app-admin/sagan/sagan-2.0.2.ebuild


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

inherit autotools flag-o-matic tmpfiles systemd

DESCRIPTION="Sagan is a multi-threaded, real time system and event log monitoring system"
HOMEPAGE="https://github.com/quadrantsec/sagan"
SRC_URI="https://github.com/quadrantsec/${PN}/archive/refs/tags/v,2,0.2.tar.gz
	-> ${P}.tar.gz"
S="${WORKDIR}/${PN}-v-2-0.2/"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="geoip +libdnet mysql redis +pcap smtp"

BDEPEND="virtual/pkgconfig"
DEPEND="
	acct-group/sagan
	acct-user/sagan
	app-admin/sagan-rules
	dev-libs/libestr
	dev-libs/libfastjson:=
	dev-libs/liblognorm
	dev-libs/libpcre
	dev-libs/libyaml
	geoip? ( dev-libs/geoip )
	redis? ( dev-libs/hiredis:= )
	pcap? ( net-libs/libpcap )
	smtp? ( net-libs/libesmtp:= )
"

# Package no longer logs directly to a database
# and relies on Unified2 format to accomplish it
RDEPEND="
	${DEPEND}
	mysql? ( net-analyzer/barnyard2[mysql] )
"

REQUIRED_USE="mysql? ( libdnet )"

src_prepare() {
	default
	eautoreconf
}

src_configure() {
	append-flags -fcommon

	# TODO: poke at strstr logic and enable/disable CPU_FLAGS_X86_*
	# accordingly?
	# Note that not all of these are used:
	# https://github.com/quadrantsec/sagan/blob/main/m4/ax_ext.m4
	local myeconfargs=(
		--enable-lognorm
		$(use_enable smtp esmtp)
		$(use_enable redis)
		$(use_enable pcap libpcap)
		$(use_enable geoip)
	)

	econf "${myeconfargs[@]}"
}

src_install() {
	default

	# No need to create this at build/install time
	rm -r "${ED}"/var/run/ || die

	# Fix paths in config file
	sed -i \
		-e "s:/usr/local/:${EPREFIX}/:" \
		-e "s:/var/run/sagan:${EPREFIX}/run/sagan:" \
		"${ED}"/etc/sagan.yaml || die

	diropts -g sagan -o sagan -m 750
	# bug #775902
	keepdir /var/sagan/{,fifo}
	keepdir /var/log/sagan/{,stats}

	fowners sagan:sagan /var/log/sagan/{,stats}

	touch "${ED}"/var/log/sagan/sagan.log || die
	fowners sagan:sagan /var/log/sagan/sagan.log || die

	newinitd "${FILESDIR}"/sagan.init-r1 sagan
	newconfd "${FILESDIR}"/sagan.confd sagan

	systemd_dounit "${FILESDIR}"/sagan.service
	newtmpfiles "${FILESDIR}"/sagan.tmpfiles sagan.conf

	insinto /etc/logrotate.d
	newins "${FILESDIR}"/sagan.logrotate sagan

	docinto examples
	dodoc -r extra/*
}

pkg_preinst() {
	# bug #775902 revealed that we need 750 on /var/log/sagan or e.g.
	# logrotate will fail. Let's inform the user to fix up permissions
	# in such a case.
	#  (fperms won't modify the live filesystem.)
	HAD_BROKEN_PERMS=0

	if has_version "<app-admin/sagan-2.0.1-r4" ; then
		HAD_BROKEN_PERMS=1
	fi
}

pkg_postinst() {
	tmpfiles_process sagan.conf

	if [[ "${HAD_BROKEN_PERMS}" -eq 1 ]] ; then
		ewarn "Please fix the permissions on ${EPREFIX}/var/log/sagan:"
		ewarn "e.g. chmod 750 ${EPREFIX}/var/log/sagan"
		ewarn "See bug #775902"
	fi

	if use smtp; then
		ewarn "You have enabled smtp use flag. If you plan on using Sagan with"
		ewarn "email, create valid writable home directory for user 'sagan'"
		ewarn "For security reasons it was created with /dev/null home directory"
	fi

	einfo "For configuration assistance see"
	einfo "http://wiki.quadrantsec.com/bin/view/Main/SaganHOWTO"
}