Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/honeytrap/honeytrap-0.6.4.ebuild
blob: d1108d55e2894b76621df6541d3b926ed4c6d66d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

DESCRIPTION="Network security tool for observing network services via low-interactive honeypot"
HOMEPAGE="http://honeytrap.mwcollect.org/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"

inherit eutils

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="pcap-mon ipq-mon efence debug"

RDEPEND="pcap-mon? ( virtual/libpcap )
	ipq-mon? ( net-firewall/iptables )"
DEPEND="${RDEPEND}
	efence? ( dev-util/efence )"

pkg_setup() {
	enewgroup honeytrap
	enewuser honeytrap -1 -1 /sbin/nologin honeytrap
}

src_compile() {
	local myconf

	if ! use pcap-mon && ! use ipq-mon ; then
		eerror "You must choose one connection monitor."
		eerror "Currently only pcap-based and ip_queue-based monitors are supported."
		die
	fi

	if use ipq-mon ; then
		myconf="${myconf} --with-libipq-includes=/usr/include/libipq"
		epause 3
		einfo "You need to have IP_NF_QUEUE enabled in your kernel for this to work."
	fi

	if use efence; then
		epause 3
		ewarn "You have enabled a link with Electric Fence malloc debugger."
		ewarn "It is known that Honeytrap will not work with efence and xen-sources."
	fi

	econf \
		$(use_with pcap-mon) \
		$(use_with ipq-mon) \
		$(use_enable efence) \
		$(use_enable debug) \
		${myconf} || die "econf failed"

	emake || die "emake failed"
}

src_install() {
	# Few hacks needed. Feel free to figure out a better way.
	# A. Correct fuzzy locations.
	mv "${S}"/etc/etc/* "${S}"/etc/	|| die

	emake DESTDIR="${D}" install || die "emake install failed"

	# B. Unfortunately the dynamic shared plugins are installed into /etc/honeytrap/plugins by default.
	# The easiest way is to just move them and put them into /usr/src/honeytrap_dynamicsrc (cf. Snort).
	mkdir "${D}"/usr/src
	mv "${D}"/etc/honeytrap/plugins "${D}"/usr/src/honeytrap_dynamicsrc || die

	# As the ebuild includes a modified version of this file, no need to copy this into the live system.
	rm "${D}"/etc/honeytrap/honeytrap.conf*

	mv "${D}"/etc/honeytrap/ports.conf.dist "${D}"/etc/honeytrap/ports.conf
	dodoc README NEWS TODO ChangeLog

	newinitd "${FILESDIR}"/${PN}.initd ${PN} || die "newinitd failed"
	newconfd "${FILESDIR}"/${PN}.confd ${PN} || die "newconfd failed"
	cp "${FILESDIR}"/honeytrap.conf "${D}"/etc/honeytrap/

	keepdir /var/log/honeytrap
	keepdir /var/log/honeytrap/attacks
	keepdir /var/log/honeytrap/downloads

	fowners -R honeytrap:honeytrap /var/log/honeytrap
	fperms 0700 -R /var/log/honeytrap
}

pkg_postinst() {
	ewarn ""
	ewarn "WARNING (from the README):"
	ewarn "Honeytrap is a low-interactive honeypot and therefore detectable."
	ewarn "It  is  written  in  C  and thus potentially vulnerable to buffer"
	ewarn "overflow attacks. Take care. Running in mirror mode is dangerous."
	ewarn "Attacks  may  be directed to the attacker, appearing to come from"
	ewarn "your system. Use with caution."
	ewarn ""
}