# Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 DESCRIPTION="Advanced file integrity and intrusion detection tool" HOMEPAGE="http://la-samhna.de/samhain/" SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~sparc" IUSE="debug static postgres mysql crypt xml samhain-suidcheck samhain-netclient samhain-netserver samhain-netconf samhain-netdb samhain-stealth samhain-microstealth samhain-newname" DEPEND="crypt? ( >=app-crypt/gnupg-1.2* ) postgres? ( >=dev-db/postgresql-7.2 ) mysql? ( >=dev-db/mysql-3.23.26 ) samhain-stealth? ( media-gfx/imagemagick ) >=sys-apps/sed-4" src_unpack() { unpack ${A} cd ${S} tar zvxf samhain-${PV}.tar.gz chown -R root.root samhain-${PV} } src_compile() { local myconf if use crypt; then ewarn "You are installing samhain with the 'crypt' USE flag on. This has enabled" ewarn "gpg support and configuration file signing in the building process." ewarn "This will fail if you haven't a default signing key configured in gpg!" ewarn "For security reasons it's recommended to compile in the key fingerprint of" ewarn "the signature key which then will be verified after checking the signature" ewarn "itself. Remember to remove all secret keys after installation!" ewarn "" ewarn "Please read the full documentation for more details." [ -z "${SAMHAIN_KEYFINGERPRINT}" ] && die "Variable SAMHAIN_KEYFINGERPRINT must exist!" sleep 3 einfo "Setting built-in key fingerprint to ${SAMHAIN_KEYFINGERPRINT}" SAMHAIN_KEYFINGERPRINT=`echo ${SAMHAIN_KEYFINGERPRINT} | sed "s/ //g"` myconf="${myconf} --with-fp=${SAMHAIN_KEYFINGPRINT}" fi if use samhain-newname; then ewarn "You are installing samhain with the SAMHAIN_NAME variable specified. This will be" ewarn "the new name for the samhain binary, configurations file and paths." ewarn "Choose something not to noticeable that would look like a normal system process." einfo "Setting alternative samhain name to ${SAMHAIN_NAME}" [ -z "${SAMHAIN_NAME}" ] && die "Variable SAMHAIN_NAME must exist!" sleep 3 myconf="${myconf} --enable-install-name=${SAMHAIN_NAME}" fi if use samhain-stealth || use samhain-microstealth; then ewarn "You are installing samhain with the with stealth mode turned on. This will" ewarn "enable a series of measures to effectively hide the process to local users." ewarn "The environment variable SAMHAIN_XOR should contain a XORing value for log" ewarn "obfuscation, please input a value between 128 and 255." ewarn "Please read the full documentation for details." [ -z "${SAMHAIN_XOR}" ] && die "Variable SAMHAIN_XOR must exist!" sleep 3 einfo "Setting XORing value to ${SAMHAIN_XOR}" if use samhain-stealth; then myconf="${myconf} --enable-stealth=${SAMHAIN_XOR} --enable-static" sed -i "s:STEGIN=@stegin_prg@:STEGIN=:g" samhain-install.sh.in elif use samhain-microstealth; then myconf="${myconf} --enable-micro-stealth=${SAMHAIN_XOR} --enable-static" fi sleep 3 fi if use samhain-netconf || use samhain-netdb; then if use samhain-netconf; then ewarn "You are installing samhain with remote configuration file download." fi if use samhain-netdb; then ewarn "You are installing samhain with remote database storage." fi ewarn "The variable SAMHAIN_SERVER should contain the IP address of the remote server." [ ! -n "${SAMHAIN_SERVER}" ] && die "Variable SAMHAIN_SERVER must exist!" sleep 3 einfo "Setting server IP address to ${SAMHAIN_SERVER}" myconf="${myconf} --with-logserver=${SAMHAIN_SERVER}" fi use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log" use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log" use crypt && myconf="${myconf} --with-gpg=/usr/bin/gpg" use xml && myconf="${myconf} --enable-xml-log" use static && myconf="${myconf} --enable-static" use debug && myconf="${myconf} --enable-debug" use samhain-suidcheck && myconf="${myconf} --enable-suidcheck" use samhain-netclient && myconf="${myconf} --enable-network=client" use samhain-netserver && myconf="${myconf} --enable-network=server" use samhain-netconf && myconf="${myconf} --with-config-file=REQ_FROM_SERVER" use samhain-netdb && myconf="${myconf} --with-data-file=REQ_FROM_SERVER/var/state/data.fs" myconf="${myconf} --localstatedir=/var" econf ${myconf} || die "configure failed" make || die "compile failed" # this is done two times in order to compute gpg binary checksum if gpg support # is enabled if use crypt; then econf ${myconf} || die "second configure failed" make || die "second compile failed" fi } src_install() { make DESTDIR=${D} install || die rmdir ${D}/var/log rmdir ${D}/var/run rmdir ${D}/var/state if [ -n "${SAMHAIN_NAME}" ] || [ -n "${SAMHAIN_XOR}" ]; then rm -rf ${D}/usr/share else dodoc docs/* exeinto /etc/init.d newexe init/samhain.startGentoo samhain fi if use samhain-netserver; then chown daemon.daemon ${D}/var/lib/yule chown daemon.daemon ${D}/var/log/yule fi } pkg_postinst() { einfo "Remember to check your configuration file in /etc/samhainrc and initialize" einfo "the database with '/usr/sbin/samhain -t init' before starting the service!" if use samhain-netdb; then einfo "The temporary db file path is /var/state/data.fs, after initialization copy the" einfo "file to the logging server." fi if [ -n "${SAMHAIN_NAME}" ] || [ -n "${SAMHAIN_XOR}" ]; then einfo "Manual pages, documentation and init script were NOT installed in order to obscure" einfo "samhain presence. You should remove as well samhain ebuild installation traces from" einfo "/var/cache/edb/world and /var/db/pkg." ewarn "Please remember that security based entirely on obscurity is not a good thing." fi if [ -n "${SAMHAIN_XOR}" ]; then einfo "In stealth mode the configuration file must be steganographically hidden in a postcript" einfo "image file, the sample config has been created this way by the installation process." einfo "For modifying and creating your own steganographically hidden configuration file use the" einfo "samhain_stealth utility." fi echo }