suricata: new recipe

The Suricata Engine is an Open Source Next Generation Intrusion Detection
and Prevention Engine. This engine is not intended to just replace or emulate
the existing tools in the industry, but will bring new ideas and technologies
to the field.

Signed-off-by: Roman I Khimov <khimov@altell.ru>

5 files changed, 122 insertions, 0 deletions

diff --git a/recipes/suricata/suricata/default b/recipes/suricata/suricata/default
new file mode 100644
index 0000000000..53ef415a0d
--- /dev/null
+++ b/recipes/suricata/suricata/default
@@ -0,0 +1,7 @@
+# Set listen (pcap/nfqueue/pf_ring) parameters for suricata here, like:
+#
+# SURICATA_PARAMS="-i eth0"
+# or
+# SURICATA_PARAMS="-q 100"
+#
+# Default it none and suricata won't be started
\ No newline at end of file
diff --git a/recipes/suricata/suricata/init b/recipes/suricata/suricata/init
new file mode 100644
index 0000000000..eea03ef5cc
--- /dev/null
+++ b/recipes/suricata/suricata/init
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Suricata init file (rather simplistic)
+
+DAEMON=/usr/bin/suricata
+DESC="IDS/IPS service"
+NAME="suricata"
+DEFAULT_FILE=/etc/default/suricata
+CONF_FILE=/etc/suricata/suricata.yaml
+PID_FILE=/var/run/suricata.pid
+
+if [ -f /etc/default/suricata ]; then
+	. /etc/default/suricata
+fi
+
+if [ "x$SURICATA_PARAMS" == "x" ]; then
+	echo "No SURICATA_PARAMS defined in default file, won't run Suricata" >&2
+	exit 1
+fi
+
+case "$1" in
+	start)
+		echo -n "Starting $DESC: "
+		start-stop-daemon --oknodo -S -x $DAEMON -p $PID_FILE -- $SURICATA_PARAMS -c $CONF_FILE -D --pidfile $PID_FILE
+		echo "$NAME."
+	;;
+	stop)
+		echo -n "Stopping $DESC: "
+		start-stop-daemon -K -p $PID_FILE
+		for i in `seq 1 5`; do
+			if start-stop-daemon -p $PID -t -K >/dev/null 2>&1; then
+				break;
+			fi
+			sleep 1
+		done
+	;;
+	restart|force-reload)
+		$0 stop
+		$0 start
+	;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+		exit 2
+	;;
+esac
+
+exit 0
\ No newline at end of file
diff --git a/recipes/suricata/suricata/logrotate b/recipes/suricata/suricata/logrotate
new file mode 100644
index 0000000000..dd4bac42f4
--- /dev/null
+++ b/recipes/suricata/suricata/logrotate
@@ -0,0 +1,12 @@
+/var/log/suricata/*.log /var/log/suricata/*.alert{
+    size 32M
+    missingok
+    compress
+    delaycompress
+    rotate 10
+    sharedscripts
+    postrotate
+	/etc/init.d/suricata restart
+    endscript
+}
+
diff --git a/recipes/suricata/suricata/volatiles b/recipes/suricata/suricata/volatiles
new file mode 100644
index 0000000000..55092f5fb8
--- /dev/null
+++ b/recipes/suricata/suricata/volatiles
@@ -0,0 +1,2 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d root root 0755 /var/log/suricata none
\ No newline at end of file
diff --git a/recipes/suricata/suricata_1.0.1.bb b/recipes/suricata/suricata_1.0.1.bb
new file mode 100644
index 0000000000..e6f569e67d
--- /dev/null
+++ b/recipes/suricata/suricata_1.0.1.bb
@@ -0,0 +1,55 @@
+DESCRIPTION = "The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine"
+LICENSE = "GPLv2"
+HOMEPAGE = "http://openinfosecfoundation.org/"
+DEPENDS = "libhtp libyaml libprelude libnetfilter-queue libnet libpcap libpcre libpfring"
+
+PR = "r1"
+
+SRC_URI = " \
+	http://www.openinfosecfoundation.org/download/suricata-${PV}.tar.gz \
+	file://volatiles \
+	file://logrotate \
+	file://default \
+	file://init \
+	"
+SRC_URI[md5sum] = "ad42b854ef2b44499f0f1d1531b1ca36"
+SRC_URI[sha256sum] = "7fbc8fe89a0a30171eddb8b066ab7e6ec811d14a73aa6bc9cea26fc1f36f4be4"
+
+EXTRA_OECONF = " \
+	--enable-nfqueue \
+	--enable-prelude \
+	--enable-pfring \
+	--enable-non-bundled-htp \
+	--with-libnet-includes=${STAGING_INCDIR} \
+	--with-libnet-libraries=${STAGING_LIBDIR} \
+	"
+
+inherit autotools
+
+do_install_append() {
+	install -d ${D}${sysconfdir}/default/volatiles
+	install -d ${D}${sysconfdir}/init.d
+	install -d ${D}${sysconfdir}/logrotate.d
+	install -d ${D}${sysconfdir}/suricata
+	install -m 0644 suricata.yaml ${D}${sysconfdir}/suricata/
+	install -m 0644 classification.config ${D}${sysconfdir}/suricata/
+	install -m 0644 ${WORKDIR}/volatiles ${D}${sysconfdir}/default/volatiles/suricata
+	install -m 0644 ${WORKDIR}/logrotate ${D}${sysconfdir}/logrotate.d/suricata
+	install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/suricata
+	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/suricata
+}
+
+pkg_postinst_${PN}() {
+	${sysconfdir}/init.d/populate-volatile.sh update
+}
+
+PACKAGES =+ "${PN}-logrotate"
+FILES_${PN}-logrotate = "${sysconfdir}/logrotate.d/suricata"
+RRECOMMENDS_${PN} += "${PN}-logrotate"
+RSUGGESTS_${PN}-logrotate += "logrotate"
+
+CONFFILES_${PN} = " \
+	${sysconfdir}/default/suricata \
+	${sysconfdir}/suricata/suricata.yaml \
+	${sysconfdir}/suricata/classification.config \
+	"
\ No newline at end of file