# Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-2.0.6.ebuild,v 1.6 2008/09/12 05:03:41 battousai Exp $ inherit eutils perl-app IUSE="" DESCRIPTION="Port Scanning Attack Detection daemon" SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2" HOMEPAGE="http://www.cipherdyne.org/psad" SLOT="0" LICENSE="GPL-2" KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" DEPEND="${DEPEND} dev-lang/perl" RDEPEND="virtual/logger dev-perl/Unix-Syslog dev-perl/Date-Calc virtual/mailx net-firewall/iptables net-misc/whois" src_compile() { cd "${S}"/Net-IPv4Addr SRC_PREP="no" perl-module_src_compile emake test cd "${S}"/IPTables-Parse SRC_PREP="no" perl-module_src_compile emake test cd "${S}"/IPTables-ChainMgr SRC_PREP="no" perl-module_src_compile emake test cd "${S}" # We'll use the C binaries emake || die "Make failed: daemons" } src_install() { local myhostname= local mydomain= doman *.8 keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN} dodir /etc/psad cd "${S}"/Net-IPv4Addr perl-module_src_install cd "${S}"/IPTables-ChainMgr perl-module_src_install cd "${S}"/IPTables-Parse perl-module_src_install cd "${S}" insinto /usr dosbin kmsgsd psad psadwatchd newsbin fwcheck_psad.pl fwcheck_psad dobin pscan cd "${S}" fix_psad_conf insinto /etc/psad doins *.conf doins psad_* doins auto_dl icmp_types ip_options posf signatures pf.os cd "${S}"/init-scripts newinitd psad-init.gentoo psad cd "${S}"/snort_rules dodir /etc/psad/snort_rules insinto /etc/psad/snort_rules doins *.rules cd "${S}" dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG } pkg_postinst() { if [ ! -p "${ROOT}"/var/lib/psad/psadfifo ] then ebegin "Creating syslog FIFO for PSAD" mknod -m 600 "${ROOT}"/var/lib/psad/psadfifo p eend $? fi echo elog "Please be sure to edit /etc/psad/psad.conf to reflect your system's" elog "configuration or it may not work correctly or start up. Specifically, check" elog "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES and" elog "HOME_NET settings at the least." elog if has_version ">=app-admin/syslog-ng-0.0.0" then ewarn "You appear to have installed syslog-ng. If you are using syslog-ng as your" ewarn "default system logger, please change the SYSLOG_DAEMON entry in" ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):" ewarn " SYSLOG_DAEMON syslog-ng;" ewarn fi if has_version ">=app-admin/sysklogd-0.0.0" then elog "You have sysklogd installed. If this is your default system logger, no" elog "special configuration is needed. If it is not, please set SYSLOG_DAEMON" elog "in /etc/psad/psad.conf accordingly." elog fi if has_version ">=app-admin/metalog-0.0" then ewarn "You appear to have installed metalog. If you are using metalog as your" ewarn "default system logger, please change the SYSLOG_DAEMON entry in" ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):" ewarn " SYSLOG_DAEMON metalog" fi ewarn "NOTE: You need firewall rules to log dropped packets. Otherwise PSAD will" ewarn "not be aware of any port scan attacks. Please see FW_EXAMPLE_RULES in the" ewarn "psad documentation directory (ie /usr/share/doc/${P}) for the criteria and" ewarn "sample rules." } fix_psad_conf() { cp psad.conf psad.conf.orig # Ditch the _CHANGEME_ for hostname, substituting in our real hostname [ -e /etc/hostname ] && myhostname="$(< /etc/hostname)" [ "${myhostname}" == "" ] && myhostname="$HOSTNAME" mydomain=".$(grep ^domain /etc/resolv.conf | cut -d" " -f2)" sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "fix_psad_conf failed" # Fix up paths sed -i "s:/sbin/syslogd:/usr/sbin/syslogd:g" psad.conf || die "fix_psad_conf failed" sed -i "s:/sbin/syslog-ng:/usr/sbin/syslog-ng:g" psad.conf || die "fix_psad_conf failed" sed -i "s:/usr/bin/whois_psad:/usr/bin/whois:g" psad.conf || die "fix_psad_conf failed" }