Date: Fri, 2 Nov 2007 11:15:53 +0000 (UTC) From: valerio.daelli@gmail.com To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/117763: [PATCH]: upgrade of ossec-hids-server 1.3 -> 1.4 Message-ID: <20071102111553.A749813C465@mx1.freebsd.org> Resent-Message-ID: <200711021120.lA2BK1Hg007203@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117763 >Category: ports >Synopsis: [PATCH]: upgrade of ossec-hids-server 1.3 -> 1.4 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Nov 02 11:20:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Valerio Daelli >Release: FreeBSD 6.2-RELEASE-p6 amd64 >Organization: IFOM >Environment: System: FreeBSD sodio.ifom-ieo-campus.it 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #8: Tue Jul 24 17:16:37 CEST 2007 root@sodio.ifom-ieo-campus.it:/usr/obj/usr/src/sys/SODIO amd64 >Description: This patch upgrade ossec-hids-server from 1.3 to 1.4. I also fixed few problems with ossec-hids-client (thanks to Ivan Lago). See next PRs. >How-To-Repeat: >Fix: --- PATCH-OSSEC-HIDS-SERVER begins here --- diff -ruN /usr/ports/security/ossec-hids-server/Makefile /root/ossec-hids-server/Makefile --- /usr/ports/security/ossec-hids-server/Makefile Mon Sep 10 10:20:02 2007 +++ /root/ossec-hids-server/Makefile Wed Oct 31 16:09:06 2007 @@ -1,23 +1,29 @@ # New ports collection makefile for: ossec-hids-server -# Date created: 23 July 2006 +# Date created: 30 October 2007 # Whom: Valerio Daelli <valerio.daelli@gmail.com> # # $FreeBSD: ports/security/ossec-hids-server/Makefile,v 1.7 2007/09/10 08:20:02 edwin Exp $ # PORTNAME= ossec-hids -PORTVERSION= 1.3 +PORTVERSION= 1.4 PORTREVISION?= 0 CATEGORIES= security MASTER_SITES= http://www.ossec.net/files/ \ http://www.ossec.net/files/old/ -PKGNAMESUFFIX?= -server +PKGNAMESUFFIX= -server MAINTAINER= valerio.daelli@gmail.com COMMENT= A security tool to monitor and check logs and intrusions USE_RC_SUBR= ossec-hids +.if defined(WITH_DB) +USE_MYSQL=yes +USE_PGSQL=yes +USE_BDB=yes +.endif + SUB_LIST= PORTNAME=${PORTNAME} SUB_FILES= pkg-message PLIST_SUB= PORTNAME=${PORTNAME} @@ -40,7 +46,19 @@ @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h do-build: +.if defined(WITH_DB) +.if defined(CLIENT_ONLY) + @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build +.else + @cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build +.endif +.else +.if defined(CLIENT_ONLY) + @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build +.else @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build +.endif +.endif .if defined(CLIENT_ONLY) do-install: diff -ruN /usr/ports/security/ossec-hids-server/distinfo /root/ossec-hids-server/distinfo --- /usr/ports/security/ossec-hids-server/distinfo Mon Sep 10 10:20:02 2007 +++ /root/ossec-hids-server/distinfo Wed Oct 31 15:19:41 2007 @@ -1,3 +1,3 @@ -MD5 (ossec-hids-1.3.tar.gz) = 5ab287c009c48c72ffcbf1e2574e8bf6 -SHA256 (ossec-hids-1.3.tar.gz) = 71aab72703ce2513a7e9d1bfe89aa8b288cf43fdcc84d5cc3f2696c2981af14e -SIZE (ossec-hids-1.3.tar.gz) = 553438 +MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9 +SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f +SIZE (ossec-hids-1.4.tar.gz) = 598579 diff -ruN /usr/ports/security/ossec-hids-server/files/pkg-message.in /root/ossec-hids-server/files/pkg-message.in --- /usr/ports/security/ossec-hids-server/files/pkg-message.in Sat Jun 9 12:41:07 2007 +++ /root/ossec-hids-server/files/pkg-message.in Wed Oct 31 15:19:41 2007 @@ -4,7 +4,14 @@ For information on proper configuration, see http://www.ossec.net/. -To enable the startup script, add ossec-hids_enable="YES" to /etc/rc.conf. +To enable the startup script, add ossechids_enable="YES" to /etc/rc.conf. +To enable database output, execute: + +%%PREFIX%%/%%PORTNAME%%/bin/ossec-control enable database + +Then check this tutorial: + +http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput When you deinstall this port after starting the daemons once, many directories that are created by the daemons will remain. To fully remove the port you need to delete those diff -ruN /usr/ports/security/ossec-hids-server/pkg-plist /root/ossec-hids-server/pkg-plist --- /usr/ports/security/ossec-hids-server/pkg-plist Mon Sep 10 10:20:02 2007 +++ /root/ossec-hids-server/pkg-plist Wed Oct 31 15:19:41 2007 @@ -1,12 +1,16 @@ %%PORTNAME%%/active-response/bin/disable-account.sh %%PORTNAME%%/active-response/bin/firewall-drop.sh %%PORTNAME%%/active-response/bin/host-deny.sh +%%PORTNAME%%/active-response/bin/ipfw_mac.sh +%%PORTNAME%%/active-response/bin/ipfw.sh +%%PORTNAME%%/active-response/bin/pf.sh %%PORTNAME%%/active-response/bin/route-null.sh %%PORTNAME%%/bin/clear_stats %%PORTNAME%%/bin/list_agents %%PORTNAME%%/bin/manage_agents %%PORTNAME%%/bin/ossec-agentd %%PORTNAME%%/bin/ossec-analysisd +%%PORTNAME%%/bin/ossec-dbd %%PORTNAME%%/bin/ossec-control %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector @@ -19,8 +23,10 @@ %%PORTNAME%%/etc/internal_options.conf @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi %%PORTNAME%%/etc/ossec.conf.sample +%%PORTNAME%%//etc/localtime %%PORTNAME%%/etc/shared/rootkit_files.txt %%PORTNAME%%/etc/shared/rootkit_trojans.txt +%%PORTNAME%%/etc/shared/system_audit_rcl.txt %%PORTNAME%%/etc/shared/win_applications_rcl.txt %%PORTNAME%%/etc/shared/win_audit_rcl.txt %%PORTNAME%%/etc/shared/win_malware_rcl.txt @@ -40,6 +46,7 @@ %%PORTNAME%%/rules/ms-exchange_rules.xml %%PORTNAME%%/rules/ms_ftpd_rules.xml %%PORTNAME%%/rules/msauth_rules.xml +%%PORTNAME%%/rules/mysql_rules.xml %%PORTNAME%%/rules/named_rules.xml %%PORTNAME%%/rules/netscreenfw_rules.xml %%PORTNAME%%/rules/ossec_rules.xml @@ -47,12 +54,14 @@ %%PORTNAME%%/rules/pix_rules.xml %%PORTNAME%%/rules/policy_rules.xml %%PORTNAME%%/rules/postfix_rules.xml +%%PORTNAME%%/rules/postgresql_rules.xml %%PORTNAME%%/rules/proftpd_rules.xml %%PORTNAME%%/rules/pure-ftpd_rules.xml %%PORTNAME%%/rules/racoon_rules.xml %%PORTNAME%%/rules/rules_config.xml %%PORTNAME%%/rules/sendmail_rules.xml %%PORTNAME%%/rules/smbd_rules.xml +%%PORTNAME%%/rules/sonicwall_rules.xml %%PORTNAME%%/rules/spamd_rules.xml %%PORTNAME%%/rules/squid_rules.xml %%PORTNAME%%/rules/sshd_rules.xml --- PATCH-OSSEC-HIDS-SERVER ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071102111553.A749813C465>