commit: 241b67a4b002630e65fad02cae4503d4029a2162
Author: Thomas Andrejak <thomas.andrejak <AT> gmail <DOT> com>
AuthorDate: Sun Jul 17 13:14:12 2016 +0000
Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
CommitDate: Fri Aug 5 01:10:12 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=241b67a4
net-analyzer/prelude-correlator: New package
Prelude-Correlator allows conducting multi-stream correlations thanks
to a powerful programming language for writing correlation rules.
net-analyzer/prelude-correlator/Manifest | 1 +
.../files/prelude-correlator.initd | 27 +++++++++++++++++++
.../files/prelude-correlator.run | 4 +++
.../files/prelude-correlator.service | 13 +++++++++
net-analyzer/prelude-correlator/metadata.xml | 21 +++++++++++++++
.../prelude-correlator-3.0.1.ebuild | 31 ++++++++++++++++++++++
6 files changed, 97 insertions(+)
diff --git a/net-analyzer/prelude-correlator/Manifest
b/net-analyzer/prelude-correlator/Manifest
new file mode 100644
index 0000000..63e53ea
--- /dev/null
+++ b/net-analyzer/prelude-correlator/Manifest
@@ -0,0 +1 @@
+DIST prelude-correlator-3.0.1.tar.gz 181019 SHA256
8e19a2c90dfe0a5715062c3f0e3399439a7ba914e1c19e3b3fd24a69f4a98fac SHA512
2aa159251cf7f9fead117737f67cc01e7cb2012c4fd9db77454c7d639cf477888d5ea6476661bf501c2da7aaef58ea7101b7780669f025af1480acd9480ce8d3
WHIRLPOOL
b7538e1e6e4f7504c4dbb0044e74c667d8edd49f4b8a52f03eb7620b3213e9de44a6b5beef02316c7c722989286c8f7fc1204822bcdbb3f320ee30aaacd60aa7
diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.initd
b/net-analyzer/prelude-correlator/files/prelude-correlator.initd
new file mode 100755
index 0000000..26e18d5
--- /dev/null
+++ b/net-analyzer/prelude-correlator/files/prelude-correlator.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+BIN_CORRELATOR=/usr/bin/prelude-correlator
+PID_CORRELATOR=/run/prelude-correlator/prelude-correlator.pid
+
+depend() {
+ need net
+ after prelude-manager
+}
+
+start() {
+ ebegin "Starting prelude-correlator"
+ checkpath -d -m 0755 -o root:root /run/prelude-correlator
+ start-stop-daemon --start --exec $BIN_CORRELATOR \
+ --pidfile $PID_CORRELATOR -- -d -P $PID_CORRELATOR
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping prelude-correlator"
+ start-stop-daemon --stop --exec $BIN_CORRELATOR \
+ --pidfile $PID_CORRELATOR
+ eend $?
+}
diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.run
b/net-analyzer/prelude-correlator/files/prelude-correlator.run
new file mode 100644
index 0000000..8bec03f
--- /dev/null
+++ b/net-analyzer/prelude-correlator/files/prelude-correlator.run
@@ -0,0 +1,4 @@
+# Configuration to create /run/prelude-correlator directory
+# Used as part of systemd's tmpfiles
+
+d /run/prelude-correlator 0755 root root
diff --git a/net-analyzer/prelude-correlator/files/prelude-correlator.service
b/net-analyzer/prelude-correlator/files/prelude-correlator.service
new file mode 100644
index 0000000..7b763c3
--- /dev/null
+++ b/net-analyzer/prelude-correlator/files/prelude-correlator.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Prelude-Correlator service
+DefaultDependencies=no
+After=remote_fs.target prelude-manager.service
+
+[Service]
+ExecStart=/usr/bin/prelude-correlator -d -P
/run/prelude-correlator/prelude-correlator.pid
+Type=forking
+PIDFile=/run/prelude-correlator/prelude-correlator.pid
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/prelude-correlator/metadata.xml
b/net-analyzer/prelude-correlator/metadata.xml
new file mode 100644
index 0000000..fa977ec
--- /dev/null
+++ b/net-analyzer/prelude-correlator/metadata.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>[email protected]</email>
+ <name>Thomas Andrejak</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>[email protected]</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <longdescription lang="en">
+ Prelude-Correlator allows conducting multi-stream correlations
+ thanks to a powerful programming language for writing
correlation
+ rules. With any type of alert able to be correlated, event
+ analysis becomes simpler, quicker and more incisive. This
+ correlation alert then appears within the Prewikka interface
+ and indicates the potential target information via the set of
+ correlation rules.
+ </longdescription>
+</pkgmetadata>
diff --git a/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild
b/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild
new file mode 100644
index 0000000..59a0341
--- /dev/null
+++ b/net-analyzer/prelude-correlator/prelude-correlator-3.0.1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+
+inherit systemd distutils-r1
+
+DESCRIPTION="Real time correlator of events received by Prelude Manager"
+HOMEPAGE="https://www.prelude-siem.org";
+SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz";
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND="dev-python/setuptools"
+
+RDEPEND="dev-python/netaddr[${PYTHON_USEDEP}]
+ dev-libs/libprelude[${PYTHON_USEDEP}]"
+
+src_install() {
+ distutils-r1_src_install
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf"
+
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+}
