diff options
| -rw-r--r-- | .SRCINFO | 59 | ||||
| -rw-r--r-- | PKGBUILD | 161 | ||||
| -rw-r--r-- | auditbeat.install | 6 | ||||
| -rw-r--r-- | auditbeat.service | 16 | ||||
| -rw-r--r-- | filebeat.service | 15 | ||||
| -rw-r--r-- | heartbeat.service | 16 | ||||
| -rw-r--r-- | journalbeat.service | 16 | ||||
| -rw-r--r-- | metricbeat.service | 16 | ||||
| -rw-r--r-- | packetbeat.service | 11 | ||||
| -rw-r--r-- | tmpfile.conf | 2 |
10 files changed, 318 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..351dc9913117 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,59 @@ +pkgbase = beats + pkgdesc = Data shippers for Elasticsearch + pkgver = 7.10.2 + pkgrel = 1 + url = https://www.elastic.co/products/beats + arch = x86_64 + license = Apache + makedepends = go + makedepends = git + makedepends = libpcap + makedepends = rsync + makedepends = python-virtualenv + makedepends = audit + makedepends = systemd + depends = glibc + optdepends = elasticsearch: for standalone installation + optdepends = python: for migration script + options = !makeflags + source = https://github.com/elastic/beats/archive/v7.10.2/beats-7.10.2.tar.gz + source = filebeat.service + source = packetbeat.service + source = metricbeat.service + source = heartbeat.service + source = auditbeat.service + source = journalbeat.service + source = tmpfile.conf + sha512sums = eba0cda8521068f4d15dfb39808695a8de47a568e4d11949746a8f698aaff6825848d5e524bd16b0e555786e277512014dfe33d4daee8c3acef9a9867653c1c3 + sha512sums = 4d8b160482ba27bdc63c79592f310f2c9bcd2e8e5d3aec5ba9d953f37916bffef57c0f21e3776f4712f87e9a1b90e42dba6058f72bbc4c75380a959276183a59 + sha512sums = f1e6fe6b677db31326433f4e3eef72356573c6947d653dbe6bc2151581444f80e09343fbf8544952aae82a061b87705e39c8741ea8e402ad53ac3552f532cfea + sha512sums = 7e4081b5173d1b58a783f1808f1a9ba4548498de87bdfc1960538d6df4f4da8f900f0e027aeff83ebfe0d81e6aa91db77c520bda76441e6bcaa6fd8a79fbb57a + sha512sums = 5f20f160fea1d517d98cf220dc15ca7fa883fbbb3fde78255bbdd6f70ae556b4d750462af49599e27fefdc435761eedcc8bd06f4870211bc35bffa246e1e9dd3 + sha512sums = f9e015a0789946ff78a62839c9d0af40e557774e14df6de9008d5fa7786377131c74111332496ec7e6303467eb4151b185a2a4cfaa8a1e77c894be50fc22d69b + sha512sums = 45c986c3bca6fed329ff9c8f1f9c3f7de7d2a072227bed618b20cd03eb045f321995b97fa5a10a93cdbb699bfb4739d7e8256c6a99e985477532fa2dcfb58082 + sha512sums = b6bf266c04395c6733f0e57c5acf1d8f385a2b898c36f0af201c0702ac8c8c77cbad925c01670d799a1f173e85745a17baa13fda48119b2e022f9c47f9ce4fc9 + +pkgname = metricbeat + pkgdesc = Server monitoring agent that sends metrics to Elasticsearch + conflicts = topbeat + replaces = topbeat + +pkgname = filebeat + pkgdesc = Sends log files to Logstash or directly to Elasticsearch + +pkgname = packetbeat + pkgdesc = Analyzes network traffic and sends the data to Elasticsearch + depends = libpcap + +pkgname = heartbeat-elastic + pkgdesc = Ping remote services for availability and log results to Elasticsearch or send to Logstash + conflicts = heartbeat + replaces = heartbeat + +pkgname = auditbeat + pkgdesc = Audit the activities of users and processes on your system + install = auditbeat.install + depends = audit + +pkgname = journalbeat + pkgdesc = Data collector to ship systemd journal entries to Elasticsearch or Logstash diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..cd4152e4ddac --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,161 @@ +# Maintainer: Massimiliano Torromeo <massimiliano.torromeo@gmail.com> +# Contributor: Tyler Langlois <ty |at| tjll |dot| net> + +pkgbase=beats +pkgname=(metricbeat filebeat packetbeat heartbeat-elastic auditbeat journalbeat) +pkgver=7.10.2 +pkgrel=1 +pkgdesc='Data shippers for Elasticsearch' +arch=('x86_64') +url='https://www.elastic.co/products/beats' +license=('Apache') +depends=('glibc') +makedepends=('go' 'git' 'libpcap' 'rsync' 'python-virtualenv' 'audit' 'systemd') +optdepends=('elasticsearch: for standalone installation' + 'python: for migration script') +options=('!makeflags') +source=("https://github.com/elastic/beats/archive/v$pkgver/beats-$pkgver.tar.gz" + "filebeat.service" + "packetbeat.service" + "metricbeat.service" + "heartbeat.service" + "auditbeat.service" + "journalbeat.service" + "tmpfile.conf") +sha512sums=('eba0cda8521068f4d15dfb39808695a8de47a568e4d11949746a8f698aaff6825848d5e524bd16b0e555786e277512014dfe33d4daee8c3acef9a9867653c1c3' + '4d8b160482ba27bdc63c79592f310f2c9bcd2e8e5d3aec5ba9d953f37916bffef57c0f21e3776f4712f87e9a1b90e42dba6058f72bbc4c75380a959276183a59' + 'f1e6fe6b677db31326433f4e3eef72356573c6947d653dbe6bc2151581444f80e09343fbf8544952aae82a061b87705e39c8741ea8e402ad53ac3552f532cfea' + '7e4081b5173d1b58a783f1808f1a9ba4548498de87bdfc1960538d6df4f4da8f900f0e027aeff83ebfe0d81e6aa91db77c520bda76441e6bcaa6fd8a79fbb57a' + '5f20f160fea1d517d98cf220dc15ca7fa883fbbb3fde78255bbdd6f70ae556b4d750462af49599e27fefdc435761eedcc8bd06f4870211bc35bffa246e1e9dd3' + 'f9e015a0789946ff78a62839c9d0af40e557774e14df6de9008d5fa7786377131c74111332496ec7e6303467eb4151b185a2a4cfaa8a1e77c894be50fc22d69b' + '45c986c3bca6fed329ff9c8f1f9c3f7de7d2a072227bed618b20cd03eb045f321995b97fa5a10a93cdbb699bfb4739d7e8256c6a99e985477532fa2dcfb58082' + 'b6bf266c04395c6733f0e57c5acf1d8f385a2b898c36f0af201c0702ac8c8c77cbad925c01670d799a1f173e85745a17baa13fda48119b2e022f9c47f9ce4fc9') + +prepare() { + export GOPATH="$srcdir"/go + mkdir -p "$GOPATH" + + cd "$srcdir"/beats-$pkgver + git init # git root required by one of the build scripts + + # Perform some timestomping to avoid make warnings + LANG=C _t="$(date -r Makefile +'%Y-%m-%d %k:%M:%S')" + touch -m -d "$_t" */Makefile + + # Use version instead of commit id + sed -ri "s/^COMMIT_ID=.*/COMMIT_ID=$pkgver/" libbeat/scripts/Makefile + sed -ri "s/\bcommitHash, err =.*/commitHash = \"$pkgver\"\nerr = nil/;/github.com\/magefile\/mage\/sh/d" dev-tools/mage/settings.go + + # Use version of MarkupSafe with fix for setuptools + sed -i "s/MarkupSafe==1\.0/MarkupSafe==1.1.1/" libbeat/tests/system/requirements.txt + + # Missing BEAT_NAME in metricbeat Makefile + sed -i '1i BEAT_NAME?=metricbeat' metricbeat/Makefile +} + +build() { + export CGO_LDFLAGS="${LDFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw" + export GOPATH="$srcdir"/go + export PATH="$GOPATH/bin:$PATH" + + cd "$srcdir"/beats-$pkgver + cd libbeat + make update + + for beat in ${pkgname[@]}; do + beat="${beat%-elastic}" + echo "-> Building $beat..." + cd ../$beat + if [[ $beat == "metricbeat" ]]; then + make mage + mage build + else + make $beat + fi + mage update + done +} + +_do_package_beat() { + _pkgname="${pkgname%-elastic}" + + backup=(etc/$_pkgname/$_pkgname.yml) + + install -dm755 "$pkgdir"/{etc,usr/share,usr/share/licenses,var/lib}/$_pkgname + install -dm755 "$pkgdir"/usr/lib/tmpfiles.d + + cd "$srcdir"/beats-$pkgver + install -Dm644 NOTICE.txt "$pkgdir"/usr/share/licenses/$pkgname/NOTICE.txt + + cd $_pkgname + + cp $_pkgname.{yml,reference.yml} "$pkgdir"/etc/$_pkgname + install -Dm644 fields.yml "$pkgdir"/etc/$_pkgname/fields.yml + + install -Dm755 $_pkgname \ + "$pkgdir"/usr/bin/$_pkgname + install -Dm644 "$srcdir"/$_pkgname.service \ + "$pkgdir"/usr/lib/systemd/system/$_pkgname.service + + sed "s/BEATNAME/$_pkgname/g" "$srcdir"/tmpfile.conf > "$pkgdir"/usr/lib/tmpfiles.d/$_pkgname.conf + + if [ -d build/kibana ]; then + cp -R build/kibana "$pkgdir"/usr/share/$_pkgname/ + elif [ -d _meta/kibana.generated ]; then + cp -R _meta/kibana.generated "$pkgdir"/usr/share/$_pkgname/kibana + fi +} + +package_filebeat() { + pkgdesc='Sends log files to Logstash or directly to Elasticsearch' + + _do_package_beat + cp -R build/package/modules.d "$pkgdir"/etc/$_pkgname/ + cp -R build/package/module "$pkgdir"/usr/share/$_pkgname/ +} + +package_packetbeat() { + pkgdesc='Analyzes network traffic and sends the data to Elasticsearch' + depends=('libpcap') + + _do_package_beat +} + +package_metricbeat() { + pkgdesc='Server monitoring agent that sends metrics to Elasticsearch' + conflicts=('topbeat') + replaces=('topbeat') + + _do_package_beat + cp -R modules.d "$pkgdir"/etc/$_pkgname/ +} + +package_heartbeat-elastic() { + pkgdesc='Ping remote services for availability and log results to Elasticsearch or send to Logstash' + conflicts=('heartbeat') + replaces=('heartbeat') + + _do_package_beat + cp -R monitors.d "$pkgdir"/etc/$_pkgname/ +} + +package_auditbeat() { + pkgdesc='Audit the activities of users and processes on your system' + depends=('audit') + install='auditbeat.install' + + _do_package_beat + install -D module/auditd/_meta/audit.rules.d/sample-rules-linux-64bit.conf "$pkgdir"/etc/$_pkgname/audit.rules.d/sample-rules.conf.disabled +} + +package_journalbeat() { + pkgdesc='Data collector to ship systemd journal entries to Elasticsearch or Logstash' + + _do_package_beat +} + +# vim: ts=4 sw=4 et: diff --git a/auditbeat.install b/auditbeat.install new file mode 100644 index 000000000000..6fbd95a33cdf --- /dev/null +++ b/auditbeat.install @@ -0,0 +1,6 @@ +post_install() { + echo "CONFIG_AUDIT is disabled in the Arch kernel packages so a custom kernel" + echo "is required for the Auditbeat auditd module to work. However, some features" + echo "like the the file integrity module will work fine without kernel audit support." + echo "The package linux-hardened has full support for audit." +} diff --git a/auditbeat.service b/auditbeat.service new file mode 100644 index 000000000000..af7cef417e4e --- /dev/null +++ b/auditbeat.service @@ -0,0 +1,16 @@ +[Unit] +Description=Audit the activities of users and processes on your system. +Documentation=https://www.elastic.co/products/beats/auditbeat +Wants=network-online.target +After=network-online.target + +[Service] + +Environment="BEAT_LOG_OPTS=-e" +Environment="BEAT_CONFIG_OPTS=-c /etc/auditbeat/auditbeat.yml" +Environment="BEAT_PATH_OPTS=-path.home /usr/share/auditbeat -path.config /etc/auditbeat -path.data /var/lib/auditbeat -path.logs /var/log/auditbeat" +ExecStart=/usr/bin/auditbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/filebeat.service b/filebeat.service new file mode 100644 index 000000000000..080ecc8398f2 --- /dev/null +++ b/filebeat.service @@ -0,0 +1,15 @@ +[Unit] +Description=Filebeat sends log files to Logstash or directly to Elasticsearch. +Documentation=https://www.elastic.co/products/beats/filebeat +Wants=network-online.target +After=network-online.target + +[Service] +Environment="BEAT_LOG_OPTS=-e" +Environment="BEAT_CONFIG_OPTS=-c /etc/filebeat/filebeat.yml" +Environment="BEAT_PATH_OPTS=-path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat" +ExecStart=/usr/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/heartbeat.service b/heartbeat.service new file mode 100644 index 000000000000..6116c2b2dc94 --- /dev/null +++ b/heartbeat.service @@ -0,0 +1,16 @@ +[Unit] +Description=Ping remote services for availability and log results to Elasticsearch or send to Logstash. +Documentation=https://www.elastic.co/products/beats/heartbeat +Wants=network-online.target +After=network-online.target + +[Service] + +Environment="BEAT_LOG_OPTS=-e" +Environment="BEAT_CONFIG_OPTS=-c /etc/heartbeat/heartbeat.yml" +Environment="BEAT_PATH_OPTS=-path.home /usr/share/heartbeat -path.config /etc/heartbeat -path.data /var/lib/heartbeat -path.logs /var/log/heartbeat" +ExecStart=/usr/bin/heartbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/journalbeat.service b/journalbeat.service new file mode 100644 index 000000000000..efc9af6f7118 --- /dev/null +++ b/journalbeat.service @@ -0,0 +1,16 @@ +[Unit] +Description=Journalbeat ships systemd journal entries to Elasticsearch or Logstash. +Documentation=https://www.elastic.co/products/beats/journalbeat +Wants=network-online.target +After=network-online.target + +[Service] + +Environment="BEAT_LOG_OPTS=-e" +Environment="BEAT_CONFIG_OPTS=-c /etc/journalbeat/journalbeat.yml" +Environment="BEAT_PATH_OPTS=-path.home /usr/share/journalbeat -path.config /etc/journalbeat -path.data /var/lib/journalbeat -path.logs /var/log/journalbeat" +ExecStart=/usr/bin/journalbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/metricbeat.service b/metricbeat.service new file mode 100644 index 000000000000..4d766b9e32e6 --- /dev/null +++ b/metricbeat.service @@ -0,0 +1,16 @@ +[Unit] +Description=Metricbeat is a lightweight shipper for metrics. +Documentation=https://www.elastic.co/products/beats/metricbeat +Wants=network-online.target +After=network-online.target + +[Service] + +Environment="BEAT_LOG_OPTS=-e" +Environment="BEAT_CONFIG_OPTS=-c /etc/metricbeat/metricbeat.yml" +Environment="BEAT_PATH_OPTS=-path.home /usr/share/metricbeat -path.config /etc/metricbeat -path.data /var/lib/metricbeat -path.logs /var/log/metricbeat" +ExecStart=/usr/bin/metricbeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/packetbeat.service b/packetbeat.service new file mode 100644 index 000000000000..36645d781edc --- /dev/null +++ b/packetbeat.service @@ -0,0 +1,11 @@ +[Unit] +Description=Real-Time Packet Analyzer +Documentation=https://www.elastic.co/guide/en/beats/packetbeat/current/index.html +After=network.target + +[Service] +ExecStart=/usr/bin/packetbeat -c /etc/packetbeat/packetbeat.yml -path.home /usr/share/packetbeat -path.config /etc/packetbeat -path.data /var/lib/packetbeat -path.logs /var/log/packetbeat +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/tmpfile.conf b/tmpfile.conf new file mode 100644 index 000000000000..447614b04b86 --- /dev/null +++ b/tmpfile.conf @@ -0,0 +1,2 @@ +d /var/log/BEATNAME 0755 root root - +d /var/lib/BEATNAME 0755 root root - |