Date: Fri, 13 Sep 2019 07:45:37 +0000 (UTC) From: Bernhard Froehlich <decke@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r511915 - in head/security: . wazuh-agent wazuh-agent/files Message-ID: <201909130745.x8D7jbFg072399@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: decke Date: Fri Sep 13 07:45:37 2019 New Revision: 511915 URL: https://svnweb.freebsd.org/changeset/ports/511915 Log: The Wazuh agent runs on the hosts that you want to monitor. It is multi-platform and provides the following capabilities: - Log and data collection - File integrity monitoring - Rootkit and malware detection - Security policy monitoring. - Configuration assessments - Software inventory In addition, it communicates with the Wazuh manager, sending data in near real-time through an encrypted and authenticated channel. WWW: https://github.com/wazuh/wazuh PR: 237900 Submitted by: Michael Muenz <m.muenz@gmail.com> Added: head/security/wazuh-agent/ head/security/wazuh-agent/Makefile (contents, props changed) head/security/wazuh-agent/distinfo (contents, props changed) head/security/wazuh-agent/files/ head/security/wazuh-agent/files/patch-src_external_openssl_Makefile (contents, props changed) head/security/wazuh-agent/pkg-descr (contents, props changed) head/security/wazuh-agent/pkg-plist (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Fri Sep 13 07:21:51 2019 (r511914) +++ head/security/Makefile Fri Sep 13 07:45:37 2019 (r511915) @@ -1307,6 +1307,7 @@ SUBDIR += vxquery SUBDIR += w3af SUBDIR += wapiti + SUBDIR += wazuh-agent SUBDIR += webfwlog SUBDIR += webscarab SUBDIR += whatweb Added: head/security/wazuh-agent/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wazuh-agent/Makefile Fri Sep 13 07:45:37 2019 (r511915) @@ -0,0 +1,104 @@ +# $FreeBSD$ + +PORTNAME= wazuh +DISTVERSIONPREFIX= v +DISTVERSION= 3.9.5 +CATEGORIES= security +MASTER_SITES= https://packages.wazuh.com/deps/3.9/ +PKGNAMESUFFIX= -agent +DISTFILES= cJSON.tar.gz src_cpython.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \ + libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz zlib.tar.gz \ + audit-userspace.tar.gz msgpack.tar.gz +DIST_SUBDIR= ${PORTNAME}-${DISTVERSION} +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} + +MAINTAINER= m.muenz@gmail.com +COMMENT= Security tool to monitor and check logs and intrusions + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= curl:ftp/curl +RUN_DEPENDS= curl:ftp/curl + +USES= gmake perl5 readline shebangfix uidfix + +USE_GITHUB= yes + +CONFLICTS_INSTALL= ossec-* + +SHEBANG_FILES= ${WRKSRC}/contrib/util.sh \ + ${WRKSRC}/src/external/openssl/Configurations/unix-checker.pm \ + ${WRKSRC}/src/init/ossec-client.sh \ + ${WRKSRC}/wodles/oscap/oscap.py \ + ${WRKSRC}/active-response/*.sh + +USERS= ossec ossecm ossecr +GROUPS= ossec + +OSSEC_GROUP= ossec +OSSEC_USER= ossec + +WAZUHPREFIX= /var/ossec + +WAZUHMOD750= / /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \ + /active-response /active-response/bin /agentless /var /backup /queue/rids \ + /wodles/oscap /wodles/oscap/content + +WAZUHMOD770= /logs /queue/alerts /queue/ossec /etc /etc/shared /.ssh /var/run /var/upgrade \ + /var/wodles /var/incoming + +# extract all extra distfiles in src/external +post-extract: + @for file in ${DISTFILES}; do \ + if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \ + then \ + exit 1; \ + fi; \ + done + +post-patch: + @${REINPLACE_CMD} -e 's|/usr/bin/perl|${PERL}|g' \ + ${WRKSRC}/src/external/openssl/Makefile \ + ${WRKSRC}/src/external/openssl/configdata.pm + +do-build: + @cd ${WRKSRC}/src && ${GMAKE} TARGET=agent + +do-install: + @for mod750 in ${WAZUHMOD750}; do \ + ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \ + done + + @for mod770 in ${WAZUHMOD770}; do \ + ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \ + done + + ${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp + ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/ + ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin + ${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib + ${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin + ${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ + ${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/ + ${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ + ${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf + ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf + ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample + ${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys + ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log + ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json + ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log + ${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ + ${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control + ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/ + ${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/ + ${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/ + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap + ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap + +.include <bsd.port.mk> Added: head/security/wazuh-agent/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wazuh-agent/distinfo Fri Sep 13 07:45:37 2019 (r511915) @@ -0,0 +1,27 @@ +TIMESTAMP = 1568194130 +SHA256 (wazuh-3.9.5/cJSON.tar.gz) = 8c517c658209cb96c2dcdfdd6bf7bb434adfb2fff3484b3464d2750cafd74e76 +SIZE (wazuh-3.9.5/cJSON.tar.gz) = 20001 +SHA256 (wazuh-3.9.5/src_cpython.tar.gz) = 7df9bf6560b77de0ab0279cb0b9e1f51dd28d0d20c26f640feab976208daf2d7 +SIZE (wazuh-3.9.5/src_cpython.tar.gz) = 78209203 +SHA256 (wazuh-3.9.5/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66 +SIZE (wazuh-3.9.5/curl.tar.gz) = 3692998 +SHA256 (wazuh-3.9.5/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b +SIZE (wazuh-3.9.5/libdb.tar.gz) = 4283467 +SHA256 (wazuh-3.9.5/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69 +SIZE (wazuh-3.9.5/libffi.tar.gz) = 964576 +SHA256 (wazuh-3.9.5/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a +SIZE (wazuh-3.9.5/libyaml.tar.gz) = 424656 +SHA256 (wazuh-3.9.5/openssl.tar.gz) = ed55973f4b604b9c27bb660fcdf85f69335b80b07c3bf4c63528ed8fcd74a678 +SIZE (wazuh-3.9.5/openssl.tar.gz) = 5603935 +SHA256 (wazuh-3.9.5/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2 +SIZE (wazuh-3.9.5/procps.tar.gz) = 55692 +SHA256 (wazuh-3.9.5/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2 +SIZE (wazuh-3.9.5/sqlite.tar.gz) = 1980218 +SHA256 (wazuh-3.9.5/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01 +SIZE (wazuh-3.9.5/zlib.tar.gz) = 643568 +SHA256 (wazuh-3.9.5/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434 +SIZE (wazuh-3.9.5/audit-userspace.tar.gz) = 1682820 +SHA256 (wazuh-3.9.5/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2 +SIZE (wazuh-3.9.5/msgpack.tar.gz) = 591294 +SHA256 (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 3761377e6e0f639c9b4542a72a5519f36323a251f04eddaf802205ebded42334 +SIZE (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 14789176 Added: head/security/wazuh-agent/files/patch-src_external_openssl_Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wazuh-agent/files/patch-src_external_openssl_Makefile Fri Sep 13 07:45:37 2019 (r511915) @@ -0,0 +1,11 @@ +--- src/external/openssl/Makefile.orig 2019-09-11 11:27:31 UTC ++++ src/external/openssl/Makefile +@@ -73,7 +73,7 @@ HTMLSUFFIX=html + + CROSS_COMPILE= + CC= $(CROSS_COMPILE)cc +-CFLAGS=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR="\"$(OPENSSLDIR)\"" -DENGINESDIR="\"$(ENGINESDIR)\"" -O ++CFLAGS=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR="\"$(OPENSSLDIR)\"" -DENGINESDIR="\"$(ENGINESDIR)\"" -O -fPIC + CFLAGS_Q=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR=\"\\\"$(OPENSSLDIR)\\\"\" -DENGINESDIR=\"\\\"$(ENGINESDIR)\\\"\" + LDFLAGS= + PLIB_LDFLAGS= Added: head/security/wazuh-agent/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wazuh-agent/pkg-descr Fri Sep 13 07:45:37 2019 (r511915) @@ -0,0 +1,14 @@ +The Wazuh agent runs on the hosts that you want to monitor. +It is multi-platform and provides the following capabilities: + +- Log and data collection +- File integrity monitoring +- Rootkit and malware detection +- Security policy monitoring. +- Configuration assessments +- Software inventory + +In addition, it communicates with the Wazuh manager, sending data in near +real-time through an encrypted and authenticated channel. + +WWW: https://github.com/wazuh/wazuh Added: head/security/wazuh-agent/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wazuh-agent/pkg-plist Fri Sep 13 07:45:37 2019 (r511915) @@ -0,0 +1,98 @@ +@info(root,ossec,0750) /var/ossec/active-response/bin/default-firewall-drop.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/disable-account.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/firewalld-drop.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/host-deny.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/ip-customblock.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/ipfw_mac.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/kaspersky.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/npf.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-slack.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/ossec-tweeter.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/pf.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/restart-ossec.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/restart.sh +@info(root,ossec,0750) /var/ossec/active-response/bin/route-null.sh +@info(root,ossec,0750) /var/ossec/agentless/main.exp +@info(root,ossec,0750) /var/ossec/agentless/register_host.sh +@info(root,ossec,0750) /var/ossec/agentless/ssh.exp +@info(root,ossec,0750) /var/ossec/agentless/ssh_asa-fwsmconfig_diff +@info(root,ossec,0750) /var/ossec/agentless/ssh_foundry_diff +@info(root,ossec,0750) /var/ossec/agentless/ssh_generic_diff +@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_bsd +@info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_linux +@info(root,ossec,0750) /var/ossec/agentless/ssh_nopass.exp +@info(root,ossec,0750) /var/ossec/agentless/ssh_pixconfig_diff +@info(root,ossec,0750) /var/ossec/agentless/sshlogin.exp +@info(root,ossec,0750) /var/ossec/agentless/su.exp +@info(root,root,0750) /var/ossec/bin/agent-auth +@info(root,root,0750) /var/ossec/bin/manage_agents +@info(root,root,0750) /var/ossec/bin/ossec-agentd +@info(root,root,0750) /var/ossec/bin/ossec-control +@info(root,root,0750) /var/ossec/bin/ossec-execd +@info(root,root,0750) /var/ossec/bin/ossec-logcollector +@info(root,root,0750) /var/ossec/bin/ossec-syscheckd +@info(root,root,0750) /var/ossec/bin/util.sh +@info(root,root,0750) /var/ossec/bin/wazuh-modulesd +@info(root,ossec,0640) /var/ossec/etc/client.keys +@info(root,ossec,0640) /var/ossec/etc/internal_options.conf +@info(root,ossec,0640) /var/ossec/etc/local_internal_options.conf +@info(root,ossec,0640) /var/ossec/etc/ossec.conf.sample +@info(root,ossec,0640) /var/ossec/etc/ossec.conf +@info(root,ossec,0660) /var/ossec/etc/shared/cis_apache2224_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_debian_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles11_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_sles12_linux_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_files.txt +@info(root,ossec,0660) /var/ossec/etc/shared/rootkit_trojans.txt +@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/system_audit_ssh.txt +@info(root,ossec,0660) /var/ossec/etc/shared/win_applications_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/win_audit_rcl.txt +@info(root,ossec,0660) /var/ossec/etc/shared/win_malware_rcl.txt +@info(root,ossec,0640) /var/ossec/etc/wpk_root.pem +@info(root,ossec,0750) /var/ossec/lib/libwazuhext.so +@info(ossec,ossec,0666) /var/ossec/logs/active-responses.log +@info(ossec,ossec,0666) /var/ossec/logs/ossec.json +@info(ossec,ossec,0666) /var/ossec/logs/ossec.log +@info(root,ossec,0750) /var/ossec/wodles/oscap/oscap.py +@info(root,ossec,0750) /var/ossec/wodles/oscap/template_oval.xsl +@info(root,ossec,0750) /var/ossec/wodles/oscap/template_xccdf.xsl +@dir(root,ossec,0770) /var/ossec/.ssh +@dir(root,ossec,0750) /var/ossec/active-response/bin +@dir(root,ossec,0750) /var/ossec/active-response +@dir(root,ossec,0750) /var/ossec/agentless +@dir(root,ossec,0750) /var/ossec/backup +@dir(root,wheel,0750) /var/ossec/bin +@dir(root,ossec,0770) /var/ossec/etc/shared +@dir(ossec,ossec,0770) /var/ossec/etc +@dir(root,ossec,0750) /var/ossec/lib +@dir(ossec,ossec,0750) /var/ossec/logs/ossec +@dir(ossec,ossec,0770) /var/ossec/logs +@dir(ossec,ossec,0770) /var/ossec/queue/alerts +@dir(ossec,ossec,0750) /var/ossec/queue/diff +@dir(ossec,ossec,0770) /var/ossec/queue/ossec +@dir(ossec,ossec,0750) /var/ossec/queue/rids +@dir(root,ossec,0750) /var/ossec/queue +@dir(root,ossec,0750) /var/ossec/ruleset/sca +@dir(root,ossec,0750) /var/ossec/ruleset +@dir(root,ossec,1770) /var/ossec/tmp +@dir(root,ossec,0770) /var/ossec/var/incoming +@dir(root,ossec,0770) /var/ossec/var/run +@dir(root,ossec,0770) /var/ossec/var/upgrade +@dir(root,ossec,0770) /var/ossec/var/wodles +@dir(root,ossec,0750) /var/ossec/var +@dir(root,ossec,0750) /var/ossec/wodles/oscap/content +@dir(root,ossec,0750) /var/ossec/wodles/oscap +@dir(root,ossec,0750) /var/ossec/wodles +@dir(root,ossec,0750) /var/ossec
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909130745.x8D7jbFg072399>