OpenBSD Installation from GIT with Chef¶
The following recipe will get the git repositories, build libjansson, libhtp and suricata.
It'll add a /etc/rc.d/suricata and uses a suricata.yaml from the cookbook (add your own version of it)
The patches are about python2.7 "specials" on OpenBSD.
Developed and tested on OpenBSD 5.5
directory "/home/suricata/build" do
recursive true
owner "root"
mode 0755
action :create
end
git "/home/suricata/build/jansson" do
repository "https://github.com/akheron/jansson.git"
end
git "/home/suricata/build/suricata" do
repository "git://phalanx.openinfosecfoundation.org/oisf.git"
end
git "/home/suricata/build/suricata/libhtp" do
repository "https://github.com/OISF/libhtp.git"
checkout_branch "0.5.17"
end
bash "install_libjansson" do
user "root"
environment({
'AUTOCONF_VERSION' => "2.69",
'AUTOMAKE_VERSION' => "1.14"
})
code <<-EOH
cd /home/suricata/build/jansson && \
autoreconf -i && \
./configure && \
make install && touch /etc/chef/lock/libjansson.created
EOH
not_if {File.exists?("/etc/chef/lock/libjansson.created")}
end
cookbook_file "/tmp/configure.ac.patch" do
source "configure.ac.patch"
end
cookbook_file "/tmp/scripts-suricatasc-Makefile.am.patch" do
source "scripts-suricatasc-Makefile.am.patch"
end
bash "install_suricata" do
user "root"
environment({
'AUTOCONF_VERSION' => "2.69",
'AUTOMAKE_VERSION' => "1.14",
'CPPFLAGS' => "-I/usr/local/include",
'CFLAGS' => "-L/usr/local/lib",
'PYTHON' => "/usr/local/bin/python2.7"
})
code <<-EOH
cd /home/suricata/build/suricata && \
patch -p1 < /tmp/configure.ac.patch && \
patch -p1 < /tmp/scripts-suricatasc-Makefile.am.patch && \
rm -f /tmp/configure.ac.patch /tmp/scripts-suricatasc-Makefile.am.patch && \
./autogen.sh && \
./configure --prefix /home/suricata --enable-unix-socket && \
make && \
make install install-conf && touch /etc/chef/lock/suricata.created && \
echo "suricata_flags=\\"--disable-detection -i em1 -D '! vlan 8 and ! dst port 5514'\\"" >> /etc/rc.conf.local
EOH
not_if {File.exists?("/etc/chef/lock/suricata.created")}
end
cookbook_file "/etc/rc.d/suricata" do
source "rc.d-suricata"
mode 0555
owner "root"
group node['root_group']
action :create
end
cookbook_file "/home/suricata/etc/suricata/suricata.yaml" do
source "suricata.yaml"
mode 0644
owner "root"
group node['root_group']
action :create
end
rc.d Script¶
If you use unix-socket, please see bug #1353, too.
#!/bin/sh
#
daemon="/home/suricata/bin/suricata"
. /etc/rc.d/rc.subr
pexp="/home/suricata/bin/suricata"
rc_pre() {
rm -f /home/suricata/var/run/suricata/*socke*
}
rc_cmd $1
Packages¶
To install packages needed for the build and runtime, please clone this cookbook:
https://github.com/joemiller/chef-openbsd.git
The following recipe snippet will install the packages listed in a role (see below):
puts " -> Install packages"
packages = node['suricata']['packages']
packages.each do |pkg,opts|
package pkg do
version "#{opts['version']}"
action :install
retries 2
retry_delay 10
end
end
role[suricata]: (shortened)
"default_attributes": {
"suricata": {
"packages": {
"pcre": {
"version": "8.33"
},
"libyaml": {
"version": "0.1.4p0"
},
"libmagic": {
"version": "5.15"
},
"libnet": {
"version": "1.1.2.1p0"
},
"autoconf": {
"version": "2.69p1"
},
"automake": {
"version": "1.14.1"
},
"python": {
"version": "2.7.6p0"
},
"libtool": {
"version": "2.4.2p0"
}
}
},
"openbsd": {
"pkg_path": "http://artfiles.org/openbsd/5.5/packages/amd64/"
}
},