Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-firewall/psad/psad-1.4.2.ebuild
blob: a28e04c194aecb47dd714f83896103db40664c36 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-1.4.2.ebuild,v 1.2 2005/09/21 16:34:19 seemant Exp $

inherit eutils perl-module

IUSE=""

DESCRIPTION="Port Scanning Attack Detection daemon"
SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
HOMEPAGE="http://www.cipherdyne.org/psad"

SLOT="0"
LICENSE="GPL-2"
KEYWORDS="~x86 ~amd64 ~ppc ~alpha ~sparc"

DEPEND="${DEPEND}
	dev-lang/perl"

RDEPEND="virtual/logger
	dev-perl/Unix-Syslog
	dev-perl/Date-Calc
	virtual/mailx
	net-firewall/iptables"

src_compile() {
	cd ${S}/Psad
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd ${S}/Net-IPv4Addr
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd ${S}/IPTables-Parse
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd ${S}/IPTables-ChainMgr
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd ${S}/whois
	emake || die "Make failed: whois"

	cd ${S}
	# We'll use the C binaries
	emake || die "Make failed: daemons"
}

src_install() {
	local myhostname=
	local mydomain=

	doman *.8

	keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN}
	dodir /etc/psad
	cd ${S}/Psad
	emake install DESTDIR=${D} || die "Install failed: Psad.pm"

	cd ${S}/Net-IPv4Addr
	emake install DESTDIR=${D} || die "Install failed: Net-IPv4Addr.pm"

	cd ${S}/IPTables-ChainMgr
	emake install DESTDIR=${D} || die "Install failed: IPTables-Mgr.pm"

	cd ${S}/IPTables-Parse
	emake install DESTDIR=${D} || die "Install failed: IPTables-Parse.pm"

	cd ${S}/whois
	# Makefile seems borken, do install by hand...
	insinto /usr
	newbin whois whois_psad
	newman whois.1 whois_psad.1

	cd ${S}
	insinto /usr
	dosbin kmsgsd psad psadwatchd
	newsbin fwcheck_psad.pl fwcheck_psad
	dobin pscan

	cd ${S}

	fix_psad_conf

	insinto /etc/psad
	doins *.conf
	doins psad_*
	doins auto_dl icmp_types posf signatures pf.os

	cd ${S}/init-scripts
	exeinto /etc/init.d
	newexe psad-init.gentoo psad

	cd ${S}/snort_rules
	dodir /etc/psad/snort_rules
	insinto /etc/psad/snort_rules
	doins *.rules

	cd ${S}
	dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README LICENSE SCAN_LOG
}

pkg_postinst() {
	if [ ! -p ${ROOT}/var/lib/psad/psadfifo ]
	then
		ebegin "Creating syslog FIFO for PSAD"
		mknod -m 600 ${ROOT}/var/lib/psad/psadfifo p
		eend $?
	fi

	echo
	einfo "Please be sure to edit /etc/psad/psad.conf to reflect your system's"
	einfo "configuration or it may not work correctly or start up. Specifically, check"
	einfo "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES and"
	einfo "HOME_NET settings at the least."
	echo
	if has_version ">=app-admin/syslog-ng-0.0.0"
	then
		ewarn "You appear to have installed syslog-ng. If you are using syslog-ng as your"
		ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
		ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
		ewarn "		SYSLOG_DAEMON	syslog-ng;"
		echo
	fi
	if has_version ">=app-admin/sysklogd-0.0.0"
	then
		einfo "You have sysklogd installed. If this is your default system logger, no"
		einfo "special configuration is needed. If it is not, please set SYSLOG_DAEMON"
		einfo "in /etc/psad/psad.conf accordingly."
		echo
	fi
	if has_version ">=app-admin/metalog-0.0"
	then
		ewarn "You appear to have installed metalog. If you are using metalog as your"
		ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
		ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
		ewarn "		SYSLOG_DAEMON	metalog"
	fi
}

fix_psad_conf() {
	cp psad.conf psad.conf.orig

	# Ditch the _CHANGEME_ for hostname, substituting in our real hostname
	[ -e /etc/hostname ] && myhostname="$(< /etc/hostname)"
	[ "${myhostname}" == "" ] && myhostname="$HOSTNAME"
	mydomain=".$(grep ^domain /etc/resolv.conf | cut -d" " -f2)"
	sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "fix_psad_conf failed"

	# Fix up paths
	sed -i "s:/sbin/syslogd:/usr/sbin/syslogd:g" psad.conf || die "fix_psad_conf failed"
	sed -i "s:/sbin/syslog-ng:/usr/sbin/syslog-ng:g" psad.conf || die "fix_psad_conf failed"
	sed -i "s:/bin/uname:/usr/bin/uname:g" psad.conf || die "fix_psad_conf failed"
	sed -i "s:/bin/mknod:/usr/bin/mknod:g" psad.conf || die "fix_psad_conf failed"
}