+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-2.1.5.ebuild,v 1.1 2009/12/24 21:21:13 battousai Exp $
+inherit eutils perl-app
+DESCRIPTION="Port Scanning Attack Detection daemon"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+ dev-lang/perl"
+ dev-perl/Unix-Syslog
+ dev-perl/Date-Calc
+ virtual/mailx
+ net-firewall/iptables
+ net-misc/whois"
+src_compile() {
+ cd "${S}"/deps/Net-IPv4Addr
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+ cd "${S}"/deps/IPTables-Parse
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+ cd "${S}"/deps/IPTables-ChainMgr
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+ cd "${S}"
+ # We'll use the C binaries
+ emake || die "Make failed: daemons"
+src_install() {
+ local myhostname=
+ local mydomain=
+ doman *.8
+ keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN}
+ dodir /etc/psad
+ cd "${S}"/deps/Net-IPv4Addr
+ perl-module_src_install
+ cd "${S}"/deps/IPTables-ChainMgr
+ perl-module_src_install
+ cd "${S}"/deps/IPTables-Parse
+ perl-module_src_install
+ cd "${S}"
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad
+ dobin pscan
+ cd "${S}"
+ fix_psad_conf
+ insinto /etc/psad
+ doins *.conf
+ doins psad_*
+ doins auto_dl icmp_types ip_options posf signatures pf.os
+ cd "${S}"/init-scripts
+ newinitd psad-init.gentoo psad
+ cd "${S}"/deps/snort_rules
+ dodir /etc/psad/snort_rules
+ insinto /etc/psad/snort_rules
+ doins *.rules
+ cd "${S}"
+pkg_postinst() {
+ if [ ! -p "${ROOT}"/var/lib/psad/psadfifo ]
+ then
+ ebegin "Creating syslog FIFO for PSAD"
+ mknod -m 600 "${ROOT}"/var/lib/psad/psadfifo p
+ eend $?
+ fi
+ echo
+ elog "Please be sure to edit /etc/psad/psad.conf to reflect your system's"
+ elog "configuration or it may not work correctly or start up. Specifically, check"
+ elog "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES and"
+ elog "HOME_NET settings at the least."
+ elog
+ if has_version ">=app-admin/syslog-ng-0.0.0"
+ then
+ ewarn "You appear to have installed syslog-ng. If you are using syslog-ng as your"
+ ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
+ ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
+ ewarn " SYSLOG_DAEMON syslog-ng;"
+ ewarn
+ fi
+ if has_version ">=app-admin/sysklogd-0.0.0"
+ then
+ elog "You have sysklogd installed. If this is your default system logger, no"
+ elog "special configuration is needed. If it is not, please set SYSLOG_DAEMON"
+ elog "in /etc/psad/psad.conf accordingly."
+ elog
+ fi
+ if has_version ">=app-admin/metalog-0.0"
+ then
+ ewarn "You appear to have installed metalog. If you are using metalog as your"
+ ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
+ ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
+ ewarn " SYSLOG_DAEMON metalog"
+ fi
+ ewarn "NOTE: You need firewall rules to log dropped packets. Otherwise PSAD will"
+ ewarn "not be aware of any port scan attacks. Please see FW_EXAMPLE_RULES in the"
+ ewarn "psad documentation directory (ie /usr/share/doc/${P}) for the criteria and"
+ ewarn "sample rules."
+fix_psad_conf() {
+ cp psad.conf psad.conf.orig
+ # Ditch the _CHANGEME_ for hostname, substituting in our real hostname
+ [ -e /etc/hostname ] && myhostname="$(< /etc/hostname)"
+ [ "${myhostname}" == "" ] && myhostname="$HOSTNAME"
+ mydomain=".$(grep ^domain /etc/resolv.conf | cut -d" " -f2)"
+ sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "fix_psad_conf failed"
+ # Fix up paths
+ sed -i "s:/sbin/syslogd:/usr/sbin/syslogd:g" psad.conf || die "fix_psad_conf failed"
+ sed -i "s:/sbin/syslog-ng:/usr/sbin/syslog-ng:g" psad.conf || die "fix_psad_conf failed"
+ sed -i "s:/usr/bin/whois_psad:/usr/bin/whois:g" psad.conf || die "fix_psad_conf failed"