Date: Wed, 16 Jan 2013 16:01:44 +0000 (UTC) From: Greg Larkin <glarkin@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310500 - in head: . security/ossec-hids-client security/ossec-hids-local security/ossec-hids-server security/ossec-hids-server/files Message-ID: <201301161601.r0GG1i4v097753@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glarkin Date: Wed Jan 16 16:01:43 2013 New Revision: 310500 URL: http://svnweb.freebsd.org/changeset/ports/310500 Log: - Updated to 2.7 (ChangeLog: http://www.ossec.net/?p=577) - Trimmed Makefile headers - Removed patches incorporated into upstream - Added conditional patch for compilation on 7.x, early 8.x systems - Fixed QAT-reported plist problems - Added new users and group for use with daemons Requested by: various users (via private email) Added: head/security/ossec-hids-server/files/extra-patch-src__os_csyslogd__csyslogd.c (contents, props changed) Deleted: head/security/ossec-hids-server/files/patch-src__init__ossec-local.sh head/security/ossec-hids-server/files/patch-src__init__ossec-server.sh Modified: head/GIDs head/UIDs head/security/ossec-hids-client/Makefile head/security/ossec-hids-client/pkg-plist.client head/security/ossec-hids-local/Makefile head/security/ossec-hids-server/Makefile head/security/ossec-hids-server/distinfo head/security/ossec-hids-server/files/patch-src__InstallServer.sh head/security/ossec-hids-server/pkg-plist Modified: head/GIDs ============================================================================== --- head/GIDs Wed Jan 16 15:42:06 2013 (r310499) +++ head/GIDs Wed Jan 16 16:01:43 2013 (r310500) @@ -246,5 +246,6 @@ zookeeper:*:962: fluentd:*:963: git_daemon:*:964: elasticsearch:*:965: +ossec:*:966: nogroup:*:65533: nobody:*:65534: Modified: head/UIDs ============================================================================== --- head/UIDs Wed Jan 16 15:42:06 2013 (r310499) +++ head/UIDs Wed Jan 16 16:01:43 2013 (r310500) @@ -250,4 +250,7 @@ zookeeper:*:962:962::0:0:zookeeper user: fluentd:*:963:963::0:0:fluentd user:/nonexistent:/usr/sbin/nologin git_daemon:*:964:964::0:0:git daemon:/nonexistent:/usr/sbin/nologin elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin +ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin +ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin +ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin Modified: head/security/ossec-hids-client/Makefile ============================================================================== --- head/security/ossec-hids-client/Makefile Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-client/Makefile Wed Jan 16 16:01:43 2013 (r310500) @@ -1,9 +1,5 @@ -# New ports collection makefile for: ossec-hids-client -# Date created: 23 July 2006 -# Whom: Valerio Daelli <valerio.daelli@gmail.com> -# +# Created by: Valerio Daelli <valerio.daelli@gmail.com> # $FreeBSD$ -# COMMENT= The client port of ossec-hids Modified: head/security/ossec-hids-client/pkg-plist.client ============================================================================== --- head/security/ossec-hids-client/pkg-plist.client Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-client/pkg-plist.client Wed Jan 16 16:01:43 2013 (r310500) @@ -14,6 +14,7 @@ %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector %%PORTNAME%%/bin/ossec-syscheckd +%%PORTNAME%%/bin/util.sh %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt @@ -26,7 +27,7 @@ @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi %%PORTNAME%%/etc/ossec.conf.sample %%PORTNAME%%/etc/internal_options.conf -%%PORTNAME%%/logs/ossec.log +@unexec if test ! -s %D/%%PORTNAME%%/logs/ossec.log; then rm -f %D/%%PORTNAME%%/logs/ossec.log; fi %%PORTNAME%%/agentless/main.exp %%PORTNAME%%/agentless/sshlogin.exp %%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff Modified: head/security/ossec-hids-local/Makefile ============================================================================== --- head/security/ossec-hids-local/Makefile Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-local/Makefile Wed Jan 16 16:01:43 2013 (r310500) @@ -1,9 +1,5 @@ -# New ports collection makefile for: ossec-hids-client -# Date created: 23 July 2006 -# Whom: Valerio Daelli <valerio.daelli@gmail.com> -# +# Created by: Valerio Daelli <valerio.daelli@gmail.com> # $FreeBSD$ -# COMMENT= The client and server (local) port of ossec-hids Modified: head/security/ossec-hids-server/Makefile ============================================================================== --- head/security/ossec-hids-server/Makefile Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-server/Makefile Wed Jan 16 16:01:43 2013 (r310500) @@ -1,13 +1,9 @@ -# New ports collection makefile for: ossec-hids-server -# Date created: 23 July 2006 -# Whom: Valerio Daelli <valerio.daelli@gmail.com> -# +# Created by: Valerio Daelli <valerio.daelli@gmail.com> # $FreeBSD$ -# PORTNAME= ossec-hids -PORTVERSION= 2.6 -PORTREVISION= 2 +PORTVERSION= 2.7 +PORTREVISION?= 0 CATEGORIES= security MASTER_SITES= http://www.ossec.net/files/ \ http://www.ossec.net/files/old/ @@ -18,10 +14,17 @@ COMMENT?= A security tool to monitor and USE_RC_SUBR= ossec-hids +.if defined(MAINTAINER_MODE) +UID_FILES+= ../../UIDs +GID_FILES+= ../../GIDs +.endif +USERS= ossec ossecm ossecr +GROUPS= ossec + .if !defined(CLIENT_ONLY) -OPTIONS= MYSQL "Enable MySQL support" off \ - PGSQL "Enable PostgreSQL support" off +OPTIONS_DEFINE= MYSQL PGSQL .endif +OPTIONS_DEFINE+= DOCS SUB_LIST= PORTNAME=${PORTNAME} SUB_FILES= pkg-message @@ -29,14 +32,18 @@ PLIST_SUB= PORTNAME=${PORTNAME} PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE README .include <bsd.port.pre.mk> +.if ${OSVERSION} < 800067 +# Add string function that didn't exist until 8.x +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-src__os_csyslogd__csyslogd.c +.endif .if !defined(CLIENT_ONLY) -.if defined(WITH_MYSQL) +.if ${PORT_OPTIONS:MMYSQL} WITH_DB= yes -USE_MYSQL= yes +USE_MYSQL= client .endif -.if defined(WITH_PGSQL) +.if ${PORT_OPTIONS:MPGSQL} WITH_DB= yes USE_PGSQL= yes .endif @@ -63,31 +70,37 @@ do-build: .if defined(WITH_DB) .if defined(CLIENT_ONLY) @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build +.elif defined(LOCAL_ONLY) + @cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build .else @cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build .endif .else .if defined(CLIENT_ONLY) - @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build + @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build; \ + ${MAKE} unsetdb +.elif defined(LOCAL_ONLY) + @cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build; \ + ${MAKE} unsetdb .else - @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build + @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build;${MAKE} unsetdb .endif .endif -.if defined(CLIENT_ONLY) do-install: +.if defined(CLIENT_ONLY) @cd ${WRKSRC}/src; ${MAKE} agent .elif defined(LOCAL_ONLY) -do-install: @cd ${WRKSRC}/src; ${MAKE} local .else -do-install: @cd ${WRKSRC}/src; ${MAKE} server .endif post-install: + @${MKDIR} ${PREFIX}/${PORTNAME}/etc + .if defined(CLIENT_ONLY) - ${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample + @${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample @if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \ ${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \ fi @@ -102,7 +115,7 @@ post-install: fi .endif -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} .endif Modified: head/security/ossec-hids-server/distinfo ============================================================================== --- head/security/ossec-hids-server/distinfo Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-server/distinfo Wed Jan 16 16:01:43 2013 (r310500) @@ -1,2 +1,2 @@ -SHA256 (ossec-hids-2.6.tar.gz) = 37a6b14a0c41252852b51fd06cc186a8b66bd9e01821efd70305a6dd782a2b4c -SIZE (ossec-hids-2.6.tar.gz) = 758125 +SHA256 (ossec-hids-2.7.tar.gz) = f8ac4a7d74068a8ca4f14e3c906bfa3a68a87fd026b463422bea79fe9d747249 +SIZE (ossec-hids-2.7.tar.gz) = 818656 Added: head/security/ossec-hids-server/files/extra-patch-src__os_csyslogd__csyslogd.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-server/files/extra-patch-src__os_csyslogd__csyslogd.c Wed Jan 16 16:01:43 2013 (r310500) @@ -0,0 +1,19 @@ +--- ./src/os_csyslogd/csyslogd.c.orig 2013-01-15 16:31:13.000000000 -0500 ++++ ./src/os_csyslogd/csyslogd.c 2013-01-15 16:32:23.000000000 -0500 +@@ -23,7 +23,16 @@ + #include "csyslogd.h" + #include "os_net/os_net.h" + ++#ifndef HAVE_STRNLEN ++size_t strnlen(char *s, size_t maxlen) ++{ ++ size_t i; + ++ for (i= 0; i < maxlen && *s != '\0'; i++, s++) ++ ; ++ return i; ++} ++#endif + + /* OS_SyslogD: Monitor the alerts and sends them via syslog. + * Only return in case of error. Modified: head/security/ossec-hids-server/files/patch-src__InstallServer.sh ============================================================================== --- head/security/ossec-hids-server/files/patch-src__InstallServer.sh Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-server/files/patch-src__InstallServer.sh Wed Jan 16 16:01:43 2013 (r310500) @@ -1,15 +1,15 @@ ---- ./src/InstallServer.sh.orig 2011-07-11 15:36:58.000000000 -0400 -+++ ./src/InstallServer.sh 2011-10-18 15:26:57.000000000 -0400 -@@ -188,7 +188,7 @@ +--- ./src/InstallServer.sh.orig 2012-11-08 21:24:55.000000000 -0500 ++++ ./src/InstallServer.sh 2013-01-14 10:44:36.000000000 -0500 +@@ -195,7 +195,7 @@ fi fi -cp -pr ../etc/rules/* ${DIR}/rules/ +cp -pr ../etc/rules/*.xml ${DIR}/rules/ + find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back - ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1 -@@ -307,12 +307,12 @@ +@@ -318,12 +318,12 @@ ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then Modified: head/security/ossec-hids-server/pkg-plist ============================================================================== --- head/security/ossec-hids-server/pkg-plist Wed Jan 16 15:42:06 2013 (r310499) +++ head/security/ossec-hids-server/pkg-plist Wed Jan 16 16:01:43 2013 (r310500) @@ -31,6 +31,7 @@ %%PORTNAME%%/bin/rootcheck_control %%PORTNAME%%/bin/syscheck_control %%PORTNAME%%/bin/syscheck_update +%%PORTNAME%%/bin/util.sh %%PORTNAME%%/bin/verify-agent-conf %%PORTNAME%%/etc/decoder.xml %%PORTNAME%%/etc/internal_options.conf @@ -45,7 +46,8 @@ %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt -%%PORTNAME%%/logs/ossec.log +@unexec if test ! -s %D/%%PORTNAME%%/logs/ossec.log; then rm -f %D/%%PORTNAME%%/logs/ossec.log; fi +@unexec if test ! -s %D/%%PORTNAME%%/logs/active-responses.log; then rm -f %D/%%PORTNAME%%/logs/active-responses.log; fi %%PORTNAME%%/rules/apache_rules.xml %%PORTNAME%%/rules/arpwatch_rules.xml %%PORTNAME%%/rules/asterisk_rules.xml @@ -104,6 +106,7 @@ %%PORTNAME%%/rules/vpn_concentrator_rules.xml %%PORTNAME%%/rules/vpopmail_rules.xml %%PORTNAME%%/rules/vsftpd_rules.xml +%%PORTNAME%%/rules/web_appsec_rules.xml %%PORTNAME%%/rules/web_rules.xml %%PORTNAME%%/rules/wordpress_rules.xml %%PORTNAME%%/rules/zeus_rules.xml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301161601.r0GG1i4v097753>