forked from Homebrew/homebrew-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauditbeat.rb
129 lines (110 loc) · 4.19 KB
/
auditbeat.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
class Auditbeat < Formula
desc "Lightweight Shipper for Audit Data"
homepage "https://www.elastic.co/products/beats/auditbeat"
url "https://github.com/elastic/beats.git",
:tag => "v6.8.2",
:revision => "0ffbeab5a52fa93586e4178becf1252e6a837028"
head "https://github.com/elastic/beats.git"
bottle do
cellar :any_skip_relocation
sha256 "f68fdb18435d7e186815db09c659cba26624b1bbe48bf7170af3b01437698387" => :mojave
sha256 "4a557b1777dce96f5a65213807aeb3ffd237039021bb22ef70f1e7aab0f07083" => :high_sierra
sha256 "99ef930806428dc372bcda61c53af3cc94d97cd1471a8cff0b67f8ab1184d7b6" => :sierra
end
depends_on "go" => :build
depends_on "python@2" => :build
resource "virtualenv" do
url "https://files.pythonhosted.org/packages/8b/f4/360aa656ddb0f4168aeaa1057d8784b95d1ce12f34332c1cf52420b6db4e/virtualenv-16.3.0.tar.gz"
sha256 "729f0bcab430e4ef137646805b5b1d8efbb43fe53d4a0f33328624a84a5121f7"
end
# Patch required to build against go 1.11 (Can be removed with v7.0.0)
# partially backport of https://github.com/elastic/beats/commit/8d8eaf34a6cb5f3b4565bf40ca0dc9681efea93c
patch do
url "https://raw.githubusercontent.com/Homebrew/formula-patches/a0f8cdc0/auditbeat/go1.11.diff"
sha256 "8a00cb0265b6e2de3bc76f14f2ee4f1a5355dad490f3db9288d968b3e95ae0eb"
end
def install
# remove non open source files
rm_rf "x-pack"
ENV["GOPATH"] = buildpath
(buildpath/"src/github.com/elastic/beats").install buildpath.children
ENV.prepend_create_path "PYTHONPATH", buildpath/"vendor/lib/python2.7/site-packages"
resource("virtualenv").stage do
system "python", *Language::Python.setup_install_args(buildpath/"vendor")
end
ENV.prepend_path "PATH", buildpath/"vendor/bin" # for virtualenv
ENV.prepend_path "PATH", buildpath/"bin" # for mage (build tool)
cd "src/github.com/elastic/beats/auditbeat" do
# don't build docs because it would fail creating the combined OSS/x-pack
# docs and we aren't installing them anyway
inreplace "magefile.go", "mage.GenerateModuleIncludeListGo, Docs)",
"mage.GenerateModuleIncludeListGo)"
system "make", "mage"
# prevent downloading binary wheels during python setup
system "make", "PIP_INSTALL_COMMANDS=--no-binary :all", "python-env"
system "mage", "-v", "build"
system "mage", "-v", "update"
(etc/"auditbeat").install Dir["auditbeat.*", "fields.yml"]
(libexec/"bin").install "auditbeat"
prefix.install "build/kibana"
end
prefix.install_metafiles buildpath/"src/github.com/elastic/beats"
(bin/"auditbeat").write <<~EOS
#!/bin/sh
exec #{libexec}/bin/auditbeat \
--path.config #{etc}/auditbeat \
--path.data #{var}/lib/auditbeat \
--path.home #{prefix} \
--path.logs #{var}/log/auditbeat \
"$@"
EOS
end
def post_install
(var/"lib/auditbeat").mkpath
(var/"log/auditbeat").mkpath
end
plist_options :manual => "auditbeat"
def plist; <<~EOS
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>#{plist_name}</string>
<key>Program</key>
<string>#{opt_bin}/auditbeat</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOS
end
test do
(testpath/"files").mkpath
(testpath/"config/auditbeat.yml").write <<~EOS
auditbeat.modules:
- module: file_integrity
paths:
- #{testpath}/files
output.file:
path: "#{testpath}/auditbeat"
filename: auditbeat
EOS
pid = fork do
exec "#{bin}/auditbeat", "-path.config", testpath/"config", "-path.data", testpath/"data"
end
sleep 5
begin
touch testpath/"files/touch"
sleep 30
s = IO.readlines(testpath/"auditbeat/auditbeat").last(1)[0]
assert_match "\"action\":\[\"created\"\]", s
realdirpath = File.realdirpath(testpath)
assert_match "\"path\":\"#{realdirpath}/files/touch\"", s
ensure
Process.kill "SIGINT", pid
Process.wait pid
end
end
end