Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 437610 Details for
Bug 585768
net-analyzer/sguil-sensor-0.9.0: add systemd units
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
sguil-sensor-0.9.0-r1.ebuild (patched)
sguil-sensor-0.9.0-r1.ebuild (text/plain), 4.60 KB, created by
Patrick Michaelis
on 2016-06-14 23:11:55 UTC
(
hide
)
Description:
sguil-sensor-0.9.0-r1.ebuild (patched)
Filename:
MIME Type:
Creator:
Patrick Michaelis
Created:
2016-06-14 23:11:55 UTC
Size:
4.60 KB
patch
obsolete
># Copyright 1999-2015 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 ># $Id$ > >EAPI=5 > >inherit eutils user systemd > >MY_PV="${PV/_p/p}" >DESCRIPTION="Sensor part of sguil Network Security Monitoring" >HOMEPAGE="http://sguil.sourceforge.net" >SRC_URI="https://github.com/bammv/${PN/-sensor}/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz" > >LICENSE="GPL-2 QPL" >SLOT="0" >KEYWORDS="~x86 ~amd64" >IUSE="-sancp" > >RDEPEND=" > >=dev-lang/tcl-8.3:0=[-threads] > >=dev-tcltk/tclx-8.3 > dev-tcltk/tls:0 > >=net-analyzer/barnyard-0.2.0-r1 > >=net-analyzer/snort-2.4.1-r1 > dev-ml/pcre-ocaml > sancp? ( net-analyzer/sancp:0[sguil] ) >" > >S="${WORKDIR}/sguil-${MY_PV}" > >pkg_setup() { > enewgroup sguil > enewuser sguil -1 -1 /var/lib/sguil sguil >} > >src_prepare() { > epatch "${FILESDIR}/0.9.0_log_packets.patch" > > local -a CONFIG_FILES=( > sensor/pads_agent.conf > sensor/pcap_agent.conf > sensor/pcap_agent-sancp.conf > sensor/sancp_agent.conf > sensor/snort_agent.conf > ) > > sed -i -r \ > -e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \ > -e 's:/snort_data:/var/lib/sguil:' \ > -e 's:/nsm:/var/lib/sguil:' \ > -e 's:DAEMON 0:DAEMON 1:' \ > -e 's:DEBUG 1:DEBUG 0:g' \ > "${CONFIG_FILES[@]}" \ > || die > > for CONFIG_FILE in ${CONFIG_FILES[@]}; do > local AGENT_NAME=$(basename "${CONFIG_FILE//.conf/}") > echo -e "\nset PID_FILE /run/sguil/${AGENT_NAME}.pid\n" \ > >> "${CONFIG_FILE}" > done >} > >src_install() { > dodoc doc/* > > dobin sensor/sensor_agent.tcl > dobin sensor/pads_agent.tcl > dobin sensor/snort_agent.tcl > > newinitd "${FILESDIR}/log_packets.initd" log_packets > newinitd "${FILESDIR}/pads_agent.initd" pads_agent > newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent > newinitd "${FILESDIR}/snort_agent.initd" snort_agent > newconfd "${FILESDIR}/log_packets.confd" log_packets > > systemd_dounit "${FILESDIR}/pads_agent.service" > systemd_dounit "${FILESDIR}/pcap_agent.service" > systemd_dounit "${FILESDIR}/snort_agent.service" > systemd_dounit "${FILESDIR}/log_packets.service" > systemd_dounit "${FILESDIR}/log_packets_rotate.timer" > systemd_dounit "${FILESDIR}/log_packets_rotate.service" > systemd_newtmpfilesd "${FILESDIR}/systemd-tmpfiles.conf" "sguil-sensor.conf" > > insinto /etc/sguil > doins sensor/pads_agent.conf > doins sensor/snort_agent.conf > > if use sancp; then > dodoc sensor/README.sancp_indexed_pcap > > dobin sensor/sancp_agent.tcl > newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl > newbin sensor/log_packets-sancp.sh log_packets.sh > > newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent > systemd_dounit "${FILESDIR}/sancp_agent.service" > > insinto /etc/sguil > doins sensor/sancp_agent.conf > doins sensor/sancp-indexed.conf > newins sensor/pcap_agent-sancp.conf pcap_agent.conf > else > dobin sensor/log_packets.sh > dobin sensor/pcap_agent.tcl > > insinto /etc/sguil > fi > > # Create the directory structure > diropts -g sguil -o sguil > keepdir /var/lib/sguil /var/lib/sguil/archive \ > "/var/lib/sguil/${HOSTNAME}" \ > "/var/lib/sguil/${HOSTNAME}/portscans" \ > "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ > "/var/lib/sguil/${HOSTNAME}/dailylogs" \ > "/var/lib/sguil/${HOSTNAME}/sancp" >} > >pkg_postinst() { > elog > elog "You should check the /etc/sguil/*_agent.conf files and" > elog "/etc/conf.d/logpackets and ensure that they are accurate" > elog "for your environment. They should work providing that you" > elog "are running the sensor on the same machine as the server." > elog > elog "This ebuild assumes that you are running a single sensor" > elog "environment, if this is not the case then you must make sure" > elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable." > elog > elog "If you use openrc as your init, you should crontab the" > elog "/etc/init.d/log_packets script to restart each hour." > elog "If you are using systemd, The log_packets.service unit" > elog "will automatically start a timer unit to do that job," > elog "so you don't need to manually setup a cron job." > elog > elog "As of version 0.9.0 the former sguil_agent has been split up" > elog "into multiple agents. If you are upgrading, you must review" > elog "the agent config files in /etc/sguil and enable some or all" > elog "of the following init scripts / systemd units:" > elog > elog "openrc:\t\t\tsystemd:" > elog "/etc/init.d/pads_agent\tpads_agent.service" > elog "/etc/init.d/pcap_agent\tpcap_agent.service" > use sancp && elog "/etc/init.d/sancp_agent\tsancp_agent.service" > elog "/etc/init.d/snort_agent\tsnort_agent.service" > elog "/etc/init.d/log_packets\tlog_packets.service" > elog > elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2" > elog "to learn about the interaction between the different agents" > elog "and how to set up a working sguil stack." > elog > >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=437610">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 585768
:
437318
|
437320
|
437322
|
437324
|
437326
|
437328
|
437330
|
437332
|
437334
|
437336
|
437590
|
437592
|
437594
|
437596
|
437598
|
437600
|
437602
|
437604
|
437606
|
437608
| 437610
