diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-01-15 15:51:32 +0000 |
commit | 21435953e16cda318a82334ddbadb3b5c36d9ea7 (patch) | |
tree | e1810a4b135afce04b34862ef0fab2bfaeb8aeca /net-analyzer/suricata | |
parent | 7bc9c63c9da678a7e6fceb095d56c634afd22c56 (diff) |
gentoo resync : 15.01.2020
Diffstat (limited to 'net-analyzer/suricata')
-rw-r--r-- | net-analyzer/suricata/Manifest | 16 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch | 16 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-4.0.4_sockios.patch | 13 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-5.0.1-conf (renamed from net-analyzer/suricata/files/suricata-4.0.4-conf) | 2 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-5.0.1-init (renamed from net-analyzer/suricata/files/suricata-4.0.4-init) | 8 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-5.0.1_configure-no-lz4-automagic.patch | 23 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata-5.0.1_default-config.patch | 27 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata.service | 19 | ||||
-rw-r--r-- | net-analyzer/suricata/files/suricata.tmpfiles | 1 | ||||
-rw-r--r-- | net-analyzer/suricata/metadata.xml | 9 | ||||
-rw-r--r-- | net-analyzer/suricata/suricata-4.0.4.ebuild | 171 | ||||
-rw-r--r-- | net-analyzer/suricata/suricata-5.0.1.ebuild | 196 |
12 files changed, 286 insertions, 215 deletions
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest index 5260932c6316..dd9b600ed057 100644 --- a/net-analyzer/suricata/Manifest +++ b/net-analyzer/suricata/Manifest @@ -1,8 +1,10 @@ -AUX suricata-4.0.4-conf 2767 BLAKE2B fe356820f57a8a7b068b66fd8c012c94a9bffdc8a62e2bd4a2210a9625778fa358a303bc770aeb4b1600ed8da5443533c50356ac4dfdabce6d0438ba246e1cd4 SHA512 fd3aec48b4e7e52f192af117f3cda063c5614f33082986dca4e3bdf7a46d62655cd03a1d723db9d36a1b1f84964dc2273e3bf00fb23648902639b18a64025d6b -AUX suricata-4.0.4-init 5496 BLAKE2B ea7922c300f3f42450e9c84b696a1389887ec062588a29cab201a70a2a2c1d52ce63d89642d85c584737594606ddc212d84632308de401504db80c60226872de SHA512 3b0294a0db38524f2a5126fb66000700cee2f1d10a10f35b5cb2a3598c4e41de72015719bbcf70da46f15505f2ac4b3afb2a4fa040fae68f0b1088ae40d5457b -AUX suricata-4.0.4_configure-lua-flags.patch 502 BLAKE2B 14693f51888ba8d41a736a91065d1376e542d7c41d53dcc3ed9edd95d10f1db30a51d8b244154406a98338f844e67e2f836bcfc44bfa6dd6d0ffc19332c6a2c0 SHA512 a1be159aa592f2121b5e3fde70485e6a502cdfbd15fc76056e6ca1401a94ab7eddf1639728fa402f754ca546229aa5fd6fc05c243be761475c9249a7206b2830 -AUX suricata-4.0.4_sockios.patch 298 BLAKE2B 2a3fd2b8ace6363f90ad52f2f9802cd9565d3aabcc1d5fec4b2b0b9690110d7b28fa8d6be39d357b9dded7f2f09ba9b21e3837d92cac42483e0015ef76669ec8 SHA512 416cc3ff7636f7938e35a449bea41d2f4a02dacb80dce0821091db690279f966ef048a036a4b47b9f9208039b9103366500afcd0d6b3e85d8fe96372a0b3921a +AUX suricata-5.0.1-conf 2771 BLAKE2B c9f9ac6707f71ace993bcf730df5aab11a6e59fcbb636140a110d2ec636587bca600938af55a7d709ed0994c38095c0a8d505d2af9912ea3aaf1be20e098043f SHA512 4c8c1d0c101e850b39358605451df37427bb94f1b55836078aeb0b4e3720f5bdef01d4bc9d4ddfb3436c822c7bd8796112409421a7d90cf40ec81a6a24c3d6dd +AUX suricata-5.0.1-init 5480 BLAKE2B 48c9484c824f7216d1c4d64394a60b5a5b2c1f5781e8faa775d56765680dd27cb886daf61da7e93f78469f2947f38bd044804acc79f2fb3c40477aff0f470f13 SHA512 6756cebe424b057884904e716af05e74bf2cfc47461a6081b4ff45144d1fefb568ffc3aaffb8162efa3272fea535d0f93632b4778d9c80d64fca26740471ed49 +AUX suricata-5.0.1_configure-no-lz4-automagic.patch 601 BLAKE2B 01874b39d89a8872a35a102018e2e11208549f60790e88f988a689ba09c59fb915bbffccb6db454a8d8d4fee0ccf69b51cd5d2cde11cb6f2a1c401cb74c5c49d SHA512 d26fc7e0193ea3ddd5436964a26bbbfed847890d513c4e7181a0faceb0a688df8ca35ad68045ecd006a25da93d345a942c593f8711f81dff5f63d13e599f78b0 +AUX suricata-5.0.1_default-config.patch 813 BLAKE2B 5758447f2dc6fa50bb6a388c2c83bd35927cf90b66a10e51e5058869e09c05810c037da025a9d26486e33077a06bfe8ba08698618e091bdc40a255d8322062c7 SHA512 0f6337d5bff60cd57f3a3a3edcb82abde9acc6848b158cac1b8f945fc7a228340c420d53a2c5f558d5b5e2b7645f6b104e8105b260245209ba782966d6f04a7c AUX suricata-logrotate 161 BLAKE2B d55edb7e36cc27819b6fba26778eff3cc66bfc5c04877e36e27ef9adcf3f003c10cff787b317e00a32a4c764c2180f90c9abd3f81e877d73bd2c892d5ca2d161 SHA512 c22a85667460df9b7b1fd15af1e4472dd5b7d1726a43f3b621547a884dcd64ff49b0728767d6a4dc70c413dd8997905e3753fa94c82cda34e4aaf903ebdb1cec -DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e -EBUILD suricata-4.0.4.ebuild 4771 BLAKE2B f52e9e40f2da2a016122b09d30c34aa2467e1f2a682a5161677501d9a9c479fbf66b995b8ae9d5454e6fe7080f229e4961707fdf6e3e7e5ea133ffb84e5f2d1f SHA512 76ff00070b17bd39d1fb532a0d5f56113e6b30c3d6adb8473f0494b6440b45a967e21a846150cd97b03a99e84fc271a72057a4b2013921a13c2c2cc8b2a65cba -MISC metadata.xml 775 BLAKE2B faf442e43b5388b3a24b57ee3aa73ea22eb0f230bd7bfbdee98bc4ec0be260f52f47cf7caa67d44d3498cdba58e18c487741a295149c64cf2b4631a141537e8a SHA512 e9407a4c043553a31b1a66c6b45d352444368567eef3bfa4af26e64bb84a70a81bcc7a21e48dba7e532a3115c7086932e22b75a05b00ba1f84b59d4d7ec187c6 +AUX suricata.service 501 BLAKE2B 00631ada0d2993eae97a028ef950b031b91bb3af346ee3538bd7f0deb9d76bb8552761b4666a3ac80673fe31ffd95424f2ff71e35db0f5fe6667b32478fab4c4 SHA512 4e4e87735731fd0e18ab26e536e7904833a19ce8785ffdd15b22d494673c73044137908feee74800486960f9efd09d1ddc2c75a490a2e35ef06caf23c7439a0c +AUX suricata.tmpfiles 24 BLAKE2B 150b74a6775137704915015871ab4455b8d0b9204a75c398ea746e9194b0c0a787904f9015b98f36a685fac0dbb0fcb43746096dd403bf882afa5dfef12af94d SHA512 1530aed4efb35f988e2f0134388ea11ffc3ba1f217845a2c5dd47f947983ed4d343126e49d66a86ca7894ff60b5134464ddbe07509dcc80c001131f09cb7e2dd +DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6 +EBUILD suricata-5.0.1.ebuild 6159 BLAKE2B 09a165bbee254f1b7d6b8a5ede8f3514301d58b85291f8336dc02d0c8c3c1ee5b89fdc63837af5bec3bb038ad8d5b919e13976a55af584a2620f6da5da36d492 SHA512 cde3097df89de194d045ea22843b9b4924b69fb7bb8fced588c8d3865cdafb5e14db0e22a065fec743835fa525d836f4ade6d02e4f469e76b81e46d5e5b2f482 +MISC metadata.xml 1015 BLAKE2B 355c550ad2fe7a37d69b92f0bd710824d68a3353be687876449ad5b7d8e2c98b06b833e59ebcf479410aff09dce71e1f7f64be860c348f3d6c3519cd8fe2acf2 SHA512 0837e07a0130baff435e684b47a6b463991aec73b4f570672d0091a70adf163c5e83d19887e1575f12db783d6246050777011d25dc658fe4767cd3fe8fc1d4a5 diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch deleted file mode 100644 index bad66359afa1..000000000000 --- a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -1749,11 +1749,11 @@ - # liblua - AC_ARG_ENABLE(lua, - AS_HELP_STRING([--enable-lua],[Enable Lua support]), -- [ enable_lua="yes"], -+ [], - [ enable_lua="no"]) - AC_ARG_ENABLE(luajit, - AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), -- [ enable_luajit="yes"], -+ [], - [ enable_luajit="no"]) - if test "$enable_lua" = "yes"; then - if test "$enable_luajit" = "yes"; then diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch deleted file mode 100644 index a341d9c159f1..000000000000 --- a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- src/source-af-packet.c.orig 2019-09-08 20:50:06.416466432 +0200 -+++ src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200 -@@ -70,6 +70,10 @@ - - #ifdef HAVE_AF_PACKET - -+#ifdef HAVE_LINUX_SOCKIOS_H -+#include <linux/sockios.h> -+#endif -+ - #if HAVE_SYS_IOCTL_H - #include <sys/ioctl.h> - #endif diff --git a/net-analyzer/suricata/files/suricata-4.0.4-conf b/net-analyzer/suricata/files/suricata-5.0.1-conf index 655b947fdd9b..7f22113dbf0d 100644 --- a/net-analyzer/suricata/files/suricata-4.0.4-conf +++ b/net-analyzer/suricata/files/suricata-5.0.1-conf @@ -37,7 +37,7 @@ # If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata # then you can set: -SURICATA_OPTS="-i eth0" +SURICATA_OPTS="--af-packet" # Log paths listed here will be created by the init script and will override the log path # set in the yaml file, if present. diff --git a/net-analyzer/suricata/files/suricata-4.0.4-init b/net-analyzer/suricata/files/suricata-5.0.1-init index 1db8137f31a4..89f92803cedf 100644 --- a/net-analyzer/suricata/files/suricata-4.0.4-init +++ b/net-analyzer/suricata/files/suricata-5.0.1-init @@ -9,7 +9,7 @@ SURICATAID=$(shell_var "${SURICATA}") if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then eval SURICATACONF=\$SURICATA_CONF_${SURICATAID} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" - SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid" + SURICATAPID="/run/suricata/suricata.${SURICATA}.pid" eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID} eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID} eval SURICATAUSER=\$SURICATA_USER_${SURICATAID} @@ -17,7 +17,7 @@ if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then else SURICATACONF=${SURICATA_CONF} [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}" - SURICATAPID="/var/run/suricata/suricata.pid" + SURICATAPID="/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} SURICATALOGPATH=${SURICATA_LOG_FILE} SURICATAUSER=${SURICATA_USER} @@ -43,8 +43,8 @@ depend() { } checkconfig() { - if [ ! -d "/var/run/suricata" ] ; then - checkpath -d /var/run/suricata + if [ ! -d "/run/suricata" ] ; then + checkpath -d /run/suricata fi if [ ${#SURICATALOGPATH} -gt 0 ]; then SURICATALOGFILE=$( basename ${SURICATALOGPATH} ) diff --git a/net-analyzer/suricata/files/suricata-5.0.1_configure-no-lz4-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.1_configure-no-lz4-automagic.patch new file mode 100644 index 000000000000..5efce46f6d9f --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.1_configure-no-lz4-automagic.patch @@ -0,0 +1,23 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -2292,7 +2292,11 @@ + fi + + # Check for lz4 +-enable_liblz4="yes" ++AC_ARG_ENABLE(lz4, ++ AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using liblz4]), ++ [enable_liblz4=$enableval], ++ [enable_liblz4=yes]) ++if test "x$enable_liblz4" != "xno"; then + AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no") + + if test "$enable_liblz4" = "no"; then +@@ -2306,6 +2310,7 @@ + echo " yum install lz4-devel" + echo + fi ++fi + + # get cache line size + AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") diff --git a/net-analyzer/suricata/files/suricata-5.0.1_default-config.patch b/net-analyzer/suricata/files/suricata-5.0.1_default-config.patch new file mode 100644 index 000000000000..ef1b1f63ad4f --- /dev/null +++ b/net-analyzer/suricata/files/suricata-5.0.1_default-config.patch @@ -0,0 +1,27 @@ +--- a/suricata.yaml.in ++++ b/suricata.yaml.in +@@ -203,8 +203,9 @@ + # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format + + # As of Suricata 5.0, version 2 of the eve dns output +- # format is the default. +- #version: 2 ++ # format is the default - but the daemon produces a warning to that effect ++ # at start-up if this isn't explicitly set. ++ version: 2 + + # Enable/disable this logger. Default: enabled. + #enabled: yes +@@ -978,9 +979,9 @@ + ## + + # Run suricata as user and group. +-#run-as: +-# user: suri +-# group: suri ++run-as: ++ user: suricata ++ group: suricata + + # Some logging module will use that name in event as identifier. The default + # value is the hostname diff --git a/net-analyzer/suricata/files/suricata.service b/net-analyzer/suricata/files/suricata.service new file mode 100644 index 000000000000..1fb056957ec5 --- /dev/null +++ b/net-analyzer/suricata/files/suricata.service @@ -0,0 +1,19 @@ +[Unit] +Description=Suricata IDS/IDP daemon +After=network.target +Requires=network.target +Documentation=man:suricata(8) man:suricatasc(8) +Documentation=https://suricata.readthedocs.io/ + +[Service] +Environment=OPTIONS='-c /etc/suricata/suricata.yaml --af-packet' +PIDFile=/run/suricata/suricata.pid +ExecStart=/usr/bin/suricata --pidfile /run/suricata/suricata.pid $OPTIONS +ExecReload=/bin/kill -HUP $MAINPID +ExecStop=/bin/kill $MAINPID +PrivateTmp=yes +ProtectHome=yes + +[Install] +WantedBy=multi-user.target + diff --git a/net-analyzer/suricata/files/suricata.tmpfiles b/net-analyzer/suricata/files/suricata.tmpfiles new file mode 100644 index 000000000000..a6e784cc37c7 --- /dev/null +++ b/net-analyzer/suricata/files/suricata.tmpfiles @@ -0,0 +1 @@ +d /run/suricata - - - - diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml index 0afee5625d1a..457a2fbd2e8a 100644 --- a/net-analyzer/suricata/metadata.xml +++ b/net-analyzer/suricata/metadata.xml @@ -2,17 +2,20 @@ <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> - <email>slis@gentoo.org</email> + <email>marecki@gentoo.org</email> + <name>Marek Szuba</name> </maintainer> <use> <flag name="af-packet">Enable AF_PACKET support</flag> + <flag name="bpf">Enable support for eBPF (as well as XDP if supported by the kernel and the NIC driver) + for low-level, high-speed packet processing</flag> <flag name="control-socket">Enable unix socket</flag> <flag name="cuda">Enable NVIDIA Cuda computations support</flag> <flag name="detection">Enable detection modules</flag> + <flag name="logrotate">Install logrotate rule</flag> + <flag name="lz4">Enable support for compressed pcap logging using the LZ4 algorithm</flag> <flag name="nflog">Enable libnetfilter_log support</flag> <flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag> <flag name="redis">Enable Redis support</flag> - <flag name="rules">Install default ruleset</flag> - <flag name="logrotate">Install logrotate rule</flag> </use> </pkgmetadata> diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild deleted file mode 100644 index 2ea320ca46ba..000000000000 --- a/net-analyzer/suricata/suricata-4.0.4.ebuild +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit autotools eutils user - -DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" -HOMEPAGE="https://suricata-ids.org/" -SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/jansson-2.2 - dev-libs/libpcre - dev-libs/libyaml - net-libs/libnet:* - net-libs/libnfnetlink - dev-libs/nspr - dev-libs/nss - >=net-libs/libhtp-0.5.20 - net-libs/libpcap - sys-apps/file - cuda? ( dev-util/nvidia-cuda-toolkit ) - geoip? ( dev-libs/geoip ) - lua? ( dev-lang/lua:* ) - luajit? ( dev-lang/luajit:* ) - nflog? ( net-libs/libnetfilter_log ) - nfqueue? ( net-libs/libnetfilter_queue ) - redis? ( dev-libs/hiredis ) - logrotate? ( app-admin/logrotate ) - sys-libs/libcap-ng -" -# #446814 -# prelude? ( dev-libs/libprelude ) -# pfring? ( sys-process/numactl net-libs/pf_ring) -RDEPEND="${DEPEND}" - -pkg_setup() { - enewgroup ${PN} - enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}" -} - -src_prepare() { - epatch "${FILESDIR}/${P}_configure-lua-flags.patch" - epatch "${FILESDIR}/${P}_sockios.patch" - sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" - eautoreconf -} - -src_configure() { - local myeconfargs=( - "--localstatedir=/var/" \ - "--enable-non-bundled-htp" \ - $(use_enable af-packet) \ - $(use_enable detection) \ - $(use_enable nfqueue) \ - $(use_enable test coccinelle) \ - $(use_enable test unittests) \ - $(use_enable control-socket unix-socket) - ) - - if use cuda ; then - myeconfargs+=( $(use_enable cuda) ) - fi - if use geoip ; then - myeconfargs+=( $(use_enable geoip) ) - fi - if use hardened ; then - myeconfargs+=( $(use_enable hardened gccprotect) ) - fi - if use nflog ; then - myeconfargs+=( $(use_enable nflog) ) - fi - if use redis ; then - myeconfargs+=( $(use_enable redis hiredis) ) - fi - # not supported yet (no pfring in portage) -# if use pfring ; then -# myeconfargs+=( $(use_enable pfring) ) -# fi - # no libprelude in portage -# if use prelude ; theng -# myeconfargs+=( $(use_enable prelude) ) -# fi - if use lua ; then - myeconfargs+=( $(use_enable lua) ) - fi - if use luajit ; then - myeconfargs+=( $(use_enable luajit) ) - fi - if (use !lua) && (use !luajit) ; then - myeconfargs+=( - --disable-lua - --disable-luajit - ) - fi - -# this should be used when pf_ring use flag support will be added -# LIBS+="-lrt -lnuma" - - # avoid upstream configure script trying to add -march=native to CFLAGS - myeconfargs+=( --enable-gccmarch-native=no ) - - if use debug ; then - myeconfargs+=( $(use_enable debug) ) - # so we can get a backtrace according to "reporting bugs" on upstream web site - CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]} - else - econf LIBS="${LIBS}" ${myeconfargs[@]} - fi -} - -src_install() { - emake DESTDIR="${D}" install - - insinto "/etc/${PN}" - doins {classification,reference,threshold}.config suricata.yaml - - if use rules ; then - insinto "/etc/${PN}/rules" - doins rules/*.rules - fi - - keepdir "/var/lib/${PN}" - keepdir "/var/log/${PN}" - - fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" - - newinitd "${FILESDIR}/${P}-init" ${PN} - newconfd "${FILESDIR}/${P}-conf" ${PN} - - if use logrotate; then - insopts -m0644 - insinto /etc/logrotate.d - newins "${FILESDIR}"/${PN}-logrotate ${PN} - fi -} - -pkg_postinst() { - elog "The ${PN} init script expects to find the path to the configuration" - elog "file as well as extra options in /etc/conf.d." - elog "" - elog "To create more than one ${PN} service, simply create a new .yaml file for it" - elog "then create a symlink to the init script from a link called" - elog "${PN}.foo - like so" - elog " cd /etc/${PN}" - elog " ${EDITOR##*/} suricata-foo.yaml" - elog " cd /etc/init.d" - elog " ln -s ${PN} ${PN}.foo" - elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." - elog "" - elog "You can create as many ${PN}.foo* services as you wish." - - if use logrotate; then - elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/." - fi - - if use debug; then - elog "You enabled the debug USE flag. Please read this link to report bugs upstream:" - elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" - elog "You need to also ensure the FEATURES variable in make.conf contains the" - elog "'nostrip' option to produce useful core dumps or back traces." - fi -} diff --git a/net-analyzer/suricata/suricata-5.0.1.ebuild b/net-analyzer/suricata/suricata-5.0.1.ebuild new file mode 100644 index 000000000000..676947405976 --- /dev/null +++ b/net-analyzer/suricata/suricata-5.0.1.ebuild @@ -0,0 +1,196 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6,7,8} ) + +inherit autotools linux-info python-single-r1 systemd + +DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine" +HOMEPAGE="https://suricata-ids.org/" +SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis systemd test" + +RESTRICT="!test? ( test )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE} + ?? ( lua luajit ) + bpf? ( af-packet )" + +CDEPEND="acct-group/suricata + acct-user/suricata + dev-libs/jansson + dev-libs/libpcre + dev-libs/libyaml + net-libs/libnet:* + net-libs/libnfnetlink + dev-libs/nspr + dev-libs/nss + dev-python/pyyaml[${PYTHON_USEDEP}] + >=net-libs/libhtp-0.5.32 + net-libs/libpcap + sys-apps/file + sys-libs/libcap-ng + bpf? ( >=dev-libs/libbpf-0.0.6 ) + cuda? ( dev-util/nvidia-cuda-toolkit ) + geoip? ( dev-libs/libmaxminddb ) + logrotate? ( app-admin/logrotate ) + lua? ( dev-lang/lua:* ) + luajit? ( dev-lang/luajit:* ) + lz4? ( app-arch/lz4 ) + nflog? ( net-libs/libnetfilter_log ) + nfqueue? ( net-libs/libnetfilter_queue ) + redis? ( dev-libs/hiredis )" +DEPEND="${CDEPEND} + >=sys-devel/autoconf-2.69-r5 + virtual/rust" +RDEPEND="${CDEPEND} + ${PYTHON_DEPS}" + +PATCHES=( + "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch" + "${FILESDIR}/${PN}-5.0.1_default-config.patch" +) + +pkg_pretend() { + if use bpf && use kernel_linux; then + if kernel_is -lt 4 15; then + ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map" + fi + + CONFIG_CHECK="~XDP_SOCKETS" + ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata will to load XDP programs. " + ERROR_XDP_SOCKETS+="Other eBPF features should work normally." + check_extra_config + fi +} + +src_prepare() { + default + sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" + eautoreconf +} + +src_configure() { + local myeconfargs=( + "--localstatedir=/var" \ + "--runstatedir=/run" \ + "--enable-non-bundled-htp" \ + "--enable-gccmarch-native=no" \ + "--enable-python" \ + $(use_enable af-packet) \ + $(use_enable bpf ebpf) \ + $(use_enable control-socket unix-socket) \ + $(use_enable cuda) \ + $(use_enable detection) \ + $(use_enable geoip) \ + $(use_enable hardened gccprotect) \ + $(use_enable hardened pie) \ + $(use_enable lua) \ + $(use_enable luajit) \ + $(use_enable lz4) \ + $(use_enable nflog) \ + $(use_enable nfqueue) \ + $(use_enable redis hiredis) \ + $(use_enable test unittests) \ + "--disable-coccinelle" + ) + + if use debug; then + myeconfargs+=( $(use_enable debug) ) + # so we can get a backtrace according to "reporting bugs" on upstream web site + CFLAGS="-ggdb -O0" econf ${myeconfargs[@]} + else + econf ${myeconfargs[@]} + fi +} + +src_install() { + emake DESTDIR="${D}" install + python_optimize + + if use bpf; then + rm -f ebpf/Makefile.{am,in} + dodoc -r ebpf/ + keepdir /usr/libexec/suricata/ebpf + fi + + insinto "/etc/${PN}" + doins etc/{classification,reference}.config threshold.config suricata.yaml + + keepdir "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + keepdir "/var/log/${PN}" + + fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" + fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update" + + newinitd "${FILESDIR}/${PN}-5.0.1-init" ${PN} + newconfd "${FILESDIR}/${PN}-5.0.1-conf" ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf + + if use logrotate; then + insopts -m0644 + insinto /etc/logrotate.d + newins etc/${PN}.logrotate ${PN} + fi +} + +pkg_postinst() { + elog "" + if use systemd; then + elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)" + elog "to be specified on the command line. The provided systemd unit launches Suricata in af-packet mode and relies" + elog "on file configuration to specify interfaces, should you prefer to run it differently you will have to customise" + elog "said unit. The simplest way of doing it is to override the Environment=OPTIONS='...' line using a .conf file" + elog "placed in the directory ${EPREFIX}/etc/systemd/system/suricata.service.d/ ." + elog "For details, see the section on drop-in directories in systemd.unit(5)." + else + elog "The ${PN} init script expects to find the path to the configuration" + elog "file as well as extra options in /etc/conf.d." + elog "" + elog "To create more than one ${PN} service, simply create a new .yaml file for it" + elog "then create a symlink to the init script from a link called" + elog "${PN}.foo - like so" + elog " cd /etc/${PN}" + elog " ${EDITOR##*/} suricata-foo.yaml" + elog " cd /etc/init.d" + elog " ln -s ${PN} ${PN}.foo" + elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo." + elog "" + elog "You can create as many ${PN}.foo* services as you wish." + fi + + if use bpf; then + elog "" + elog "eBPF/XDP files must be compiled (using sys-devel/clang[llvm_targets_BPF]) before use" + elog "because their configuration is hard-coded. You can find the default ones in" + elog " ${EPREFIX}/usr/share/doc/${PF}/ebpf" + elog "and the common location for eBPF bytecode is" + elog " ${EPREFIX}/usr/libexec/${PN}" + elog "For more information, see https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html" + fi + + if use debug; then + elog "" + elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:" + elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" + elog "You need to also ensure the FEATURES variable in make.conf contains the" + elog "'nostrip' option to produce useful core dumps or back traces." + fi + + elog "" + elog "To download and install an initial set of rules, run:" + elog " emerge --config =${CATEGORY}/${PF}" + elog "" +} + +pkg_config() { + suricata-update +} |