Lines 4-10
Link Here
|
4 |
|
4 |
|
5 |
EAPI=5 |
5 |
EAPI=5 |
6 |
|
6 |
|
7 |
inherit user |
7 |
inherit eutils user systemd |
8 |
|
8 |
|
9 |
MY_PV="${PV/_p/p}" |
9 |
MY_PV="${PV/_p/p}" |
10 |
DESCRIPTION="Sensor part of sguil Network Security Monitoring" |
10 |
DESCRIPTION="Sensor part of sguil Network Security Monitoring" |
Lines 33-38
Link Here
|
33 |
} |
33 |
} |
34 |
|
34 |
|
35 |
src_prepare() { |
35 |
src_prepare() { |
|
|
36 |
epatch "${FILESDIR}/0.9.0_log_packets.patch" |
37 |
|
36 |
local -a CONFIG_FILES=( |
38 |
local -a CONFIG_FILES=( |
37 |
sensor/pads_agent.conf |
39 |
sensor/pads_agent.conf |
38 |
sensor/pcap_agent.conf |
40 |
sensor/pcap_agent.conf |
Lines 70-75
Link Here
|
70 |
newinitd "${FILESDIR}/snort_agent.initd" snort_agent |
72 |
newinitd "${FILESDIR}/snort_agent.initd" snort_agent |
71 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
73 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
72 |
|
74 |
|
|
|
75 |
systemd_dounit "${FILESDIR}/pads_agent.service" |
76 |
systemd_dounit "${FILESDIR}/pcap_agent.service" |
77 |
systemd_dounit "${FILESDIR}/snort_agent.service" |
78 |
systemd_dounit "${FILESDIR}/log_packets.service" |
79 |
systemd_dounit "${FILESDIR}/log_packets_rotate.timer" |
80 |
systemd_dounit "${FILESDIR}/log_packets_rotate.service" |
81 |
systemd_newtmpfilesd "${FILESDIR}/systemd-tmpfiles.conf" "sguil-sensor.conf" |
82 |
|
73 |
insinto /etc/sguil |
83 |
insinto /etc/sguil |
74 |
doins sensor/pads_agent.conf |
84 |
doins sensor/pads_agent.conf |
75 |
doins sensor/snort_agent.conf |
85 |
doins sensor/snort_agent.conf |
Lines 79-92
Link Here
|
79 |
|
89 |
|
80 |
dobin sensor/sancp_agent.tcl |
90 |
dobin sensor/sancp_agent.tcl |
81 |
newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl |
91 |
newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl |
|
|
92 |
newbin sensor/log_packets-sancp.sh log_packets.sh |
82 |
|
93 |
|
83 |
newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent |
94 |
newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent |
|
|
95 |
systemd_dounit "${FILESDIR}/sancp_agent.service" |
84 |
|
96 |
|
85 |
insinto /etc/sguil |
97 |
insinto /etc/sguil |
86 |
doins sensor/sancp_agent.conf |
98 |
doins sensor/sancp_agent.conf |
87 |
doins sensor/sancp-indexed.conf |
99 |
doins sensor/sancp-indexed.conf |
88 |
newins sensor/pcap_agent-sancp.conf pcap_agent.conf |
100 |
newins sensor/pcap_agent-sancp.conf pcap_agent.conf |
89 |
else |
101 |
else |
|
|
102 |
dobin sensor/log_packets.sh |
90 |
dobin sensor/pcap_agent.tcl |
103 |
dobin sensor/pcap_agent.tcl |
91 |
|
104 |
|
92 |
insinto /etc/sguil |
105 |
insinto /etc/sguil |
Lines 115-126
Link Here
|
115 |
elog |
128 |
elog |
116 |
elog "If you use openrc as your init, you should crontab the" |
129 |
elog "If you use openrc as your init, you should crontab the" |
117 |
elog "/etc/init.d/log_packets script to restart each hour." |
130 |
elog "/etc/init.d/log_packets script to restart each hour." |
|
|
131 |
elog "If you are using systemd, The log_packets.service unit" |
132 |
elog "will automatically start a timer unit to do that job," |
133 |
elog "so you don't need to manually setup a cron job." |
118 |
elog |
134 |
elog |
119 |
elog "As of version 0.9.0 the former sguil_agent has been split up" |
135 |
elog "As of version 0.9.0 the former sguil_agent has been split up" |
120 |
elog "into multiple agents. If you are upgrading, you must review" |
136 |
elog "into multiple agents. If you are upgrading, you must review" |
121 |
elog "the agent config files in /etc/sguil and enable some or all" |
137 |
elog "the agent config files in /etc/sguil and enable some or all" |
122 |
elog "of the following init scripts / systemd units:" |
138 |
elog "of the following init scripts / systemd units:" |
123 |
elog |
139 |
elog |
|
|
140 |
elog "openrc:\t\t\tsystemd:" |
141 |
elog "/etc/init.d/pads_agent\tpads_agent.service" |
142 |
elog "/etc/init.d/pcap_agent\tpcap_agent.service" |
143 |
use sancp && elog "/etc/init.d/sancp_agent\tsancp_agent.service" |
144 |
elog "/etc/init.d/snort_agent\tsnort_agent.service" |
145 |
elog "/etc/init.d/log_packets\tlog_packets.service" |
146 |
elog |
124 |
elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2" |
147 |
elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2" |
125 |
elog "to learn about the interaction between the different agents" |
148 |
elog "to learn about the interaction between the different agents" |
126 |
elog "and how to set up a working sguil stack." |
149 |
elog "and how to set up a working sguil stack." |