summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBryan Stine <battousai@gentoo.org>2010-07-15 20:29:42 +0000
committerBryan Stine <battousai@gentoo.org>2010-07-15 20:29:42 +0000
commit07615730b0a120a8f9594e6128e88c80bf613e5e (patch)
tree4e055c4a5b5e3930d103421700ee77dd2340a187 /net-firewall/psad
parentBump due to a security fix, http://www.isc.org/files/release-notes/BIND971P2.... (diff)
downloadgentoo-2-07615730b0a120a8f9594e6128e88c80bf613e5e.tar.gz
gentoo-2-07615730b0a120a8f9594e6128e88c80bf613e5e.tar.bz2
gentoo-2-07615730b0a120a8f9594e6128e88c80bf613e5e.zip
Version bump to 2.1.7.
(Portage version: 2.2_rc67/cvs/Linux x86_64)
Diffstat (limited to 'net-firewall/psad')
-rw-r--r--net-firewall/psad/ChangeLog7
-rw-r--r--net-firewall/psad/psad-2.1.7.ebuild151
2 files changed, 157 insertions, 1 deletions
diff --git a/net-firewall/psad/ChangeLog b/net-firewall/psad/ChangeLog
index d5deebef2aad..4012402c8427 100644
--- a/net-firewall/psad/ChangeLog
+++ b/net-firewall/psad/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-firewall/psad
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/ChangeLog,v 1.48 2010/06/03 21:55:40 battousai Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/ChangeLog,v 1.49 2010/07/15 20:29:42 battousai Exp $
+
+*psad-2.1.7 (15 Jul 2010)
+
+ 15 Jul 2010; Bryan Stine <battousai@gentoo.org> +psad-2.1.7.ebuild:
+ Version bump to 2.1.7.
*psad-2.1.5-r2 (03 Jun 2010)
diff --git a/net-firewall/psad/psad-2.1.7.ebuild b/net-firewall/psad/psad-2.1.7.ebuild
new file mode 100644
index 000000000000..3774243b979d
--- /dev/null
+++ b/net-firewall/psad/psad-2.1.7.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/psad/psad-2.1.7.ebuild,v 1.1 2010/07/15 20:29:42 battousai Exp $
+
+inherit eutils perl-app
+
+IUSE=""
+
+DESCRIPTION="Port Scanning Attack Detection daemon"
+SRC_URI="http://www.cipherdyne.org/psad/download/${P}.tar.bz2"
+HOMEPAGE="http://www.cipherdyne.org/psad"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86"
+
+DEPEND="${DEPEND}
+ dev-lang/perl"
+
+RDEPEND="virtual/logger
+ dev-perl/Unix-Syslog
+ dev-perl/Date-Calc
+ virtual/mailx
+ net-firewall/iptables
+ net-misc/whois"
+
+src_compile() {
+ cd "${S}"/deps/Net-IPv4Addr
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd "${S}"/deps/IPTables-Parse
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd "${S}"/deps/IPTables-ChainMgr
+ SRC_PREP="no" perl-module_src_compile
+ emake test
+
+ cd "${S}"
+ # We'll use the C binaries
+ emake || die "Make failed: daemons"
+}
+
+src_install() {
+ local myhostname=
+ local mydomain=
+
+ doman *.8
+
+ keepdir /var/lib/psad /var/log/psad /var/run/psad /var/lock/subsys/${PN}
+ dodir /etc/psad
+
+ cd "${S}"/deps/Net-IPv4Addr
+ perl-module_src_install
+
+ cd "${S}"/deps/IPTables-ChainMgr
+ perl-module_src_install
+
+ cd "${S}"/deps/IPTables-Parse
+ perl-module_src_install
+
+ cd "${S}"
+ insinto /usr
+ dosbin kmsgsd psad psadwatchd
+ newsbin fwcheck_psad.pl fwcheck_psad
+ newbin pscan psad-pscan
+
+ cd "${S}"
+
+ insinto /etc/psad
+ doins *.conf
+ doins psad_*
+ doins auto_dl icmp_types ip_options posf signatures pf.os
+
+ cd "${S}"/init-scripts
+ newinitd psad-init.gentoo psad
+
+ cd "${S}"/deps/snort_rules
+ dodir /etc/psad/snort_rules
+ insinto /etc/psad/snort_rules
+ doins *.rules
+
+ cd "${S}"
+ dodoc BENCHMARK CREDITS Change* FW_EXAMPLE_RULES README SCAN_LOG
+}
+
+pkg_preinst() {
+ cd "${S}"
+
+ # Set sane defaults in config file.
+ fix_psad_conf
+}
+
+pkg_postinst() {
+ if [ ! -p "${ROOT}"/var/lib/psad/psadfifo ]
+ then
+ ebegin "Creating syslog FIFO for PSAD"
+ mknod -m 600 "${ROOT}"/var/lib/psad/psadfifo p
+ eend $?
+ fi
+
+ echo
+ elog "Please be sure to edit /etc/psad/psad.conf to reflect your system's"
+ elog "configuration or it may not work correctly or start up. Specifically, check"
+ elog "the validity of the HOSTNAME setting and replace the EMAIL_ADDRESSES and"
+ elog "HOME_NET settings at the least."
+ elog
+ if has_version ">=app-admin/syslog-ng-0.0.0"
+ then
+ ewarn "You appear to have installed syslog-ng. If you are using syslog-ng as your"
+ ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
+ ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
+ ewarn " SYSLOG_DAEMON syslog-ng;"
+ ewarn
+ fi
+ if has_version ">=app-admin/sysklogd-0.0.0"
+ then
+ elog "You have sysklogd installed. If this is your default system logger, no"
+ elog "special configuration is needed. If it is not, please set SYSLOG_DAEMON"
+ elog "in /etc/psad/psad.conf accordingly."
+ elog
+ fi
+ if has_version ">=app-admin/metalog-0.0"
+ then
+ ewarn "You appear to have installed metalog. If you are using metalog as your"
+ ewarn "default system logger, please change the SYSLOG_DAEMON entry in"
+ ewarn "/etc/psad/psad.conf to the following (per examples in psad.conf):"
+ ewarn " SYSLOG_DAEMON metalog"
+ fi
+
+ ewarn "NOTE: You need firewall rules to log dropped packets. Otherwise PSAD will"
+ ewarn "not be aware of any port scan attacks. Please see FW_EXAMPLE_RULES in the"
+ ewarn "psad documentation directory (ie /usr/share/doc/${P}) for the criteria and"
+ ewarn "sample rules."
+}
+
+fix_psad_conf() {
+ cp psad.conf psad.conf.orig
+
+ # Ditch the _CHANGEME_ for hostname, substituting in our real hostname
+ [ -e /etc/hostname ] && myhostname="$(< /etc/hostname)"
+ [ "${myhostname}" == "" ] && myhostname="$HOSTNAME"
+ mydomain=".$(grep ^domain /etc/resolv.conf | cut -d" " -f2)"
+ sed -i "s:HOSTNAME\(.\+\)\_CHANGEME\_;:HOSTNAME\1${myhostname}${mydomain};:" psad.conf || die "fix_psad_conf failed"
+
+ # Fix up paths
+ sed -i "s:/sbin/syslogd:/usr/sbin/syslogd:g" psad.conf || die "fix_psad_conf failed"
+ sed -i "s:/sbin/syslog-ng:/usr/sbin/syslog-ng:g" psad.conf || die "fix_psad_conf failed"
+ sed -i "s:/usr/bin/whois_psad:/usr/bin/whois:g" psad.conf || die "fix_psad_conf failed"
+}