Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 453224 - Review Request: prelude-correlator - Correlates IDMEF events for prelude-manager
Summary: Review Request: prelude-correlator - Correlates IDMEF events for prelude-manager
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-27 21:24 UTC by Steve Grubb
Modified: 2008-07-28 13:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-07-28 13:57:04 UTC
tmraz: fedora-review+
tkuratom: fedora-cvs+


Attachments (Terms of Use)

Description Steve Grubb 2008-06-27 21:24:47 UTC
Spec URL: http://people.redhat.com/sgrubb/files/prelude-correlator.spec
SRPM URL: http://people.redhat.com/sgrubb/files/prelude-correlator-0.9.0-1.fc9.src.rpm
Description: 

Prelude-Correlator serves to correlate, in real time, the multiple events
received by Prelude Manager. Several isolated alerts, generated from
different probes, can thus trigger a single correlation alert should the
events be related. This correlation alert then appears within the Prewikka
interface and indicates the potential target information via the set of
correlation rules.

Comment 1 Steve Grubb 2008-06-27 21:26:26 UTC
Instructions for registering prelude-correlator have been added to the prelude
HOWTO at http://people.redhat.com/sgrubb/audit/prelude.txt

Comment 2 Jason Tibbitts 2008-06-29 17:19:26 UTC
This fails to build for me:

+ install -m 755 /builddir/build/SOURCES/prelude-correlator.init
/var/tmp/prelude-correlator-0.9.0-1.fc10-root-mockbuild/etc/rc.d/init.d/prelude-correlator
install: cannot stat `/builddir/build/SOURCES/prelude-correlator.init': No such
file or directory
 

Comment 3 Steve Grubb 2008-06-29 17:52:48 UTC
Doh! Added Source1 which holds the init script. New srpm and spec file uploaded.

Comment 4 Tomas Mraz 2008-06-30 11:54:31 UTC
First comments:
Please add some meaningful text to the Summary of the main package. Something
like "Real time correlator of events received by Prelude Manager"

The version/release must match the upstream and comply with the Fedora
NamingGuidelines (the beta1b should be added to the release). version should be:
0.9.0 and release: 0.1.beta1b (0.2.beta1b, ....)

rpmlint -v prelude-correlator-0.9.0-1.fc9.x86_64.rpm
prelude-correlator.x86_64: I: checking
prelude-correlator.x86_64: E: non-standard-dir-perm
/etc/prelude-correlator/lua-rules 0700
prelude-correlator.x86_64: E: non-standard-dir-perm /etc/prelude-correlator 0700
Do these directories have to be unreadable to group/other? 

prelude-correlator.x86_64: E: zero-length
/usr/share/doc/prelude-correlator-0.9.0/AUTHORS
Please drop AUTHORS from docs if it is empty.

prelude-correlator.x86_64: W: incoherent-version-in-changelog 0.9.0.beta1b
0.9.0-1.fc9
See above.

prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
This is OK.

rpmlint -v prelude-correlator-devel-0.9.0-1.fc9.x86_64.rpm 
prelude-correlator-devel.x86_64: I: checking
prelude-correlator-devel.x86_64: W: no-documentation

rpmlint -v prelude-correlator-debuginfo-0.9.0-1.fc9.x86_64.rpm 
prelude-correlator-debuginfo.x86_64: I: checking

rpmlint -v prelude-correlator-0.9.0-1.fc9.src.rpm 
prelude-correlator.src: I: checking
prelude-correlator.src: W: mixed-use-of-spaces-and-tabs (spaces: line 20, tab:
line 74)
I think this is purely cosmetic and OK.

prelude-correlator.src: W: strange-permission prelude-correlator.init 0755
This is OK.


Comment 5 Steve Grubb 2008-06-30 12:40:09 UTC
New package is at:
http://people.redhat.com/sgrubb/files/prelude-correlator-0.9.0-0.1.beta1b.fc9.src.rpm

This addresses items 1, 2, & 5 above.

Item 3, I would expect that the perms be 0700 for the correlator directory. I
don't think you want users able to see example what the admin is watching for. I
could open it to group root without any concern, but then again it doesn't
really buy anything.

Item 4, I expect the AUTHORS file to contain something before the beta phase ends.

Comment 6 Tomas Mraz 2008-06-30 14:59:55 UTC
You use $RPM_BUILD_ROOT in %clean and %{buildroot} in %install. It should be
unified.

I think there is a missing Requires: libprelude-devel in the devel subpackage.
The include file there includes libprelude include file.

Perhaps there should be some kind of README.Fedora which would describe just in
few words the steps which are necessary to get the correlator running - such as
the registration to the prelude manager. Should the prelude-manager be required
for the correlator package? But as I understand it could be theoretically
running on another machine so perhaps not.


Comment 7 Steve Grubb 2008-06-30 16:09:56 UTC
New files were uploaded to address items 1 & 2 from comment#6. As for item 3, I
expect a man page to be added by upstream during the beta process that explains
this.

Comment 8 Steve Grubb 2008-06-30 16:11:02 UTC
And yes in large deployments, it would be a dedicated machine hence the separation.

Comment 9 Tomas Mraz 2008-06-30 17:22:32 UTC
rpmlint -v prelude-correlator-0.9.0-0.1.beta1b.fc9.src.rpm
prelude-correlator.src: I: checking
prelude-correlator.src: W: mixed-use-of-spaces-and-tabs (spaces: line 21, tab:
line 76)
prelude-correlator.src: W: strange-permission prelude-correlator.init 0755
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

OK

rpmlint -v prelude-correlator-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator.x86_64: I: checking
prelude-correlator.x86_64: E: non-standard-dir-perm
/etc/prelude-correlator/lua-rules 0700
prelude-correlator.x86_64: E: non-standard-dir-perm /etc/prelude-correlator 0700
prelude-correlator.x86_64: E: zero-length
/usr/share/doc/prelude-correlator-0.9.0/AUTHORS
prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
1 packages and 0 specfiles checked; 3 errors, 2 warnings.

OK (with comments above)

rpmlint -v prelude-correlator-devel-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator-devel.x86_64: I: checking
prelude-correlator-devel.x86_64: W: no-documentation
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

OK

rpmlint -v prelude-correlator-debuginfo-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator-debuginfo.x86_64: I: checking
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

OK

I've noticed one more thing - please remove the calls to /sbin/ldconfig from
%post and %postun, the package doesn't contain any libraries (the lua.so
bindings are not a regular library and are placed correctly in a subdirectory).

So given you fix the above APPROVED.


Comment 10 Steve Grubb 2008-06-30 17:36:08 UTC
Fixed ldconfig in spec file. New files uploaded if you wanted to check. Thanks
for looking over the package.

Comment 11 Steve Grubb 2008-07-03 12:44:24 UTC
New Package CVS Request
=======================
Package Name: prelude-correlator
Short Description: Prelude Correlator Daemon
Owners: sgrubb
Branches: F-9
InitialCC: sgrubb
Cvsextras Commits: no. This is a security package and I will add some other
committers to the package after its created.


Comment 12 Toshio Kuratomi 2008-07-04 00:09:52 UTC
CVS Done.

Comment 13 Steve Grubb 2008-07-28 13:57:04 UTC
Package is shipped in rawhide...closing.


Note You need to log in before you can comment on or make changes to this bug.