Bug 453224 - Review Request: prelude-correlator - Correlates IDMEF events for prelude-manager
Review Request: prelude-correlator - Correlates IDMEF events for prelude-manager
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-27 17:24 EDT by Steve Grubb
Modified: 2008-07-28 09:57 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-28 09:57:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
tmraz: fedora‑review+
tkuratom: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2008-06-27 17:24:47 EDT
Spec URL: http://people.redhat.com/sgrubb/files/prelude-correlator.spec
SRPM URL: http://people.redhat.com/sgrubb/files/prelude-correlator-0.9.0-1.fc9.src.rpm
Description: 

Prelude-Correlator serves to correlate, in real time, the multiple events
received by Prelude Manager. Several isolated alerts, generated from
different probes, can thus trigger a single correlation alert should the
events be related. This correlation alert then appears within the Prewikka
interface and indicates the potential target information via the set of
correlation rules.
Comment 1 Steve Grubb 2008-06-27 17:26:26 EDT
Instructions for registering prelude-correlator have been added to the prelude
HOWTO at http://people.redhat.com/sgrubb/audit/prelude.txt
Comment 2 Jason Tibbitts 2008-06-29 13:19:26 EDT
This fails to build for me:

+ install -m 755 /builddir/build/SOURCES/prelude-correlator.init
/var/tmp/prelude-correlator-0.9.0-1.fc10-root-mockbuild/etc/rc.d/init.d/prelude-correlator
install: cannot stat `/builddir/build/SOURCES/prelude-correlator.init': No such
file or directory
 
Comment 3 Steve Grubb 2008-06-29 13:52:48 EDT
Doh! Added Source1 which holds the init script. New srpm and spec file uploaded.
Comment 4 Tomas Mraz 2008-06-30 07:54:31 EDT
First comments:
Please add some meaningful text to the Summary of the main package. Something
like "Real time correlator of events received by Prelude Manager"

The version/release must match the upstream and comply with the Fedora
NamingGuidelines (the beta1b should be added to the release). version should be:
0.9.0 and release: 0.1.beta1b (0.2.beta1b, ....)

rpmlint -v prelude-correlator-0.9.0-1.fc9.x86_64.rpm
prelude-correlator.x86_64: I: checking
prelude-correlator.x86_64: E: non-standard-dir-perm
/etc/prelude-correlator/lua-rules 0700
prelude-correlator.x86_64: E: non-standard-dir-perm /etc/prelude-correlator 0700
Do these directories have to be unreadable to group/other? 

prelude-correlator.x86_64: E: zero-length
/usr/share/doc/prelude-correlator-0.9.0/AUTHORS
Please drop AUTHORS from docs if it is empty.

prelude-correlator.x86_64: W: incoherent-version-in-changelog 0.9.0.beta1b
0.9.0-1.fc9
See above.

prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
This is OK.

rpmlint -v prelude-correlator-devel-0.9.0-1.fc9.x86_64.rpm 
prelude-correlator-devel.x86_64: I: checking
prelude-correlator-devel.x86_64: W: no-documentation

rpmlint -v prelude-correlator-debuginfo-0.9.0-1.fc9.x86_64.rpm 
prelude-correlator-debuginfo.x86_64: I: checking

rpmlint -v prelude-correlator-0.9.0-1.fc9.src.rpm 
prelude-correlator.src: I: checking
prelude-correlator.src: W: mixed-use-of-spaces-and-tabs (spaces: line 20, tab:
line 74)
I think this is purely cosmetic and OK.

prelude-correlator.src: W: strange-permission prelude-correlator.init 0755
This is OK.
Comment 5 Steve Grubb 2008-06-30 08:40:09 EDT
New package is at:
http://people.redhat.com/sgrubb/files/prelude-correlator-0.9.0-0.1.beta1b.fc9.src.rpm

This addresses items 1, 2, & 5 above.

Item 3, I would expect that the perms be 0700 for the correlator directory. I
don't think you want users able to see example what the admin is watching for. I
could open it to group root without any concern, but then again it doesn't
really buy anything.

Item 4, I expect the AUTHORS file to contain something before the beta phase ends.
Comment 6 Tomas Mraz 2008-06-30 10:59:55 EDT
You use $RPM_BUILD_ROOT in %clean and %{buildroot} in %install. It should be
unified.

I think there is a missing Requires: libprelude-devel in the devel subpackage.
The include file there includes libprelude include file.

Perhaps there should be some kind of README.Fedora which would describe just in
few words the steps which are necessary to get the correlator running - such as
the registration to the prelude manager. Should the prelude-manager be required
for the correlator package? But as I understand it could be theoretically
running on another machine so perhaps not.
Comment 7 Steve Grubb 2008-06-30 12:09:56 EDT
New files were uploaded to address items 1 & 2 from comment#6. As for item 3, I
expect a man page to be added by upstream during the beta process that explains
this.
Comment 8 Steve Grubb 2008-06-30 12:11:02 EDT
And yes in large deployments, it would be a dedicated machine hence the separation.
Comment 9 Tomas Mraz 2008-06-30 13:22:32 EDT
rpmlint -v prelude-correlator-0.9.0-0.1.beta1b.fc9.src.rpm
prelude-correlator.src: I: checking
prelude-correlator.src: W: mixed-use-of-spaces-and-tabs (spaces: line 21, tab:
line 76)
prelude-correlator.src: W: strange-permission prelude-correlator.init 0755
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

OK

rpmlint -v prelude-correlator-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator.x86_64: I: checking
prelude-correlator.x86_64: E: non-standard-dir-perm
/etc/prelude-correlator/lua-rules 0700
prelude-correlator.x86_64: E: non-standard-dir-perm /etc/prelude-correlator 0700
prelude-correlator.x86_64: E: zero-length
/usr/share/doc/prelude-correlator-0.9.0/AUTHORS
prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
prelude-correlator.x86_64: W: incoherent-subsys
/etc/rc.d/init.d/prelude-correlator $prog
1 packages and 0 specfiles checked; 3 errors, 2 warnings.

OK (with comments above)

rpmlint -v prelude-correlator-devel-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator-devel.x86_64: I: checking
prelude-correlator-devel.x86_64: W: no-documentation
1 packages and 0 specfiles checked; 0 errors, 1 warnings.

OK

rpmlint -v prelude-correlator-debuginfo-0.9.0-0.1.beta1b.fc9.x86_64.rpm
prelude-correlator-debuginfo.x86_64: I: checking
1 packages and 0 specfiles checked; 0 errors, 0 warnings.

OK

I've noticed one more thing - please remove the calls to /sbin/ldconfig from
%post and %postun, the package doesn't contain any libraries (the lua.so
bindings are not a regular library and are placed correctly in a subdirectory).

So given you fix the above APPROVED.
Comment 10 Steve Grubb 2008-06-30 13:36:08 EDT
Fixed ldconfig in spec file. New files uploaded if you wanted to check. Thanks
for looking over the package.
Comment 11 Steve Grubb 2008-07-03 08:44:24 EDT
New Package CVS Request
=======================
Package Name: prelude-correlator
Short Description: Prelude Correlator Daemon
Owners: sgrubb
Branches: F-9
InitialCC: sgrubb
Cvsextras Commits: no. This is a security package and I will add some other
committers to the package after its created.
Comment 12 Toshio Kuratomi 2008-07-03 20:09:52 EDT
CVS Done.
Comment 13 Steve Grubb 2008-07-28 09:57:04 EDT
Package is shipped in rawhide...closing.

Note You need to log in before you can comment on or make changes to this bug.