106 lines
3.4 KiB
Ruby
106 lines
3.4 KiB
Ruby
class Auditbeat < Formula
|
|
desc "Lightweight Shipper for Audit Data"
|
|
homepage "https://www.elastic.co/products/beats/auditbeat"
|
|
url "https://github.com/elastic/beats.git",
|
|
tag: "v7.11.1",
|
|
revision: "9b2fecb327a29fe8d0477074d8a2e42a3fabbc4b"
|
|
license "Apache-2.0"
|
|
head "https://github.com/elastic/beats.git"
|
|
|
|
bottle do
|
|
sha256 cellar: :any_skip_relocation, arm64_big_sur: "c365ec017a6dbea9330ad8887fda5559bebe5437c099d3f077ea522bbc6bbad5"
|
|
sha256 cellar: :any_skip_relocation, big_sur: "1fd89c5e94e8e297e47967bdf2beb6348975f9698dfcd09dbfaeadc9c02d6101"
|
|
sha256 cellar: :any_skip_relocation, catalina: "0ff3aa4f90b9f5ef35d7d61098adaa111bd6e4892bce1dcc573ae79bdb07515d"
|
|
sha256 cellar: :any_skip_relocation, mojave: "400d1e257fee397b6225b398e314f5c85922a3232bb865f2a856f13c7907f652"
|
|
end
|
|
|
|
depends_on "go" => :build
|
|
depends_on "python@3.9" => :build
|
|
|
|
def install
|
|
# remove non open source files
|
|
rm_rf "x-pack"
|
|
|
|
ENV["GOPATH"] = buildpath
|
|
(buildpath/"src/github.com/elastic/beats").install buildpath.children
|
|
ENV.prepend_path "PATH", buildpath/"bin" # for mage (build tool)
|
|
|
|
cd "src/github.com/elastic/beats/auditbeat" do
|
|
# don't build docs because it would fail creating the combined OSS/x-pack
|
|
# docs and we aren't installing them anyway
|
|
inreplace "magefile.go", "devtools.GenerateModuleIncludeListGo, Docs)",
|
|
"devtools.GenerateModuleIncludeListGo)"
|
|
|
|
system "make", "mage"
|
|
# prevent downloading binary wheels during python setup
|
|
system "make", "PIP_INSTALL_PARAMS=--no-binary :all", "python-env"
|
|
system "mage", "-v", "build"
|
|
system "mage", "-v", "update"
|
|
|
|
(etc/"auditbeat").install Dir["auditbeat.*", "fields.yml"]
|
|
(libexec/"bin").install "auditbeat"
|
|
prefix.install "build/kibana"
|
|
end
|
|
|
|
prefix.install_metafiles buildpath/"src/github.com/elastic/beats"
|
|
|
|
(bin/"auditbeat").write <<~EOS
|
|
#!/bin/sh
|
|
exec #{libexec}/bin/auditbeat \
|
|
--path.config #{etc}/auditbeat \
|
|
--path.data #{var}/lib/auditbeat \
|
|
--path.home #{prefix} \
|
|
--path.logs #{var}/log/auditbeat \
|
|
"$@"
|
|
EOS
|
|
end
|
|
|
|
def post_install
|
|
(var/"lib/auditbeat").mkpath
|
|
(var/"log/auditbeat").mkpath
|
|
end
|
|
|
|
plist_options manual: "auditbeat"
|
|
|
|
def plist
|
|
<<~EOS
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
|
|
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>Label</key>
|
|
<string>#{plist_name}</string>
|
|
<key>Program</key>
|
|
<string>#{opt_bin}/auditbeat</string>
|
|
<key>RunAtLoad</key>
|
|
<true/>
|
|
</dict>
|
|
</plist>
|
|
EOS
|
|
end
|
|
|
|
test do
|
|
(testpath/"files").mkpath
|
|
(testpath/"config/auditbeat.yml").write <<~EOS
|
|
auditbeat.modules:
|
|
- module: file_integrity
|
|
paths:
|
|
- #{testpath}/files
|
|
output.file:
|
|
path: "#{testpath}/auditbeat"
|
|
filename: auditbeat
|
|
EOS
|
|
fork do
|
|
exec "#{bin}/auditbeat", "-path.config", testpath/"config", "-path.data", testpath/"data"
|
|
end
|
|
sleep 5
|
|
touch testpath/"files/touch"
|
|
sleep 30
|
|
s = IO.readlines(testpath/"auditbeat/auditbeat").last(1)[0]
|
|
assert_match(/"action":\["(initial_scan|created)"\]/, s)
|
|
realdirpath = File.realdirpath(testpath)
|
|
assert_match "\"path\":\"#{realdirpath}/files/touch\"", s
|
|
end
|
|
end
|