Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 437574 Details for
Bug 585766
net-analyzer/sguil-sensor-0.9.0 does not install split agents
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for sguil-sensor-0.9.0.ebuild, v2
sguil-sensor-0.9.0.agent_split.diff (text/plain), 3.87 KB, created by
Patrick Michaelis
on 2016-06-14 22:39:32 UTC
(
hide
)
Description:
patch for sguil-sensor-0.9.0.ebuild, v2
Filename:
MIME Type:
Creator:
Patrick Michaelis
Created:
2016-06-14 22:39:32 UTC
Size:
3.87 KB
patch
obsolete
>--- sguil-sensor-0.9.0.ebuild 2016-06-15 00:25:35.778426464 +0200 >+++ sguil-sensor-0.9.0-r1.ebuild 2016-06-15 00:26:13.294663271 +0200 >@@ -14,7 +14,7 @@ > LICENSE="GPL-2 QPL" > SLOT="0" > KEYWORDS="~x86" >-IUSE="" >+IUSE="-sancp" > > RDEPEND=" > >=dev-lang/tcl-8.3:0=[-threads] >@@ -22,7 +22,7 @@ > >=net-analyzer/barnyard-0.2.0-r1 > >=net-analyzer/snort-2.4.1-r1 > dev-ml/pcre-ocaml >- net-analyzer/sancp >+ sancp? ( net-analyzer/sancp:0[sguil] ) > " > > S="${WORKDIR}/sguil-${MY_PV}" >@@ -33,27 +33,64 @@ > } > > src_prepare() { >- sed -i \ >- -e "s:gateway:${HOSTNAME}:" \ >+ local -a CONFIG_FILES=( >+ sensor/pads_agent.conf >+ sensor/pcap_agent.conf >+ sensor/pcap_agent-sancp.conf >+ sensor/sancp_agent.conf >+ sensor/snort_agent.conf >+ ) >+ >+ sed -i -r \ >+ -e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \ > -e 's:/snort_data:/var/lib/sguil:' \ >+ -e 's:/nsm:/var/lib/sguil:' \ > -e 's:DAEMON 0:DAEMON 1:' \ > -e 's:DEBUG 1:DEBUG 0:g' \ >- sensor/sensor_agent.conf || die >- sed -i \ >- -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ >- sensor/sensor_agent.tcl || die >+ "${CONFIG_FILES[@]}" \ >+ || die >+ >+ for CONFIG_FILE in ${CONFIG_FILES[@]}; do >+ local AGENT_NAME=$(basename "${CONFIG_FILE//.conf/}") >+ echo -e "\nset PID_FILE /run/sguil/${AGENT_NAME}.pid\n" \ >+ >> "${CONFIG_FILE}" >+ done > } > > src_install() { > dodoc doc/* > > dobin sensor/sensor_agent.tcl >+ dobin sensor/pads_agent.tcl >+ dobin sensor/snort_agent.tcl > > newinitd "${FILESDIR}/log_packets.initd" log_packets >- newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent >+ newinitd "${FILESDIR}/pads_agent.initd" pads_agent >+ newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent >+ newinitd "${FILESDIR}/snort_agent.initd" snort_agent > newconfd "${FILESDIR}/log_packets.confd" log_packets >+ > insinto /etc/sguil >- doins sensor/sensor_agent.conf >+ doins sensor/pads_agent.conf >+ doins sensor/snort_agent.conf >+ >+ if use sancp; then >+ dodoc sensor/README.sancp_indexed_pcap >+ >+ dobin sensor/sancp_agent.tcl >+ newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl >+ >+ newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent >+ >+ insinto /etc/sguil >+ doins sensor/sancp_agent.conf >+ doins sensor/sancp-indexed.conf >+ newins sensor/pcap_agent-sancp.conf pcap_agent.conf >+ else >+ dobin sensor/pcap_agent.tcl >+ >+ insinto /etc/sguil >+ fi > > # Create the directory structure > diropts -g sguil -o sguil >@@ -63,19 +100,30 @@ > "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ > "/var/lib/sguil/${HOSTNAME}/dailylogs" \ > "/var/lib/sguil/${HOSTNAME}/sancp" >- > } > > pkg_postinst() { > elog >- elog "You should check /etc/sguil/sensor_agent.conf and" >- elog "/etc/init.d/logpackets and ensure that they are accurate" >+ elog "You should check the /etc/sguil/*_agent.conf files and" >+ elog "/etc/conf.d/logpackets and ensure that they are accurate" > elog "for your environment. They should work providing that you" > elog "are running the sensor on the same machine as the server." >+ elog > elog "This ebuild assumes that you are running a single sensor" > elog "environment, if this is not the case then you must make sure" >- elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." >- elog "You should crontab the /etc/init.d/log_packets script to restart" >- elog "each hour." >+ elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable." >+ elog >+ elog "If you use openrc as your init, you should crontab the" >+ elog "/etc/init.d/log_packets script to restart each hour." > elog >+ elog "As of version 0.9.0 the former sguil_agent has been split up" >+ elog "into multiple agents. If you are upgrading, you must review" >+ elog "the agent config files in /etc/sguil and enable some or all" >+ elog "of the following init scripts / systemd units:" >+ elog >+ elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2" >+ elog "to learn about the interaction between the different agents" >+ elog "and how to set up a working sguil stack." >+ elog >+ > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 585766
:
437306
|
437308
|
437310
|
437312
|
437314
|
437316
| 437574 |
437576
|
437578
|
437580
|
437582
|
437584