From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Oct 9 21:40:34 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D11B316A4EF for ; Mon, 9 Oct 2006 21:40:34 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B02FA43D6A for ; Mon, 9 Oct 2006 21:40:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k99LeHPj036479 for ; Mon, 9 Oct 2006 21:40:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k99LeHIu036478; Mon, 9 Oct 2006 21:40:17 GMT (envelope-from gnats) Resent-Date: Mon, 9 Oct 2006 21:40:17 GMT Resent-Message-Id: <200610092140.k99LeHIu036478@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Schmehl Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6728916A500 for ; Mon, 9 Oct 2006 21:33:00 +0000 (UTC) (envelope-from root+utd59514@utdallas.edu) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 050A143D45 for ; Mon, 9 Oct 2006 21:32:59 +0000 (GMT) (envelope-from root+utd59514@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) by smtp1.utdallas.edu (Postfix) with ESMTP id ADCA2388D9E for ; Mon, 9 Oct 2006 16:32:59 -0500 (CDT) Received: by utd59514.utdallas.edu (Postfix, from userid 0) id 8237926181D; Mon, 9 Oct 2006 16:29:47 -0500 (CDT) Message-Id: <20061009212947.8237926181D@utd59514.utdallas.edu> Date: Mon, 9 Oct 2006 16:29:47 -0500 (CDT) From: Paul Schmehl To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/104227: new port submission, security/sguil-server X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Oct 2006 21:40:34 -0000 >Number: 104227 >Category: ports >Synopsis: new port submission, security/sguil-server >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Oct 09 21:40:17 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 6.0-RELEASE-p6 i386 >Organization: The University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Sat Apr 1 21:39:10 CST 2006 root@hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: This is a new port submission. This port is the server portion that complements the security/sguil-sensor port that has already been committed. Both are part of a network security management system. >How-To-Repeat: >Fix: --- sguild.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # . # ./pkg-plist # ./files # ./files/patch-sguild # ./files/patch-sguild.access # ./files/patch-sguild.conf # ./files/sguild.sh.in # ./files/pkg-message.in # ./Makefile # ./pkg-descr # ./distinfo # echo c - . mkdir -p . > /dev/null 2>&1 echo x - ./pkg-plist sed 's/^X//' >./pkg-plist << 'END-of-./pkg-plist' Xbin/archive_sguildb.tcl Xbin/incident_report.tcl Xbin/sguild Xetc/%%SGUILDIR%%/autocat.conf-sample Xetc/%%SGUILDIR%%/sguild.access-sample Xetc/%%SGUILDIR%%/sguild.conf-sample Xetc/%%SGUILDIR%%/sguild.email-sample Xetc/%%SGUILDIR%%/sguild.queries-sample Xetc/%%SGUILDIR%%/sguild.reports-sample Xetc/%%SGUILDIR%%/sguild.users-sample Xlib/%%SGUILDIR%%/SguildAccess.tcl Xlib/%%SGUILDIR%%/SguildAutoCat.tcl Xlib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl Xlib/%%SGUILDIR%%/SguildConnect.tcl Xlib/%%SGUILDIR%%/SguildCreateDB.tcl Xlib/%%SGUILDIR%%/SguildEmailEvent.tcl Xlib/%%SGUILDIR%%/SguildEvent.tcl Xlib/%%SGUILDIR%%/SguildGenericDB.tcl Xlib/%%SGUILDIR%%/SguildHealthChecks.tcl Xlib/%%SGUILDIR%%/SguildLoaderd.tcl Xlib/%%SGUILDIR%%/SguildMysqlMerge.tcl Xlib/%%SGUILDIR%%/SguildQueryd.tcl Xlib/%%SGUILDIR%%/SguildReportBuilder.tcl Xlib/%%SGUILDIR%%/SguildSendComms.tcl Xlib/%%SGUILDIR%%/SguildSensorAgentComms.tcl Xlib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl Xlib/%%SGUILDIR%%/SguildTranscript.tcl Xlib/%%SGUILDIR%%/SguildUtils.tcl Xshare/%%SGUILDIR%%/create_ruledb.sql Xshare/%%SGUILDIR%%/create_sguildb.sql Xshare/%%SGUILDIR%%/migrate_event.tcl Xshare/%%SGUILDIR%%/migrate_sancp.tcl Xshare/%%SGUILDIR%%/update_sguildb_v5-v6.sql Xshare/%%SGUILDIR%%/update_sguildb_v6-v7.sql Xshare/%%SGUILDIR%%/update_sguildb_v7-v8.sql Xshare/%%SGUILDIR%%/update_sguildb_v8-v9.sql Xshare/%%SGUILDIR%%/update_sguildb_v9-v10.sql Xshare/%%SGUILDIR%%/update_sguildb_v10-v11.sql X@dirrm share/%%SGUILDIR%% X@unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguild.conf ] ; then rmdir %D/etc/%%SGUILDIR%%; fi X@dirrm lib/%%SGUILDIR%% END-of-./pkg-plist echo c - ./files mkdir -p ./files > /dev/null 2>&1 echo x - ./files/patch-sguild sed 's/^X//' >./files/patch-sguild << 'END-of-./files/patch-sguild' X--- sguild.orig Tue Mar 28 04:36:05 2006 X+++ sguild Tue Mar 28 04:37:10 2006 X@@ -229,7 +229,7 @@ X package require tls X # Check for certs X if {![info exists CERTS_PATH]} { X- set CERTS_PATH /etc/sguild/certs X+ set CERTS_PATH /usr/local/etc/sguil-server/certs X } X if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} { X puts "ERROR: $CERTS_PATH does not exist or is not a directory" X@@ -251,13 +251,13 @@ X X if { ![info exists CONF_FILE] } { X # No conf file specified check the defaults X- if { [file exists /etc/sguild/sguild.conf] } { X- set CONF_FILE /etc/sguild/sguild.conf X+ if { [file exists /usr/local/etc/sguil-server/sguild.conf] } { X+ set CONF_FILE /usr/local/etc/sguil-server/sguild.conf X } elseif { [file exists ./sguild.conf] } { X set CONF_FILE ./sguild.conf X } else { X puts "Couldn't determine where the sguil config file is" X- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf." X+ puts "Looked for ./sguild.conf and /usr/local/etc/sguil-server/sguild.conf." X DisplayUsage $argv0 X } X } X@@ -338,17 +338,17 @@ X # Check for a valid USERS file X if { ![info exists USERS_FILE] } { X # No users file was specified. Go with the defaults X- if { [file exists /etc/sguild/sguild.users] } { X- set USERS_FILE "/etc/sguild/sguild.users" X+ if { [file exists /usr/local/etc/sguil-server/sguild.users] } { X+ set USERS_FILE "/usr/local/etc/sguil-server/sguild.users" X } elseif { [file exists ./sguild.users] } { X set USERS_FILE "./sguild.users" X } else { X if { [info exists ADDUSER] && $ADDUSER } { X- CreateUsersFile "/etc/sguild/sguild.users" X+ CreateUsersFile "/usr/local/etc/sguil-server/sguild.users" X } else { X set DEBUG 2 X LogMessage "ERROR: Could not find a sguild.users file." X- LogMessage " Checked in ./ and /etc/sguild/" X+ LogMessage " Checked in ./ and /usr/local/etc/sguil-server/" X DisplayUsage $argv0 X } X } X@@ -376,8 +376,8 @@ X # Load accessfile X if { ![info exists ACCESS_FILE] } { X # Check the defaults X- if { [file exists /etc/sguild/sguild.access] } { X- set ACCESS_FILE "/etc/sguild/sguild.access" X+ if { [file exists /usr/local/etc/sguil-server/sguild.access] } { X+ set ACCESS_FILE "/usr/local/etc/sguil-server/sguild.access" X } elseif { [file exists ./sguild.access] } { X set ACCESS_FILE "./sguild.access" X } else { X@@ -391,8 +391,8 @@ X } X # Load auto cat config X if { ![info exists AUTOCAT_FILE] } { X- if { [file exists /etc/sguild/autocat.conf] } { X- set AUTOCAT_FILE "/etc/sguild/autocat.conf" X+ if { [file exists /usr/local/etc/sguil-server/autocat.conf] } { X+ set AUTOCAT_FILE "/usr/local/etc/sguil-server/autocat.conf" X } else { X set AUTOCAT_FILE "./autocat.conf" X } X@@ -402,8 +402,8 @@ X } X # Load email config file X if { ![info exists EMAIL_FILE] } { X- if { [file exists /etc/sguild/sguild.email] } { X- set EMAIL_FILE "/etc/sguild/sguild.email" X+ if { [file exists /usr/local/etc/sguil-server/sguild.email] } { X+ set EMAIL_FILE "/usr/local/etc/sguil-server/sguild.email" X } else { X set EMAIL_FILE "./sguild.email" X } X@@ -415,8 +415,8 @@ X } X # Load global queries. X if { ![info exists GLOBAL_QRY_FILE] } { X- if { [file exists /etc/sguild/sguild.queries] } { X- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries" X+ if { [file exists /usr/local/etc/sguil-server/sguild.queries] } { X+ set GLOBAL_QRY_FILE "/usr/local/etc/sguil-server/sguild.queries" X } else { X set GLOBAL_QRY_FILE "./sguild.queries" X } X@@ -428,8 +428,8 @@ X } X # Load report queries. X if { ![info exists REPORT_QRY_FILE] } { X- if { [file exists /etc/sguild/sguild.reports] } { X- set REPORT_QRY_FILE "/etc/sguild/sguild.reports" X+ if { [file exists /usr/local/etc/sguil-server/sguild.reports] } { X+ set REPORT_QRY_FILE "/usr/local/etc/sguil-server/sguild.reports" X } else { X set REPORT_QRY_FILE "./sguild.reports" X } END-of-./files/patch-sguild echo x - ./files/patch-sguild.access sed 's/^X//' >./files/patch-sguild.access << 'END-of-./files/patch-sguild.access' X--- sguild.access.orig Tue Mar 28 03:36:31 2006 X+++ sguild.access Tue Mar 28 03:37:44 2006 X@@ -4,7 +4,8 @@ X # This file is used by sguild for access control. It is read upon init # X # or when sguild receives a HUP signal. # X # # X-# By default, sguild will look first for /etc/sguild/sguild.access, # X+# By default, sguild will look first for # X+# /usrlocal//etc/sguild/sguild.access, # X # then ./sguild.access unless the -A /path/to/sguild.access switch # X # is used. # X # # END-of-./files/patch-sguild.access echo x - ./files/patch-sguild.conf sed 's/^X//' >./files/patch-sguild.conf << 'END-of-./files/patch-sguild.conf' X*** sguild.conf.orig Tue Mar 28 02:38:13 2006 X--- sguild.conf Tue Mar 28 02:39:47 2006 X*************** X*** 2,6 **** X X # Path the sguild libs X! set SGUILD_LIB_PATH ./lib X X # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty. X--- 2,6 ---- X X # Path the sguild libs X! set SGUILD_LIB_PATH /usr/local/lib/sguil-server/ X X # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty. X*************** X*** 61,65 **** X # You MUST have tcpflow installed to get xscripts X # http://www.circlemud.org/~jelson/software/tcpflow/ X! set TCPFLOW "/usr/bin/tcpflow" X X # p0f - (C) Michal Zalewski , William Stearns X--- 61,65 ---- X # You MUST have tcpflow installed to get xscripts X # http://www.circlemud.org/~jelson/software/tcpflow/ X! set TCPFLOW "/usr/local/bin/tcpflow" X X # p0f - (C) Michal Zalewski , William Stearns X*************** X*** 72,76 **** X # Path the the p0f binary. Switches -q and -s are appended on exec, X # add any others you may need here. X! set P0F_PATH "/usr/sbin/p0f" X X # Email config moved to sguild.email X--- 72,76 ---- X # Path the the p0f binary. Switches -q and -s are appended on exec, X # add any others you may need here. X! set P0F_PATH "/usr/local/bin/p0f" X X # Email config moved to sguild.email END-of-./files/patch-sguild.conf echo x - ./files/sguild.sh.in sed 's/^X//' >./files/sguild.sh.in << 'END-of-./files/sguild.sh.in' X#!/bin/sh X X# PROVIDE: sguild X# REQUIRE: DAEMON X# KEYWORD: FreeBSD shutdown X X# Add the following lines to /etc/rc.conf to enable sguild: X# sguild_enable (bool): Set to YES to enable sguild X# Default: NO X# sguild_flags (str): Extra flags passed to sguild X# Default: -D X# sguild_conf (str): Sguild configuration file X# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf X X. %%RC_SUBR%% X Xname="sguild" Xrcvar=`set_rcvar` X Xcommand="%%PREFIX%%/bin/${name}" Xprocname="%%TCLSH%%" Xcheck_process="${command} /bin/sh" Xstop_cmd="sguild_stop" X Xsguild_enable=${sguild_enable-NO} Xsguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf} Xsguild_flags=${sguild_flags--D} X[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf" X Xsguild_stop() { X if [ -z "${rc_pid}" ]; then X echo "${name} not running?" X else X echo "Stopping ${name}." X `/bin/kill -9 ${rc_pid}` X wait_for_pids "${rc_pid}" X if [ -f "/var/run/${name}.pid" ]; then X `rm -f /var/run/${name}.pid` X fi X fi X} X Xload_rc_config ${name} Xrun_rc_command "$1" END-of-./files/sguild.sh.in echo x - ./files/pkg-message.in sed 's/^X//' >./files/pkg-message.in << 'END-of-./files/pkg-message.in' X *********************************** X * !!!!!!!!!!! WARNING !!!!!!!!!!! * X *********************************** X XIf you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%% Xthey were not overwritten. If this is a first time install, you Xmust copy the sample files to the corresponding conf file and Xedit the various config files for your site. See the INSTALL Xdoc in %%DOCSDIR%% for details. X XThe sql scripts for creating database tables were placed in Xthe %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE XNOTE: LOG_DIR is not set by this install. You MUST create the Xcorrect LOG_DIRS and put a copy of the snort rules you use in XLOG_DIR/rules. X XThe sguild, archive_sguildb.tcl and incident_report.tcl scripts Xwere placed in %%PREFIX%%/bin/. The incident_report.tcl Xscript is from the contrib section. There is no documentation Xand the script's variables must be edited before it is used. X XA startup script, named sguild.sh was installed in X%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf Xper the instructions in the script. X XFor general questions, see the sguil faq: Xhttp://sguil.sourceforge.net/index.php?page=faq XFor detailed install instructions see Richard Bejtlich's Xexcellent guide at his blog: Xhttp://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html END-of-./files/pkg-message.in echo x - ./Makefile sed 's/^X//' >./Makefile << 'END-of-./Makefile' X# New ports collection makefile for: sguil-server X# Date created: 9 Oct 2006 X# Whom: Paul Schmehl X# X# $FreeBSD$ X# X XPORTNAME= sguil-server XPORTVERSION= 0.6.1 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE} XMASTER_SITE_SUBDIR= sguil X XMAINTAINER= pauls@utdallas.edu XCOMMENT= Squil is a network security management program X XRUN_DEPENDS= p0f:${PORTSDIR}/net-mgmt/p0f \ X tcpflow:${PORTSDIR}/net/tcpflow \ X dtplite:${PORTSDIR}/devel/tcllib \ X barnyard:${PORTSDIR}/security/barnyard-sguil6 \ X ${LOCALBASE}/lib/tcl8.4/mysqltcl:${PORTSDIR}/databases/mysqltcl \ X ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX XLIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls X XNO_BUILD= yes XUSE_RC_SUBR= sguild.sh XTCLSH_CMD?= ${PREFIX}/bin/tclsh8.4 XSGUILDIR?= sguil-server XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION} XPATCH_WRKSRC= ${WRKSRC}/server XPLIST_SUB= SGUILDIR=${SGUILDIR} XSUB_FILES= pkg-message XSUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD} XLIBRARIES= SguildAccess.tcl SguildEvent.tcl SguildReportBuilder.tcl \ X SguildAutoCat.tcl SguildGenericDB.tcl SguildSendComms.tcl \ X SguildClientCmdRcvd.tcl SguildHealthChecks.tcl SguildSensorAgentComms.tcl \ X SguildConnect.tcl SguildLoaderd.tcl SguildSensorCmdRcvd.tcl \ X SguildCreateDB.tcl SguildMysqlMerge.tcl SguildTranscript.tcl \ X SguildEmailEvent.tcl SguildQueryd.tcl SguildUtils.tcl XSCRIPTS= create_ruledb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \ X create_sguildb.sql update_sguildb_v5-v6.sql update_sguildb_v9-v10.sql \ X migrate_event.tcl update_sguildb_v6-v7.sql migrate_sancp.tcl update_sguildb_v7-v8.sql XCONFS= autocat.conf sguild.access sguild.conf sguild.email sguild.queries sguild.reports sguild.users X XPORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \ X OPENSSL.README TODO USAGE sguildb.dia X X.include X Xpost-patch: X.for f in archive_sguildb.tcl sguild contrib/incident_report.tcl X @${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f} X.endfor X Xdo-install: X @${MKDIR} ${PREFIX}/etc/${SGUILDIR} X @${MKDIR} ${PREFIX}/lib/${SGUILDIR} X @${MKDIR} ${PREFIX}/share/${SGUILDIR} X.for f in archive_sguildb.tcl sguild X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f} X.endfor X.for f in incident_report.tcl X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/contrib/${f} ${PREFIX}/bin/${f} X.endfor X.for f in ${CONFS} X ${INSTALL_DATA} ${WRKSRC}/server/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample X.endfor X.for f in ${LIBRARIES} X ${INSTALL_DATA} ${WRKSRC}/server/lib/${f} ${PREFIX}/lib/${SGUILDIR}/${f} X.endfor X.for f in ${SCRIPTS} X ${INSTALL_DATA} ${WRKSRC}/server/sql_scripts/${f} ${PREFIX}/share/${SGUILDIR}/${f} X.endfor Xpost-install: X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} X.endif X @${CAT} ${PKGMESSAGE} X X.include END-of-./Makefile echo x - ./pkg-descr sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr' XSguil is an open source tool to implement Network XSecurity Monitoring (NSM). NSM is the collection, Xanalysis, and escalation of indications and warnings Xto detect and respond to intrusions. NSM tools are Xused more for network audit and specialized Xapplications than traditional alert-centric "intrusion Xdetection" systems. X XWant to learn more about Network Security Monitoring X(NSM)? Then check out Richard Bejtlich's recently Xreleased book, The Tao of Network Security Monitoring: XBeyond Intrusion Detection. An excerpt reads: X X"Network security monitoring (NSM) equips security Xstaff to deal with the inevitable consequences of too Xfew resources and too many responsibilities. NSM collects Xthe data needed to generate better assessment, detection, Xand response processes--resulting in decreased impact from Xunauthorized activities." X XWWW: http://sguil.sourceforge.net/index.php Xpauls@utdallas.edu END-of-./pkg-descr echo x - ./distinfo sed 's/^X//' >./distinfo << 'END-of-./distinfo' XMD5 (sguil-server-0.6.1.tar.gz) = 27decbe3c6528bf2c86c74b35b8f7b3b XSHA256 (sguil-server-0.6.1.tar.gz) = 22aea8f76da0530ae7ee9a68efe1de7615bec47a7702c93f8fe338d57590ce57 XSIZE (sguil-server-0.6.1.tar.gz) = 92901 END-of-./distinfo exit --- sguild.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: