diff options
| author |   Thomas Andrejak <thomas.andrejak@gmail.com> | 2016-07-17 15:14:12 +0200 |
|---|---|---|
| committer |   Göktürk Yüksek <gokturk@gentoo.org> | 2016-08-04 21:10:12 -0400 |
| commit | 241b67a4b002630e65fad02cae4503d4029a2162 (patch) | |
| tree | 027e452ea60d2892c85e5d633835a74ac8eeb8ca /net-analyzer/prelude-correlator | |
| parent | net-analyzer/prelude-lml-rules: New package (diff) | |
| download | gentoo-241b67a4b002630e65fad02cae4503d4029a2162.tar.gz gentoo-241b67a4b002630e65fad02cae4503d4029a2162.tar.bz2 gentoo-241b67a4b002630e65fad02cae4503d4029a2162.zip | |
net-analyzer/prelude-correlator: New package
Prelude-Correlator allows conducting multi-stream correlations thanks
to a powerful programming language for writing correlation rules.
Diffstat (limited to 'net-analyzer/prelude-correlator')
6 files changed, 97 insertions, 0 deletions
diff --git a/net-analyzer/prelude-correlator/Manifest b/net-analyzer/prelude-correlator/Manifest new file mode 100644 index 000000000000..63e53ea90b0d --- /dev/null +++ b/net-analyzer/prelude-correlator/Manifest @@ -0,0 +1 @@ +DIST prelude-correlator-3.0.1.tar.gz 181019 SHA256 8e19a2c90dfe0a5715062c3f0e3399439a7ba914e1c19e3b3fd24a69f4a98fac SHA512 2aa159251cf7f9fead117737f67cc01e7cb2012c4fd9db77454c7d639cf477888d5ea6476661bf501c2da7aaef58ea7101b7780669f025af1480acd9480ce8d3 WHIRLPOOL b7538e1e6e4f7504c4dbb0044e74c667d8edd49f4b8a52f03eb7620b3213e9de44a6b5beef02316c7c722989286c8f7fc1204822bcdbb3f320ee30aaacd60aa7 diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.initd b/net-analyzer/prelude-correlator/files/prelude-correlator.initd new file mode 100755 index 000000000000..26e18d5c72c5 --- /dev/null +++ b/net-analyzer/prelude-correlator/files/prelude-correlator.initd @@ -0,0 +1,27 @@ +#!/sbin/runscript +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +BIN_CORRELATOR=/usr/bin/prelude-correlator +PID_CORRELATOR=/run/prelude-correlator/prelude-correlator.pid + +depend() { + need net + after prelude-manager +} + +start() { + ebegin "Starting prelude-correlator" + checkpath -d -m 0755 -o root:root /run/prelude-correlator + start-stop-daemon --start --exec $BIN_CORRELATOR \ + --pidfile $PID_CORRELATOR -- -d -P $PID_CORRELATOR + eend $? +} + +stop() { + ebegin "Stopping prelude-correlator" + start-stop-daemon --stop --exec $BIN_CORRELATOR \ + --pidfile $PID_CORRELATOR + eend $? +} diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.run b/net-analyzer/prelude-correlator/files/prelude-correlator.run new file mode 100644 index 000000000000..8bec03f78704 --- /dev/null +++ b/net-analyzer/prelude-correlator/files/prelude-correlator.run @@ -0,0 +1,4 @@ +# Configuration to create /run/prelude-correlator directory +# Used as part of systemd's tmpfiles + +d /run/prelude-correlator 0755 root root diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.service b/net-analyzer/prelude-correlator/files/prelude-correlator.service new file mode 100644 index 000000000000..7b763c30c13a --- /dev/null +++ b/net-analyzer/prelude-correlator/files/prelude-correlator.service @@ -0,0 +1,13 @@ +[Unit] +Description=Prelude-Correlator service +DefaultDependencies=no +After=remote_fs.target prelude-manager.service + +[Service] +ExecStart=/usr/bin/prelude-correlator -d -P /run/prelude-correlator/prelude-correlator.pid +Type=forking +PIDFile=/run/prelude-correlator/prelude-correlator.pid +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/net-analyzer/prelude-correlator/metadata.xml b/net-analyzer/prelude-correlator/metadata.xml new file mode 100644 index 000000000000..fa977ec21f47 --- /dev/null +++ b/net-analyzer/prelude-correlator/metadata.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>thomas.andrejak@gmail.com</email> + <name>Thomas Andrejak</name> + </maintainer> + <maintainer type="project"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <longdescription lang="en"> + Prelude-Correlator allows conducting multi-stream correlations + thanks to a powerful programming language for writing correlation + rules. With any type of alert able to be correlated, event + analysis becomes simpler, quicker and more incisive. This + correlation alert then appears within the Prewikka interface + and indicates the potential target information via the set of + correlation rules. + </longdescription> +</pkgmetadata> diff --git a/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild b/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild new file mode 100644 index 000000000000..59a034145e7e --- /dev/null +++ b/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild @@ -0,0 +1,31 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit systemd distutils-r1 + +DESCRIPTION="Real time correlator of events received by Prelude Manager" +HOMEPAGE="https://www.prelude-siem.org" +SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="dev-python/setuptools" + +RDEPEND="dev-python/netaddr[${PYTHON_USEDEP}] + dev-libs/libprelude[${PYTHON_USEDEP}]" + +src_install() { + distutils-r1_src_install + + systemd_dounit "${FILESDIR}/${PN}.service" + systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf" + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" +} |