From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Nov 16 23:00:01 2012 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DF8AA7B3 for ; Fri, 16 Nov 2012 23:00:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id B16B38FC14 for ; Fri, 16 Nov 2012 23:00:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qAGN00lX032868 for ; Fri, 16 Nov 2012 23:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qAGN00dX032864; Fri, 16 Nov 2012 23:00:00 GMT (envelope-from gnats) Resent-Date: Fri, 16 Nov 2012 23:00:00 GMT Resent-Message-Id: <201211162300.qAGN00dX032864@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Schmehl Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8DCD67A0 for ; Fri, 16 Nov 2012 22:59:05 +0000 (UTC) (envelope-from prvs=6605c5cca=root+buttercup4@utdallas.edu) Received: from ip-relay-001.utdallas.edu (ip-relay-001.utdallas.edu [129.110.20.111]) by mx1.freebsd.org (Postfix) with ESMTP id 3CCC78FC0C for ; Fri, 16 Nov 2012 22:59:04 +0000 (UTC) Received: from unknown (HELO mx31.utdallas.edu) ([10.110.20.31]) by ip-relay-001.utdallas.edu with ESMTP; 16 Nov 2012 16:58:57 -0600 Received: from buttercup4.utdallas.edu (buttercup4.utdallas.edu [10.110.4.132]) by mx31.utdallas.edu (Postfix) with ESMTP id 1D5DF41FA7 for ; Fri, 16 Nov 2012 17:01:17 -0600 (CST) Received: by buttercup4.utdallas.edu (Postfix, from userid 0) id 42197DCA82A; Fri, 16 Nov 2012 22:58:56 +0000 (UTC) Message-Id: <20121116225856.42197DCA82A@buttercup4.utdallas.edu> Date: Fri, 16 Nov 2012 22:58:56 +0000 (UTC) From: Paul Schmehl To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/173668: port update, security/sguil-sensor X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2012 23:00:01 -0000 >Number: 173668 >Category: ports >Synopsis: port update, security/sguil-sensor >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Nov 16 23:00:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 8.3-PRERELEASE amd64 >Organization: The University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 8.3-PRERELEASE FreeBSD 8.3-PRERELEASE #1: Wed Mar 7 18:01:57 UTC 2012 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: port update, security/sguil-sensor, update to version 0.8.0 NOTE: There are two other ports that must be committed at the same time; security/sguil-server and security/sguil-client >How-To-Repeat: >Fix: --- sguil-sensor.diff begins here --- Index: Makefile =================================================================== --- Makefile (revision 307496) +++ Makefile (working copy) @@ -6,8 +6,7 @@ # PORTNAME= sguil-sensor -PORTVERSION= 0.7.0 -PORTREVISION= 3 +PORTVERSION= 0.8.0 CATEGORIES= security MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} @@ -19,46 +18,53 @@ barnyard2:${PORTSDIR}/security/barnyard2 \ ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX -OPTIONS= SANCP "Include sancp sensor" off \ - PADS "Include pads sensor" off +OPTIONS_DEFINE= PADS SANCP +PADS_DESC= Include pads sensor +SANCP_DESC= Include sancp sensor +LICENSE_NAME= QPLv1.0 +LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL +LICENSE_PERMS= auto-accept + NO_BUILD= yes -USE_RC_SUBR= example_agent pcap_agent snort_agent -TCLSH_CMD?= tclsh8.4 +USE_RC_SUBR= example_agent pcap_agent sensor_agent snort_agent +USE_TCL_WRAPPER= yes WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} +SGUILDIR?= sguil-sensor SUB_LIST= SGUILDIR=${SGUILDIR} SUB_FILES= pkg-message PLIST_SUB= SGUILDIR=${SGUILDIR} -SGUILDIR?= sguil-sensor -AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl +AGENTS= example_agent.tcl pcap_agent.tcl sensor_agent.tcl snort_agent.tcl +CONFS= example_agent.conf pcap_agent.conf sensor_agent.conf snort_agent.conf +LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh -PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \ - OPENSSL.README TODO UPGRADE USAGE sguildb.dia +PORTDOCS1= README +PORTDOCS2= README.daemonlogger +PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \ + TODO UPGRADE USAGE sguildb.dia -.include +.include WITH_PCRE= true -.if defined(WITH_SANCP) +.if ${PORT_OPTIONS:MSANCP} RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp -USE_RC_SUBR+= sancp_agent -PLIST_SUB+= USESANCP= +USE_RC_SUBR+= sancp_agent pcap_agent-sancp +PLIST_SUB+= USESANCP="" .else PLIST_SUB+= USESANCP="@comment " .endif -.if defined(WITH_PADS) +.if ${PORT_OPTIONS:MPADS} RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads USE_RC_SUBR+= pads_agent -PLIST_SUB+= USEPADS= +PLIST_SUB+= USEPADS="" .else PLIST_SUB+= USEPADS="@comment " .endif post-patch: .for f in ${AGENTS} - @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \ - ${WRKSRC}/sensor/${f} @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \ ${WRKSRC}/sensor/${f} .endfor @@ -66,37 +72,42 @@ do-install: @${MKDIR} ${PREFIX}/bin/${SGUILDIR} @${MKDIR} ${PREFIX}/etc/${SGUILDIR} -.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl + @${MKDIR} ${PREFIX}/share/${SGUILDIR} + @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib + @${MKDIR} ${PREFIX}/share/${SGUILDIR}/init + (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib) + (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init) +.for f in ${AGENTS} ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor -.for f in log_packets.sh +.for f in ${LOG_SCRIPTS} ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor -.for f in example_agent.conf pcap_agent.conf snort_agent.conf +.for f in ${CONFS} ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor -.for f in log_packets.conf - ${INSTALL_DATA} ${FILESDIR}/${f} \ - ${PREFIX}/etc/${SGUILDIR}/${f}-sample -.endfor -.if defined(WITH_SANCP) -.for f in sancp_agent.conf +.if ${PORT_OPTIONS:MSANCP} +.for f in sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor .for f in sancp.conf ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ - ${PREFIX}/etc/${f}-sample + ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor -.for f in sancp_agent.tcl +.for f in sancp_agent.tcl pcap_agent-sancp.tcl ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor +.for f in log_packets-sancp.sh + ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ + ${PREFIX}/bin/${SGUILDIR}/${f} +.endfor .endif -.if defined(WITH_PADS) +.if ${PORT_OPTIONS:MPADS} .for f in pads_agent.conf ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ ${PREFIX}/etc/${SGUILDIR}/${f}-sample @@ -108,11 +119,17 @@ .endif post-install: -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} - cd ${WRKSRC}/doc && ${INSTALL_DATA} \ - ${PORTDOCS} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR} + cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR} + cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR} +.if ${PORT_OPTIONS:MSANCP} +.for f in README.sancp_indexed_pcap + cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR} +.endfor .endif +.endif @${CAT} ${PKGMESSAGE} -.include +.include Index: distinfo =================================================================== --- distinfo (revision 307496) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b -SIZE (sguil-sensor-0.7.0.tar.gz) = 68436 +SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5 +SIZE (sguil-sensor-0.8.0.tar.gz) = 142829 Index: files/example_agent.in =================================================================== --- files/example_agent.in (revision 307496) +++ files/example_agent.in (working copy) @@ -27,7 +27,7 @@ rcvar=example_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl" command_args="-c ${example_agent_conf} ${example_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/tclsh" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" Index: files/log_packets.conf =================================================================== --- files/log_packets.conf (revision 307496) +++ files/log_packets.conf (working copy) @@ -1,35 +0,0 @@ -# Conf file for the log_packets script -# Make sure you verify the location of -# each of the binaries on your OS - -# Edit these for your setup - -# Sensors hostname. -# Note: If running multiple snort instances, then this must be different -# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) -HOSTNAME="myhost" -# Path to snort binary -SNORT_PATH="/usr/local/bin/snort" -# Directory to log pcap data to (date dirs will be created in here) -# Note: The path $HOSTNAME/dailylogs, will be appended to this. -LOG_DIR="/snort_data" -# Percentage of disk to try and maintain -MAX_DISK_USE=90 -# Interface to 'listen' to. -INTERFACE="eth0" -# Other options to use when starting snort -#OPTIONS="-u sguil -g sguil -m 122" -# Where to store the pid -PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" -# How do we run ps -PS="ps awx" -# Where is grep -GREP="/usr/bin/grep" -#Add BPFs here. -#The below is an example of a filter for ignoring outbound HTTP from my network -# to the world. -#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' - -#Some installs may need these -#LD_LIBRARY_PATH=/usr/local/lib/mysql -#export LD_LIBRARY_PATH Index: files/pads_agent.in =================================================================== --- files/pads_agent.in (revision 307496) +++ files/pads_agent.in (working copy) @@ -27,7 +27,7 @@ rcvar=pads_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl" command_args="-c ${pads_agent_conf} ${pads_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/tclsh" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" Index: files/patch-log_packets.sh =================================================================== --- files/patch-log_packets.sh (revision 307496) +++ files/patch-log_packets.sh (working copy) @@ -1,50 +0,0 @@ ---- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500 -+++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500 -@@ -22,38 +22,16 @@ - # # - ############################################################## - -+# You shouldn't need to edit anything in this script - --# Edit these for your setup -- --# Sensors hostname. --# Note: If running multiple snort instances, then this must be different --# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) --HOSTNAME="myhost" --# Path to snort binary --SNORT_PATH="/usr/local/bin/snort" --# Directory to log pcap data to (date dirs will be created in here) --# Note: The path $HOSTNAME/dailylogs, will be appended to this. --LOG_DIR="/snort_data" --# Percentage of disk to try and maintain --MAX_DISK_USE=90 --# Interface to 'listen' to. --INTERFACE="eth0" --# Other options to use when starting snort --#OPTIONS="-u sguil -g sguil -m 122" --# Where to store the pid --PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" --# How do we run ps --PS="ps awx" --# Where is grep --GREP="/usr/bin/grep" --#Add BPFs here. --#The below is an example of a filter for ignoring outbound HTTP from my network --# to the world. --#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' -- --#Some installs may need these --#LD_LIBRARY_PATH=/usr/local/lib/mysql --#export LD_LIBRARY_PATH -+CONF=/usr/local/etc/sguil-sensor/log_packets.conf -+if [ -r ${CONF} ]; then -+ . ${CONF} -+else -+ echo "Your conf file is either missing or the path " -+ echo "in the log_packets.sh script is incorrect." -+ exit 1 -+fi - - TZ=GMT - export TZ Index: files/pcap_agent-sancp.in =================================================================== --- files/pcap_agent-sancp.in (revision 0) +++ files/pcap_agent-sancp.in (working copy) @@ -0,0 +1,34 @@ +#!/bin/sh + +# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 302141 2012-08-05 23:19:36Z dougb $ + +# PROVIDE: pcap_agent-sancp +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# Add the following line to /etc/rc.conf to enable pcap_agent-sancp: +# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp +# Default: NO +# pcap_agent-sancp_conf (str): Pads_agent configuration file +# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf +# pcap_agent-sancp_flags (str): Default: -D +# + +. /etc/rc.subr + +load_rc_config pcap_agent-sancp + +#set defaults +pcap_agent-sancp_enable=${pcap_agent-sancp_enable:-"NO"} +pcap_agent-sancp_conf=${pcap_agent-sancp_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"} +pcap_agent-sancp_flags=${pcap_agent-sancp_flags:-"-D"} + +name="pcap_agent-sancp" +rcvar=pcap_agent-sancp_enable +command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl" +command_args="-c ${pcap_agent-sancp_conf} ${pcap_agent-sancp_flags}" +procname="%%PREFIX%%/bin/tclsh" +pidfile="/var/run/${name}.pid" +check_pidfile="${pidfile} ${procname} /bin/sh" + +run_rc_command "$1" Index: files/pcap_agent.in =================================================================== --- files/pcap_agent.in (revision 307496) +++ files/pcap_agent.in (working copy) @@ -27,7 +27,7 @@ rcvar=pcap_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl" command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/tclsh" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" Index: files/pkg-message.in =================================================================== --- files/pkg-message.in (revision 307496) +++ files/pkg-message.in (working copy) @@ -2,13 +2,11 @@ * !!!!!!!!!!! WARNING !!!!!!!!!!! * *********************************** -If you already had barnyard installed, this port will NOT deinstall -it and install the barnyard-sguil6 port instead. You will need to -deinstall the barnyard port and install the barnyard-sguil6 port yourself -instead. This port WILL NOT WORK without the barnyard-sguil6 port!! +If you already had barnyard2 installed, this port will NOT deinstall +it and install the barnyard2-sguil port instead. You will need to +deinstall the barnyard2 port and install the barnyard2-sguil port yourself +instead. This port WILL NOT WORK without the barnyard2-sguil port!! -You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%) -to fit your configuration before running the log_packets.sh script. See the %%DOCSDIR%%/INSTALL doc for details on the configuration and for croning the script. @@ -16,13 +14,18 @@ quickly. You should probably configure sguil et al to log to another partition/location (e.g. /nsm/tmp/). -You must ALSO edit all of the sensor conf fileis (located in +You must ALSO edit all of the sensor conf files (located in %%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before starting the sensor_agents. +A number of ancilliary things have been installed in +%%PREFIX%%/share/%%SGUILDIR%%. + If you chose to run sancp, and you already had a sancp.conf file in %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one. -The new sancp.conf-sample file contains the settings for squil. -If you still want to maintain the customized sancp.conf file, then copy -the new sancp.conf-sample file to sguild-sancp.conf (for example) and -add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. +The new sancp.conf-sample file contains the settings for squil. NOTE: +the conf file is for sancp 1.5.3. It may need additional edits to work +with the current ports version of sancp. If you still want to maintain +the customized sancp.conf file, then copy the new sancp.conf-sample +file to sguild-sancp.conf (for example) and add +sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. Index: files/sancp_agent.in =================================================================== --- files/sancp_agent.in (revision 307496) +++ files/sancp_agent.in (working copy) @@ -27,7 +27,7 @@ rcvar=sancp_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl" command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/tclsh" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" Index: files/sensor_agent.in =================================================================== --- files/sensor_agent.in (revision 0) +++ files/sensor_agent.in (working copy) @@ -0,0 +1,34 @@ +#!/bin/sh + +# $FreeBSD: head/security/sguil-sensor/files/sensor_agent.in 302141 2012-08-05 23:19:36Z dougb $ + +# PROVIDE: sensor_agent +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# Add the following line to /etc/rc.conf to enable sensor_agent: +# sensor_agent_enable (bool): Set to YES to enable sensor_agent +# Default: NO +# sensor_agent_conf (str): Sancp_agent configuration file +# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sensor_agent.conf +# sensor_agent_flags (str): Default: -D +# + +. /etc/rc.subr + +load_rc_config sensor_agent + +#set defaults +sensor_agent_enable=${sensor_agent_enable:-"NO"} +sensor_agent_conf=${sensor_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sensor_agent.conf"} +sensor_agent_flags=${sensor_agent_flags:-"-D"} + +name="sensor_agent" +rcvar=sensor_agent_enable +command="%%PREFIX%%/bin/%%SGUILDIR%%/sensor_agent.tcl" +command_args="-c ${sensor_agent_conf} ${sensor_agent_flags}" +procname="%%PREFIX%%/bin/tclsh" +pidfile="/var/run/${name}.pid" +check_pidfile="${pidfile} ${procname} /bin/sh" + +run_rc_command "$1" Index: files/snort_agent.in =================================================================== --- files/snort_agent.in (revision 307496) +++ files/snort_agent.in (working copy) @@ -27,7 +27,7 @@ rcvar=snort_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl" command_args="-c ${snort_agent_conf} ${snort_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/tclsh" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" Index: pkg-descr =================================================================== --- pkg-descr (revision 307496) +++ pkg-descr (working copy) @@ -4,7 +4,7 @@ (www.tcl.tk). Sguil also relies on other open source software in order to function properly. -The sensor list includes security/barnyard, security/snort, +The sensor list includes security/barnyard2-sguil, security/snort, security/sancp, net-mgmt/pads, tcpdump (a part of the OS) and devel/tcltls as well as lang/tcl84 and lang/tclX. Care has been taken to ensure that everything you need to build @@ -15,4 +15,3 @@ rule management capabilities. WWW: http://sguil.sourceforge.net/index.php -pauls@utdallas.edu Index: pkg-plist =================================================================== --- pkg-plist (revision 307496) +++ pkg-plist (working copy) @@ -1,15 +1,45 @@ +bin/%%SGUILDIR%%/example_agent.tcl +bin/%%SGUILDIR%%/log_packets-daemonlogger.sh bin/%%SGUILDIR%%/log_packets.sh -bin/%%SGUILDIR%%/example_agent.tcl bin/%%SGUILDIR%%/pcap_agent.tcl +bin/%%SGUILDIR%%/sensor_agent.tcl bin/%%SGUILDIR%%/snort_agent.tcl etc/%%SGUILDIR%%/example_agent.conf-sample etc/%%SGUILDIR%%/pcap_agent.conf-sample +etc/%%SGUILDIR%%/sensor_agent.conf-sample etc/%%SGUILDIR%%/snort_agent.conf-sample -etc/%%SGUILDIR%%/log_packets.conf-sample +%%DOCSDIR%%/CHANGES +%%DOCSDIR%%/FAQ +%%DOCSDIR%%/INSTALL +%%DOCSDIR%%/INSTALL.openbsd +%%DOCSDIR%%/OPENSSL.README +%%DOCSDIR%%/README +%%DOCSDIR%%/README.daemonlogger +%%DOCSDIR%%/TODO +%%DOCSDIR%%/UPGRADE +%%DOCSDIR%%/USAGE +%%DOCSDIR%%/sguildb.dia +share/%%SGUILDIR%%/contrib/ossec_agent/README +share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf +share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl +share/%%SGUILDIR%%/contrib/portscan_loader/Makefile +share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c +share/%%SGUILDIR%%/init/sensoragent %%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl %%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample -%%USESANCP%%etc/sancp.conf-sample +%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh +%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl %%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl %%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample +%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample +%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample +%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample +%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap +@dirrm share/%%SGUILDIR%%/init +@dirrm share/%%SGUILDIR%%/contrib/portscan_loader +@dirrm share/%%SGUILDIR%%/contrib/ossec_agent +@dirrm share/%%SGUILDIR%%/contrib +@dirrm share/%%SGUILDIR%% +@dirrm etc/%%SGUILDIR%% @dirrm bin/%%SGUILDIR%% -@dirrmtry etc/%%SGUILDIR%% +@dirrm %%DOCSDIR%% --- sguil-sensor.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: