diff options
author | V3n3RiX <venerix@koprulu.sector> | 2022-09-18 23:20:40 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2022-09-18 23:20:40 +0100 |
commit | f39c6dab71f5188f95650d367ece1df4f263e474 (patch) | |
tree | 9c30c203b3f09174814c41e6a63aa3522c7b7610 /net-analyzer/sguil-sensor | |
parent | 1b295861f983d29f9bd5d5906c7ca3cee4cf1f9a (diff) |
gentoo auto-resync : 18:09:2022 - 23:20:40
Diffstat (limited to 'net-analyzer/sguil-sensor')
-rw-r--r-- | net-analyzer/sguil-sensor/Manifest | 6 | ||||
-rw-r--r-- | net-analyzer/sguil-sensor/files/log_packets.confd | 18 | ||||
-rw-r--r-- | net-analyzer/sguil-sensor/files/log_packets.initd | 91 | ||||
-rw-r--r-- | net-analyzer/sguil-sensor/files/sensor_agent.initd | 29 | ||||
-rw-r--r-- | net-analyzer/sguil-sensor/metadata.xml | 12 | ||||
-rw-r--r-- | net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild | 81 |
6 files changed, 0 insertions, 237 deletions
diff --git a/net-analyzer/sguil-sensor/Manifest b/net-analyzer/sguil-sensor/Manifest deleted file mode 100644 index ea353e5369bf..000000000000 --- a/net-analyzer/sguil-sensor/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -AUX log_packets.confd 527 BLAKE2B 568a785fab6f027218269378d345986c354246dad66673ef9968e2188ea3f2f0377cdd84db0a1a4a165a428ba9f4270eb28096361291ac2bcddfbf0430916b03 SHA512 a4f9ed9abb050184773c59271d7e13f6bcbf853341dd31c72909ee6d31bb92990d84f31bf3111d8950fb4311747694c714498552eb26ca8a82ed3cb645847e82 -AUX log_packets.initd 2093 BLAKE2B a251bc9692a599e66943d5b3f6615f281d7872da22a76699875853f72836102cdb94fdf558250ee74e8618f8c45725dea0410e5fb635f153aadf5499575b4fe9 SHA512 43bc027f4769e986641a9820a1dfcb8a794ae417cb49efe333fd6a960953e1f9854c660e95ae9c0e14f4c1ec59da9e3096ae7352bbbb77805dc71729ed76514d -AUX sensor_agent.initd 742 BLAKE2B 6d8a1aee38f81f4d9d971ec3a2d56112c0789ca60d5ee51ff7444109e55ddac889db81199e5883070031fe247cc06506febcb3ae27b5a215974a4f953121b887 SHA512 3a025479579ee9eec6a26d2a2c70efc362d37b7821dfa211236d8fe9dc2ea7b7b0694dccfd9b208655702401c1b0e3ecb08bac9e3b177ee77f161e5c774c1611 -DIST sguil-1.0.0.tar.gz 892934 BLAKE2B 69459eed682d91a1b57ba08c141dd655dbbfaa0d9d2956e6a26065f1b6820307b0e0e4dcbcad89537eba7499aea38f81739c351246e3dd6c46cab46bdf0d054f SHA512 fc3007383f90c99a0ace3eeebac75864f9aa549676e784c7bf1d81222282e3a5a3d5290b121097ae3c027dee3dd35bbe8ac9dfede04dbd561edfd3948a0465ab -EBUILD sguil-sensor-1.0.0-r3.ebuild 2174 BLAKE2B a23c9fc26f29367328f82d3dbefeb8ff66f4858ebb3fbfc220c9579dad462e72f3123b48dad33ddb48fca836baeca95b79cca145c13e9fbebba57deaa269c2ad SHA512 1508bd7e96b5e9b3f839f7567688eb8ff4b7025a3bd56498df97ebb5647a6ad80bd2610c9a4795455cc9cef3ff2ab2268639138576776970e3dd97ce441063b3 -MISC metadata.xml 419 BLAKE2B 76c75b2fa0ab27ba2b14a933a754deeef6d22888b2bc250df8e4af9022db855705824ddd05bc9711db106d7e3b05db5bd4c902d581e095917cc29792759db004 SHA512 72e547ece836ed046185e22a42ca7f807f2affb9d9ddae3633a1c1aec926b0b3c9b37550dda6c057f8c69d51e75ce2ee0bb39f292a172709d1309dc237a18b6f diff --git a/net-analyzer/sguil-sensor/files/log_packets.confd b/net-analyzer/sguil-sensor/files/log_packets.confd deleted file mode 100644 index 93bdc772bff7..000000000000 --- a/net-analyzer/sguil-sensor/files/log_packets.confd +++ /dev/null @@ -1,18 +0,0 @@ -# Config file for /etc/init.d/log_packets -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# This tell snort which interface to listen on (any for every interface) -IFACE=eth1 - -# Make sure this matches your IFACE -PIDFILE=/run/sguil-log_packets_$IFACE.pid - -# You probably don't want to change this, but in case you do -LOGDIR="/var/lib/sguil" - -# Percentage of disk to try and maintain -MAX_DISK_USE=95 - -# This pulls in the options above -OPTIONS="-m 122 -u sguil -g sguil" diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd deleted file mode 100644 index f372c82c905b..000000000000 --- a/net-analyzer/sguil-sensor/files/log_packets.initd +++ /dev/null @@ -1,91 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="cleandisk" - -LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs" - -start() { - ebegin "Starting Log_packest" - if [ ! -x /usr/bin/snort ] - then - eerror "No snort - cannot start" - eend 1 - return 1 - fi - - if [ ! -d ${LOG_DIR} ] - then - mkdir -p ${LOG_DIR} - chmod 770 ${LOG_DIR} - fi - - today=$(date '+%Y-%m-%d') - - if [ ! -d "${LOG_DIR}/${today}" ] - then - mkdir "${LOG_DIR}/${today}" - chmod 770 "${LOG_DIR}/${today}" - chown root:sguil "${LOG_DIR}/${today}" - fi - start-stop-daemon --start --quiet -b -m --pidfile "${PIDFILE}" \ - --exec /usr/bin/snort \ - -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}" - real_cleandisk - eend $? -} - -stop() { - ebegin "Stopping Sensor Agent" - start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" - eend $? -} - -cleandisk() { - ebegin "Cleaning Disk" - real_cleandisk - eend $? -} - -# This func checks the current space being used by LOG_DIR -# and rm's data as necessary. -real_cleandisk() { - einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..." - # grep, awk, tr...woohoo! - CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %) - einfo " Current Disk Use: ${CUR_USE}%" - - if [ ${CUR_USE} -gt ${MAX_DISK_USE} ] - then - # If we are here then we passed our disk limit - # First find the oldest DIR - cd "${LOG_DIR}" - # Can't use -t on the ls since the mod time changes each time we - # delete a file. Good thing we use YYYY-MM-DD so we can sort. - OLDEST_DIR=$(ls | sort | head -n 1) - cd "${OLDEST_DIR}" - - OLDEST_FILE=$(ls -t | tail -n 1) - - if [ -f "${OLDEST_FILE}" ] - then - einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}" - rm -f "${OLDEST_FILE}" - else - einfo " Removing empty dir: ${OLDEST_DIR}" - cd .. - rm -rf "${OLDEST_DIR}" - fi - - # Run cleandisk again as rm'ing one file might been enough - # but we wait 5 secs in hopes any open writes are done. - sync - einfo " Waiting 5 secs for disk to sync..." - sleep 5 - real_cleandisk - else - einfo "Done." - fi -} - diff --git a/net-analyzer/sguil-sensor/files/sensor_agent.initd b/net-analyzer/sguil-sensor/files/sensor_agent.initd deleted file mode 100644 index 08b45e511f8c..000000000000 --- a/net-analyzer/sguil-sensor/files/sensor_agent.initd +++ /dev/null @@ -1,29 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - need net -} - -checkconfig() { - if [ ! -e /etc/sguil/sensor_agent.conf ] ; then - eerror "You need an /etc/snort/sensor_agent.conf to run the Sensor Agent" - return 1 - fi -} - -start() { - checkconfig || return 1 - ebegin "Starting Sensor Agent" - start-stop-daemon --start -c sguil --quiet --exec /usr/bin/sensor_agent.tcl \ - -- -D -c "/etc/sguil/sensor_agent.conf">/dev/null 2>&1 - eend $? -} - -stop() { - ebegin "Stopping Sensor Agent" - start-stop-daemon --stop --quiet --pidfile /run/sguil-sensor.pid - eend $? -} - diff --git a/net-analyzer/sguil-sensor/metadata.xml b/net-analyzer/sguil-sensor/metadata.xml deleted file mode 100644 index e0c75486e6c0..000000000000 --- a/net-analyzer/sguil-sensor/metadata.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="project"> - <email>netmon@gentoo.org</email> - <name>Gentoo network monitoring and analysis project</name> - </maintainer> - <upstream> - <remote-id type="github">bammv/sguil</remote-id> - <remote-id type="sourceforge">sguil</remote-id> - </upstream> -</pkgmetadata> diff --git a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild deleted file mode 100644 index 0403ede4f1b6..000000000000 --- a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -MY_PV="${PV/_p/p}" -DESCRIPTION="Sensor part of sguil Network Security Monitoring" -HOMEPAGE="https://github.com/bammv/sguil" -SRC_URI="https://github.com/bammv/sguil/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz" -S="${WORKDIR}/sguil-${MY_PV}" - -LICENSE="GPL-3 GPL-2+ QPL-1.0 GPL-2" # GPL-2 for init script -SLOT="0" -KEYWORDS="~amd64 ~x86" - -DEPEND=" - acct-group/sguil - acct-user/sguil -" - -RDEPEND=" - ${DEPEND} - >=dev-lang/tcl-8.3:0=[-threads] - >=dev-tcltk/tclx-8.3 - dev-tcltk/tls - >=net-analyzer/barnyard-0.2.0-r1 - >=net-analyzer/snort-2.4.1-r1 - dev-ml/pcre-ocaml:= - net-analyzer/sancp -" - -src_prepare() { - default - - sed -i \ - -e "s:gateway:${HOSTNAME}:" \ - -e 's:/snort_data:/var/lib/sguil:' \ - -e 's:DAEMON 0:DAEMON 1:' \ - -e 's:DEBUG 1:DEBUG 0:g' \ - sensor/sensor_agent.conf || die - - sed -i \ - -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ - sensor/sensor_agent.tcl || die -} - -src_install() { - dodoc doc/* - - dobin sensor/sensor_agent.tcl - - newinitd "${FILESDIR}/log_packets.initd" log_packets - newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent - newconfd "${FILESDIR}/log_packets.confd" log_packets - insinto /etc/sguil - doins sensor/sensor_agent.conf - - # Create the directory structure - diropts -g sguil -o sguil - keepdir /var/lib/sguil/archive \ - "/var/lib/sguil/${HOSTNAME}" \ - "/var/lib/sguil/${HOSTNAME}/portscans" \ - "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ - "/var/lib/sguil/${HOSTNAME}/dailylogs" \ - "/var/lib/sguil/${HOSTNAME}/sancp" - -} - -pkg_postinst() { - elog - elog "You should check /etc/sguil/sensor_agent.conf and" - elog "/etc/init.d/logpackets and ensure that they are accurate" - elog "for your environment. They should work providing that you" - elog "are running the sensor on the same machine as the server." - elog "This ebuild assumes that you are running a single sensor" - elog "environment, if this is not the case then you must make sure" - elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." - elog "You should crontab the /etc/init.d/log_packets script to restart" - elog "each hour." - elog -} |