Date: Sat, 23 Jul 2005 16:28:52 -0500 (CDT) From: pauls@utdallas.edu To: FreeBSD-gnats-submit@FreeBSD.org Cc: sem@FreeBSD.org Subject: ports/83964: security/sguil-sensor, resubmission to fix multiple problems Message-ID: <20050723212852.D21557E81B@secman.utdallas.edu> Resent-Message-ID: <200507232130.j6NLUEWm051543@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 83964
>Category: ports
>Synopsis: security/sguil-sensor, resubmission to fix multiple problems
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Jul 23 21:30:14 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 5.3-SECURITY i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 5.3-SECURITY FreeBSD 5.3-SECURITY #0: Wed Jun 29 23:51:29 UTC 2005 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
i386
>Description:
new port submission - supercededs pr77690 - corrects many problems in original port submission
>How-To-Repeat:
>Fix:
--- pr77690 begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# Makefile
# distinfo
# files/patch-sguild
# files/patch-sguild.access
# files/patch-sguild.conf
# files/pkg-message.in
# files/pkg-plist.in
# files/sguild.sh.in
# pkg-descr
#
echo x - Makefile
sed 's/^X//' >Makefile << 'END-of-Makefile'
X# New ports collection makefile for: sguil-server
X# Date created: 14 Feb 2005
X# Whom: Paul Schmehl <pauls@utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sguil-server
XPORTVERSION= 0.5.3
XCATEGORIES= security
XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR= sguil
X
XMAINTAINER= pauls@utdallas.edu
XCOMMENT= Squil is a network security management program
X
XRUN_DEPENDS= p0f:${PORTSDIR}/net-mgmt/p0f \
X tcpflow:${PORTSDIR}/net/tcpflow \
X dtplite:${PORTSDIR}/devel/tcllib \
X ${LOCALBASE}/lib/tcl8.4/mysqltcl:${PORTSDIR}/databases/mysqltcl
XLIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls \
X tclx83:${PORTSDIR}/lang/tclX
X
XNO_BUILD= yes
XUSE_REINPLACE= yes
XUSE_RC_SUBR= sguild.sh
XUSE_MYSQL= yes
XWANT_MSQL_VER= 41
XTCLSH_CMD?= tclsh8.4
XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
XPATCH_WRKSRC= ${WRKSRC}/server
XSUB_FILES= pkg-message pkg-plist
XSUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD}
X
XPORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
X OPENSSL.README TODO USAGE sguildb.dia
X
X.include <bsd.port.pre.mk>
X
XSGUILDIR?= sguil-server
Xpost-patch:
X.for f in archive_sguildb.tcl sguild
X @${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f}
X.endfor
X
Xdo-install:
X @${MKDIR} ${PREFIX}/etc/${SGUILDIR}
X @${MKDIR} ${PREFIX}/bin/${SGUILDIR}
X @${MKDIR} ${PREFIX}/bin/${SGUILDIR}/lib
X @${MKDIR} ${PREFIX}/etc/${SGUILDIR}/sql_scripts
X
Xpost-install:
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/sguild ${PREFIX}/bin/${SGUILDIR}/sguild
X ${INSTALL_SCRIPT} -m 751 ${WRKDIR}/sguild.sh ${PREFIX}/etc/rc.d/sguild.sh-sample
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/archive_sguildb.tcl \
X ${PREFIX}/bin/${SGUILDIR}/archive_sguildb.tcl
X.for f in autocat.conf sguild.conf sguild.access sguild.queries sguild.reports sguild.users
X ${INSTALL_DATA} ${WRKSRC}/server/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample
X.endfor
X.for f in SguildAccess.tcl SguildAutoCat.tcl SguildClientCmdRcvd.tcl SguildConnect.tcl \
X SguildCreateDB.tcl SguildEmailEvent.tcl SguildEvent.tcl SguildGenericDB.tcl \
X SguildHealthChecks.tcl SguildLoaderd.tcl SguildQueryd.tcl SguildReportBuilder.tcl \
X SguildSendComms.tcl SguildSensorCmdRcvd.tcl SguildTranscript.tcl SguildUtils.tcl
X ${INSTALL_DATA} ${WRKSRC}/server/lib/${f} ${PREFIX}/bin/${SGUILDIR}/lib/${f}
X.endfor
X.for f in create_ruledb.sql create_sguildb.sql update_sguildb_v5-v6.sql \
X update_sguildb_v6-v7.sql update_sguildb_v7-v8.sql update_sguildb_v8-v9.sql \
X update_sguildb_v9-v10.sql
X ${INSTALL_DATA} ${WRKSRC}/server/sql_scripts/${f} ${PREFIX}/etc/${SGUILDIR}/sql_scripts/${f}
X.endfor
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X @${CHOWN} -R sguil:sguil ${PREFIX}/bin/${SGUILDIR}
X @${CHOWN} -R sguil:sguil ${PREFIX}/etc/${SGUILDIR}
X @${CHOWN} sguil:sguil ${PREFIX}/etc/rc.d/sguild.sh-sample
X @${CAT} ${PKGMESSAGE}
X.include <bsd.port.post.mk>
END-of-Makefile
echo x - distinfo
sed 's/^X//' >distinfo << 'END-of-distinfo'
XMD5 (sguil-server-0.5.3.tar.gz) = 7270f457a36f45bd41866ebddcb45e45
XSIZE (sguil-server-0.5.3.tar.gz) = 62861
END-of-distinfo
echo x - files/patch-sguild
sed 's/^X//' >files/patch-sguild << 'END-of-files/patch-sguild'
X--- sguild.orig Thu Jul 21 11:29:29 2005
X+++ sguild Thu Jul 21 11:30:51 2005
X@@ -178,7 +178,7 @@
X package require tls
X # Check for certs
X if {![info exists CERTS_PATH]} {
X- set CERTS_PATH /etc/sguild/certs
X+ set CERTS_PATH /usr/local/etc/sguil-server/certs
X }
X if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} {
X puts "ERROR: $CERTS_PATH does not exist or is not a directory"
X@@ -205,13 +205,13 @@
X
X if { ![info exists CONF_FILE] } {
X # No conf file specified check the defaults
X- if { [file exists /etc/sguild/sguild.conf] } {
X- set CONF_FILE /etc/sguild/sguild.conf
X+ if { [file exists /usr/local/etc/sguil-server/sguild.conf] } {
X+ set CONF_FILE /usr/local/etc/sguil-server/sguild.conf
X } elseif { [file exists ./sguild.conf] } {
X set CONF_FILE ./sguild.conf
X } else {
X puts "Couldn't determine where the sguil config file is"
X- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
X+ puts "Looked for ./sguild.conf and /usr/local/etc/sguil-server/sguild.conf."
X DisplayUsage $argv0
X }
X }
X@@ -286,17 +286,17 @@
X # Check for a valid USERS file
X if { ![info exists USERS_FILE] } {
X # No users file was specified. Go with the defaults
X- if { [file exists /etc/sguild/sguild.users] } {
X- set USERS_FILE "/etc/sguild/sguild.users"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.users] } {
X+ set USERS_FILE "/usr/local/etc/sguil-server/sguild.users"
X } elseif { [file exists ./sguild.users] } {
X set USERS_FILE "./sguild.users"
X } else {
X if { [info exists ADDUSER] && $ADDUSER } {
X- CreateUsersFile "/etc/sguild/sguil.users"
X+ CreateUsersFile "/usr/local/etc/sguil-server/sguil.users"
X } else {
X set DEBUG 2
X LogMessage "ERROR: Could not find a sguild.users file."
X- LogMessage " Checked in ./ and /etc/sguild/"
X+ LogMessage " Checked in ./ and /usr/local/etc/sguil-server/"
X DisplayUsage $argv0
X }
X }
X@@ -324,8 +324,8 @@
X # Load accessfile
X if { ![info exists ACCESS_FILE] } {
X # Check the defaults
X- if { [file exists /etc/sguild/sguild.access] } {
X- set ACCESS_FILE "/etc/sguild/sguild.access"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.access] } {
X+ set ACCESS_FILE "/usr/local/etc/sguil-server/sguild.access"
X } elseif { [file exists ./sguild.access] } {
X set ACCESS_FILE "./sguild.access"
X } else {
X@@ -339,8 +339,8 @@
X }
X # Load auto cat config
X if { ![info exists AUTOCAT_FILE] } {
X- if { [file exists /etc/sguild/autocat.conf] } {
X- set AUTOCAT_FILE "/etc/sguild/autocat.conf"
X+ if { [file exists /usr/local/etc/sguil-server/autocat.conf] } {
X+ set AUTOCAT_FILE "/usr/local/etc/sguil-server/autocat.conf"
X } else {
X set AUTOCAT_FILE "./autocat.conf"
X }
X@@ -350,8 +350,8 @@
X }
X # Load global queries.
X if { ![info exists GLOBAL_QRY_FILE] } {
X- if { [file exists /etc/sguild/sguild.queries] } {
X- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.queries] } {
X+ set GLOBAL_QRY_FILE "/usr/local/etc/sguil-server/sguild.queries"
X } else {
X set GLOBAL_QRY_FILE "./sguild.queries"
X }
X@@ -363,8 +363,8 @@
X }
X # Load report queries.
X if { ![info exists REPORT_QRY_FILE] } {
X- if { [file exists /etc/sguild/sguild.reports] } {
X- set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.reports] } {
X+ set REPORT_QRY_FILE "/usr/local/etc/sguil-server/sguild.reports"
X } else {
X set REPORT_QRY_FILE "./sguild.reports"
X }
END-of-files/patch-sguild
echo x - files/patch-sguild.access
sed 's/^X//' >files/patch-sguild.access << 'END-of-files/patch-sguild.access'
X--- sguild.access.orig Tue Jul 19 16:19:15 2005
X+++ sguild.access Tue Jul 19 16:20:26 2005
X@@ -4,7 +4,8 @@
X # This file is used by sguild for access control. It is read upon init #
X # or when sguild receives a HUP signal. #
X # #
X-# By default, sguild will look first for /etc/sguild/sguild.access, #
X+# By default, sguild will look first for #
X+# /usr/local/etc/sguild/sguild.access, #
X # then ./sguild.access unless the -A /path/to/sguild.access switch #
X # is used. #
X # #
END-of-files/patch-sguild.access
echo x - files/patch-sguild.conf
sed 's/^X//' >files/patch-sguild.conf << 'END-of-files/patch-sguild.conf'
X--- sguild.conf.orig Tue Jul 19 16:19:24 2005
X+++ sguild.conf Tue Jul 19 16:21:54 2005
X@@ -60,7 +60,7 @@
X
X # You MUST have tcpflow installed to get xscripts
X # http://www.circlemud.org/~jelson/software/tcpflow/
X-set TCPFLOW "/usr/bin/tcpflow"
X+set TCPFLOW "/usr/local/bin/tcpflow"
X
X # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
X # If you have p0f (a passive OS fingerprinting system) installed, you can have
X@@ -71,7 +71,7 @@
X
X # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
X # add any others you may need here.
X-set P0F_PATH "/usr/sbin/p0f"
X+set P0F_PATH "/usr/local/bin/p0f"
X
X # Enable the emailing of events. Don't worry about the other email options if this
X # is NOT enabled.
END-of-files/patch-sguild.conf
echo x - files/pkg-message.in
sed 's/^X//' >files/pkg-message.in << 'END-of-files/pkg-message.in'
X ***********************************
X * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X ***********************************
X
XIf you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
Xthey were not overwritten. If this is a first time install, you
Xmust copy the sample files to the corresponding conf file and
Xedit the various config files for your site. See the INSTALL
Xdoc in %%DOCSDIR%% for details.
X
XThe sql scripts for creating database tables were placed in
Xthe %%PREFIX%%/etc/%%SGUILDIR%%/sql_scripts directory. PLEASE
XNOTE: LOG_DIR is not set by this install. You MUST create the
Xcorrect LOG_DIRS and put a copy of the snort rules you use in
XLOG_DIR/rules.
X
XA startup script, named serveragent.sh-sample was installed in
X%%PREFIX%%/etc/rc.d/. Create a copy named serveragent.sh in the
Xsame directory, and edit it, if necessary, to fit your installation.
X
XFor general questions, see the sguil faq:
Xhttp://sguil.sourceforge.net/index.php?page=faq
XFor detailed install instructions see Richard Bejtlich's excellent guide
Xat http://sguil.sourceforge.net/sguil_guide_latest.txt.
END-of-files/pkg-message.in
echo x - files/pkg-plist.in
sed 's/^X//' >files/pkg-plist.in << 'END-of-files/pkg-plist.in'
Xbin/%%SGUILDIR%%/archive_sguildb.tcl
Xbin/%%SGUILDIR%%/lib/SguildAccess.tcl
Xbin/%%SGUILDIR%%/lib/SguildAutoCat.tcl
Xbin/%%SGUILDIR%%/lib/SguildClientCmdRcvd.tcl
Xbin/%%SGUILDIR%%/lib/SguildConnect.tcl
Xbin/%%SGUILDIR%%/lib/SguildCreateDB.tcl
Xbin/%%SGUILDIR%%/lib/SguildEmailEvent.tcl
Xbin/%%SGUILDIR%%/lib/SguildEvent.tcl
Xbin/%%SGUILDIR%%/lib/SguildGenericDB.tcl
Xbin/%%SGUILDIR%%/lib/SguildHealthChecks.tcl
Xbin/%%SGUILDIR%%/lib/SguildLoaderd.tcl
Xbin/%%SGUILDIR%%/lib/SguildQueryd.tcl
Xbin/%%SGUILDIR%%/lib/SguildReportBuilder.tcl
Xbin/%%SGUILDIR%%/lib/SguildSendComms.tcl
Xbin/%%SGUILDIR%%/lib/SguildSensorCmdRcvd.tcl
Xbin/%%SGUILDIR%%/lib/SguildTranscript.tcl
Xbin/%%SGUILDIR%%/lib/SguildUtils.tcl
Xbin/%%SGUILDIR%%/sguild
Xetc/rc.d/sguild.sh-sample
Xetc/%%SGUILDIR%%/autocat.conf-sample
Xetc/%%SGUILDIR%%/sguild.access-sample
Xetc/%%SGUILDIR%%/sguild.conf-sample
Xetc/%%SGUILDIR%%/sguild.queries-sample
Xetc/%%SGUILDIR%%/sguild.reports-sample
Xetc/%%SGUILDIR%%/sguild.users-sample
Xetc/%%SGUILDIR%%/sql_scripts/create_ruledb.sql
Xetc/%%SGUILDIR%%/sql_scripts/create_sguildb.sql
Xetc/%%SGUILDIR%%/sql_scripts/update_sguildb_v5-v6.sql
Xetc/%%SGUILDIR%%/sql_scripts/update_sguildb_v6-v7.sql
Xetc/%%SGUILDIR%%/sql_scripts/update_sguildb_v7-v8.sql
Xetc/%%SGUILDIR%%/sql_scripts/update_sguildb_v8-v9.sql
Xetc/%%SGUILDIR%%/sql_scripts/update_sguildb_v9-v10.sql
X@dirrm etc/%%SGUILDIR%%/sql_scripts
X@unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguil.conf ]; then rm -fr etc/%%SGUILDIR%%; fi
X@dirrm bin/%%SGUILDIR%%/lib
X@dirrm bin/%%SGUILDIR%%
END-of-files/pkg-plist.in
echo x - files/sguild.sh.in
sed 's/^X//' >files/sguild.sh.in << 'END-of-files/sguild.sh.in'
X#!/bin/sh
X
X# PROVIDE: sguild
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable sguild:
X# sguild_enable (bool): Set to YES to enable sguild
X# Default: NO
X# sguild_flags (str): Extra flags passed to sguild
X# Default: -D
X# sguild_conf (str): Sguild configuration file
X# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
X
X. %%RC_SUBR%%
X
Xname="sguild"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/bin/%%SGUILDIR%%/${name}"
Xprocname="%%TCLSH%%"
Xargument_postcmd=`rm /var/run/${name}.pid`
X
Xsguild_enable=${sguild_enable-NO}
Xsguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
Xsguild_flags=${sguild_flags--D}
X[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
X
X# Hack until run_rc_command() gets rid of exit()
Xsguild_stop() {
X pids=$(check_process ${procname} [ /bin/sh ])
X if [ -z ${pids} ]; then
X echo "${name} not running?)."
X return 1
X fi
X echo "Stopping ${name}"
X kill -${sig_stop:-TERM} ${pids}
X [ $? -ne 0 ] && [ -z "$rc_force" ] && return 1
X wait_for_pids ${pids}
X}
X
Xload_rc_config ${name}
Xrun_rc_command "$1"
END-of-files/sguild.sh.in
echo x - pkg-descr
sed 's/^X//' >pkg-descr << 'END-of-pkg-descr'
XSguil is an open source tool to implement Network
XSecurity Monitoring (NSM). NSM is the collection,
Xanalysis, and escalation of indications and warnings
Xto detect and respond to intrusions. NSM tools are
Xused more for network audit and specialized
Xapplications than traditional alert-centric "intrusion
Xdetection" systems.
X
XWant to learn more about Network Security Monitoring
X(NSM)? Then check out Richard Bejtlich's recently
Xreleased book, The Tao of Network Security Monitoring:
XBeyond Intrusion Detection. An excerpt reads:
X
X"Network security monitoring (NSM) equips security
Xstaff to deal with the inevitable consequences of too
Xfew resources and too many responsibilities. NSM collects
Xthe data needed to generate better assessment, detection,
Xand response processes--resulting in decreased impact from
Xunauthorized activities."
X
XWWW: http://sguil.sourceforge.net/index.php
Xpauls@utdallas.edu
END-of-pkg-descr
exit
--- pr77690 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050723212852.D21557E81B>