diff options
| author |   Conrad Kostecki <conikost@gentoo.org> | 2021-07-12 23:45:22 +0200 |
|---|---|---|
| committer | Conrad Kostecki <conikost@gentoo.org> | 2021-07-13 22:54:39 +0200 |
| commit | a746169e7af3299d97deaf1c86f01a4abebd00cb (patch) | |
| tree | 94dae96897db5407c037bb0460deb1c2e3293aa6 /net-analyzer/sguil-sensor | |
| parent | net-analyzer/scanlogd: drop old version (diff) | |
| download | gentoo-a746169e7af3299d97deaf1c86f01a4abebd00cb.tar.gz gentoo-a746169e7af3299d97deaf1c86f01a4abebd00cb.tar.bz2 gentoo-a746169e7af3299d97deaf1c86f01a4abebd00cb.zip | |
net-analyzer/sguil-sensor: migrate to GLEP 81
Bug: https://bugs.gentoo.org/781359
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Diffstat (limited to 'net-analyzer/sguil-sensor')
| -rw-r--r-- | net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r2.ebuild | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r2.ebuild b/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r2.ebuild new file mode 100644 index 000000000000..d783b8e9738b --- /dev/null +++ b/net-analyzer/sguil-sensor/sguil-sensor-1.0.0-r2.ebuild @@ -0,0 +1,81 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +MY_PV="${PV/_p/p}" +DESCRIPTION="Sensor part of sguil Network Security Monitoring" +HOMEPAGE="https://github.com/bammv/sguil" +SRC_URI="https://github.com/bammv/sguil/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz" +S="${WORKDIR}/sguil-${MY_PV}" + +LICENSE="GPL-3 GPL-2+ QPL-1.0 GPL-2" # GPL-2 for init script +SLOT="0" +KEYWORDS="~amd64 ~x86" + +DEPEND=" + acct-group/sguil + acct-user/sguil +" + +RDEPEND=" + ${DEPEND} + >=dev-lang/tcl-8.3:0=[-threads] + >=dev-tcltk/tclx-8.3 + dev-tcltk/tls + >=net-analyzer/barnyard-0.2.0-r1 + >=net-analyzer/snort-2.4.1-r1 + dev-ml/pcre-ocaml + net-analyzer/sancp +" + +src_prepare() { + default + + sed -i \ + -e "s:gateway:${HOSTNAME}:" \ + -e 's:/snort_data:/var/lib/sguil:' \ + -e 's:DAEMON 0:DAEMON 1:' \ + -e 's:DEBUG 1:DEBUG 0:g' \ + sensor/sensor_agent.conf || die + + sed -i \ + -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ + sensor/sensor_agent.tcl || die +} + +src_install() { + dodoc doc/* + + dobin sensor/sensor_agent.tcl + + newinitd "${FILESDIR}/log_packets.initd" log_packets + newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent + newconfd "${FILESDIR}/log_packets.confd" log_packets + insinto /etc/sguil + doins sensor/sensor_agent.conf + + # Create the directory structure + diropts -g sguil -o sguil + keepdir /var/lib/sguil/archive \ + "/var/lib/sguil/${HOSTNAME}" \ + "/var/lib/sguil/${HOSTNAME}/portscans" \ + "/var/lib/sguil/${HOSTNAME}/ssn_logs" \ + "/var/lib/sguil/${HOSTNAME}/dailylogs" \ + "/var/lib/sguil/${HOSTNAME}/sancp" + +} + +pkg_postinst() { + elog + elog "You should check /etc/sguil/sensor_agent.conf and" + elog "/etc/init.d/logpackets and ensure that they are accurate" + elog "for your environment. They should work providing that you" + elog "are running the sensor on the same machine as the server." + elog "This ebuild assumes that you are running a single sensor" + elog "environment, if this is not the case then you must make sure" + elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." + elog "You should crontab the /etc/init.d/log_packets script to restart" + elog "each hour." + elog +} |