diff options
Diffstat (limited to 'app-admin/sagan')
-rw-r--r-- | app-admin/sagan/Manifest | 3 | ||||
-rw-r--r-- | app-admin/sagan/files/mysql_check.patch | 26 | ||||
-rw-r--r-- | app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch | 55 | ||||
-rw-r--r-- | app-admin/sagan/files/sagan.init | 17 | ||||
-rw-r--r-- | app-admin/sagan/files/sagan.logrotate | 13 | ||||
-rw-r--r-- | app-admin/sagan/files/sagan.service | 14 | ||||
-rw-r--r-- | app-admin/sagan/files/sagan.tmpfiles | 1 | ||||
-rw-r--r-- | app-admin/sagan/metadata.xml | 13 | ||||
-rw-r--r-- | app-admin/sagan/sagan-0.2.3-r1.ebuild | 85 | ||||
-rw-r--r-- | app-admin/sagan/sagan-0.2.3.ebuild | 85 | ||||
-rw-r--r-- | app-admin/sagan/sagan-1.0.0_rc3-r1.ebuild | 94 | ||||
-rw-r--r-- | app-admin/sagan/sagan-1.0.0_rc3.ebuild | 89 | ||||
-rw-r--r-- | app-admin/sagan/sagan-2.0.1-r6.ebuild | 132 |
13 files changed, 167 insertions, 460 deletions
diff --git a/app-admin/sagan/Manifest b/app-admin/sagan/Manifest index 3a24e7e63020..75ebb958f0e6 100644 --- a/app-admin/sagan/Manifest +++ b/app-admin/sagan/Manifest @@ -1,2 +1 @@ -DIST sagan-0.2.3.tar.gz 231774 BLAKE2B b385a4b22f2fe7567dbb0c52ec022794eacf057a0dc797daa0432ef4bdfc344473a500298825f56a32513025e9c7cee3ff70fc577d7a9454e87022510a71edb4 SHA512 2110f3d34db69cb5c453b8e37d06debeea7531ebf15a9b78954ac1657ddce34feaaff87d14695759c3deb2eed5ecc0e6fec5881fb5037af8efa6c3c9600242cc -DIST sagan-1.0.0RC3.tar.gz 285207 BLAKE2B 7322ffc73a8e86f07ef106b04feb9140ba94a51b9e286ef0c0b0d3fa609e8e03cef4c75e1d32502c1b70a4c078d8601d2a1c58058137bb793c8a52cecc4be20b SHA512 29388a339b290bb4de2359c0c54b9e1d43ef207b223a499a1a4faa36de4d9590a777a796dd773948e995d052b71f3ef47ca5bad5c133116c4dbb53b4fe336123 +DIST sagan-2.0.1.tar.gz 487936 BLAKE2B 84a137bb0001c6758979d17cf67442262f732f7d49ce397183c0c226d6135e2c3cd8362452ef6b893e75a9cf5e874256d88f740b94df0dfa39587fc771ad4f8d SHA512 0cc288b67f641346bb0dbfcac2682c8c2b09e3e508b94dd5b2d5a81c2a80c7989f1d54725041210511877bd6b2338e8b0fdcae01f7084d39d48abef073d1fe64 diff --git a/app-admin/sagan/files/mysql_check.patch b/app-admin/sagan/files/mysql_check.patch deleted file mode 100644 index 37f7d61fa0c8..000000000000 --- a/app-admin/sagan/files/mysql_check.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/configure.in b/configure.ac -rename from configure.in -rename to configure.ac ---- a/configure.in -+++ b/configure.ac -@@ -215,13 +215,17 @@ - AC_CHECK_LIB(pthread, main,,AC_MSG_ERROR(Sagan needs pthreads!)) - AC_CHECK_LIB(m, main,,AC_MSG_ERROR(Sagan needs libm!)) - -+save_LIBS=$LIBS - if test "$MYSQL" = "yes"; then - AC_MSG_RESULT([------- MySQL support is enabled -------]) -+ AC_CHECK_PROGS(MYSQL_CONFIG, mysql_config) - AC_CHECK_HEADER([mysql/mysql.h]) - AC_CHECK_HEADER([mysql/errmsg.h]) -- AC_CHECK_LIB(mysqlclient_r, main,,AC_MSG_ERROR(The MySQL library libmysqlclient_r is missing! --If you're not interested in MySQL support use the --disable-mysql flag.)) -- fi -+ LIBS=$(mysql_config --libs) -+ AC_CHECK_LIB(mysqlclient, main,,AC_MSG_ERROR(The MySQL library libmysqlclient is missing!)) -+fi -+LIBS="$save_LIBS $LIBS" -+ - - if test "$POSTGRES" = "yes"; then - AC_MSG_RESULT([------- PostgreSQL support is enabled -------]) diff --git a/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch b/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch deleted file mode 100644 index f9540652717a..000000000000 --- a/app-admin/sagan/files/sagan-1.0.0-liblognorm-json-c.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff -rupN old/sagan-1.0.0RC3/configure.ac new/sagan-1.0.0RC3/configure.ac ---- old/sagan-1.0.0RC3/configure.ac 2014-06-16 22:23:22.000000000 +0200 -+++ new/sagan-1.0.0RC3/configure.ac 2015-10-11 21:04:26.493632624 +0200 -@@ -192,29 +192,15 @@ If you're not interested in libesmtp sup - fi - - if test "$LOGNORM" = "yes"; then -- AC_MSG_RESULT([------- liblognorm support is enabled -------]) -- AC_CHECK_HEADER([liblognorm.h]) -- AC_CHECK_HEADERS([json/json.h json.h], [break], [AC_MSG_ERROR([json-c headers not found or not usable. --This library is important for the correlation aspects of Sagan! Please see --https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature --use the --disable-lognorm flag.])]) -- AC_CHECK_LIB(estr, main,,AC_MSG_ERROR(The libestr library cannot be found. --This library is important for the correlation aspects of Sagan! Please see --https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature --use the --disable-lognorm flag. )) -- AC_CHECK_LIB(ee, main,,AC_MSG_ERROR(The libee library cannot be found. --This library is important for the correlation aspects of Sagan! Please see --https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature --use the --disable-lognorm flag. )) -- AC_CHECK_LIB(lognorm, main,,AC_MSG_ERROR(The liblognorm library cannot be found. --This library is important for the correlation aspects of Sagan! Please see --https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature --use the --disable-lognorm flag. )) -- AC_CHECK_LIB(json, json_object_put,, [ AC_CHECK_LIB(json-c, json_object_put,,AC_MSG_ERROR(The json library cannot be found. --This library is important for the correlation aspects of Sagan! Please see --https://wiki.quadrantsec.com/bin/view/Main/LibLogNorm. To disable this feature --use the --disable-lognorm flag.)) ],) -- fi -+ AC_MSG_RESULT([------- liblognorm support is enabled -------]) -+ -+ PKG_CHECK_MODULES(LIBEE, libee >= 0.3.2) -+ PKG_CHECK_MODULES(LIBESTR, libestr >= 0.1.9) -+ PKG_CHECK_MODULES([JSON_C], [json-c],, [ -+ PKG_CHECK_MODULES([JSON_C], [json],,) -+ ]) -+ PKG_CHECK_MODULES(LIBLOGNORM, lognorm >= 1.0.2) -+fi - - if test "$LIBPCAP" = "yes"; then - AC_MSG_RESULT([------- libpcap support is enabled -------]) -diff -rupN old/sagan-1.0.0RC3/src/Makefile.am new/sagan-1.0.0RC3/src/Makefile.am ---- old/sagan-1.0.0RC3/src/Makefile.am 2014-06-16 22:23:22.000000000 +0200 -+++ new/sagan-1.0.0RC3/src/Makefile.am 2015-10-11 21:05:28.754492699 +0200 -@@ -2,6 +2,9 @@ AUTOMAKE_OPIONS=foreign no-dependencies - - bin_PROGRAMS = sagan - -+sagan_CFLAGS = $(JSON_C_CFLAGS) $(LIBESTR_CFLAGS) $(LIBLOGNORM_CFLAGS) -+sagan_LDFLAGS = $(JSON_C_LIBS) $(LIBESTR_LIBS) $(LIBLOGNORM_LIBS) -+ - sagan_SOURCES = sagan.c \ - sagan-classifications.c \ - sagan-config.c \ diff --git a/app-admin/sagan/files/sagan.init b/app-admin/sagan/files/sagan.init deleted file mode 100644 index 99f1f24e3bfa..000000000000 --- a/app-admin/sagan/files/sagan.init +++ /dev/null @@ -1,17 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -pidfile="/var/run/sagan/sagan.pid" -command="/usr/bin/sagan" -command_args="-D \"${SAGAN_OPTS}\" -u \"${SAGAN_USER}\"" - -depend() { - use logger mysql postgresql - need localmount -} - -start_pre() { - checkpath -d -o sagan /var/run/sagan - checkpath -p -o sagan -m 0644 /var/run/sagan/sagan.fifo -} diff --git a/app-admin/sagan/files/sagan.logrotate b/app-admin/sagan/files/sagan.logrotate new file mode 100644 index 000000000000..2db6afd0ee0e --- /dev/null +++ b/app-admin/sagan/files/sagan.logrotate @@ -0,0 +1,13 @@ +/var/log/sagan/alert +/var/log/sagan/sagan.log +/var/log/sagan/sagan.stats +{ + compress + delaycompress + missingok + notifempty + sharedscripts + postrotate + /sbin/service sagan reload 2>/dev/null || true + endscript +} diff --git a/app-admin/sagan/files/sagan.service b/app-admin/sagan/files/sagan.service new file mode 100644 index 000000000000..30a0e12822a0 --- /dev/null +++ b/app-admin/sagan/files/sagan.service @@ -0,0 +1,14 @@ +[Unit] +Description=Sagan daemon +Documentation=https://sagan.readthedocs.io/ +Before=rsyslog.service syslog-ng.service + +[Service] +User=sagan +Group=sagan +ExecStart=/usr/bin/sagan $OPTIONS +ExecReload=/bin/kill -HUP $MAINPID +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/app-admin/sagan/files/sagan.tmpfiles b/app-admin/sagan/files/sagan.tmpfiles new file mode 100644 index 000000000000..e6ab42e8ca13 --- /dev/null +++ b/app-admin/sagan/files/sagan.tmpfiles @@ -0,0 +1 @@ +d /run/sagan 0750 sagan sagan - diff --git a/app-admin/sagan/metadata.xml b/app-admin/sagan/metadata.xml index 3e12feb4a2b3..06a9202197c4 100644 --- a/app-admin/sagan/metadata.xml +++ b/app-admin/sagan/metadata.xml @@ -1,15 +1,14 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="person"> - <email>maksbotan@gentoo.org</email> - <name>Maxim Koltsov</name> - </maintainer> + <!-- maintainer-needed --> <use> <flag name="smtp">Build witch SMTP (E-Mail) support</flag> - <flag name="lognorm">Add support for log/rules normalizations via <pkg>dev-libs/liblognorm</pkg></flag> + <flag name="redis">Add support for the Redis database via <pkg>dev-libs/hiredis</pkg></flag> <flag name="pcap">Add support for network packet capture via <pkg>net-libs/libpcap</pkg></flag> <flag name="libdnet">Add support for <pkg>dev-libs/libdnet</pkg></flag> - <flag name="snort">Add support to interact with Snort IDE using <pkg>net-analyzer/snortsam</pkg>'</flag> </use> + <upstream> + <remote-id type="github">quadrantsec/sagan</remote-id> + </upstream> </pkgmetadata> diff --git a/app-admin/sagan/sagan-0.2.3-r1.ebuild b/app-admin/sagan/sagan-0.2.3-r1.ebuild deleted file mode 100644 index 99142b741816..000000000000 --- a/app-admin/sagan/sagan-0.2.3-r1.ebuild +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -AUTOTOOLS_AUTORECONF=1 -AUTOTOOLS_IN_SOURCE_BUILD=1 - -inherit eutils autotools-utils user - -DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system" -HOMEPAGE="http://sagan.quadrantsec.com/" -SRC_URI="http://sagan.quadrantsec.com/download/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="+libdnet +lognorm mysql +pcap postgres smtp snort" - -RDEPEND="dev-libs/libpcre - app-admin/sagan-rules[lognorm?] - smtp? ( net-libs/libesmtp ) - pcap? ( net-libs/libpcap ) - mysql? ( dev-db/mysql-connector-c:= ) - postgres? ( dev-db/postgresql:* ) - lognorm? ( dev-libs/liblognorm ) - libdnet? ( dev-libs/libdnet ) - snort? ( >=net-analyzer/snortsam-2.50 ) - " - -DEPEND="virtual/pkgconfig - ${RDEPEND}" - -DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO ) -PATCHES=( "${FILESDIR}"/mysql_check.patch ) - -pkg_setup() { - enewgroup sagan - enewuser sagan -1 -1 /dev/null sagan -} - -src_configure() { - local myeconfargs=( - $(use_enable mysql) - $(use_enable postgres postgresql) - $(use_enable smtp esmtp) - $(use_enable lognorm) - $(use_enable libdnet) - $(use_enable pcap libpcap) - $(use_enable snort snortsam) - --disable-prelude - ) - - autotools-utils_src_configure -} - -src_install() { - autotools-utils_src_install - - diropts -g sagan -o sagan -m 775 - - dodir /var/log/sagan - - keepdir /var/log/sagan - - touch "${ED}"/var/log/sagan/sagan.log - chown sagan.sagan "${ED}"/var/log/sagan/sagan.log - - newinitd "${FILESDIR}"/sagan.init sagan - newconfd "${FILESDIR}"/sagan.confd sagan - - insinto /usr/share/doc/${PF}/examples - doins -r extra/* -} - -pkg_postinst() { - if use smtp; then - ewarn "You have enabled smtp use flag. If you plan on using Sagan with" - ewarn "email, create valid writable home directory for user 'sagan'" - ewarn "For security reasons it was created with /dev/null home directory" - fi - - einfo "For configuration assistance see" - einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO" -} diff --git a/app-admin/sagan/sagan-0.2.3.ebuild b/app-admin/sagan/sagan-0.2.3.ebuild deleted file mode 100644 index 64c6a49c8ba3..000000000000 --- a/app-admin/sagan/sagan-0.2.3.ebuild +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -AUTOTOOLS_AUTORECONF=1 -AUTOTOOLS_IN_SOURCE_BUILD=1 - -inherit eutils autotools-utils user - -DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system" -HOMEPAGE="http://sagan.quadrantsec.com/" -SRC_URI="http://sagan.quadrantsec.com/download/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="+libdnet +lognorm mysql +pcap postgres smtp snort" - -RDEPEND="dev-libs/libpcre - app-admin/sagan-rules[lognorm?] - smtp? ( net-libs/libesmtp ) - pcap? ( net-libs/libpcap ) - mysql? ( virtual/mysql ) - postgres? ( dev-db/postgresql:* ) - lognorm? ( dev-libs/liblognorm ) - libdnet? ( dev-libs/libdnet ) - snort? ( >=net-analyzer/snortsam-2.50 ) - " - -DEPEND="virtual/pkgconfig - ${RDEPEND}" - -DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO ) -PATCHES=( "${FILESDIR}"/mysql_check.patch ) - -pkg_setup() { - enewgroup sagan - enewuser sagan -1 -1 /dev/null sagan -} - -src_configure() { - local myeconfargs=( - $(use_enable mysql) - $(use_enable postgres postgresql) - $(use_enable smtp esmtp) - $(use_enable lognorm) - $(use_enable libdnet) - $(use_enable pcap libpcap) - $(use_enable snort snortsam) - --disable-prelude - ) - - autotools-utils_src_configure -} - -src_install() { - autotools-utils_src_install - - diropts -g sagan -o sagan -m 775 - - dodir /var/log/sagan - - keepdir /var/log/sagan - - touch "${ED}"/var/log/sagan/sagan.log - chown sagan.sagan "${ED}"/var/log/sagan/sagan.log - - newinitd "${FILESDIR}"/sagan.init sagan - newconfd "${FILESDIR}"/sagan.confd sagan - - insinto /usr/share/doc/${PF}/examples - doins -r extra/* -} - -pkg_postinst() { - if use smtp; then - ewarn "You have enabled smtp use flag. If you plan on using Sagan with" - ewarn "email, create valid writable home directory for user 'sagan'" - ewarn "For security reasons it was created with /dev/null home directory" - fi - - einfo "For configuration assistance see" - einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO" -} diff --git a/app-admin/sagan/sagan-1.0.0_rc3-r1.ebuild b/app-admin/sagan/sagan-1.0.0_rc3-r1.ebuild deleted file mode 100644 index 4156492fe77b..000000000000 --- a/app-admin/sagan/sagan-1.0.0_rc3-r1.ebuild +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -AUTOTOOLS_AUTORECONF=1 -AUTOTOOLS_IN_SOURCE_BUILD=1 - -inherit eutils autotools-utils user - -DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system" -HOMEPAGE="http://sagan.quadrantsec.com/" -SRC_URI="http://sagan.quadrantsec.com/download/sagan-1.0.0RC3.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="geoip +libdnet +lognorm mysql +pcap smtp snort" - -RDEPEND="dev-libs/libpcre - app-admin/sagan-rules[lognorm?] - smtp? ( net-libs/libesmtp ) - pcap? ( net-libs/libpcap ) - lognorm? ( - dev-libs/liblognorm - dev-libs/json-c:= - dev-libs/libee - dev-libs/libestr - ) - libdnet? ( dev-libs/libdnet ) - snort? ( >=net-analyzer/snortsam-2.50 ) - geoip? ( dev-libs/geoip ) - " - -DEPEND="virtual/pkgconfig - ${RDEPEND}" - -# Package no longer logs directly to a database -# and relies on Unified2 format to accomplish it -RDEPEND="${RDEPEND} mysql? ( net-analyzer/barnyard2[mysql] )" - -REQUIRED_USE="mysql? ( libdnet )" - -DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO ) -PATCHES=( "${FILESDIR}"/${PN}-1.0.0-liblognorm-json-c.patch ) -S="${WORKDIR}/sagan-1.0.0RC3/" - -pkg_setup() { - enewgroup sagan - enewuser sagan -1 -1 /dev/null sagan -} - -src_configure() { - local myeconfargs=( - $(use_enable smtp esmtp) - $(use_enable lognorm) - $(use_enable libdnet) - $(use_enable pcap libpcap) - $(use_enable snort snortsam) - $(use_enable geoip) - ) - - autotools-utils_src_configure -} - -src_install() { - autotools-utils_src_install - - diropts -g sagan -o sagan -m 775 - - dodir /var/log/sagan - - keepdir /var/log/sagan - - touch "${ED}"/var/log/sagan/sagan.log - chown sagan.sagan "${ED}"/var/log/sagan/sagan.log - - newinitd "${FILESDIR}"/sagan.init-r1 sagan - newconfd "${FILESDIR}"/sagan.confd sagan - - insinto /usr/share/doc/${PF}/examples - doins -r extra/* -} - -pkg_postinst() { - if use smtp; then - ewarn "You have enabled smtp use flag. If you plan on using Sagan with" - ewarn "email, create valid writable home directory for user 'sagan'" - ewarn "For security reasons it was created with /dev/null home directory" - fi - - einfo "For configuration assistance see" - einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO" -} diff --git a/app-admin/sagan/sagan-1.0.0_rc3.ebuild b/app-admin/sagan/sagan-1.0.0_rc3.ebuild deleted file mode 100644 index da136ef46dc2..000000000000 --- a/app-admin/sagan/sagan-1.0.0_rc3.ebuild +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -AUTOTOOLS_AUTORECONF=1 -AUTOTOOLS_IN_SOURCE_BUILD=1 - -inherit eutils autotools-utils user - -DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system" -HOMEPAGE="http://sagan.quadrantsec.com/" -SRC_URI="http://sagan.quadrantsec.com/download/sagan-1.0.0RC3.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="geoip +libdnet +lognorm mysql +pcap smtp snort" - -RDEPEND="dev-libs/libpcre - app-admin/sagan-rules[lognorm?] - smtp? ( net-libs/libesmtp ) - pcap? ( net-libs/libpcap ) - mysql? ( virtual/mysql ) - lognorm? ( - dev-libs/liblognorm - dev-libs/json-c:= - dev-libs/libee - dev-libs/libestr - ) - libdnet? ( dev-libs/libdnet ) - snort? ( >=net-analyzer/snortsam-2.50 ) - geoip? ( dev-libs/geoip ) - " - -DEPEND="virtual/pkgconfig - ${RDEPEND}" - -DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO ) -PATCHES=( "${FILESDIR}"/${PN}-1.0.0-liblognorm-json-c.patch ) -S="${WORKDIR}/sagan-1.0.0RC3/" - -pkg_setup() { - enewgroup sagan - enewuser sagan -1 -1 /dev/null sagan -} - -src_configure() { - local myeconfargs=( - $(use_enable smtp esmtp) - $(use_enable lognorm) - $(use_enable libdnet) - $(use_enable pcap libpcap) - $(use_enable snort snortsam) - $(use_enable geoip) - ) - - autotools-utils_src_configure -} - -src_install() { - autotools-utils_src_install - - diropts -g sagan -o sagan -m 775 - - dodir /var/log/sagan - - keepdir /var/log/sagan - - touch "${ED}"/var/log/sagan/sagan.log - chown sagan.sagan "${ED}"/var/log/sagan/sagan.log - - newinitd "${FILESDIR}"/sagan.init-r1 sagan - newconfd "${FILESDIR}"/sagan.confd sagan - - insinto /usr/share/doc/${PF}/examples - doins -r extra/* -} - -pkg_postinst() { - if use smtp; then - ewarn "You have enabled smtp use flag. If you plan on using Sagan with" - ewarn "email, create valid writable home directory for user 'sagan'" - ewarn "For security reasons it was created with /dev/null home directory" - fi - - einfo "For configuration assistance see" - einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO" -} diff --git a/app-admin/sagan/sagan-2.0.1-r6.ebuild b/app-admin/sagan/sagan-2.0.1-r6.ebuild new file mode 100644 index 000000000000..0ec8735bbd45 --- /dev/null +++ b/app-admin/sagan/sagan-2.0.1-r6.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic tmpfiles systemd + +DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system" +HOMEPAGE="https://github.com/quadrantsec/sagan" +SRC_URI="https://sagan.quadrantsec.com/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="geoip +libdnet mysql redis +pcap smtp" + +BDEPEND="virtual/pkgconfig" +DEPEND=" + acct-group/sagan + acct-user/sagan + app-admin/sagan-rules + dev-libs/libestr + dev-libs/libfastjson:= + dev-libs/liblognorm + dev-libs/libpcre + dev-libs/libyaml + geoip? ( dev-libs/geoip ) + redis? ( dev-libs/hiredis:= ) + pcap? ( net-libs/libpcap ) + smtp? ( net-libs/libesmtp:= ) +" + +# Package no longer logs directly to a database +# and relies on Unified2 format to accomplish it +RDEPEND=" + ${DEPEND} + mysql? ( net-analyzer/barnyard2[mysql] ) +" + +REQUIRED_USE="mysql? ( libdnet )" + +DOCS=( AUTHORS ChangeLog FAQ INSTALL README NEWS TODO ) + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + append-flags -fcommon + + # TODO: poke at strstr logic and enable/disable CPU_FLAGS_X86_* + # accordingly? + # Note that not all of these are used: + # https://github.com/quadrantsec/sagan/blob/main/m4/ax_ext.m4 + local myeconfargs=( + --enable-lognorm + $(use_enable smtp esmtp) + $(use_enable redis) + $(use_enable pcap libpcap) + $(use_enable geoip) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + + # No need to create this at build/install time + rm -r "${ED}"/var/run/ || die + + # Fix paths in config file + sed -i \ + -e "s:/usr/local/:${EPREFIX}/:" \ + -e "s:/var/run/sagan:${EPREFIX}/run/sagan:" \ + "${ED}"/etc/sagan.yaml || die + + diropts -g sagan -o sagan -m 750 + # bug #775902 + keepdir /var/sagan/{,fifo} + keepdir /var/log/sagan/{,stats} + + fowners sagan:sagan /var/log/sagan/{,stats} + + touch "${ED}"/var/log/sagan/sagan.log || die + fowners sagan:sagan /var/log/sagan/sagan.log || die + + newinitd "${FILESDIR}"/sagan.init-r1 sagan + newconfd "${FILESDIR}"/sagan.confd sagan + + systemd_dounit "${FILESDIR}"/sagan.service + newtmpfiles "${FILESDIR}"/sagan.tmpfiles sagan.conf + + insinto /etc/logrotate.d + newins "${FILESDIR}"/sagan.logrotate sagan + + docinto examples + dodoc -r extra/* +} + +pkg_preinst() { + # bug #775902 revealed that we need 750 on /var/log/sagan or e.g. + # logrotate will fail. Let's inform the user to fix up permissions + # in such a case. + # (fperms won't modify the live filesystem.) + HAD_BROKEN_PERMS=0 + + if has_version "<app-admin/sagan-2.0.1-r4" ; then + HAD_BROKEN_PERMS=1 + fi +} + +pkg_postinst() { + tmpfiles_process sagan.conf + + if [[ "${HAD_BROKEN_PERMS}" -eq 1 ]] ; then + ewarn "Please fix the permissions on ${EPREFIX}/var/log/sagan:" + ewarn "e.g. chmod 750 ${EPREFIX}/var/log/sagan" + ewarn "See bug #775902" + fi + + if use smtp; then + ewarn "You have enabled smtp use flag. If you plan on using Sagan with" + ewarn "email, create valid writable home directory for user 'sagan'" + ewarn "For security reasons it was created with /dev/null home directory" + fi + + einfo "For configuration assistance see" + einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO" +} |