[pkgsrc/trunk]: pkgsrc/security/prelude-lml Update to 0.9.2. Changes:

[shannonjr <shannonjr%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/826b322f179d
branches:  trunk
changeset: 507340:826b322f179d
user:      shannonjr <shannonjr%pkgsrc.org@localhost>
date:      Tue Jan 31 10:46:31 2006 +0000

description:
Update to 0.9.2. Changes:
- Get rid of the 1024 characters per line limitation (defined as per
  the syslog RFC), since LML is not limited to parsing input from syslog
  anymore.
- Handle events in Clamav logging format as well as syslog.
- Abstracted Squid chain regex to allow parsing of data directly
  from Squid log files.
- Introduced support for openhostapd.
- Began expanding rulesets with additional_data and vendor-specific
  classification data.
- Various ruleset updates and bug fixes.

Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso,
Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry,
Postfix, Proftpd, ssh, etc.

diffstat:

 security/prelude-lml/Makefile            |   6 ++++--
 security/prelude-lml/distinfo            |   8 ++++----
 security/prelude-lml/files/preludelml.sh |  11 +++++++++--
 3 files changed, 17 insertions(+), 8 deletions(-)

diffs (70 lines):

diff -r f89ec7782161 -r 826b322f179d security/prelude-lml/Makefile
--- a/security/prelude-lml/Makefile     Tue Jan 31 10:44:45 2006 +0000
+++ b/security/prelude-lml/Makefile     Tue Jan 31 10:46:31 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
 #
 
-DISTNAME=              prelude-lml-0.9.1
+DISTNAME=              prelude-lml-0.9.2
 CATEGORIES=            security
 MASTER_SITES=          http://www.prelude-ids.org/download/releases/
 
@@ -25,11 +25,13 @@
 RCD_SCRIPTS=           preludelml
 PRELUDE_USER?=         _prelude
 PRELUDE_GROUP?=                _prelude
+PRELUDE_LML_PID_DIR=   ${VARBASE:Q}/run/prelude-lml
 PRELUDE_HOME=          ${VARBASE:Q}/prelude-lml
 PKG_USERS=     ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN}
 PKG_GROUPS=    ${PRELUDE_GROUP}
 FILES_SUBST+=  PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q}
 FILES_SUBST+=  PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+=  PRELUDE_GROUP=${PRELUDE_GROUP:Q}
 
 SUBST_CLASSES+=         code
 SUBST_STAGE.code=       post-patch
diff -r f89ec7782161 -r 826b322f179d security/prelude-lml/distinfo
--- a/security/prelude-lml/distinfo     Tue Jan 31 10:44:45 2006 +0000
+++ b/security/prelude-lml/distinfo     Tue Jan 31 10:46:31 2006 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
 
-SHA1 (prelude-lml-0.9.1.tar.gz) = 2d3cb99256c84813e4fe4f17c5f5b6e8609d4bcd
-RMD160 (prelude-lml-0.9.1.tar.gz) = a48e849a3cfbaa32cd7e238e0b17a3dc5d6c9114
-Size (prelude-lml-0.9.1.tar.gz) = 515291 bytes
+SHA1 (prelude-lml-0.9.2.tar.gz) = 6cfc6c3450933d7d7f443b7d93b73f8007e4fc3a
+RMD160 (prelude-lml-0.9.2.tar.gz) = 01212f252f9909ec6d70f59d27560358f375422f
+Size (prelude-lml-0.9.2.tar.gz) = 534405 bytes
 SHA1 (patch-aa) = 6ed3c426d1b18ff748a3777527fbf0046caaf97f
 SHA1 (patch-ab) = df8bb7777d1938a167e4d27bf5a140e6d55e536b
diff -r f89ec7782161 -r 826b322f179d security/prelude-lml/files/preludelml.sh
--- a/security/prelude-lml/files/preludelml.sh  Tue Jan 31 10:44:45 2006 +0000
+++ b/security/prelude-lml/files/preludelml.sh  Tue Jan 31 10:46:31 2006 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: preludelml.sh,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+# $NetBSD: preludelml.sh,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
 #
 
 # PROVIDE: preludelml
@@ -11,8 +11,15 @@
 name="preludelml"
 rcvar=${name}
 required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf"
-start_cmd="@PREFIX@/sbin/run-prelude-lml -d"
+start_precmd="preludelml_precommand"
+start_cmd="@PREFIX@/sbin/run-prelude-lml -d --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid"
 pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid"
 
+preludelml_precommand()
+{
+       /bin/mkdir -p @PRELUDE_LML_PID_DIR@
+       /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_LML_PID_DIR@
+}
+
 load_rc_config $name
 run_rc_command "$1"