Lines 14-20
Link Here
|
14 |
LICENSE="GPL-2 QPL" |
14 |
LICENSE="GPL-2 QPL" |
15 |
SLOT="0" |
15 |
SLOT="0" |
16 |
KEYWORDS="~x86" |
16 |
KEYWORDS="~x86" |
17 |
IUSE="" |
17 |
IUSE="-sancp" |
18 |
|
18 |
|
19 |
RDEPEND=" |
19 |
RDEPEND=" |
20 |
>=dev-lang/tcl-8.3:0=[-threads] |
20 |
>=dev-lang/tcl-8.3:0=[-threads] |
Lines 22-28
Link Here
|
22 |
>=net-analyzer/barnyard-0.2.0-r1 |
22 |
>=net-analyzer/barnyard-0.2.0-r1 |
23 |
>=net-analyzer/snort-2.4.1-r1 |
23 |
>=net-analyzer/snort-2.4.1-r1 |
24 |
dev-ml/pcre-ocaml |
24 |
dev-ml/pcre-ocaml |
25 |
net-analyzer/sancp |
25 |
sancp? ( net-analyzer/sancp:0[sguil] ) |
26 |
" |
26 |
" |
27 |
|
27 |
|
28 |
S="${WORKDIR}/sguil-${MY_PV}" |
28 |
S="${WORKDIR}/sguil-${MY_PV}" |
Lines 33-59
Link Here
|
33 |
} |
33 |
} |
34 |
|
34 |
|
35 |
src_prepare() { |
35 |
src_prepare() { |
36 |
sed -i \ |
36 |
local -a CONFIG_FILES=( |
37 |
-e "s:gateway:${HOSTNAME}:" \ |
37 |
sensor/pads_agent.conf |
|
|
38 |
sensor/pcap_agent.conf |
39 |
sensor/pcap_agent-sancp.conf |
40 |
sensor/sancp_agent.conf |
41 |
sensor/snort_agent.conf |
42 |
) |
43 |
|
44 |
sed -i -r \ |
45 |
-e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \ |
38 |
-e 's:/snort_data:/var/lib/sguil:' \ |
46 |
-e 's:/snort_data:/var/lib/sguil:' \ |
|
|
47 |
-e 's:/nsm:/var/lib/sguil:' \ |
39 |
-e 's:DAEMON 0:DAEMON 1:' \ |
48 |
-e 's:DAEMON 0:DAEMON 1:' \ |
40 |
-e 's:DEBUG 1:DEBUG 0:g' \ |
49 |
-e 's:DEBUG 1:DEBUG 0:g' \ |
41 |
sensor/sensor_agent.conf || die |
50 |
"${CONFIG_FILES[@]}" \ |
42 |
sed -i \ |
51 |
|| die |
43 |
-e 's:/var/run/sensor_agent.pid:/run/sguil-sensor.pid:' \ |
52 |
|
44 |
sensor/sensor_agent.tcl || die |
53 |
for CONFIG_FILE in ${CONFIG_FILES[@]}; do |
|
|
54 |
local AGENT_NAME=$(basename "${CONFIG_FILE//.conf/}") |
55 |
echo -e "\nset PID_FILE /run/sguil/${AGENT_NAME}.pid\n" \ |
56 |
>> "${CONFIG_FILE}" |
57 |
done |
45 |
} |
58 |
} |
46 |
|
59 |
|
47 |
src_install() { |
60 |
src_install() { |
48 |
dodoc doc/* |
61 |
dodoc doc/* |
49 |
|
62 |
|
50 |
dobin sensor/sensor_agent.tcl |
63 |
dobin sensor/sensor_agent.tcl |
|
|
64 |
dobin sensor/pads_agent.tcl |
65 |
dobin sensor/snort_agent.tcl |
51 |
|
66 |
|
52 |
newinitd "${FILESDIR}/log_packets.initd" log_packets |
67 |
newinitd "${FILESDIR}/log_packets.initd" log_packets |
53 |
newinitd "${FILESDIR}/sensor_agent.initd" sensor_agent |
68 |
newinitd "${FILESDIR}/pads_agent.initd" pads_agent |
|
|
69 |
newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent |
70 |
newinitd "${FILESDIR}/snort_agent.initd" snort_agent |
54 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
71 |
newconfd "${FILESDIR}/log_packets.confd" log_packets |
|
|
72 |
|
55 |
insinto /etc/sguil |
73 |
insinto /etc/sguil |
56 |
doins sensor/sensor_agent.conf |
74 |
doins sensor/pads_agent.conf |
|
|
75 |
doins sensor/snort_agent.conf |
76 |
|
77 |
if use sancp; then |
78 |
dodoc sensor/README.sancp_indexed_pcap |
79 |
|
80 |
dobin sensor/sancp_agent.tcl |
81 |
newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl |
82 |
|
83 |
newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent |
84 |
|
85 |
insinto /etc/sguil |
86 |
doins sensor/sancp_agent.conf |
87 |
doins sensor/sancp-indexed.conf |
88 |
newins sensor/pcap_agent-sancp.conf pcap_agent.conf |
89 |
else |
90 |
dobin sensor/pcap_agent.tcl |
91 |
|
92 |
insinto /etc/sguil |
93 |
fi |
57 |
|
94 |
|
58 |
# Create the directory structure |
95 |
# Create the directory structure |
59 |
diropts -g sguil -o sguil |
96 |
diropts -g sguil -o sguil |
Lines 63-81
Link Here
|
63 |
"/var/lib/sguil/${HOSTNAME}/ssn_logs" \ |
100 |
"/var/lib/sguil/${HOSTNAME}/ssn_logs" \ |
64 |
"/var/lib/sguil/${HOSTNAME}/dailylogs" \ |
101 |
"/var/lib/sguil/${HOSTNAME}/dailylogs" \ |
65 |
"/var/lib/sguil/${HOSTNAME}/sancp" |
102 |
"/var/lib/sguil/${HOSTNAME}/sancp" |
66 |
|
|
|
67 |
} |
103 |
} |
68 |
|
104 |
|
69 |
pkg_postinst() { |
105 |
pkg_postinst() { |
70 |
elog |
106 |
elog |
71 |
elog "You should check /etc/sguil/sensor_agent.conf and" |
107 |
elog "You should check the /etc/sguil/*_agent.conf files and" |
72 |
elog "/etc/init.d/logpackets and ensure that they are accurate" |
108 |
elog "/etc/conf.d/logpackets and ensure that they are accurate" |
73 |
elog "for your environment. They should work providing that you" |
109 |
elog "for your environment. They should work providing that you" |
74 |
elog "are running the sensor on the same machine as the server." |
110 |
elog "are running the sensor on the same machine as the server." |
|
|
111 |
elog |
75 |
elog "This ebuild assumes that you are running a single sensor" |
112 |
elog "This ebuild assumes that you are running a single sensor" |
76 |
elog "environment, if this is not the case then you must make sure" |
113 |
elog "environment, if this is not the case then you must make sure" |
77 |
elog "to modify /etc/sguil/sensor_agent.conf and change the HOSTNAME variable." |
114 |
elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable." |
78 |
elog "You should crontab the /etc/init.d/log_packets script to restart" |
115 |
elog |
79 |
elog "each hour." |
116 |
elog "If you use openrc as your init, you should crontab the" |
|
|
117 |
elog "/etc/init.d/log_packets script to restart each hour." |
80 |
elog |
118 |
elog |
|
|
119 |
elog "As of version 0.9.0 the former sguil_agent has been split up" |
120 |
elog "into multiple agents. If you are upgrading, you must review" |
121 |
elog "the agent config files in /etc/sguil and enable some or all" |
122 |
elog "of the following init scripts / systemd units:" |
123 |
elog |
124 |
elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2" |
125 |
elog "to learn about the interaction between the different agents" |
126 |
elog "and how to set up a working sguil stack." |
127 |
elog |
128 |
|
81 |
} |
129 |
} |