blob: 124850cc46cac05b115e3a91fbc167e593a89206 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# Copyright 1999-2008 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
inherit eutils autotools linux-info
DESCRIPTION="Network security tool for observing network services via low-interactive honeypot"
HOMEPAGE="http://honeytrap.mwcollect.org/"
SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="pcap-mon ipq-mon nfq-mon clamav postgres spamsum cspm efence debug profile"
RDEPEND="pcap-mon? ( virtual/libpcap )
ipq-mon? ( net-firewall/iptables )
nfq-mon? ( net-firewall/iptables net-libs/libnetfilter_queue )
!pcap-mon? ( !nfq-mon? ( !ipq-mon? ( net-firewall/iptables ) ) )
clamav? ( app-antivirus/clamav )
postgres? ( dev-db/postgresql )
cspm? ( dev-libs/libpcre )"
DEPEND="${RDEPEND}
efence? ( dev-util/efence )"
pkg_setup() {
enewgroup honeytrap
enewuser honeytrap -1 -1 -1 honeytrap
if ! use pcap-mon && ! use ipq-mon && ! use nfq-mon ; then
ewarn "You did not choose any connection monitor."
ewarn "Currently pcap-based, ip_queue-based and nf_queue-based monitors are supported."
ewarn "Defaulting to ip_queue; if this is not what you want, you should add either"
ewarn "pcap-mon or nfq-mon to your USE flags and re-emerge this ebuild."
epause 3
fi
if use efence ; then
ewarn "You have enabled a link with Electric Fence malloc debugger."
ewarn "It is known that honeytrap will not work with efence and xen-sources."
epause 3
fi
if use cspm ; then
ewarn "You have enabled CSPM, shellcode pattern matching plugin."
ewarn "The CSPM plugin is still unstable and should not be used in production setups."
epause 3
fi
use ipq-mon && CONFIG_CHECK="IP_NF_QUEUE"
use nfq-mon && CONFIG_CHECK="NETFILTER_NETLINK_QUEUE"
linux-info_pkg_setup
}
src_unpack() {
unpack ${A}
cd "${S}"
# Automake files are a mess; a review of these is in the upstream todo-list.
# This patch could be nicer, but at least it prevents ugly things from happening with use_enable.
epatch "${FILESDIR}/${PN}-1.0.0-autoconf.patch"
einfo "Regenerating autoconf/automake files."
eautoreconf
}
src_compile() {
local myconf
if use pcap-mon ; then
myconf="${myconf} --with-stream-mon=pcap"
elif use ipq-mon ; then
myconf="${myconf} --with-stream-mon=ipq --with-libipq-includes=/usr/include/libipq"
elif use nfq-mon ; then
myconf="${myconf} --with-stream-mon=nfq --with-libnfq-includes=/usr/include/libnetfilter_queue"
elif ! use pcap-mon && ! use ipq-mon && ! use nfq-mon ; then
myconf="${myconf} --with-stream-mon=ipq --with-libipq-includes=/usr/include/libipq"
fi
# Note: enabling --devmodules replaces also CFLAGS; keep it this way.
if use cspm ; then
myconf="${myconf} --enable-devmodules"
fi
econf \
$(use_with clamav) \
$(use_with postgres) \
$(use_with spamsum) \
$(use_with cspm) \
$(use_with efence) \
$(use_enable debug) \
$(use_enable profile) \
${myconf} || die "econf failed"
emake || die "emake failed"
}
src_install() {
emake DESTDIR="${D}" install || die "emake install failed"
# Unfortunately the dynamic shared plugins are installed into /etc/honeytrap/plugins by default.
# The easiest way is to just move them and put them into /usr/src/honeytrap_dynamicsrc (cf. Snort).
dodir /usr/src
mv "${D}"/etc/honeytrap/plugins "${D}"/usr/src/honeytrap_dynamicsrc || die
# As the ebuild includes a modified version of this file, no need to copy this into the live system.
rm -f "${D}"/etc/honeytrap/honeytrap.conf*
mv "${D}"/etc/honeytrap/ports.conf.dist "${D}"/etc/honeytrap/ports.conf
# Note: NEWS is empty, so no need for it; man-file is installed without doman.
dodoc README TODO ChangeLog
newinitd "${FILESDIR}"/${PN}.initd ${PN}
newconfd "${FILESDIR}"/${PN}.confd ${PN}
cp "${FILESDIR}"/honeytrap.conf "${D}"/etc/honeytrap/honeytrap.conf
keepdir /var/log/honeytrap
keepdir /var/log/honeytrap/attacks
keepdir /var/log/honeytrap/downloads
fowners -R honeytrap:honeytrap /var/log/honeytrap
fperms 0700 -R /var/log/honeytrap
}
pkg_postinst() {
ewarn
ewarn "WARNING (from the README):"
ewarn "Honeytrap is a low-interactive honeypot and therefore detectable."
ewarn "It is written in C and thus potentially vulnerable to buffer"
ewarn "overflow attacks. Take care. Running in mirror mode is dangerous."
ewarn "Attacks may be directed to the attacker, appearing to come from"
ewarn "your system. Use with caution."
ewarn
}
|
GitWeb