Date: Sun, 13 Feb 2005 18:54:20 -0600 (CST) From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/77473: New port submission - security/sguil-sensor Message-ID: <20050214005420.A1DFA3C812D@buttercup2> Resent-Message-ID: <200502140100.j1E10cZh093084@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77473
>Category: ports
>Synopsis: New port submission - security/sguil-sensor
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 14 01:00:38 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 4.9-SECURITY i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD unknown.utdallas.edu 4.9-SECURITY FreeBSD 4.9-SECURITY #0: Mon Jun 7 18:02:41 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Sguil is a network security management system that provides log and IDS aggregation
as well as in-depth packet inspection. Sguil-sensor is the sensor portion of the
system and is designed to incorporate snort and other network analysis tools into
an integrated framework.
>How-To-Repeat:
>Fix:
--- sguil-sensor.port begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /usr/ports/security/sguil-sensor
# /usr/ports/security/sguil-sensor/Makefile
# /usr/ports/security/sguil-sensor/pkg-descr
# /usr/ports/security/sguil-sensor/distinfo
# /usr/ports/security/sguil-sensor/pkg-message
# /usr/ports/security/sguil-sensor/files
# /usr/ports/security/sguil-sensor/files/sensoragent.sh
# /usr/ports/security/sguil-sensor/pkg-install
# /usr/ports/security/sguil-sensor/pkg-plist
#
echo c - /usr/ports/security/sguil-sensor
mkdir -p /usr/ports/security/sguil-sensor > /dev/null 2>&1
echo x - /usr/ports/security/sguil-sensor/Makefile
sed 's/^X//' >/usr/ports/security/sguil-sensor/Makefile << 'END-of-/usr/ports/security/sguil-sensor/Makefile'
X# New ports collection makefile for: sguil-sensor
X# Date created: 9 Feb 2005
X# Whom: Paul Schmehl <pauls@utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sguil-sensor
XPORTVERSION= 0.5.3
XCATEGORIES= security
XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}sguil/
X
XMAINTAINER= pauls@utdallas.edu
XCOMMENT= Squil is a network security management program
X
X#LIB_DEPENDS+= tcl84:${PORTSDIR}/lang/tcl84
XRUN_DEPENDS+= ${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort \
X ${LOCALBASE}/bin/barnyard:${PORTSDIR}/security/barnyard
X
XOPTIONS= MYSQL "Enable MySQL support" off \
X POSTGRESQL "Enable PostgreSQL support" off \
X SANCP "Enable SANCP support" off
X
XWITHOUT_X11= yes
XNO_BUILD= yes
XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
XUSE_REINPLACE= yes
XUSE_RC_SUBR= yes
XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
X
XPORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
X OPENSSL.README TODO USAGE sguildb.dia
X
XWITH_PCRE= true
X
XINSTALL_WRKSRC= ${WRKSRC}/ \
X ${WRKSRC}/docs \
X ${WRKSRC}/sensor \
X ${WRKSRC}/sensor/contrib \
X ${WRKSRC}/sensor/init \
X ${WRKSRC}/sensor/sancp \
X ${WRKSRC}/sensor/snort_mods \
X ${WRKSRC}/sensor/snort_mods/1_9 \
X ${WRKSRC}/sensor/snort_mods/2_0 \
X ${WRKSRC}/sensor/snort_mods/2_1 \
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITHOUT_X11)
XLIB_DEPENDS+= tclx83:${PORTSDIR}/lang/tclX
XDEPENDS_ARGS+= WITHOUT_X11=yes
X.endif
X
X.if defined(WITH_MYSQL)
XUSE_MYSQL= yes
X.endif
X
X.if defined(WITH_POSTGRESQL)
XUSE_PGSQL= yes
X.endif
X
X.if defined(WITH_SANCP)
XRUN_DEPENDS+= ${LOCALBASE}/bin/sancp:${PORTSDIR}/security/sancp
X.endif
X
Xdo-install:
X @${MKDIR} ${PREFIX}/bin/sguil-sensor
X
Xpost-install:
X ${SH} ${PKGINSTALL}
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl ${PREFIX}/bin/sguil-sensor/sensor_agent.tcl
X ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/sensoragent.sh ${PREFIX}/etc/rc.d/sensoragent.sh-sample
X.for f in log_packets.sh
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample
X [ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}
X.endfor
X.for f in sensor_agent.conf
X ${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample
X [ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \
X ${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}
X.endfor
X.if defined(WITH_SANCP)
X.for f in sancp.conf
X ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}-sample
X ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}
X.endfor
X.endif
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X @${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-/usr/ports/security/sguil-sensor/Makefile
echo x - /usr/ports/security/sguil-sensor/pkg-descr
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-descr << 'END-of-/usr/ports/security/sguil-sensor/pkg-descr'
XSguil is a network security management system.
X
XSguil (pronounced sgweel) is built by network
Xsecurity analysts for network security analysts.
XSguil's main component is an intuitive GUI that
Xprovides realtime events from snort/barnyard. It
Xalso includes other components which facilitate
Xthe practice of Network Security Monitoring and
Xevent driven analysis of IDS alerts. The sguil
Xclient is written in tcl/tk and can be run on any
Xoperating system that supports tcl/tk (including
XLinux, *BSD, Solaris, MacOS, and Win32).
X
XWant to learn more about Network Security Monitoring
X(NSM)? Then check out Richard Bejtlich's recently
Xreleased book, The Tao of Network Security Monitoring:
XBeyond Intrusion Detection. An excerpt reads:
X
X"Network security monitoring (NSM) equips security
Xstaff to deal with the inevitable consequences of too
Xfew resources and too many responsibilities. NSM collects
Xthe data needed to generate better assessment, detection,
Xand response processes--resulting in decreased impact from
Xunauthorized activities."
END-of-/usr/ports/security/sguil-sensor/pkg-descr
echo x - /usr/ports/security/sguil-sensor/distinfo
sed 's/^X//' >/usr/ports/security/sguil-sensor/distinfo << 'END-of-/usr/ports/security/sguil-sensor/distinfo'
XMD5 (sguil-sensor-0.5.3.tar.gz) = 681fa7e99aa674c0e2be4788ef503d69
XSIZE (sguil-sensor-0.5.3.tar.gz) = 89816
END-of-/usr/ports/security/sguil-sensor/distinfo
echo x - /usr/ports/security/sguil-sensor/pkg-message
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-message << 'END-of-/usr/ports/security/sguil-sensor/pkg-message'
X ***********************************
X * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X ***********************************
X
XYou MUST edit the log_packets.sh script (the script is located in
X%%PREFIX%%/bin/sguil-sensor) to fit your configuration before running
Xthe sguil-sensor. See the %%PREFIX%%/${DOCSDIR}/INSTALL doc for details on the
Xconfiguration and for croning the script.
X
XYou must ALSO edit the sensor_agent.conf file (located in %%PREFIX%%/bin/sguil-sensor)
Xto reflect your configuration before starting the agent.
X
XA startup script, named sensoragent.sh-sample was installed in
X%%PREFIX%%/etc/rc.d/. Create a copy named sensoragent.sh in the
Xsame directory and enable the script in /etc/rc.conf using
Xthe usual rc.subr syntax. See rc.conf(5) or go to
Xhttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
X
XIf you chose to run sancp, and you already had a sancp.conf file in
X%%PREFIX%%/etc, it is copied to sancp.conf-orig during the install.
XThen the new sancp.conf-sample file contains the settings for squil.
XIf you still want to maintain the customized sancp.conf file, then copy
Xthe new sancp.conf-sample file to sguild-sancp.conf (for example) and edit
Xthe %%PREFIX%%/etc/rc.d/sancp.sh to reflect the new conf file name. Then
Xcopy the sancp.conf-orig file to sancp.conf to restore your original file.
XNote that this will require two custom sancp.sh scripts, so proceed accordingly.
END-of-/usr/ports/security/sguil-sensor/pkg-message
echo c - /usr/ports/security/sguil-sensor/files
mkdir -p /usr/ports/security/sguil-sensor/files > /dev/null 2>&1
echo x - /usr/ports/security/sguil-sensor/files/sensoragent.sh
sed 's/^X//' >/usr/ports/security/sguil-sensor/files/sensoragent.sh << 'END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh'
X#!/bin/sh
X#
X
X# PROVIDE: sensoragent
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable sensoragent:
X# sensoragent_enable (bool): Set to YES to enable sensoragent
X# Default: NO
X# sensoragent_conf (str): Sguil-sensor configuration file
X# Default: ${PREFIX}/etc/sensoragent.conf
X#
X
X. /usr/local/etc/rc.subr
X
Xname="sensoragent"
Xrcvar=`set_rcvar`
X
Xcommand="/usr/local/bin/sguil-sensor/sensor_agent.tcl"
X
Xload_rc_config $name
X
X[ -z "$sensoragent_enable" ] && sensoragent_enable="NO"
X[ -z "$sensoragent_conf" ] && sensoragent_conf="/usr/local/bin/sguil-sensor/sensor_agent.conf"
X
X[ -n "$sensoragent_conf" ] && sensoragent_flags="$sensoragent_flags -c $sensoragent_conf"
X
Xrun_rc_command "$1"
END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh
echo x - /usr/ports/security/sguil-sensor/pkg-install
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-install << 'END-of-/usr/ports/security/sguil-sensor/pkg-install'
X#!/bin/sh
X
XPATH=/bin:/usr/sbin
X
XUSER=sguil
XGROUP=${USER}
XPREFIX=/usr/local
XHOMEDIR="${PREFIX}/bin/sguil-sensor"
X
Xif [ -f ${PREFIX}/etc/sancp.conf ]; then
X cp ${PREFIX}/etc/sancp.conf ${PREFIX}/etc/sancp.conf-orig
Xfi
X
Xif pw group show "${GROUP}" 2>/dev/null; then
X echo "You already have a group \"${GROUP}\", so I will use it."
Xelse
X if pw groupadd ${GROUP}; then
X echo "Added group \"${GROUP}\"."
X else
X echo "Adding group \"${GROUP}\" failed..."
X exit 1
X fi
Xfi
X
Xif pw user show "${USER}" 2>/dev/null; then
X echo "You already have a user \"${USER}\", so I will use it."
X if pw usermod ${USER} -d ${HOMEDIR}
X then
X echo "Changed home directory of \"${USER}\" to \"${HOMEDIR}\""
X else
X echo "Changing home directory of \"${USER}\" to \"${HOMEDIR}\" failed..."
X exit 1
X fi
Xelse
X if pw useradd ${USER} -g ${GROUP} -h - \
X -d ${HOMEDIR} -s /sbin/nologin -c "Sguil Sensor"
X then
X echo "Added user \"${USER}\"."
X else
X echo "Adding user \"${USER}\" failed..."
X exit 1
X fi
Xfi
X
Xchown -R ${USER}:${GROUP} ${HOMEDIR}
Xchmod 750 ${HOMEDIR}
END-of-/usr/ports/security/sguil-sensor/pkg-install
echo x - /usr/ports/security/sguil-sensor/pkg-plist
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-plist << 'END-of-/usr/ports/security/sguil-sensor/pkg-plist'
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] && cmp -s %D/etc/rc.d/sensoragent.sh %D/etc/rc.d/sensoragent.sh-sample; then rm -f %D/etc/rc.d/sensoragent.sh; fi
Xetc/rc.d/sensoragent.sh-sample
X@unexec if [ -f %D/etc/sancp.conf ] && cmp -s %D/etc/sancp.conf %D/etc/sancp.conf-sample; then rm -f %D/etc/sancp.conf; fi
Xetc/sancp.conf-sample
X@unexec rm -fr %D/bin/sguil-sensor
X@unexec rm -fr %%DOCSDIR%%
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "* WARNING!!!! WARNING!!!! WARNING!!!! *"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ]; then echo ""; echo "The %D/etc/rc.d/sensoragent.sh file was not removed!"; fi
X@unexec if [ -f %D/etc/sancp.conf ]; then echo ""; echo "The %D/etc/sancp.conf file was not removed!"; fi
END-of-/usr/ports/security/sguil-sensor/pkg-plist
exit
--- sguil-sensor.port ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050214005420.A1DFA3C812D>