commit: 31c1a39700a70382a13f65f6bef70698c174d8b4 Author: John Helmert III <ajak <AT> gentoo <DOT> org> AuthorDate: Sun Sep 18 21:19:57 2022 +0000 Commit: John Helmert III <ajak <AT> gentoo <DOT> org> CommitDate: Sun Sep 18 21:19:57 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31c1a397
net-analyzer/sguil-sensor: treeclean Bug: https://bugs.gentoo.org/630752 Signed-off-by: John Helmert III <ajak <AT> gentoo.org> net-analyzer/sguil-sensor/Manifest | 1 - net-analyzer/sguil-sensor/files/log_packets.confd | 18 ----- net-analyzer/sguil-sensor/files/log_packets.initd | 91 ---------------------- net-analyzer/sguil-sensor/files/sensor_agent.initd | 29 ------- net-analyzer/sguil-sensor/metadata.xml | 12 --- .../sguil-sensor/sguil-sensor-1.0.0-r3.ebuild | 81 ------------------- profiles/package.mask | 5 -- 7 files changed, 237 deletions(-) diff --git a/net-analyzer/sguil-sensor/Manifest b/net-analyzer/sguil-sensor/Manifest deleted file mode 100644 index 6a6586972b73..000000000000 --- a/net-analyzer/sguil-sensor/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST sguil-1.0.0.tar.gz 892934 BLAKE2B 69459eed682d91a1b57ba08c141dd655dbbfaa0d9d2956e6a26065f1b6820307b0e0e4dcbcad89537eba7499aea38f81739c351246e3dd6c46cab46bdf0d054f SHA512 fc3007383f90c99a0ace3eeebac75864f9aa549676e784c7bf1d81222282e3a5a3d5290b121097ae3c027dee3dd35bbe8ac9dfede04dbd561edfd3948a0465ab diff --git a/net-analyzer/sguil-sensor/files/log_packets.confd b/net-analyzer/sguil-sensor/files/log_packets.confd deleted file mode 100644 index 93bdc772bff7..000000000000 --- a/net-analyzer/sguil-sensor/files/log_packets.confd +++ /dev/null @@ -1,18 +0,0 @@ -# Config file for /etc/init.d/log_packets -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# This tell snort which interface to listen on (any for every interface) -IFACE=eth1 - -# Make sure this matches your IFACE -PIDFILE=/run/sguil-log_packets_$IFACE.pid - -# You probably don't want to change this, but in case you do -LOGDIR="/var/lib/sguil" - -# Percentage of disk to try and maintain -MAX_DISK_USE=95 - -# This pulls in the options above -OPTIONS="-m 122 -u sguil -g sguil" diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd deleted file mode 100644 index f372c82c905b..000000000000 --- a/net-analyzer/sguil-sensor/files/log_packets.initd +++ /dev/null @@ -1,91 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="cleandisk" - -LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs" - -start() { - ebegin "Starting Log_packest" - if [ ! -x /usr/bin/snort ] - then - eerror "No snort - cannot start" - eend 1 - return 1 - fi - - if [ ! -d ${LOG_DIR} ] - then - mkdir -p ${LOG_DIR} - chmod 770 ${LOG_DIR} - fi - - today=$(date '+%Y-%m-%d') - - if [ ! -d "${LOG_DIR}/${today}" ] - then - mkdir "${LOG_DIR}/${today}" - chmod 770 "${LOG_DIR}/${today}" - chown root:sguil "${LOG_DIR}/${today}" - fi - start-stop-daemon --start --quiet -b -m --pidfile "${PIDFILE}" \ - --exec /usr/bin/snort \ - -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}" - real_cleandisk - eend $? -} - -stop() { - ebegin "Stopping Sensor Agent" - start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" - eend $? -} - -cleandisk() { - ebegin "Cleaning Disk" - real_cleandisk - eend $? -} - -# This func checks the current space being used by LOG_DIR -# and rm's data as necessary. -real_cleandisk() { - einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..." - # grep, awk, tr...woohoo! - CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %) - einfo " Current Disk Use: ${CUR_USE}%" - - if [ ${CUR_USE} -gt ${MAX_DISK_USE} ] - then - # If we are here then we passed our disk limit - # First find the oldest DIR - cd "${LOG_DIR}" - # Can't use -t on the ls since the mod time changes each time we - # delete a file. Good thing we use YYYY-MM-DD so we can sort. - OLDEST_DIR=$(ls | sort | head -n 1) - cd "${OLDEST_DIR}" - - OLDEST_FILE=$(ls -t | tail -n 1) - - if [ -f "${OLDEST_FILE}" ] - then - einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}" - rm -f "${OLDEST_FILE}" - else - einfo " Removing empty dir: ${OLDEST_DIR}" - cd .. - rm -rf "${OLDEST_DIR}" - fi - - # Run cleandisk again as rm'ing one file might been enough - # but we wait 5 secs in hopes any open writes are done. - sync - einfo " Waiting 5 secs for disk to sync..." - sleep 5 - real_cleandisk - else - einfo "Done." - fi -} - diff --git a/net-analyzer/sguil-sensor/files/sensor_agent.initd b/net-analyzer/sguil-sensor/files/sensor_agent.initd deleted file mode 100644 index 08b45e511f8c..000000000000 --- a/net-analyzer/sguil-sensor/files/sensor_agent.initd +++ /dev/null @@ -1,29 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - need net -} - -checkconfig() { - if [ ! -e /etc/sguil/sensor_agent.conf ] ; then - eerror "You need an /etc/snort/sensor_agent.conf to run the Sensor Agent" - return 1 - fi -} - -start() { - checkconfig || return 1 - ebegin "Starting Sensor Agent" - start-stop-daemon --start -c sguil --quiet --exec /usr/bin/sensor_agent.tcl \ - -- -D -c "/etc/sguil/sensor_agent.conf">/dev/null 2>&1 - eend $? -} - -stop() { - ebegin "Stopping Sensor Agent" - start-stop-daemon --stop --quiet --pidfile /run/sguil-sensor.pid - eend $? -} - diff --git a/net-analyzer/sguil-sensor/metadata.xml b/net-analyzer/sguil-sensor/metadata.xml deleted file mode 100644 index e0c75486e6c0..000000000000 --- a/net-analyzer/sguil-sensor/metadata.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> -<pkgmetadata> - <maintainer type="project"> - <email>[email protected]</email> - <name>Gentoo network monitoring and analysis project</name> - </maintainer> - <upstream> - <remote-id type="github">bammv/sguil</remote-id> - <remote-id type="sourceforge">sguil</remote-id> - </upstream> -</pkgmetadata> diff --git a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild deleted file mode 100644 index 0403ede4f1b6..000000000000 --- a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r3.ebuild +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -MY_PV="${PV/_p/p}" -DESCRIPTION="Sensor part of sguil Network Security Monitoring" -HOMEPAGE="https://github.com/bammv/sguil"; -SRC_URI="https://github.com/bammv/sguil/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz" -S="${WORKDIR}/sguil-${MY_PV}" - -LICENSE="GPL-3 GPL-2+ QPL-1.0 GPL-2" # GPL-2 for init script -SLOT="0" -KEYWORDS="~amd64 ~x86" - -DEPEND=" - acct-group/sguil - acct-user/sguil -" - -RDEPEND=" - ${DEPEND} - >=dev-lang/tcl-8.3:0=[-threads] - >=dev-tcltk/tclx-8.3 - dev-tcltk/tls - >=net-analyzer/barnyard-0.2.0-r1 - >=net-analyzer/snort-2.4.1-r1 - dev-ml/pcre-ocaml:= - net-analyzer/sancp -" - -src_prepare() { - default - - sed -i \ - -e "s:gateway:${HOSTNAME}:" \ - -e 's:/snort_data:/var/lib/sguil:' \ - -e 's:DAEMON 0:DAEMON 1:' \ - -e 's:DEBUG 1:DEBUG 0:g' \ - sensor/sensor_agent.conf || die - - sed -i \ - -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ - sensor/sensor_agent.tcl || die -} - -src_install() { - dodoc doc/* - - dobin sensor/sensor_agent.tcl - - newinitd "${FILESDIR}/log_packets.initd" log_packets - newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent - newconfd "${FILESDIR}/log_packets.confd" log_packets - insinto /etc/sguil - doins sensor/sensor_agent.conf - - # Create the directory structure - diropts -g sguil -o sguil - keepdir /var/lib/sguil/archive \ - "/var/lib/sguil/${HOSTNAME}" \ - "/var/lib/sguil/${HOSTNAME}/portscans" \ - "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ - "/var/lib/sguil/${HOSTNAME}/dailylogs" \ - "/var/lib/sguil/${HOSTNAME}/sancp" - -} - -pkg_postinst() { - elog - elog "You should check /etc/sguil/sensor_agent.conf and" - elog "/etc/init.d/logpackets and ensure that they are accurate" - elog "for your environment. They should work providing that you" - elog "are running the sensor on the same machine as the server." - elog "This ebuild assumes that you are running a single sensor" - elog "environment, if this is not the case then you must make sure" - elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." - elog "You should crontab the /etc/init.d/log_packets script to restart" - elog "each hour." - elog -} diff --git a/profiles/package.mask b/profiles/package.mask index 0e6cf6ef83b9..5776d5f009c7 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -337,11 +337,6 @@ dev-python/pyside6-tools # Removal on 2022-09-10. Bug #864889. dev-libs/libdivsufsort -# John Helmert III <[email protected]> (2022-08-10) -# Root privilege escalation vulnerability, many open bugs. Removal in 30 -# days, bug 630752 -net-analyzer/sguil-sensor - # John Helmert III <[email protected]> (2022-08-10) # Root privilege escalation vulnerability, unmaintained since the git # transition, multiple open bugs. Removal in 30 days, bug 630752
