|
Lines 33-59
Link Here
|
| 33 |
} |
33 |
} |
| 34 |
|
34 |
|
| 35 |
src_prepare() { |
35 |
src_prepare() { |
| 36 |
sed -i \ |
36 |
sed -i -r \ |
| 37 |
-e "s:gateway:${HOSTNAME}:" \ |
37 |
-e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \ |
| 38 |
-e 's:/snort_data:/var/lib/sguil:' \ |
38 |
-e 's:/snort_data:/var/lib/sguil:' \ |
|
|
39 |
-e 's:/nsm:/var/lib/sguil:' \ |
| 39 |
-e 's:DAEMON 0:DAEMON 1:' \ |
40 |
-e 's:DAEMON 0:DAEMON 1:' \ |
| 40 |
-e 's:DEBUG 1:DEBUG 0:g' \ |
41 |
-e 's:DEBUG 1:DEBUG 0:g' \ |
| 41 |
sensor/sensor_agent.conf || die |
42 |
sensor/pads_agent.conf \ |
|
|
43 |
sensor/pcap_agent.conf \ |
| 44 |
sensor/pcap_agent-sancp.conf \ |
| 45 |
sensor/sancp_agent.conf \ |
| 46 |
sensor/snort_agent.conf \ |
| 47 |
|| die |
| 48 |
|
| 42 |
sed -i \ |
49 |
sed -i \ |
| 43 |
-e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ |
50 |
-e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ |
| 44 |
sensor/sensor_agent.tcl || die |
51 |
sensor/sensor_agent.tcl || die |
|
|
52 |
# sensor_agent.pid is not a typo here, but copy&paste error in source code |
| 53 |
sed -i \ |
| 54 |
-e 's:/var/run/sensor_agent.pid:/run/sguil-pads-agent.pid:' \ |
| 55 |
sensor/pads_agent.tcl || die |
| 56 |
sed -i \ |
| 57 |
-e 's:/var/run/pcap_agent.pid:/run/sguil-pcap-agent.pid:' \ |
| 58 |
sensor/pcap_agent.tcl || die |
| 59 |
# pcap_agent.pid is not a typo here, but copy&paste error in source code |
| 60 |
sed -i \ |
| 61 |
-e 's:/var/run/pcap_agent.pid:/run/sguil-pcap-agent-sancp.pid:' \ |
| 62 |
sensor/pcap_agent-sancp.tcl || die |
| 63 |
sed -i \ |
| 64 |
-e 's:/var/run/sancp_agent.pid:/run/sguil-sancp-agent.pid:' \ |
| 65 |
sensor/sancp_agent.tcl || die |
| 66 |
sed -i \ |
| 67 |
-e 's:/var/run/snort_agent.pid:/run/sguil-snort-agent.pid:' \ |
| 68 |
sensor/snort_agent.tcl || die |
| 45 |
} |
69 |
} |
| 46 |
|
70 |
|
| 47 |
src_install() { |
71 |
src_install() { |
| 48 |
dodoc doc/* |
72 |
dodoc doc/* |
| 49 |
|
73 |
|
| 50 |
dobin sensor/sensor_agent.tcl |
74 |
dobin sensor/sensor_agent.tcl |
|
|
75 |
dobin sensor/pads_agent.tcl |
| 76 |
dobin sensor/pcap_agent.tcl |
| 77 |
dobin sensor/pcap_agent-sancp.tcl |
| 78 |
dobin sensor/sancp_agent.tcl |
| 79 |
dobin sensor/snort_agent.tcl |
| 51 |
|
80 |
|
| 52 |
newinitd "${FILESDIR}/log_packets.initd" log_packets |
81 |
newinitd "${FILESDIR}/log_packets.initd" log_packets |
| 53 |
newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent |
82 |
newinitd "${FILESDIR}/pads_agent.initd" pads_agent |
|
|
83 |
newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent |
| 84 |
newinitd "${FILESDIR}/pcap_agent-sancp.initd" pcap_agent-sancp |
| 85 |
newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent |
| 86 |
newinitd "${FILESDIR}/snort_agent.initd" snort_agent |
| 54 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
87 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
|
|
88 |
|
| 55 |
insinto /etc/sguil |
89 |
insinto /etc/sguil |
| 56 |
doins sensor/sensor_agent.conf |
90 |
doins sensor/pads_agent.conf |
|
|
91 |
doins sensor/pcap_agent.conf |
| 92 |
doins sensor/pcap_agent-sancp.conf |
| 93 |
doins sensor/sancp_agent.conf |
| 94 |
doins sensor/snort_agent.conf |
| 57 |
|
95 |
|
| 58 |
# Create the directory structure |
96 |
# Create the directory structure |
| 59 |
diropts -g sguil -o sguil |
97 |
diropts -g sguil -o sguil |
|
Lines 68-80
Link Here
|
| 68 |
|
106 |
|
| 69 |
pkg_postinst() { |
107 |
pkg_postinst() { |
| 70 |
elog |
108 |
elog |
| 71 |
elog "You should check /etc/sguil/sensor_agent.conf and" |
109 |
elog "You should check the /etc/sguil/*_agent.conf files and" |
| 72 |
elog "/etc/init.d/logpackets and ensure that they are accurate" |
110 |
elog "/etc/init.d/logpackets and ensure that they are accurate" |
| 73 |
elog "for your environment. They should work providing that you" |
111 |
elog "for your environment. They should work providing that you" |
| 74 |
elog "are running the sensor on the same machine as the server." |
112 |
elog "are running the sensor on the same machine as the server." |
| 75 |
elog "This ebuild assumes that you are running a single sensor" |
113 |
elog "This ebuild assumes that you are running a single sensor" |
| 76 |
elog "environment, if this is not the case then you must make sure" |
114 |
elog "environment, if this is not the case then you must make sure" |
| 77 |
elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." |
115 |
elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable." |
| 78 |
elog "You should crontab the /etc/init.d/log_packets script to restart" |
116 |
elog "You should crontab the /etc/init.d/log_packets script to restart" |
| 79 |
elog "each hour." |
117 |
elog "each hour." |
| 80 |
elog |
118 |
elog |
