Summary: | net-analyzer/sguil-sensor-0.9.0: add systemd units | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Patrick Michaelis <michaelis> |
Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | sam, systemd |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 585766 | ||
Bug Blocks: | 448882 | ||
Attachments: |
patch for sguil-sensor-0.9.0.ebuild
pads_agent.service pcap_agent.service pcap_agent-sancp.service sancp_agent.service snort_agent.service log_packets_at.service log_packets_rotate.timer log_packets_rotate.service systemd-log_packets_rotate.sh updated patch for sguil-sensor-0.9.0.ebuild v2 log_packets.service log_packets_rotate.timer v2 log_packets_rotate.service v2 0.9.0_log_packets.patch pads_agent.service v2 pcap_agent.service v2 sancp_agent.service v2 snort_agent.service v2 systemd-tmpfiles.conf sguil-sensor-0.9.0-r1.ebuild (patched) |
Description
Patrick Michaelis
2016-06-13 03:08:48 UTC
Created attachment 437320 [details]
pads_agent.service
Created attachment 437322 [details]
pcap_agent.service
Created attachment 437324 [details]
pcap_agent-sancp.service
Created attachment 437326 [details]
sancp_agent.service
Created attachment 437328 [details]
snort_agent.service
Created attachment 437330 [details]
log_packets_at.service
Created attachment 437332 [details]
log_packets_rotate.timer
Created attachment 437334 [details]
log_packets_rotate.service
Created attachment 437336 [details]
systemd-log_packets_rotate.sh
I just noticed that upstream has its own shell script for the log_packets service. I will rewrite the log_packet*.service / .timer unit to use the upsteam script instead of a custom one and post updated unit files soon. Created attachment 437590 [details, diff] updated patch for sguil-sensor-0.9.0.ebuild v2 Updated patch for the ebuild. This will only apply on top of the patch from bug #585766. I will attach the resulting ebuild below to make this more convinient. Changes since the first patch: * removed the pcap_agent-sancp.service again, in favor of using the pcap_agent.service for both cases. If the sancp USE flag is set, the sancp version of the agent will be installed as /usr/bin/pcap_agent.tcl now. * added PIDFile to each agent unit * added Restart=always to each agent, to keep them running in case of a crash. That appears to be what upstream is doing in the current git tree as well, where the first couple of systemd units have been commited. * re-implemented the log_packets* units to use the upstream log_packets.sh and log_packets-sancp.sh script to start snort in logging mode. This is now also backwards compatible with how the init scripts worked: configuration happens in /etc/conf.d/log_packets, unit names are the same. (note: the conf.d file is not used in the systemd units, but sourced in the patched log_packets.sh script). The log_packets_rotate.service/.timer units do manage the resarting of the packet logger and removing of old files, as a cron job would for the init script version. For this to work a small patch needs to be applied to the log_packets(-sancp).sh scripts. This patch removes the hard coded config values and replaces them with the included ones from the conf.d file. It also removes the piping of snort log output to a log file. Instead it will be logged in the journal now. Created attachment 437592 [details]
log_packets.service
Created attachment 437594 [details]
log_packets_rotate.timer v2
Created attachment 437596 [details]
log_packets_rotate.service v2
Created attachment 437598 [details, diff]
0.9.0_log_packets.patch
for the files/ dir, not to be applied to the ebuild!
Created attachment 437600 [details]
pads_agent.service v2
Created attachment 437602 [details]
pcap_agent.service v2
Created attachment 437604 [details]
sancp_agent.service v2
Created attachment 437606 [details]
snort_agent.service v2
Created attachment 437608 [details]
systemd-tmpfiles.conf
will be installed as /usr/lib/tmpfiles.d/sguil-sensor.conf
it auto creates the /run/sguil directory with write permissions for user sguil, so that the agents can run without root privileges.
Created attachment 437610 [details] sguil-sensor-0.9.0-r1.ebuild (patched) finally, the ebuild with the v2 patch applied, on top of the patch from bug #585766. I included the proposed changes from #585770 (~amdd64 keyword) and #585772 (dev-tcltk/tls dependency) as well. If you're at all still interested, would you mind rebasing this? Ideally would appreciate a git am-able patch (use git format-patch) against gentoo.git so I can just apply it as one file. I'm sorry nobody got to this before now. |