Date: Fri, 9 Nov 2018 18:52:22 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484537 - in head: . security security/ossec-hids security/ossec-hids-agent security/ossec-hids-agent-config security/ossec-hids-client security/ossec-hids-local security/ossec-hids-loc... Message-ID: <201811091852.wA9IqMQh042181@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Fri Nov 9 18:52:21 2018 New Revision: 484537 URL: https://svnweb.freebsd.org/changeset/ports/484537 Log: security/ossec-hids-server: update from 2.8.3 to 3.1.0 PR: 232794 Submitted by: Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer) Added: head/security/ossec-hids/ head/security/ossec-hids-agent/ - copied from r484536, head/security/ossec-hids-client/ head/security/ossec-hids-agent-config/ head/security/ossec-hids-agent-config/Makefile (contents, props changed) head/security/ossec-hids-local-config/ head/security/ossec-hids-local-config/Makefile (contents, props changed) head/security/ossec-hids-local-config/distinfo (contents, props changed) head/security/ossec-hids-local-config/files/ head/security/ossec-hids-local-config/files/agent-conf.in (contents, props changed) head/security/ossec-hids-local-config/files/command-last-logins.sh.in (contents, props changed) head/security/ossec-hids-local-config/files/command-open-ports.sh.in (contents, props changed) head/security/ossec-hids-local-config/files/command.conf.in (contents, props changed) head/security/ossec-hids-local-config/files/merge-config.sh.in (contents, props changed) head/security/ossec-hids-local-config/files/message-agent-conf.in (contents, props changed) head/security/ossec-hids-local-config/files/message-ossec-conf.in (contents, props changed) head/security/ossec-hids-local-config/files/message-pf.in (contents, props changed) head/security/ossec-hids-local-config/files/ossec-conf.in (contents, props changed) head/security/ossec-hids-local-config/files/pkg-deinstall.in (contents, props changed) head/security/ossec-hids-local-config/files/pkg-install.in (contents, props changed) head/security/ossec-hids-local-config/files/rules-cmdout.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/rules-config.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-merge.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-ar-restart.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-header-disabled.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-header-enabled.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-header-sample.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-apache.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-basic.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-nginx.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-ossec.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-radius.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rules-config.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-rules-default.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-sample-agent.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-sample-database.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-sample-local.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-sample-server.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-syscheck-basic.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in (contents, props changed) head/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in (contents, props changed) head/security/ossec-hids-local-config/opt-ar.mk (contents, props changed) head/security/ossec-hids-local-config/opt-cmdout.mk (contents, props changed) head/security/ossec-hids-local-config/opt-logs.mk (contents, props changed) head/security/ossec-hids-local-config/opt-rootcheck.mk (contents, props changed) head/security/ossec-hids-local-config/opt-rules.mk (contents, props changed) head/security/ossec-hids-local-config/opt-syscheck.mk (contents, props changed) head/security/ossec-hids-local-config/pkg-descr (contents, props changed) head/security/ossec-hids-local-config/pkg-help-agent (contents, props changed) head/security/ossec-hids-local-config/pkg-help-local (contents, props changed) head/security/ossec-hids-local-config/pkg-help-server (contents, props changed) head/security/ossec-hids-local-config/pkg-plist-agent (contents, props changed) head/security/ossec-hids-local-config/pkg-plist-local (contents, props changed) head/security/ossec-hids-local-config/pkg-plist-server (contents, props changed) head/security/ossec-hids-local-config/scripts/ head/security/ossec-hids-local-config/scripts/plist.sh (contents, props changed) head/security/ossec-hids-local-config/scripts/rules.sh (contents, props changed) head/security/ossec-hids-local-config/scripts/template-to-agent.sh (contents, props changed) head/security/ossec-hids-local-config/scripts/template-to-ossec.sh (contents, props changed) head/security/ossec-hids-local/distinfo (contents, props changed) head/security/ossec-hids-local/files/ head/security/ossec-hids-local/files/message-config.in (contents, props changed) head/security/ossec-hids-local/files/message-database.in (contents, props changed) head/security/ossec-hids-local/files/message-firewall.in (contents, props changed) head/security/ossec-hids-local/files/message-header.in (contents, props changed) head/security/ossec-hids-local/files/ossec-hids.in (contents, props changed) head/security/ossec-hids-local/files/patch-src_Makefile (contents, props changed) head/security/ossec-hids-local/files/pkg-deinstall.in (contents, props changed) head/security/ossec-hids-local/files/pkg-install.in (contents, props changed) head/security/ossec-hids-local/files/restart-ossec.sh.in (contents, props changed) head/security/ossec-hids-local/pkg-descr (contents, props changed) head/security/ossec-hids-local/pkg-plist-agent (contents, props changed) head/security/ossec-hids-local/pkg-plist-local (contents, props changed) head/security/ossec-hids-local/pkg-plist-server (contents, props changed) head/security/ossec-hids-local/scripts/ head/security/ossec-hids-local/scripts/plist.sh (contents, props changed) head/security/ossec-hids-server-config/ head/security/ossec-hids-server-config/Makefile (contents, props changed) head/security/ossec-hids/Makefile (contents, props changed) head/security/ossec-hids/pkg-descr (contents, props changed) Deleted: head/security/ossec-hids-agent/pkg-plist.client head/security/ossec-hids-client/ head/security/ossec-hids-server/distinfo head/security/ossec-hids-server/files/ head/security/ossec-hids-server/pkg-descr head/security/ossec-hids-server/pkg-plist Modified: head/MOVED head/UIDs head/UPDATING head/security/Makefile head/security/ossec-hids-agent/Makefile head/security/ossec-hids-local/Makefile head/security/ossec-hids-server/Makefile Modified: head/MOVED ============================================================================== --- head/MOVED Fri Nov 9 18:14:43 2018 (r484536) +++ head/MOVED Fri Nov 9 18:52:21 2018 (r484537) @@ -10623,3 +10623,4 @@ science/fvm|science/code_saturne|2018-11-04|Code_Satur science/mei|science/code_saturne|2018-11-04|Code_Saturne merged bft, ecs, fvm, mei and ncs x11-wm/cde|x11/cde|2018-11-03|Recategorise misc/rumprun||2018-11-06|Has expired: "fails with current compilers" +security/ossec-hids-client|security/ossec-hids-agent|2018-10-29|Agent is the name used in documentation Modified: head/UIDs ============================================================================== --- head/UIDs Fri Nov 9 18:14:43 2018 (r484536) +++ head/UIDs Fri Nov 9 18:52:21 2018 (r484537) @@ -912,9 +912,9 @@ zookeeper:*:962:962::0:0:zookeeper user:/nonexistent:/ fluentd:*:963:963::0:0:fluentd user:/nonexistent:/usr/sbin/nologin git_daemon:*:964:964::0:0:git daemon:/nonexistent:/usr/sbin/nologin elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin -ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin -ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin -ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin +ossec:*:966:966::0:0:OSSEC user:/nonexistent:/usr/sbin/nologin +ossecm:*:967:966::0:0:OSSEC mail user:/nonexistent:/usr/sbin/nologin +ossecr:*:968:966::0:0:OSSEC rem user:/nonexistent:/usr/sbin/nologin kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin Modified: head/UPDATING ============================================================================== --- head/UPDATING Fri Nov 9 18:14:43 2018 (r484536) +++ head/UPDATING Fri Nov 9 18:52:21 2018 (r484537) @@ -5,6 +5,38 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20181109 + AFFECTS: users of security/ossec-hids-server + AUTHOR: dominik.lisiak@bemsoft.pl + + The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". + + If using database output, you need to recreate database using new schema + provided in /usr/local/share/doc/ossec-hids. + +20181109 + AFFECTS: users of security/ossec-hids-local + AUTHOR: dominik.lisiak@bemsoft.pl + + The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". + + If using database output, you need to recreate database using new schema + provided in /usr/local/share/doc/ossec-hids. + +20181109 + AFFECTS: users of security/ossec-hids-client + AUTHOR: dominik.lisiak@bemsoft.pl + + The ossec-hids-client port has been renamed to ossec-hids-agent. + Portmaster users will need to run this command: + + portmaster -o security/ossec-hids-agent security/ossec-hids-client + + If the switch doesn't happen automatically for you, just delete the + ossec-hids-client package and install ossec-hids-agent. + + The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable". + 20181104: AFFECTS: users of sysutils/ansible* AUTHOR: lifanov@FreeBSD.org Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Fri Nov 9 18:14:43 2018 (r484536) +++ head/security/Makefile Fri Nov 9 18:52:21 2018 (r484537) @@ -490,9 +490,13 @@ SUBDIR += ophcrack SUBDIR += orthrus SUBDIR += osiris - SUBDIR += ossec-hids-client + SUBDIR += ossec-hids + SUBDIR += ossec-hids-agent + SUBDIR += ossec-hids-agent-config SUBDIR += ossec-hids-local + SUBDIR += ossec-hids-local-config SUBDIR += ossec-hids-server + SUBDIR += ossec-hids-server-config SUBDIR += osslsigncode SUBDIR += otpw SUBDIR += outguess Added: head/security/ossec-hids-agent-config/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-agent-config/Makefile Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +OSSEC_TYPE= agent + +MASTERDIR= ${.CURDIR}/../ossec-hids-local-config + +.include "${MASTERDIR}/Makefile" Modified: head/security/ossec-hids-agent/Makefile ============================================================================== --- head/security/ossec-hids-client/Makefile Fri Nov 9 18:14:43 2018 (r484536) +++ head/security/ossec-hids-agent/Makefile Fri Nov 9 18:52:21 2018 (r484537) @@ -1,13 +1,7 @@ -# Created by: Valerio Daelli <valerio.daelli@gmail.com> # $FreeBSD$ -PORTREVISION= 0 -COMMENT= Client port of ossec-hids +OSSEC_TYPE= agent -CLIENT_ONLY= yes - -MASTERDIR= ${.CURDIR}/../ossec-hids-server - -PLIST= ${.CURDIR}/pkg-plist.client +MASTERDIR= ${.CURDIR}/../ossec-hids-local .include "${MASTERDIR}/Makefile" Added: head/security/ossec-hids-local-config/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/Makefile Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,460 @@ +# $FreeBSD$ + +PORTNAME= ossec-hids +PORTVERSION= 3.1.0 +PORTREVISION= +CATEGORIES= security +PKGNAMESUFFIX= -${OSSEC_TYPE}-config + +MAINTAINER= dominik.lisiak@bemsoft.pl +COMMENT= Configuration manager for ossec-hids + +LICENSE= GPLv2 + +OSSEC_TYPE?= local + +MASTERDIR?= ${.CURDIR} + +.if ${OSSEC_TYPE} == local +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == agent +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-local-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == server +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-local-* +.endif + +.if !defined(MAINTAINER_MODE) +RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE} +.endif + +.if defined(MAINTAINER_MODE) +USE_GITHUB= yes +GH_ACCOUNT= ossec +.else +MASTER_SITES= # +DISTFILES= # +EXTRACT_ONLY= # +.endif +NO_BUILD= yes +NO_ARCH= yes + +OPTIONS_SUB= yes + +OPTIONS_SINGLE= FIREWALL +OPTIONS_SINGLE_FIREWALL= IPF IPFW PF + +OPTIONS_DEFAULT+= IPF + +FIREWALL_DESC= Active Response Firewall +PF_DESC= Packet Filter +IPFW_DESC= ipfirewall +IPF_DESC= ipfilter + +TEMPL_ENABLED_HEADER= template-header-enabled.xml +TEMPL_DISABLED_HEADER= template-header-disabled.xml +TEMPL_SAMPLE_HEADER= template-header-sample.xml +TEMPL_PUSHED_ENABLED_HEADER= ${TEMPL_ENABLED_HEADER} +TEMPL_PUSHED_DISABLED_HEADER= ${TEMPL_DISABLED_HEADER} + +TEMPL_SAMPLE= template-sample-${OSSEC_TYPE}.xml +TEMPL_SAMPLE_DB= template-sample-database.xml + +PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf +IPFW_VARS= FW_DROP=ipfw.sh +IPF_VARS= FW_DROP=ipfilter.sh + +.if defined(MAINTAINER_MODE) +OSSEC_HOME= ${PREFIX}/${PORTNAME} +.else +OSSEC_HOME?= ${PREFIX}/${PORTNAME} +.endif +OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids +TEMPL_TO_OSSEC= ${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME} +TEMPL_TO_AGENT= ${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME} + +OSSEC_DIR= ${STAGEDIR}${OSSEC_HOME} +BIN_DIR= ${OSSEC_DIR}/bin +CONF_BIN_DIR= ${BIN_DIR}/config +OSSEC_CONF_BIN= ${CONF_BIN_DIR}/ossec-conf +AGENT_CONF_BIN= ${CONF_BIN_DIR}/agent-conf +COMMAND_BIN_DIR= ${BIN_DIR}/command + +AR_BIN_DIR= ${OSSEC_DIR}/active-response/bin +MERGE_CONFIG_BIN= ${AR_BIN_DIR}/merge-config.sh + +ETC_DIR= ${OSSEC_DIR}/etc +OSSEC_CONF_DIR= ${ETC_DIR}/ossec.conf.d +AGENT_CONF_DIR= ${ETC_DIR}/agent.conf.d +OSSEC_LOCAL_CONF_DIR= ${OSSEC_CONF_DIR}/disabled +AGENT_LOCAL_CONF_DIR= ${AGENT_CONF_DIR}/disabled +OSSEC_SAMPLE_CONF= ${OSSEC_CONF_DIR}/900.local.conf.sample +COMMAND_CONF_DIR= ${ETC_DIR} +COMMAND_CONF= ${COMMAND_CONF_DIR}/command.conf.sample +RULES_DIR= ${OSSEC_DIR}/rules + +.if empty(USER) +USER=$$(${ID} -un) +.endif +.if empty(GROUP) +GROUP=$$(${ID} -gn) +.endif + +OSSEC_USER= ossec +OSSEC_GROUP= ossec + +SUB_LIST+= PORTNAME=${PORTNAME} \ + OSSEC_TYPE=${OSSEC_TYPE} \ + OSSEC_HOME=${OSSEC_HOME} \ + VERSION=${PORTVERSION} \ + USER=${USER} \ + OSSEC_USER=${OSSEC_USER} \ + OSSEC_GROUP=${OSSEC_GROUP} \ + OSSEC_RC=${OSSEC_RC} \ + FW_DROP=${FW_DROP} +SUB_FILES= pkg-install \ + pkg-deinstall \ + ${PKGMSG_FILES} \ + ${TEMPL_ENABLED_HEADER} \ + ${TEMPL_DISABLED_HEADER} \ + ${TEMPL_SAMPLE_HEADER} \ + ${TEMPL_PUSHED_ENABLED_HEADER} \ + ${TEMPL_PUSHED_DISABLED_HEADER} \ + ${TEMPL_SAMPLE} \ + merge-config.sh \ + ossec-conf \ + command.conf +.if ${OSSEC_TYPE} == server +SUB_FILES+= agent-conf +.endif + +.if defined(MAINTAINER_MODE) +PLIST_SUB= OSSEC_HOME=${PORTNAME} +.else +PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} +.endif +PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} +PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} +PKGMESSAGE= ${WRKDIR}/pkg-message +PKGMSG_FILES= message-ossec-conf +.if ${OSSEC_TYPE} == server +PKGMSG_FILES+= message-agent-conf +.endif + +CONF_GROUPS= RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. include "${MASTERDIR}/opt-${conf_group:tl}.mk" +${conf_group}_INSTANCE_OPTIONS= +${conf_group}_PUSHED_OPTIONS= +. for option in ${${conf_group}_OPTIONS} +. if ${${option}_DEFINE:M${OSSEC_TYPE}} +${conf_group}_INSTANCE_OPTIONS+= ${option} +${conf_group}_ALL_OPTIONS+= ${option} +. endif +. if ${${option}_DEFINE:Mpushed} +. if ${OSSEC_TYPE} == server +${conf_group}_PUSHED_OPTIONS+= ${option} +. endif +. if !${${conf_group}_ALL_OPTIONS:M${option}} +${conf_group}_ALL_OPTIONS+= ${option} +. endif +. endif +. endfor +.endfor + +############################################################ + +CONFIG_PROFILES= +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PROFILE) +. if ${OSSEC_TYPE} == agent +. if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}} +CONFIG_PROFILES+= ${${conf_group}_PROFILE} +. endif +. endif +SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE} +. endif +. for option in ${${conf_group}_ALL_OPTIONS} +. if !empty(${option}_PROFILE) +. if ${OSSEC_TYPE} == agent +. if !${CONFIG_PROFILES:M${${option}_PROFILE}} +CONFIG_PROFILES+= ${${option}_PROFILE} +. endif +. endif +SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE} +. endif +. endfor +.endfor + +.for profile in ${CONFIG_PROFILES} +. if empty(CONFIG_PROFILE_VALUE) +CONFIG_PROFILE_VALUE:= ${profile} +. else +CONFIG_PROFILE_VALUE:= ${CONFIG_PROFILE_VALUE}, ${profile} +. endif +.endfor +SUB_LIST+= CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}" + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_ALL_OPTIONS} +. if !defined(${option}_TEMPLATE) +${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml +. endif +. if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}} +SUB_FILES+= ${${option}_TEMPLATE} +. endif +. endfor +.endfor + +.for file_name in ${RULES_FILES} +SUB_FILES+= rules-${file_name}.xml +.endfor + +.for file_name in ${CMDOUT_SCRIPTS} +SUB_FILES+= command-${file_name}.sh +.endfor + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_OPTION) +OPTIONS_GROUP_G_${conf_group}+= ${${option}_OPTION} +${${option}_OPTION}_DESC= ${${option}_DESC} +. if ${${option}_DEFAULT:M${OSSEC_TYPE}} +OPTIONS_DEFAULT+= ${${option}_OPTION} +. endif +${${option}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} +${${option}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} +. endif +. endfor +. if !empty(OPTIONS_GROUP_G_${conf_group}) +OPTIONS_GROUP+= G_${conf_group} +G_${conf_group}_DESC= ${${conf_group}_DESC} +. endif +.endfor + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_OPTION) +OPTIONS_GROUP_G_${conf_group}_P+= ${${option}_OPTION}_P +${${option}_OPTION}_P_DESC= ${${option}_DESC} +. if !empty(${option}_PROFILE) +${${option}_OPTION}_P_DESC+= (profile: ${${option}_PROFILE}) +. endif +. if ${${option}_DEFAULT:Mpushed} +OPTIONS_DEFAULT+= ${${option}_OPTION}_P +. endif +${${option}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${option}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. endif +. endfor +. if !empty(OPTIONS_GROUP_G_${conf_group}_P) +OPTIONS_GROUP+= G_${conf_group}_P +G_${conf_group}_P_DESC= Pushed ${${conf_group}_DESC} +. if !empty(${conf_group}_PROFILE) +G_${conf_group}_P_DESC+= (profile: ${${conf_group}_PROFILE}) +. endif +. endif +.endfor + +############################################################ + +.include <bsd.port.pre.mk> + +show-opts: +.for conf_group in ${CONF_GROUPS} + @${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}" +. for option in ${${conf_group}_INSTANCE_OPTIONS} + @${ECHO_CMD} " ${option}: ${${option}_DESC}" +. if empty(${option}_TEMPLATE) + @${ECHO_CMD} " Template: -" +. else + @${ECHO_CMD} " Template: ${${option}_TEMPLATE}" +. endif +. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} + @${ECHO_CMD} " Enabled: true" +. endif +. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} + @${ECHO_CMD} " Enabled: false" +. endif +. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} + @${ECHO_CMD} " Pushed: true" +. endif +. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} + @${ECHO_CMD} " Pushed: false" +. endif +. endfor +.endfor + +pre-install: + @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \ + ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \ + ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} + @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \ + ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \ + ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} + +ossec-dirs: + @${MKDIR} ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR} +.if ${OSSEC_TYPE} != agent + @${MKDIR} ${RULES_DIR} +.endif +.if ${OSSEC_TYPE} == server + @${MKDIR} ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} +.endif + +ossec-scripts: + @${CP} ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN} +.if ${OSSEC_TYPE} == server + @${CP} ${WRKDIR}/agent-conf ${AGENT_CONF_BIN} +.endif +.for file_name in ${CMDOUT_SCRIPTS} + @${CP} ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh +.endfor + @${CP} ${WRKDIR}/command.conf ${COMMAND_CONF} + @${CP} ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN} + +ossec-rules: +.if ${OSSEC_TYPE} != agent +. for file_name in ${RULES_FILES} + @${SED} -e 's|<?xml.*?>||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml +. endfor +.endif + +ossec-conf-managed: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_INSTANCE_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +ossec-conf-local: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_INSTANCE_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +ossec-conf-sample: + @${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF} + @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF} + @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + @-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \ + ${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \ + ${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + +agent-conf-managed: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PUSHED_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +agent-conf-local: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PUSHED_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local + +ossec-permissions: + @${CHMOD} -R 550 ${OSSEC_DIR} + @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/* + @${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} +.if ${OSSEC_TYPE} != agent + @${CHMOD} 640 ${RULES_DIR}/* +.endif +.if ${OSSEC_TYPE} == server + @${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/* + @${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} +.endif +.if defined(MAINTAINER_MODE) + @${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR} + @${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR} +.endif + +post-install: ossec-permissions + @${ECHO_CMD} -n > ${PKGMESSAGE} +.for file_name in ${PKGMSG_FILES} + @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} + @${ECHO_CMD} >> ${PKGMESSAGE} +.endfor + +.if defined(MAINTAINER_MODE) +plist: makeplist + @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} + +rules: extract + @${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC} +.endif + +.include <bsd.port.post.mk> Added: head/security/ossec-hids-local-config/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/distinfo Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,3 @@ +TIMESTAMP = 1539459620 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 Added: head/security/ossec-hids-local-config/files/agent-conf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/agent-conf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,33 @@ +#!/bin/sh + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" + +agent_conf_dir="${ossec_home}/etc/agent.conf.d" +agent_conf_files="${agent_conf_dir}/*.conf" + +select_elements() { + local element="$1" + sed -n "/<${element}.*>/,/<\/${element}>/p" +} + +remove_comments() { + # Comments must be on separate lines i.e. not next to uncommented code + awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' +} + +remove_empty_lines() { + sed '/^\s*$/d' +} + +agent_conf() { + + echo "<!-- OSSEC HIDS %%VERSION%% -->" + echo + echo "<!-- DO NOT EDIT - file generated automatically - edit \"agent.conf.d/900.local.conf\" instead -->" + echo + + cat $@ | remove_comments | select_elements "agent_config" | remove_empty_lines +} + +agent_conf "${agent_conf_files}" Added: head/security/ossec-hids-local-config/files/command-last-logins.sh.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/command-last-logins.sh.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,8 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +ossec_home="%%OSSEC_HOME%%" +. "${ossec_home}/etc/command.conf" + +last -n ${last_logins} Added: head/security/ossec-hids-local-config/files/command-open-ports.sh.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/command-open-ports.sh.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,19 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +family=$1 +protocol=$2 +ports=$3 + +if [ -z "${ports}" ]; then + privileged_ports="1-$((`sysctl -n net.inet.ip.portrange.first` - 1))" + + ossec_home="%%OSSEC_HOME%%" + . "${ossec_home}/etc/command.conf" + + ports="privileged_${protocol}_ports" + eval ports=\$${ports} +fi + +sockstat -l -${family} -P ${protocol} -p ${ports} | grep -Eo '[^[:space:]]+:[0-9]+' | sort -u Added: head/security/ossec-hids-local-config/files/command.conf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/command.conf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,6 @@ +#!/bin/sh + +last_logins=5 + +privileged_tcp_ports=${privileged_ports},10050-10051 +privileged_udp_ports=${privileged_ports} Added: head/security/ossec-hids-local-config/files/merge-config.sh.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/merge-config.sh.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,32 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" +ossec_rc="%%OSSEC_RC%%" + +ACTION=$1 +USER=$2 +IP=$3 + +LOCAL=`dirname $0`; +cd $LOCAL +cd ../../tmp + +# Logging the call +echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log" + +case ${ACTION} in + add) + "${ossec_rc}" merge_config + exit 0 + ;; + delete) + exit 0 + ;; + *) + echo "$0: invalid action: ${ACTION}" + exit 1 + ;; +esac Added: head/security/ossec-hids-local-config/files/message-agent-conf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/message-agent-conf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,3 @@ +The "agent.conf" must no longer be used for configuration. It will be +overwritten by merged "*.conf" files from the configuration directory: +%%OSSEC_HOME%%/etc/agent.conf.d Added: head/security/ossec-hids-local-config/files/message-ossec-conf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/message-ossec-conf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,3 @@ +The "ossec.conf" must no longer be used for configuration. It will be +overwritten by merged "*.conf" files from the configuration directory: +%%OSSEC_HOME%%/etc/ossec.conf.d Added: head/security/ossec-hids-local-config/files/message-pf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/message-pf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,4 @@ +Add the ossec_fwtable to /etc/pf.conf if using "firewall-drop" active response: + table <ossec_fwtable> persist + block in quick from <ossec_fwtable> to any + block out quick from any to <ossec_fwtable> Added: head/security/ossec-hids-local-config/files/ossec-conf.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/ossec-conf.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,60 @@ +#!/bin/sh + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" + +ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" +ossec_conf_files="${ossec_conf_dir}/*.conf" + +select_elements_content() { + local element="$1" + sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }" +} + +remove_elements() { + local element="$1" + sed -e "/<${element}>/,/<\/${element}>/d" +} + +remove_comments() { + # Comments must be on separate lines i.e. not next to uncommented code + awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' +} + +remove_empty_lines() { + sed '/^\s*$/d' +} + +ossec_conf() { + echo "<!-- OSSEC HIDS %%VERSION%% -->" + echo + echo "<!-- DO NOT EDIT - file generated automatically - edit \"ossec.conf.d/900.local.conf\" instead -->" + echo + echo "<ossec_config>" + + if [ "${ossec_type}" != "agent" ]; then + if cat $@ | remove_comments | grep -q "<rules>"; then + echo " <rules>" + cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines + echo " </rules>" + fi + fi + + if cat $@ | remove_comments | grep -q "<rootcheck>"; then + echo " <rootcheck>" + cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines + echo " </rootcheck>" + fi + + if cat $@ | remove_comments | grep -q "<syscheck>"; then + echo " <syscheck>" + cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines + echo " </syscheck>" + fi + + cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" | remove_elements "syscheck" | remove_empty_lines + + echo "</ossec_config>" +} + +ossec_conf "${ossec_conf_files}" Added: head/security/ossec-hids-local-config/files/pkg-deinstall.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/pkg-deinstall.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,10 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +ossec_conf="${ossec_home}/etc/ossec.conf" +agent_conf="${ossec_home}/etc/shared/agent.conf" + +if [ "$2" == "DEINSTALL" ]; then + rm -f "${ossec_conf}" + rm -f "${agent_conf}" +fi Added: head/security/ossec-hids-local-config/files/pkg-install.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/pkg-install.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,32 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +ar_bin_dir="${ossec_home}/active-response/bin" +ossec_conf="${ossec_home}/etc/ossec.conf" +ossec_conf_bak="${ossec_conf}.bak" +agent_conf="${ossec_home}/etc/shared/agent.conf" +agent_conf_bak="${ossec_home}/etc/agent.conf.bak" + +if [ "$2" == "POST-INSTALL" ]; then + ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + + if [ -e "${ossec_conf}" ]; then + mv -f "${ossec_conf}" "${ossec_conf_bak}" + echo + echo "WARNING:" + echo " Existing \"${ossec_conf}\" has been saved to \"${ossec_conf_bak}\"." + echo + fi + + case "$1" in + ossec-hids-server*) + if [ -e "${agent_conf}" ]; then + mv -f "${agent_conf}" "${agent_conf_bak}" + echo + echo "WARNING:" + echo " Existing \"${agent_conf}\" has been saved to \"${agent_conf_bak}\"." + echo + fi + ;; + esac +fi Added: head/security/ossec-hids-local-config/files/rules-cmdout.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/rules-cmdout.xml.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<group name="ossec,"> + + <rule id="56041" level="1"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-last-logins'</match> + <check_diff /> + <description>List of the last logged in users.</description> + </rule> + + <rule id="56042" level="1"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-tcp4-all'</match> + <check_diff /> + <description>Listening IPv4 TCP port opened or closed.</description> + </rule> + + <rule id="56043" level="7"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-tcp4'</match> + <check_diff /> + <description>Listening IPv4 TCP port opened or closed.</description> + </rule> + + <rule id="56044" level="1"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-tcp6-all'</match> + <check_diff /> + <description>Listening IPv6 TCP port opened or closed.</description> + </rule> + + <rule id="56045" level="7"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-tcp6'</match> + <check_diff /> + <description>Listening IPv6 TCP port opened or closed.</description> + </rule> + + <rule id="56046" level="1"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-udp4-all'</match> + <check_diff /> + <description>Listening IPv4 UDP port opened or closed.</description> + </rule> + + <rule id="56047" level="7"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-udp4'</match> + <check_diff /> + <description>Listening IPv4 UDP port opened or closed.</description> + </rule> + + <rule id="56048" level="1"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-udp6-all'</match> + <check_diff /> + <description>Listening IPv6 UDP port opened or closed.</description> + </rule> + + <rule id="56049" level="7"> + <if_sid>530</if_sid> + <match>ossec: output: 'freebsd-open-ports-udp6'</match> + <check_diff /> + <description>Listening IPv6 UDP port opened or closed.</description> + </rule> + +</group> Added: head/security/ossec-hids-local-config/files/rules-config.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/rules-config.xml.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<group name="ossec,"> + + <rule id="56001" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>%%OSSEC_HOME%%/etc/ossec.conf.d</match> + <description>ossec.conf.d has been modified</description> + </rule> + + <rule id="56002" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>%%OSSEC_HOME%%/etc/ossec.conf</match> + <description>ossec.conf has been modified</description> + </rule> + + <rule id="56003" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>/var/ossec/etc/ossec.conf.d</match> + <description>ossec.conf.d has been modified</description> + </rule> + + <rule id="56004" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>/var/ossec/etc/ossec.conf</match> + <description>ossec.conf has been modified</description> + </rule> + + <rule id="56021" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>%%OSSEC_HOME%%/etc/agent.conf.d</match> + <description>agent.conf.d has been modified</description> + </rule> + + <rule id="56022" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>%%OSSEC_HOME%%/etc/shared/agent.conf</match> + <description>agent.conf has been modified</description> + </rule> + + <rule id="56023" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>/var/ossec/etc/agent.conf.d</match> + <description>agent.conf.d has been modified</description> + </rule> + + <rule id="56024" level="10" ignore="10"> + <if_group>syscheck</if_group> + <match>/var/ossec/etc/shared/agent.conf</match> + <description>agent.conf has been modified</description> + </rule> + +</group> Added: head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<template_config> + + <command> + <name>host-deny</name> + <executable>host-deny.sh</executable> + <expect>srcip</expect> + <timeout_allowed>yes</timeout_allowed> + </command> + + <command> + <name>firewall-drop</name> + <executable>firewall-drop.sh</executable> + <expect>srcip</expect> + <timeout_allowed>yes</timeout_allowed> + </command> + + <command> + <name>disable-account</name> + <executable>disable-account.sh</executable> + <expect>user</expect> + <timeout_allowed>yes</timeout_allowed> + </command> + + <command> + <name>restart-ossec</name> + <executable>restart-ossec.sh</executable> + <expect></expect> + </command> + + <command> + <name>route-null</name> + <executable>route-null.sh</executable> + <expect>srcip</expect> + <timeout_allowed>yes</timeout_allowed> + </command> + +</template_config> Added: head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in Fri Nov 9 18:52:21 2018 (r484537) @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<template_config> + + <command> + <name>merge-config</name> + <executable>merge-config.sh</executable> + <expect></expect> + </command> + +</template_config> Added: head/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811091852.wA9IqMQh042181>