aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--DEVELOPERS1
-rw-r--r--package/Config.in1
-rw-r--r--package/suricata/Config.in22
-rw-r--r--package/suricata/S99suricata64
-rw-r--r--package/suricata/suricata.hash6
-rw-r--r--package/suricata/suricata.mk126
-rw-r--r--package/suricata/suricata.service14
7 files changed, 234 insertions, 0 deletions
diff --git a/DEVELOPERS b/DEVELOPERS
index ea6b802de4..e5b69c3ade 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -838,6 +838,7 @@ F: package/python-jedi/
F: package/python-parso/
F: package/rygel/
F: package/safeclib/
+F: package/suricata/
F: package/tinycbor/
F: package/tinydtls/
F: package/tinymembench/
diff --git a/package/Config.in b/package/Config.in
index 4f3836ae10..091b16d02d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2040,6 +2040,7 @@ endif
source "package/sslh/Config.in"
source "package/strongswan/Config.in"
source "package/stunnel/Config.in"
+ source "package/suricata/Config.in"
source "package/tcpdump/Config.in"
source "package/tcping/Config.in"
source "package/tcpreplay/Config.in"
diff --git a/package/suricata/Config.in b/package/suricata/Config.in
new file mode 100644
index 0000000000..2add34956e
--- /dev/null
+++ b/package/suricata/Config.in
@@ -0,0 +1,22 @@
+config BR2_PACKAGE_SURICATA
+ bool "suricata"
+ depends on BR2_USE_MMU # fork()
+ depends on BR2_USE_WCHAR
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ select BR2_PACKAGE_LIBHTP
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_LIBYAML
+ select BR2_PACKAGE_PCRE
+ help
+ Suricata is a free and open source, mature, fast and robust
+ network threat detection engine.
+
+ The Suricata engine is capable of real time intrusion
+ detection (IDS), inline intrusion prevention (IPS), network
+ security monitoring (NSM) and offline pcap processing.
+
+ https://suricata-ids.org
+
+comment "suricata needs a toolchain w/ wchar, threads"
+ depends on BR2_USE_MMU
+ depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/suricata/S99suricata b/package/suricata/S99suricata
new file mode 100644
index 0000000000..7c2b966521
--- /dev/null
+++ b/package/suricata/S99suricata
@@ -0,0 +1,64 @@
+#!/bin/sh
+
+DAEMON=suricata
+PIDFILE=/var/run/$DAEMON.pid
+
+SURICATA_ARGS="-c /etc/suricata/suricata.yaml -i eth0"
+
+SURICATA_RELOAD=0
+
+[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
+
+start() {
+ printf 'Starting %s: ' "$DAEMON"
+ mkdir -p /var/log/suricata
+ start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/usr/bin/$DAEMON" \
+ -- $SURICATA_ARGS
+ status=$?
+ if [ "$status" -eq 0 ]; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ return "$status"
+}
+
+stop() {
+ printf 'Stopping %s: ' "$DAEMON"
+ start-stop-daemon -K -q -p "$PIDFILE"
+ status=$?
+ if [ "$status" -eq 0 ]; then
+ rm -f "$PIDFILE"
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ return "$status"
+}
+
+restart() {
+ stop
+ sleep 1
+ start
+}
+
+# SIGUSR2 makes suricata reload rules
+reload() {
+ printf 'Reloading %s: ' "$DAEMON"
+ start-stop-daemon -K -s "$SURICATA_RELOAD" -q -p "$PIDFILE"
+ status=$?
+ if [ "$status" -eq 0 ]; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ return "$status"
+}
+
+case "$1" in
+ start|stop|restart|reload)
+ "$1";;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload}"
+ exit 1
+esac
diff --git a/package/suricata/suricata.hash b/package/suricata/suricata.hash
new file mode 100644
index 0000000000..44ada0115a
--- /dev/null
+++ b/package/suricata/suricata.hash
@@ -0,0 +1,6 @@
+# Locally computed:
+sha256 6cda6c80b753ce36483c6be535358b971f3890b9aa27a58c2d2f7e89dd6c6aa0 suricata-4.1.3.tar.gz
+
+# Hash for license files:
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
diff --git a/package/suricata/suricata.mk b/package/suricata/suricata.mk
new file mode 100644
index 0000000000..e5884cdfe4
--- /dev/null
+++ b/package/suricata/suricata.mk
@@ -0,0 +1,126 @@
+################################################################################
+#
+# suricata
+#
+################################################################################
+
+SURICATA_VERSION = 4.1.3
+SURICATA_SITE = https://www.openinfosecfoundation.org/download
+SURICATA_LICENSE = GPL-2.0
+SURICATA_LICENSE_FILES = COPYING LICENSE
+
+SURICATA_DEPENDENCIES = \
+ host-pkgconf \
+ $(if $(BR2_PACKAGE_JANSSON),jansson) \
+ $(if $(BR2_PACKAGE_LIBCAP_NG),libcap-ng) \
+ $(if $(BR2_PACKAGE_LIBEVENT),libevent) \
+ libhtp \
+ $(if $(BR2_PACKAGE_LIBNFNETLINK),libnfnetlink) \
+ libpcap \
+ libyaml \
+ $(if $(BR2_PACKAGE_LZ4),lz4) \
+ $(if $(BR2_PACKAGE_LZMA),lzma) \
+ pcre
+
+SURICATA_CONF_OPTS = \
+ --disable-gccprotect \
+ --disable-pie \
+ --disable-rust \
+ --disable-suricata-update \
+ --enable-non-bundled-htp
+
+# install: install binaries
+# install-conf: install initial configuration files
+# install-full: install binaries, configuration and rules (rules will be
+# download through wget/curl)
+SURICATA_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) install install-conf
+
+ifeq ($(BR2_PACKAGE_FILE),y)
+SURICATA_DEPENDENCIES += file
+SURICATA_CONF_OPTS += --enable-libmagic
+else
+SURICATA_CONF_OPTS += --disable-libmagic
+endif
+
+ifeq ($(BR2_PACKAGE_GEOIP),y)
+SURICATA_DEPENDENCIES += geoip
+SURICATA_CONF_OPTS += --enable-geoip
+else
+SURICATA_CONF_OPTS += --disable-geoip
+endif
+
+ifeq ($(BR2_PACKAGE_HIREDIS),y)
+SURICATA_DEPENDENCIES += hiredis
+SURICATA_CONF_OPTS += --enable-hiredis
+else
+SURICATA_CONF_OPTS += --disable-hiredis
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNET),y)
+SURICATA_DEPENDENCIES += libnet
+SURICATA_CONF_OPTS += --with-libnet-includes=$(STAGING_DIR)/usr/include
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNETFILTER_LOG),y)
+SURICATA_DEPENDENCIES += libnetfilter_log
+SURICATA_CONF_OPTS += --enable-nflog
+else
+SURICATA_CONF_OPTS += --disable-nflog
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNETFILTER_QUEUE),y)
+SURICATA_DEPENDENCIES += libnetfilter_queue
+SURICATA_CONF_OPTS += --enable-nfqueue
+else
+SURICATA_CONF_OPTS += --disable-nfqueue
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNSPR),y)
+SURICATA_DEPENDENCIES += libnspr
+SURICATA_CONF_OPTS += --enable-nspr
+else
+SURICATA_CONF_OPTS += --disable-nspr
+endif
+
+ifeq ($(BR2_PACKAGE_LIBNSS),y)
+SURICATA_DEPENDENCIES += libnss
+SURICATA_CONF_OPTS += --enable-nss
+else
+SURICATA_CONF_OPTS += --disable-nss
+endif
+
+ifeq ($(BR2_PACKAGE_LUA),y)
+SURICATA_CONF_OPTS += --enable-lua
+SURICATA_DEPENDENCIES += lua
+else
+SURICATA_CONF_OPTS += --disable-lua
+endif
+
+ifeq ($(BR2_PACKAGE_LUAJIT),y)
+SURICATA_CONF_OPTS += --enable-luajit
+SURICATA_DEPENDENCIES += luajit
+else
+SURICATA_CONF_OPTS += --disable-luajit
+endif
+
+ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),y)
+SURICATA_CONF_OPTS += --enable-python
+SURICATA_DEPENDENCIES += $(if $(BR2_PACKAGE_PYTHON),python,python3)
+else
+SURICATA_CONF_OPTS += --disable-python
+endif
+
+define SURICATA_INSTALL_INIT_SYSV
+ $(INSTALL) -D -m 0755 package/suricata/S99suricata \
+ $(TARGET_DIR)/etc/init.d/S99suricata
+endef
+
+define SURICATA_INSTALL_INIT_SYSTEMD
+ $(INSTALL) -D -m 644 package/suricata/suricata.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/suricata.service
+ mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
+ ln -sf ../../../../usr/lib/systemd/system/suricata.service \
+ $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/suricata.service
+endef
+
+$(eval $(autotools-package))
diff --git a/package/suricata/suricata.service b/package/suricata/suricata.service
new file mode 100644
index 0000000000..f5cd46ac48
--- /dev/null
+++ b/package/suricata/suricata.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Suricata Intrusion Detection Service
+After=network.target
+
+[Service]
+EnvironmentFile=-/etc/default/suricata
+ExecStartPre=/bin/rm -f /var/run/suricata.pid
+ExecStartPre=/usr/bin/mkdir -p /var/log/suricata
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 --pidfile /var/run/suricata.pid
+ExecReload=/bin/kill -USR2 $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target