new package: sec 2.3b2 (Simple Event Correlation)

sec/rc.sec

@@ -0,0 +1,71 @@
+#!@l_prefix@/lib/openpkg/bash @l_prefix@/etc/rc
+##
+##  rc.sec -- Run-Commands
+##
+
+%config
+    sec_enable="$openpkg_rc_def"
+    sec_log_prolog="true"
+    sec_log_epilog="true"
+    sec_log_numfiles="10"
+    sec_log_minsize="1M"
+    sec_log_complevel="9"
+
+%common
+    sec_conffile="@l_prefix@/etc/sec/sec.conf"
+    sec_rulefile="@l_prefix@/etc/sec/sec.rule"
+    sec_pidfile="@l_prefix@/var/sec/sec.pid"
+    sec_logfile="@l_prefix@/var/sec/sec.log"
+    sec_dmpfile="@l_prefix@/var/sec/sec.dmp"
+    sec_signal () {
+        [ -f $sec_pidfile ] && kill -$1 `cat $sec_pidfile`
+    }
+
+%status -u @l_susr@ -o
+    sec_usable="no"
+    sec_active="no"
+    @l_prefix@/bin/sec -testonly -conf $sec_rulefile >/dev/null 2>&1 && sec_usable="yes"
+    rcService sec enable yes && sec_signal 0 && sec_active="yes"
+    echo "sec_enable=\"$sec_enable\""
+    echo "sec_usable=\"$sec_usable\""
+    echo "sec_active=\"$sec_active\""
+
+%start -p 100 -u @l_susr@
+    rcService sec enable yes || exit 0
+    rcService sec active yes && exit 0
+    sec_flags=`sed <$sec_conffile \
+        -e 's;^;X;' \
+        -e '/^X.*#.*$/d' \
+        -e '/^X[ 	]*$/d' \
+        -e 's;^X\([a-zA-Z][a-zA-Z0-9_]*\)[ 	][ 	]*\(..*\)$;--\1="\2";' \
+        -e 's;^X\([a-zA-Z][a-zA-Z0-9_]*\)[ 	]*$;--\1;' \
+        -e 's;^X.*;;' | tr '\012' ' '`
+    eval @l_prefix@/bin/sec \
+        -detach \
+        -conf $sec_rulefile \
+        -pid $sec_pidfile \
+        -log $sec_logfile \
+        -dump $sec_dmpfile \
+        ${sec_flags}
+
+%stop -p 900 -u @l_susr@
+    rcService sec enable yes || exit 0
+    rcService sec active no  && exit 0
+    sec_signal TERM
+    sleep 2
+    rm -f $sec_pidfile >/dev/null 2>&1 || true
+
+%restart -p 100 -u @l_susr@
+    rcService sec enable yes || exit 0
+    rcService sec active no  && exit 0
+    rc sec stop start
+
+%daily -u @l_susr@
+    rcService sec enable yes || exit 0
+    shtool rotate -f \
+        -n ${sec_log_numfiles} -s ${sec_log_minsize} -d \
+        -z ${sec_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
+        -P "${sec_log_prolog}" \
+        -E "${sec_log_epilog} && rc sec reload" \
+        $sec_logfile
+

sec/sec.conf

@@ -0,0 +1,21 @@
+##
+##  sec.conf -- sec(1) configuration options
+##
+
+#   global options
+reopen_timeout   600
+poll_timeout     0.1
+check_timeout    30
+blocksize        1024
+debug            3
+cleantime        1
+bufsize          10
+evstoresize      0
+noquoting
+nofromstart
+nointevents
+nointcontexts
+
+#   input files
+input            /dev/null=null
+

sec/sec.rule

@@ -0,0 +1,31 @@
+##
+##  sec.rule -- sec(1) configuration rules
+##
+
+#
+#   Sample rule set for classical FTP server output
+#
+
+#type=single
+#continue=takenext
+#ptype=regexp
+#pattern=ftpd\[(\d+)\]: \S+ \(foo.*FTP session opened
+#desc=ftp session opened for foo pid $1
+#action=create ftp_$1
+
+#type=single
+#continue=takenext
+#ptype=regexp
+#pattern=ftpd\[(\d+)\]:
+#context=ftp_$1
+#desc=ftp session event for foo pid $1
+#action=add ftp_$1 $0; set ftp_$1 1800 \
+#       (report ftp_$1 /bin/mail root@localhost)
+
+#type=single
+#ptype=regexp
+#pattern=ftpd\[(\d+)\]: \S+ \(foo.*FTP session closed
+#desc=ftp session closed for foo pid $1
+#action=report ftp_$1 /bin/mail root@localhost; \
+#       delete ftp_$1
+

sec/sec.spec

@@ -0,0 +1,132 @@
+##
+##  sec.spec -- OpenPKG RPM Specification
+##  Copyright (c) 2000-2004 The OpenPKG Project <http://www.openpkg.org/>
+##  Copyright (c) 2000-2004 Ralf S. Engelschall <rse@engelschall.com>
+##  Copyright (c) 2000-2004 Cable & Wireless <http://www.cw.com/>
+##
+##  Permission to use, copy, modify, and distribute this software for
+##  any purpose with or without fee is hereby granted, provided that
+##  the above copyright notice and this permission notice appear in all
+##  copies.
+##
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+##  SUCH DAMAGE.
+##
+
+#   package version
+%define       V_dist 2.3.beta2
+%define       V_opkg 2.3b2
+
+#   package information
+Name:         sec
+Summary:      Simple Event Correlation
+URL:          http://kodu.neti.ee/~risto/sec/
+Vendor:       Risto Vaarandi
+Packager:     The OpenPKG Project
+Distribution: OpenPKG
+Class:        EVAL
+Group:        System
+License:      Open Source
+Version:      %{V_opkg}
+Release:      20041228
+
+#   list of sources
+Source0:      http://osdn.dl.sourceforge.net/simple-evcorr/sec-%{V_dist}.tar.gz
+Source1:      rc.sec
+Source2:      sec.conf
+Source3:      sec.rule
+
+#   build information
+Prefix:       %{l_prefix}
+BuildRoot:    %{l_buildroot}
+BuildPreReq:  OpenPKG, openpkg >= 20040130
+PreReq:       OpenPKG, openpkg >= 20040130
+AutoReq:      no
+AutoReqProv:  no
+
+%description
+    SEC is a tool that was designed to solve event correlation tasks
+    in network and system management. Event correlation is a process
+    where a stream of primitive events is processed in order to detect
+    composite events that correspond to event patterns in the event
+    stream. After startup SEC reads lines from files, named pipes,
+    or standard input, matches the lines with regular expressions to
+    recognize input events, and correlates events according to the rules
+    that are specified in its configuration file. SEC can be configured
+    to produce its output by executing user-specified shell commands,
+    and by using utilities like snmptrap(1) or snmpnotify(1), SEC can
+    generate network management events as output. Other options for
+    producing output events are described further in this man page.
+
+%track
+    prog sec = {
+        version   = %{version}
+        url       = http://prdownloads.sourceforge.net/simle-evcorr/
+        regex     = sec-(__VER__)\.tar\.gz
+    }
+
+%prep
+    %setup -q -n sec-%{V_dist}
+
+%build
+
+%install
+    #   create installation hierarchy
+    rm -rf $RPM_BUILD_ROOT
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/bin \
+        $RPM_BUILD_ROOT%{l_prefix}/man/man1 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/sec \
+        $RPM_BUILD_ROOT%{l_prefix}/var/sec
+
+    #   install program and manual page
+    %{l_shtool} install -c -m 755 \
+        -e 's;/usr/bin/perl;%{l_prefix}/bin/perl;' \
+        sec.pl $RPM_BUILD_ROOT%{l_prefix}/bin/sec
+    %{l_shtool} install -c -m 644 \
+        sec.pl.man $RPM_BUILD_ROOT%{l_prefix}/man/man1/sec.1
+
+    #   install default configuration
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        %{SOURCE sec.conf} %{SOURCE sec.rule} \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/sec/
+
+    #   install run-command script
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE rc.sec} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+
+    #   determine installation files
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+        %{l_files_std} \
+        '%config %{l_prefix}/etc/sec/*'
+
+%files -f files
+
+%clean
+    rm -rf $RPM_BUILD_ROOT
+
+%post
+    #   after upgrade, restart service
+    [ $1 -eq 2 ] || exit 0
+    eval `%{l_rc} sec status 2>/dev/null`
+    [ ".$sec_active" = .yes ] && %{l_rc} sec restart
+    exit 0
+
+%preun
+    #   before erase, stop service and remove log files
+    [ $1 -eq 0 ] || exit 0
+    %{l_rc} sec stop 2>/dev/null
+    rm -f $RPM_INSTALL_PREFIX/var/sec/sec.* >/dev/null 2>&1 || true
+    exit 0
+