cortex: new ebuild

app-forensics/cortex/Manifest

@@ -0,0 +1 @@
+DIST cortex_2.1.3-1_all.deb 107780298 BLAKE2B 3e85d1247e02d897545598132854fcdf516f027a4acf7d05389ec1423fcf236101c45e59b0133cb0fbae129d5aaa1116a26b3c0fe367cd8bd646cdb7e729894c SHA512 fe2de075def7ef532f4ad90343db4e642dc20f80f45abbec46459a240a50c7e873a464f884f96d283a63e692f4daf8ef4afad12ab5c7a58ddfb6c4bfafbd853c

app-forensics/cortex/cortex-2.1.3.ebuild

@@ -0,0 +1,54 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd unpacker user
+
+DESCRIPTION="A powerful observable analysis and active response engine"
+HOMEPAGE="https://thehive-project.org/ https://github.com/TheHive-Project/Cortex"
+SRC_URI="https://dl.bintray.com/thehive-project//debian-stable/cortex_${PV}-1_all.deb"
+LICENSE="AGPL-3"
+SLOT=0
+KEYWORDS="~amd64"
+IUSE=""
+
+DEPEND="$(unpacker_src_uri_depends)"
+RDEPEND="
+	<=app-misc/elasticsearch-5.6.16
+	virtual/jre"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /dev/null ${PN}
+}
+
+src_install() {
+	doins -r "opt/"
+
+	insinto "/etc/cortex"
+	doins -r "etc/cortex"/*
+
+	systemd_dounit "etc/systemd/system/cortex.service"
+	newinitd "${FILESDIR}"/cortex.initd cortex
+	newconfd "${FILESDIR}"/cortex.confd cortex
+
+	keepdir "/var/log/cortex"
+
+	fowners -R ${PN}:${PN} "/var/log/cortex" "/opt/cortex" "/etc/cortex"
+	fperms 0750 "/etc/cortex" "/var/log/cortex"
+	fperms +x "/opt/cortex/bin/cortex"
+}
+
+pkg_postinst() {
+	ewarn "\n1) Before starting please change the line from file \"application.conf\" (/etc/cortex/application.conf):"
+	ewarn "    #play.http.secret.key=\"***CHANGEME***\""
+	ewarn "  to"
+	ewarn "    play.http.secret.key=\"<YoUr_some_Secret_KeY>\""
+	einfo "\n2) Start the \"cortex\" service:"
+	einfo "    ~$ sudo rc-service cortex start"
+	einfo "\n3) Wait a few seconds and open in your browser: http://127.0.0.1:9001\n"
+	einfo "See documentation: https://github.com/TheHive-Project/CortexDocs\n"
+}

app-forensics/cortex/files/cortex.confd

@@ -0,0 +1,15 @@
+# /etc/conf.d/cortex: config file for /etc/init.d/cortex
+
+# #####################################
+# ##### Environment Configuration #####
+# #####################################
+
+# *WARNING* This file is not read by if you are using systemd
+
+# This file gets sourced before the actual startscript
+# gets executed. You can use this file to provide
+# environment variables
+
+TH_OPTS="
+	-Dconfig.file=/etc/cortex/application.conf
+	-Dlogger.file=/etc/cortex/logback.xml"

app-forensics/cortex/files/cortex.initd

@@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="A powerful observable analysis and active response engine"
+command="/opt/cortex/bin/cortex"
+command_background="true"
+command_user="cortex:cortex"
+command_args="${TH_OPTS} -Dpidfile.path=/dev/null"
+command_progress="yes"
+pidfile="/run/${RC_SVCNAME}.pid"
+start_stop_daemon_args="--quiet"
+retry="SIGTERM/50"
+
+depend() {
+	need elasticsearch
+}
+
+# vim: set ft=gentoo-init-d ts=4 :

app-forensics/cortex/metadata.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>email@linxon.ru</email>
+		<name>Yury Martynov</name>
+	</maintainer>
+</pkgmetadata>

app-forensics/thehive/files/thehive.initd

@@ -4,7 +4,7 @@
 
 description="A scalable 4-in-1 open source and free Security Incident Response Platform"
 command="/opt/thehive/bin/thehive"
-command_background=true
+command_background="true"
 command_user="thehive:thehive"
 command_args="${TH_OPTS} -Dpidfile.path=/dev/null"
 command_progress="yes"

app-forensics/thehive/thehive-3.3.1.ebuild

@@ -50,10 +50,11 @@ pkg_postinst() {
 	ewarn "    #play.http.secret.key=\"***changeme***\""
 	ewarn "  to"
 	ewarn "    play.http.secret.key=\"<YoUr_some_Secret_KeY>\""
-	ewarn "\n2 Configure search engine. Use a descriptive name for your cluster/node (/etc/elasticsearch/elasticsearch.yml):"
+	ewarn "\n2) Configure search engine. Use a descriptive name for your cluster/node (/etc/elasticsearch/elasticsearch.yml):"
 	ewarn "    cluster.name: hive"
 	ewarn "    node.name: the_hive"
 	einfo "\n3) Start the \"thehive\" service:"
 	einfo "    ~$ sudo rc-service thehive start"
 	einfo "\n4) Wait a few seconds and open in your browser: http://127.0.0.1:9000\n"
+	einfo "See documentation: https://github.com/TheHive-Project/TheHiveDocs\n"
 }