Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Aug 2014 18:38:25 +0000 (UTC)
From:      John Marino <marino@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r365120 - in head/security: . sguil sguil/files
Message-ID:  <201408161838.s7GIcPl1094767@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: marino
Date: Sat Aug 16 18:38:25 2014
New Revision: 365120
URL: http://svnweb.freebsd.org/changeset/ports/365120
QAT: https://qat.redports.org/buildarchive/r365120/

Log:
  Add new port security/sguil (version 0.9.0)
  
  This port replaces security/sguil-client, security/sguild-server and
  security/sguil-sensor which are at version 0.8.0.  They will be removed
  shortly as a result.
  
  PR:		191347
  Submitted by:	Muhammad Rahman
  
  Sguil (pronounced sgweel) is built by network security analysts for network
  security analysts. Sguil's main component is an intuitive GUI that provides
  access to realtime events, session data, and raw packet captures. Sguil
  facilitates the practice of Network Security Monitoring and event driven
  analysis. The Sguil client is written in tcl/tk and can be run on any operating
  system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Added:
  head/security/sguil/
  head/security/sguil/Makefile   (contents, props changed)
  head/security/sguil/distinfo   (contents, props changed)
  head/security/sguil/files/
  head/security/sguil/files/example_agent.in   (contents, props changed)
  head/security/sguil/files/pads_agent.in   (contents, props changed)
  head/security/sguil/files/patch-client__sguil.conf   (contents, props changed)
  head/security/sguil/files/patch-client__sguil.tk   (contents, props changed)
  head/security/sguil/files/patch-sensor__contrib__ossec_agent__ossec_agent.tcl   (contents, props changed)
  head/security/sguil/files/patch-sensor__pads_agent.tcl   (contents, props changed)
  head/security/sguil/files/patch-sensor__pcap_agent-sancp.tcl   (contents, props changed)
  head/security/sguil/files/patch-sensor__pcap_agent.tcl   (contents, props changed)
  head/security/sguil/files/patch-sensor__sancp_agent.tcl   (contents, props changed)
  head/security/sguil/files/patch-server__lib__SguildLoaderd.tcl   (contents, props changed)
  head/security/sguil/files/patch-server__lib__SguildMysqlMerge.tcl   (contents, props changed)
  head/security/sguil/files/patch-server__sguild   (contents, props changed)
  head/security/sguil/files/patch-server__sguild.access   (contents, props changed)
  head/security/sguil/files/patch-server__sguild.conf   (contents, props changed)
  head/security/sguil/files/patch-server__snort_agent   (contents, props changed)
  head/security/sguil/files/patch-server__sql_scripts__sancp_cleanup.tcl   (contents, props changed)
  head/security/sguil/files/pcap_agent-sancp.in   (contents, props changed)
  head/security/sguil/files/pcap_agent.in   (contents, props changed)
  head/security/sguil/files/pkg-message-client.in   (contents, props changed)
  head/security/sguil/files/pkg-message-sensor.in   (contents, props changed)
  head/security/sguil/files/pkg-message-server.in   (contents, props changed)
  head/security/sguil/files/sancp_agent.in   (contents, props changed)
  head/security/sguil/files/sguild.in   (contents, props changed)
  head/security/sguil/files/snort_agent.in   (contents, props changed)
  head/security/sguil/pkg-descr   (contents, props changed)
  head/security/sguil/pkg-plist   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Sat Aug 16 18:27:35 2014	(r365119)
+++ head/security/Makefile	Sat Aug 16 18:38:25 2014	(r365120)
@@ -909,6 +909,7 @@
     SUBDIR += secpanel
     SUBDIR += sectok
     SUBDIR += secure_delete
+    SUBDIR += sguil
     SUBDIR += sguil-client
     SUBDIR += sguil-sensor
     SUBDIR += sguil-server

Added: head/security/sguil/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/Makefile	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,211 @@
+# Created by: Muhammad Moinur Rahman <5u623l20@gmail.com>
+# $FreeBSD$
+
+PORTNAME=	sguil
+PORTVERSION=	0.9.0
+CATEGORIES=	security
+
+MAINTAINER=	5u623l20@gmail.com
+COMMENT=	Sguil is a network security monitoring program
+
+LICENSE=	GPLv3
+
+RUN_DEPENDS=	tcltls>=0:${PORTSDIR}/devel/tcltls \
+		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	bammv
+GH_PROJECT=	${USERS}
+GH_TAGNAME=	${GH_COMMIT}
+GH_COMMIT=	0b16167
+
+OPTIONS_DEFINE=		DOCS
+OPTIONS_DEFAULT=	SERVER CLIENT SENSOR
+OPTIONS_MULTI=		INSTANCE
+OPTIONS_MULTI_INSTANCE=	SERVER CLIENT SENSOR
+OPTIONS_GROUP=		SERVER CLIENT SENSOR
+OPTIONS_GROUP_SERVER=	MYSQL
+OPTIONS_GROUP_CLIENT=	AUDIO SANCP WIRESHARK
+OPTIONS_GROUP_SENSOR=	PADS_SENSOR SANCP_SENSOR
+OPTIONS_SUB=		yes
+
+SERVER_DESC=		Install Sguil Server
+CLIENT_DESC=		Install Sguil Client
+SENSOR_DESC=		Install Sguil SENSOR
+MYSQL_DESC=		Depend on databases/mysqltcl
+AUDIO_DESC=		Install Festival Speech Synthesis
+SANCP_DESC=		Use sancp
+PADS_SENSOR_DESC=	Include pads sensor
+SANCP_SENSOR_DESC=	Include sancp sensor
+WIRESHARK_DESC=		Install wireshark
+
+CLIENT_USES=		tk:wrapper
+SERVER_RUN_DEPENDS=	p0f:${PORTSDIR}/net-mgmt/p0f \
+	                tcpflow:${PORTSDIR}/net/tcpflow \
+	                dtplite:${PORTSDIR}/devel/tcllib
+CLIENT_RUN_DEPENDS=	dtplite:${PORTSDIR}/devel/tcllib \
+			${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \
+			gpg2:${PORTSDIR}/security/gnupg
+SENSOR_RUN_DEPENDS=	barnyard2:${PORTSDIR}/security/barnyard2-sguil
+MYSQL_LIB_DEPENDS=	libmysqltcl3.052.so:${PORTSDIR}/databases/mysqltcl
+AUDIO_RUN_DEPENDS=	festival:${PORTSDIR}/audio/festival
+SANCP_RUN_DEPENDS=	sancp:${PORTSDIR}/security/sancp
+WIRESHARK_RUN_DEPENDS=	wireshark:${PORTSDIR}/net/wireshark
+PADS_SENSOR_RUN_DEPENDS=	pads:${PORTSDIR}/net-mgmt/pads
+SANCP_SENSOR_RUN_DEPENDS=	sancp:${PORTSDIR}/security/sancp
+
+NO_BUILD=	yes
+TCL_VER=	8.5
+TCLSH=		tclsh${TCL_VER}
+SERVER_SGUILDIR?=	sguild
+CLIENT_SGUILDIR?=	sguil-client
+SENSOR_SGUILDIR?=	sguil-sensor
+PLIST_SUB=	SERVER_SGUILDIR=${SERVER_SGUILDIR} \
+		CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
+		SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
+SUB_LIST=	SERVER_SGUILDIR=${SERVER_SGUILDIR} TCLSH=${TCLSH} \
+		CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
+		SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
+SERVER_CONFS=	autocat.conf sguild.access sguild.email	sguild.reports \
+		sguild.conf sguild.queries sguild.users
+CLIENT_LIBFILES=SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl \
+		sellib.tcl sancp.tcl sound.tcl guilib.tcl qrybuild.tcl \
+		qrylib.tcl report.tcl stdquery.tcl whois.tcl
+SENSOR_AGENTS=	pcap_agent.tcl snort_agent.tcl
+SENSOR_CONFS=	pcap_agent.conf snort_agent.conf
+LOG_SCRIPTS=	log_packets-daemonlogger.sh log_packets.sh
+USERS=		sguil
+GROUPS=		sguil
+
+PORTDOCS=	${COMMON_DOCS:S|^doc/||}
+COMMON_DOCS=	doc/CHANGES doc/FAQ doc/INSTALL doc/INSTALL.openbsd \
+	       	doc/OPENSSL.README doc/TODO doc/UPGRADE doc/USAGE \
+	       	doc/sguildb.dia
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MCLIENT}
+SUB_FILES=	pkg-message-client
+.endif
+
+.if ${PORT_OPTIONS:MSERVER}
+USE_RC_SUBR+=	sguild
+SUB_FILES=	pkg-message-server
+.endif
+
+.if ${PORT_OPTIONS:MSENSOR}
+USE_RC_SUBR+=	pcap_agent snort_agent
+SUB_FILES=	pkg-message-sensor
+WITH_PCRE=	true
+PORTDOCS+=	README.daemonlogger
+.  if ${PORT_OPTIONS:MSANCP_SENSOR}
+SENSOR_AGENTS+=	sancp_agent.tcl pcap_agent-sancp.tcl
+SENSOR_CONFS+=	sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
+USE_RC_SUBR+=	sancp_agent pcap_agent-sancp
+PORTDOCS+=	README.sancp_indexed_pcap
+.  endif
+.  if ${PORT_OPTIONS:MPADS_SENSOR}
+SENSOR_AGENTS+=	pads_agent.tcl
+SENSOR_CONFS+=	pads_agent.conf
+USE_RC_SUBR+=	pads_agent
+.  endif
+.endif
+
+post-patch:
+.if ${PORT_OPTIONS:MSERVER}
+	@${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \
+		${WRKSRC}/server/sguild
+	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib
+.endif
+.if ${PORT_OPTIONS:MCLIENT}
+	@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images
+.endif
+.if ${PORT_OPTIONS:MSENSOR}
+.  for f in ${SENSOR_AGENTS}
+	@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
+		${WRKSRC}/sensor/${f}
+.  endfor
+.endif
+
+do-install:
+.if ${PORT_OPTIONS:MSERVER}
+	(cd ${WRKSRC}/server/lib && \
+		${COPYTREE_BIN} \* ${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR})
+	(cd ${WRKSRC}/server/sql_scripts && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR})
+	(cd ${WRKSRC}/server/contrib && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib)
+	${INSTALL_SCRIPT} ${WRKSRC}/server/sguild ${STAGEDIR}${PREFIX}/bin
+.  for f in ${SERVER_CONFS}
+	${INSTALL_DATA} ${WRKSRC}/server/${f} \
+		${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR}/${f}-sample
+.  endfor
+.endif
+
+.if ${PORT_OPTIONS:MCLIENT}
+	${INSTALL_SCRIPT} ${WRKSRC}/client/sguil.tk \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/sguil.tk
+	${INSTALL_DATA} ${WRKSRC}/client/sguil.conf \
+		${STAGEDIR}${PREFIX}/etc/sguil.conf-sample
+	(cd ${WRKSRC}/client/lib && ${INSTALL_DATA} ${CLIENT_LIBFILES} \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib)
+	(cd ${WRKSRC}/client/lib/images && \
+		${INSTALL_DATA} sguil_logo_h.gif checked.gif unchecked.gif \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images)
+	(cd ${WRKSRC}/client/lib/tablelist5.11 && ${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib/tablelist5.11)
+.endif
+
+.if ${PORT_OPTIONS:MSENSOR}
+	@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init
+	(cd ${WRKSRC}/sensor/contrib && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
+		"! -name ossec_agent.tcl.orig")
+	(cd ${WRKSRC}/sensor/init && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init)
+	(cd ${WRKSRC}/sensor/ && \
+		${INSTALL_SCRIPT} ${SENSOR_AGENTS} \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
+	(cd ${WRKSRC}/sensor && \
+		${INSTALL_SCRIPT} ${LOG_SCRIPTS} \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
+.  for f in ${SENSOR_CONFS}
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/${f}-sample
+.  endfor
+
+.  if ${PORT_OPTIONS:MSANCP_SENSOR}
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/log_packets-sancp.sh \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/sancp.conf \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/sancp.conf-sample
+.  endif
+.endif
+
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${COMMON_DOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+.  if ${PORT_OPTIONS:MSENSOR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/README.daemonlogger \
+		${STAGEDIR}${DOCSDIR}
+.    if ${PORT_OPTIONS:MSANCP_SENSOR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/README.sancp_indexed_pcap \
+		${STAGEDIR}${DOCSDIR}
+.    endif
+.  endif
+.endif
+
+.include <bsd.port.mk>

Added: head/security/sguil/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/distinfo	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,2 @@
+SHA256 (sguil-0.9.0.tar.gz) = e83f664673a6c44efec8b0a765a41b00a00830ba02a058d4c0663c915f95c8ee
+SIZE (sguil-0.9.0.tar.gz) = 464313

Added: head/security/sguil/files/example_agent.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/example_agent.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/example_agent.in 340872 2014-01-24 00:14:07Z mat $
+
+# PROVIDE: example_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable example_agent:
+# example_agent_enable (bool):	Set to YES to enable example_agent
+# 				Default: NO
+# example_agent_conf (str):	Example_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
+# example_agent_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+load_rc_config example_agent
+
+#set defaults
+example_agent_enable=${example_agent_enable:-"NO"}
+example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
+example_agent_flags=${example_agent_flags:-"-D"}
+
+name="example_agent"
+rcvar=example_agent_enable
+command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
+command_args="-c ${example_agent_conf} ${example_agent_flags}"
+procname="%%PREFIX%%/bin/tclsh8.4"
+pidfile="/var/run/${name}.pid"
+check_pidfile="${pidfile} ${procname} /bin/sh"
+
+run_rc_command "$1"

Added: head/security/sguil/files/pads_agent.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pads_agent.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pads_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pads_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pads_agent:
+# pads_agent_enable (bool):	Set to YES to enable pads_agent
+# 				Default: NO
+# pads_agent_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
+# pads_agent_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pads_agent"
+rcvar=${name}_enable
+load_rc_config ${name}
+
+#set defaults
+: ${pads_agent_enable:="NO"}
+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+start_precmd="pads_agent_ck4fifo"
+stop_postcmd="pads_agent_rmfifo"
+
+pads_agent_ck4fifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ ! -p ${PADS_FIFO} ]; then
+                echo "${PADS_FIFO} does not exist.  Creating now....."
+                /usr/bin/mkfifo ${PADS_FIFO}
+        fi
+        echo "Checking for ${PADS_FIFO}...."
+        if [ -p ${PADS_FIFO} ]; then
+                echo "Confirmed!  ${PADS_FIFO} exists."
+        else
+                echo "I tried to create ${PADS_FIFO} and failed."
+                echo "You will need to create it manually before starting ${name}."
+        fi
+}
+
+pads_agent_rmfifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ -p ${PADS_FIFO} ]; then
+                /bin/rm ${PADS_FIFO}
+                echo "Removing ${PADS_FIFO}...."
+        fi
+}
+
+run_rc_command "$1"

Added: head/security/sguil/files/patch-client__sguil.conf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-client__sguil.conf	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,35 @@
+--- client/sguil.conf.orig	2012-11-15 22:46:24.000000000 +0000
++++ client/sguil.conf	2012-11-15 22:48:28.000000000 +0000
+@@ -18,7 +18,7 @@
+ set DEBUG 1
+ 
+ # PATH to tls lib if needed (tcl can usually find this by default)
+-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
++#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so
+ # win32 example
+ #set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
+ 
+@@ -46,12 +46,12 @@
+ # If you have festival installed, then you can have alerts spoken to
+ # you. Set the path to the festival binary here. If you are using
+ # speechd from speechio.org, then leave this commented out.
+-set FESTIVAL_PATH /usr/bin/festival
++set FESTIVAL_PATH /usr/local/bin/festival
+ # win32 example
+ # set FESTIVAL_PATH "c:\festival\bin\festival.exe"
+ 
+ # Path to wireshark (ethereal)
+-set WIRESHARK_PATH /usr/sbin/wireshark
++set WIRESHARK_PATH /usr/local/bin/wireshark
+ # win32 example
+ # set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
+ 
+@@ -62,7 +62,7 @@
+ # set WIRESHARK_STORE_DIR "c:/tmp"
+ 
+ # Favorite browser for looking at sig info on snort.org
+-set BROWSER_PATH /usr/bin/firefox
++set BROWSER_PATH /usr/local/bin/firefox
+ # win32 example (IE)
+ # set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe
+ 

Added: head/security/sguil/files/patch-client__sguil.tk
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-client__sguil.tk	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,28 @@
+--- client/sguil.tk.orig	2012-11-15 22:24:35.000000000 +0000
++++ client/sguil.tk	2012-11-15 22:26:33.000000000 +0000
+@@ -88,7 +88,7 @@
+ 
+ # Load iwidgets and namespaces
+ if [catch {package require Iwidgets} iwidgetsVersion] {
+-    puts "ERROR: Cannot fine the Iwidgets extension."
++    puts "ERROR: Cannot find the Iwidgets extension."
+     puts "The iwidgets package is part of the incr tcl extension and is"
+     puts "available as a port/package most systems."
+     puts "See http://www.tcltk.com/iwidgets/ for more info."
+@@ -2053,11 +2053,11 @@
+     set CONF_FILE $env(HOME)/sguil.conf
+   } elseif { [file exists ./sguil.conf] } {
+     set CONF_FILE ./sguil.conf
+-  } elseif { [file exists /etc/sguil] &&\
+-             [file isdirectory /etc/sguil] &&\
+-             [file exists /etc/sguil/sguil.conf] &&\
+-             [file readable /etc/sguil/sguil.conf] } {
+-    set CONF_FILE /etc/sguil/sguil.conf
++  } elseif { [file exists /usr/local/etc/sguil] &&\
++             [file isdirectory /usr/local/etc/sguil] &&\
++             [file exists /usr/local/etc/sguil/sguil.conf] &&\
++             [file readable /usr/local/etc/sguil/sguil.conf] } {
++    set CONF_FILE /usr/local/etc/sguil/sguil.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+     puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."

Added: head/security/sguil/files/patch-sensor__contrib__ossec_agent__ossec_agent.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-sensor__contrib__ossec_agent__ossec_agent.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,30 @@
+--- sensor/contrib/ossec_agent/ossec_agent.tcl.orig	2012-12-17 22:47:18.000000000 +0000
++++ sensor/contrib/ossec_agent/ossec_agent.tcl	2012-12-17 22:48:45.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # OSSEC agent for Sguil 0.7.0.  Based on the "example_agent.tcl" code
+ # distributed with sguil.  
+@@ -593,9 +591,9 @@
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/ossec_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
+ 
+-        set CONF_FILE /etc/ossec_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
+ 
+     } elseif { [file exists ./ossec_agent.conf] } {
+ 
+@@ -604,7 +602,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the ossec_agent.tcl config file is"
+-        puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

Added: head/security/sguil/files/patch-sensor__pads_agent.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-sensor__pads_agent.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,39 @@
+--- sensor/pads_agent.tcl.orig	2012-12-19 21:25:26.000000000 +0000
++++ sensor/pads_agent.tcl	2012-12-19 21:27:37.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -332,7 +330,7 @@
+   id process group set
+   if {[fork]} {exit 0}
+   set PID [id process]
+-  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
++  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
+   set PID_DIR [file dirname $PID_FILE]
+   if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
+     puts "ERROR: Directory $PID_DIR does not exists or is not writable."
+@@ -380,16 +378,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/pads_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/pads_agent.conf] } {
+-    set CONF_FILE /etc/pads_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
+   } elseif { [file exists ./pads_agent.conf] } {
+     set CONF_FILE ./pads_agent.conf
+   } else {
+     puts "Couldn't determine where the sensor_agent.tcl config file is"
+-    puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
+     DisplayUsage $argv0
+   }
+ }

Added: head/security/sguil/files/patch-sensor__pcap_agent-sancp.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-sensor__pcap_agent-sancp.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,35 @@
+--- sensor/pcap_agent-sancp.tcl.orig	2012-12-17 22:36:43.000000000 +0000
++++ sensor/pcap_agent-sancp.tcl	2012-12-17 22:38:22.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
+ 
+@@ -754,13 +752,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -769,7 +767,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

Added: head/security/sguil/files/patch-sensor__pcap_agent.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-sensor__pcap_agent.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,35 @@
+--- sensor/pcap_agent.tcl.orig	2012-12-17 22:31:44.000000000 +0000
++++ sensor/pcap_agent.tcl	2012-12-17 22:42:50.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -771,13 +769,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -786,7 +784,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

Added: head/security/sguil/files/patch-sensor__sancp_agent.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-sensor__sancp_agent.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,30 @@
+--- sensor/sancp_agent.tcl.orig	2012-12-17 22:43:39.000000000 +0000
++++ sensor/sancp_agent.tcl	2012-12-17 22:44:56.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -582,16 +580,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/sancp_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sancp_agent.conf] } {
+-    set CONF_FILE /etc/sancp_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
+   } elseif { [file exists ./sancp_agent.conf] } {
+     set CONF_FILE ./sancp_agent.conf
+   } else {
+     puts "Couldn't determine where the sancp_agent.tcl config file is"
+-    puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
+     DisplayUsage $argv0
+   }
+ }

Added: head/security/sguil/files/patch-server__lib__SguildLoaderd.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__lib__SguildLoaderd.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,11 @@
+--- server/lib/SguildLoaderd.tcl.orig	2012-10-12 21:07:19.000000000 +0000
++++ server/lib/SguildLoaderd.tcl	2012-10-12 21:15:06.000000000 +0000
+@@ -220,7 +220,7 @@
+     } else {
+         # Make sure its a MERGE table and not the old monster
+         set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist]
+-        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
++        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
+ 
+             ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\
+                           sguil database schema that does not support the MERGE sancp\n\

Added: head/security/sguil/files/patch-server__lib__SguildMysqlMerge.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__lib__SguildMysqlMerge.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,11 @@
+--- server/lib/SguildMysqlMerge.tcl.orig	2012-10-12 21:18:22.000000000 +0000
++++ server/lib/SguildMysqlMerge.tcl	2012-10-12 21:19:41.000000000 +0000
+@@ -9,7 +9,7 @@
+         set tmpQry "SHOW TABLE STATUS LIKE '$tableName'"
+         set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist]
+ 
+-        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
++        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
+ 
+             # Non MERGE table found.
+             set errorMsg "\n*************************************************************\n

Added: head/security/sguil/files/patch-server__sguild
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__sguild	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,88 @@
+--- server/sguild.orig	2014-06-23 21:54:25.595758574 +0600
++++ server/sguild	2014-06-23 21:59:48.122743440 +0600
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sguild,v 1.194 2013/09/05 00:38:45 bamm Exp $ #
+ 
+@@ -221,7 +219,7 @@
+ ##################################
+ 
+ # Do all priv account actions here.
+-# Open log files/etc. Privs will be dropped after.
++# Open log files/usr/local/etc. Privs will be dropped after.
+ 
+ if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild }
+ 
+@@ -321,7 +319,7 @@
+ # Check for certs
+ if {![info exists CERTS_PATH]} {
+ 
+-    set CERTS_PATH /etc/sguild/certs
++    set CERTS_PATH /usr/local/etc/sguild/certs
+ 
+ }
+ 
+@@ -351,13 +349,13 @@
+ 
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sguild/sguild.conf] } {
+-    set CONF_FILE /etc/sguild/sguild.conf
++  if { [file exists /usr/local/etc/sguild/sguild.conf] } {
++    set CONF_FILE /usr/local/etc/sguild/sguild.conf
+   } elseif { [file exists ./sguild.conf] } {
+     set CONF_FILE ./sguild.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+-    puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
++    puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf."
+     DisplayUsage $argv0
+   }
+ }
+@@ -484,8 +482,8 @@
+ # Load accessfile
+ if { ![info exists ACCESS_FILE] } {
+   # Check the defaults
+-  if { [file exists /etc/sguild/sguild.access] } {
+-    set ACCESS_FILE "/etc/sguild/sguild.access"
++  if { [file exists /usr/local/etc/sguild/sguild.access] } {
++    set ACCESS_FILE "/usr/local/etc/sguild/sguild.access"
+   } elseif { [file exists ./sguild.access] } {
+     set ACCESS_FILE "./sguild.access"
+   } else {
+@@ -511,8 +509,8 @@
+ #}
+ # Load email config file
+ if { ![info exists EMAIL_FILE] } {
+-  if { [file exists /etc/sguild/sguild.email] } {
+-    set EMAIL_FILE "/etc/sguild/sguild.email"
++  if { [file exists /usr/local/etc/sguild/sguild.email] } {
++    set EMAIL_FILE "/usr/local/etc/sguild/sguild.email"
+   } else {
+     set EMAIL_FILE "./sguild.email"
+   }
+@@ -524,8 +522,8 @@
+ }
+ # Load global queries.
+ if { ![info exists GLOBAL_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.queries] } {
+-    set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
++  if { [file exists /usr/local/etc/sguild/sguild.queries] } {
++    set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries"
+   } else {
+     set GLOBAL_QRY_FILE "./sguild.queries"
+   }
+@@ -537,8 +535,8 @@
+ }
+ # Load report queries.
+ if { ![info exists REPORT_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.reports] } {
+-    set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
++  if { [file exists /usr/local/etc/sguild/sguild.reports] } {
++    set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports"
+   } else {
+     set REPORT_QRY_FILE "./sguild.reports"
+   }

Added: head/security/sguil/files/patch-server__sguild.access
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__sguild.access	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,12 @@
+--- server/sguild.access.orig	2008-04-03 17:55:46.000000000 -0500
++++ server/sguild.access	2008-04-03 17:56:50.000000000 -0500
+@@ -4,7 +4,8 @@
+ # This file is used by sguild for access control. It is read upon init  #
+ # or when sguild receives a HUP signal.                                 #
+ #                                                                       #
+-# By default, sguild will look first for /etc/sguild/sguild.access,     #
++# By default, sguild will look first for                                #
++# /usr/local/etc/sguild/sguild.access,                                  #       
+ # then ./sguild.access unless the -A /path/to/sguild.access switch      #
+ # is used.                                                              #
+ #                                                                       #

Added: head/security/sguil/files/patch-server__sguild.conf
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__sguild.conf	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,28 @@
+--- server/sguild.conf.orig	2008-04-03 17:47:18.000000000 -0500
++++ server/sguild.conf	2008-04-03 17:53:11.000000000 -0500
+@@ -1,7 +1,7 @@
+ # $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
+ 
+ # Path the sguild libs
+-set SGUILD_LIB_PATH ./lib
++set SGUILD_LIB_PATH /usr/local/lib/sguild
+ 
+ # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
+ set DEBUG 2
+@@ -63,7 +63,7 @@
+ 
+ # You MUST have tcpflow installed to get xscripts
+ # http://www.circlemud.org/~jelson/software/tcpflow/
+-set TCPFLOW "/usr/bin/tcpflow"
++set TCPFLOW "/usr/local/bin/tcpflow"
+ 
+ # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
+ # If you have p0f (a passive OS fingerprinting system) installed, you can have
+@@ -74,6 +74,6 @@
+ 
+ # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
+ # add any others you may need here.
+-set P0F_PATH "/usr/sbin/p0f"
++set P0F_PATH "/usr/local/bin/p0f"
+ 
+ # Email config moved to sguild.email 

Added: head/security/sguil/files/patch-server__snort_agent
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__snort_agent	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,35 @@
+--- sensor/snort_agent.tcl.orig	2012-12-17 22:33:35.000000000 +0000
++++ sensor/snort_agent.tcl	2012-12-17 22:39:39.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -680,13 +678,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/snort_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/snort_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
+ 
+-        set CONF_FILE /etc/snort_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
+ 
+     } elseif { [file exists ./snort_agent.conf] } {
+ 
+@@ -695,7 +693,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the snort_agent.tcl config file is"
+-        puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

Added: head/security/sguil/files/patch-server__sql_scripts__sancp_cleanup.tcl
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/patch-server__sql_scripts__sancp_cleanup.tcl	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,11 @@
+--- server/sql_scripts/sancp_cleanup.tcl.orig	2011-08-11 20:31:07.000000000 +0000
++++ server/sql_scripts/sancp_cleanup.tcl	2011-08-11 20:31:26.000000000 +0000
+@@ -214,7 +214,7 @@
+     INDEX dst_port (dst_port),                         \
+     INDEX src_port (src_port),                         \
+     INDEX start_time (start_time)                      \
+-    ) TYPE=MERGE UNION=([join $tmpTables ,])      \
++    ) ENGINE=MERGE UNION=([join $tmpTables ,])      \
+     "
+ # Create our MERGE sancp table
+ mysqlexec $dbSocketID $createQuery

Added: head/security/sguil/files/pcap_agent-sancp.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pcap_agent-sancp.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool):	Set to YES to enable pcap_agent-sancp
+# 				Default: NO
+# pcap_agent-sancp_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+load_rc_config pcap_agent-sancp
+
+#set defaults
+: ${pcap_agent-sancp_enable:="NO"}
+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

Added: head/security/sguil/files/pcap_agent.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pcap_agent.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pcap_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent:
+# pcap_agent_enable (bool):     Set to YES to enable pcap_agent
+#                               Default: NO
+# pcap_agent_conf (str):        Pcap_agent configuration file
+#                               Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
+# pcap_agent_flags (str):       Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent"
+rcvar=pcap_agent_enable
+load_rc_config pcap_agent
+
+#set defaults
+: ${pcap_agent_enable:="NO"}
+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

Added: head/security/sguil/files/pkg-message-client.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pkg-message-client.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,16 @@
+Sguil-client
+============
+See the USAGE document in the %%DOCSDIR%% for instructions
+on how to use the sguil client to connect to and maintain
+the sguil network monitoring system.
+
+NOTE: This port installs a sguil.conf-sample file in
+%%PREFIX%%/bin/%%CLIENT_SGUILDIR%%/.  If you are installing this on a
+multi-user system, each user might want to have a
+sguil.conf file in their home directory.  Sguil.tk sources
+the home directory first for the sguil.conf file.
+
+There are several items in the conf file that may need
+editing, including the path to your web browser, the name
+of the sguil server you connect to and possibly the port
+you connect to (if you're not using the default port.)

Added: head/security/sguil/files/pkg-message-sensor.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pkg-message-sensor.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,31 @@
+            ***********************************
+            * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+            ***********************************
+
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead.  You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead.  This port WILL NOT WORK without the barnyard2-sguil port!!
+
+See the %%DOCSDIR%%/INSTALL doc for details on the 
+configuration and for croning the script.  
+
+WARNING!!!  Sguil et al will fill up your /tmp directory very 
+quickly.  You should probably configure sguil et al to log to
+another partition/location (e.g. /nsm/tmp/).
+
+You must ALSO edit all of the sensor conf files (located in 
+%%PREFIX%%/%%SENSOR_SGUILDIR%%/etc/) to reflect your configuration before 
+starting the sensor_agents.
+
+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SENSOR_SGUILDIR%%.
+
+If you chose to run sancp, and you already had a sancp.conf file in
+%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3.  It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add 
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.

Added: head/security/sguil/files/pkg-message-server.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/pkg-message-server.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,44 @@
+Sguil-server
+============
+If you had existing config files in %%PREFIX%%/etc/%%SERVER_SGUILDIR%%
+they were not overwritten. If this is a first time install, you
+must copy the sample files to the corresponding conf file and
+edit the various config files for your site.  See the INSTALL
+doc in %%DOCSDIR%% for details.  If this is an upgrade, replace
+your existing conf file with the new one and edit accordingly
+
+The sql scripts for creating database tables were placed in
+the %%PREFIX%%/share/%%SERVER_SGUILDIR%%/ directory.  PLEASE
+note LOG_DIR is not set by this install.  You MUST create the
+correct LOG_DIRS and put a copy of the snort rules you use in
+LOG_DIR/rules.
+
+The sguild program was placed in %%PREFIX%%/bin/.
+
+Some contributed scripts were placed in
+%%PREFIX%%/share/%%SERVER_SGUILDIR%%/contrib
+
+A startup script, named sguild was installed in
+%%PREFIX%%/etc/rc.d/.  To enable it, edit /etc/rc.conf
+per the instructions in the script.
+
+NOTE. You MUST create a directory /var/run/%%SERVER_SGUILDIR%%, and set the ownership
+to user guil group sguil
+You MUST also create certs.  Here's how to do it;
+Create the directory %%SERVER_SGUILDIR%%/certs
+Set ownership to sguil user and group.
+Create a password-protected CA cert.
+openssl req -out CA.pem -new -x509
+Create a server certificate/key pair.
+openssl genrsa -out sguild.key 1024
+Create a certificate request to be signed by the CA.
+DO NOT password protect your server key.  If you do, you will be required
+to enter the password every time you start the server.
+openssl req -key sguild.key -new -out sguild.req
+If this is the first time you've created the cert,
+Create a serial file so your certs will have incremented serial numbers.
+openssl x509 -req -in sguild.req -CA CA.pem -CAAkey privkey.pem -CAcreateserial -out sguild.pem
+If you're updating the existing cert
+Update the actual certificate for your server.
+openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial CA.sr1 -out sguild.pem
+Put the certs to the %%SERVER_SGUILDIR%%/certs directory

Added: head/security/sguil/files/sancp_agent.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sguil/files/sancp_agent.in	Sat Aug 16 18:38:25 2014	(r365120)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/sancp_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: sancp_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable sancp_agent:
+# sancp_agent_enable (bool):     Set to YES to enable sancp_agent
+#                                Default: NO
+# sancp_agent_conf (str):        Sancp_agent configuration file
+#                                Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
+# sancp_agent_flags (str):       Default: -D
+#
+
+. /etc/rc.subr
+
+name="sancp_agent"
+rcvar=sancp_agent_enable
+load_rc_config sancp_agent
+

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201408161838.s7GIcPl1094767>