| 1 |
# Copyright 1999-2012 Gentoo Foundation |
| 2 |
# Distributed under the terms of the GNU General Public License v2 |
| 3 |
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sguil-sensor/sguil-sensor-0.6.1.ebuild,v 1.4 2012/06/12 03:07:34 zmedico Exp $ |
| 4 |
|
| 5 |
inherit eutils user |
| 6 |
|
| 7 |
MY_PV="${PV/_p/p}" |
| 8 |
DESCRIPTION="Sensor part of sguil Network Security Monitoring" |
| 9 |
HOMEPAGE="http://sguil.sourceforge.net" |
| 10 |
SRC_URI="mirror://sourceforge/sguil/sguil-sensor-${MY_PV}.tar.gz" |
| 11 |
|
| 12 |
LICENSE="QPL" |
| 13 |
SLOT="0" |
| 14 |
KEYWORDS="~x86" |
| 15 |
IUSE="" |
| 16 |
|
| 17 |
DEPEND=">=dev-lang/tcl-8.3" |
| 18 |
RDEPEND="${DEPEND} |
| 19 |
>=dev-tcltk/tclx-8.3 |
| 20 |
>=net-analyzer/snort-2.4.1-r1 |
| 21 |
>=net-analyzer/barnyard-0.2.0-r1 |
| 22 |
net-analyzer/sancp |
| 23 |
dev-ml/pcre-ocaml" |
| 24 |
|
| 25 |
S="${WORKDIR}/sguil-${MY_PV}" |
| 26 |
|
| 27 |
pkg_setup() { |
| 28 |
if built_with_use dev-lang/tcl threads ; then |
| 29 |
eerror |
| 30 |
eerror "Sguil does not run when tcl was built with threading enabled." |
| 31 |
eerror "Please rebuild tcl without threads and reemerge this ebuild." |
| 32 |
eerror |
| 33 |
die |
| 34 |
fi |
| 35 |
|
| 36 |
if ! built_with_use net-analyzer/snort sguil ; then |
| 37 |
eerror |
| 38 |
eerror "You need to emerge snort with 'sguil' USE flag to get" |
| 39 |
eerror "the full sguil functionality" |
| 40 |
eerror |
| 41 |
die |
| 42 |
fi |
| 43 |
enewgroup sguil |
| 44 |
enewuser sguil -1 -1 /var/lib/sguil sguil |
| 45 |
} |
| 46 |
|
| 47 |
src_unpack() { |
| 48 |
unpack ${A} |
| 49 |
cd ${S}/sensor |
| 50 |
sed -i -e 's:192.168.8.1:127.0.0.1:' -e "s:gateway:${HOSTNAME}:" \ |
| 51 |
-e 's:/snort_data:/var/lib/sguil:' -e 's:DAEMON 0:DAEMON 1:' \ |
| 52 |
-e 's:DEBUG 1:DEBUG 0:g' sensor_agent.conf || die "sed failed" |
| 53 |
sed -i -e 's:/var/run/sensor_agent.pid:/var/run/sguil/sensor.pid:' \ |
| 54 |
sensor_agent.tcl || die "sed failed" |
| 55 |
} |
| 56 |
|
| 57 |
src_install() { |
| 58 |
|
| 59 |
dodoc doc/* |
| 60 |
|
| 61 |
dobin sensor/sensor_agent.tcl |
| 62 |
|
| 63 |
newinitd "${FILESDIR}/log_packets.initd" log_packets |
| 64 |
newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent |
| 65 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
| 66 |
insinto /etc/sguil |
| 67 |
doins sensor/sensor_agent.conf |
| 68 |
|
| 69 |
# Create the directory structure |
| 70 |
diropts -g sguil -o sguil |
| 71 |
keepdir /var/lib/sguil /var/run/sguil /var/lib/sguil/archive \ |
| 72 |
"/var/lib/sguil/${HOSTNAME}" \ |
| 73 |
"/var/lib/sguil/${HOSTNAME}/portscans" \ |
| 74 |
"/var/lib/sguil/${HOSTNAME}/ssn_logs" \ |
| 75 |
"/var/lib/sguil/${HOSTNAME}/dailylogs" \ |
| 76 |
"/var/lib/sguil/${HOSTNAME}/sancp" |
| 77 |
|
| 78 |
} |
| 79 |
|
| 80 |
pkg_postinst() { |
| 81 |
elog |
| 82 |
elog "You should check /etc/sguil/sensor_agent.conf and" |
| 83 |
elog "/etc/init.d/logpackets and ensure that they are accurate" |
| 84 |
elog "for your environment. They should work providing that you" |
| 85 |
elog "are running the sensor on the same machine as the server." |
| 86 |
elog "This ebuild assumes that you are running a single sensor" |
| 87 |
elog "environment, if this is not the case then you must make sure" |
| 88 |
elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." |
| 89 |
elog "You should crontab the /etc/init.d/log_packets script to restart" |
| 90 |
elog "each hour." |
| 91 |
elog |
| 92 |
} |
Parent Directory
| 
Revision Log