summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorshannonjr <shannonjr>2006-01-31 10:46:31 +0000
committershannonjr <shannonjr>2006-01-31 10:46:31 +0000
commitfeda268d27dc2b60c94efeb8acd4fcbdeb5ba471 (patch)
tree5796b42bc6674b3edd588071fca25f528ea45576 /security
parent08759973eb9768bc49eab6cadc21944d1e22c25b (diff)
downloadpkgsrc-feda268d27dc2b60c94efeb8acd4fcbdeb5ba471.tar.gz
Update to 0.9.2. Changes:
- Get rid of the 1024 characters per line limitation (defined as per the syslog RFC), since LML is not limited to parsing input from syslog anymore. - Handle events in Clamav logging format as well as syslog. - Abstracted Squid chain regex to allow parsing of data directly from Squid log files. - Introduced support for openhostapd. - Began expanding rulesets with additional_data and vendor-specific classification data. - Various ruleset updates and bug fixes. Prelude-LML is a signature based log analyzer monitoring logfile and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry, Postfix, Proftpd, ssh, etc.
Diffstat (limited to 'security')
-rw-r--r--security/prelude-lml/Makefile6
-rw-r--r--security/prelude-lml/distinfo8
-rw-r--r--security/prelude-lml/files/preludelml.sh11
3 files changed, 17 insertions, 8 deletions
diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile
index 2a9f5b17cbf..44d30f437eb 100644
--- a/security/prelude-lml/Makefile
+++ b/security/prelude-lml/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
#
-DISTNAME= prelude-lml-0.9.1
+DISTNAME= prelude-lml-0.9.2
CATEGORIES= security
MASTER_SITES= http://www.prelude-ids.org/download/releases/
@@ -25,11 +25,13 @@ CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
RCD_SCRIPTS= preludelml
PRELUDE_USER?= _prelude
PRELUDE_GROUP?= _prelude
+PRELUDE_LML_PID_DIR= ${VARBASE:Q}/run/prelude-lml
PRELUDE_HOME= ${VARBASE:Q}/prelude-lml
PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN}
PKG_GROUPS= ${PRELUDE_GROUP}
FILES_SUBST+= PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q}
FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_GROUP:Q}
SUBST_CLASSES+= code
SUBST_STAGE.code= post-patch
diff --git a/security/prelude-lml/distinfo b/security/prelude-lml/distinfo
index a374dddd4b8..a05f2296390 100644
--- a/security/prelude-lml/distinfo
+++ b/security/prelude-lml/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
-SHA1 (prelude-lml-0.9.1.tar.gz) = 2d3cb99256c84813e4fe4f17c5f5b6e8609d4bcd
-RMD160 (prelude-lml-0.9.1.tar.gz) = a48e849a3cfbaa32cd7e238e0b17a3dc5d6c9114
-Size (prelude-lml-0.9.1.tar.gz) = 515291 bytes
+SHA1 (prelude-lml-0.9.2.tar.gz) = 6cfc6c3450933d7d7f443b7d93b73f8007e4fc3a
+RMD160 (prelude-lml-0.9.2.tar.gz) = 01212f252f9909ec6d70f59d27560358f375422f
+Size (prelude-lml-0.9.2.tar.gz) = 534405 bytes
SHA1 (patch-aa) = 6ed3c426d1b18ff748a3777527fbf0046caaf97f
SHA1 (patch-ab) = df8bb7777d1938a167e4d27bf5a140e6d55e536b
diff --git a/security/prelude-lml/files/preludelml.sh b/security/prelude-lml/files/preludelml.sh
index 6158c719093..9c0a458f0b4 100644
--- a/security/prelude-lml/files/preludelml.sh
+++ b/security/prelude-lml/files/preludelml.sh
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: preludelml.sh,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+# $NetBSD: preludelml.sh,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
#
# PROVIDE: preludelml
@@ -11,8 +11,15 @@ $_rc_subr_loaded . /etc/rc.subr
name="preludelml"
rcvar=${name}
required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf"
-start_cmd="@PREFIX@/sbin/run-prelude-lml -d"
+start_precmd="preludelml_precommand"
+start_cmd="@PREFIX@/sbin/run-prelude-lml -d --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid"
pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid"
+preludelml_precommand()
+{
+ /bin/mkdir -p @PRELUDE_LML_PID_DIR@
+ /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_LML_PID_DIR@
+}
+
load_rc_config $name
run_rc_command "$1"