From 9deda0bbd27373b78b2bdc4381c91b94108d9eb4 Mon Sep 17 00:00:00 2001 From: Seemant Kulleen Date: Wed, 29 Oct 2003 06:18:08 +0000 Subject: metalog fix0r --- net-firewall/psad/Manifest | 4 +- net-firewall/psad/files/digest-psad-1.2.4-r1 | 1 + net-firewall/psad/files/psad-1.2.4-metalog.patch | 59 +++++++++++ net-firewall/psad/psad-1.2.4-r1.ebuild | 120 +++++++++++++++++++++++ 4 files changed, 182 insertions(+), 2 deletions(-) create mode 100644 net-firewall/psad/files/digest-psad-1.2.4-r1 create mode 100644 net-firewall/psad/files/psad-1.2.4-metalog.patch create mode 100644 net-firewall/psad/psad-1.2.4-r1.ebuild (limited to 'net-firewall/psad') diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest index 3adf849c38cf..ba90acb61d6f 100644 --- a/net-firewall/psad/Manifest +++ b/net-firewall/psad/Manifest @@ -1,7 +1,7 @@ MD5 d53d8f350b98cb2c133a02ed1bb7b17f psad-1.2.3-r1.ebuild 2318 -MD5 8d27adccf4971d5d3e81bdf3913e2850 psad-1.2.4-r1.ebuild 2832 +MD5 c8ca4777aadd89784d12199bce21e85f psad-1.2.4-r1.ebuild 2835 MD5 cd8a79e76c6745c3eaa0d4cf8a18b9eb psad-1.2.4.ebuild 2814 -MD5 5ef7ac1b851517d31ed80b49386ecc42 ChangeLog 1360 +MD5 7c3a90592ee0d2d60c91140d5d47d798 ChangeLog 1723 MD5 624441f5e21afa19251eedc583e0c4e7 metadata.xml 433 MD5 de0f1f89e6d13f25077e8189a1709007 files/digest-psad-1.2.4 63 MD5 2958d8637b53c70d3e7c1fc812265c96 files/digest-psad-1.2.3-r1 62 diff --git a/net-firewall/psad/files/digest-psad-1.2.4-r1 b/net-firewall/psad/files/digest-psad-1.2.4-r1 new file mode 100644 index 000000000000..5f9f33ef07e3 --- /dev/null +++ b/net-firewall/psad/files/digest-psad-1.2.4-r1 @@ -0,0 +1 @@ +MD5 7233ac8929e7ee5e3b66edaae72b4c92 psad-1.2.4.tar.bz2 454610 diff --git a/net-firewall/psad/files/psad-1.2.4-metalog.patch b/net-firewall/psad/files/psad-1.2.4-metalog.patch new file mode 100644 index 000000000000..558ce59a0b01 --- /dev/null +++ b/net-firewall/psad/files/psad-1.2.4-metalog.patch @@ -0,0 +1,59 @@ +--- /root/psad 2003-10-26 16:49:31.000000000 +0100 ++++ ./psad 2003-10-26 18:53:43.000000000 +0100 +@@ -3618,5 +3618,5 @@ + + die ' ** No system logger config file could be found.' +- unless (-e '/etc/syslog.conf' or -e '/etc/syslog-ng/syslog-ng.conf'); ++ unless (-e '/etc/syslog.conf' or -e '/etc/syslog-ng/syslog-ng.conf' or -e '/etc/metalog/metalog.conf'); + + ### look for psadfifo in some system logger config file +@@ -3696,4 +3696,49 @@ + } + } ++# Metalog support added by Dennis Freise ++ if (-e '/etc/metalog/metalog.conf') { ++ unless (-e '/etc/metalog/metalog.conf.orig') { ++ copy '/etc/metalog/metalog.conf', ++ '/etc/metalog/metalog.conf.orig'; ++ } ++ open RS, '< /etc/metalog/metalog.conf' or ++ die " ** Unable to open /etc/metalog/metalog.conf: $!\n"; ++ my @lines = ; ++ close RS; ++ ++ my $found = 0; ++ for my $line (@lines) { ++ if ($line =~ m/psadpipe.sh/) { ++ $found = 1; ++ last; ++ } ++ } ++ unless ($found) { ++ open METALOG, '> /etc/metalog/metalog.conf' or ++ die " ** Unable to open /etc/metalog/metalog.conf: $!"; ++ ++ print METALOG "\n"; ++ print METALOG "\nPSAD :\n", ++ " facility = \"kern\"\n"; ++ print METALOG ' command = ', ++ "\"/usr/sbin/psadpipe.sh\"\n"; ++ close METALOG; ++ &Psad::psyslog('psad', '.. reconfiguring metalog to write ' . ++ "kern-facility messages to /usr/sbin/psadpipe.sh"); ++ ++ open PIPESCRIPT, '> /usr/sbin/psadpipe.sh' or ++ die " ** Unable to open /usr/sbin/psadpipe.sh: $!"; ++ print PIPESCRIPT "#!/bin/sh\n\n"; ++ print PIPESCRIPT "echo \"\$3\" >> $config{'PSAD_FIFO'}\n"; ++ close PIPESCRIPT; ++ chmod 0700, '/usr/sbin/psadpipe.sh'; ++ &Psad::psyslog('psad', '.. generated /usr/sbin/psadpipe.sh which writes ' . ++ "to $config{'PSAD_FIFO'}"); ++ ++# Metalog seems to simply die on SIGHUP and SIGALRM, and I found no signal or option to reload it's config... :-( ++ die "All files written. You have to manually restart metalog! When done, start psad again."; ++# system "$cmds{'killall'} -HUP metalog"; ++ } ++ } + + ### make sure the permissions on these files is 0600 diff --git a/net-firewall/psad/psad-1.2.4-r1.ebuild b/net-firewall/psad/psad-1.2.4-r1.ebuild new file mode 100644 index 000000000000..f96c197d6d46 --- /dev/null +++ b/net-firewall/psad/psad-1.2.4-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-1.2.4-r1.ebuild,v 1.1 2003/10/29 06:18:07 seemant Exp $ + +inherit eutils +inherit perl-module + +IUSE="" + +S=${WORKDIR}/${P} +DESCRIPTION="Port Scannning Attack Detection daemon" +SRC_URI="http://www.cipherdyne.org/psad/download/psad-${PV}.tar.bz2" +HOMEPAGE="http://www.cipherdyne.org/psad" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~x86 ~amd64 ~ia64 ~ppc ~alpha ~sparc ~hppa ~mips ~arm" + +DEPEND="${DEPEND} + dev-lang/perl" + +RDEPEND="virtual/logger + dev-perl/Unix-Syslog + dev-perl/Date-Calc + net-mail/mailx + net-firewall/iptables" + +src_compile() { + cd ${S}/Psad + SRC_PREP="no" perl-module_src_compile + emake test + + cd ${S}/Net-IPv4Addr + SRC_PREP="no" perl-module_src_compile + emake test + + cd ${S}/IPTables/Parse + SRC_PREP="no" perl-module_src_compile + emake test + + cd ${S}/whois + emake || die + + cd ${S} + # Unofficial metalog patch + epatch ${FILESDIR}/psad-${PV}-metalog.patch + # We'll use the C binaries + emake || die +} + +src_install() { + local myhostname= + local mydomain= + + keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN} + dodir /etc/psad + cd ${S}/Psad + insinto /usr/lib/psad + doins Psad.pm + + cd ${S}/Net-IPv4Addr + insinto /usr/lib/psad/Net + doins IPv4Addr.pm + + cd ${S}/IPTables/Parse + insinto /usr/lib/psad/IPTables + doins Parse.pm + + cd ${S}/whois + # Makefile seems borken, do install by hand... + insinto /usr + newbin whois whois_psad + newman whois.1 whois_psad.1 + + cd ${S} + insinto /usr + dosbin kmsgsd psad psadwatchd + dobin pscan + + cd ${S} + + # Ditch the _CHANGEME_ for hostname, substituting in our real hostname + myhostname="$(< /etc/hostname)" + [ -e /etc/dnsdomainname ] && mydomain=".$(< /etc/dnsdomainname)" + cp psad.conf psad.conf.orig + sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "Sed failed." + + insinto /etc/psad + doins *.conf + doins psad_* + + insinto /etc/init.d + newins psad-init.gentoo psad + + cd ${S}/snort_rules + dodir /etc/psad/snort_rules + insinto /etc/psad/snort_rules + doins *.rules + + cd ${S} + dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README LICENSE SCAN_LOG +} + +pkg_postinst() { + if [ ! -p ${ROOT}/var/lib/psad/psadfifo ] + then + ebegin "Creating syslog FIFO for PSAD" + mknod -m 600 ${ROOT}/var/lib/psad/psadfifo p + eend $? + fi + + echo + einfo "Please be sure to edit /etc/psad/psad.conf to reflect your system's" + einfo "configuration or it may not work correctly or start up. Specifically, check" + einfo "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES setting" + einfo "at the least." + echo + ewarn "Metalog support was added in psad-1.2.4-r1. Please note that metalog" + ewarn "support is experimental and has not yet been added officially to psad." +} -- cgit v1.2.3-65-gdbad