Date: Sat, 1 Jun 2019 19:39:09 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r503254 - in head/security: ossec-hids ossec-hids-local ossec-hids-local-config ossec-hids-local-config/files ossec-hids-local-config/scripts ossec-hids-local/files ossec-hids-local/scr... Message-ID: <201906011939.x51Jd9av084036@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Sat Jun 1 19:39:09 2019 New Revision: 503254 URL: https://svnweb.freebsd.org/changeset/ports/503254 Log: security/ossec-hids: upgrade 3.1.0 -> 3.3.0 security/ossec-hids-local: upgrade 3.1.0 -> 3.3.0 security/ossec-hids-local-config: upgrade 3.1.0 -> 3.3.0 - Added LUA option. Bundled Lua support is no longer compiled in by default PR: 237632 Submitted by: Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer) Relnotes: https://github.com/ossec/ossec-hids/releases/tag/3.3.0 https://github.com/ossec/ossec-hids/releases/tag/3.2.0 Added: head/security/ossec-hids-local-config/scripts/plist.conf (contents, props changed) head/security/ossec-hids-local/scripts/plist.conf (contents, props changed) head/security/ossec-hids-local/scripts/sanitize-stage.sh (contents, props changed) Deleted: head/security/ossec-hids-local/files/patch-src_Makefile Modified: head/security/ossec-hids-local-config/Makefile head/security/ossec-hids-local-config/distinfo head/security/ossec-hids-local-config/files/pkg-deinstall.in head/security/ossec-hids-local-config/files/pkg-install.in head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in head/security/ossec-hids-local-config/files/template-rules-default.xml.in head/security/ossec-hids-local-config/scripts/plist.sh head/security/ossec-hids-local/Makefile head/security/ossec-hids-local/distinfo head/security/ossec-hids-local/files/ossec-hids.in head/security/ossec-hids-local/files/pkg-deinstall.in head/security/ossec-hids-local/files/pkg-install.in head/security/ossec-hids-local/pkg-plist-agent head/security/ossec-hids-local/pkg-plist-local head/security/ossec-hids-local/pkg-plist-server head/security/ossec-hids-local/scripts/plist.sh head/security/ossec-hids/Makefile Modified: head/security/ossec-hids-local-config/Makefile ============================================================================== --- head/security/ossec-hids-local-config/Makefile Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/Makefile Sat Jun 1 19:39:09 2019 (r503254) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 -PORTREVISION= 1 +PORTVERSION= 3.3.0 +PORTREVISION= 0 CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE}-config @@ -47,14 +47,15 @@ NO_ARCH= yes OPTIONS_SUB= yes OPTIONS_SINGLE= FIREWALL -OPTIONS_SINGLE_FIREWALL= IPF IPFW PF +OPTIONS_SINGLE_FIREWALL= NOFW IPF IPFW PF -OPTIONS_DEFAULT+= IPF +OPTIONS_DEFAULT+= NOFW FIREWALL_DESC= Active Response Firewall PF_DESC= Packet Filter IPFW_DESC= ipfirewall IPF_DESC= ipfilter +NOFW_DESC= Custom or no firewall TEMPL_ENABLED_HEADER= template-header-enabled.xml TEMPL_DISABLED_HEADER= template-header-disabled.xml @@ -68,6 +69,7 @@ TEMPL_SAMPLE_DB= template-sample-database.xml PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf IPFW_VARS= FW_DROP=ipfw.sh IPF_VARS= FW_DROP=ipfilter.sh +NOFW_VARS= FW_DROP= .if defined(MAINTAINER_MODE) OSSEC_HOME= ${PREFIX}/${PORTNAME} Modified: head/security/ossec-hids-local-config/distinfo ============================================================================== --- head/security/ossec-hids-local-config/distinfo Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/distinfo Sat Jun 1 19:39:09 2019 (r503254) @@ -1,3 +1,3 @@ -TIMESTAMP = 1539459620 -SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 -SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 +TIMESTAMP = 1555773476 +SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197 +SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070 Modified: head/security/ossec-hids-local-config/files/pkg-deinstall.in ============================================================================== --- head/security/ossec-hids-local-config/files/pkg-deinstall.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/files/pkg-deinstall.in Sat Jun 1 19:39:09 2019 (r503254) @@ -1,10 +1,19 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + +ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" agent_conf="${ossec_home}/etc/shared/agent.conf" if [ "$2" == "DEINSTALL" ]; then rm -f "${ossec_conf}" rm -f "${agent_conf}" + + if [ -n "${fw_drop}" ]; then + if [ "${ar_bin_dir}/${fw_drop}" -ef "${ar_bin_dir}/firewall-drop.sh" ]; then + rm -f "${ar_bin_dir}/firewall-drop.sh" + fi + fi fi Modified: head/security/ossec-hids-local-config/files/pkg-install.in ============================================================================== --- head/security/ossec-hids-local-config/files/pkg-install.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/files/pkg-install.in Sat Jun 1 19:39:09 2019 (r503254) @@ -1,6 +1,8 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_bak="${ossec_conf}.bak" @@ -8,7 +10,9 @@ agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_bak="${ossec_home}/etc/agent.conf.bak" if [ "$2" == "POST-INSTALL" ]; then - ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + if [ -n "${fw_drop}" ]; then + ln -f "${ar_bin_dir}/${fw_drop}" "${ar_bin_dir}/firewall-drop.sh" + fi if [ -e "${ossec_conf}" ]; then mv -f "${ossec_conf}" "${ossec_conf_bak}" Modified: head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in ============================================================================== --- head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in Sat Jun 1 19:39:09 2019 (r503254) @@ -15,6 +15,7 @@ <rootcheck> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans> + <system_audit>/var/ossec/etc/shared/system_audit_pw.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit> </rootcheck> Modified: head/security/ossec-hids-local-config/files/template-rules-default.xml.in ============================================================================== --- head/security/ossec-hids-local-config/files/template-rules-default.xml.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/files/template-rules-default.xml.in Sat Jun 1 19:39:09 2019 (r503254) @@ -51,8 +51,11 @@ <include>ms_ipsec_rules.xml</include> <include>vmware_rules.xml</include> <include>ids_rules.xml</include> + <include>ms_powershell_rules.xml</include> + <include>last_rootlogin_rules.xml</include> <include>apache_rules.xml</include> <include>web_rules.xml</include> + <include>topleveldomain_rules.xml</include> <include>zeus_rules.xml</include> <include>nginx_rules.xml</include> <include>php_rules.xml</include> @@ -78,6 +81,9 @@ <include>ms_firewall_rules.xml</include> <include>psad_rules.xml</include> <include>unbound_rules.xml</include> + <include>kesl_rules.xml</include> + <include>mhn_dionaea_rules.xml</include> + <include>mhn_cowrie_rules.xml</include> <include>local_rules.xml</include> <!-- Files not included by default --> Added: head/security/ossec-hids-local-config/scripts/plist.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/scripts/plist.conf Sat Jun 1 19:39:09 2019 (r503254) @@ -0,0 +1,10 @@ +#!/bin/sh + +fixed_lines="" +skip_lines="" +skip_paths="" + +sample_paths=" +/etc/command.conf.sample +/etc/ossec.conf.d/900.local.conf.sample +/etc/agent.conf.d/900.local.conf.sample" Modified: head/security/ossec-hids-local-config/scripts/plist.sh ============================================================================== --- head/security/ossec-hids-local-config/scripts/plist.sh Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local-config/scripts/plist.sh Sat Jun 1 19:39:09 2019 (r503254) @@ -11,12 +11,11 @@ PLIST=$3 WORKDIR=$4 STAGEDIR=$5 -staged_plist="${WORKDIR}/.staged-plist" -fixed_lines="" -skip_lines="" -skip_paths="" -sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample" +. $(dirname "$0")/plist.conf +NL=$'\n' +IFS=${NL} + print_path() { local path="$1" local command="$2" @@ -28,33 +27,39 @@ print_path() { fi fi local user=`stat -f "%Su" "${full_path}"` - if [ "${user}" == "${USER}" ]; then + if [ "${user}" = "${USER}" ]; then user="" fi local group=`stat -f "%Sg" "${full_path}"` - if [ "${group}" == "${GROUP}" ]; then + if [ "${group}" = "${GROUP}" ]; then group="" fi local mode=`stat -f "%p" "${full_path}" | tail -c 5` - echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" + echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" } +contains() { + local list="$1" + local word="$2" + + for e in ${list}; do + if [ "${e}" = "${word}" ]; then + return 0 + fi + done + + return 1 +} + echo -n > "${PLIST}" print_path done_paths="" while read line; do - skip_line="" - for e in ${skip_lines}; do - if [ "${e}" == "${line}" ]; then - skip_line="${e}" - break - fi - done - if [ -z "${skip_line}" ]; then + if ! contains "${skip_lines}" "${line}"; then path="" - case $line in + case ${line} in "@dir %%OSSEC_HOME%%"*) path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` ;; @@ -62,7 +67,7 @@ while read line; do path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` ;; "%%"*) - unchanged_lines="${unchanged_lines} ${line}" + unchanged_lines="${unchanged_lines}${NL}${line}" ;; esac if [ -n "${path}" ]; then @@ -70,33 +75,12 @@ while read line; do path="" for segment in ${segments}; do path="${path}/${segment}" - skip_path="" - for e in ${skip_paths}; do - if [ "${e}" == "${path}" ]; then - skip_path="${e}" - break - fi - done - if [ -n "${skip_path}" ]; then + if contains "${skip_paths}" "${path}"; then break fi - done_path="" - for e in ${done_paths}; do - if [ "${e}" == "${path}" ]; then - done_path="${e}" - break - fi - done - if [ -z "${done_path}" ]; then - done_paths="${done_paths} ${path}" - sample_path="" - for e in ${sample_paths}; do - if [ "${e}" == "${path}" ]; then - sample_path="${e}" - break - fi - done - if [ -n "${sample_path}" ]; then + if ! contains "${done_paths}" "${path}"; then + done_paths="${done_paths}${NL}${path}" + if contains "${sample_paths}" "${path}"; then print_path "${path}" @sample else print_path "${path}" @@ -105,9 +89,9 @@ while read line; do done fi fi -done < "${staged_plist}" +done < "${WORKDIR}/.staged-plist" -unchanged_lines="${unchanged_lines} ${fixed_lines}" +unchanged_lines="${unchanged_lines}${NL}${fixed_lines}" for line in ${unchanged_lines}; do echo "${line}" >> "${PLIST}" done Modified: head/security/ossec-hids-local/Makefile ============================================================================== --- head/security/ossec-hids-local/Makefile Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/Makefile Sat Jun 1 19:39:09 2019 (r503254) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 -PORTREVISION= 3 +PORTVERSION= 3.3.0 +PORTREVISION= 0 CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE} @@ -12,7 +12,7 @@ COMMENT= Security tool to monitor and check logs and i LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= gmake readline ssl +USES= gmake ssl OSSEC_TYPE?= local @@ -30,6 +30,7 @@ CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-local-* .endif +LIB_DEPENDS= libpcre2-8.so:devel/pcre2 .if ${OSSEC_TYPE} != agent RUN_DEPENDS= expect:lang/expect .endif @@ -38,19 +39,24 @@ INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq +INOTIFY_USES= pkgconfig +LUA_USES= readline MYSQL_USE= mysql PGSQL_USES= pgsql USE_GITHUB= yes GH_ACCOUNT= ossec + USE_RC_SUBR= ossec-hids -.if ${OSSEC_TYPE} != agent USES+= shebangfix +SHEBANG_FILES= active-response/ossec-pagerduty.sh + +.if ${OSSEC_TYPE} != agent SHEBANG_LANG= expect expect_OLD_CMD= "/usr/bin/env expect" expect_CMD= ${LOCALBASE}/bin/expect -SHEBANG_FILES= src/agentlessd/scripts/main.exp \ +SHEBANG_FILES+= src/agentlessd/scripts/main.exp \ src/agentlessd/scripts/ssh.exp \ src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ src/agentlessd/scripts/ssh_foundry_diff \ @@ -64,7 +70,7 @@ SHEBANG_FILES= src/agentlessd/scripts/main.exp \ .endif OPTIONS_SUB= yes -OPTIONS_DEFINE= DOCS INOTIFY +OPTIONS_DEFINE= DOCS INOTIFY LUA .if ${OSSEC_TYPE} != agent OPTIONS_DEFINE+= PRELUDE ZEROMQ @@ -81,6 +87,7 @@ ZEROMQ_DESC= ZeroMQ support (experimental) DATABASE_DESC= Database output INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes +LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema @@ -92,8 +99,6 @@ STRIP_FILES= agent-auth \ ossec-agentd \ ossec-execd \ ossec-logcollector \ - ossec-lua \ - ossec-luac \ ossec-syscheckd .else STRIP_FILES= agent_control \ @@ -108,8 +113,6 @@ STRIP_FILES= agent_control \ ossec-execd \ ossec-logcollector \ ossec-logtest \ - ossec-lua \ - ossec-luac \ ossec-maild \ ossec-makelists \ ossec-monitord \ @@ -159,7 +162,6 @@ SUB_LIST+= PORTNAME=${PORTNAME} \ VERSION=${PORTVERSION} \ DB_TYPE=${DB_TYPE} \ DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \ - USER=${USER} \ OSSEC_USER=${OSSEC_USER} \ OSSEC_GROUP=${OSSEC_GROUP} \ OSSEC_RC=${OSSEC_RC} @@ -179,9 +181,12 @@ PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} PKGMESSAGE= ${WRKDIR}/pkg-message PKGMSG_FILES= message-header +PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//} CFLAGS+= -I${LOCALBASE}/include +INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify) +INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify) -OSSEC_ARGS+= TARGET=${OSSEC_TYPE} INSTALL_LOCALTIME=no +OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no .if !defined(MAINTAINER_MODE) OSSEC_ARGS+= INSTALL_CMD=install .endif @@ -213,14 +218,16 @@ post-install: @${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN} .if defined(MAINTAINER_MODE) @${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN} +.else + @${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR} .endif .if ${OSSEC_TYPE} == agent -.if defined(MAINTAINER_MODE) +. if defined(MAINTAINER_MODE) @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done -.else +. else @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done -.endif +. endif .endif @${ECHO_CMD} -n > ${PKGMESSAGE} .for file_name in ${PKGMSG_FILES} Modified: head/security/ossec-hids-local/distinfo ============================================================================== --- head/security/ossec-hids-local/distinfo Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/distinfo Sat Jun 1 19:39:09 2019 (r503254) @@ -1,3 +1,3 @@ -TIMESTAMP = 1539457911 -SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 -SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 +TIMESTAMP = 1555773447 +SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197 +SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070 Modified: head/security/ossec-hids-local/files/ossec-hids.in ============================================================================== --- head/security/ossec-hids-local/files/ossec-hids.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/files/ossec-hids.in Sat Jun 1 19:39:09 2019 (r503254) @@ -34,6 +34,10 @@ load_rc_config $name ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" +if [ -z "${ossec_hids_user}" ]; then + ossec_hids_user=$(stat -f '%Su' "${ossec_home}") +fi + ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" ossec_conf_bin="${ossec_home}/bin/config/ossec-conf" @@ -49,6 +53,7 @@ ossec_ar_log="${ossec_home}/logs/active-responses.log" ossec_merged="${ossec_home}/etc/shared/merged.mg" ossec_local_time="/etc/localtime" +ossec_resolv_conf="/etc/resolv.conf" extra_commands="help status reload ossec_conf" case ${ossec_type} in @@ -353,7 +358,7 @@ ossec_hids_create_config() { if [ -x "${agent_conf_bin}" ]; then # Merge agent.conf.d files into agent.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then - ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 + ossec_hids_create_file "${agent_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640 "${agent_conf_bin}" > "${agent_conf}" fi fi @@ -363,7 +368,7 @@ ossec_hids_create_config() { if [ -x "${ossec_conf_bin}" ]; then # Merge ossec.conf.d files into ossec.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then - ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 + ossec_hids_create_file "${ossec_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640 "${ossec_conf_bin}" > "${ossec_conf}" fi fi @@ -378,7 +383,13 @@ ossec_hids_create_env() { echo return 1 fi - install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" + if [ ! -e "${ossec_resolv_conf}" ]; then + echo "ERROR: Missing \"${ossec_resolv_conf}\"." + echo + return 1 + fi + install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" + install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_resolv_conf}" "${ossec_home}${ossec_resolv_conf}" return 0 } Modified: head/security/ossec-hids-local/files/pkg-deinstall.in ============================================================================== --- head/security/ossec-hids-local/files/pkg-deinstall.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/files/pkg-deinstall.in Sat Jun 1 19:39:09 2019 (r503254) @@ -4,15 +4,12 @@ ossec_home="%%OSSEC_HOME%%" ar_conf="${ossec_home}/etc/shared/ar.conf" merged_mg="${ossec_home}/etc/shared/merged.mg" client_keys="${ossec_home}/etc/client.keys" -firewall_drop="${ossec_home}/active-response/bin/firewall-drop.sh" local_time="${ossec_home}/etc/localtime" +resolv_conf="${ossec_home}/etc/resolv.conf" if [ "$2" == "DEINSTALL" ]; then - rm -f "${ar_conf}" - rm -f "${merged_mg}" if [ ! -s "${client_keys}" ]; then rm -f "${client_keys}" fi - rm -f "${firewall_drop}" - rm -f "${local_time}" + rm -f "${ar_conf}" "${merged_mg}" "${local_time}" "${resolv_conf}" fi Modified: head/security/ossec-hids-local/files/pkg-install.in ============================================================================== --- head/security/ossec-hids-local/files/pkg-install.in Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/files/pkg-install.in Sat Jun 1 19:39:09 2019 (r503254) @@ -14,10 +14,14 @@ create_file() { } if [ "$2" == "POST-INSTALL" ]; then + if [ -z "${USER}" ]; then + USER=$(id -un) + fi + pw usermod %%OSSEC_USER%% -d "${ossec_home}" pw usermod ossecm -d "${ossec_home}" pw usermod ossecr -d "${ossec_home}" - chown %%USER%%:%%OSSEC_GROUP%% "${ossec_home}" + chown ${USER}:%%OSSEC_GROUP%% "${ossec_home}" - create_file "${client_keys}" root:ossec 0640 + create_file "${client_keys}" ${USER}:%%OSSEC_GROUP%% 0640 fi Modified: head/security/ossec-hids-local/pkg-plist-agent ============================================================================== --- head/security/ossec-hids-local/pkg-plist-agent Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/pkg-plist-agent Sat Jun 1 19:39:09 2019 (r503254) @@ -22,8 +22,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/util.sh @dir(,ossec,0550) %%OSSEC_HOME%%/etc @@ -43,6 +41,7 @@ @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -55,6 +54,7 @@ @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -77,3 +77,5 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac Modified: head/security/ossec-hids-local/pkg-plist-local ============================================================================== --- head/security/ossec-hids-local/pkg-plist-local Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/pkg-plist-local Sat Jun 1 19:39:09 2019 (r503254) @@ -42,8 +42,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @@ -74,6 +72,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -86,6 +85,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -112,10 +112,14 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @@ -123,6 +127,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @@ -160,6 +165,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @@ -196,5 +202,7 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema Modified: head/security/ossec-hids-local/pkg-plist-server ============================================================================== --- head/security/ossec-hids-local/pkg-plist-server Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/pkg-plist-server Sat Jun 1 19:39:09 2019 (r503254) @@ -42,8 +42,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @@ -74,6 +72,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -86,6 +85,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -112,10 +112,14 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @@ -123,6 +127,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @@ -160,6 +165,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @@ -196,5 +202,7 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema Added: head/security/ossec-hids-local/scripts/plist.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local/scripts/plist.conf Sat Jun 1 19:39:09 2019 (r503254) @@ -0,0 +1,30 @@ +#!/bin/sh + +fixed_lines=" +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac" +if [ "${OSSEC_TYPE}" != "agent" ]; then + fixed_lines="${fixed_lines} +%%MYSQL%%%%DOCSDIR%%/mysql.schema +%%PGSQL%%%%DOCSDIR%%/postgresql.schema" +fi + +skip_lines=" +%%PORTDOCS%%%%DOCSDIR%%/mysql.schema +%%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" + +skip_paths=" +/etc/ossec.conf +/etc/client.keys +/logs/active-responses.log +/logs/ossec.log +/lua" +if [ "${OSSEC_TYPE}" = "agent" ]; then + skip_paths="${skip_paths} +/rules +/agentless +/.ssh" +fi + +sample_paths=" +/etc/local_internal_options.conf.sample" Modified: head/security/ossec-hids-local/scripts/plist.sh ============================================================================== --- head/security/ossec-hids-local/scripts/plist.sh Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids-local/scripts/plist.sh Sat Jun 1 19:39:09 2019 (r503254) @@ -11,18 +11,11 @@ PLIST=$3 WORKDIR=$4 STAGEDIR=$5 -staged_plist="${WORKDIR}/.staged-plist" -fixed_lines="" -if [ "${OSSEC_TYPE}" != "agent" ]; then - fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema" -fi -skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" -skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua" -sample_paths="/etc/local_internal_options.conf.sample" -if [ "${OSSEC_TYPE}" == "agent" ]; then - skip_paths="${skip_paths} /rules /agentless /.ssh" -fi +. $(dirname "$0")/plist.conf +NL=$'\n' +IFS=${NL} + print_path() { local path="$1" local command="$2" @@ -34,33 +27,39 @@ print_path() { fi fi local user=`stat -f "%Su" "${full_path}"` - if [ "${user}" == "${USER}" ]; then + if [ "${user}" = "${USER}" ]; then user="" fi local group=`stat -f "%Sg" "${full_path}"` - if [ "${group}" == "${GROUP}" ]; then + if [ "${group}" = "${GROUP}" ]; then group="" fi local mode=`stat -f "%p" "${full_path}" | tail -c 5` - echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" + echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" } +contains() { + local list="$1" + local word="$2" + + for e in ${list}; do + if [ "${e}" = "${word}" ]; then + return 0 + fi + done + + return 1 +} + echo -n > "${PLIST}" print_path done_paths="" while read line; do - skip_line="" - for e in ${skip_lines}; do - if [ "${e}" == "${line}" ]; then - skip_line="${e}" - break - fi - done - if [ -z "${skip_line}" ]; then + if ! contains "${skip_lines}" "${line}"; then path="" - case $line in + case ${line} in "@dir %%OSSEC_HOME%%"*) path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` ;; @@ -68,7 +67,7 @@ while read line; do path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` ;; "%%"*) - unchanged_lines="${unchanged_lines} ${line}" + unchanged_lines="${unchanged_lines}${NL}${line}" ;; esac if [ -n "${path}" ]; then @@ -76,33 +75,12 @@ while read line; do path="" for segment in ${segments}; do path="${path}/${segment}" - skip_path="" - for e in ${skip_paths}; do - if [ "${e}" == "${path}" ]; then - skip_path="${e}" - break - fi - done - if [ -n "${skip_path}" ]; then + if contains "${skip_paths}" "${path}"; then break fi - done_path="" - for e in ${done_paths}; do - if [ "${e}" == "${path}" ]; then - done_path="${e}" - break - fi - done - if [ -z "${done_path}" ]; then - done_paths="${done_paths} ${path}" - sample_path="" - for e in ${sample_paths}; do - if [ "${e}" == "${path}" ]; then - sample_path="${e}" - break - fi - done - if [ -n "${sample_path}" ]; then + if ! contains "${done_paths}" "${path}"; then + done_paths="${done_paths}${NL}${path}" + if contains "${sample_paths}" "${path}"; then print_path "${path}" @sample else print_path "${path}" @@ -111,9 +89,9 @@ while read line; do done fi fi -done < "${staged_plist}" +done < "${WORKDIR}/.staged-plist" -unchanged_lines="${unchanged_lines} ${fixed_lines}" +unchanged_lines="${unchanged_lines}${NL}${fixed_lines}" for line in ${unchanged_lines}; do echo "${line}" >> "${PLIST}" done Added: head/security/ossec-hids-local/scripts/sanitize-stage.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local/scripts/sanitize-stage.sh Sat Jun 1 19:39:09 2019 (r503254) @@ -0,0 +1,16 @@ +#!/bin/sh + +# Script removes paths from stage to make stage-qa happy about "orphaned" files + +OSSEC_TYPE=$1 +OSSEC_HOME=$2 +STAGEDIR=$3 + +. $(dirname "$0")/plist.conf + +NL=$'\n' +IFS=${NL} + +for path in ${skip_paths}; do + rm -rf "${STAGEDIR}${OSSEC_HOME}${path}" +done Modified: head/security/ossec-hids/Makefile ============================================================================== --- head/security/ossec-hids/Makefile Sat Jun 1 19:19:48 2019 (r503253) +++ head/security/ossec-hids/Makefile Sat Jun 1 19:39:09 2019 (r503254) @@ -1,8 +1,8 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 -PORTREVISION= +PORTVERSION= 3.3.0 +PORTREVISION= 0 CATEGORIES= security MAINTAINER= dominik.lisiak@bemsoft.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201906011939.x51Jd9av084036>