Date: Fri, 16 Nov 2012 22:58:56 +0000 (UTC) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/173668: port update, security/sguil-sensor Message-ID: <20121116225856.42197DCA82A@buttercup4.utdallas.edu> Resent-Message-ID: <201211162300.qAGN00dX032864@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 173668
>Category: ports
>Synopsis: port update, security/sguil-sensor
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 16 23:00:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 8.3-PRERELEASE amd64
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #1: Wed Mar 7 18:01:57 UTC 2012 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
port update, security/sguil-sensor, update to version 0.8.0
NOTE: There are two other ports that must be committed at the
same time; security/sguil-server and security/sguil-client
>How-To-Repeat:
>Fix:
--- sguil-sensor.diff begins here ---
Index: Makefile
===================================================================
--- Makefile (revision 307496)
+++ Makefile (working copy)
@@ -6,8 +6,7 @@
#
PORTNAME= sguil-sensor
-PORTVERSION= 0.7.0
-PORTREVISION= 3
+PORTVERSION= 0.8.0
CATEGORIES= security
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
@@ -19,46 +18,53 @@
barnyard2:${PORTSDIR}/security/barnyard2 \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
-OPTIONS= SANCP "Include sancp sensor" off \
- PADS "Include pads sensor" off
+OPTIONS_DEFINE= PADS SANCP
+PADS_DESC= Include pads sensor
+SANCP_DESC= Include sancp sensor
+LICENSE_NAME= QPLv1.0
+LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
+LICENSE_PERMS= auto-accept
+
NO_BUILD= yes
-USE_RC_SUBR= example_agent pcap_agent snort_agent
-TCLSH_CMD?= tclsh8.4
+USE_RC_SUBR= example_agent pcap_agent sensor_agent snort_agent
+USE_TCL_WRAPPER= yes
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
+SGUILDIR?= sguil-sensor
SUB_LIST= SGUILDIR=${SGUILDIR}
SUB_FILES= pkg-message
PLIST_SUB= SGUILDIR=${SGUILDIR}
-SGUILDIR?= sguil-sensor
-AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
+AGENTS= example_agent.tcl pcap_agent.tcl sensor_agent.tcl snort_agent.tcl
+CONFS= example_agent.conf pcap_agent.conf sensor_agent.conf snort_agent.conf
+LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh
-PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
- OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+PORTDOCS1= README
+PORTDOCS2= README.daemonlogger
+PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
+ TODO UPGRADE USAGE sguildb.dia
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
WITH_PCRE= true
-.if defined(WITH_SANCP)
+.if ${PORT_OPTIONS:MSANCP}
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
-USE_RC_SUBR+= sancp_agent
-PLIST_SUB+= USESANCP=
+USE_RC_SUBR+= sancp_agent pcap_agent-sancp
+PLIST_SUB+= USESANCP=""
.else
PLIST_SUB+= USESANCP="@comment "
.endif
-.if defined(WITH_PADS)
+.if ${PORT_OPTIONS:MPADS}
RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads
USE_RC_SUBR+= pads_agent
-PLIST_SUB+= USEPADS=
+PLIST_SUB+= USEPADS=""
.else
PLIST_SUB+= USEPADS="@comment "
.endif
post-patch:
.for f in ${AGENTS}
- @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
- ${WRKSRC}/sensor/${f}
@${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
${WRKSRC}/sensor/${f}
.endfor
@@ -66,37 +72,42 @@
do-install:
@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
-.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/init
+ (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib)
+ (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init)
+.for f in ${AGENTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.for f in log_packets.sh
+.for f in ${LOG_SCRIPTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.for f in example_agent.conf pcap_agent.conf snort_agent.conf
+.for f in ${CONFS}
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
-.for f in log_packets.conf
- ${INSTALL_DATA} ${FILESDIR}/${f} \
- ${PREFIX}/etc/${SGUILDIR}/${f}-sample
-.endfor
-.if defined(WITH_SANCP)
-.for f in sancp_agent.conf
+.if ${PORT_OPTIONS:MSANCP}
+.for f in sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
.for f in sancp.conf
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
- ${PREFIX}/etc/${f}-sample
+ ${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
-.for f in sancp_agent.tcl
+.for f in sancp_agent.tcl pcap_agent-sancp.tcl
${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
+.for f in log_packets-sancp.sh
+ ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
.endif
-.if defined(WITH_PADS)
+.if ${PORT_OPTIONS:MPADS}
.for f in pads_agent.conf
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${PREFIX}/etc/${SGUILDIR}/${f}-sample
@@ -108,11 +119,17 @@
.endif
post-install:
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
- cd ${WRKSRC}/doc && ${INSTALL_DATA} \
- ${PORTDOCS} ${DOCSDIR}
+ cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
+ cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR}
+.if ${PORT_OPTIONS:MSANCP}
+.for f in README.sancp_indexed_pcap
+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR}
+.endfor
.endif
+.endif
@${CAT} ${PKGMESSAGE}
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Index: distinfo
===================================================================
--- distinfo (revision 307496)
+++ distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
-SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
+SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
+SIZE (sguil-sensor-0.8.0.tar.gz) = 142829
Index: files/example_agent.in
===================================================================
--- files/example_agent.in (revision 307496)
+++ files/example_agent.in (working copy)
@@ -27,7 +27,7 @@
rcvar=example_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
command_args="-c ${example_agent_conf} ${example_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/tclsh"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
Index: files/log_packets.conf
===================================================================
--- files/log_packets.conf (revision 307496)
+++ files/log_packets.conf (working copy)
@@ -1,35 +0,0 @@
-# Conf file for the log_packets script
-# Make sure you verify the location of
-# each of the binaries on your OS
-
-# Edit these for your setup
-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
-HOSTNAME="myhost"
-# Path to snort binary
-SNORT_PATH="/usr/local/bin/snort"
-# Directory to log pcap data to (date dirs will be created in here)
-# Note: The path $HOSTNAME/dailylogs, will be appended to this.
-LOG_DIR="/snort_data"
-# Percentage of disk to try and maintain
-MAX_DISK_USE=90
-# Interface to 'listen' to.
-INTERFACE="eth0"
-# Other options to use when starting snort
-#OPTIONS="-u sguil -g sguil -m 122"
-# Where to store the pid
-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
-# How do we run ps
-PS="ps awx"
-# Where is grep
-GREP="/usr/bin/grep"
-#Add BPFs here.
-#The below is an example of a filter for ignoring outbound HTTP from my network
-# to the world.
-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
-
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
Index: files/pads_agent.in
===================================================================
--- files/pads_agent.in (revision 307496)
+++ files/pads_agent.in (working copy)
@@ -27,7 +27,7 @@
rcvar=pads_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
command_args="-c ${pads_agent_conf} ${pads_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/tclsh"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
Index: files/patch-log_packets.sh
===================================================================
--- files/patch-log_packets.sh (revision 307496)
+++ files/patch-log_packets.sh (working copy)
@@ -1,50 +0,0 @@
---- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500
-+++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500
-@@ -22,38 +22,16 @@
- # #
- ##############################################################
-
-+# You shouldn't need to edit anything in this script
-
--# Edit these for your setup
--
--# Sensors hostname.
--# Note: If running multiple snort instances, then this must be different
--# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
--HOSTNAME="myhost"
--# Path to snort binary
--SNORT_PATH="/usr/local/bin/snort"
--# Directory to log pcap data to (date dirs will be created in here)
--# Note: The path $HOSTNAME/dailylogs, will be appended to this.
--LOG_DIR="/snort_data"
--# Percentage of disk to try and maintain
--MAX_DISK_USE=90
--# Interface to 'listen' to.
--INTERFACE="eth0"
--# Other options to use when starting snort
--#OPTIONS="-u sguil -g sguil -m 122"
--# Where to store the pid
--PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
--# How do we run ps
--PS="ps awx"
--# Where is grep
--GREP="/usr/bin/grep"
--#Add BPFs here.
--#The below is an example of a filter for ignoring outbound HTTP from my network
--# to the world.
--#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
--
--#Some installs may need these
--#LD_LIBRARY_PATH=/usr/local/lib/mysql
--#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/sguil-sensor/log_packets.conf
-+if [ -r ${CONF} ]; then
-+ . ${CONF}
-+else
-+ echo "Your conf file is either missing or the path "
-+ echo "in the log_packets.sh script is incorrect."
-+ exit 1
-+fi
-
- TZ=GMT
- export TZ
Index: files/pcap_agent-sancp.in
===================================================================
--- files/pcap_agent-sancp.in (revision 0)
+++ files/pcap_agent-sancp.in (working copy)
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 302141 2012-08-05 23:19:36Z dougb $
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp
+# Default: NO
+# pcap_agent-sancp_conf (str): Pads_agent configuration file
+# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str): Default: -D
+#
+
+. /etc/rc.subr
+
+load_rc_config pcap_agent-sancp
+
+#set defaults
+pcap_agent-sancp_enable=${pcap_agent-sancp_enable:-"NO"}
+pcap_agent-sancp_conf=${pcap_agent-sancp_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+pcap_agent-sancp_flags=${pcap_agent-sancp_flags:-"-D"}
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+command_args="-c ${pcap_agent-sancp_conf} ${pcap_agent-sancp_flags}"
+procname="%%PREFIX%%/bin/tclsh"
+pidfile="/var/run/${name}.pid"
+check_pidfile="${pidfile} ${procname} /bin/sh"
+
+run_rc_command "$1"
Index: files/pcap_agent.in
===================================================================
--- files/pcap_agent.in (revision 307496)
+++ files/pcap_agent.in (working copy)
@@ -27,7 +27,7 @@
rcvar=pcap_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/tclsh"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
Index: files/pkg-message.in
===================================================================
--- files/pkg-message.in (revision 307496)
+++ files/pkg-message.in (working copy)
@@ -2,13 +2,11 @@
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
-If you already had barnyard installed, this port will NOT deinstall
-it and install the barnyard-sguil6 port instead. You will need to
-deinstall the barnyard port and install the barnyard-sguil6 port yourself
-instead. This port WILL NOT WORK without the barnyard-sguil6 port!!
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead. You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead. This port WILL NOT WORK without the barnyard2-sguil port!!
-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
-to fit your configuration before running the log_packets.sh script.
See the %%DOCSDIR%%/INSTALL doc for details on the
configuration and for croning the script.
@@ -16,13 +14,18 @@
quickly. You should probably configure sguil et al to log to
another partition/location (e.g. /nsm/tmp/).
-You must ALSO edit all of the sensor conf fileis (located in
+You must ALSO edit all of the sensor conf files (located in
%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before
starting the sensor_agents.
+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SGUILDIR%%.
+
If you chose to run sancp, and you already had a sancp.conf file in
%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
-The new sancp.conf-sample file contains the settings for squil.
-If you still want to maintain the customized sancp.conf file, then copy
-the new sancp.conf-sample file to sguild-sancp.conf (for example) and
-add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3. It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
Index: files/sancp_agent.in
===================================================================
--- files/sancp_agent.in (revision 307496)
+++ files/sancp_agent.in (working copy)
@@ -27,7 +27,7 @@
rcvar=sancp_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/tclsh"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
Index: files/sensor_agent.in
===================================================================
--- files/sensor_agent.in (revision 0)
+++ files/sensor_agent.in (working copy)
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/sensor_agent.in 302141 2012-08-05 23:19:36Z dougb $
+
+# PROVIDE: sensor_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable sensor_agent:
+# sensor_agent_enable (bool): Set to YES to enable sensor_agent
+# Default: NO
+# sensor_agent_conf (str): Sancp_agent configuration file
+# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sensor_agent.conf
+# sensor_agent_flags (str): Default: -D
+#
+
+. /etc/rc.subr
+
+load_rc_config sensor_agent
+
+#set defaults
+sensor_agent_enable=${sensor_agent_enable:-"NO"}
+sensor_agent_conf=${sensor_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sensor_agent.conf"}
+sensor_agent_flags=${sensor_agent_flags:-"-D"}
+
+name="sensor_agent"
+rcvar=sensor_agent_enable
+command="%%PREFIX%%/bin/%%SGUILDIR%%/sensor_agent.tcl"
+command_args="-c ${sensor_agent_conf} ${sensor_agent_flags}"
+procname="%%PREFIX%%/bin/tclsh"
+pidfile="/var/run/${name}.pid"
+check_pidfile="${pidfile} ${procname} /bin/sh"
+
+run_rc_command "$1"
Index: files/snort_agent.in
===================================================================
--- files/snort_agent.in (revision 307496)
+++ files/snort_agent.in (working copy)
@@ -27,7 +27,7 @@
rcvar=snort_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
command_args="-c ${snort_agent_conf} ${snort_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/tclsh"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
Index: pkg-descr
===================================================================
--- pkg-descr (revision 307496)
+++ pkg-descr (working copy)
@@ -4,7 +4,7 @@
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
-The sensor list includes security/barnyard, security/snort,
+The sensor list includes security/barnyard2-sguil, security/snort,
security/sancp, net-mgmt/pads, tcpdump (a part of the OS)
and devel/tcltls as well as lang/tcl84 and lang/tclX. Care
has been taken to ensure that everything you need to build
@@ -15,4 +15,3 @@
rule management capabilities.
WWW: http://sguil.sourceforge.net/index.php
-pauls@utdallas.edu
Index: pkg-plist
===================================================================
--- pkg-plist (revision 307496)
+++ pkg-plist (working copy)
@@ -1,15 +1,45 @@
+bin/%%SGUILDIR%%/example_agent.tcl
+bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/example_agent.tcl
bin/%%SGUILDIR%%/pcap_agent.tcl
+bin/%%SGUILDIR%%/sensor_agent.tcl
bin/%%SGUILDIR%%/snort_agent.tcl
etc/%%SGUILDIR%%/example_agent.conf-sample
etc/%%SGUILDIR%%/pcap_agent.conf-sample
+etc/%%SGUILDIR%%/sensor_agent.conf-sample
etc/%%SGUILDIR%%/snort_agent.conf-sample
-etc/%%SGUILDIR%%/log_packets.conf-sample
+%%DOCSDIR%%/CHANGES
+%%DOCSDIR%%/FAQ
+%%DOCSDIR%%/INSTALL
+%%DOCSDIR%%/INSTALL.openbsd
+%%DOCSDIR%%/OPENSSL.README
+%%DOCSDIR%%/README
+%%DOCSDIR%%/README.daemonlogger
+%%DOCSDIR%%/TODO
+%%DOCSDIR%%/UPGRADE
+%%DOCSDIR%%/USAGE
+%%DOCSDIR%%/sguildb.dia
+share/%%SGUILDIR%%/contrib/ossec_agent/README
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
+share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
+share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
+share/%%SGUILDIR%%/init/sensoragent
%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
-%%USESANCP%%etc/sancp.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
+%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
+%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
+@dirrm share/%%SGUILDIR%%/init
+@dirrm share/%%SGUILDIR%%/contrib/portscan_loader
+@dirrm share/%%SGUILDIR%%/contrib/ossec_agent
+@dirrm share/%%SGUILDIR%%/contrib
+@dirrm share/%%SGUILDIR%%
+@dirrm etc/%%SGUILDIR%%
@dirrm bin/%%SGUILDIR%%
-@dirrmtry etc/%%SGUILDIR%%
+@dirrm %%DOCSDIR%%
--- sguil-sensor.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121116225856.42197DCA82A>