_enable libdnet)
+ $(use_enable pcap libpcap)
+ $(use_enable snort snortsam)
+ $(use_enable geoip)
+ )
+
+ autotools-utils_src_configure
+}
+
+src_install() {
+ autotools-utils_src_install
+
+ diropts -g sagan -o sagan -m 775
+
+ dodir /var/log/sagan
+
+ keepdir /var/log/sagan
+
+ touch "${ED}"/var/log/sagan/sagan.log
+ chown sagan.sagan "${ED}"/var/log/sagan/sagan.log
+
+ newinitd "${FILESDIR}"/sagan.init-r1 sagan
+ newconfd "${FILESDIR}"/sagan.confd sagan
+
+ insinto /usr/share/doc/${PF}/examples
+ doins -r extra/*
+}
+
+pkg_postinst() {
+ if use smtp; then
+ ewarn "You have enabled smtp use flag. If you plan on using Sagan with"
+ ewarn "email, create valid writable home directory for user 'sagan'"
+ ewarn "For security reasons it was created with /dev/null home directory"
+ fi
+
+ einfo "For configuration assistance see"
+ einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO"
+}