--- sguil-sensor-0.9.0.ebuild 2016-06-13 04:17:16.648191900 +0200 +++ sguil-sensor-0.9.0-r1.ebuild 2016-06-13 04:17:16.641525311 +0200 @@ -33,27 +33,65 @@ } src_prepare() { - sed -i \ - -e "s:gateway:${HOSTNAME}:" \ + sed -i -r \ + -e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \ -e 's:/snort_data:/var/lib/sguil:' \ + -e 's:/nsm:/var/lib/sguil:' \ -e 's:DAEMON 0:DAEMON 1:' \ -e 's:DEBUG 1:DEBUG 0:g' \ - sensor/sensor_agent.conf || die + sensor/pads_agent.conf \ + sensor/pcap_agent.conf \ + sensor/pcap_agent-sancp.conf \ + sensor/sancp_agent.conf \ + sensor/snort_agent.conf \ + || die + sed -i \ -e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ sensor/sensor_agent.tcl || die + # sensor_agent.pid is not a typo here, but copy&paste error in source code + sed -i \ + -e 's:/var/run/sensor_agent.pid:/run/sguil-pads-agent.pid:' \ + sensor/pads_agent.tcl || die + sed -i \ + -e 's:/var/run/pcap_agent.pid:/run/sguil-pcap-agent.pid:' \ + sensor/pcap_agent.tcl || die + # pcap_agent.pid is not a typo here, but copy&paste error in source code + sed -i \ + -e 's:/var/run/pcap_agent.pid:/run/sguil-pcap-agent-sancp.pid:' \ + sensor/pcap_agent-sancp.tcl || die + sed -i \ + -e 's:/var/run/sancp_agent.pid:/run/sguil-sancp-agent.pid:' \ + sensor/sancp_agent.tcl || die + sed -i \ + -e 's:/var/run/snort_agent.pid:/run/sguil-snort-agent.pid:' \ + sensor/snort_agent.tcl || die } src_install() { dodoc doc/* dobin sensor/sensor_agent.tcl + dobin sensor/pads_agent.tcl + dobin sensor/pcap_agent.tcl + dobin sensor/pcap_agent-sancp.tcl + dobin sensor/sancp_agent.tcl + dobin sensor/snort_agent.tcl newinitd "${FILESDIR}/log_packets.initd" log_packets - newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent + newinitd "${FILESDIR}/pads_agent.initd" pads_agent + newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent + newinitd "${FILESDIR}/pcap_agent-sancp.initd" pcap_agent-sancp + newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent + newinitd "${FILESDIR}/snort_agent.initd" snort_agent newconfd "${FILESDIR}/log_packets.confd" log_packets + insinto /etc/sguil - doins sensor/sensor_agent.conf + doins sensor/pads_agent.conf + doins sensor/pcap_agent.conf + doins sensor/pcap_agent-sancp.conf + doins sensor/sancp_agent.conf + doins sensor/snort_agent.conf # Create the directory structure diropts -g sguil -o sguil @@ -68,13 +106,13 @@ pkg_postinst() { elog - elog "You should check /etc/sguil/sensor_agent.conf and" + elog "You should check the /etc/sguil/*_agent.conf files and" elog "/etc/init.d/logpackets and ensure that they are accurate" elog "for your environment. They should work providing that you" elog "are running the sensor on the same machine as the server." elog "This ebuild assumes that you are running a single sensor" elog "environment, if this is not the case then you must make sure" - elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." + elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable." elog "You should crontab the /etc/init.d/log_packets script to restart" elog "each hour." elog