# Copyright 1999-2005 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 DESCRIPTION="Advanced file integrity and intrusion detection tool" HOMEPAGE="http://la-samhna.de/samhain/" SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~x86" IUSE="debug static postgres mysql prelude crypt xml netclient netserver suidcheck login-watch" DEPEND="crypt? ( >=app-crypt/gnupg-1.2* ) postgres? ( >=dev-db/postgresql-7.2 ) mysql? ( >=dev-db/mysql-3.23.26 ) prelude? ( >=dev-libs/libprelude-0.8.10 ) >=sys-apps/sed-4 app-arch/tar app-arch/gzip" # Samhain stealth mode options # # If you would like to enable stealth mode, please set and uncomment the # following options. Read the Samhain manual for additional information. # # STEALTH should be set to either 'full' or 'micro' (mandatory) #STEALTH="" # # XOR_VAL should be a whole number from 127 - 255 (mandatory) #XOR_VAL= # # INSTALL_NAME can be set to change the name of the samhain binaries (optional) #INSTALL_NAME="" if [ "${STEALTH}" == "full" ]; then RDEPEND="media-gfx/imagemagick" fi src_unpack() { unpack ${A} tar zxf samhain-${PV}.tar.gz chown -R root:root samhain-${PV} } src_compile() { local myconf if use crypt; then myconf="${myconf} --with-gpg=/usr/bin/gpg" if [ -n "${KEY_FPR}" ]; then einfo "Setting built-in key fingerprint to ${KEY_FPR}" FPR=`echo ${KEY_FPR} | sed "s/ //g"` myconf="${myconf} --with-fp=${FPR}" fi fi if [ -n "${STEALTH}" ]; then [ -z "${XOR_VALUE}" ] && die "Variable XOR_VALUE must be set for stealth mode" echo einfo "Enabling stealth mode, setting XOR_VALUE to ${XOR_VALUE}" if [ "${STEALTH}" == "full" ]; then myconf="${myconf} --enable-stealth=${XOR_VALUE} --enable-static" sed -i "s:STEGIN=@stegin_prg@:STEGIN=:g" samhain-install.sh.in elif [ "${STEALTH}" == "micro" ]; then myconf="${myconf} --enable-micro-stealth=${XOR} --enable-static" else die "STEALTH must be set to either 'full' or 'micro'" fi sleep 3 if [ -n "${INSTALL_NAME}" ]; then echo ewarn "Setting alternative samhain name to ${INSTALL_NAME}" myconf="${myconf} --enable-install-name=${INSTALL_NAME}" sleep 3 fi fi use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log" use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log" use prelude && myconf="${myconf} --with-prelude" use xml && myconf="${myconf} --enable-xml-log" use static && myconf="${myconf} --enable-static" use debug && myconf="${myconf} --enable-debug" use suidcheck && myconf="${myconf} --enable-suidcheck" use netclient && myconf="${myconf} --enable-network=client" use netserver && myconf="${myconf} --enable-network=server" use login-watch && myconf="${myconf} --enable-login-watch" myconf="${myconf} --localstatedir=/var" econf ${myconf} || die "configure failed" make || die "compile failed" # this is done two times in order to compute gpg binary checksum if gpg # support is enabled if use crypt; then econf ${myconf} || die "second configure failed" make || die "second compile failed" fi } src_install() { make DESTDIR=${D} install || die rmdir ${D}/var/log rmdir ${D}/var/run rmdir ${D}/var/state if [ -n "${STEALTH}" ]; then rm -rf ${D}/usr/share else dodoc COPYING LICENSE docs/BUGS docs/MANUAL* docs/README* docs/TODO docs/*.txt dohtml docs/*.html docinto scripts dodoc scripts/* insinto /etc insopts -m0600 newins samhainrc.linux samhainrc exeinto /etc/init.d newexe init/samhain.startGentoo samhain fi if use netserver; then chown daemon:daemon ${D}/var/lib/yule chown daemon:daemon ${D}/var/log/yule fi } pkg_postinst() { if [ -n "${STEALTH}" ]; then echo einfo "Manual pages, documentation, and init script were NOT installed in order to" einfo "obscure samhain's presence. You should also remove samhain's installation" einfo "traces from /var/cache/edb/world and /var/db/pkg." fi if [ "${STEALTH}" == "full" ]; then echo einfo "In stealth mode, the configuration file must be steganographically hidden" einfo "in a postscript image file. The sample config has been created this way by" einfo "the installation process. Use the samhain_stealth utility to modify or" einfo "or create your own configuration file." fi if [ -z "${KEY_FPR}" ]; then echo ewarn "GnuPG support has been enabled, but fingerprint verification will be" ewarn "ignored. To enable fingerprint verification (strongly recommended)," ewarn "you must re-emerge this package with the KEY_FPR variable set to" ewarn "your default signing key fingerprint." ewarn "" ewarn "Please read the Samhain manual for more details." echo einfo "Enabling GnuPG support in Samhain requires that you sign your configuration" einfo "and and database files. Please run the following commands as root:" einfo "" einfo " gpg -a --clearsign --not-dash-escaped /etc/samhainrc" einfo " mv /etc/samhainrc.asc /etc/samhainrc" einfo " chmod 600 /etc/samhainrc" einfo "" einfo "Run the same commands on /var/lib/samhain/samhain_file after initialization." sleep 3 fi echo einfo "Be sure to check your settings in /etc/samhainrc. When ready, run:" einfo " samhain -t init" einfo "to initialize Samhain." echo einfo "Samhain stealth-mode options are also available. Please view the comments" einfo "in the Samhein ebuild for configuration instructions." echo } pkg_prerm() { test -f /etc/init.d/samhain && /etc/init.d/samhain stop && rc-update del samhain }