Date: 12 Dec 2005 20:02:10 -0000 From: David Thiel <lx@redundancy.redundancy.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/90305: Update: security/samhain 2.0.10 -> 2.1.0 Message-ID: <20051212200210.93019.qmail@redundancy.redundancy.org> Resent-Message-ID: <200512122010.jBCKA23Z007433@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 90305 >Category: ports >Synopsis: Update: security/samhain 2.0.10 -> 2.1.0 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Dec 12 20:10:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: David Thiel >Release: FreeBSD 6.0-STABLE i386 >Organization: >Environment: System: FreeBSD redundancy.redundancy.org 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Nov 26 15:38:42 PST 2005 lx@redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386 >Description: Updating the Samhain integrity checking system to 2.1.0, a bugfix release. It's been requested by several people to break Samhain out into separate client and server ports. This PR does that, with a samhain-client and samhain-server port, as slave ports off of samhain. I'm not sure the best way to submit a PR to do this kind of action, but here is a shar of all three ports. If another format is desired, please let me know. I'm also interested in feedback on the approach used for splitting these out. >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # samhain # samhain/Makefile # samhain/distinfo # samhain/pkg-descr # samhain/pkg-plist # samhain/files # samhain/files/fixsamhainrc.patch # samhain/files/fixyulerc.patch # samhain-client # samhain-client/Makefile # samhain-server # samhain-server/Makefile # echo c - samhain mkdir -p samhain > /dev/null 2>&1 echo x - samhain/Makefile sed 's/^X//' >samhain/Makefile << 'END-of-samhain/Makefile' X# New ports collection makefile for: samhain X# Date created: 9 January 2003 X# Whom: lx X# X# $FreeBSD: ports/security/samhain/Makefile,v 1.30 2005/09/22 07:15:29 vsevolod Exp $ X XPORTNAME= samhain XPORTVERSION= 2.1.0 XCATEGORIES= security XMASTER_SITES= http://la-samhna.de/archive/ \ X http://cold.darkambient.net/ XDISTNAME= samhain_signed-${PORTVERSION} X XMAINTAINER= lx@redundancy.redundancy.org XCOMMENT= The Samhain Intrusion Detection System X XOPTIONS= KCHECK "Enable rogue KLD detection" off \ X GPG "Enable GnuPG support" off \ X MYSQL "Enable MySQL logging" off \ X POSTGRESQL "Enable PostgreSQL logging" off \ X XML_LOGS "Enable XML-formatted logs" on \ X LIBWRAP "Enable TCP wrapper support" on X XWRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} X XCONFLICTS= samhain-client-2* X X.include <bsd.port.pre.mk> X X.if defined(WITH_GPG) XBUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg X.endif X XGNU_CONFIGURE= yes XCONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \ X --mandir=${PREFIX}/man --enable-suidcheck X X.if !defined(WITHOUT_XML_LOGS) XCONFIGURE_ARGS+= --enable-xml-log X.endif X.if defined(WITH_RUNAS_USER) XCONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER} X.else XCONFIGURE_ARGS+= --enable-identity=yule X.endif X.if defined(WITH_KCHECK) XCONFIGURE_ARGS+= --with-kcheck X.endif X.if defined(WITH_GPG) XCONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg X.endif X.if defined(WITH_MYSQL) XCONFIGURE_ARGS+= --with-database=mysql \ X --with-cflags=-I${LOCALBASE}/include/mysql \ X --with-libs=-L${LOCALBASE}/lib/mysql X.endif X.if defined(WITH_POSTGRESQL) XCONFIGURE_ARGS+= --with-database=postgresql X.endif X.if !defined(WITHOUT_LIBWRAP) XCONFIGURE_ARGS+= --with-libwrap X.endif X.if defined(WITH_CLIENT) XCONFIGURE_ARGS+= --enable-network=client \ X --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ X --with-config-file=REQ_FROM_SERVER XPLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " XEXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch XMAN5= samhainrc.5 XMAN8= samhain.8 X.elif defined(WITH_SERVER) XCONFIGURE_ARGS+= --enable-network=server XPLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " XEXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch XMAN5= yulerc.5 XMAN8= yule.8 X.else XPLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " XEXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch XMAN5= samhainrc.5 XMAN8= samhain.8 X.endif X.if defined(WITH_LOG_SERVER) XCONFIGURE_ARGS+= --with-logserver=${WITH_LOG_SERVER} X.endif X.if defined(WITH_ALT_LOG_SERVER) XCONFIGURE_ARGS+= --with-altlogserver=${WITH_ALT_LOG_SERVER} X.endif X Xpre-everything:: X X.if !defined(WITH_CLIENT) && !defined(WITH_SERVER) X @${ECHO_MSG} X @${ECHO_MSG} "Building Samhain in standalone mode." X @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" X @${ECHO_MSG} "now, and build samhain from the samhain-client and" X @${ECHO_MSG} "samhain-server ports." X @${ECHO_MSG} X.endif X X.if defined(WITH_CLIENT) && defined(WITH_SERVER) XIGNORE= Can't build client and server at once X.endif X X.if defined(WITH_KCHECK) X @${ECHO_MSG} X @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem" X @${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit" X @${ECHO_MSG} "Control-C and restart the build as root." X @${ECHO_MSG} X.endif X X.if defined(WITH_MYSQL) && !defined(WITH_XML_LOGS) XIGNORE= XML logging is required to log to MySQL X.endif X X.if defined(WITH_POSTGRESQL) && !defined(WITH_XML_LOGS) XIGNORE= XML logging is required to log to Postgres X.endif X Xpost-extract: X @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz X @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc X Xpost-install: X.if !defined(WITH_SERVER) X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh.sample X @${CP} ${WRKSRC}/samhainrc ${PREFIX}/etc/samhainrc.sample X @${CHGRP} wheel ${PREFIX}/etc/samhainrc.sample X.else X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh.sample X @${CP} ${WRKSRC}/yulerc ${PREFIX}/etc/yulerc.sample X.endif X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_0.ps ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_0.html.tar ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/README ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${DOCSDIR} X.endif X Xinstall-user: X @(cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} install-user) X X.include <bsd.port.post.mk> END-of-samhain/Makefile echo x - samhain/distinfo sed 's/^X//' >samhain/distinfo << 'END-of-samhain/distinfo' XMD5 (samhain_signed-2.1.0.tar.gz) = 295eae6715c9c3e6af3dcafad52f761e XSIZE (samhain_signed-2.1.0.tar.gz) = 1312114 END-of-samhain/distinfo echo x - samhain/pkg-descr sed 's/^X//' >samhain/pkg-descr << 'END-of-samhain/pkg-descr' XSamhain is an open source file integrity and host-based intrusion Xdetection system for Linux and Unix. It can run as a daemon process, Xand and thus can remember file changes - contrary to a tool that runs Xfrom cron, if a file is modified you will get only one report, while Xsubsequent checks of that file will ignore the modification as it is Xalready reported (unless the file is modified again). X XSamhain can optionally be used as client/server system to provide Xcentralized monitoring for multiple host. Logging to a (MySQL or XPostgreSQL) database is supported. X XWWW: http://la-samhna.de/samhain/ END-of-samhain/pkg-descr echo x - samhain/pkg-plist sed 's/^X//' >samhain/pkg-plist << 'END-of-samhain/pkg-plist' X@comment $FreeBSD: ports/security/samhain/pkg-plist,v 1.4 2004/11/02 18:12:13 pav Exp $ X%%YULE%%etc/yulerc.sample X%%YULE%%sbin/yule_setpwd X%%YULE%%sbin/yule X%%YULE%%etc/rc.d/yule.sh.sample X%%YULE%%@unexec rmdir /var/lib/yule 2>/dev/null || true X%%SAMHAIN%%sbin/samhain X%%SAMHAIN%%etc/rc.d/samhain.sh.sample X%%SAMHAIN%%etc/samhainrc.sample X%%SAMHAIN%%@unexec rmdir /var/lib/samhain 2>/dev/null || true X%%SETPWD%%sbin/samhain_setpwd X%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_0.ps X%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_0.html.tar X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html X%%PORTDOCS%%%%DOCSDIR%%/FAQ.html X%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE X%%PORTDOCS%%%%DOCSDIR%%/README X%%PORTDOCS%%%%DOCSDIR%%/BUGS X%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt X%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt X%%PORTDOCS%%@dirrm %%DOCSDIR%% END-of-samhain/pkg-plist echo c - samhain/files mkdir -p samhain/files > /dev/null 2>&1 echo x - samhain/files/fixsamhainrc.patch sed 's/^X//' >samhain/files/fixsamhainrc.patch << 'END-of-samhain/files/fixsamhainrc.patch' X--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 X+++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 X@@ -13,7 +13,7 @@ X mandir=@mandir@ X X sysconfdir=@sysconfdir@ X-configfile=@myconffile@ X+configfile=/usr/local/etc/samhainrc.sample X X pid_file=@mylockfile@ X pid_dir=@mylockdir@ END-of-samhain/files/fixsamhainrc.patch echo x - samhain/files/fixyulerc.patch sed 's/^X//' >samhain/files/fixyulerc.patch << 'END-of-samhain/files/fixyulerc.patch' X--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 X+++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 X@@ -13,7 +13,7 @@ X mandir=@mandir@ X X sysconfdir=@sysconfdir@ X-configfile=@myconffile@ X+configfile=/usr/local/etc/yulerc.sample X X pid_file=@mylockfile@ X pid_dir=@mylockdir@ END-of-samhain/files/fixyulerc.patch echo c - samhain-client mkdir -p samhain-client > /dev/null 2>&1 echo x - samhain-client/Makefile sed 's/^X//' >samhain-client/Makefile << 'END-of-samhain-client/Makefile' X# New ports collection makefile for: samhain-client X# Date created: 2005-10-31 X# Whom: David Thiel X# X# $FreeBSD$ X# X# X# This port recognizes the following non-boolean tunables: X# X# WITH_LOG_SERVER, WITH_ALT_LOG_SERVER. When "WITH_CLIENT" is defined, X# these specify what server the client will fetch configuration X# and database files from. This can also be defined at runtime. X# X XPKGNAMESUFFIX= -client X XCOMMENT= Client daemon for the Samhain IDS X XWITH_CLIENT= yes XNOPORTDOCS= yes X XMASTERDIR= ${.CURDIR}/../samhain X XCONFLICTS= samhain-2* X X.include "${MASTERDIR}/Makefile" END-of-samhain-client/Makefile echo c - samhain-server mkdir -p samhain-server > /dev/null 2>&1 echo x - samhain-server/Makefile sed 's/^X//' >samhain-server/Makefile << 'END-of-samhain-server/Makefile' X# New ports collection makefile for: samhain-server X# Date created: 2005-10-31 X# Whom: David Thiel X# X# $FreeBSD$ X# X X# This port recognizes the following non-boolean tunables: X# X# WITH_RUNAS_USER: X# Whe building with "WITH_SERVER" defined, the username of the X# account Yule will run as. Defaults to "yule". If using X# WITH_GPG, ensure that this user exists and has a pgp X# keypair before installing. X X XPKGNAMESUFFIX= -server X XCOMMENT= Log server for the Samhain IDS X XWITH_SERVER= yes X XMASTERDIR= ${.CURDIR}/../samhain X X.include "${MASTERDIR}/Makefile" END-of-samhain-server/Makefile exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051212200210.93019.qmail>