# Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 DESCRIPTION="Advanced file integrity and intrusion detection tool" HOMEPAGE="http://la-samhna.de/samhain/" SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="x86 ppc" IUSE="debug static postgres mysql crypt xml samhain-suidcheck samhain-netclient samhain-netserver samhain-netconf samhain-netdb" DEPEND="crypt? ( >=app-crypt/gnupg-1.2* ) postgres? ( >=dev-db/postgresql-7.2 ) mysql? ( >=dev-db/mysql-3.23.26 ) >=sys-apps/sed-4" ENVDIR="/etc/env.d" ENVDFILE="80samhain" MYTMPDIR=${WORKDIR}/tmp TMPENVFILE="${MYTMPDIR}/${ENVDFILE}" samhain_variable_setup() { local samhainvars samhainvars="$(set | egrep "^SAMHAIN_" | xargs)" echo einfo "Current settings: ${samhainvars}" echo [ -z "${SAMHAIN_KEYFINGERPRINT}" ] && SAMHAIN_KEYFINGERPRINT= [ -z "${SAMHAIN_NAME}" ] && SAMHAIN_NAME= [ -z "${SAMHAIN_XOR}" ] && SAMHAIN_XOR= [ -z "${SAMHAIN_SERVER}" ] && SAMHAIN_SERVER= if [ -f "${ENVDIR}/${ENVDFILE}" ]; then einfo "Reading ${ENVDIR}/${ENVDFILE}" eval $(egrep "^SAMHAIN_" ${ENVDIR}/${ENVDFILE}) echo fi [ -n "${samhainvars}" ] && eval `echo "${samhainvars}"` } src_unpack() { unpack ${A} cd ${WORKDIR} tar -xvzf ${P}.tar.gz > /dev/null samhain_variable_setup mkdir -p ${WORKDIR}/files ${MYTMPDIR} set | egrep "^SAMHAIN_" > ${TMPENVFILE} } src_compile() { [ ! -f "${TMPENVFILE}" ] && die "Variable setting file ${TMPENVFILE} should exist!" source ${TMPENVFILE} local myconf if [ `use crypt` ] ; then echo ewarn "You are installing samhain with the 'crypt' USE flag on. This has enabled" ewarn "gpg support and configuration file signing in the building process." ewarn "This will fail if you haven't a default signing key configured in gpg!" ewarn "For security reasons it's recommended to compile in the key fingerprint of" ewarn "the signature key which then will be verified after checking the signature" ewarn "itself. Remember to remove all secret keys after installation!" ewarn "" ewarn "Please read the full documentation for more details." echo sleep 3 echo "Setting built-in key fingerprint to ${SAMHAIN_KEYFINGERPRINT}" [ ! -n "${SAMHAIN_KEYFINGERPRINT}" ] && die "Variable SAMHAIN_KEYFINGERPRINT must exist!" echo SAMHAIN_KEYFINGERPRINT=`echo ${SAMHAIN_KEYFINGERPRINT} | sed "s/ //g"` myconf="${myconf} --with-fp=${SAMHAIN_KEYFINGPRINT}" fi if [ -n "${SAMHAIN_NAME}" ] ; then echo ewarn "You are installing samhain with the SAMHAIN_NAME variable specified. This will be" ewarn "the new name for the samhain binary, configurations file and paths." ewarn "Choose something not to noticeable that would look like a normal system process." echo echo "Setting alternative samhain name to ${SAMHAIN_NAME}" echo ; sleep 2 myconf="${myconf} --enable-install-name=${SAMHAIN_NAME}" fi if [ -n "${SAMHAIN_XOR}" ] ; then echo ewarn "You are installing samhain with the SAMHAIN_XOR variable specified. This will" ewarn "enable a series of measures to effectively hide the process to local users." echo ewarn "You will be now prompted for a XORing value for log obfuscation, please input a value" ewarn "between 128 and 255. Please read the full documentation for details." echo ; sleep 2 echo "Setting XORing value to ${SAMHAIN_XOR}" echo myconf="${myconf} --enable-stealth=${SAMHAIN_XOR} --enable-static" test -f /usr/bin/convert || { sed -i "s:STEGIN=@stegin_prg@:STEGIN=:g" samhain-install.sh.in ewarn "The imagemagick 'convert' utility has not been found, the sample configuration file won't be" ewarn "steganohraphically hidden as required! Please read the full documentation for details." echo ; sleep 5 } fi use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log" use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log" use crypt && myconf="${myconf} --with-gpg=/usr/bin/gpg" use xml && myconf="${myconf} --enable-xml-log" use static && myconf="${myconf} --enable-static" use debug && myconf="${myconf} --enable-debug" use samhain-suidcheck && myconf="${myconf} --enable-suidcheck" use samhain-netclient && myconf="${myconf} --enable-network=client" use samhain-netserver && myconf="${myconf} --enable-network=server" use samhain-netconf && myconf="${myconf} --with-config-file=REQ_FROM_SERVER" use samhain-netdb && myconf="${myconf} --with-data-file=REQ_FROM_SERVER/var/state/data.fs" if [ `use samhain-netconf` ] ; then echo ewarn "You are installing samhain with remote configuration file download." ewarn "You will be now prompted for the IP address of the remote server." echo ; sleep 2 echo "Setting server IP address to ${SAMHAIN_SERVER}" [ ! -n "${SAMHAIN_SERVER}" ] && die "Variable SAMHAIN_SERVER must exist!" echo myconf="${myconf} --with-logserver=${SAMHAIN_SERVER}" fi ./configure \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ --mandir=/usr/share/man ${myconf} || die "bad configure" make || die "compile problem" # this is done two times in order to compute gpg binary checksum if gpg support # is enabled if [ `use crypt` ] ; then ./configure \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ --mandir=/usr/share/man ${myconf} || die "bad configure" make || die "compile problem" fi } src_install() { [ ! -f "${TMPENVFILE}" ] && die "Variable setting file ${TMPENVFILE} should exist!" source ${TMPENVFILE} make DESTDIR=${D} install || die rmdir ${D}/var/log rmdir ${D}/var/run rmdir ${D}/var/state einfo "Building environment file" echo "# These settings are what was present in the environment when this" >>${WORKDIR}/files/${ENVDFILE} echo "# Samhain was compiled. Changing anything below this comment will" >>${WORKDIR}/files/${ENVDFILE} echo "# have no effect on your application, but it merely exists to" >>${WORKDIR}/files/${ENVDFILE} echo "# preserve them for your next emerge of Samhain" >>${WORKDIR}/files/${ENVDFILE} cat ${TMPENVFILE} | sed "s,=\$,='',g" >>${WORKDIR}/files/${ENVDFILE} if [ ! -n "${SAMHAIN_NAME}" ] && [ ! -n "${SAMHAIN_XOR}" ] ; then einfo "Installing environment config file" insinto /etc/env.d doins ${WORKDIR}/files/${ENVDFILE} fi if [ -n "${SAMHAIN_NAME}" ] || [ -n "${SAMHAIN_XOR}" ] ; then rm -rf ${D}/usr/share else dodoc docs/* exeinto /etc/init.d ; newexe init/samhain.startGentoo samhain fi chown daemon.daemon ${D}/var/lib/yule chown daemon.daemon ${D}/var/log/yule } pkg_postinst() { echo ewarn "Remember to check your configuration file in /etc/samhainrc and initialize" ewarn "the database with '/usr/sbin/samhain -t init' before starting the service!" if [ `use samhain-netdb` ] ; then ewarn "The temporary db file path is /var/state/data.fs, after initialization copy the" ewarn "file to the logging server." fi echo if [ -n "${SAMHAIN_NAME}" ] || [ -n "${SAMHAIN_XOR}" ] ; then ewarn "Manual pages, documentation and init script were NOT installed in order to obscuring" ewarn "samhain presence, you should remove as well samhain ebuild installation traces from" ewarn "/var/cache/edb/world and /var/db/pkg." ewarn "" ewarn "Please remember that security based entirely on obscurity is not a good thing." fi if [ -n "${SAMHAIN_XOR}" ] ; then echo ewarn "In stealth mode the configuration file must be steganographically hidden in a postcript" ewarn "image file, the sample config has been created this way by the installation process." ewarn "For modifying and creating your own steganographically hidden configuration file use the" ewarn "samhain_stealth utility." ewarn "" fi echo }