aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md2
-rw-r--r--net-analyzer/ntopng/Manifest9
-rw-r--r--net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch31
-rw-r--r--net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github246
-rw-r--r--net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch60
-rw-r--r--net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch17
-rw-r--r--net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch15
-rw-r--r--net-analyzer/ntopng/files/ntopng.conf.d11
-rw-r--r--net-analyzer/ntopng/files/ntopng.init.d19
-rw-r--r--net-analyzer/ntopng/ntopng-3.0-r1.ebuild75
10 files changed, 485 insertions, 0 deletions
diff --git a/README.md b/README.md
index 0b60f3c6..bb101652 100644
--- a/README.md
+++ b/README.md
@@ -333,6 +333,8 @@ used to build perl)
* Re-factor munin to operate as a webapp, and remove configuration from `/etc`
* net-analyzer/netdata
* With modifications to upstream ebuild and init script
+* net-analyzer/ntopng
+ * Remove some of the more onerous limitations from the community edition, use source from `3.0-stable` branch rather than `3.0` tag
* net-analyzer/suricata
* Minor ebuild fixes, automatically fetch latest rules on build
* net-dialup/ppp
diff --git a/net-analyzer/ntopng/Manifest b/net-analyzer/ntopng/Manifest
new file mode 100644
index 00000000..b939b09b
--- /dev/null
+++ b/net-analyzer/ntopng/Manifest
@@ -0,0 +1,9 @@
+AUX ntopng-3.0-fix-insecure-permissions.patch 897 SHA256 9ce4e11eb1438d7d50d71aaae30a29a083b59c120db8b1d0a4ae723bd08227cc SHA512 ee25acb63b2f6ad88c1e0b29c11ba9ad45b22d7bac45d5994945f4d6c8cae8c7ae3eead179f458cbfe5fc7bdf9603dcf705f7fb5ce1dacf67b6a2697cfd64104 WHIRLPOOL d04e03f0c86e66a75cf715d22bd685e850c3514b74be899e7bf05db07f85d8dfaa57dbd83c6b43ad1d04c189f9fffcb4d70f30165247442fc80cd66e3f7237f1
+AUX ntopng-3.0-fix-insecure-permissions.patch.github 7905 SHA256 1f412ff80ec686bac707692c74630b7d0639698fc528b3c14e64081d63ca8210 SHA512 17631d9e85035ed375355bdf4b3e17bf1cc2e92d8c470e76231c32a32701d827aceb790b0e8025ed726327d87ba50316f4870731fafc09c54a2df3cc82be80f0 WHIRLPOOL 39c1561a9aae604ce3cdf43579233396b0d64620b27d80a7fbf4fe12dd5d71b29b6d63c497217864a3a6fb5b6abef9b465fafa9dcd37699db3482f42690a7fb8
+AUX ntopng-3.0-gentoo.patch 1596 SHA256 6e2d5a9f0a320e3683a94b93bdd1e3e681dc9eb4cfdbc4c2b6f2f235ab29174f SHA512 fcab6670255d7c756694091d6b53a7880a74e8840fa8f77ec81b072dbe7c7a5ec5b4550892dc78c45304ee437a309fe8c79293f6205c570685b8f13178c1c306 WHIRLPOOL f70ce3194c543804c04fbaa6d6f2a16c359fe5face2deba9d5d9e9a0cd93a43118a48bd8069e09ad4f0a0b4213cd63bcfb67e635558f377a1304cbe7bdeb900d
+AUX ntopng-3.0-mysqltool.patch 430 SHA256 94e7825ca4e2cb4a115c1f06623537101af3a14aa78da4a263278d7aad18fa7e SHA512 82b06a14f471bd037743a7563a80d6460e63ff262252d0318e40ba25bf8da849bc0394a5fa4d54befd5df6bd4b645b86711708198f8971d54eb15e8f32c83cd5 WHIRLPOOL 0c0d6f5c903dd1d5fa28ab95ddbe5a3a34fc9b25eaa5a04e71b09f563443b1c84f76977f0dd0dd73c401fdd1b4a682c2cdf49a4addedd51c77a4c82fcbc0ed2e
+AUX ntopng-3.0-remove-pool-limits.patch 621 SHA256 0b79dfeb4d378e97728712449be480cb0a9a38dc8fe77fc799f3664bc53983b9 SHA512 ff6125d7d34acf5fccc5c89f145da34998f527963c4a70d847f0482a64b086ad6315bf4d225e2dae79269fb37d7f7f4820a44db7ce9998c7d021b1c3a1ee0591 WHIRLPOOL adbfb6e770b0e2ceb7bf6eae5c0425030885814b9817e4ae0db0be19f85d186637a4be25b4acfdfdf5aa751d1628c98680900ddb3b9e39d728af5ba408f98945
+AUX ntopng.conf.d 480 SHA256 82c7f3c681390c34984e4c179c0e21beb94c67e90e4e327895d79774be7dca1b SHA512 62e6311bed433ad42cae4a32feadb0eab30913c10a3cb7fef7124f9eb7c9fe252f8676314d5d678574d2a470df77b4a9b409b82bc7147cd94eee31d9f0a78e4f WHIRLPOOL 3e9ec75f663b50ed64f96626b32baecd1ae4da9a5c76f0ad0cbb98908e4574614e51dc0c529b3a50ff9ac85f28b1c4f63b8da9b42e7a023e7f0061e8949fca60
+AUX ntopng.init.d 528 SHA256 e47c210d43e087b09a65ff58d6c9c17798589b407c79638d9c36369546f5ea27 SHA512 4aaf66a14b4a1112e91e90822fe9fa02b831bfa34578d183ff642d6245169e70504df7a473555afc6968958d7481df731eb9d80f24a0694f6a2230dc90517912 WHIRLPOOL 6acc955ba86fdaf2d41a5ec67f0eb99307bff57035677ccde3cef188003a0ac8eba82b73fc310b2348722c1fac0623f0aee602666197ef8eb0c7303dcbd00c1a
+DIST ntopng-3.0.tar.gz 23022054 SHA256 6497e49d5e95383ee5d06e8dbd146ade4e9970b7bd243d1070888ca4ed025d75 SHA512 4868156254d4e658caa2e7418efa9afd2b70b48dcbefd1232de55d59af9d665ce495ef80f9cea794cee12b4e57224cd163370d08752117b6eabb797b2af3982e WHIRLPOOL 7ac049528c825b2c914e030d022be5e6f1dd51722e9b066329c9657fe0697d054e98deee90a60e4ac02e9cb2c45d00fe5c83e423dd5fd15a372a3761e5d0609d
+EBUILD ntopng-3.0-r1.ebuild 1658 SHA256 e3d4aa05177e94a6eaaa5996f5bc3e899dfbe6acb0c38b4f72156217e130c7f2 SHA512 defbdac1094e780ed6519a9aa8a20e885c5d8ca164ae3e6dac9ceb877111ed6d8f00eec8b5766bb1b7d66ab7d6c866e5fdbc2ca35bc7c1de31b18265f1c6f05d WHIRLPOOL 52015a379118b81bae5d5417ee277fed12a4fa0b7b2be8c12fd5fcbe7cd2a8906ffa46a81e62a35b2413031d8900fe657ba71ef4a28b7f02673efce1607001a5
diff --git a/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch
new file mode 100644
index 00000000..0f2ab49d
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch
@@ -0,0 +1,31 @@
+--- a/src/Utils.cpp
++++ b/src/Utils.cpp
+@@ -373,7 +373,7 @@ int Utils::dropPrivileges() {
+ ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate user %s", username);
+ return -1;
+ }
+- umask(0);
++ umask(S_IWGRP | S_IROTH | S_IWOTH);
+ #endif
+ return 0;
+ }
+--- a/src/Ntop.cpp
++++ b/src/Ntop.cpp
+@@ -90,7 +90,7 @@ Ntop::Ntop(char *appName) {
+ /* Folder will be created lazily, avoid creating it now */
+ snprintf(working_dir, sizeof(working_dir), "%s/ntopng", CONST_DEFAULT_WRITABLE_DIR);
+
+- umask(0);
++ umask(S_IWGRP | S_IROTH | S_IWOTH);
+
+ if(getcwd(startup_dir, sizeof(startup_dir)) == NULL)
+ ntop->getTrace()->traceEvent(TRACE_ERROR,
+@@ -1321,7 +1321,7 @@ void Ntop::daemonize() {
+ /*
+ * clear any inherited file mode creation mask
+ */
+- umask(0);
++ umask(S_IWGRP | S_IROTH | S_IWOTH);
+
+ /*
+ * Use line buffered stdout
diff --git a/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github
new file mode 100644
index 00000000..ed1a3422
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github
@@ -0,0 +1,246 @@
+commit 4b2d6c8af69e54dc00a28f7fa5c649385bbabad4
+Author: Simone Mainardi <mainardi@ntop.org>
+Date: Tue Oct 3 16:47:18 2017 +0200
+
+ Hardening: more restrictive permissions of created files and dirs
+
+ As top_talkers and alerts_db were created with root privileges,
+ a chown may be required if the process is run with nobody
+
+ -rw-r--r-- 1 root root 3.0K Oct 3 16:35 top_talkers.db
+
+ Fixes #1486
+
+diff --git a/scripts/callbacks/startup.lua b/scripts/callbacks/startup.lua
+index d9d9d9c8..e183df0c 100644
+--- a/scripts/callbacks/startup.lua
++++ b/scripts/callbacks/startup.lua
+@@ -15,9 +15,8 @@ if(ntop.isPro()) then
+ end
+
+ require "lua_utils"
+-require "alert_utils"
+ require "blacklist_utils"
+-require "db_utils"
++
+ local host_pools_utils = require "host_pools_utils"
+ local http_bridge_conf_utils = require "http_bridge_conf_utils"
+
+@@ -55,41 +54,6 @@ if(ntop.isPro()) then
+ shaper_utils.initShapers()
+ end
+
+--- old host alerts were global and did not consider vlans
+--- this part of the script aims at converting old global alerts to per-interface, vlan aware alerts
+-
+--- convert host alert to include interfaces and vlans
+-for _, timespan in ipairs(alerts_granularity) do
+- granularity = timespan[1]
+- -- this is the old hash table that didn't include interfaces or vlans
+- local hash_name = "ntopng.prefs.alerts_"..granularity
+- -- grab the old hosts
+- local hosts = ntop.getHashKeysCache(hash_name)
+- if hosts ~= nil then
+- for h in pairs(hosts) do
+- local hash_val = ntop.getHashCache(hash_name, h)
+- -- if here, we need to migrate the old hosts. Assumptions are that hosts
+- -- will be set for _all_ interfaces and for vlan 0
+-
+- -- h can be iface_2 or a subnet such as 192.168.2.0/24 or an host such as 192.168.2.2
+- if not string.starts(h, "iface_") then
+- if not string.match(h, "/") then
+- -- this is an host so we want to add the vlan
+- h = h.."@0"
+- end
+- end
+-
+- for _, ifname in pairs(interface.getIfNames()) do
+- local ifid = getInterfaceId(ifname)
+- local new_hash_name = get_alerts_hash_name(granularity, ifname)
+- ntop.setHashCache(new_hash_name, h, hash_val)
+- end
+- end
+- -- remember to delete the hash with named hash_name
+- ntop.delCache(hash_name)
+- end
+-end
+-
+ -- Use a specific bridging_policy_target_type default for previous user installations
+ if isEmptyString(ntop.getPref("ntopng.prefs.bridging_policy_target_type")) then
+ for _, ifname in pairs(interface.getIfNames()) do
+@@ -105,34 +69,11 @@ if isEmptyString(ntop.getPref("ntopng.prefs.bridging_policy_target_type")) then
+ end
+ end
+
+--- convert suppressed alerts to include interfaces and vlans
+-local hash_name = "ntopng.prefs.alerts"
+--- grab the old hosts
+-local suppressed_alerts = ntop.getHashKeysCache(hash_name)
+-if suppressed_alerts ~= nil then
+- for h in pairs(suppressed_alerts) do
+- -- h can be iface_2 or a subnet such as 192.168.2.0/24 or an host such as 192.168.2.2
+- if not string.starts(h, "iface_") then
+- if not string.match(h, "/") then
+- -- this is an host so we want to add the vlan
+- h = h.."@0"
+- end
+- end
+- for _, ifname in pairs(interface.getIfNames()) do
+- local ifid = getInterfaceId(ifname)
+- local new_hash_name = "ntopng.prefs.alerts.ifid_"..tostring(ifid)
+- ntop.setHashCache(new_hash_name, h, "false")
+- end
+- end
+-end
+--- remember to delete the hash with named hash_name
+-ntop.delCache(hash_name)
+-
+ -- ##################################################################
+
+ initCustomnDPIProtoCategories()
+ loadHostBlackList()
+-checkOpenFiles()
++
+ -- TODO: migrate custom re-arm settings
+
+ -- this will retrieve host pools and policers configurtions via HTTP if enabled
+diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
+index f5a40343..c0426273 100644
+--- a/src/NetworkInterface.cpp
++++ b/src/NetworkInterface.cpp
+@@ -211,15 +211,11 @@ NetworkInterface::NetworkInterface(const char *name,
+ loadDumpPrefs();
+ loadScalingFactorPrefs();
+
+- if(((statsManager = new StatsManager(id, STATS_MANAGER_STORE_NAME)) == NULL)
+- || ((alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME)) == NULL))
+- throw "Not enough memory";
++ statsManager = NULL, alertsManager = NULL;
+
+ if((host_pools = new HostPools(this)) == NULL)
+ throw "Not enough memory";
+
+- alertLevel = alertsManager->getNumAlerts(true);
+-
+ #ifdef linux
+ /*
+ A bit aggressive but as people usually
+@@ -5205,6 +5201,8 @@ void NetworkInterface::allocateNetworkStats() {
+
+ try {
+ networkStats = new NetworkStats[numNetworks];
++ statsManager = new StatsManager(id, STATS_MANAGER_STORE_NAME);
++ alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME);
+ } catch(std::bad_alloc& ba) {
+ static bool oom_warning_sent = false;
+
+@@ -5212,9 +5210,13 @@ void NetworkInterface::allocateNetworkStats() {
+ ntop->getTrace()->traceEvent(TRACE_WARNING, "Not enough memory");
+ oom_warning_sent = true;
+ }
+-
+- networkStats = NULL;
+ }
++
++ if(alertsManager)
++ alertLevel = alertsManager->getNumAlerts(true);
++ else
++ alertLevel = 0;
++
+ }
+
+ /* **************************************** */
+diff --git a/src/Ntop.cpp b/src/Ntop.cpp
+index f629ca54..3f2956b2 100644
+--- a/src/Ntop.cpp
++++ b/src/Ntop.cpp
+@@ -94,7 +94,7 @@ Ntop::Ntop(char *appName) {
+ /* Folder will be created lazily, avoid creating it now */
+ snprintf(working_dir, sizeof(working_dir), "%s/ntopng", CONST_DEFAULT_WRITABLE_DIR);
+
+- umask(0);
++ //umask(0);
+
+ if(getcwd(startup_dir, sizeof(startup_dir)) == NULL)
+ ntop->getTrace()->traceEvent(TRACE_ERROR,
+@@ -1384,7 +1384,7 @@ void Ntop::daemonize() {
+ /*
+ * clear any inherited file mode creation mask
+ */
+- umask(0);
++ //umask(0);
+
+ /*
+ * Use line buffered stdout
+diff --git a/src/Prefs.cpp b/src/Prefs.cpp
+index f46c1fa9..c752ba21 100755
+--- a/src/Prefs.cpp
++++ b/src/Prefs.cpp
+@@ -1162,20 +1162,6 @@ int Prefs::setOption(int optkey, char *optarg) {
+ /* ******************************************* */
+
+ int Prefs::checkOptions() {
+-#ifndef WIN32
+- if(daemonize)
+-#endif
+- {
+- char path[MAX_PATH];
+-
+- ntop_mkdir(data_dir, 0777);
+- ntop_mkdir(ntop->get_working_dir(), 0777);
+- snprintf(path, sizeof(path), "%s/ntopng.log", ntop->get_working_dir() /* "C:\\Windows\\Temp" */);
+- ntop->fixPath(path);
+- ntop->registerLogFile(path);
+- ntop->rotateLogs(true /* Force rotation to start clean */);
+- }
+-
+ if(install_dir)
+ ntop->set_install_dir(install_dir);
+
+diff --git a/src/Utils.cpp b/src/Utils.cpp
+index 6461fe79..8938316c 100755
+--- a/src/Utils.cpp
++++ b/src/Utils.cpp
+@@ -310,7 +310,7 @@ bool Utils::mkdir_tree(char *path) {
+ ntop->fixPath(path);
+
+ if(stat(path, &s) != 0) {
+- int permission = 0777;
++ int permission = 0700;
+
+ /* Start at 1 to skip the root */
+ for(int i=1; path[i] != '\0'; i++)
+@@ -448,7 +448,7 @@ int Utils::dropPrivileges() {
+ ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate user %s", username);
+ return -1;
+ }
+- umask(0);
++ // umask(0);
+ #endif
+ return 0;
+ }
+diff --git a/src/main.cpp b/src/main.cpp
+index 048b7537..04b91d8c 100644
+--- a/src/main.cpp
++++ b/src/main.cpp
+@@ -361,6 +361,20 @@ int main(int argc, char *argv[])
+ unlink(path);
+ }
+
++#ifndef WIN32
++ if(prefs->daemonize_ntopng())
++#endif
++ {
++ char path[MAX_PATH];
++
++ Utils::mkdir_tree(ntop->get_data_dir());
++ Utils::mkdir_tree(ntop->get_working_dir());
++ snprintf(path, sizeof(path), "%s/ntopng.log", ntop->get_working_dir() /* "C:\\Windows\\Temp" */);
++ ntop->fixPath(path);
++ ntop->registerLogFile(path);
++ ntop->rotateLogs(true /* Force rotation to start clean */);
++ }
++
+ if(prefs->get_httpbl_key() != NULL)
+ ntop->setHTTPBL(new HTTPBL(prefs->get_httpbl_key()));
+
diff --git a/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch b/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch
new file mode 100644
index 00000000..90d7aace
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch
@@ -0,0 +1,60 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -19,7 +19,6 @@
+ # On CentOS 6 `git rev-list HEAD --count` does not work
+ #
+ #
+-REVISION=`git log --pretty=oneline | wc -l`
+
+ if test -d "/usr/local/include"; then
+ CFLAGS="${CFLAGS} -I/usr/local/include"
+@@ -48,33 +47,6 @@
+
+ SHORT_MACHINE=`uname -m | cut -b1-3`
+
+-GIT_RELEASE="@GIT_RELEASE@"
+-GIT_DATE="@GIT_DATE@"
+-GIT_BRANCH="@GIT_BRANCH@"
+-PRO_GIT_RELEASE="@PRO_GIT_RELEASE@"
+-PRO_GIT_DATE="@PRO_GIT_DATE@"
+-
+-AC_MSG_CHECKING(for nDPI)
+-NDPI_HOME=./nDPI
+-if test -d "$NDPI_HOME" ; then :
+- AC_MSG_RESULT(found in $NDPI_HOME)
+-else
+- NDPI_HOME=../nDPI
+- if test -d "$NDPI_HOME"; then :
+- AC_MSG_RESULT(found in $NDPI_HOME)
+- else
+- NDPI_HOME=$HOME/nDPI
+- if test -d "$NDPI_HOME"; then :
+- AC_MSG_RESULT(found in $NDPI_HOME)
+- else
+- AC_MSG_RESULT(not found)
+- echo "Please do cd ..; git clone https://github.com/ntop/nDPI.git; cd nDPI; ./autogen.sh; make; cd ../ntopng"
+- echo " and try again"
+- exit
+- fi
+- fi
+-fi
+-
+ if test -d "/usr/include/openssl"; then :
+ AC_DEFINE_UNQUOTED(NO_SSL_DL, 1, [has openssl])
+ SSL_INC="`pkg-config --cflags libssl` -I/usr/include/openssl"
+@@ -53,15 +53,6 @@
+ SSL_LIB="`pkg-config --libs libssl` -lssl -lcrypto"
+ fi
+
+-NDPI_LIB=$NDPI_HOME/src/lib/.libs/libndpi.a
+-AC_MSG_CHECKING(for $NDPI_LIB)
+-if test -f "$NDPI_LIB" ; then :
+- AC_MSG_RESULT(found $NDPI_LIB)
+-else
+- AC_MSG_RESULT(not found $NDPI_LIB: compiling)
+- cd $NDPI_HOME; ./autogen.sh; make; cd -
+-fi
+-
+ AC_MSG_CHECKING(for ntopng professional edition)
+ PRO_MAKEFILE_INC=
+ PRO_INC=
diff --git a/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch b/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch
new file mode 100644
index 00000000..4d2244b5
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch
@@ -0,0 +1,17 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -335,13 +335,7 @@
+ if test "x$ac_cv_prog_ac_ct_MARIADB" = "xmariadb_config"; then
+ MYSQLTOOL="mariadb_config"
+ else
+- PATH=$PATH:/usr/local/mysql/bin
+- AC_CHECK_TOOL(MYSQL, mysql_config)
+- if test "x$ac_cv_prog_ac_ct_MYSQL" = "xmysql_config"; then
+- MYSQLTOOL="mysql_config"
+- else
+- MYSQLTOOL=""
+- fi
++ MYSQLTOOL="mysql_config"
+ fi
+
+ if test -n "$MYSQLTOOL"; then
diff --git a/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch b/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch
new file mode 100644
index 00000000..77822b3c
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch
@@ -0,0 +1,15 @@
+--- a/include/ntop_defines.h
++++ b/include/ntop_defines.h
+@@ -106,9 +106,9 @@
+ #define MAX_NUM_INTERFACES 48
+ #define MAX_NUM_VIEW_INTERFACES 8
+
+-#define LIMITED_NUM_HOST_POOLS 4 /* 3 pools plus the NO_HOST_POOL_ID */
+-#define LIMITED_NUM_PROFILES 16
+-#define LIMITED_NUM_POOL_MEMBERS 8
++#define LIMITED_NUM_HOST_POOLS 128 /* 4 */ /* 3 pools plus the NO_HOST_POOL_ID */
++#define LIMITED_NUM_PROFILES 128 /* 16 */
++#define LIMITED_NUM_POOL_MEMBERS 256 /* 8 */
+ #ifndef NTOPNG_PRO
+ #define MAX_NUM_HOST_POOLS LIMITED_NUM_HOST_POOLS
+ #define MAX_NUM_PROFILES LIMITED_NUM_PROFILES
diff --git a/net-analyzer/ntopng/files/ntopng.conf.d b/net-analyzer/ntopng/files/ntopng.conf.d
new file mode 100644
index 00000000..e6c60dd0
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng.conf.d
@@ -0,0 +1,11 @@
+# Specify interface(s) to record traffic from:
+NTOPNG_OPTS="-i eth0"
+
+# Specify local network, to ensure that remote hosts don't cause the amount of
+# data ntopng records to grow in an uncontrolled fashion:
+NTOPNG_OPTS="${NTOPNG_OPTS} -m 192.168.0.0/16"
+
+# Specify the directory ntopng should write data to - noting that it will fall-
+# back to using /usr/tmp/ntopng if this directory is considered inaccessible
+# for any reason...
+NTOPNG_OPTS="${NTOPNG_OPTS} -d /var/lib/ntopng"
diff --git a/net-analyzer/ntopng/files/ntopng.init.d b/net-analyzer/ntopng/files/ntopng.init.d
new file mode 100644
index 00000000..1e100423
--- /dev/null
+++ b/net-analyzer/ntopng/files/ntopng.init.d
@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need net redis
+}
+
+start() {
+ ebegin "Starting ntopng"
+ start-stop-daemon --start --exec /usr/bin/ntopng --pidfile /var/run/ntopng.pid --make-pidfile --background -e LUA_PATH='/usr/share/ntopng/scripts/lua/modules/?.lua' -- --user ntopng ${NTOPNG_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ntopng"
+ start-stop-daemon --stop --exec /usr/bin/ntopng --pidfile /var/run/ntopng.pid
+ eend $?
+}
diff --git a/net-analyzer/ntopng/ntopng-3.0-r1.ebuild b/net-analyzer/ntopng/ntopng-3.0-r1.ebuild
new file mode 100644
index 00000000..decdc18b
--- /dev/null
+++ b/net-analyzer/ntopng/ntopng-3.0-r1.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit autotools user toolchain-funcs
+
+DESCRIPTION="Network traffic analyzer with web interface"
+HOMEPAGE="http://www.ntop.org/"
+SRC_URI="https://github.com/ntop/${PN}/archive/${PV}-stable.tar.gz -> ${P}.tar.gz"
+RESTRICT="mirror"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+DEPEND="dev-db/sqlite:3
+ dev-python/pyzmq
+ dev-lang/luajit:2
+ dev-libs/json-c
+ dev-libs/geoip
+ dev-libs/glib:2
+ dev-libs/hiredis
+ dev-libs/libxml2
+ net-analyzer/rrdtool
+ net-libs/libpcap
+ net-libs/nDPI
+ net-misc/curl
+ virtual/libmysqlclient"
+RDEPEND="${DEPEND}
+ dev-db/redis"
+PATCHES=(
+ "${FILESDIR}"/${P}-gentoo.patch
+ "${FILESDIR}"/${P}-mysqltool.patch
+ "${FILESDIR}"/${P}-remove-pool-limits.patch
+ "${FILESDIR}"/${P}-fix-insecure-permissions.patch
+)
+
+src_prepare() {
+ sed -e "s/@VERSION@/${PV}/g;s/@SHORT_VERSION@/${PV}/g" < "${S}/configure.seed" > "${S}/configure.ac" || die
+
+ default
+
+ eautoreconf
+}
+
+src_install() {
+ SHARE_NTOPNG_DIR="${EPREFIX}/usr/share/${PN}"
+ dodir ${SHARE_NTOPNG_DIR}
+ insinto ${SHARE_NTOPNG_DIR}
+ doins -r httpdocs
+ doins -r scripts
+
+ dodir ${SHARE_NTOPNG_DIR}/third-party
+ insinto ${SHARE_NTOPNG_DIR}/third-party
+ doins -r third-party/i18n.lua-master
+ doins -r third-party/lua-resty-template-master
+
+ exeinto /usr/bin
+ doexe ${PN}
+ doman ${PN}.8
+
+ newinitd "${FILESDIR}/ntopng.init.d" ntopng
+ newconfd "${FILESDIR}/ntopng.conf.d" ntopng
+
+ dodir "/var/lib/ntopng"
+ fowners ntopng "${EPREFIX}/var/lib/ntopng"
+}
+
+pkg_setup() {
+ enewuser ntopng
+}
+
+pkg_postinst() {
+ elog "ntopng default credentials are user='admin' password='admin'"
+}