Date: Sat, 2 Jun 2007 12:31:54 -0500 (CDT) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/113260: security/ossec-hids-client Message-ID: <20070602173154.0942326183A@utd59514.utdallas.edu> Resent-Message-ID: <200706021740.l52He4bm025598@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 113260
>Category: ports
>Synopsis: security/ossec-hids-client
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sat Jun 02 17:40:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 6.0-SECURITY i386
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 6.0-SECURITY FreeBSD 6.0-SECURITY #0: Wed Feb 14 12:22:36 UTC 2007 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
The pkg-plist for this port was placed in the master port and called
from the master port Makefile, so it didn't work. This PR patches the
Makefile to call the pkg-plist correctly and adds a corrected pkg-plist
which is added to this port. The pkg-plist was corrected to use
@dirrmtry instead of @dirrm, because if the daemons have been started
once, new directories and files are added to the ossec-hids directory
structure that the port can't possibly know about in advance. Additional
file removals were added to properly remove all the installed files if the
port has never been used.
PLEASE NOTE: I have not tested this port with the related server port,
because I don't have the equipment to do that. On its own, the port
generates errors when you try to start the daemons. Those may be related
to the need for a running server and proper configuration of the port, but
I did not test that. This PR simply ensures that the port will install and
deinstall correctly.
>How-To-Repeat:
>Fix:
Without this patch, this port will not uninstall correctly and will generate
tons of errors about missing files.
--- patch-Makefile begins here ---
--- Makefile.orig Sat Jun 2 01:29:58 2007
+++ Makefile Sat Jun 2 01:24:25 2007
@@ -9,4 +9,6 @@
MASTERDIR= ${.CURDIR}/../ossec-hids-server
+PLIST= pkg-plist.client
+
.include "${MASTERDIR}/Makefile"
--- patch-Makefile ends here ---
--- pkg-plist.client begins here ---
%%PORTNAME%%/active-response/bin/firewalls/firewall-drop.sh
%%PORTNAME%%/active-response/bin/firewalls/ipfw.sh
%%PORTNAME%%/active-response/bin/firewalls/ipfw_mac.sh
%%PORTNAME%%/active-response/bin/firewalls/pf.sh
%%PORTNAME%%/active-response/bin/disable-account.sh
%%PORTNAME%%/active-response/bin/firewall-drop.sh
%%PORTNAME%%/active-response/bin/host-deny.sh
%%PORTNAME%%/active-response/bin/route-null.sh
%%PORTNAME%%/bin/manage_agents
%%PORTNAME%%/bin/ossec-agentd
%%PORTNAME%%/bin/ossec-control
%%PORTNAME%%/bin/ossec-execd
%%PORTNAME%%/bin/ossec-logcollector
%%PORTNAME%%/bin/ossec-syscheckd
%%PORTNAME%%/etc/internal_options.conf
%%PORTNAME%%/etc/shared/rootkit_trojans.txt
%%PORTNAME%%/etc/shared/rootkit_files.txt
%%PORTNAME%%/etc/localtime
@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
%%PORTNAME%%/etc/ossec.conf.sample
%%PORTNAME%%/logs/ossec.log
@dirrmtry %%PORTNAME%%/active-response/bin/firewalls
@dirrmtry %%PORTNAME%%/active-response/bin
@dirrmtry %%PORTNAME%%/active-response
@dirrmtry %%PORTNAME%%/etc/shared
@dirrmtry %%PORTNAME%%/etc/
@dirrmtry %%PORTNAME%%/var/run
@dirrmtry %%PORTNAME%%/var
@dirrmtry %%PORTNAME%%/queue/syscheck
@dirrmtry %%PORTNAME%%/queue/rids
@dirrmtry %%PORTNAME%%/queue/ossec
@dirrmtry %%PORTNAME%%/queue/alerts
@dirrmtry %%PORTNAME%%/queue
@dirrmtry %%PORTNAME%%/logs
@dirrmtry %%PORTNAME%%/bin
@dirrmtry %%PORTNAME%%
--- pkg-plist.client ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070602173154.0942326183A>