From 51821c008d6c4c614c9506ca8f87139093267d9e Mon Sep 17 00:00:00 2001 From: Steve Grubb Date: Jul 10 2009 16:01:37 +0000 Subject: - New beta release --- diff --git a/.cvsignore b/.cvsignore index 1931411..8ecceea 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,4 @@ prelude-correlator-0.9.0-beta2.tar.gz prelude-correlator-0.9.0-beta3.tar.gz +prelude-correlator-0.9.0-beta4.tar.gz +prelude-correlator-0.9.0-beta6.tar.gz diff --git a/prelude-correlator-0.9.0-beta6-setup.patch b/prelude-correlator-0.9.0-beta6-setup.patch new file mode 100644 index 0000000..20ba569 --- /dev/null +++ b/prelude-correlator-0.9.0-beta6-setup.patch @@ -0,0 +1,12 @@ +diff -ur prelude-correlator-0.9.0-beta6.orig/setup.py prelude-correlator-0.9.0-beta6/setup.py +--- prelude-correlator-0.9.0-beta6.orig/setup.py 2009-07-10 11:31:34.000000000 -0400 ++++ prelude-correlator-0.9.0-beta6/setup.py 2009-07-10 11:32:18.000000000 -0400 +@@ -48,7 +48,7 @@ + + root = self.root or "" + for dir, files in data_files: +- dir = os.path.abspath(os.path.join(root, prefix, dir)) ++ dir = os.path.abspath(root + os.sep + os.path.join(root, prefix, dir)) + + self.mkpath(dir) + for f in files: diff --git a/prelude-correlator-0.9.0-brute.patch b/prelude-correlator-0.9.0-brute.patch deleted file mode 100644 index 35030eb..0000000 --- a/prelude-correlator-0.9.0-brute.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -urp prelude-correlator-0.9.0-beta3.orig/plugins/lua/ruleset/brute-force.lua prelude-correlator-0.9.0-beta3/plugins/lua/ruleset/brute-force.lua ---- prelude-correlator-0.9.0-beta3.orig/plugins/lua/ruleset/brute-force.lua 2008-12-06 10:02:53.000000000 -0500 -+++ prelude-correlator-0.9.0-beta3/plugins/lua/ruleset/brute-force.lua 2008-12-06 10:05:21.000000000 -0500 -@@ -67,8 +67,8 @@ if is_failed_auth and userid then - if ctx:CheckAndDecThreshold() then - ctx:set("alert.classification.text", "Brute force attack") - ctx:set("alert.correlation_alert.name", "Multiple failed login") -- ctx:set("alert.impact.severity", "high") -- ctx:set("alert.impact.description", "Multiple failed attempts have been made to login to a user account") -+ ctx:set("alert.assessment.impact.severity", "high") -+ ctx:set("alert.assessment.impact.description", "Multiple failed attempts have been made to login to a user account") - - ctx:alert() - ctx:del() diff --git a/prelude-correlator-0.9.0-getraw.patch b/prelude-correlator-0.9.0-getraw.patch deleted file mode 100644 index 7b46627..0000000 --- a/prelude-correlator-0.9.0-getraw.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/plugins/lua/lua-idmef.c b/plugins/lua/lua-idmef.c -index ebde74a..09e82c9 100644 ---- a/plugins/lua/lua-idmef.c -+++ b/plugins/lua/lua-idmef.c -@@ -320,8 +320,10 @@ static int IDMEF_getraw(lua_State *lstate) - return -1; - } - -- if ( ret == 0 ) -- return 0; -+ if ( ret == 0 ) { -+ lua_pushnil(lstate); -+ return 1; -+ } - - pushIDMEFValue(lstate, value); - return 1; diff --git a/prelude-correlator-0.9.0-signal.patch b/prelude-correlator-0.9.0-signal.patch deleted file mode 100644 index 513370a..0000000 --- a/prelude-correlator-0.9.0-signal.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -urp prelude-correlator-0.9.0-beta3.orig/src/prelude-correlator.c prelude-correlator-0.9.0-beta3/src/prelude-correlator.c ---- prelude-correlator-0.9.0-beta3.orig/src/prelude-correlator.c 2008-12-06 10:02:53.000000000 -0500 -+++ prelude-correlator-0.9.0-beta3/src/prelude-correlator.c 2008-12-06 10:03:40.000000000 -0500 -@@ -25,6 +25,7 @@ - - #include - #include -+#include - - #include - #include diff --git a/prelude-correlator.spec b/prelude-correlator.spec index 716fe25..492ab9f 100644 --- a/prelude-correlator.spec +++ b/prelude-correlator.spec @@ -1,9 +1,11 @@ +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} + # This is temporary while its in beta -%define prelude_rel beta3 +%define prelude_rel beta6 Name: prelude-correlator Version: 0.9.0 -Release: 0.7.%{prelude_rel}%{?dist} +Release: 0.8.%{prelude_rel}%{?dist} Summary: Real time correlator of events received by Prelude Manager Group: Applications/Internet @@ -11,59 +13,39 @@ License: GPLv2+ URL: http://www.prelude-ids.com Source0: http://www.prelude-ids.com/download/releases/prelude-correlator/%{name}-%{version}-%{prelude_rel}.tar.gz Source1: prelude-correlator.init -Patch1: prelude-correlator-0.9.0-brute.patch -Patch2: prelude-correlator-0.9.0-signal.patch -Patch3: prelude-correlator-0.9.0-getraw.patch +Patch1: prelude-correlator-0.9.0-beta6-setup.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: libprelude-devel -BuildRequires: pcre-devel -BuildRequires: lua-devel -BuildRequires: pkgconfig +BuildRequires: python-devel Requires(pre) : /usr/sbin/useradd Requires(post) : /sbin/chkconfig Requires(preun) : /sbin/chkconfig Requires(preun) : /sbin/service Requires(postun): /sbin/service +Requires: libprelude-python >= 0.9.24 +BuildArch: noarch %description -Prelude-Correlator serves to correlate, in real time, the multiple events -received by Prelude Manager. Several isolated alerts, generated from -different probes, can thus trigger a single correlation alert should the -events be related. This correlation alert then appears within the Prewikka -interface and indicates the potential target information via the set of +Prelude-Correlator allows conducting multi-stream correlations +thanks to a powerful programming language for writing correlation +rules. With any type of alert able to be correlated, event +analysis becomes simpler, quicker and more incisive. This +correlation alert then appears within the Prewikka interface +and indicates the potential target information via the set of correlation rules. - -%package devel -Summary: Header files for developing a prelude-correlator plugin -Group: Development/Libraries -Requires: %{name} = %{version}-%{release} -Requires: libprelude-devel - -%description devel -Include files needed to create plugins for the Prelude-Correlator. - - %prep %setup -q -n %{name}-%{version}-%{prelude_rel} %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build -%configure -make %{?_smp_mflags} - %install rm -rf %{buildroot} -mkdir -p %{buildroot}%{_sysconfdir}/%{name} +%{__python} setup.py install -O1 --root=%{buildroot} mkdir -p %{buildroot}%{_initrddir} -make install DESTDIR=%{buildroot} INSTALL="%{__install} -c -p" install -m 755 %SOURCE1 %{buildroot}%{_initrddir}/%{name} -rm -f %{buildroot}/%{_libdir}/%{name}/*.la %clean @@ -91,22 +73,18 @@ fi %defattr(-,root,root,-) %doc AUTHORS COPYING NEWS HACKING.README %dir %attr(0700,root,root) %{_sysconfdir}/%{name} -%dir %attr(0700,root,root) %{_sysconfdir}/%{name}/lua-rules %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/%{name}/%{name}.conf -%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/%{name}/lua-rules/* %{_initrddir}/%{name} -%dir %attr(0755,root,root) %{_datadir}/%{name} -%{_datadir}/%{name}/* %{_bindir}/%{name} -%{_libdir}/* - - -%files devel -%defattr(-,root,root) -%{_includedir}/%{name}/ - +%dir %attr(0755,root,root) %{_var}/lib/%{name} +%{_var}/lib/%{name}/* +%{python_sitelib}/PreludeCorrelator/ +%{python_sitelib}/prelude_correlator*.egg-info %changelog +* Fri Jul 10 2009 Steve Grubb 0.9.0-0.8.beta6 +- New beta release + * Mon Mar 02 2009 Steve Grubb 0.9.0-0.7.beta3 - Fix bz#484361 Error message regarding missing arguments lua ruleset diff --git a/sources b/sources index 4c563f2..c11efc1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3a866ce252e7f909bf73142b311e9655 prelude-correlator-0.9.0-beta3.tar.gz +29f3c3ce5baf43586ec4a4841494cdd0 prelude-correlator-0.9.0-beta6.tar.gz