diff options
author | shannonjr <shannonjr> | 2006-01-31 10:46:31 +0000 |
---|---|---|
committer | shannonjr <shannonjr> | 2006-01-31 10:46:31 +0000 |
commit | feda268d27dc2b60c94efeb8acd4fcbdeb5ba471 (patch) | |
tree | 5796b42bc6674b3edd588071fca25f528ea45576 /security | |
parent | 08759973eb9768bc49eab6cadc21944d1e22c25b (diff) | |
download | pkgsrc-feda268d27dc2b60c94efeb8acd4fcbdeb5ba471.tar.gz |
Update to 0.9.2. Changes:
- Get rid of the 1024 characters per line limitation (defined as per
the syslog RFC), since LML is not limited to parsing input from syslog
anymore.
- Handle events in Clamav logging format as well as syslog.
- Abstracted Squid chain regex to allow parsing of data directly
from Squid log files.
- Introduced support for openhostapd.
- Began expanding rulesets with additional_data and vendor-specific
classification data.
- Various ruleset updates and bug fixes.
Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso,
Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry,
Postfix, Proftpd, ssh, etc.
Diffstat (limited to 'security')
-rw-r--r-- | security/prelude-lml/Makefile | 6 | ||||
-rw-r--r-- | security/prelude-lml/distinfo | 8 | ||||
-rw-r--r-- | security/prelude-lml/files/preludelml.sh | 11 |
3 files changed, 17 insertions, 8 deletions
diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile index 2a9f5b17cbf..44d30f437eb 100644 --- a/security/prelude-lml/Makefile +++ b/security/prelude-lml/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $ +# $NetBSD: Makefile,v 1.2 2006/01/31 10:46:31 shannonjr Exp $ # -DISTNAME= prelude-lml-0.9.1 +DISTNAME= prelude-lml-0.9.2 CATEGORIES= security MASTER_SITES= http://www.prelude-ids.org/download/releases/ @@ -25,11 +25,13 @@ CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} RCD_SCRIPTS= preludelml PRELUDE_USER?= _prelude PRELUDE_GROUP?= _prelude +PRELUDE_LML_PID_DIR= ${VARBASE:Q}/run/prelude-lml PRELUDE_HOME= ${VARBASE:Q}/prelude-lml PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN} PKG_GROUPS= ${PRELUDE_GROUP} FILES_SUBST+= PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q} FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q} +FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_GROUP:Q} SUBST_CLASSES+= code SUBST_STAGE.code= post-patch diff --git a/security/prelude-lml/distinfo b/security/prelude-lml/distinfo index a374dddd4b8..a05f2296390 100644 --- a/security/prelude-lml/distinfo +++ b/security/prelude-lml/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $ +$NetBSD: distinfo,v 1.2 2006/01/31 10:46:31 shannonjr Exp $ -SHA1 (prelude-lml-0.9.1.tar.gz) = 2d3cb99256c84813e4fe4f17c5f5b6e8609d4bcd -RMD160 (prelude-lml-0.9.1.tar.gz) = a48e849a3cfbaa32cd7e238e0b17a3dc5d6c9114 -Size (prelude-lml-0.9.1.tar.gz) = 515291 bytes +SHA1 (prelude-lml-0.9.2.tar.gz) = 6cfc6c3450933d7d7f443b7d93b73f8007e4fc3a +RMD160 (prelude-lml-0.9.2.tar.gz) = 01212f252f9909ec6d70f59d27560358f375422f +Size (prelude-lml-0.9.2.tar.gz) = 534405 bytes SHA1 (patch-aa) = 6ed3c426d1b18ff748a3777527fbf0046caaf97f SHA1 (patch-ab) = df8bb7777d1938a167e4d27bf5a140e6d55e536b diff --git a/security/prelude-lml/files/preludelml.sh b/security/prelude-lml/files/preludelml.sh index 6158c719093..9c0a458f0b4 100644 --- a/security/prelude-lml/files/preludelml.sh +++ b/security/prelude-lml/files/preludelml.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: preludelml.sh,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $ +# $NetBSD: preludelml.sh,v 1.2 2006/01/31 10:46:31 shannonjr Exp $ # # PROVIDE: preludelml @@ -11,8 +11,15 @@ $_rc_subr_loaded . /etc/rc.subr name="preludelml" rcvar=${name} required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf" -start_cmd="@PREFIX@/sbin/run-prelude-lml -d" +start_precmd="preludelml_precommand" +start_cmd="@PREFIX@/sbin/run-prelude-lml -d --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid" pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid" +preludelml_precommand() +{ + /bin/mkdir -p @PRELUDE_LML_PID_DIR@ + /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_LML_PID_DIR@ +} + load_rc_config $name run_rc_command "$1" |