Site Navigation

Date:      Wed, 20 Jul 2005 23:49:54 +0000 (GMT)
From:      pauls@utdallas.edu
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        sem@FreeBSD.org
Subject:   ports/83812: new port, security/sguil-sensor, update to correct many problems
Message-ID:  <20050720234954.756233C8016@buttercup2.utdallas.edu>
Resent-Message-ID: <200507202250.j6KMoO1l084572@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         83812
>Category:       ports
>Synopsis:       new port, security/sguil-sensor, update to correct many problems
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 20 22:50:24 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     pauls@utdallas.edu
>Release:        FreeBSD 4.9-SECURITY i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 4.9-SECURITY FreeBSD 4.9-SECURITY #0: Mon Jun 7 18:02:41 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386


	i386
>Description:
	udpated PR to correct many problems with original submission
	please reserve uid/gid 116/116 sguil/sguil
>How-To-Repeat:
	
>Fix:

	

--- pr77473 begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	Makefile
#	distinfo
#	pkg-descr
#	pkg-message
#	pkg-plist
#	files/pkg-install.in
#	files/sensoragent.sh
#
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
X# New ports collection makefile for:	sguil-sensor
X# Date created:				9 Feb 2005
X# Whom:					Paul Schmehl <pauls@utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	sguil-sensor
XPORTVERSION=	0.5.3
XCATEGORIES=	security
XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR=	sguil
X
XMAINTAINER=	pauls@utdallas.edu
XCOMMENT=	Squil is a network security management program
X
XRUN_DEPENDS=	snort:${PORTSDIR}/security/snort \
X		barnyard:${PORTSDIR}/security/barnyard
XLIB_DEPENDS=	tclx83:${PORTSDIR}/lang/tclX
X
XOPTIONS=	SANCP "Enable SANCP support" Off
X
XNO_BUILD=	yes
XUSE_REINPLACE=	yes
XWITH_MYSQL=	yes
XTCLSH_CMD?=	tclsh8.4
XWRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
XPKGINSTALL=${WRKDIR}/pkg-install
XSUB_FILES=pkg-install
X
XPORTDOCS=	CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
X		OPENSSL.README TODO USAGE sguildb.dia
X
X.include <bsd.port.pre.mk>
X
XWITH_PCRE=	true
X
X.if defined(WITH_SANCP)
XRUN_DEPENDS+=	sancp:${PORTSDIR}/security/sancp
X.endif
X
Xpost-patch:
X.for f in sensor_agent.tcl
X	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/sensor/${f}
X.endfor
X
Xdo-install:
X	@${MKDIR} ${PREFIX}/bin/sguil-sensor
X
Xpost-install:
X	${SH} ${PKGINSTALL}
X	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl ${PREFIX}/bin/sguil-sensor/sensor_agent.tcl
X	${INSTALL_SCRIPT} -m 751 ${FILESDIR}/sensoragent.sh ${PREFIX}/etc/rc.d/sensoragent.sh-sample
X.for f in log_packets.sh
X	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample
X.endfor
X.for f in sensor_agent.conf
X	${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/etc/${f}-sample
X.endfor
X.if defined(WITH_SANCP)
X.for f in sancp.conf
X	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}-sample
X.endfor
X.endif
X.if !defined(NOPORTDOCS)
X	@${MKDIR} ${DOCSDIR}
X	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X	@${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-Makefile
echo x - distinfo
sed 's/^X//' >distinfo << 'END-of-distinfo'
XMD5 (sguil-sensor-0.5.3.tar.gz) = 681fa7e99aa674c0e2be4788ef503d69
XSIZE (sguil-sensor-0.5.3.tar.gz) = 89816
END-of-distinfo
echo x - pkg-descr
sed 's/^X//' >pkg-descr << 'END-of-pkg-descr'
XSguil is a network security management system.
X
XSguil (pronounced sgweel) is built by network security analysts for 
Xnetwork security analysts. Sguil's main component is an intuitive GUI 
Xthat provides realtime events from snort/barnyard. It also includes 
Xother components which facilitate event driven analysis of IDS alerts. 
XThe sguil client is written in tcl/tk and can be run on any operating 
Xsystem that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, 
Xand Win32).
X
XWant to learn more about Network Security Monitoring (NSM)? Then check 
Xout Richard Bejtlich's recently released book, The Tao of Network 
XSecurity Monitoring: Beyond Intrusion Detection. An excerpt reads:
X"Network security monitoring (NSM) equips security staff to deal with 
Xthe inevitable consequences of too few resources and too many 
Xresponsibilities. NSM collects the data needed to generate better 
Xassessment, detection, and response processes--resulting in decreased 
Ximpact from unauthorized activities."
X
XWWW: http://sguil.sourceforge.net/index.php
Xpauls@utdallas.edu
END-of-pkg-descr
echo x - pkg-message
sed 's/^X//' >pkg-message << 'END-of-pkg-message'
X         ***********************************
X         * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X         ***********************************
X
XYou MUST edit the log_packets.sh script (the script is located in 
X%%PREFIX%%/bin/sguil-sensor) to fit your configuration before running 
Xthe sguil-sensor.  See the %%PREFIX%%/%%DOCSDIR%%/INSTALL doc for details on the 
Xconfiguration and for croning the script.
X
XYou must ALSO edit the sensor_agent.conf file (located in %%PREFIX%%/etc/)
Xto reflect your configuration before starting the agent.
X
XIf you chose to run sancp, and you already had a sancp.conf file in
X%%PREFIX%%/etc, it was copied to sancp.conf-orig during the install. 
XThe new sancp.conf-sample file contains the settings for squil.
XIf you still want to maintain the customized sancp.conf file, then copy 
Xthe new sancp.conf-sample file to sguild-sancp.conf (for example) and edit
Xthe %%PREFIX%%/etc/rc.d/sancp.sh to reflect the new conf file name. Then
Xcopy the sancp.conf-orig file to sancp.conf to restore your original file.
XNote that this will require two custom sancp.sh scripts, so proceed accordingly.
END-of-pkg-message
echo x - pkg-plist
sed 's/^X//' >pkg-plist << 'END-of-pkg-plist'
Xbin/sguil-sensor/log_packets.sh-sample
Xbin/sguil-sensor/sensor_agent.tcl
Xetc/rc.d/sensoragent.sh-sample
Xetc/sancp.conf-sample
Xetc/sensor_agent.conf-sample
X@unexec if [ ! -f %D/bin/sguil-sensor/log_packets.sh ]; then rm -fr bin/sguil-sensor; fi
END-of-pkg-plist
echo x - files/pkg-install.in
sed 's/^X//' >files/pkg-install.in << 'END-of-files/pkg-install.in'
X#!/bin/sh
X
XPATH=/bin:/usr/sbin
X
XUSER=sguil
XGROUP=${USER}
XPREFIX=%%PREFIX%%
XHOMEDIR="${PREFIX}/bin/sguil-sensor"
X
Xif [ -f ${PREFIX}/etc/sancp.conf ]; then
X	cp ${PREFIX}/etc/sancp.conf ${PREFIX}/etc/sancp.conf-orig
Xfi
X
Xif pw group show "${GROUP}" 2>/dev/null; then
X	echo "You already have a group \"${GROUP}\", so I will use it."
Xelse
X	if pw groupadd ${GROUP}; then
X		echo "Added group \"${GROUP}\"."
X	else
X		echo "Adding group \"${GROUP}\" failed..."
X		exit 1
X	fi
Xfi
X
Xif pw user show "${USER}" 2>/dev/null; then
X	echo "You already have a user \"${USER}\", so I will use it."
X	if pw usermod ${USER} -d ${HOMEDIR}
X	then
X		echo "Changed home directory of \"${USER}\" to \"${HOMEDIR}\""
X	else
X		echo "Changing home directory of \"${USER}\" to \"${HOMEDIR}\" failed..."
X		exit 1
X	fi
Xelse
X	if pw useradd ${USER} -g ${GROUP} -h - \
X		-d ${HOMEDIR} -s /sbin/nologin -c "Sguil Sensor"
X	then
X		echo "Added user \"${USER}\"."
X	else
X		echo "Adding user \"${USER}\" failed..."
X		exit 1
X	fi
Xfi
X
Xchown -R ${USER}:${GROUP} ${HOMEDIR}
Xchmod 750 ${HOMEDIR}
END-of-files/pkg-install.in
echo x - files/sensoragent.sh
sed 's/^X//' >files/sensoragent.sh << 'END-of-files/sensoragent.sh'
X#!/bin/sh
X
XPROG=/usr/local/bin/sguil-sensor/sensor_agent.tcl
XCONF=/usr/local/etc/sensor_agent.conf
XPID=/var/run/sensor_agent.pid
XFLAGS="-D -c ${CONF}"
XTHIS=/usr/local/etc/rc.d/sensoragent.sh
X
Xcase "$1" in
X        start)
X		if [ -f ${PID} ]; then
X			echo "Sguil sensor is already running."
X		else
X                	${PROG} ${FLAGS}
X			echo "Starting sguil sensor......"
X		fi
X                ;;
X        stop)
X		if [ -f ${PID} ]; then
X			kill -TERM `cat ${PID}`
X			/bin/rm -f ${PID}
X			echo "Stopping sguil sensor......"
X		else
X			echo "Sguil sensor did not appear to be running."
X		fi
X                ;;
X	restart)
X		${THIS} stop
X		${THIS} start
X		echo "Restarting sguil sensor....."
X		sleep 2
X		${THIS} status
X		;;
X	status)
X		if [ -f ${PID} ];then
X			echo "Sguil sensor appears to be running."
X		else
X			echo "Sguil sensor does not appear to be running."
X		fi
X		;;
X        *)
X                echo ""
X                echo "Usage: `basename $0` { start | stop | restart | status }"
X                echo ""
X                exit 64
X                ;;
Xesac
END-of-files/sensoragent.sh
exit
--- pr77473 ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050720234954.756233C8016>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact