Bug#959150: Add support for Prelude

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#959150: Add support for Prelude

Thomas Andrejak-2
Package: clamav

Version: 0.102.2
Please enable Prelude support:
* d/control: Add libprelude-dev Build-Depends
* d/rule: Add --enable-prelude to the ./configure
Thanks
Regards
Thomas
Reply | Threaded
Open this post in threaded view
|

Bug#959150: [Pkg-clamav-devel] Bug#959150: Add support for Prelude

Scott Kitterman-5
According to the prelude web site:

Prelude OSS is the open source edition of Prelude SIEM . Prelude OSS is aimed for evaluation, research and test purpose on very small environments. Please note that Prelude OSS performances are way lower than the Prelude SIEM edition.

What testing have you done to determine the performance implications of the proposed change?

Scott K

On April 29, 2020 11:15:43 PM UTC, Thomas Andrejak <[hidden email]> wrote:

>Package: clamav
>
>Version: 0.102.2
>
>Please enable Prelude support:
>
>* d/control: Add libprelude-dev Build-Depends
>
>* d/rule: Add --enable-prelude to the ./configure
>
>Thanks
>
>Regards
>
>Thomas

Reply | Threaded
Open this post in threaded view
|

Bug#959150: [Pkg-clamav-devel] Bug#959150: Add support for Prelude

Thomas Andrejak-2
In reply to this post by Thomas Andrejak-2

Hello

Thanks for your reply.

The performance you pointed out is about the database inserts, not the libprelude used by ClamAV. So, for an security tool, there is no performance issue. For a Prelude end user, if he gets too many alerts per seconds, there are mechanisms to filter this and do not fall into performance issues.

For your information, Suricata already enable prelude support in it's packages and there is no issue.

Regards

On Wed, 29 Apr 2020 23:31:34 +0000 Scott Kitterman <[hidden email]> wrote:
> According to the prelude web site:
>
> Prelude OSS is the open source edition of Prelude SIEM . Prelude OSS is aimed for evaluation, research and test purpose on very small environments. Please note that Prelude OSS performances are way lower than the Prelude SIEM edition.

>
> What testing have you done to determine the performance implications of the proposed change?
>
> Scott K
>
> On April 29, 2020 11:15:43 PM UTC, Thomas Andrejak <[hidden email]> wrote:
> >Package: clamav
> >
> >Version: 0.102.2
> >
> >Please enable Prelude support:
> >
> >* d/control: Add libprelude-dev Build-Depends
> >
> >* d/rule: Add --enable-prelude to the ./configure
> >
> >Thanks
> >
> >Regards
> >
> >Thomas
>

Reply | Threaded
Open this post in threaded view
|

Bug#959150: [Pkg-clamav-devel] Bug#959150: Add support for Prelude

Thomas Andrejak-2
Hello

How can I help you to go forward on this ?

Enabling prelude support should be easy

Regards

Thomas

Le jeu. 30 avr. 2020 à 09:09, Thomas Andrejak <[hidden email]> a écrit :

Hello

Thanks for your reply.

The performance you pointed out is about the database inserts, not the libprelude used by ClamAV. So, for an security tool, there is no performance issue. For a Prelude end user, if he gets too many alerts per seconds, there are mechanisms to filter this and do not fall into performance issues.

For your information, Suricata already enable prelude support in it's packages and there is no issue.

Regards

On Wed, 29 Apr 2020 23:31:34 +0000 Scott Kitterman <[hidden email]> wrote:
> According to the prelude web site:
>
> Prelude OSS is the open source edition of Prelude SIEM . Prelude OSS is aimed for evaluation, research and test purpose on very small environments. Please note that Prelude OSS performances are way lower than the Prelude SIEM edition.

>
> What testing have you done to determine the performance implications of the proposed change?
>
> Scott K
>
> On April 29, 2020 11:15:43 PM UTC, Thomas Andrejak <[hidden email]> wrote:
> >Package: clamav
> >
> >Version: 0.102.2
> >
> >Please enable Prelude support:
> >
> >* d/control: Add libprelude-dev Build-Depends
> >
> >* d/rule: Add --enable-prelude to the ./configure
> >
> >Thanks
> >
> >Regards
> >
> >Thomas
>

Reply | Threaded
Open this post in threaded view
|

Bug#959150: [Pkg-clamav-devel] Bug#959150: Bug#959150: Add support for Prelude

Sebastian Andrzej Siewior
On 2020-07-06 11:19:21 [+0200], Thomas Andrejak wrote:
> How can I help you to go forward on this ?
>
> Enabling prelude support should be easy

Let me try look at this this week.

> Regards
>
> Thomas

Sebastian

Reply | Threaded
Open this post in threaded view
|

Bug#959150: Add support for Prelude

Sebastian Andrzej Siewior
On 2020-07-07 00:24:18 [+0200], To Thomas Andrejak wrote:
> On 2020-07-06 11:19:21 [+0200], Thomas Andrejak wrote:
> > How can I help you to go forward on this ?
> >
> > Enabling prelude support should be easy
>
> Let me try look at this this week.

So enabling prelude at build time will pull in the libprelude package.
Runtime wise it does nothing unless enabled in the config file. Doesn't
look too bad.
The libprelude seems to be under GPLv2 (there parts of the library under
LGPLv2+ but my understanding is that there are parts of the library under
GPL). There is no OpenSSL license exception and my understanding is that
we need this even for dependencies. See also #924937 where this
currently discussed for other packages. I don't see that I can enable it
at this time.
There is an upcoming OpenSSL 3.0 is under the Apache-2 license which
still doesn't work unless the license is v2 or later. The alternative
would be an OpenSSL license exception. Upstream seem to have moved from
OpenSSL to GnuTLS due to license issues instead of granting an excpetion
and be done with it. See
  https://www.prelude-siem.org/issues/19

> > Regards
> >
> > Thomas
 
Sebastian

Reply | Threaded
Open this post in threaded view
|

Bug#959150: Add support for Prelude

Thomas Andrejak-2
Hello

Thanks for the reply.

Yes, the 5.1 version is under GPLv2 but next version that will be release shortly is under LGPLv2 https://www.prelude-siem.org/projects/libprelude/repository/revisions/55f478f4ae5aa8b30372e7a0e3cf20ebe52df889

So if I well understand, it will be OK with this new version ?

Is that the only issue that block the packaging for you ?

Regards

Le sam. 11 juil. 2020 à 12:32, Sebastian Andrzej Siewior <[hidden email]> a écrit :
On 2020-07-07 00:24:18 [+0200], To Thomas Andrejak wrote:
> On 2020-07-06 11:19:21 [+0200], Thomas Andrejak wrote:
> > How can I help you to go forward on this ?
> >
> > Enabling prelude support should be easy
>
> Let me try look at this this week.

So enabling prelude at build time will pull in the libprelude package.
Runtime wise it does nothing unless enabled in the config file. Doesn't
look too bad.
The libprelude seems to be under GPLv2 (there parts of the library under
LGPLv2+ but my understanding is that there are parts of the library under
GPL). There is no OpenSSL license exception and my understanding is that
we need this even for dependencies. See also #924937 where this
currently discussed for other packages. I don't see that I can enable it
at this time.
There is an upcoming OpenSSL 3.0 is under the Apache-2 license which
still doesn't work unless the license is v2 or later. The alternative
would be an OpenSSL license exception. Upstream seem to have moved from
OpenSSL to GnuTLS due to license issues instead of granting an excpetion
and be done with it. See
  https://www.prelude-siem.org/issues/19

> > Regards
> >
> > Thomas

Sebastian