summaryrefslogtreecommitdiff
blob: 82b621af6cde8848891b0b9d89ff10eb8c79e6a7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=6
inherit ssl-cert user

MY_PV="${PV/_p/p}"
DESCRIPTION="Daemon for Sguil Network Security Monitoring"
HOMEPAGE="https://github.com/bammv/sguil"
SRC_URI="${HOMEPAGE}/archive/v${PV}.tar.gz -> ${P/-server}.tar.gz"

LICENSE="GPL-2 QPL"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="ssl"

DEPEND="
	>=dev-lang/tcl-8.3:0=[-threads]
	>=dev-tcltk/tclx-8.3
	dev-tcltk/tcllib
	dev-tcltk/mysqltcl
	ssl? ( >=dev-tcltk/tls-1.4.1 )
"
RDEPEND="
	${DEPEND}
	net-analyzer/p0f
	net-analyzer/tcpflow
	net-misc/openssh
"

S="${WORKDIR}/sguil-${MY_PV}"

pkg_setup() {
	enewgroup sguil
	enewuser sguil -1 -1 /var/lib/sguil sguil
}

src_prepare(){
	default
	sed -i \
		-e 's:DEBUG 2:DEBUG 1:' -e 's:DAEMON 0:DAEMON 1:' \
		-e 's:SGUILD_LIB_PATH ./lib:SGUILD_LIB_PATH /usr/'$(get_libdir)'/sguild:g' \
		-e 's:/sguild_data/rules:/var/lib/sguil/rules:g' \
		-e 's:/sguild_data/archive:/var/lib/sguil/archive:g' \
		server/sguild.conf || die
}

src_install(){
	dodoc server/sql_scripts/*
	dodoc doc/CHANGES doc/OPENSSL.README doc/USAGE doc/INSTALL \
	doc/TODO doc/sguildb.dia

	insopts -m640
	insinto /etc/sguil
	doins server/{sguild.email,sguild.users,sguild.conf,sguild.queries,sguild.access,autocat.conf}

	insinto /usr/$(get_libdir)/sguild
	doins server/lib/*
	dobin server/sguild
	newinitd "${FILESDIR}/sguild.initd" sguild
	newconfd "${FILESDIR}/sguild.confd" sguild

	if use ssl; then
		sed -i -e "s/#OPENSSL/OPENSSL/" "${D}/etc/conf.d/sguild"
	fi

	diropts -g sguil -o sguil
	keepdir \
		/var/lib/sguil \
		/var/lib/sguil/archive \
		/var/lib/sguil/rules

}

pkg_postinst(){
	if use ssl && ! [ -f "${ROOT}"/etc/sguil/sguild.key ]; then
		install_cert /etc/sguil/sguild
	fi

	chown -R sguil:sguil "${ROOT}"/etc/sguil/sguild.*
	chown -R sguil:sguil "${ROOT}"/usr/lib/sguild

	if [ -d "${ROOT}"/etc/snort/rules ] ; then
		ln -s /etc/snort/rules "${ROOT}"/var/lib/sguil/rules/${HOSTNAME}
	fi

	elog
	elog "Please customize the sguild configuration files in /etc/sguild before"
	elog "trying to run the daemon. Additionally you will need to setup the"
	elog "mysql database. See /usr/share/doc/${PF}/INSTALL.gz for information."
	elog "Please note that it is STRONGLY recommended to mount a separate"
	elog "filesystem at /var/lib/sguil for both space and performance reasons"
	elog "as a large amount of data will be kept in the directory structure"
	elog "underneath that top directory."
	elog
	elog "You should create the sguild db as per the install instructions in"
	elog "/usr/share/doc/${PF}/ and use the appropriate"
	elog "database setup script located in the same directory."

	elog
}