From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Feb 14 01:00:39 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E7B416A4CE for ; Mon, 14 Feb 2005 01:00:39 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C866C43D41 for ; Mon, 14 Feb 2005 01:00:38 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j1E10cbo093085 for ; Mon, 14 Feb 2005 01:00:38 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j1E10cZh093084; Mon, 14 Feb 2005 01:00:38 GMT (envelope-from gnats) Resent-Date: Mon, 14 Feb 2005 01:00:38 GMT Resent-Message-Id: <200502140100.j1E10cZh093084@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Schmehl Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11FE816A4CE for ; Mon, 14 Feb 2005 00:57:11 +0000 (GMT) Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 850DE43D45 for ; Mon, 14 Feb 2005 00:57:10 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from buttercup2 (buttercup2.utdallas.edu [10.110.3.83]) by smtp1.utdallas.edu (Postfix) with ESMTP id F334B388D50 for ; Sun, 13 Feb 2005 18:57:09 -0600 (CST) Received: by buttercup2 (Postfix, from userid 1000) id A1DFA3C812D; Sun, 13 Feb 2005 18:54:20 -0600 (CST) Message-Id: <20050214005420.A1DFA3C812D@buttercup2> Date: Sun, 13 Feb 2005 18:54:20 -0600 (CST) From: Paul Schmehl To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/77473: New port submission - security/sguil-sensor X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2005 01:00:39 -0000 >Number: 77473 >Category: ports >Synopsis: New port submission - security/sguil-sensor >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Feb 14 01:00:38 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 4.9-SECURITY i386 >Organization: University of Texas at Dallas >Environment: System: FreeBSD unknown.utdallas.edu 4.9-SECURITY FreeBSD 4.9-SECURITY #0: Mon Jun 7 18:02:41 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Sguil is a network security management system that provides log and IDS aggregation as well as in-depth packet inspection. Sguil-sensor is the sensor portion of the system and is designed to incorporate snort and other network analysis tools into an integrated framework. >How-To-Repeat: >Fix: --- sguil-sensor.port begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/ports/security/sguil-sensor # /usr/ports/security/sguil-sensor/Makefile # /usr/ports/security/sguil-sensor/pkg-descr # /usr/ports/security/sguil-sensor/distinfo # /usr/ports/security/sguil-sensor/pkg-message # /usr/ports/security/sguil-sensor/files # /usr/ports/security/sguil-sensor/files/sensoragent.sh # /usr/ports/security/sguil-sensor/pkg-install # /usr/ports/security/sguil-sensor/pkg-plist # echo c - /usr/ports/security/sguil-sensor mkdir -p /usr/ports/security/sguil-sensor > /dev/null 2>&1 echo x - /usr/ports/security/sguil-sensor/Makefile sed 's/^X//' >/usr/ports/security/sguil-sensor/Makefile << 'END-of-/usr/ports/security/sguil-sensor/Makefile' X# New ports collection makefile for: sguil-sensor X# Date created: 9 Feb 2005 X# Whom: Paul Schmehl X# X# $FreeBSD$ X# X XPORTNAME= sguil-sensor XPORTVERSION= 0.5.3 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}sguil/ X XMAINTAINER= pauls@utdallas.edu XCOMMENT= Squil is a network security management program X X#LIB_DEPENDS+= tcl84:${PORTSDIR}/lang/tcl84 XRUN_DEPENDS+= ${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort \ X ${LOCALBASE}/bin/barnyard:${PORTSDIR}/security/barnyard X XOPTIONS= MYSQL "Enable MySQL support" off \ X POSTGRESQL "Enable PostgreSQL support" off \ X SANCP "Enable SANCP support" off X XWITHOUT_X11= yes XNO_BUILD= yes XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION} XUSE_REINPLACE= yes XUSE_RC_SUBR= yes XRC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR} X XPORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \ X OPENSSL.README TODO USAGE sguildb.dia X XWITH_PCRE= true X XINSTALL_WRKSRC= ${WRKSRC}/ \ X ${WRKSRC}/docs \ X ${WRKSRC}/sensor \ X ${WRKSRC}/sensor/contrib \ X ${WRKSRC}/sensor/init \ X ${WRKSRC}/sensor/sancp \ X ${WRKSRC}/sensor/snort_mods \ X ${WRKSRC}/sensor/snort_mods/1_9 \ X ${WRKSRC}/sensor/snort_mods/2_0 \ X ${WRKSRC}/sensor/snort_mods/2_1 \ X X.include X X.if defined(WITHOUT_X11) XLIB_DEPENDS+= tclx83:${PORTSDIR}/lang/tclX XDEPENDS_ARGS+= WITHOUT_X11=yes X.endif X X.if defined(WITH_MYSQL) XUSE_MYSQL= yes X.endif X X.if defined(WITH_POSTGRESQL) XUSE_PGSQL= yes X.endif X X.if defined(WITH_SANCP) XRUN_DEPENDS+= ${LOCALBASE}/bin/sancp:${PORTSDIR}/security/sancp X.endif X Xdo-install: X @${MKDIR} ${PREFIX}/bin/sguil-sensor X Xpost-install: X ${SH} ${PKGINSTALL} X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl ${PREFIX}/bin/sguil-sensor/sensor_agent.tcl X ${INSTALL_SCRIPT} -m 751 ${FILESDIR}/sensoragent.sh ${PREFIX}/etc/rc.d/sensoragent.sh-sample X.for f in log_packets.sh X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample X [ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \ X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f} X.endfor X.for f in sensor_agent.conf X ${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample X [ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \ X ${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f} X.endfor X.if defined(WITH_SANCP) X.for f in sancp.conf X ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}-sample X ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f} X.endfor X.endif X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} X.endif X @${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE} X X.include END-of-/usr/ports/security/sguil-sensor/Makefile echo x - /usr/ports/security/sguil-sensor/pkg-descr sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-descr << 'END-of-/usr/ports/security/sguil-sensor/pkg-descr' XSguil is a network security management system. X XSguil (pronounced sgweel) is built by network Xsecurity analysts for network security analysts. XSguil's main component is an intuitive GUI that Xprovides realtime events from snort/barnyard. It Xalso includes other components which facilitate Xthe practice of Network Security Monitoring and Xevent driven analysis of IDS alerts. The sguil Xclient is written in tcl/tk and can be run on any Xoperating system that supports tcl/tk (including XLinux, *BSD, Solaris, MacOS, and Win32). X XWant to learn more about Network Security Monitoring X(NSM)? Then check out Richard Bejtlich's recently Xreleased book, The Tao of Network Security Monitoring: XBeyond Intrusion Detection. An excerpt reads: X X"Network security monitoring (NSM) equips security Xstaff to deal with the inevitable consequences of too Xfew resources and too many responsibilities. NSM collects Xthe data needed to generate better assessment, detection, Xand response processes--resulting in decreased impact from Xunauthorized activities." END-of-/usr/ports/security/sguil-sensor/pkg-descr echo x - /usr/ports/security/sguil-sensor/distinfo sed 's/^X//' >/usr/ports/security/sguil-sensor/distinfo << 'END-of-/usr/ports/security/sguil-sensor/distinfo' XMD5 (sguil-sensor-0.5.3.tar.gz) = 681fa7e99aa674c0e2be4788ef503d69 XSIZE (sguil-sensor-0.5.3.tar.gz) = 89816 END-of-/usr/ports/security/sguil-sensor/distinfo echo x - /usr/ports/security/sguil-sensor/pkg-message sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-message << 'END-of-/usr/ports/security/sguil-sensor/pkg-message' X *********************************** X * !!!!!!!!!!! WARNING !!!!!!!!!!! * X *********************************** X XYou MUST edit the log_packets.sh script (the script is located in X%%PREFIX%%/bin/sguil-sensor) to fit your configuration before running Xthe sguil-sensor. See the %%PREFIX%%/${DOCSDIR}/INSTALL doc for details on the Xconfiguration and for croning the script. X XYou must ALSO edit the sensor_agent.conf file (located in %%PREFIX%%/bin/sguil-sensor) Xto reflect your configuration before starting the agent. X XA startup script, named sensoragent.sh-sample was installed in X%%PREFIX%%/etc/rc.d/. Create a copy named sensoragent.sh in the Xsame directory and enable the script in /etc/rc.conf using Xthe usual rc.subr syntax. See rc.conf(5) or go to Xhttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html X XIf you chose to run sancp, and you already had a sancp.conf file in X%%PREFIX%%/etc, it is copied to sancp.conf-orig during the install. XThen the new sancp.conf-sample file contains the settings for squil. XIf you still want to maintain the customized sancp.conf file, then copy Xthe new sancp.conf-sample file to sguild-sancp.conf (for example) and edit Xthe %%PREFIX%%/etc/rc.d/sancp.sh to reflect the new conf file name. Then Xcopy the sancp.conf-orig file to sancp.conf to restore your original file. XNote that this will require two custom sancp.sh scripts, so proceed accordingly. END-of-/usr/ports/security/sguil-sensor/pkg-message echo c - /usr/ports/security/sguil-sensor/files mkdir -p /usr/ports/security/sguil-sensor/files > /dev/null 2>&1 echo x - /usr/ports/security/sguil-sensor/files/sensoragent.sh sed 's/^X//' >/usr/ports/security/sguil-sensor/files/sensoragent.sh << 'END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh' X#!/bin/sh X# X X# PROVIDE: sensoragent X# REQUIRE: DAEMON X# BEFORE: LOGIN X# KEYWORD: FreeBSD shutdown X X# Add the following lines to /etc/rc.conf to enable sensoragent: X# sensoragent_enable (bool): Set to YES to enable sensoragent X# Default: NO X# sensoragent_conf (str): Sguil-sensor configuration file X# Default: ${PREFIX}/etc/sensoragent.conf X# X X. /usr/local/etc/rc.subr X Xname="sensoragent" Xrcvar=`set_rcvar` X Xcommand="/usr/local/bin/sguil-sensor/sensor_agent.tcl" X Xload_rc_config $name X X[ -z "$sensoragent_enable" ] && sensoragent_enable="NO" X[ -z "$sensoragent_conf" ] && sensoragent_conf="/usr/local/bin/sguil-sensor/sensor_agent.conf" X X[ -n "$sensoragent_conf" ] && sensoragent_flags="$sensoragent_flags -c $sensoragent_conf" X Xrun_rc_command "$1" END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh echo x - /usr/ports/security/sguil-sensor/pkg-install sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-install << 'END-of-/usr/ports/security/sguil-sensor/pkg-install' X#!/bin/sh X XPATH=/bin:/usr/sbin X XUSER=sguil XGROUP=${USER} XPREFIX=/usr/local XHOMEDIR="${PREFIX}/bin/sguil-sensor" X Xif [ -f ${PREFIX}/etc/sancp.conf ]; then X cp ${PREFIX}/etc/sancp.conf ${PREFIX}/etc/sancp.conf-orig Xfi X Xif pw group show "${GROUP}" 2>/dev/null; then X echo "You already have a group \"${GROUP}\", so I will use it." Xelse X if pw groupadd ${GROUP}; then X echo "Added group \"${GROUP}\"." X else X echo "Adding group \"${GROUP}\" failed..." X exit 1 X fi Xfi X Xif pw user show "${USER}" 2>/dev/null; then X echo "You already have a user \"${USER}\", so I will use it." X if pw usermod ${USER} -d ${HOMEDIR} X then X echo "Changed home directory of \"${USER}\" to \"${HOMEDIR}\"" X else X echo "Changing home directory of \"${USER}\" to \"${HOMEDIR}\" failed..." X exit 1 X fi Xelse X if pw useradd ${USER} -g ${GROUP} -h - \ X -d ${HOMEDIR} -s /sbin/nologin -c "Sguil Sensor" X then X echo "Added user \"${USER}\"." X else X echo "Adding user \"${USER}\" failed..." X exit 1 X fi Xfi X Xchown -R ${USER}:${GROUP} ${HOMEDIR} Xchmod 750 ${HOMEDIR} END-of-/usr/ports/security/sguil-sensor/pkg-install echo x - /usr/ports/security/sguil-sensor/pkg-plist sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-plist << 'END-of-/usr/ports/security/sguil-sensor/pkg-plist' X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] && cmp -s %D/etc/rc.d/sensoragent.sh %D/etc/rc.d/sensoragent.sh-sample; then rm -f %D/etc/rc.d/sensoragent.sh; fi Xetc/rc.d/sensoragent.sh-sample X@unexec if [ -f %D/etc/sancp.conf ] && cmp -s %D/etc/sancp.conf %D/etc/sancp.conf-sample; then rm -f %D/etc/sancp.conf; fi Xetc/sancp.conf-sample X@unexec rm -fr %D/bin/sguil-sensor X@unexec rm -fr %%DOCSDIR%% X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "* WARNING!!!! WARNING!!!! WARNING!!!! *"; fi X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ]; then echo ""; echo "The %D/etc/rc.d/sensoragent.sh file was not removed!"; fi X@unexec if [ -f %D/etc/sancp.conf ]; then echo ""; echo "The %D/etc/sancp.conf file was not removed!"; fi END-of-/usr/ports/security/sguil-sensor/pkg-plist exit --- sguil-sensor.port ends here --- >Release-Note: >Audit-Trail: >Unformatted: