suricata: add systemd unit

Based on the debian systemd unit. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-05-07 04:58:47 +00:00 · 2018-08-01 10:09:22 +02:00
parent a0a3160923
commit e58ad185be
2 changed files with 35 additions and 2 deletions
@@ -0,0 +1,20 @@
+[Unit]
+Description=Suricata IDS/IDP daemon
+After=network.target
+Requires=network.target
+Documentation=man:suricata(8) man:suricatasc(8)
+Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki
+
+[Service]
+Type=simple
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+RestrictAddressFamilies=
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
+ExecReload=/bin/kill -HUP $MAINPID
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=yes
+
+[Install]
+WantedBy=multi-user.target
+
@@ -7,9 +7,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
 SRC_URI += " \
           file://volatiles.03_suricata \
           file://suricata.yaml \
+           file://suricata.service \
           "

-inherit autotools-brokensep pkgconfig python-dir 
+inherit autotools-brokensep pkgconfig python-dir systemd 

 CFLAGS += "-D_DEFAULT_SOURCE"

@@ -45,6 +46,16 @@ do_install_append () {
    install -m 644 reference.config ${D}${sysconfdir}/suricata
    install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
    install -m 0644 ${WORKDIR}/volatiles.03_suricata  ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
+
+    install -d ${D}${systemd_unitdir}/system
+    sed  -e s:/etc:${sysconfdir}:g \
+         -e s:/var/run:/run:g \
+         -e s:/var:${localstatedir}:g \
+         -e s:/usr/bin:${bindir}:g \
+         -e s:/bin/kill:${base_bindir}/kill:g \
+         -e s:/usr/lib:${libdir}:g \
+         ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+
 }

 pkg_postinst_ontarget_${PN} () {
@@ -53,8 +64,10 @@ if [ -e /etc/init.d/populate-volatile.sh ] ; then
 fi
 }

+SYSTEMD_PACKAGES = "${PN}"
+
 PACKAGES =+ "${PN}-python"
-FILES_${PN} += "${logdir}/suricata"
+FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
 FILES_${PN}-python = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"

 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"