Big fix.

* Now actually installs, big fixes
* now compiles C daemons
* use upstream systemd unit(albeit with corrected paths)
* lets sed, more patch
* kmsgsd and psadwatchd now have systemd units
* s-nail is now a hard dep for 2.4.6
* added smtp-server for optdepends for mailing alerts

6 files changed, 217 insertions, 72 deletions

diff --git a/.SRCINFO b/.SRCINFO
index fb7d7132f715..a292752830ff 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,9 @@
+# Generated by mksrcinfo(replacement shim) v8
+# Fri Aug 13 04:09:16 PM EDT 2021
 pkgbase = psad
-	pkgdesc = A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic
+	pkgdesc = Port Scan Attack Detector: Makes use of iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic
 	pkgver = 2.4.6
-	pkgrel = 1
+	pkgrel = 2
 	url = http://cipherdyne.org/psad/
 	arch = i686
 	arch = x86_64
@@ -14,14 +16,17 @@ pkgbase = psad
 	depends = perl-storable
 	depends = perl-unix-syslog
 	depends = net-tools
-	source = http://cipherdyne.org/psad/download/psad-2.4.6.tar.gz
+	depends = s-nail
+	optdepends = smtp-server: For Sending Email alerts
+	source = https://github.com/mrash/psad/archive/refs/tags/2.4.6.tar.gz
 	source = responses
-	source = psad-systemdinit.archlinux
+	source = psadwatchd.service
+	source = kmsgsd.service
 	source = psad.patch
-	sha256sums = 3d9eba09111fc51668a4e6c26cd791c0b322ff2b6f1e71d48b9c9582b63aa8e6
+	sha256sums = 2001f6f6d8eaa50e74c3a8c346d885e9578f15578b54669ef56c2d301d8b45d4
 	sha256sums = 0f1116e25f43f1562764d81ebd232ed807f2249058f0cfb0cb4d06d99bd600d8
-	sha256sums = 9db280ba745205b188333267f05cf7cf1a75300789c92c48075625e64f37ff34
-	sha256sums = 9137ea481f1cad79d62d3a7cf1ac22bbc85cccc7e18d49e1c092b38beec36170
+	sha256sums = 426b9e1ff9fd3b9f802b418790d54881087d7b92f4ddb4026ba70fbabb5c9da2
+	sha256sums = 0cda106fa0add325c8b91fbb9d6dca5bda825c7a589d4d3b6c757342b606af96
+	sha256sums = 6155bd90a071a27f04dfb515a495def85507c0d1671df8fa1ba10dce58540bd6
 
 pkgname = psad
-
diff --git a/PKGBUILD b/PKGBUILD
index 86672294b2ad..bb512986a0c6 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,12 +1,13 @@
-# Maintainer: Felix Golatofski <contact@xdfr.de>
+# Maintainer: GI Jack <GI_Jack@hackermail.com>
 # Contributor: Dimitris Kiziridis <ragouel at outlook dot com>
 # Contributor: Marcin Wieczorek <marcin@marcin.co>
 # Contributor: Anthony C <kurodroid.1@gmail.com>
+# Contributor: Felix Golatofski <contact@xdfr.de>
 
 pkgname=psad
 pkgver=2.4.6
-pkgrel=1
-pkgdesc='A collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic'
+pkgrel=2
+pkgdesc='Port Scan Attack Detector: Makes use of iptables log messages to detect, alert, and (optionally) block port scans and other suspect traffic'
 arch=('i686' 'x86_64')
 url='http://cipherdyne.org/psad/'
 license=('GPL')
@@ -17,47 +18,33 @@ depends=('perl-bit-vector'
          'perl-net-ipv4addr' 
          'perl-storable' 
          'perl-unix-syslog' 
-         'net-tools')
-
-source=("http://cipherdyne.org/psad/download/${pkgname}-${pkgver}.tar.gz"
+         'net-tools'
+         's-nail')
+optdepends=('smtp-server: For Sending Email alerts')
+source=("https://github.com/mrash/psad/archive/refs/tags/${pkgver}.tar.gz"
         'responses'
-        'psad-systemdinit.archlinux'
+        'psadwatchd.service'
+        'kmsgsd.service'
         'psad.patch')
-sha256sums=('3d9eba09111fc51668a4e6c26cd791c0b322ff2b6f1e71d48b9c9582b63aa8e6'
+sha256sums=('2001f6f6d8eaa50e74c3a8c346d885e9578f15578b54669ef56c2d301d8b45d4'
             '0f1116e25f43f1562764d81ebd232ed807f2249058f0cfb0cb4d06d99bd600d8'
-            '9db280ba745205b188333267f05cf7cf1a75300789c92c48075625e64f37ff34'
-            '9137ea481f1cad79d62d3a7cf1ac22bbc85cccc7e18d49e1c092b38beec36170')
+            '426b9e1ff9fd3b9f802b418790d54881087d7b92f4ddb4026ba70fbabb5c9da2'
+            '0cda106fa0add325c8b91fbb9d6dca5bda825c7a589d4d3b6c757342b606af96'
+            '6155bd90a071a27f04dfb515a495def85507c0d1671df8fa1ba10dce58540bd6')
 prepare() {
   cd "${pkgname}-${pkgver}"
+  make clean
   if [ ! -e responses ]; then
     ln "${srcdir}/responses" responses -s;
   fi
+  # because people who write Perl don't care about how things are done in
+  # the 21st century
+  patch -N -p1 < "${srcdir}/psad.patch"
+}
 
-  #Set the config dirs
-  #'/usr/sbin' and '/var/run' are just symlinks and makepkg -i doesn't like that.
-  #Just sed '/usr/sbin' to '/usr/bin' and '/var/run' to 'run'
-  #Also, '/lib' should really be '/usr/lib'
-  sed -e "s|'/usr/sbin'|'$pkgdir/usr/bin'|" \
-      -e "s|'/usr/bin'|'$pkgdir/usr/bin'|" \
-      -e "s|'/var/run'|'$pkgdir/run'|" \
-      -e "s|'/lib/systemd/system'|'$pkgdir/usr/lib/systemd/system'|" \
-      -e "s|my \$mpath = \"/usr/share/man/man\$section\";|my \$mpath = \"$pkgdir/usr/share/man/man\$section\";|" \
-          ./install.pl -i
-
-  #Same cure applies to config file
-  sed -e "s|/var/log/psad|$pkgdir&|" \
-      -e "s|/var/run|/run|" \
-      -e "s|/run/psad|$pkgdir&|" \
-      -e "s|/var/lib/psad|$pkgdir&|" \
-      -e "s|/usr/lib/psad|$pkgdir&|" \
-      -e "s|/etc/psad|$pkgdir&|" \
-      -e "s|/usr/bin/whois_psad|$pkgdir&|" \
-      -e "s|/usr/sbin|/usr/bin|" \
-      -e "s|/usr/bin/fwcheck_psad|$pkgdir&|" \
-      -e "s|/usr/bin/psadwatchd|$pkgdir&|" \
-      -e "s|/usr/bin/kmsgsd|$pkgdir&|" \
-      -e "s|/usr/bin/psad|$pkgdir&|" \
-         ./psad.conf -i
+build() {
+  cd "${pkgname}-${pkgver}"
+  make all
 }
 
 package () {
@@ -71,7 +58,7 @@ package () {
            "$pkgdir/usr/lib/psad" \
            "$pkgdir/usr/lib/systemd/system"
 
-  ./install.pl --init-dir="$pkgdir" < responses
+  ./install.pl  --runlevel 3 --install-root="${pkgdir}" --systemd-init-dir="${pkgdir}/usr/lib/systemd/system" < responses
 
   #Set correct permissions
   chmod -R o+r "$pkgdir/etc/psad"
@@ -80,10 +67,14 @@ package () {
   chmod 0755 "$pkgdir/run"
 
   #add the systemd service file in '/usr/lib'
-  cp "$srcdir/psad-systemdinit.archlinux" "$pkgdir/usr/lib/systemd/system/psad.service"
-
+  cp "$srcdir/psadwatchd.service" "$pkgdir/usr/lib/systemd/system/psadwatchd.service"
+  cp "$srcdir/kmsgsd.service" "$pkgdir/usr/lib/systemd/system/kmsgsd.service"
+  
+  # Fix systemd unit
   # Fix the config
-  sed -e "s|$pkgdir||g" "$pkgdir/etc/psad/psad.conf" -i
+  sed -e "s|/usr/sbin|/usr/bin|g" "$pkgdir/usr/lib/systemd/system/psad.service" -i
+  sed -e "s|/var/run|/run|g" "$pkgdir/usr/lib/systemd/system/psad.service" -i
+  sed -e "s|$pkgdir|/|g" "$pkgdir/etc/psad/psad.conf" -i
   sed -e "s|$pkgdir||g" "$pkgdir/var/log/psad/install.log" -i
 }
 # vim:set ts=2 sw=2 et:
diff --git a/kmsgsd.service b/kmsgsd.service
new file mode 100644
index 000000000000..384683046bc5
--- /dev/null
+++ b/kmsgsd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=KMSG Daemon(PSAD)
+Documentation=man:kmsgsd(8) https://www.cipherdyne.org/psad/docs/manpages/kmsgsd.html
+After=psad.service
+
+[Service]
+ExecStart=/usr/bin/kmsgsd
+Type=forking
+
+[Install]
+WantedBy=multi-user.target
diff --git a/psad-systemdinit.archlinux b/psad-systemdinit.archlinux
deleted file mode 100644
index 991aa74230da..000000000000
--- a/psad-systemdinit.archlinux
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Port scan attack detector
-After=iptables.service
-
-[Service]
-ExecStart=/usr/sbin/psad
-ExecStop=/usr/sbin/psad --Kill
-Type=oneshot
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/psad.patch b/psad.patch
index 11220074bf03..6c733bb72d8e 100644
--- a/psad.patch
+++ b/psad.patch
@@ -1,6 +1,66 @@
---- a/install.pl	2017-03-29 00:58:58.151686321 +0200
-+++ b/install.pl	2017-03-29 01:01:33.861628259 +0200
-@@ -773,6 +773,8 @@
+diff -u psad-2.4.6/install.pl psad-2.4.6-1/install.pl
+--- psad-2.4.6/install.pl	2018-07-31 20:41:59.000000000 -0400
++++ psad-2.4.6-1/install.pl	2021-08-13 14:41:54.730087506 -0400
+@@ -39,21 +39,21 @@
+ use strict;
+ 
+ #============== config ===============
+-my $USRSBIN_DIR  = '/usr/sbin';  ### consistent with FHS (Filesystem
++my $USRSBIN_DIR  = '/usr/bin';  ### consistent with FHS (Filesystem
+                                  ### Hierarchy Standard)
+ my $USRBIN_DIR   = '/usr/bin';   ### consistent with FHS
+ 
+ my $psad_conf_file  = 'psad.conf';
+ 
+ ### system binaries ###
+-my $chkconfigCmd = '/sbin/chkconfig';
+-my $rcupdateCmd  = '/sbin/rc-update';  ### Gentoo
+-my $updatercdCmd = '/usr/sbin/update-rc.d';  ### Ubuntu
++my $chkconfigCmd = '/usr/bin/chkconfig';
++my $rcupdateCmd  = '/usr/bin/rc-update';  ### Gentoo
++my $updatercdCmd = '/usr/bin/update-rc.d';  ### Ubuntu
+ my $makeCmd      = '/usr/bin/make';
+ my $perlCmd      = '/usr/bin/perl';
+ my $wgetCmd      = '/usr/bin/wget';
+-my $runlevelCmd  = '/sbin/runlevel';
+-my $systemctlCmd = '/bin/systemctl';
++my $runlevelCmd  = '/usr/bin/runlevel';
++my $systemctlCmd = '/usr/bin/systemctl';
+ 
+ my $install_root = '/';
+ 
+@@ -136,12 +136,8 @@
+ my %cmds   = ();
+ 
+ my @cmd_search_paths = qw(
+-    /bin
+-    /sbin
+     /usr/bin
+-    /usr/sbin
+     /usr/local/bin
+-    /usr/local/sbin
+ );
+ 
+ ### IP regex
+@@ -178,7 +174,7 @@
+ my $no_locale = 0;
+ my $deps_dir = 'deps';
+ my $init_dir = '/etc/init.d';
+-my $systemd_init_dir = '/lib/systemd/system';
++my $systemd_init_dir = '/usr/lib/systemd/system';
+ my $init_name = 'psad';
+ my $systemd_init_name = 'psad.service';
+ my $install_syslog_fifo = 0;
+@@ -490,7 +486,7 @@
+     }
+ 
+     ### put the nf2csv script in place
+-    unlink '/usr/sbin/nf2csv' if -e '/usr/sbin/nf2csv';  ### old path
++    unlink '/usr/bin/nf2csv' if -e '/usr/bin/nf2csv';  ### old path
+     &logr("[+] Copying nf2csv -> ${USRBIN_DIR}/nf2csv\n");
+     unlink "${USRBIN_DIR}/nf2csv" if -e "${USRBIN_DIR}/nf2csv";
+     copy 'nf2csv', "${USRBIN_DIR}/nf2csv" or die "[*] Could ",
+@@ -773,6 +769,8 @@
              $init_file = 'init-scripts/psad-init.redhat';
          } elsif ($distro eq 'fedora') {
              $init_file = 'init-scripts/psad-init.fedora';
@@ -9,13 +69,92 @@
          } elsif ($distro eq 'gentoo') {
              $init_file = 'init-scripts/psad-init.gentoo';
          } else {
-@@ -801,7 +803,8 @@
-     if ($preserve_rv) {
-         &logr("\n[+] psad has been installed (with your original config merged).\n");
-     } else {
--        &logr("\n[+] psad has been installed.\n");
-+        &logr("\n[+] psad has been compiled.\n");
-+        &logr("\n[+] use pacman -U to install.\n");
-     }
-     if ($installed_init_script) {
-         if ($init_dir) {
+@@ -1434,7 +1432,7 @@
+     unless ($found) {
+         &logr("[+] Modifying $syslog_conf to write kern.info messages " .
+             "to\n    $config{'PSAD_FIFO_FILE'} " .
+-            "(with script /usr/sbin/psadpipe.sh)");
++            "(with script /usr/bin/psadpipe.sh)");
+         unless (-e "$syslog_conf.orig") {
+             copy $syslog_conf, "$syslog_conf.orig" or die "[*] Could not copy ",
+                 "$syslog_conf -> $syslog_conf.orig: $!";
+@@ -1446,16 +1444,16 @@
+             "\nPSAD :\n",
+             "  facility = \"kern\"\n",
+             '  command  = ',
+-            "\"/usr/sbin/psadpipe.sh\"\n";
++            "\"/usr/bin/psadpipe.sh\"\n";
+         close METALOG;
+ 
+-        open PIPESCRIPT, '> /usr/sbin/psadpipe.sh' or
+-            die "[*] Unable to open /usr/sbin/psadpipe.sh: $!";
++        open PIPESCRIPT, '> /usr/bin/psadpipe.sh' or
++            die "[*] Unable to open /usr/bin/psadpipe.sh: $!";
+         print PIPESCRIPT "#!/bin/sh\n\n",
+             "echo \"\$3\" >> $config{'PSAD_FIFO_FILE'}\n";
+         close PIPESCRIPT;
+-        chmod 0700, '/usr/sbin/psadpipe.sh';
+-        &logr('[+] Generated /usr/sbin/psadpipe.sh ' .
++        chmod 0700, '/usr/bin/psadpipe.sh';
++        &logr('[+] Generated /usr/bin/psadpipe.sh ' .
+             "which writes to $config{'PSAD_FIFO_FILE'}");
+ 
+         ### (Dennis Freise <cat@final-frontier.ath.cx>)
+diff -u psad-2.4.6/psad.conf psad-2.4.6-1/psad.conf
+--- psad-2.4.6/psad.conf	2018-07-31 20:41:59.000000000 -0400
++++ psad-2.4.6-1/psad.conf	2021-08-13 14:44:36.501561557 -0400
+@@ -586,9 +586,9 @@
+ PSADWATCHD_MAX_RETRIES      10;
+ 
+ ### Directories
+-INSTALL_ROOT                /;
++INSTALL_ROOT                /home/jack/Documents/archpackages/psad/pkg/psad;
+ PSAD_DIR                    $INSTALL_ROOT/var/log/psad;
+-PSAD_RUN_DIR                $INSTALL_ROOT/var/run/psad;
++PSAD_RUN_DIR                $INSTALL_ROOT/run/psad;
+ PSAD_FIFO_DIR               $INSTALL_ROOT/var/lib/psad;
+ PSAD_LIBS_DIR               $INSTALL_ROOT/usr/lib/psad;
+ PSAD_CONF_DIR               $INSTALL_ROOT/etc/psad;
+@@ -671,23 +671,23 @@
+ IPT_ERROR_PATTERN           psad_ipterr.XXXXXX;
+ 
+ ### system binaries
+-iptablesCmd      /sbin/iptables;
+-ip6tablesCmd     /sbin/ip6tables;
+-shCmd            /bin/sh;
++iptablesCmd      /usr/bin/iptables;
++ip6tablesCmd     /usr/bin/ip6tables;
++shCmd            /usr/bin/sh;
+ wgetCmd          /usr/bin/wget;
+-gzipCmd          /bin/gzip;
+-mknodCmd         /bin/mknod;
+-psCmd            /bin/ps;
+-mailCmd          /bin/mail;
+-sendmailCmd      /usr/sbin/sendmail;
+-ifconfigCmd      /sbin/ifconfig;
+-ipCmd            /sbin/ip;
++gzipCmd          /usr/bin/gzip;
++mknodCmd         /usr/bin/mknod;
++psCmd            /usr/bin/ps;
++mailCmd          /usr/bin/mail;
++sendmailCmd      /usr/bin/sendmail;
++ifconfigCmd      /usr/bin/ifconfig;
++ipCmd            /usr/bin/ip;
+ killallCmd       /usr/bin/killall;
+-netstatCmd       /bin/netstat;
+-unameCmd         /bin/uname;
++netstatCmd       /usr/bin/netstat;
++unameCmd         /usr/bin/uname;
+ whoisCmd         $INSTALL_ROOT/usr/bin/whois_psad;
+-dfCmd            /bin/df;
+-fwcheck_psadCmd  $INSTALL_ROOT/usr/sbin/fwcheck_psad;
+-psadwatchdCmd    $INSTALL_ROOT/usr/sbin/psadwatchd;
+-kmsgsdCmd        $INSTALL_ROOT/usr/sbin/kmsgsd;
+-psadCmd          $INSTALL_ROOT/usr/sbin/psad;
++dfCmd            /usr/bin/df;
++fwcheck_psadCmd  $INSTALL_ROOT/usr/bin/fwcheck_psad;
++psadwatchdCmd    $INSTALL_ROOT/usr/bin/psadwatchd;
++kmsgsdCmd        $INSTALL_ROOT/usr/bin/kmsgsd;
++psadCmd          $INSTALL_ROOT/usr/bin/psad;
+
+
diff --git a/psadwatchd.service b/psadwatchd.service
new file mode 100644
index 000000000000..eae7e4f8ccd0
--- /dev/null
+++ b/psadwatchd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=PSAD Watcher
+Documentation=man:psadwatchd(8) https://www.cipherdyne.org/psad/docs/manpages/psadwatchd.html
+After=psad.service kmsgsd.service
+
+[Service]
+ExecStart=/usr/bin/psadwatchd
+Type=forking
+
+[Install]
+WantedBy=multi-user.target