summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeemant Kulleen <seemant@gentoo.org>2003-10-29 06:18:08 +0000
committerSeemant Kulleen <seemant@gentoo.org>2003-10-29 06:18:08 +0000
commita45672beecd91d774a454b27b92b6ce98b6ffca1 (patch)
tree3dc502bdd6f58f03d4af6767a8b382d770fcdf4e /net-firewall
parentmetalog fix0r (diff)
downloadgentoo-2-a45672beecd91d774a454b27b92b6ce98b6ffca1.tar.gz
gentoo-2-a45672beecd91d774a454b27b92b6ce98b6ffca1.tar.bz2
gentoo-2-a45672beecd91d774a454b27b92b6ce98b6ffca1.zip
metalog fix0r
Diffstat (limited to 'net-firewall')
-rw-r--r--net-firewall/psad/ChangeLog10
-rw-r--r--net-firewall/psad/Manifest4
-rw-r--r--net-firewall/psad/files/digest-psad-1.2.4-r11
-rw-r--r--net-firewall/psad/files/psad-1.2.4-metalog.patch59
-rw-r--r--net-firewall/psad/psad-1.2.4-r1.ebuild120
5 files changed, 191 insertions, 3 deletions
diff --git a/net-firewall/psad/ChangeLog b/net-firewall/psad/ChangeLog
index c2c70dc11e2f..b52e337659f9 100644
--- a/net-firewall/psad/ChangeLog
+++ b/net-firewall/psad/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-firewall/psad
# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/ChangeLog,v 1.6 2003/10/21 06:44:14 seemant Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/ChangeLog,v 1.7 2003/10/29 06:18:07 seemant Exp $
+
+*psad-1.2.4-r1 (28 Oct 2003)
+
+ 28 Oct 2003; Seemant Kulleen <seemant@gentoo.org> psad-1.2.4-r1.ebuild,
+ files/psad-1.2.4-metalog.patch:
+ new patch to make psad work better with metalog. The patch was written by:
+ Dennis Freise <cat@final-frontier.ath.cx> and sent to psad's upstream author
+ and myself. Battoussai rediff'd it and updated the ebuild for us.
*psad-1.2.4 (20 Oct 2003)
diff --git a/net-firewall/psad/Manifest b/net-firewall/psad/Manifest
index 3adf849c38cf..ba90acb61d6f 100644
--- a/net-firewall/psad/Manifest
+++ b/net-firewall/psad/Manifest
@@ -1,7 +1,7 @@
MD5 d53d8f350b98cb2c133a02ed1bb7b17f psad-1.2.3-r1.ebuild 2318
-MD5 8d27adccf4971d5d3e81bdf3913e2850 psad-1.2.4-r1.ebuild 2832
+MD5 c8ca4777aadd89784d12199bce21e85f psad-1.2.4-r1.ebuild 2835
MD5 cd8a79e76c6745c3eaa0d4cf8a18b9eb psad-1.2.4.ebuild 2814
-MD5 5ef7ac1b851517d31ed80b49386ecc42 ChangeLog 1360
+MD5 7c3a90592ee0d2d60c91140d5d47d798 ChangeLog 1723
MD5 624441f5e21afa19251eedc583e0c4e7 metadata.xml 433
MD5 de0f1f89e6d13f25077e8189a1709007 files/digest-psad-1.2.4 63
MD5 2958d8637b53c70d3e7c1fc812265c96 files/digest-psad-1.2.3-r1 62
diff --git a/net-firewall/psad/files/digest-psad-1.2.4-r1 b/net-firewall/psad/files/digest-psad-1.2.4-r1
new file mode 100644
index 000000000000..5f9f33ef07e3
--- /dev/null
+++ b/net-firewall/psad/files/digest-psad-1.2.4-r1
@@ -0,0 +1 @@
+MD5 7233ac8929e7ee5e3b66edaae72b4c92 psad-1.2.4.tar.bz2 454610
diff --git a/net-firewall/psad/files/psad-1.2.4-metalog.patch b/net-firewall/psad/files/psad-1.2.4-metalog.patch
new file mode 100644
index 000000000000..558ce59a0b01
--- /dev/null
+++ b/net-firewall/psad/files/psad-1.2.4-metalog.patch
@@ -0,0 +1,59 @@
+--- /root/psad 2003-10-26 16:49:31.000000000 +0100
++++ ./psad 2003-10-26 18:53:43.000000000 +0100
+@@ -3618,5 +3618,5 @@
+
+ die ' ** No system logger config file could be found.'
+- unless (-e '/etc/syslog.conf' or -e '/etc/syslog-ng/syslog-ng.conf');
++ unless (-e '/etc/syslog.conf' or -e '/etc/syslog-ng/syslog-ng.conf' or -e '/etc/metalog/metalog.conf');
+
+ ### look for psadfifo in some system logger config file
+@@ -3696,4 +3696,49 @@
+ }
+ }
++# Metalog support added by Dennis Freise <cat@final-frontier.ath.cx>
++ if (-e '/etc/metalog/metalog.conf') {
++ unless (-e '/etc/metalog/metalog.conf.orig') {
++ copy '/etc/metalog/metalog.conf',
++ '/etc/metalog/metalog.conf.orig';
++ }
++ open RS, '< /etc/metalog/metalog.conf' or
++ die " ** Unable to open /etc/metalog/metalog.conf: $!\n";
++ my @lines = <RS>;
++ close RS;
++
++ my $found = 0;
++ for my $line (@lines) {
++ if ($line =~ m/psadpipe.sh/) {
++ $found = 1;
++ last;
++ }
++ }
++ unless ($found) {
++ open METALOG, '> /etc/metalog/metalog.conf' or
++ die " ** Unable to open /etc/metalog/metalog.conf: $!";
++
++ print METALOG "\n";
++ print METALOG "\nPSAD :\n",
++ " facility = \"kern\"\n";
++ print METALOG ' command = ',
++ "\"/usr/sbin/psadpipe.sh\"\n";
++ close METALOG;
++ &Psad::psyslog('psad', '.. reconfiguring metalog to write ' .
++ "kern-facility messages to /usr/sbin/psadpipe.sh");
++
++ open PIPESCRIPT, '> /usr/sbin/psadpipe.sh' or
++ die " ** Unable to open /usr/sbin/psadpipe.sh: $!";
++ print PIPESCRIPT "#!/bin/sh\n\n";
++ print PIPESCRIPT "echo \"\$3\" >> $config{'PSAD_FIFO'}\n";
++ close PIPESCRIPT;
++ chmod 0700, '/usr/sbin/psadpipe.sh';
++ &Psad::psyslog('psad', '.. generated /usr/sbin/psadpipe.sh which writes ' .
++ "to $config{'PSAD_FIFO'}");
++
++# Metalog seems to simply die on SIGHUP and SIGALRM, and I found no signal or option to reload it's config... :-(
++ die "All files written. You have to manually restart metalog! When done, start psad again.";
++# system "$cmds{'killall'} -HUP metalog";
++ }
++ }
+
+ ### make sure the permissions on these files is 0600
diff --git a/net-firewall/psad/psad-1.2.4-r1.ebuild b/net-firewall/psad/psad-1.2.4-r1.ebuild
new file mode 100644
index 000000000000..f96c197d6d46
--- /dev/null
+++ b/net-firewall/psad/psad-1.2.4-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-1.2.4-r1.ebuild,v 1.1 2003/10/29 06:18:07 seemant Exp $
+
+inherit eutils
+inherit perl-module
+
+IUSE=""
+
+S=${WORKDIR}/${P}
+DESCRIPTION="Port Scannning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/psad-${PV}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~amd64 ~ia64 ~ppc ~alpha ~sparc ~hppa ~mips ~arm"
+
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+RDEPEND="virtual/logger
+ dev-perl/Unix-Syslog
+ dev-perl/Date-Calc
+ net-mail/mailx
+ net-firewall/iptables"
+
+src_compile() {
+ cd ${S}/Psad
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd ${S}/Net-IPv4Addr
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd ${S}/IPTables/Parse
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd ${S}/whois
+ emake || die
+
+ cd ${S}
+ # Unofficial metalog patch
+ epatch ${FILESDIR}/psad-${PV}-metalog.patch
+ # We'll use the C binaries
+ emake || die
+}
+
+src_install() {
+ local myhostname=
+ local mydomain=
+
+ keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN}
+ dodir /etc/psad
+ cd ${S}/Psad
+ insinto /usr/lib/psad
+ doins Psad.pm
+
+ cd ${S}/Net-IPv4Addr
+ insinto /usr/lib/psad/Net
+ doins IPv4Addr.pm
+
+ cd ${S}/IPTables/Parse
+ insinto /usr/lib/psad/IPTables
+ doins Parse.pm
+
+ cd ${S}/whois
+ # Makefile seems borken, do install by hand...
+ insinto /usr
+ newbin whois whois_psad
+ newman whois.1 whois_psad.1
+
+ cd ${S}
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ dobin pscan
+
+ cd ${S}
+
+ # Ditch the _CHANGEME_ for hostname, substituting in our real hostname
+ myhostname="$(< /etc/hostname)"
+ [ -e /etc/dnsdomainname ] && mydomain=".$(< /etc/dnsdomainname)"
+ cp psad.conf psad.conf.orig
+ sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "Sed failed."
+
+ insinto /etc/psad
+ doins *.conf
+ doins psad_*
+
+ insinto /etc/init.d
+ newins psad-init.gentoo psad
+
+ cd ${S}/snort_rules
+ dodir /etc/psad/snort_rules
+ insinto /etc/psad/snort_rules
+ doins *.rules
+
+ cd ${S}
+ dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README LICENSE SCAN_LOG
+}
+
+pkg_postinst() {
+ if [ ! -p ${ROOT}/var/lib/psad/psadfifo ]
+ then
+ ebegin "Creating syslog FIFO for PSAD"
+ mknod -m 600 ${ROOT}/var/lib/psad/psadfifo p
+ eend $?
+ fi
+
+ echo
+ einfo "Please be sure to edit /etc/psad/psad.conf to reflect your system's"
+ einfo "configuration or it may not work correctly or start up. Specifically, check"
+ einfo "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES setting"
+ einfo "at the least."
+ echo
+ ewarn "Metalog support was added in psad-1.2.4-r1. Please note that metalog"
+ ewarn "support is experimental and has not yet been added officially to psad."
+}