From owner-svn-ports-head@freebsd.org Thu Apr 21 19:37:14 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03187B17F3F; Thu, 21 Apr 2016 19:37:14 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BB4CC1809; Thu, 21 Apr 2016 19:37:13 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u3LJbCQK010989; Thu, 21 Apr 2016 19:37:12 GMT (envelope-from matthew@FreeBSD.org) Received: (from matthew@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u3LJbCfE010978; Thu, 21 Apr 2016 19:37:12 GMT (envelope-from matthew@FreeBSD.org) Message-Id: <201604211937.u3LJbCfE010978@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: matthew set sender to matthew@FreeBSD.org using -f From: Matthew Seaman Date: Thu, 21 Apr 2016 19:37:12 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r413754 - in head/security/ossec-hids-server: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 19:37:14 -0000 Author: matthew Date: Thu Apr 21 19:37:11 2016 New Revision: 413754 URL: https://svnweb.freebsd.org/changeset/ports/413754 Log: * Modernize OPTIONS handling somewhat: this fixes compilation when either the MYSQL or PGSQL options are enabled * Add OPTION-dependent targets to install the postgresql or mysql DB schemas as portdocs when either of those two options are enabled. * Add a patch for the DB schemas to allow for longer entries in the system.information column (submitted upstream and committed as https://github.com/ossec/ossec-hids/commit/7a4b0d32e2b67bbef5d68dd7aeeee4e70b9c1982 * Add a 'reload' command to the ossec-hids RC script * Update to version 2.8.3 * Generally update patch files via 'make makepatch' * Change expect scripts used by agentlessd to group ossec so they are executable by the ossec user. * Use shebangfix to set an explicit path to where expect is installed, since it isn't on the default path inherited from the system init scripts, so /usr/bin/env doesn't find the command interpreter. * Change CONFLICTS to CONFLICTS_INSTALL between each of the the ossec-hids-{client,local,server} ports. DB changes compile tested with postgresql and mysql, but only thoroughly run-time tested with postgresql. PR: 208935 Submitted by: matthew Approved by: brd (maintainer) Added: head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema (contents, props changed) head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema (contents, props changed) Modified: head/security/ossec-hids-server/Makefile head/security/ossec-hids-server/distinfo head/security/ossec-hids-server/files/ossec-hids.in head/security/ossec-hids-server/files/patch-src__InstallAgent.sh head/security/ossec-hids-server/files/patch-src__InstallServer.sh head/security/ossec-hids-server/files/patch-src__LOCATION head/security/ossec-hids-server/files/patch-src__headers__defs.h head/security/ossec-hids-server/pkg-plist Modified: head/security/ossec-hids-server/Makefile ============================================================================== --- head/security/ossec-hids-server/Makefile Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/Makefile Thu Apr 21 19:37:11 2016 (r413754) @@ -2,7 +2,8 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 2.8.2 +PORTVERSION= 2.8.3 +DISTVERSIONPREFIX= v PORTREVISION?= 0 CATEGORIES= security USE_GITHUB= yes @@ -28,41 +29,57 @@ GROUPS= ossec .if !defined(CLIENT_ONLY) OPTIONS_DEFINE= MYSQL PGSQL + +MYSQL_VARS= WITH_DB=yes +MYSQL_USE= MYSQL=client +MYSQL_PORTDOCS= mysql.schema + +PGSQL_VARS= WITH_DB=yes +PGSQL_USES= pgsql +PGSQL_PORTDOCS= postgresql.schema + +RUN_DEPENDS= expect:lang/expect + +USES+= shebangfix +SHEBANG_LANG= expect +expect_OLD_CMD= "/usr/bin/env expect" +expect_CMD= ${LOCALBASE}/bin/expect +SHEBANG_FILES= src/agentlessd/scripts/main.exp \ + src/agentlessd/scripts/ssh.exp \ + src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ + src/agentlessd/scripts/ssh_foundry_diff \ + src/agentlessd/scripts/ssh_generic_diff \ + src/agentlessd/scripts/ssh_integrity_check_bsd \ + src/agentlessd/scripts/ssh_integrity_check_linux \ + src/agentlessd/scripts/ssh_nopass.exp \ + src/agentlessd/scripts/ssh_pixconfig_diff \ + src/agentlessd/scripts/sshlogin.exp \ + src/agentlessd/scripts/su.exp .endif OPTIONS_DEFINE+= DOCS SUB_LIST= PORTNAME=${PORTNAME} SUB_FILES= pkg-message PLIST_SUB= PORTNAME=${PORTNAME} -PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE +DOCSFILES= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE +PORTDOCS= ${DOCSFILES} .include -.if !defined(CLIENT_ONLY) -.if ${PORT_OPTIONS:MMYSQL} -WITH_DB= yes -USE_MYSQL= client -.endif - -.if ${PORT_OPTIONS:MPGSQL} -WITH_DB= yes -USES+= pgsql -.endif -.endif STRIP_FILES= ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update .if defined(CLIENT_ONLY) SUB_LIST+= PRECMD=: PKGNAMESUFFIX= -client -CONFLICTS= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]* +CONFLICTS_INSTALL= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]* STRIP_FILES= agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd .elif defined(LOCAL_ONLY) SUB_LIST+= PRECMD=ossechids_start_precmd PKGNAMESUFFIX= -local -CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]* +CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]* .else SUB_LIST+= PRECMD=ossechids_start_precmd -CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]* +CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]* .endif post-patch: @@ -116,6 +133,14 @@ do-install: post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} - @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} + +post-install-MYSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR} + +post-install-PGSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR} .include Modified: head/security/ossec-hids-server/distinfo ============================================================================== --- head/security/ossec-hids-server/distinfo Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/distinfo Thu Apr 21 19:37:11 2016 (r413754) @@ -1,2 +1,2 @@ -SHA256 (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 61e0892175a79fe119c8bab886cd41fcc3be9b84526600b06c18fa178a59cb34 -SIZE (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 1635142 +SHA256 (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd +SIZE (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 1642095 Modified: head/security/ossec-hids-server/files/ossec-hids.in ============================================================================== --- head/security/ossec-hids-server/files/ossec-hids.in Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/files/ossec-hids.in Thu Apr 21 19:37:11 2016 (r413754) @@ -21,12 +21,16 @@ start_cmd="ossechids_command start" stop_cmd="ossechids_command stop" restart_cmd="ossechids_command restart" status_cmd="ossechids_command status" +reload_cmd="ossechids_command reload" command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control" required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf" +extra_commands="reload" fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue +ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log +active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log ossechids_start_precmd() { # These files are not created by the daemons with the correct @@ -43,6 +47,15 @@ ossechids_start_precmd() { chown ${ossechids_user}:${ossechids_group} ${ig_queue} chmod 640 ${ig_queue} fi + + # Ensure logfiles are created with the correct ownership and mode + for log in ${ossec_log} ${active_responses_log}; do + if [ ! -e ${log} ]; then + touch ${log} + chown ${ossechids_user}:${ossechids_group} ${log} + chmod 660 ${log} + fi + done } ossechids_command() { Modified: head/security/ossec-hids-server/files/patch-src__InstallAgent.sh ============================================================================== --- head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Thu Apr 21 19:37:11 2016 (r413754) @@ -1,4 +1,4 @@ ---- src/InstallAgent.sh.orig 2015-06-10 15:38:32 UTC +--- src/InstallAgent.sh.orig 2015-10-12 21:21:06 UTC +++ src/InstallAgent.sh @@ -37,11 +37,11 @@ fi @@ -41,7 +41,7 @@ chmod -R 750 ${DIR}/queue/diff chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 -@@ -129,8 +124,7 @@ chmod 740 ${DIR}/queue/diff/* > /dev/nul +@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp # For the etc dir @@ -51,7 +51,7 @@ ls /etc/localtime > /dev/null 2>&1 if [ $? = 0 ]; then -@@ -142,13 +136,11 @@ if [ "$UNAME" = "SunOS" ]; then +@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then mkdir -p ${DIR}/usr/share/lib/zoneinfo/ chmod -R 555 ${DIR}/usr/ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ @@ -65,7 +65,7 @@ chmod 555 ${DIR}/etc/TIMEZONE fi -@@ -168,25 +160,17 @@ cp -pr ../etc/local_internal_options.con +@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 cp -pr agentlessd/scripts/* ${DIR}/agentless/ @@ -93,7 +93,7 @@ # Moving the binary files -@@ -200,7 +184,6 @@ cp -pr addagent/manage_agents ${DIR}/bin +@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin cp -pr ../contrib/util.sh ${DIR}/bin/ cp -pr external/lua/src/ossec-lua ${DIR}/bin/ cp -pr external/lua/src/ossec-luac ${DIR}/bin/ @@ -101,7 +101,7 @@ chmod +x ${DIR}/bin/util.sh # Copying active response modules -@@ -208,10 +191,8 @@ sh ./init/fw-check.sh execute > /dev/nul +@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ chmod 755 ${DIR}/active-response/bin/* @@ -113,7 +113,7 @@ # Moving the config file -@@ -227,7 +208,6 @@ if [ $? = 0 ]; then +@@ -229,7 +210,6 @@ if [ $? = 0 ]; then else cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf fi Modified: head/security/ossec-hids-server/files/patch-src__InstallServer.sh ============================================================================== --- head/security/ossec-hids-server/files/patch-src__InstallServer.sh Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/files/patch-src__InstallServer.sh Thu Apr 21 19:37:11 2016 (r413754) @@ -1,4 +1,4 @@ ---- src/InstallServer.sh.orig 2015-06-10 15:38:32 UTC +--- src/InstallServer.sh.orig 2015-10-12 21:21:06 UTC +++ src/InstallServer.sh @@ -44,13 +44,13 @@ fi @@ -21,7 +21,7 @@ elif [ "$UNAME" = "SunOS" ]; then grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -@@ -121,63 +121,47 @@ for i in ${subdirs}; do +@@ -121,66 +121,49 @@ for i in ${subdirs}; do done # Default for all directories @@ -70,6 +70,10 @@ chmod -R 750 ${DIR}/queue/agentless chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 +-chown -R root:${GROUP} ${DIR}/tmp +-chmod 1550 ${DIR}/tmp ++chmod 1750 ${DIR}/tmp + # For the stats directory -chown -R ${USER}:${GROUP} ${DIR}/stats @@ -87,7 +91,7 @@ chmod 660 ${DIR}/logs/active-responses.log # For the rules directory -@@ -195,7 +179,7 @@ if [ $? = 0 ]; then +@@ -198,7 +181,7 @@ if [ $? = 0 ]; then fi fi @@ -96,7 +100,7 @@ find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back -@@ -204,37 +188,33 @@ if [ $? = 0 ]; then +@@ -207,37 +190,33 @@ if [ $? = 0 ]; then mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml fi @@ -138,7 +142,7 @@ # Moving the binary files cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ -@@ -257,7 +237,6 @@ cp -pr util/rootcheck_control ${DIR}/bin +@@ -260,7 +239,6 @@ cp -pr util/rootcheck_control ${DIR}/bin cp -pr external/lua/src/ossec-lua ${DIR}/bin/ cp -pr external/lua/src/ossec-luac ${DIR}/bin/ cp -pr ../contrib/util.sh ${DIR}/bin/ @@ -146,7 +150,7 @@ chmod +x ${DIR}/bin/util.sh # Local install chosen -@@ -287,23 +266,15 @@ fi +@@ -290,23 +268,15 @@ fi cp -pr ../etc/internal_options.conf ${DIR}/etc/ cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/ @@ -172,7 +176,7 @@ rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 chmod 700 ${DIR}/.ssh -@@ -313,11 +284,9 @@ sh ./init/fw-check.sh execute > /dev/nul +@@ -316,11 +286,9 @@ sh ./init/fw-check.sh execute > /dev/nul cp -p ../active-response/*.sh ${DIR}/active-response/bin/ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ @@ -186,7 +190,7 @@ # Moving the config file -@@ -328,12 +297,11 @@ fi +@@ -331,12 +299,11 @@ fi ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then Modified: head/security/ossec-hids-server/files/patch-src__LOCATION ============================================================================== --- head/security/ossec-hids-server/files/patch-src__LOCATION Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/files/patch-src__LOCATION Thu Apr 21 19:37:11 2016 (r413754) @@ -1,5 +1,5 @@ ---- ./src/LOCATION.orig 2014-05-22 07:10:57.000000000 -0600 -+++ ./src/LOCATION 2014-07-13 15:24:45.561388082 -0600 +--- src/LOCATION.orig 2015-10-12 21:21:06 UTC ++++ src/LOCATION @@ -1 +1 @@ -DIR="/var/ossec" -+DIR="/usr/local/poudriere/ports/svn/security/ossec-hids-server/work/stage/usr/local/ossec-hids" ++DIR="/usr/ports/security/ossec-hids-server/work/stage/usr/local/ossec-hids" Modified: head/security/ossec-hids-server/files/patch-src__headers__defs.h ============================================================================== --- head/security/ossec-hids-server/files/patch-src__headers__defs.h Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/files/patch-src__headers__defs.h Thu Apr 21 19:37:11 2016 (r413754) @@ -1,6 +1,6 @@ ---- ./src/headers/defs.h.orig 2014-05-22 07:10:57.000000000 -0600 -+++ ./src/headers/defs.h 2014-07-13 15:24:45.559389869 -0600 -@@ -98,7 +98,7 @@ +--- src/headers/defs.h.orig 2015-10-12 21:21:06 UTC ++++ src/headers/defs.h +@@ -98,7 +98,7 @@ http://www.ossec.net/main/license/\n" #endif #ifndef DEFAULTDIR Added: head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema Thu Apr 21 19:37:11 2016 (r413754) @@ -0,0 +1,11 @@ +--- src/os_dbd/mysql.schema.orig 2015-10-12 21:21:06 UTC ++++ src/os_dbd/mysql.schema +@@ -45,7 +45,7 @@ CREATE TABLE server + last_contact INT UNSIGNED NOT NULL, + version VARCHAR(32) NOT NULL, + hostname VARCHAR(64) NOT NULL UNIQUE, +- information VARCHAR(128) NOT NULL, ++ information TEXT NOT NULL, + PRIMARY KEY (id) + ); + Added: head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema Thu Apr 21 19:37:11 2016 (r413754) @@ -0,0 +1,11 @@ +--- src/os_dbd/postgresql.schema.orig 2015-10-12 21:21:06 UTC ++++ src/os_dbd/postgresql.schema +@@ -47,7 +47,7 @@ CREATE TABLE server + last_contact INT8 NOT NULL, + version VARCHAR(32) NOT NULL, + hostname VARCHAR(64) NOT NULL UNIQUE, +- information VARCHAR(128) NOT NULL, ++ information TEXT NOT NULL, + PRIMARY KEY (id) + ); + Modified: head/security/ossec-hids-server/pkg-plist ============================================================================== --- head/security/ossec-hids-server/pkg-plist Thu Apr 21 19:29:14 2016 (r413753) +++ head/security/ossec-hids-server/pkg-plist Thu Apr 21 19:37:11 2016 (r413754) @@ -48,10 +48,6 @@ %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt -@owner ossec -@mode 660 -%%PORTNAME%%/logs/active-responses.log -%%PORTNAME%%/logs/ossec.log @owner @group @mode @@ -116,6 +112,8 @@ %%PORTNAME%%/rules/web_rules.xml %%PORTNAME%%/rules/wordpress_rules.xml %%PORTNAME%%/rules/zeus_rules.xml +@owner root +@group ossec %%PORTNAME%%/agentless/main.exp %%PORTNAME%%/agentless/register_host.sh %%PORTNAME%%/agentless/ssh.exp @@ -128,8 +126,6 @@ %%PORTNAME%%/agentless/ssh_pixconfig_diff %%PORTNAME%%/agentless/sshlogin.exp %%PORTNAME%%/agentless/su.exp -@owner root -@group ossec @mode 550 @dir %%PORTNAME%%/.ssh @dir %%PORTNAME%%/active-response/bin