diff options
author | Thomas Andrejak <thomas.andrejak@gmail.com> | 2016-07-17 15:13:05 +0200 |
---|---|---|
committer | Göktürk Yüksek <gokturk@gentoo.org> | 2016-08-04 21:10:12 -0400 |
commit | 3a233c7192c7c95146c9f0dfd5f601deaf23a202 (patch) | |
tree | 0471fe963d4c2b35e3e34395aab6324bca435be2 /net-analyzer/prelude-lml/files | |
parent | app-admin/prelude-manager: New package (diff) | |
download | gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.tar.gz gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.tar.bz2 gentoo-3a233c7192c7c95146c9f0dfd5f601deaf23a202.zip |
net-analyzer/prelude-lml: New package
Prelude-LML is a log analyser that allows Prelude to collect and
analyze information from all kind of applications emitting logs or
syslog messages in order to detect suspicious activities and transform
them into Prelude-IDMEF alerts.
Diffstat (limited to 'net-analyzer/prelude-lml/files')
6 files changed, 115 insertions, 0 deletions
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch new file mode 100644 index 000000000000..dab4ea8a6bb1 --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch @@ -0,0 +1,22 @@ +--- a/prelude-lml.conf ++++ b/prelude-lml.conf +@@ -92,7 +92,7 @@ + time-format = "%b %d %H:%M:%S" + prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" + file = /var/log/messages +-file = /var/log/secure ++file = /var/log/auth.log + # udp-server = 0.0.0.0 + # tcp-server = 0.0.0.0 + # tcp-tls-server = 0.0.0.0 +--- a/prelude-lml.conf.in ++++ b/prelude-lml.conf.in +@@ -92,7 +92,7 @@ + time-format = "%b %d %H:%M:%S" + prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" + file = /var/log/messages +-file = /var/log/secure ++file = /var/log/auth.log + # udp-server = 0.0.0.0 + # tcp-server = 0.0.0.0 + # tcp-tls-server = 0.0.0.0 diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch new file mode 100644 index 000000000000..154a261eb5ad --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch @@ -0,0 +1,35 @@ +--- a/configure.in ++++ b/configure.in +@@ -107,10 +107,13 @@ + dnl ************************************************** + GNUTLS_MIN_VERSION=1.0.17 + +-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], +- [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) +- +-AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) ++AC_ARG_ENABLE(gnutls, AC_HELP_STRING(--enable-gnutls, Define whether GnuTLS provides gnutls_hash_get_len function), , enable_gnutls="yes") ++if test x$enable_gnutls = xyes; then ++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [], ++ [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)]) ++ ++ AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no) ++fi + + if test x$enable_gnutls = xyes; then + AC_DEFINE_UNQUOTED(HAVE_GNUTLS, , Tell whether GnuTLS is available for TCP-TLS support) +@@ -125,8 +128,12 @@ + dnl * Check for libICU * + dnl ************************************************** + +-PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], +- [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) ++AC_ARG_ENABLE(icu, AC_HELP_STRING(--enable-icu, Tell whether libicu is available for encoding convertion), , enable_icu="yes") ++ ++if test x$enable_icu = xyes; then ++ PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes], ++ [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)]) ++fi + if test x$enable_icu = xyes; then + AC_DEFINE_UNQUOTED(HAVE_LIBICU, , Tell whether libicu is available for encoding convertion) + fi diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch new file mode 100644 index 000000000000..8b4e65216cca --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch @@ -0,0 +1,14 @@ +--- a/configure.in ++++ b/configure.in +@@ -187,9 +187,9 @@ + configdir=$SYSCONFDIR/prelude-lml + prelude_lml_conf=$configdir/prelude-lml.conf + regex_conf=$configdir/plugins.rules +-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml ++metadata_dir=$LOCALSTATEDIR/prelude-lml + plugindir=$LIBDIR/prelude-lml +-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml ++lml_run_dir=/run/prelude-lml + + AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML configuration file) + AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin directory) diff --git a/net-analyzer/prelude-lml/files/prelude-lml.initd b/net-analyzer/prelude-lml/files/prelude-lml.initd new file mode 100755 index 000000000000..411e02762455 --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.initd @@ -0,0 +1,27 @@ +#!/sbin/runscript +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +BIN_LML=/usr/bin/prelude-lml +PID_LML=/run/prelude-lml/prelude-lml.pid + +depend() { + need net + after prelude-manager +} + +start() { + ebegin "Starting prelude-lml" + checkpath -d -m 0755 -o root:root /run/prelude-lml + start-stop-daemon --start --exec $BIN_LML \ + --pidfile $PID_LML -- -d -P $PID_LML + eend $? +} + +stop() { + ebegin "Stopping prelude-lml" + start-stop-daemon --stop --exec $BIN_LML \ + --pidfile $PID_LML + eend $? +} diff --git a/net-analyzer/prelude-lml/files/prelude-lml.run b/net-analyzer/prelude-lml/files/prelude-lml.run new file mode 100644 index 000000000000..75f2ef89adda --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.run @@ -0,0 +1,4 @@ +# Configuration to create /run/prelude-lml directory +# Used as part of systemd's tmpfiles + +d /run/prelude-lml 0755 root root diff --git a/net-analyzer/prelude-lml/files/prelude-lml.service b/net-analyzer/prelude-lml/files/prelude-lml.service new file mode 100644 index 000000000000..9d9230c6ff4c --- /dev/null +++ b/net-analyzer/prelude-lml/files/prelude-lml.service @@ -0,0 +1,13 @@ +[Unit] +Description=Prelude-LML service +DefaultDependencies=no +After=remote_fs.target prelude-manager.service + +[Service] +ExecStart=/usr/bin/prelude-lml -d -P /run/prelude-lml/prelude-lml.pid +Type=forking +PIDFile=/run/prelude-lml/prelude-lml.pid +Restart=always + +[Install] +WantedBy=multi-user.target |