Date: Sun, 12 Mar 2017 17:07:23 +0000 (UTC) From: Nikolai Lifanov <lifanov@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r435996 - in head: . security security/samhain security/samhain-client security/samhain-server security/samhain/files Message-ID: <201703121707.v2CH7Ng5054672@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lifanov Date: Sun Mar 12 17:07:23 2017 New Revision: 435996 URL: https://svnweb.freebsd.org/changeset/ports/435996 Log: add ports for Samhain Intrusion Detection System Samhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only one report, while subsequent checks of that file will ignore the modification as it is already reported (unless the file is modified again). Samhain can optionally be used as client/server system to provide centralized monitoring for multiple host. Logging to a (MySQL or PostgreSQL) database is supported. PR: 214623 Submitted by: Nikola Kolev <koue@chaosophia.net> Added: head/security/samhain/ head/security/samhain-client/ head/security/samhain-client/Makefile (contents, props changed) head/security/samhain-server/ head/security/samhain-server/Makefile (contents, props changed) head/security/samhain/Makefile (contents, props changed) head/security/samhain/distinfo (contents, props changed) head/security/samhain/files/ head/security/samhain/files/fixsamhainrc.patch (contents, props changed) head/security/samhain/files/fixyulerc.patch (contents, props changed) head/security/samhain/files/patch-config.h.in (contents, props changed) head/security/samhain/pkg-descr (contents, props changed) head/security/samhain/pkg-message (contents, props changed) head/security/samhain/pkg-plist (contents, props changed) Modified: head/GIDs head/UIDs head/security/Makefile Modified: head/GIDs ============================================================================== --- head/GIDs Sun Mar 12 16:44:33 2017 (r435995) +++ head/GIDs Sun Mar 12 17:07:23 2017 (r435996) @@ -107,7 +107,7 @@ octoprint:*:162: _iked:*:163: lightdm:*:164: uwsgi:*:165: -# free: 166 +yule:*:166: # free: 167 # free: 168 # free: 169 Modified: head/UIDs ============================================================================== --- head/UIDs Sun Mar 12 16:44:33 2017 (r435995) +++ head/UIDs Sun Mar 12 17:07:23 2017 (r435996) @@ -112,7 +112,7 @@ octoprint:*:162:162::0:0:OctoPrint Daemo _iked:*:163:163::0:0:IKEv2 Daemon:/var/empty:/usr/sbin/nologin lightdm:*:164:164::0:0:Light Display Manager:/var/lib/lightdm-data:/usr/sbin/nologin uwsgi:*:165:165::0:0:uwsgi Daemon:/nonexistent:/usr/sbin/nologin -# free: 166 +yule:*:166:166::0:0:Samhain Daemon:/nonexistent:/usr/sbin/nologin # free: 167 # free: 168 # free: 169 Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Sun Mar 12 16:44:33 2017 (r435995) +++ head/security/Makefile Sun Mar 12 17:07:23 2017 (r435996) @@ -1064,6 +1064,9 @@ SUBDIR += s2n SUBDIR += safesh SUBDIR += samba-virusfilter + SUBDIR += samhain + SUBDIR += samhain-client + SUBDIR += samhain-server SUBDIR += sancp SUBDIR += sasp SUBDIR += scamp Added: head/security/samhain-client/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain-client/Makefile Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,12 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +PKGNAMESUFFIX= -client + +COMMENT= Client daemon for the Samhain IDS + +WITH_CLIENT= yes + +MASTERDIR= ${.CURDIR}/../samhain + +.include "${MASTERDIR}/Makefile" Added: head/security/samhain-server/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain-server/Makefile Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,20 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +# This port recognizes the following non-boolean tunables: +# +# WITH_RUNAS_USER: +# Whe building with "WITH_SERVER" defined, the username of the +# account Yule will run as. Defaults to "yule". If using +# WITH_GNUPG, ensure that this user exists and has a pgp +# keypair before installing. + +PKGNAMESUFFIX= -server + +COMMENT= Log server for the Samhain IDS + +WITH_SERVER= yes + +MASTERDIR= ${.CURDIR}/../samhain + +.include "${MASTERDIR}/Makefile" Added: head/security/samhain/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/Makefile Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,220 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +PORTNAME= samhain +PORTVERSION= 4.2.0 +CATEGORIES= security +MASTER_SITES= http://la-samhna.de/archive/ +DISTNAME= samhain_signed-${PORTVERSION} + +MAINTAINER= koue@chaosophia.net +COMMENT= Samhain Intrusion Detection System + +LICENSE= GPLv2 + +OPTIONS_DEFINE= ASM DB_RELOAD DEBUG DNMALLOC ENCRYPT GNUPG IPV6 KCHECK LIBWRAP \ + LOGFILE_MONITOR LOGIN_WATCH MAIL MOUNTS_CHECK MYSQL ODBC PGSQL \ + PORT_CHECK PROCESS_CHECK POSIX_ACL PRELUDE PTRACE SRP STATIC \ + SUIDCHECK UDP USERFILES XML_LOGS +OPTIONS_DEFAULT=ASM DNMALLOC ENCRYPT IPV6 LIBWRAP MAIL SRP + +DB_RELOAD_DESC= Enable database reload on SIGHUP +DNMALLOC_DESC= Enable dnmalloc +ENCRYPT_DESC= Enable client/server encryption +KCHECK_DESC= Enable rogue KLD detection +LOGFILE_MONITOR_DESC= Enable monitor logfiles +LOGIN_WATCH_DESC= Enable watch for login/logout +MAIL_DESC= Enable internal SMTP mailer +MOUNTS_CHECK_DESC= Enable check mount options on filesystems +PORT_CHECK_DESC= Enable check ports +PROCESS_CHECK_DESC= Enable check processes +POSIX_ACL_DESC= Enable check posix acls +PRELUDE_DESC= Enable Prelude Framework support +PTRACE_DESC= Enable use anti-debugger options +SRP_DESC= Enable SRP for authentication +SUIDCHECK_DESC= Enable check for suid/sgid files +UDP_DESC= Enable UDP server +USERFILES_DESC= Enable check for users config files +XML_LOGS_DESC= Enable XML-formatted logs + +OPTIONS_SUB= yes + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var \ + --with-logserver=true \ + --with-altlogserver=true \ + --with-timeserver=true \ + --with-alttimeserver=true + +USES= shebangfix +SHEBANG_FILES= scripts/samhainadmin.pl.in + +ASM_CONFIGURE_ENABLE= asm + +DB_RELOAD_CONFIGURE_ENABLE= db-reload + +DEBUG_CONFIGURE_ENABLE= debug + +DNMALLOC_CONFIGURE_ENABLE= dnmalloc + +ENCRYPT_CONFIGURE_ENABLE= encrypt + +GNUPG_CONFIGURE_WITH= gpg=${PREFIX}/bin/gpg +GNUPG_BUILD_DEPENDS= gpg:${PORTSDIR}/security/gnupg + +IPV6_CONFIGURE_ENABLE= ipv6 + +KCHECK_CONFIGURE_WITH= kcheck + +LIBWRAP_CONFIGURE_WITH= libwrap + +LOGFILE_MONITOR_CONFIGURE_ENABLE= logfile-monitor + +LOGIN_WATCH_CONFIGURE_ENABLE= login-watch + +MAIL_CONFIGURE_ENABLE= mail + +MOUNTS_CHECK_CONFIGURE_ENABLE= mounts-check + +MYSQL_USES= mysql +MYSQL_CONFIGURE_ARGS= --with-database=mysql + +ODBC_CONFIGURE_ARGS= --with-database=odbc +ODBC_LIB_DEPENDS= libodbc.so:databases/unixODBC + +PGSQL_USES= pgsql +PGSQL_CONFIGURE_ARGS= --with-database=postgresql + +PORT_CHECK_CONFIGURE_ENABLE= port-check + +PROCESS_CHECK_CONFIGURE_ENABLE= process-check + +POSIX_ACL_CONFIGURE_ENABLE= posix-acl + +PRELUDE_LIB_DEPENDS= prelude:${PORTSDIR}/security/libprelude +PRELUDE_CONFIGURE_WITH= prelude + +PTRACE_CONFIGURE_ENABLE= ptrace + +SRP_CONFIGURE_ENABLE= srp + +STATIC_CONFIGURE_ENABLE= static + +SUIDCHECK_CONFIGURE_ENABLE= suidcheck + +UDP_CONFIGURE_ENABLE= udp + +USERFILES_CONFIGURE_ENABLE= userfiles + +XML_LOGS_CONFIGURE_ENABLE= xml-log + +.include <bsd.port.pre.mk> + +.if ${ARCH} == "amd64" +CFLAGS+= -fPIC +.endif + +.if defined(WITH_RUNAS_USER) +CONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER} +.else +CONFIGURE_ARGS+= --enable-identity=yule +.endif + +.if defined(WITH_CLIENT) +CONFIGURE_ARGS+= --enable-network=client \ + --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ + --with-config-file=REQ_FROM_SERVER +PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch +MAN5+= samhainrc.5 +MAN8+= samhain.8 +.elif defined(WITH_SERVER) +USERS= yule +GROUPS= yule +CONFIGURE_ARGS+= --enable-network=server +SUB_LIST+= WITH_YULE="yes" +PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch +MAN5+= yulerc.5 +MAN8+= yule.8 +.else +SUB_LIST+= WITH_YULE="" +PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch +MAN5+= samhainrc.5 +MAN8+= samhain.8 +.endif + +pre-everything:: + +.if !defined(WITH_CLIENT) && !defined(WITH_SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Building Samhain in standalone mode." + @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" + @${ECHO_MSG} "now, and build samhain from the samhain-client and" + @${ECHO_MSG} "samhain-server ports." + @${ECHO_MSG} +.endif + +.if defined(WITH_CLIENT) && defined(WITH_SERVER) +IGNORE= can't build client and server at once +.endif + +.if ${PORT_OPTIONS:MKCHECK} + @${ECHO_MSG} + @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem" + @${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit" + @${ECHO_MSG} "Control-C and restart the build as root." + @${ECHO_MSG} +.endif + +.if ${PORT_OPTIONS:MMYSQL} && ! ${PORT_OPTIONS:MXML_LOGS} +IGNORE= xml logging is required to log to MySQL +.endif + +.if ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MXML_LOGS} +IGNORE= xml logging is required to log to Postgres +.endif + +post-extract: + @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz + @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc + +post-install: +.if !defined(WITH_SERVER) + @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/samhain.sh + @${CP} ${WRKSRC}/samhainrc ${STAGEDIR}${PREFIX}/etc/samhainrc.sample + @${CHGRP} wheel ${STAGEDIR}${PREFIX}/etc/samhainrc.sample +.else + @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/yule.sh + @${CP} ${WRKSRC}/yulerc ${STAGEDIR}${PREFIX}/etc/yulerc.sample +.endif + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_4.pdf ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/README ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${STAGEDIR}${DOCSDIR} + +post-stage: +.if !defined(WITH_SERVER) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain +.endif +.if defined(WITH_CLIENT) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain_setpwd +.endif +.if defined(WITH_SERVER) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yulectl + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule_setpwd +.endif + +.include <bsd.port.post.mk> Added: head/security/samhain/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/distinfo Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,3 @@ +TIMESTAMP = 1479294621 +SHA256 (samhain_signed-4.2.0.tar.gz) = 6b2db91fc92b3a9fc2edcc6ee16438156753c05f69c114856289e9f25ba0e50a +SIZE (samhain_signed-4.2.0.tar.gz) = 2134438 Added: head/security/samhain/files/fixsamhainrc.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/files/fixsamhainrc.patch Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/samhainrc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ Added: head/security/samhain/files/fixyulerc.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/files/fixyulerc.patch Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/yulerc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ Added: head/security/samhain/files/patch-config.h.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/files/patch-config.h.in Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,15 @@ +--- config.h.in.orig 2016-11-16 12:14:22 UTC ++++ config.h.in +@@ -349,7 +349,11 @@ + #undef HAVE_UINT64_T + + /* Define if you have utmpx.h. */ +-#undef HAVE_UTMPX_H ++#define HAVE_UTMPX_H ++ ++#define UTMPX_FILE "/var/log/utx.active" ++ ++#define WTMPX_FILE "/var/log/utx.log" + + /* Define if your struct utmpx has ut_xtime. */ + #undef HAVE_UTXTIME Added: head/security/samhain/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/pkg-descr Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,12 @@ +Samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, +and and thus can remember file changes - contrary to a tool that runs +from cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +Samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +WWW: http://la-samhna.de/samhain/ Added: head/security/samhain/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/pkg-message Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,14 @@ + +############################################################### + +To start the samhain daemon at system boot, add: + +samhain_enable="YES" + +and/or + +yule_enable="YES" + +to /etc/rc.conf. + +############################################################### Added: head/security/samhain/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/samhain/pkg-plist Sun Mar 12 17:07:23 2017 (r435996) @@ -0,0 +1,31 @@ +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/FAQ.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html +%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_4.pdf +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE +%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt +%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt +%%PORTDOCS%%@dir %%DOCSDIR%% +%%SAMHAIN%%@dir /var/lib +%%SAMHAIN%%@dir /var/lib/samhain +%%SAMHAIN%%@sample etc/samhainrc.sample +%%SAMHAIN%%etc/rc.d/samhain.sh +%%SAMHAIN%%man/man5/samhainrc.5.gz +%%SAMHAIN%%man/man8/samhain.8.gz +%%SAMHAIN%%sbin/samhain +%%SETPWD%%sbin/samhain_setpwd +%%YULE%%@dir /var/lib/yule +%%YULE%%@dir /var/log/yule +%%YULE%%@sample etc/yulerc.sample +%%YULE%%@unexec echo "To delete the yule user permanently, use 'pw userdel yule'" +%%YULE%%etc/rc.d/yule.sh +%%YULE%%man/man5/yulerc.5.gz +%%YULE%%man/man8/yule.8.gz +%%YULE%%sbin/yule +%%YULE%%sbin/yule_setpwd +%%YULE%%sbin/yuleadmin.pl +%%YULE%%sbin/yulectl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703121707.v2CH7Ng5054672>