# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$

EAPI=5

inherit eutils user systemd

MY_PV="${PV/_p/p}"
DESCRIPTION="Sensor part of sguil Network Security Monitoring"
HOMEPAGE="http://sguil.sourceforge.net"
SRC_URI="https://github.com/bammv/${PN/-sensor}/archive/v${PV}.tar.gz -> ${P/-sensor}.tar.gz"

LICENSE="GPL-2 QPL"
SLOT="0"
KEYWORDS="~x86 ~amd64"
IUSE="-sancp"

RDEPEND="
	>=dev-lang/tcl-8.3:0=[-threads]
	>=dev-tcltk/tclx-8.3
	dev-tcltk/tls:0
	>=net-analyzer/barnyard-0.2.0-r1
	>=net-analyzer/snort-2.4.1-r1
	dev-ml/pcre-ocaml
	sancp? ( net-analyzer/sancp:0[sguil] )
"

S="${WORKDIR}/sguil-${MY_PV}"

pkg_setup() {
	enewgroup sguil
	enewuser sguil -1 -1 /var/lib/sguil sguil
}

src_prepare() {
	epatch "${FILESDIR}/0.9.0_log_packets.patch"

	local -a CONFIG_FILES=(		
		sensor/pads_agent.conf 
		sensor/pcap_agent.conf 
		sensor/pcap_agent-sancp.conf 
		sensor/sancp_agent.conf 
		sensor/snort_agent.conf
	)

	sed -i -r \
		-e "s:^set HOSTNAME.*$:set HOSTNAME ${HOSTNAME}:" \
		-e 's:/snort_data:/var/lib/sguil:' \
		-e 's:/nsm:/var/lib/sguil:' \
		-e 's:DAEMON 0:DAEMON 1:' \
		-e 's:DEBUG 1:DEBUG 0:g' \
		"${CONFIG_FILES[@]}" \
		|| die

	for CONFIG_FILE in ${CONFIG_FILES[@]}; do
		local AGENT_NAME=$(basename "${CONFIG_FILE//.conf/}")
		echo -e "\nset PID_FILE /run/sguil/${AGENT_NAME}.pid\n" \
			>> "${CONFIG_FILE}"
	done
}

src_install() {
	dodoc doc/*

	dobin sensor/sensor_agent.tcl
	dobin sensor/pads_agent.tcl 
	dobin sensor/snort_agent.tcl 

	newinitd "${FILESDIR}/log_packets.initd" log_packets
	newinitd "${FILESDIR}/pads_agent.initd" pads_agent
	newinitd "${FILESDIR}/pcap_agent.initd" pcap_agent
	newinitd "${FILESDIR}/snort_agent.initd" snort_agent
	newconfd "${FILESDIR}/log_packets.confd" log_packets

	systemd_dounit "${FILESDIR}/pads_agent.service"
	systemd_dounit "${FILESDIR}/pcap_agent.service"
	systemd_dounit "${FILESDIR}/snort_agent.service"
	systemd_dounit "${FILESDIR}/log_packets.service"
	systemd_dounit "${FILESDIR}/log_packets_rotate.timer"
	systemd_dounit "${FILESDIR}/log_packets_rotate.service"
	systemd_newtmpfilesd "${FILESDIR}/systemd-tmpfiles.conf" "sguil-sensor.conf"

	insinto /etc/sguil
	doins sensor/pads_agent.conf
	doins sensor/snort_agent.conf

	if use sancp; then
		dodoc sensor/README.sancp_indexed_pcap

		dobin sensor/sancp_agent.tcl 
		newbin sensor/pcap_agent-sancp.tcl pcap_agent.tcl
		newbin sensor/log_packets-sancp.sh log_packets.sh

		newinitd "${FILESDIR}/sancp_agent.initd" sancp_agent
		systemd_dounit "${FILESDIR}/sancp_agent.service"

		insinto /etc/sguil
		doins sensor/sancp_agent.conf
		doins sensor/sancp-indexed.conf
		newins sensor/pcap_agent-sancp.conf pcap_agent.conf
	else
		dobin sensor/log_packets.sh 
		dobin sensor/pcap_agent.tcl 

		insinto /etc/sguil
	fi

	# Create the directory structure
	diropts -g sguil -o sguil
	keepdir /var/lib/sguil /var/lib/sguil/archive \
		"/var/lib/sguil/${HOSTNAME}" \
		"/var/lib/sguil/${HOSTNAME}/portscans" \
		"/var/lib/sguil/${HOSTNAME}/ssn_logs" \
		"/var/lib/sguil/${HOSTNAME}/dailylogs" \
		"/var/lib/sguil/${HOSTNAME}/sancp"
}

pkg_postinst() {
	elog
	elog "You should check the /etc/sguil/*_agent.conf files and"
	elog "/etc/conf.d/logpackets and ensure that they are accurate"
	elog "for your environment. They should work providing that you"
	elog "are running the sensor on the same machine as the server."
	elog
	elog "This ebuild assumes that you are running a single sensor"
	elog "environment, if this is not the case then you must make sure"
	elog "to modify /etc/sguil/*_agent.conf and change the SERVER_HOST variable."
	elog
	elog "If you use openrc as your init, you should crontab the"
	elog "/etc/init.d/log_packets script to restart each hour."
	elog "If you are using systemd, The log_packets.service unit"
	elog "will automatically start a timer unit to do that job,"
	elog "so you don't need to manually setup a cron job."
	elog
	elog "As of version 0.9.0 the former sguil_agent has been split up"
	elog "into multiple agents. If you are upgrading, you must review"
	elog "the agent config files in /etc/sguil and enable some or all"
	elog "of the following init scripts / systemd units:"
	elog
	elog "openrc:\t\t\tsystemd:"
	elog "/etc/init.d/pads_agent\tpads_agent.service"
	elog "/etc/init.d/pcap_agent\tpcap_agent.service"
	use sancp && elog "/etc/init.d/sancp_agent\tsancp_agent.service"
	elog "/etc/init.d/snort_agent\tsnort_agent.service"
	elog "/etc/init.d/log_packets\tlog_packets.service"
	elog
	elog "You should read /usr/share/doc/sguil-sensor-${PVR}/INSTALL.bz2"
	elog "to learn about the interaction between the different agents"
	elog "and how to set up a working sguil stack."
	elog

}