diff options
author | Koen Kooi <koen@dominion.thruhere.net> | 2018-08-01 10:09:22 +0200 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2018-08-04 07:50:07 -0700 |
commit | e58ad185be7cc79cf83afb516ff7850a26bef1b8 (patch) | |
tree | dff43398842d42a9c40110e19d7aa9a2c1718c5e /recipes-security | |
parent | a0a31609239d71608ef9cc8326060c0aff4c2170 (diff) | |
download | meta-security-e58ad185be7cc79cf83afb516ff7850a26bef1b8.tar.gz |
suricata: add systemd unit
Based on the debian systemd unit.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
-rw-r--r-- | recipes-security/suricata/files/suricata.service | 20 | ||||
-rw-r--r-- | recipes-security/suricata/suricata_4.0.0.bb | 17 |
2 files changed, 35 insertions, 2 deletions
diff --git a/recipes-security/suricata/files/suricata.service b/recipes-security/suricata/files/suricata.service new file mode 100644 index 0000000..a99a76e --- /dev/null +++ b/recipes-security/suricata/files/suricata.service | |||
@@ -0,0 +1,20 @@ | |||
1 | [Unit] | ||
2 | Description=Suricata IDS/IDP daemon | ||
3 | After=network.target | ||
4 | Requires=network.target | ||
5 | Documentation=man:suricata(8) man:suricatasc(8) | ||
6 | Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki | ||
7 | |||
8 | [Service] | ||
9 | Type=simple | ||
10 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW | ||
11 | RestrictAddressFamilies= | ||
12 | ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0 | ||
13 | ExecReload=/bin/kill -HUP $MAINPID | ||
14 | PrivateTmp=yes | ||
15 | ProtectHome=yes | ||
16 | ProtectSystem=yes | ||
17 | |||
18 | [Install] | ||
19 | WantedBy=multi-user.target | ||
20 | |||
diff --git a/recipes-security/suricata/suricata_4.0.0.bb b/recipes-security/suricata/suricata_4.0.0.bb index 7ab3077..91136bf 100644 --- a/recipes-security/suricata/suricata_4.0.0.bb +++ b/recipes-security/suricata/suricata_4.0.0.bb | |||
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd | |||
7 | SRC_URI += " \ | 7 | SRC_URI += " \ |
8 | file://volatiles.03_suricata \ | 8 | file://volatiles.03_suricata \ |
9 | file://suricata.yaml \ | 9 | file://suricata.yaml \ |
10 | file://suricata.service \ | ||
10 | " | 11 | " |
11 | 12 | ||
12 | inherit autotools-brokensep pkgconfig python-dir | 13 | inherit autotools-brokensep pkgconfig python-dir systemd |
13 | 14 | ||
14 | CFLAGS += "-D_DEFAULT_SOURCE" | 15 | CFLAGS += "-D_DEFAULT_SOURCE" |
15 | 16 | ||
@@ -45,6 +46,16 @@ do_install_append () { | |||
45 | install -m 644 reference.config ${D}${sysconfdir}/suricata | 46 | install -m 644 reference.config ${D}${sysconfdir}/suricata |
46 | install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata | 47 | install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata |
47 | install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata | 48 | install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata |
49 | |||
50 | install -d ${D}${systemd_unitdir}/system | ||
51 | sed -e s:/etc:${sysconfdir}:g \ | ||
52 | -e s:/var/run:/run:g \ | ||
53 | -e s:/var:${localstatedir}:g \ | ||
54 | -e s:/usr/bin:${bindir}:g \ | ||
55 | -e s:/bin/kill:${base_bindir}/kill:g \ | ||
56 | -e s:/usr/lib:${libdir}:g \ | ||
57 | ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service | ||
58 | |||
48 | } | 59 | } |
49 | 60 | ||
50 | pkg_postinst_ontarget_${PN} () { | 61 | pkg_postinst_ontarget_${PN} () { |
@@ -53,8 +64,10 @@ if [ -e /etc/init.d/populate-volatile.sh ] ; then | |||
53 | fi | 64 | fi |
54 | } | 65 | } |
55 | 66 | ||
67 | SYSTEMD_PACKAGES = "${PN}" | ||
68 | |||
56 | PACKAGES =+ "${PN}-python" | 69 | PACKAGES =+ "${PN}-python" |
57 | FILES_${PN} += "${logdir}/suricata" | 70 | FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}" |
58 | FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" | 71 | FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}" |
59 | 72 | ||
60 | CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" | 73 | CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml" |