Date: Fri, 27 Sep 2002 12:23:29 GMT From: klm <klm@ruby.ir.exodus.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/43425: New port: security/ftimes - A system baselining and evidence collection tool Message-ID: <200209271223.g8RCNTP5076700@ruby.ir.exodus.net>
next in thread | raw e-mail | index | archive | help
>Number: 43425
>Category: ports
>Synopsis: New port: security/ftimes - A system baselining and evidence collection tool
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 27 09:20:04 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: klm
>Release: FreeBSD 4.6.1-RELEASE-p10 i386
>Organization:
>Environment:
System: FreeBSD ruby.ir.exodus.net 4.6.1-RELEASE-p10 FreeBSD 4.6.1-RELEASE-p10 #0: Tue Aug 6 15:24:22 EDT 2002 root@nerve.mud:/usr/obj/usr/src/sys/GENERIC i386
>Description:
FTimes is a system baselining and evidence collection tool. Its
primary purpose is to gather and/or develop information about
specified directories and files in a manner conducive to intrusion
analysis. It was designed to support the following initiatives:
content integrity monitoring, incident response, intrusion analysis,
and computer forensics.
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# ftimes
# ftimes/pkg-comment
# ftimes/pkg-plist
# ftimes/Makefile
# ftimes/pkg-descr
# ftimes/distinfo
# ftimes/pkg-message
#
echo c - ftimes
mkdir -p ftimes > /dev/null 2>&1
echo x - ftimes/pkg-comment
sed 's/^X//' >ftimes/pkg-comment << 'END-of-ftimes/pkg-comment'
XA system baselining and evidence collection tool
END-of-ftimes/pkg-comment
echo x - ftimes/pkg-plist
sed 's/^X//' >ftimes/pkg-plist << 'END-of-ftimes/pkg-plist'
Xbin/ftimes
Xcgi/nph-ftimes.cgi
Xdoc/ftimes.html
Xetc/dig.cfg.sample
Xetc/get.cfg.sample
Xetc/map.cfg.sample
Xetc/put.cfg.sample
X@unexec rmdir %D/bin 2> /dev/null || true
X@unexec rmdir %D/cgi 2> /dev/null || true
X@unexec rmdir %D/doc 2> /dev/null || true
X@unexec rmdir %D/etc 2> /dev/null || true
X@unexec rmdir %D/man/man1 2> /dev/null || true
X@unexec rmdir %D/man 2> /dev/null || true
X@unexec rmdir %D 2> /dev/null || true
END-of-ftimes/pkg-plist
echo x - ftimes/Makefile
sed 's/^X//' >ftimes/Makefile << 'END-of-ftimes/Makefile'
X# New ports collection makefile for: ftimes
X# Date created: 20 August 2002
X# Whom: Klayton Monroe <klm@ir.exodus.net>
X#
X# $FreeBSD$
X#
X
XPORTNAME= ftimes
XPORTVERSION= 3.1.0
XCATEGORIES= security sysutils
XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR= ftimes
XEXTRACT_SUFX= .tgz
X
XMAINTAINER= klm@ir.exodus.net
X
XMAN1= ftimes.1
X
XPREFIX= ${LOCALBASE}/integrity
X
XGNU_CONFIGURE= YES
X
XNO_MTREE= YES
X
X.if defined(WITHOUT_SSL)
XCONFIGURE_ARGS= --without-ssl
X.else
XUSE_OPENSSL= YES
XCONFIGURE_ARGS= --with-ssl=${OPENSSLBASE}
X.endif
X
Xpre-build:
X @${MV} ${WRKSRC}/etc/dig.cfg ${WRKSRC}/etc/dig.cfg.sample
X @${MV} ${WRKSRC}/etc/get.cfg ${WRKSRC}/etc/get.cfg.sample
X @${MV} ${WRKSRC}/etc/map.cfg ${WRKSRC}/etc/map.cfg.sample
X @${MV} ${WRKSRC}/etc/put.cfg ${WRKSRC}/etc/put.cfg.sample
X @${MV} ${WRKSRC}/etc/Makefile ${WRKSRC}/etc/Makefile.orig
X @${SED} 's/\(\.cfg\)/\1.sample/g' ${WRKSRC}/etc/Makefile.orig > ${WRKSRC}/etc/Makefile
X
Xpost-install:
X @strip ${PREFIX}/bin/ftimes
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-ftimes/Makefile
echo x - ftimes/pkg-descr
sed 's/^X//' >ftimes/pkg-descr << 'END-of-ftimes/pkg-descr'
XFTimes is a system baselining and evidence collection tool. Its
Xprimary purpose is to gather and/or develop information about
Xspecified directories and files in a manner conducive to intrusion
Xanalysis. It was designed to support the following initiatives:
Xcontent integrity monitoring, incident response, intrusion analysis,
Xand computer forensics.
X
XWWW: http://ftimes.sourceforge.net/FTimes/
END-of-ftimes/pkg-descr
echo x - ftimes/distinfo
sed 's/^X//' >ftimes/distinfo << 'END-of-ftimes/distinfo'
XMD5 (ftimes-3.1.0.tgz) = 4a80aedddd6c0ec01f0597a00332e17d
END-of-ftimes/distinfo
echo x - ftimes/pkg-message
sed 's/^X//' >ftimes/pkg-message << 'END-of-ftimes/pkg-message'
X
X----------------------------------------------------------------------
X
X If necessary, check the value of ${PREFIX} and update your PATH
X and MANPATH environment variables accordingly. By default, FTimes
X is rooted in the following location: /usr/local/integrity.
X
X For information on how to configure an Apache Web server to handle
X FTimes requests and verify client-server connectivity, refer to
X the INSTALL document located in the project's source tree.
X
X "System Baselining -- A Forensic Perspective" provides additional
X background information for those interested in the subject. This
X paper, written in LaTeX, is called baselining.tex and is located
X in the project's source tree. A PDF version of the same is
X available at: http://ftimes.sourceforge.net/FTimes/Papers.shtml
X
X Sample configuration files can be found in ${PREFIX}/etc.
X
X----------------------------------------------------------------------
X
END-of-ftimes/pkg-message
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209271223.g8RCNTP5076700>