diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | net-analyzer/ntopng/Manifest | 9 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch | 31 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github | 246 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch | 60 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch | 17 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch | 15 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng.conf.d | 11 | ||||
-rw-r--r-- | net-analyzer/ntopng/files/ntopng.init.d | 19 | ||||
-rw-r--r-- | net-analyzer/ntopng/ntopng-3.0-r1.ebuild | 75 |
10 files changed, 485 insertions, 0 deletions
@@ -333,6 +333,8 @@ used to build perl) * Re-factor munin to operate as a webapp, and remove configuration from `/etc` * net-analyzer/netdata * With modifications to upstream ebuild and init script +* net-analyzer/ntopng + * Remove some of the more onerous limitations from the community edition, use source from `3.0-stable` branch rather than `3.0` tag * net-analyzer/suricata * Minor ebuild fixes, automatically fetch latest rules on build * net-dialup/ppp diff --git a/net-analyzer/ntopng/Manifest b/net-analyzer/ntopng/Manifest new file mode 100644 index 00000000..b939b09b --- /dev/null +++ b/net-analyzer/ntopng/Manifest @@ -0,0 +1,9 @@ +AUX ntopng-3.0-fix-insecure-permissions.patch 897 SHA256 9ce4e11eb1438d7d50d71aaae30a29a083b59c120db8b1d0a4ae723bd08227cc SHA512 ee25acb63b2f6ad88c1e0b29c11ba9ad45b22d7bac45d5994945f4d6c8cae8c7ae3eead179f458cbfe5fc7bdf9603dcf705f7fb5ce1dacf67b6a2697cfd64104 WHIRLPOOL d04e03f0c86e66a75cf715d22bd685e850c3514b74be899e7bf05db07f85d8dfaa57dbd83c6b43ad1d04c189f9fffcb4d70f30165247442fc80cd66e3f7237f1 +AUX ntopng-3.0-fix-insecure-permissions.patch.github 7905 SHA256 1f412ff80ec686bac707692c74630b7d0639698fc528b3c14e64081d63ca8210 SHA512 17631d9e85035ed375355bdf4b3e17bf1cc2e92d8c470e76231c32a32701d827aceb790b0e8025ed726327d87ba50316f4870731fafc09c54a2df3cc82be80f0 WHIRLPOOL 39c1561a9aae604ce3cdf43579233396b0d64620b27d80a7fbf4fe12dd5d71b29b6d63c497217864a3a6fb5b6abef9b465fafa9dcd37699db3482f42690a7fb8 +AUX ntopng-3.0-gentoo.patch 1596 SHA256 6e2d5a9f0a320e3683a94b93bdd1e3e681dc9eb4cfdbc4c2b6f2f235ab29174f SHA512 fcab6670255d7c756694091d6b53a7880a74e8840fa8f77ec81b072dbe7c7a5ec5b4550892dc78c45304ee437a309fe8c79293f6205c570685b8f13178c1c306 WHIRLPOOL f70ce3194c543804c04fbaa6d6f2a16c359fe5face2deba9d5d9e9a0cd93a43118a48bd8069e09ad4f0a0b4213cd63bcfb67e635558f377a1304cbe7bdeb900d +AUX ntopng-3.0-mysqltool.patch 430 SHA256 94e7825ca4e2cb4a115c1f06623537101af3a14aa78da4a263278d7aad18fa7e SHA512 82b06a14f471bd037743a7563a80d6460e63ff262252d0318e40ba25bf8da849bc0394a5fa4d54befd5df6bd4b645b86711708198f8971d54eb15e8f32c83cd5 WHIRLPOOL 0c0d6f5c903dd1d5fa28ab95ddbe5a3a34fc9b25eaa5a04e71b09f563443b1c84f76977f0dd0dd73c401fdd1b4a682c2cdf49a4addedd51c77a4c82fcbc0ed2e +AUX ntopng-3.0-remove-pool-limits.patch 621 SHA256 0b79dfeb4d378e97728712449be480cb0a9a38dc8fe77fc799f3664bc53983b9 SHA512 ff6125d7d34acf5fccc5c89f145da34998f527963c4a70d847f0482a64b086ad6315bf4d225e2dae79269fb37d7f7f4820a44db7ce9998c7d021b1c3a1ee0591 WHIRLPOOL adbfb6e770b0e2ceb7bf6eae5c0425030885814b9817e4ae0db0be19f85d186637a4be25b4acfdfdf5aa751d1628c98680900ddb3b9e39d728af5ba408f98945 +AUX ntopng.conf.d 480 SHA256 82c7f3c681390c34984e4c179c0e21beb94c67e90e4e327895d79774be7dca1b SHA512 62e6311bed433ad42cae4a32feadb0eab30913c10a3cb7fef7124f9eb7c9fe252f8676314d5d678574d2a470df77b4a9b409b82bc7147cd94eee31d9f0a78e4f WHIRLPOOL 3e9ec75f663b50ed64f96626b32baecd1ae4da9a5c76f0ad0cbb98908e4574614e51dc0c529b3a50ff9ac85f28b1c4f63b8da9b42e7a023e7f0061e8949fca60 +AUX ntopng.init.d 528 SHA256 e47c210d43e087b09a65ff58d6c9c17798589b407c79638d9c36369546f5ea27 SHA512 4aaf66a14b4a1112e91e90822fe9fa02b831bfa34578d183ff642d6245169e70504df7a473555afc6968958d7481df731eb9d80f24a0694f6a2230dc90517912 WHIRLPOOL 6acc955ba86fdaf2d41a5ec67f0eb99307bff57035677ccde3cef188003a0ac8eba82b73fc310b2348722c1fac0623f0aee602666197ef8eb0c7303dcbd00c1a +DIST ntopng-3.0.tar.gz 23022054 SHA256 6497e49d5e95383ee5d06e8dbd146ade4e9970b7bd243d1070888ca4ed025d75 SHA512 4868156254d4e658caa2e7418efa9afd2b70b48dcbefd1232de55d59af9d665ce495ef80f9cea794cee12b4e57224cd163370d08752117b6eabb797b2af3982e WHIRLPOOL 7ac049528c825b2c914e030d022be5e6f1dd51722e9b066329c9657fe0697d054e98deee90a60e4ac02e9cb2c45d00fe5c83e423dd5fd15a372a3761e5d0609d +EBUILD ntopng-3.0-r1.ebuild 1658 SHA256 e3d4aa05177e94a6eaaa5996f5bc3e899dfbe6acb0c38b4f72156217e130c7f2 SHA512 defbdac1094e780ed6519a9aa8a20e885c5d8ca164ae3e6dac9ceb877111ed6d8f00eec8b5766bb1b7d66ab7d6c866e5fdbc2ca35bc7c1de31b18265f1c6f05d WHIRLPOOL 52015a379118b81bae5d5417ee277fed12a4fa0b7b2be8c12fd5fcbe7cd2a8906ffa46a81e62a35b2413031d8900fe657ba71ef4a28b7f02673efce1607001a5 diff --git a/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch new file mode 100644 index 00000000..0f2ab49d --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch @@ -0,0 +1,31 @@ +--- a/src/Utils.cpp ++++ b/src/Utils.cpp +@@ -373,7 +373,7 @@ int Utils::dropPrivileges() { + ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate user %s", username); + return -1; + } +- umask(0); ++ umask(S_IWGRP | S_IROTH | S_IWOTH); + #endif + return 0; + } +--- a/src/Ntop.cpp ++++ b/src/Ntop.cpp +@@ -90,7 +90,7 @@ Ntop::Ntop(char *appName) { + /* Folder will be created lazily, avoid creating it now */ + snprintf(working_dir, sizeof(working_dir), "%s/ntopng", CONST_DEFAULT_WRITABLE_DIR); + +- umask(0); ++ umask(S_IWGRP | S_IROTH | S_IWOTH); + + if(getcwd(startup_dir, sizeof(startup_dir)) == NULL) + ntop->getTrace()->traceEvent(TRACE_ERROR, +@@ -1321,7 +1321,7 @@ void Ntop::daemonize() { + /* + * clear any inherited file mode creation mask + */ +- umask(0); ++ umask(S_IWGRP | S_IROTH | S_IWOTH); + + /* + * Use line buffered stdout diff --git a/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github new file mode 100644 index 00000000..ed1a3422 --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng-3.0-fix-insecure-permissions.patch.github @@ -0,0 +1,246 @@ +commit 4b2d6c8af69e54dc00a28f7fa5c649385bbabad4 +Author: Simone Mainardi <mainardi@ntop.org> +Date: Tue Oct 3 16:47:18 2017 +0200 + + Hardening: more restrictive permissions of created files and dirs + + As top_talkers and alerts_db were created with root privileges, + a chown may be required if the process is run with nobody + + -rw-r--r-- 1 root root 3.0K Oct 3 16:35 top_talkers.db + + Fixes #1486 + +diff --git a/scripts/callbacks/startup.lua b/scripts/callbacks/startup.lua +index d9d9d9c8..e183df0c 100644 +--- a/scripts/callbacks/startup.lua ++++ b/scripts/callbacks/startup.lua +@@ -15,9 +15,8 @@ if(ntop.isPro()) then + end + + require "lua_utils" +-require "alert_utils" + require "blacklist_utils" +-require "db_utils" ++ + local host_pools_utils = require "host_pools_utils" + local http_bridge_conf_utils = require "http_bridge_conf_utils" + +@@ -55,41 +54,6 @@ if(ntop.isPro()) then + shaper_utils.initShapers() + end + +--- old host alerts were global and did not consider vlans +--- this part of the script aims at converting old global alerts to per-interface, vlan aware alerts +- +--- convert host alert to include interfaces and vlans +-for _, timespan in ipairs(alerts_granularity) do +- granularity = timespan[1] +- -- this is the old hash table that didn't include interfaces or vlans +- local hash_name = "ntopng.prefs.alerts_"..granularity +- -- grab the old hosts +- local hosts = ntop.getHashKeysCache(hash_name) +- if hosts ~= nil then +- for h in pairs(hosts) do +- local hash_val = ntop.getHashCache(hash_name, h) +- -- if here, we need to migrate the old hosts. Assumptions are that hosts +- -- will be set for _all_ interfaces and for vlan 0 +- +- -- h can be iface_2 or a subnet such as 192.168.2.0/24 or an host such as 192.168.2.2 +- if not string.starts(h, "iface_") then +- if not string.match(h, "/") then +- -- this is an host so we want to add the vlan +- h = h.."@0" +- end +- end +- +- for _, ifname in pairs(interface.getIfNames()) do +- local ifid = getInterfaceId(ifname) +- local new_hash_name = get_alerts_hash_name(granularity, ifname) +- ntop.setHashCache(new_hash_name, h, hash_val) +- end +- end +- -- remember to delete the hash with named hash_name +- ntop.delCache(hash_name) +- end +-end +- + -- Use a specific bridging_policy_target_type default for previous user installations + if isEmptyString(ntop.getPref("ntopng.prefs.bridging_policy_target_type")) then + for _, ifname in pairs(interface.getIfNames()) do +@@ -105,34 +69,11 @@ if isEmptyString(ntop.getPref("ntopng.prefs.bridging_policy_target_type")) then + end + end + +--- convert suppressed alerts to include interfaces and vlans +-local hash_name = "ntopng.prefs.alerts" +--- grab the old hosts +-local suppressed_alerts = ntop.getHashKeysCache(hash_name) +-if suppressed_alerts ~= nil then +- for h in pairs(suppressed_alerts) do +- -- h can be iface_2 or a subnet such as 192.168.2.0/24 or an host such as 192.168.2.2 +- if not string.starts(h, "iface_") then +- if not string.match(h, "/") then +- -- this is an host so we want to add the vlan +- h = h.."@0" +- end +- end +- for _, ifname in pairs(interface.getIfNames()) do +- local ifid = getInterfaceId(ifname) +- local new_hash_name = "ntopng.prefs.alerts.ifid_"..tostring(ifid) +- ntop.setHashCache(new_hash_name, h, "false") +- end +- end +-end +--- remember to delete the hash with named hash_name +-ntop.delCache(hash_name) +- + -- ################################################################## + + initCustomnDPIProtoCategories() + loadHostBlackList() +-checkOpenFiles() ++ + -- TODO: migrate custom re-arm settings + + -- this will retrieve host pools and policers configurtions via HTTP if enabled +diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp +index f5a40343..c0426273 100644 +--- a/src/NetworkInterface.cpp ++++ b/src/NetworkInterface.cpp +@@ -211,15 +211,11 @@ NetworkInterface::NetworkInterface(const char *name, + loadDumpPrefs(); + loadScalingFactorPrefs(); + +- if(((statsManager = new StatsManager(id, STATS_MANAGER_STORE_NAME)) == NULL) +- || ((alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME)) == NULL)) +- throw "Not enough memory"; ++ statsManager = NULL, alertsManager = NULL; + + if((host_pools = new HostPools(this)) == NULL) + throw "Not enough memory"; + +- alertLevel = alertsManager->getNumAlerts(true); +- + #ifdef linux + /* + A bit aggressive but as people usually +@@ -5205,6 +5201,8 @@ void NetworkInterface::allocateNetworkStats() { + + try { + networkStats = new NetworkStats[numNetworks]; ++ statsManager = new StatsManager(id, STATS_MANAGER_STORE_NAME); ++ alertsManager = new AlertsManager(id, ALERTS_MANAGER_STORE_NAME); + } catch(std::bad_alloc& ba) { + static bool oom_warning_sent = false; + +@@ -5212,9 +5210,13 @@ void NetworkInterface::allocateNetworkStats() { + ntop->getTrace()->traceEvent(TRACE_WARNING, "Not enough memory"); + oom_warning_sent = true; + } +- +- networkStats = NULL; + } ++ ++ if(alertsManager) ++ alertLevel = alertsManager->getNumAlerts(true); ++ else ++ alertLevel = 0; ++ + } + + /* **************************************** */ +diff --git a/src/Ntop.cpp b/src/Ntop.cpp +index f629ca54..3f2956b2 100644 +--- a/src/Ntop.cpp ++++ b/src/Ntop.cpp +@@ -94,7 +94,7 @@ Ntop::Ntop(char *appName) { + /* Folder will be created lazily, avoid creating it now */ + snprintf(working_dir, sizeof(working_dir), "%s/ntopng", CONST_DEFAULT_WRITABLE_DIR); + +- umask(0); ++ //umask(0); + + if(getcwd(startup_dir, sizeof(startup_dir)) == NULL) + ntop->getTrace()->traceEvent(TRACE_ERROR, +@@ -1384,7 +1384,7 @@ void Ntop::daemonize() { + /* + * clear any inherited file mode creation mask + */ +- umask(0); ++ //umask(0); + + /* + * Use line buffered stdout +diff --git a/src/Prefs.cpp b/src/Prefs.cpp +index f46c1fa9..c752ba21 100755 +--- a/src/Prefs.cpp ++++ b/src/Prefs.cpp +@@ -1162,20 +1162,6 @@ int Prefs::setOption(int optkey, char *optarg) { + /* ******************************************* */ + + int Prefs::checkOptions() { +-#ifndef WIN32 +- if(daemonize) +-#endif +- { +- char path[MAX_PATH]; +- +- ntop_mkdir(data_dir, 0777); +- ntop_mkdir(ntop->get_working_dir(), 0777); +- snprintf(path, sizeof(path), "%s/ntopng.log", ntop->get_working_dir() /* "C:\\Windows\\Temp" */); +- ntop->fixPath(path); +- ntop->registerLogFile(path); +- ntop->rotateLogs(true /* Force rotation to start clean */); +- } +- + if(install_dir) + ntop->set_install_dir(install_dir); + +diff --git a/src/Utils.cpp b/src/Utils.cpp +index 6461fe79..8938316c 100755 +--- a/src/Utils.cpp ++++ b/src/Utils.cpp +@@ -310,7 +310,7 @@ bool Utils::mkdir_tree(char *path) { + ntop->fixPath(path); + + if(stat(path, &s) != 0) { +- int permission = 0777; ++ int permission = 0700; + + /* Start at 1 to skip the root */ + for(int i=1; path[i] != '\0'; i++) +@@ -448,7 +448,7 @@ int Utils::dropPrivileges() { + ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to locate user %s", username); + return -1; + } +- umask(0); ++ // umask(0); + #endif + return 0; + } +diff --git a/src/main.cpp b/src/main.cpp +index 048b7537..04b91d8c 100644 +--- a/src/main.cpp ++++ b/src/main.cpp +@@ -361,6 +361,20 @@ int main(int argc, char *argv[]) + unlink(path); + } + ++#ifndef WIN32 ++ if(prefs->daemonize_ntopng()) ++#endif ++ { ++ char path[MAX_PATH]; ++ ++ Utils::mkdir_tree(ntop->get_data_dir()); ++ Utils::mkdir_tree(ntop->get_working_dir()); ++ snprintf(path, sizeof(path), "%s/ntopng.log", ntop->get_working_dir() /* "C:\\Windows\\Temp" */); ++ ntop->fixPath(path); ++ ntop->registerLogFile(path); ++ ntop->rotateLogs(true /* Force rotation to start clean */); ++ } ++ + if(prefs->get_httpbl_key() != NULL) + ntop->setHTTPBL(new HTTPBL(prefs->get_httpbl_key())); + diff --git a/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch b/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch new file mode 100644 index 00000000..90d7aace --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng-3.0-gentoo.patch @@ -0,0 +1,60 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -19,7 +19,6 @@ + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # +-REVISION=`git log --pretty=oneline | wc -l` + + if test -d "/usr/local/include"; then + CFLAGS="${CFLAGS} -I/usr/local/include" +@@ -48,33 +47,6 @@ + + SHORT_MACHINE=`uname -m | cut -b1-3` + +-GIT_RELEASE="@GIT_RELEASE@" +-GIT_DATE="@GIT_DATE@" +-GIT_BRANCH="@GIT_BRANCH@" +-PRO_GIT_RELEASE="@PRO_GIT_RELEASE@" +-PRO_GIT_DATE="@PRO_GIT_DATE@" +- +-AC_MSG_CHECKING(for nDPI) +-NDPI_HOME=./nDPI +-if test -d "$NDPI_HOME" ; then : +- AC_MSG_RESULT(found in $NDPI_HOME) +-else +- NDPI_HOME=../nDPI +- if test -d "$NDPI_HOME"; then : +- AC_MSG_RESULT(found in $NDPI_HOME) +- else +- NDPI_HOME=$HOME/nDPI +- if test -d "$NDPI_HOME"; then : +- AC_MSG_RESULT(found in $NDPI_HOME) +- else +- AC_MSG_RESULT(not found) +- echo "Please do cd ..; git clone https://github.com/ntop/nDPI.git; cd nDPI; ./autogen.sh; make; cd ../ntopng" +- echo " and try again" +- exit +- fi +- fi +-fi +- + if test -d "/usr/include/openssl"; then : + AC_DEFINE_UNQUOTED(NO_SSL_DL, 1, [has openssl]) + SSL_INC="`pkg-config --cflags libssl` -I/usr/include/openssl" +@@ -53,15 +53,6 @@ + SSL_LIB="`pkg-config --libs libssl` -lssl -lcrypto" + fi + +-NDPI_LIB=$NDPI_HOME/src/lib/.libs/libndpi.a +-AC_MSG_CHECKING(for $NDPI_LIB) +-if test -f "$NDPI_LIB" ; then : +- AC_MSG_RESULT(found $NDPI_LIB) +-else +- AC_MSG_RESULT(not found $NDPI_LIB: compiling) +- cd $NDPI_HOME; ./autogen.sh; make; cd - +-fi +- + AC_MSG_CHECKING(for ntopng professional edition) + PRO_MAKEFILE_INC= + PRO_INC= diff --git a/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch b/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch new file mode 100644 index 00000000..4d2244b5 --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng-3.0-mysqltool.patch @@ -0,0 +1,17 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -335,13 +335,7 @@ + if test "x$ac_cv_prog_ac_ct_MARIADB" = "xmariadb_config"; then + MYSQLTOOL="mariadb_config" + else +- PATH=$PATH:/usr/local/mysql/bin +- AC_CHECK_TOOL(MYSQL, mysql_config) +- if test "x$ac_cv_prog_ac_ct_MYSQL" = "xmysql_config"; then +- MYSQLTOOL="mysql_config" +- else +- MYSQLTOOL="" +- fi ++ MYSQLTOOL="mysql_config" + fi + + if test -n "$MYSQLTOOL"; then diff --git a/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch b/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch new file mode 100644 index 00000000..77822b3c --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng-3.0-remove-pool-limits.patch @@ -0,0 +1,15 @@ +--- a/include/ntop_defines.h ++++ b/include/ntop_defines.h +@@ -106,9 +106,9 @@ + #define MAX_NUM_INTERFACES 48 + #define MAX_NUM_VIEW_INTERFACES 8 + +-#define LIMITED_NUM_HOST_POOLS 4 /* 3 pools plus the NO_HOST_POOL_ID */ +-#define LIMITED_NUM_PROFILES 16 +-#define LIMITED_NUM_POOL_MEMBERS 8 ++#define LIMITED_NUM_HOST_POOLS 128 /* 4 */ /* 3 pools plus the NO_HOST_POOL_ID */ ++#define LIMITED_NUM_PROFILES 128 /* 16 */ ++#define LIMITED_NUM_POOL_MEMBERS 256 /* 8 */ + #ifndef NTOPNG_PRO + #define MAX_NUM_HOST_POOLS LIMITED_NUM_HOST_POOLS + #define MAX_NUM_PROFILES LIMITED_NUM_PROFILES diff --git a/net-analyzer/ntopng/files/ntopng.conf.d b/net-analyzer/ntopng/files/ntopng.conf.d new file mode 100644 index 00000000..e6c60dd0 --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng.conf.d @@ -0,0 +1,11 @@ +# Specify interface(s) to record traffic from: +NTOPNG_OPTS="-i eth0" + +# Specify local network, to ensure that remote hosts don't cause the amount of +# data ntopng records to grow in an uncontrolled fashion: +NTOPNG_OPTS="${NTOPNG_OPTS} -m 192.168.0.0/16" + +# Specify the directory ntopng should write data to - noting that it will fall- +# back to using /usr/tmp/ntopng if this directory is considered inaccessible +# for any reason... +NTOPNG_OPTS="${NTOPNG_OPTS} -d /var/lib/ntopng" diff --git a/net-analyzer/ntopng/files/ntopng.init.d b/net-analyzer/ntopng/files/ntopng.init.d new file mode 100644 index 00000000..1e100423 --- /dev/null +++ b/net-analyzer/ntopng/files/ntopng.init.d @@ -0,0 +1,19 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net redis +} + +start() { + ebegin "Starting ntopng" + start-stop-daemon --start --exec /usr/bin/ntopng --pidfile /var/run/ntopng.pid --make-pidfile --background -e LUA_PATH='/usr/share/ntopng/scripts/lua/modules/?.lua' -- --user ntopng ${NTOPNG_OPTS} + eend $? +} + +stop() { + ebegin "Stopping ntopng" + start-stop-daemon --stop --exec /usr/bin/ntopng --pidfile /var/run/ntopng.pid + eend $? +} diff --git a/net-analyzer/ntopng/ntopng-3.0-r1.ebuild b/net-analyzer/ntopng/ntopng-3.0-r1.ebuild new file mode 100644 index 00000000..decdc18b --- /dev/null +++ b/net-analyzer/ntopng/ntopng-3.0-r1.ebuild @@ -0,0 +1,75 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +inherit autotools user toolchain-funcs + +DESCRIPTION="Network traffic analyzer with web interface" +HOMEPAGE="http://www.ntop.org/" +SRC_URI="https://github.com/ntop/${PN}/archive/${PV}-stable.tar.gz -> ${P}.tar.gz" +RESTRICT="mirror" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND="dev-db/sqlite:3 + dev-python/pyzmq + dev-lang/luajit:2 + dev-libs/json-c + dev-libs/geoip + dev-libs/glib:2 + dev-libs/hiredis + dev-libs/libxml2 + net-analyzer/rrdtool + net-libs/libpcap + net-libs/nDPI + net-misc/curl + virtual/libmysqlclient" +RDEPEND="${DEPEND} + dev-db/redis" +PATCHES=( + "${FILESDIR}"/${P}-gentoo.patch + "${FILESDIR}"/${P}-mysqltool.patch + "${FILESDIR}"/${P}-remove-pool-limits.patch + "${FILESDIR}"/${P}-fix-insecure-permissions.patch +) + +src_prepare() { + sed -e "s/@VERSION@/${PV}/g;s/@SHORT_VERSION@/${PV}/g" < "${S}/configure.seed" > "${S}/configure.ac" || die + + default + + eautoreconf +} + +src_install() { + SHARE_NTOPNG_DIR="${EPREFIX}/usr/share/${PN}" + dodir ${SHARE_NTOPNG_DIR} + insinto ${SHARE_NTOPNG_DIR} + doins -r httpdocs + doins -r scripts + + dodir ${SHARE_NTOPNG_DIR}/third-party + insinto ${SHARE_NTOPNG_DIR}/third-party + doins -r third-party/i18n.lua-master + doins -r third-party/lua-resty-template-master + + exeinto /usr/bin + doexe ${PN} + doman ${PN}.8 + + newinitd "${FILESDIR}/ntopng.init.d" ntopng + newconfd "${FILESDIR}/ntopng.conf.d" ntopng + + dodir "/var/lib/ntopng" + fowners ntopng "${EPREFIX}/var/lib/ntopng" +} + +pkg_setup() { + enewuser ntopng +} + +pkg_postinst() { + elog "ntopng default credentials are user='admin' password='admin'" +} |