summaryrefslogtreecommitdiff
blob: 80517256d84dc4d22358f9040d9879a789169bbf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-2.1.7.ebuild,v 1.5 2010/12/21 13:52:48 klausman Exp $

inherit eutils perl-app

IUSE=""

DESCRIPTION="Port Scanning Attack Detection daemon"
SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
HOMEPAGE="http://www.cipherdyne.org/psad"

SLOT="0"
LICENSE="GPL-2"
KEYWORDS="alpha amd64 ppc ~sparc x86"

DEPEND="${DEPEND}
	dev-lang/perl"

RDEPEND="virtual/logger
	dev-perl/Unix-Syslog
	dev-perl/Date-Calc
	virtual/mailx
	net-firewall/iptables
	net-misc/whois"

src_compile() {
	cd "${S}"/deps/Net-IPv4Addr
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd "${S}"/deps/IPTables-Parse
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd "${S}"/deps/IPTables-ChainMgr
	SRC_PREP="no" perl-module_src_compile
	emake test

	cd "${S}"
	# We'll use the C binaries
	emake || die "Make failed: daemons"
}

src_install() {
	local myhostname=
	local mydomain=

	doman *.8

	keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN}
	dodir /etc/psad

	cd "${S}"/deps/Net-IPv4Addr
	perl-module_src_install

	cd "${S}"/deps/IPTables-ChainMgr
	perl-module_src_install

	cd "${S}"/deps/IPTables-Parse
	perl-module_src_install

	cd "${S}"
	insinto /usr
	dosbin kmsgsd psad psadwatchd
	newsbin fwcheck_psad.pl fwcheck_psad
	newbin pscan psad-pscan

	cd "${S}"

	insinto /etc/psad
	doins *.conf
	doins psad_*
	doins auto_dl icmp_types ip_options posf signatures pf.os

	cd "${S}"/init-scripts
	newinitd psad-init.gentoo psad

	cd "${S}"/deps/snort_rules
	dodir /etc/psad/snort_rules
	insinto /etc/psad/snort_rules
	doins *.rules

	cd "${S}"
	dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG
}

pkg_preinst() {
	cd "${S}"

	# Set sane defaults in config file.
	fix_psad_conf
}

pkg_postinst() {
	if [ ! -p "${ROOT}"/var/lib/psad/psadfifo ]
	then
		ebegin "Creating syslog FIFO for PSAD"
		mknod -m 600 "${ROOT}"/var/lib/psad/psadfifo p
		eend $?
	fi

	echo
	elog "Please be sure to edit /etc/psad/psad.conf to reflect your system's"
	elog "configuration or it may not work correctly or start up. Specifically, check"
	elog "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES and"
	elog "HOME_NET settings at the least."
	elog
	if has_version ">=app-admin/syslog-ng-0.0.0"
	then
		ewarn "You appear to have installed syslog-ng. If you are using syslog-ng as your"
		ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
		ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
		ewarn "		SYSLOG_DAEMON	syslog-ng;"
		ewarn
	fi
	if has_version ">=app-admin/sysklogd-0.0.0"
	then
		elog "You have sysklogd installed. If this is your default system logger, no"
		elog "special configuration is needed. If it is not, please set SYSLOG_DAEMON"
		elog "in /etc/psad/psad.conf accordingly."
		elog
	fi
	if has_version ">=app-admin/metalog-0.0"
	then
		ewarn "You appear to have installed metalog. If you are using metalog as your"
		ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
		ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
		ewarn "		SYSLOG_DAEMON	metalog"
	fi

	ewarn "NOTE: You need firewall rules to log dropped packets. Otherwise PSAD will"
	ewarn "not be aware of any port scan attacks. Please see FW_EXAMPLE_RULES in the"
	ewarn "psad documentation directory (ie /usr/share/doc/${P}) for the criteria and"
	ewarn "sample rules."
}

fix_psad_conf() {
	cp psad.conf psad.conf.orig

	# Ditch the _CHANGEME_ for hostname, substituting in our real hostname
	[ -e /etc/hostname ] && myhostname="$(< /etc/hostname)"
	[ "${myhostname}" == "" ] && myhostname="$HOSTNAME"
	mydomain=".$(grep ^domain /etc/resolv.conf | cut -d" " -f2)"
	sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "fix_psad_conf failed"

	# Fix up paths
	sed -i "s:/sbin/syslogd:/usr/sbin/syslogd:g" psad.conf || die "fix_psad_conf failed"
	sed -i "s:/sbin/syslog-ng:/usr/sbin/syslog-ng:g" psad.conf || die "fix_psad_conf failed"
	sed -i "s:/usr/bin/whois_psad:/usr/bin/whois:g" psad.conf || die "fix_psad_conf failed"
}