diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e268ce6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/prelude-correlator-3.1.0.tar.gz diff --git a/dead.package b/dead.package deleted file mode 100644 index 0cd9c60..0000000 --- a/dead.package +++ /dev/null @@ -1 +0,0 @@ -Upstream has been dead for over a year diff --git a/prelude-correlator-3.1.0-python3.patch b/prelude-correlator-3.1.0-python3.patch new file mode 100644 index 0000000..82c60f4 --- /dev/null +++ b/prelude-correlator-3.1.0-python3.patch @@ -0,0 +1,64 @@ +--- ./preludecorrelator/main.py 2017-02-07 23:09:18.547675528 +0100 ++++ ./preludecorrelator/main.py 2017-02-07 23:09:36.469276080 +0100 +@@ -39,7 +39,7 @@ + filename = require.get_data_filename("context.dat", profile=profile) + + try: +- os.makedirs(os.path.dirname(filename), mode=0700) ++ os.makedirs(os.path.dirname(filename), mode=0o700) + except OSError as e: + if e.errno != errno.EEXIST: + raise +--- ./preludecorrelator/pluginmanager.py 2016-09-15 08:49:24.000000000 +0200 ++++ ./preludecorrelator/pluginmanager.py 2017-02-07 23:13:00.590726517 +0100 +@@ -160,19 +160,19 @@ + logger.exception("[%s]: loading error: %s", entrypoint.name, e) + return None + +- def _load_userpoint(self, (name, path)): ++ def _load_userpoint(self, elm): + try: +- mod_info = imp.find_module(name, [path]) ++ mod_info = imp.find_module(elm[0], [elm[1]]) + + except ImportError: +- logger.warning( 'Invalid plugin "%s" in "%s"' % (name, path) ) ++ logger.warning( 'Invalid plugin "%s" in "%s"' % (elm[0], elm[1]) ) + return None + + try: +- return getattr(imp.load_module( self._default_entrypoint + '.' + name , *mod_info), name) ++ return getattr(imp.load_module( self._default_entrypoint + '.' + elm[0] , *mod_info), elm[0]) + +- except Exception, e: +- logger.warning( "Unable to load %(file)s: %(error)s" % {'file': name,'error': str(e),}) ++ except Exception as e: ++ logger.warning( "Unable to load %(file)s: %(error)s" % {'file': elm[0],'error': str(e),}) + return None + + def getPluginCount(self): +--- ./preludecorrelator/config.py 2016-09-15 08:49:24.000000000 +0200 ++++ ./preludecorrelator/config.py 2017-02-08 07:45:06.207967658 +0100 +@@ -46,7 +46,10 @@ + + self.read(dataset) + +- def get(self, section, option, raw=None, vars=None, default=None, type=str): ++ def get(self, section, option, raw=None, vars=None, default=None, type=str, fallback=None): ++ if default is None: ++ default = fallback ++ + try: + return type(configparser.ConfigParser.get(self, section, option, raw=raw, vars=vars)) + +--- ./preludecorrelator/context.py 2016-09-15 08:49:24.000000000 +0200 ++++ ./preludecorrelator/context.py 2017-02-08 08:20:02.039908560 +0100 +@@ -362,7 +362,7 @@ + + try: + _CONTEXT_TABLE.update(ContextUnpickler(fd).load()) +- except EOFError: ++ except: + return + + logger.debug("[load]: %d context loaded", len(_CONTEXT_TABLE)) diff --git a/prelude-correlator.service b/prelude-correlator.service new file mode 100644 index 0000000..9562bdb --- /dev/null +++ b/prelude-correlator.service @@ -0,0 +1,8 @@ +[Unit] +Description=Correlator of events received by Prelude + +[Service] +ExecStart=/usr/sbin/prelude-correlator + +[Install] +WantedBy=multi-user.target diff --git a/prelude-correlator.spec b/prelude-correlator.spec new file mode 100644 index 0000000..11b30d6 --- /dev/null +++ b/prelude-correlator.spec @@ -0,0 +1,176 @@ +Name: prelude-correlator +Version: 3.1.0 +Release: 1%{?dist} +Summary: Real time correlator of events received by Prelude Manager +License: GPLv2+ +URL: https://www.prelude-siem.org/ +Source0: https://www.prelude-siem.org/pkg/src/3.1.0/%{name}-%{version}.tar.gz +Source1: %{name}.service +# https://www.prelude-siem.org/issues/876 +Patch0: prelude-correlator-3.1.0-python3.patch + +BuildArch: noarch + +BuildRequires: systemd +BuildRequires: pkgconfig(libprelude) >= %{version} +BuildRequires: python2-setuptools +BuildRequires: python2-devel +BuildRequires: python3-setuptools +BuildRequires: python3-devel + +%{?systemd_requires} +Requires: python3-%{name} >= %{version} + +%description +Prelude-Correlator allows conducting multi-stream correlations +thanks to a powerful programming language for writing correlation +rules. With any type of alert able to be correlated, event +analysis becomes simpler, quicker and more incisive. This +correlation alert then appears within the Prewikka interface +and indicates the potential target information via the set of +correlation rules. + +%package -n python2-%{name} +Summary: Real time correlator of events received by Prelude Manager +Requires: %{name} = %{version}-%{release} +Requires: python2-prelude >= %{version} +Requires: python-netaddr +%{?python_provide:%python_provide python2-%{name}} + +%description -n python2-%{name} +Prelude-Correlator allows conducting multi-stream correlations +thanks to a powerful programming language for writing correlation +rules. With any type of alert able to be correlated, event +analysis becomes simpler, quicker and more incisive. This +correlation alert then appears within the Prewikka interface +and indicates the potential target information via the set of +correlation rules. + + +%package -n python3-%{name} +Summary: Real time correlator of events received by Prelude Manager +Requires: %{name} = %{version}-%{release} +Requires: python3-prelude >= %{version} +Requires: python3-netaddr +%{?python_provide:%python_provide python3-%{name}} + +%description -n python3-%{name} +Prelude-Correlator allows conducting multi-stream correlations +thanks to a powerful programming language for writing correlation +rules. With any type of alert able to be correlated, event +analysis becomes simpler, quicker and more incisive. This +correlation alert then appears within the Prewikka interface +and indicates the potential target information via the set of +correlation rules. + +%prep +%autosetup -p1 + +%build +%py2_build +%py3_build + +%install +install -d -m 0755 %{buildroot}%{_sbindir} +# We have to use this because py2_install do other things and siteconfig.py +# will be not installed +%{__python2} setup.py install --root=%{buildroot} +mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_sbindir}/%{name}-%{python2_version} +%{__python3} setup.py install --root=%{buildroot} +mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_sbindir}/%{name}-%{python3_version} + +ln -s ./%{name}-%{python2_version} %{buildroot}%{_sbindir}/%{name}-2 +ln -s ./%{name}-%{python3_version} %{buildroot}%{_sbindir}/%{name}-3 +ln -s ./%{name}-3 %{buildroot}%{_sbindir}/%{name} + +# Systemd configuration file +install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + +%files +%license COPYING +%doc AUTHORS NEWS HACKING.README +%dir %{_sysconfdir}/%{name}/ +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%dir %{_sysconfdir}/%{name}/rules +%dir %{_sysconfdir}/%{name}/rules/python +%config(noreplace) %{_sysconfdir}/%{name}/rules/python/*.py* +%dir %{_sysconfdir}/%{name}/conf.d +%config %{_sysconfdir}/%{name}/conf.d/README +%{_localstatedir}/lib/%{name}/ +%{_unitdir}/%{name}.service + +%files -n python2-%{name} +%{_sbindir}/%{name}-2 +%{_sbindir}/%{name}-%{python2_version} +%{python2_sitelib}/preludecorrelator/ +%{python2_sitelib}/prelude_correlator-%{version}-py%{python2_version}.egg-info + +%files -n python3-%{name} +%{_sbindir}/%{name} +%{_sbindir}/%{name}-3 +%{_sbindir}/%{name}-%{python3_version} +%{python3_sitelib}/preludecorrelator/ +%{python3_sitelib}/prelude_correlator-%{version}-py%{python3_version}.egg-info + +%changelog +* Sat Feb 04 2017 Thomas Andrejak - 3.1.0-1 +- Bump version + +* Thu Feb 14 2013 Fedora Release Engineering - 1:1.0.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jul 21 2012 Fedora Release Engineering - 1:1.0.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jan 14 2012 Fedora Release Engineering - 1:1.0.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 1:1.0.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jul 21 2010 David Malcolm - 1:1.0.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Sun May 02 2010 Steve Grubb - 1.0.0-1 +- New upstream release + +* Tue Mar 09 2010 Steve Grubb - 1.0.0rc4-1 +- New upstream release + +* Mon Feb 01 2010 Steve Grubb - 1.0.0rc2-1 +- New upstream release + +* Tue Nov 03 2009 Steve Grubb - 0.9.0-0.10.beta8 +- New beta release + +* Sun Jul 26 2009 Fedora Release Engineering - 0.9.0-0.9.beta6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 10 2009 Steve Grubb 0.9.0-0.8.beta6 +- New beta release + +* Mon Mar 02 2009 Steve Grubb 0.9.0-0.7.beta3 +- Fix bz#484361 Error message regarding missing arguments lua ruleset + +* Thu Feb 26 2009 Fedora Release Engineering - 0.9.0-0.6.beta3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Dec 05 2008 Steve Grubb 0.9.0-0.5.beta3 +- Fix bz#469824 Correct brute force correlation rules +- Add signal header to prelude-correlator.c so it builds correctly bz 474698 +- Include unowned /usr/include/prelude-correlator directory + +*Fri Jul 11 2008 Steve Grubb 0.9.0-0.3.beta3 +- New beta release + +*Thu Jul 03 2008 Steve Grubb 0.9.0-0.1.beta2 +- Initial packaging diff --git a/sources b/sources new file mode 100644 index 0000000..a016d10 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (prelude-correlator-3.1.0.tar.gz) = f44d805445c19af1f80f2662b7c5d2678e9928fd5cea17e1938a712157ca3ac51eaf361bd164ec6fa38836461b3719cf739232c130f3c784cf692e1588256d79