suricata: add systemd unit

Based on the debian systemd unit. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Koen Kooi <koen@dominion.thruhere.net> 2018-08-01 10:09:22 +0200
committer: Armin Kuster <akuster808@gmail.com> 2018-08-04 07:50:07 -0700
commit: e58ad185be7cc79cf83afb516ff7850a26bef1b8 (patch)
tree: dff43398842d42a9c40110e19d7aa9a2c1718c5e
parent: a0a31609239d71608ef9cc8326060c0aff4c2170 (diff)
download: meta-security-e58ad185be7cc79cf83afb516ff7850a26bef1b8.tar.gz
2 files changed, 35 insertions, 2 deletions
diff --git a/recipes-security/suricata/files/suricata.service b/recipes-security/suricata/files/suricata.service
new file mode 100644
index 0000000..a99a76e
--- /dev/null
+++ b/recipes-security/suricata/files/suricata.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Suricata IDS/IDP daemon
+After=network.target
+Requires=network.target
+Documentation=man:suricata(8) man:suricatasc(8)
+Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
+[Service]
+Type=simple
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+RestrictAddressFamilies=
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
+ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-security/suricata/suricata_4.0.0.bb b/recipes-security/suricata/suricata_4.0.0.bb
index 7ab3077..91136bf 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
 SRC_URI += " \
           file://volatiles.03_suricata \
           file://suricata.yaml \
+           file://suricata.service \
           "
-inherit autotools-brokensep pkgconfig python-dir 
+inherit autotools-brokensep pkgconfig python-dir systemd 
 CFLAGS += "-D_DEFAULT_SOURCE"
@@ -45,6 +46,16 @@ do_install_append () {
    install -m 644 reference.config ${D}${sysconfdir}/suricata
    install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
    install -m 0644 ${WORKDIR}/volatiles.03_suricata  ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
+    install -d ${D}${systemd_unitdir}/system
+    sed  -e s:/etc:${sysconfdir}:g \
+         -e s:/var/run:/run:g \
+         -e s:/var:${localstatedir}:g \
+         -e s:/usr/bin:${bindir}:g \
+         -e s:/bin/kill:${base_bindir}/kill:g \
+         -e s:/usr/lib:${libdir}:g \
+         ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
 }
 pkg_postinst_ontarget_${PN} () {
@@ -53,8 +64,10 @@ if [ -e /etc/init.d/populate-volatile.sh ] ; then
 fi
 }
+SYSTEMD_PACKAGES = "${PN}"
 PACKAGES =+ "${PN}-python"
-FILES_${PN} += "${logdir}/suricata"
+FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
 FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
author	Koen Kooi <koen@dominion.thruhere.net>	2018-08-01 10:09:22 +0200
committer	Armin Kuster <akuster808@gmail.com>	2018-08-04 07:50:07 -0700
commit	e58ad185be7cc79cf83afb516ff7850a26bef1b8 (patch)
tree	dff43398842d42a9c40110e19d7aa9a2c1718c5e
parent	a0a31609239d71608ef9cc8326060c0aff4c2170 (diff)
download	meta-security-e58ad185be7cc79cf83afb516ff7850a26bef1b8.tar.gz

diff --git a/recipes-security/suricata/files/suricata.service b/recipes-security/suricata/files/suricata.service new file mode 100644 index 0000000..a99a76e --- /dev/null +++ b/recipes-security/suricata/files/suricata.service
@@ -0,0 +1,20 @@
		1	[Unit]
		2	Description=Suricata IDS/IDP daemon
		3	After=network.target
		4	Requires=network.target
		5	Documentation=man:suricata(8) man:suricatasc(8)
		6	Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
		7
		8	[Service]
		9	Type=simple
		10	CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
		11	RestrictAddressFamilies=
		12	ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
		13	ExecReload=/bin/kill -HUP $MAINPID
		14	PrivateTmp=yes
		15	ProtectHome=yes
		16	ProtectSystem=yes
		17
		18	[Install]
		19	WantedBy=multi-user.target
		20


diff --git a/recipes-security/suricata/suricata_4.0.0.bb b/recipes-security/suricata/suricata_4.0.0.bb index 7ab3077..91136bf 100644 --- a/recipes-security/suricata/suricata_4.0.0.bb +++ b/recipes-security/suricata/suricata_4.0.0.bb
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
7	SRC_URI += " \	7	SRC_URI += " \
8	file://volatiles.03_suricata \	8	file://volatiles.03_suricata \
9	file://suricata.yaml \	9	file://suricata.yaml \
		10	file://suricata.service \
10	"	11	"
11		12
12	inherit autotools-brokensep pkgconfig python-dir	13	inherit autotools-brokensep pkgconfig python-dir systemd
13		14
14	CFLAGS += "-D_DEFAULT_SOURCE"	15	CFLAGS += "-D_DEFAULT_SOURCE"
15		16
@@ -45,6 +46,16 @@ do_install_append () {
45	install -m 644 reference.config ${D}${sysconfdir}/suricata	46	install -m 644 reference.config ${D}${sysconfdir}/suricata
46	install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata	47	install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
47	install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata	48	install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
		49
		50	install -d ${D}${systemd_unitdir}/system
		51	sed -e s:/etc:${sysconfdir}:g \
		52	-e s:/var/run:/run:g \
		53	-e s:/var:${localstatedir}:g \
		54	-e s:/usr/bin:${bindir}:g \
		55	-e s:/bin/kill:${base_bindir}/kill:g \
		56	-e s:/usr/lib:${libdir}:g \
		57	${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
		58
48	}	59	}
49		60
50	pkg_postinst_ontarget_${PN} () {	61	pkg_postinst_ontarget_${PN} () {
@@ -53,8 +64,10 @@ if [ -e /etc/init.d/populate-volatile.sh ] ; then
53	fi	64	fi
54	}	65	}
55		66
		67	SYSTEMD_PACKAGES = "${PN}"
		68
56	PACKAGES =+ "${PN}-python"	69	PACKAGES =+ "${PN}-python"
57	FILES_${PN} += "${logdir}/suricata"	70	FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
58	FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"	71	FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
59		72
60	CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"	73	CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"