# Copyright 1999-2010 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

inherit eutils

DESCRIPTION="Perl script to convert nmap scans to a Snort Host Attribute Table"
HOMEPAGE="http://code.google.com/p/hogger/"
SRC_URI="http://hogger.googlecode.com/files/${P}.tar.gz"

SLOT="0"
LICENSE="GPL-3"
KEYWORDS="~amd64 ~x86"
IUSE=""

DEPEND=""
RDEPEND="dev-lang/perl
		 perl-core/IO
		 perl-core/Getopt-Long"

src_unpack() {

	unpack ${A}

}

src_install () {

	cd ${PN}

	dobin hogger.pl || die "Failed to install script hogger.pl"

	keepdir /etc/hogger
	keepdir /etc/hogger/scans

	insinto /etc/hogger

	newins hogger.conf hogger.conf.distrib

	#Clean up the config file to match the install locations
	sed -i -e 's:/etc/snort/hogger/hostmap.csv:/etc/hogger/hostmap.csv:g' \
		"${D}etc/hogger/hogger.conf.distrib"

	sed -i -e 's:/etc/snort/host_attribute.xml:/etc/hogger/host_attribute.xml:g' \
		"${D}etc/hogger/hogger.conf.distrib"

	sed -i -e 's:/etc/snort/hogger/nmap_dir:/etc/hogger/scans:g' \
		"${D}etc/hogger/hogger.conf.distrib"

	dodoc ./LICENSE \
		  ./README \
		  ./hostmap.csv \
		  ./hosts.nmap

}

pkg_postinst() {

	einfo
	einfo "Hogger leverages nmap scan files to create a Host Attribute Table"
	einfo "for you in the XML format that Snort needs to tune your pre-processors."
	einfo
	einfo "Hogger makes your network more understandable to snort, assisting"
	einfo "Snort in reassembling fragmented packets and streams in the same way"
	einfo "that	each respective host will, thereby reducing false-positives and"
	einfo "false-negatives (Plus you don't have to manually identify each of"
	einfo "your hosts!)"
	einfo
	einfo "When using nmap to collect scan data for hogger to parse you should"
	einfo "use the following..."
	einfo
	einfo "'nmap -T4 -PN -O -n <IP range> > /etc/hogger/scans/test.nmap'"
	einfo

}