3 files changed, 119 insertions, 0 deletions

diff --git a/app-admin/sagan/Manifest b/app-admin/sagan/Manifest
index 2d3c7adb1a1b..04660dd53e3f 100644
--- a/app-admin/sagan/Manifest
+++ b/app-admin/sagan/Manifest
@@ -1 +1,2 @@
 DIST sagan-1.0.0RC3.tar.gz 285207 BLAKE2B 7322ffc73a8e86f07ef106b04feb9140ba94a51b9e286ef0c0b0d3fa609e8e03cef4c75e1d32502c1b70a4c078d8601d2a1c58058137bb793c8a52cecc4be20b SHA512 29388a339b290bb4de2359c0c54b9e1d43ef207b223a499a1a4faa36de4d9590a777a796dd773948e995d052b71f3ef47ca5bad5c133116c4dbb53b4fe336123
+DIST sagan-2.0.1.tar.gz 487936 BLAKE2B 84a137bb0001c6758979d17cf67442262f732f7d49ce397183c0c226d6135e2c3cd8362452ef6b893e75a9cf5e874256d88f740b94df0dfa39587fc771ad4f8d SHA512 0cc288b67f641346bb0dbfcac2682c8c2b09e3e508b94dd5b2d5a81c2a80c7989f1d54725041210511877bd6b2338e8b0fdcae01f7084d39d48abef073d1fe64
diff --git a/app-admin/sagan/files/sagan.service b/app-admin/sagan/files/sagan.service
new file mode 100644
index 000000000000..30a0e12822a0
--- /dev/null
+++ b/app-admin/sagan/files/sagan.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Sagan daemon
+Documentation=https://sagan.readthedocs.io/
+Before=rsyslog.service syslog-ng.service
+
+[Service]
+User=sagan
+Group=sagan
+ExecStart=/usr/bin/sagan $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-admin/sagan/sagan-2.0.1.ebuild b/app-admin/sagan/sagan-2.0.1.ebuild
new file mode 100644
index 000000000000..f180b53f50f0
--- /dev/null
+++ b/app-admin/sagan/sagan-2.0.1.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic user systemd
+
+DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system"
+HOMEPAGE="https://sagan.quadrantsec.com/"
+SRC_URI="https://sagan.quadrantsec.com/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="geoip +libdnet +lognorm mysql redis +pcap smtp"
+
+BDEPEND="virtual/pkgconfig"
+DEPEND="
+	app-admin/sagan-rules[lognorm?]
+	dev-libs/libpcre
+	dev-libs/libyaml
+	geoip? ( dev-libs/geoip )
+	lognorm? (
+		dev-libs/liblognorm
+		dev-libs/libfastjson:=
+		dev-libs/libestr
+	)
+	redis? ( dev-libs/hiredis )
+	pcap? ( net-libs/libpcap )
+	smtp? ( net-libs/libesmtp )
+"
+
+# Package no longer logs directly to a database
+# and relies on Unified2 format to accomplish it
+RDEPEND="
+	${RDEPEND}
+	mysql? ( net-analyzer/barnyard2[mysql] )
+"
+
+REQUIRED_USE="mysql? ( libdnet )"
+
+DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO )
+
+pkg_setup() {
+	enewgroup sagan
+	enewuser sagan -1 -1 /dev/null sagan
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	append-flags -fcommon
+
+	local myeconfargs=(
+		$(use_enable smtp esmtp)
+		$(use_enable lognorm)
+		$(use_enable pcap libpcap)
+		$(use_enable geoip)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	# No need to create this at build/install time
+	rm -r "${ED}"/var/run/ || die
+
+	# Fix paths in config file
+	sed -i -e "s:/usr/local/:${EPREFIX}/:" "${ED}"/etc/sagan.yaml || die
+
+	diropts -g sagan -o sagan -m 775
+
+	dodir /var/log/sagan
+
+	keepdir /var/log/sagan
+
+	touch "${ED}"/var/log/sagan/sagan.log || die
+	chown sagan.sagan "${ED}"/var/log/sagan/sagan.log || die
+
+	newinitd "${FILESDIR}"/sagan.init-r1 sagan
+	newconfd "${FILESDIR}"/sagan.confd sagan
+
+	systemd_dounit "${FILESDIR}"/sagan.service
+
+	docinto examples
+	dodoc -r extra/*
+}
+
+pkg_postinst() {
+	if use smtp; then
+		ewarn "You have enabled smtp use flag. If you plan on using Sagan with"
+		ewarn "email, create valid writable home directory for user 'sagan'"
+		ewarn "For security reasons it was created with /dev/null home directory"
+	fi
+
+	einfo "For configuration assistance see"
+	einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO"
+}