Date: Thu, 10 Apr 2008 22:32:02 -0500 (CDT) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/122646: security/sguil-sensor, port upgrade, new version Message-ID: <20080411033202.DE296347834@utd65257.utdallas.edu> Resent-Message-ID: <200804110350.m3B3o4Hd074935@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 122646 >Category: ports >Synopsis: security/sguil-sensor, port upgrade, new version >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Apr 11 03:50:04 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 7.0-STABLE i386 >Organization: University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 7.0-STABLE FreeBSD 7.0-STABLE #4: Mon Apr 7 15:22:19 CDT 2008 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: This PR upgrades the port to version 0.7.0. Committer: Please note there are three sguil ports; server, sensor and client. All three must be committed at the same time. In addition, the security/barnyard-sguil6 port must be repocopied to security/barnyard-sguil for this port to function. Please ensure that all four changes occur at the same time. There are two files in the existing port that should be removed; files/patch-sensor_agent.tcl and files/sensoragent.sh.in. Neither file is needed in the new port. >How-To-Repeat: >Fix: --- patch-Makefile begins here --- --- Makefile.orig 2007-01-16 06:45:11.000000000 -0600 +++ Makefile 2008-04-10 21:07:04.000000000 -0500 @@ -6,8 +6,7 @@ # PORTNAME= sguil-sensor -PORTVERSION= 0.6.1 -PORTREVISION= 1 +PORTVERSION= 0.7.0 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= sguil @@ -15,21 +14,23 @@ MAINTAINER= pauls@utdallas.edu COMMENT= Sguil is a network security monitoring program +LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls RUN_DEPENDS= snort:${PORTSDIR}/security/snort \ - barnyard:${PORTSDIR}/security/barnyard-sguil6 \ + barnyard:${PORTSDIR}/security/barnyard-sguil \ ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX -OPTIONS= SANCP "Include sancp support" off \ - TLS "Include openssl support" off +OPTIONS= SANCP "Include sancp sensor" off \ + PADS "Include pads sensor" off NO_BUILD= yes -USE_RC_SUBR= sensor_agent.sh +USE_RC_SUBR= example_agent.sh pcap_agent.sh snort_agent.sh TCLSH_CMD?= tclsh8.4 WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} SUB_LIST= SGUILDIR=${SGUILDIR} -SUB_FILES= pkg-message sensor_agent.sh +SUB_FILES= pkg-message example_agent.sh pcap_agent.sh snort_agent.sh PLIST_SUB= SGUILDIR=${SGUILDIR} SGUILDIR?= sguil-sensor +AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \ OPENSSL.README TODO UPGRADE USAGE sguildb.dia @@ -40,43 +41,75 @@ .if defined(WITH_SANCP) RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp +USE_RC_SUBR+= sancp_agent.sh +SUB_FILES+= sancp_agent.sh PLIST_SUB+= USESANCP= .else PLIST_SUB+= USESANCP="@comment " .endif -.if defined(WITH_TLS) -LIB_DEPENDS+= tls:${PORTSDIR}/devel/tcltls +.if defined(WITH_PADS) +RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads +USE_RC_SUBR+= pads_agent.sh +SUB_FILES+= pads_agent.sh +PLIST_SUB+= USEPADS= +.else +PLIST_SUB+= USEPADS="@comment " .endif post-patch: -.for f in sensor_agent.tcl +.for f in ${AGENTS} @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \ ${WRKSRC}/sensor/${f} + @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \ + ${WRKSRC}/sensor/${f} .endfor do-install: @${MKDIR} ${PREFIX}/bin/${SGUILDIR} - ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl \ - ${PREFIX}/bin/${SGUILDIR}/sensor_agent.tcl + @${MKDIR} ${PREFIX}/etc/${SGUILDIR} +.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl + ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ + ${PREFIX}/bin/${SGUILDIR}/${f} +.endfor .for f in log_packets.sh ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor -.for f in sensor_agent.conf +.for f in example_agent.conf pcap_agent.conf snort_agent.conf ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ - ${PREFIX}/etc/${f}-sample + ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor .for f in log_packets.conf ${INSTALL_DATA} ${FILESDIR}/${f} \ - ${PREFIX}/etc/${f}-sample + ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor .if defined(WITH_SANCP) +.for f in sancp_agent.conf + ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ + ${PREFIX}/etc/${SGUILDIR}/${f}-sample +.endfor .for f in sancp.conf ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ ${PREFIX}/etc/${f}-sample .endfor +.for f in sancp_agent.tcl + ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ + ${PREFIX}/bin/${SGUILDIR}/${f} +.endfor +.endif +.if defined(WITH_PADS) +.for f in pads_agent.conf + ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ + ${PREFIX}/etc/${SGUILDIR}/${f}-sample +.endfor +.for f in pads_agent.tcl + ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ + ${PREFIX}/bin/${SGUILDIR}/${f} +.endfor .endif +post-install: + .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} cd ${WRKSRC}/doc && ${INSTALL_DATA} \ --- patch-Makefile ends here --- --- patch-distinfo begins here --- --- distinfo.orig 2006-10-09 14:04:38.000000000 -0500 +++ distinfo 2008-04-10 21:07:04.000000000 -0500 @@ -1,3 +1,3 @@ -MD5 (sguil-sensor-0.6.1.tar.gz) = 62be71b0aa41ccacb7872839dc4bf5ad -SHA256 (sguil-sensor-0.6.1.tar.gz) = b1da0fffeaecd69b9d8eeeb27025fdc3493a2eabfec8ed4153f688f11ee226eb -SIZE (sguil-sensor-0.6.1.tar.gz) = 103441 +MD5 (sguil-sensor-0.7.0.tar.gz) = 911b3571fdaa00b7ddde3ec818232b3f +SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b +SIZE (sguil-sensor-0.7.0.tar.gz) = 68436 --- patch-distinfo ends here --- --- patch-pkg-descr begins here --- --- pkg-descr.orig 2006-10-09 14:04:38.000000000 -0500 +++ pkg-descr 2008-04-10 21:07:04.000000000 -0500 @@ -5,13 +5,14 @@ in order to function properly. The sensor list includes security/barnyard, security/snort, -security/sancp, tcpdump (a part of the OS) and devel/tcltls as -well as lang/tcl84 and lang/tclX. Care has been taken to ensure -that everything you need to build a working sguil operation is -in the FreeBSD ports system or part of the OS already. +security/sancp, net-mgmt/pads, tcpdump (a part of the OS) +and devel/tcltls as well as lang/tcl84 and lang/tclX. Care +has been taken to ensure that everything you need to build +a working sguil operation is in the FreeBSD ports system or +is part of the OS already. Sguil currently functions as an analysis interface and has -no snort sensor or rule management capabilities. +rule management capabilities. WWW: http://sguil.sourceforge.net/index.php pauls@utdallas.edu --- patch-pkg-descr ends here --- --- patch-pkg-plist begins here --- --- pkg-plist.orig 2006-10-09 14:04:38.000000000 -0500 +++ pkg-plist 2008-04-10 21:07:04.000000000 -0500 @@ -1,6 +1,15 @@ bin/%%SGUILDIR%%/log_packets.sh -bin/%%SGUILDIR%%/sensor_agent.tcl -etc/log_packets.conf-sample +bin/%%SGUILDIR%%/example_agent.tcl +bin/%%SGUILDIR%%/pcap_agent.tcl +bin/%%SGUILDIR%%/snort_agent.tcl +etc/%%SGUILDIR%%/example_agent.conf-sample +etc/%%SGUILDIR%%/pcap_agent.conf-sample +etc/%%SGUILDIR%%/snort_agent.conf-sample +etc/%%SGUILDIR%%/log_packets.conf-sample +%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl +%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample %%USESANCP%%etc/sancp.conf-sample -etc/sensor_agent.conf-sample +%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl +%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample @dirrm bin/%%SGUILDIR%% +@dirrmtry etc/%%SGUILDIR%% --- patch-pkg-plist ends here --- --- patch-files-log_packets.conf begins here --- --- files/log_packets.conf.orig 2006-10-09 14:04:38.000000000 -0500 +++ files/log_packets.conf 2008-04-10 21:07:04.000000000 -0500 @@ -2,6 +2,11 @@ # Make sure you verify the location of # each of the binaries on your OS +# Edit these for your setup + +# Sensors hostname. +# Note: If running multiple snort instances, then this must be different +# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) HOSTNAME="myhost" # Path to snort binary SNORT_PATH="/usr/local/bin/snort" --- patch-files-log_packets.conf ends here --- --- patch-files-patch-log_packets.sh begins here --- --- files/patch-log_packets.sh.orig 2006-10-09 14:04:38.000000000 -0500 +++ files/patch-log_packets.sh 2008-04-10 21:07:04.000000000 -0500 @@ -1,12 +1,13 @@ ---- sensor/log_packets.sh.orig Fri Mar 24 13:12:18 2006 -+++ sensor/log_packets.sh Mon Mar 27 17:22:54 2006 -@@ -23,37 +23,16 @@ +--- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500 ++++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500 +@@ -22,38 +22,16 @@ + # # ############################################################## - --# Edit these for your setup +# You shouldn't need to edit anything in this script +-# Edit these for your setup +- -# Sensors hostname. -# Note: If running multiple snort instances, then this must be different -# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) @@ -36,7 +37,7 @@ -#Some installs may need these -#LD_LIBRARY_PATH=/usr/local/lib/mysql -#export LD_LIBRARY_PATH -+CONF=/usr/local/etc/log_packets.conf ++CONF=/usr/local/etc/sguil-sensor/log_packets.conf +if [ -r ${CONF} ]; then + . ${CONF} +else --- patch-files-patch-log_packets.sh ends here --- --- example_agent.sh.in begins here --- #!/bin/sh # $FreeBSD$ # PROVIDE: example_agent # REQUIRE: DAEMON # KEYWORD: shutdown # Add the following line to /etc/%%SGUILDIR%%/rc.conf to enable example_agent: # example_agent_enable (bool): Set to YES to enable example_agent # Default: NO # example_agent_conf (str): Sensor_agent configuration file # Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf # . %%RC_SUBR%% name="example_agent" rcvar=`set_rcvar` command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl" procname="%%PREFIX%%/bin/tclsh8.4" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" [ -z "$example_agent_enable" ] && example_agent_enable="NO" [ -z "$example_agent_conf" ] && example_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf" load_rc_config $name run_rc_command "$1" --- example_agent.sh.in ends here --- --- pads_agent.sh.in begins here --- #!/bin/sh # $FreeBSD$ # PROVIDE: pads_agent # REQUIRE: DAEMON # KEYWORD: shutdown # Add the following line to /etc/sguil-sensor/rc.conf to enable pads_agent: # pads_agent_enable (bool): Set to YES to enable pads_agent # Default: NO # pads_agent_conf (str): Sensor_agent configuration file # Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf # . %%RC_SUBR%% name="pads_agent" rcvar=`set_rcvar` command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl" procname="%%PREFIX%%/bin/tclsh8.4" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" [ -z "$pads_agent_enable" ] && pads_agent_enable="NO" [ -z "$pads_agent_conf" ] && pads_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf" load_rc_config $name run_rc_command "$1" --- pads_agent.sh.in ends here --- --- pcap_agent.sh.in begins here --- #!/bin/sh # $FreeBSD$ # PROVIDE: pcap_agent # REQUIRE: DAEMON # KEYWORD: shutdown # Add the following line to /etc/rc.conf to enable pcap_agent: # pcap_agent_enable (bool): Set to YES to enable pcap_agent # Default: NO # pcap_agent_conf (str): Sensor_agent configuration file # Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf # . %%RC_SUBR%% name="pcap_agent" rcvar=`set_rcvar` command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl" procname="%%PREFIX%%/bin/tclsh8.4" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" [ -z "$pcap_agent_enable" ] && pcap_agent_enable="NO" [ -z "$pcap_agent_conf" ] && pcap_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf" load_rc_config $name run_rc_command "$1" --- pcap_agent.sh.in ends here --- --- sancp_agent.sh.in begins here --- #!/bin/sh # $FreeBSD$ # PROVIDE: sancp_agent # REQUIRE: DAEMON # KEYWORD: shutdown # Add the following line to /etc/sguil-sensor/rc.conf to enable sancp_agent: # sancp_agent_enable (bool): Set to YES to enable sancp_agent # Default: NO # sancp_agent_conf (str): Sensor_agent configuration file # Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf # . %%RC_SUBR%% name="sancp_agent" rcvar=`set_rcvar` command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl" procname="%%PREFIX%%/bin/tclsh8.4" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" [ -z "$sancp_agent_enable" ] && sancp_agent_enable="NO" [ -z "$sancp_agent_conf" ] && sancp_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf" load_rc_config $name run_rc_command "$1" --- sancp_agent.sh.in ends here --- --- snort_agent.sh.in begins here --- #!/bin/sh # $FreeBSD$ # PROVIDE: snort_agent # REQUIRE: DAEMON # KEYWORD: shutdown # Add the following line to /etc/sguil-sensor/rc.conf to enable snort_agent: # snort_agent_enable (bool): Set to YES to enable snort_agent # Default: NO # snort_agent_conf (str): Sensor_agent configuration file # Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf # . %%RC_SUBR%% name="snort_agent" rcvar=`set_rcvar` command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl" procname="%%PREFIX%%/bin/tclsh8.4" pidfile="/var/run/${name}.pid" check_pidfile="${pidfile} ${procname} /bin/sh" [ -z "$snort_agent_enable" ] && snort_agent_enable="NO" [ -z "$snort_agent_conf" ] && snort_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf" load_rc_config $name run_rc_command "$1" --- snort_agent.sh.in ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080411033202.DE296347834>