Date: Tue, 10 Apr 2007 11:32:21 +0000 (UTC) From: "valerio.daelli@gmail.com" <root@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/111445: New port: security/ossec-hids-server security/ossec-hids-client security/ossec-hids-local - A tool to monitor logs and check intrusions Message-ID: <20070410113222.2612313C489@mx1.freebsd.org> Resent-Message-ID: <200704101140.l3ABe2aT051592@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 111445
>Category: ports
>Synopsis: New port: security/ossec-hids-server security/ossec-hids-client security/ossec-hids-local - A tool to monitor logs and check intrusions
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 10 11:40:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Valerio Daelli
>Release: FreeBSD 6.2-RELEASE-p3 amd64
>Organization:
IFOM
>Environment:
System: FreeBSD sodio.ifom-ieo-campus.it 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #5: Fri Mar 16 15:21:33 CET 2007 root@sodio.ifom-ieo-campus.it:/usr/obj/usr/src/sys/SODIO amd64
>Description:
ossec-hids is a security tool to monitor logs for events
and perform security scan on a system
>How-To-Repeat:
>Fix:
--- SHAR-OSSEC-HIDS-SERVER begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /root/ossec-hids-server/
# /root/ossec-hids-server/files
# /root/ossec-hids-server/files/patch-LOCATION
# /root/ossec-hids-server/files/patch-defs.h
# /root/ossec-hids-server/files/patch-InstallServer.sh
# /root/ossec-hids-server/files/ossec-hids
# /root/ossec-hids-server/pkg-descr
# /root/ossec-hids-server/distinfo
# /root/ossec-hids-server/Makefile
# /root/ossec-hids-server/pkg-plist.client
# /root/ossec-hids-server/pkg-plist
#
echo c - /root/ossec-hids-server/
mkdir -p /root/ossec-hids-server/ > /dev/null 2>&1
echo c - /root/ossec-hids-server/files
mkdir -p /root/ossec-hids-server/files > /dev/null 2>&1
echo x - /root/ossec-hids-server/files/patch-LOCATION
sed 's/^X//' >/root/ossec-hids-server/files/patch-LOCATION << 'END-of-/root/ossec-hids-server/files/patch-LOCATION'
Xdiff -ruN src/LOCATION.orig src/LOCATION
X--- src/LOCATION.orig Tue Oct 25 18:18:50 2005
X+++ src/LOCATION Mon Apr 2 10:51:37 2007
X@@ -1,2 +1,2 @@
X-DIR="/var/ossec"
X+DIR="PREFIX"
X CC=gcc
END-of-/root/ossec-hids-server/files/patch-LOCATION
echo x - /root/ossec-hids-server/files/patch-defs.h
sed 's/^X//' >/root/ossec-hids-server/files/patch-defs.h << 'END-of-/root/ossec-hids-server/files/patch-defs.h'
Xdiff -ruN src/headers/defs.h.orig src/headers/defs.h
X--- src/headers/defs.h.orig Thu Feb 22 01:44:26 2007
X+++ src/headers/defs.h Mon Apr 2 10:54:45 2007
X@@ -86,7 +86,7 @@
X #endif
X
X #ifndef DEFAULTDIR
X- #define DEFAULTDIR "/var/ossec"
X+ #define DEFAULTDIR "PREFIX"
X #endif
X
X
END-of-/root/ossec-hids-server/files/patch-defs.h
echo x - /root/ossec-hids-server/files/patch-InstallServer.sh
sed 's/^X//' >/root/ossec-hids-server/files/patch-InstallServer.sh << 'END-of-/root/ossec-hids-server/files/patch-InstallServer.sh'
Xdiff -ruN src/InstallServer.sh.orig src/InstallServer.sh
X--- src/InstallServer.sh.orig Sun Jan 7 23:38:16 2007
X+++ src/InstallServer.sh Thu Apr 5 15:58:08 2007
X@@ -255,12 +255,12 @@
X
X ls ../etc/ossec.mc > /dev/null 2>&1
X if [ $? = 0 ]; then
X- cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
X+ cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf.sample
X else
X- cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf
X+ cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf.sample
X fi
X-chown root:${GROUP} ${DIR}/etc/ossec.conf
X-chmod 440 ${DIR}/etc/ossec.conf
X+chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
X+chmod 440 ${DIR}/etc/ossec.conf.sample
X
X
X
END-of-/root/ossec-hids-server/files/patch-InstallServer.sh
echo x - /root/ossec-hids-server/files/ossec-hids
sed 's/^X//' >/root/ossec-hids-server/files/ossec-hids << 'END-of-/root/ossec-hids-server/files/ossec-hids'
X#!/bin/sh
X#
X# PROVIDE: ossechids
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X
X. /etc/rc.subr
X
Xname="ossechids"
Xrcvar=`set_rcvar`
X
Xload_rc_config $name
X
X: ${ossechids_enable="NO"}
X: ${ossechids_user="ossec"}
X: ${ossechids_group="ossec"}
X
Xstart_cmd=${name}_start
Xstop_cmd=${name}_stop
Xrestart_cmd=${name}_restart
Xstatus_cmd=${name}_status
X
Xcommand="PREFIX/ossec-hids/bin/ossec-control"
Xrequired_files="PREFIX/ossec-hids/etc/ossec.conf"
X
Xossechids_start() {
X $command start
X}
X
Xossechids_stop() {
X $command stop
X}
X
Xossechids_restart() {
X $command restart
X}
X
Xossechids_status() {
X $command status
X}
X
Xrun_rc_command "$1"
END-of-/root/ossec-hids-server/files/ossec-hids
echo x - /root/ossec-hids-server/pkg-descr
sed 's/^X//' >/root/ossec-hids-server/pkg-descr << 'END-of-/root/ossec-hids-server/pkg-descr'
XOssec-hids iss a security tool to monitor log files
Xand intrusions.
X
XWWW: http://www.ossec.net/
END-of-/root/ossec-hids-server/pkg-descr
echo x - /root/ossec-hids-server/distinfo
sed 's/^X//' >/root/ossec-hids-server/distinfo << 'END-of-/root/ossec-hids-server/distinfo'
XMD5 (ossec-hids-1.1.tar.gz) = d1c046f7cf4fd75c0f79985dc7f65411
XSHA256 (ossec-hids-1.1.tar.gz) = 030475d58689a6172ef44e6637fb32a1aa70d385e9b73becd2e31a1072d09d17
XSIZE (ossec-hids-1.1.tar.gz) = 502949
END-of-/root/ossec-hids-server/distinfo
echo x - /root/ossec-hids-server/Makefile
sed 's/^X//' >/root/ossec-hids-server/Makefile << 'END-of-/root/ossec-hids-server/Makefile'
X# New ports collection makefile for: ossec-hids-server
X# Date created: 23 July 2006
X# Whom: Valerio Daelli <valerio.daelli@gmail.com>
X#
X# $FreeBSD$
X#
X
XPORTNAME= ossec-hids
XPORTVERSION= 1.1
XCATEGORIES= security
XMASTER_SITES= http://www.ossec.net/files/
XPKGNAMESUFFIX?= -server
X
XMAINTAINER= valerio.daelli@gmail.com
XCOMMENT= A security tool to monitor and check logs and intrusions
X
X.include <bsd.port.pre.mk>
X
X.if defined(CLIENT_ONLY)
XPKGNAMESUFFIX= -client
XCONFLICTS= ossec-hids-server-* ossec-hids-local-*
X.elif defined(LOCAL_ONLY)
XPKGNAMESUFFIX= -local
XCONFLICTS= ossec-hids-client-* ossec-hids-server-*
X.else
XCONFLICTS= ossec-hids-client-* ossec-hids-local-*
X.endif
X
Xpre-patch:
X @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${FILESDIR}/patch-LOCATION
X @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${FILESDIR}/patch-defs.h
X @${REINPLACE_CMD} 's|PREFIX|${PREFIX}|' ${FILESDIR}/ossec-hids
X @${CP} ${FILESDIR}/patch-LOCATION ${WRKDIR}/patch-LOCATION
X @${CP} ${FILESDIR}/patch-defs.h ${WRKDIR}/patch-defs.h
X @${CP} ${FILESDIR}/ossec-hids ${WRKDIR}/ossec-hids
X @${MV} ${FILESDIR}/patch-LOCATION.bak ${FILESDIR}/patch-LOCATION
X @${MV} ${FILESDIR}/patch-defs.h.bak ${FILESDIR}/patch-defs.h
X @${MV} ${FILESDIR}/ossec-hids.bak ${FILESDIR}/ossec-hids
X
Xdo-patch:
X @cd ${WRKSRC};${PATCH} -p0 < ${WRKDIR}/patch-LOCATION
X @cd ${WRKSRC};${PATCH} -p0 < ${WRKDIR}/patch-defs.h
X @cd ${WRKSRC};${PATCH} -p0 < ${FILESDIR}/patch-InstallServer.sh
X
Xdo-configure:
X
Xdo-build:
X @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build
X
X.if defined(CLIENT_ONLY)
Xdo-install:
X @cd ${WRKSRC}/src; ${MAKE} agent
X.elif defined(LOCAL_ONLY)
Xdo-install:
X @cd ${WRKSRC}/src; ${MAKE} local
X.else
Xdo-install:
X @cd ${WRKSRC}/src; ${MAKE} server
X.endif
X
Xpost-install:
X @${CP} -p ${WRKDIR}/ossec-hids /usr/local/etc/rc.d/
X @if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \
X ${CP} -p ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample ${PREFIX}/${PORTNAME}/etc/ossec.conf ; \
X fi
X
X.if defined(CLIENT_ONLY)
XPLIST=${PKGDIR}/pkg-plist.client
X.endif
X
X.include <bsd.port.post.mk>
END-of-/root/ossec-hids-server/Makefile
echo x - /root/ossec-hids-server/pkg-plist.client
sed 's/^X//' >/root/ossec-hids-server/pkg-plist.client << 'END-of-/root/ossec-hids-server/pkg-plist.client'
Xossec-hids/active-response/bin/disable-account.sh
Xossec-hids/active-response/bin/firewall-drop.sh
Xossec-hids/active-response/bin/firewalls/ipfw.sh
Xossec-hids/active-response/bin/firewalls/ipfw_mac.sh
Xossec-hids/active-response/bin/firewalls/pf.sh
Xossec-hids/active-response/bin/host-deny.sh
Xossec-hids/active-response/bin/route-null.sh
Xossec-hids/bin/manage_agents
Xossec-hids/bin/ossec-agentd
Xossec-hids/bin/ossec-control
Xossec-hids/bin/ossec-execd
Xossec-hids/bin/ossec-logcollector
Xossec-hids/bin/ossec-syscheckd
Xossec-hids/etc/internal_options.conf
Xossec-hids/etc/localtime
Xossec-hids/logs/ossec.log
X@dirrm ossec-hids/var/run
X@dirrm ossec-hids/var
X@dirrm ossec-hids/queue/syscheck
X@dirrm ossec-hids/queue/rids
X@dirrm ossec-hids/queue/ossec
X@dirrm ossec-hids/queue/alerts
X@dirrm ossec-hids/queue
X@dirrm ossec-hids/logs
X@dirrm ossec-hids/bin
END-of-/root/ossec-hids-server/pkg-plist.client
echo x - /root/ossec-hids-server/pkg-plist
sed 's/^X//' >/root/ossec-hids-server/pkg-plist << 'END-of-/root/ossec-hids-server/pkg-plist'
Xossec-hids/active-response/bin/disable-account.sh
Xossec-hids/active-response/bin/firewall-drop.sh
Xossec-hids/active-response/bin/host-deny.sh
Xossec-hids/active-response/bin/route-null.sh
Xossec-hids/bin/clear_stats
Xossec-hids/bin/list_agents
Xossec-hids/bin/manage_agents
Xossec-hids/bin/ossec-agentd
Xossec-hids/bin/ossec-analysisd
Xossec-hids/bin/ossec-control
Xossec-hids/bin/ossec-execd
Xossec-hids/bin/ossec-logcollector
Xossec-hids/bin/ossec-maild
Xossec-hids/bin/ossec-monitord
Xossec-hids/bin/ossec-remoted
Xossec-hids/bin/ossec-syscheckd
Xossec-hids/bin/syscheck_update
Xossec-hids/etc/decoder.xml
Xossec-hids/etc/internal_options.conf
Xossec-hids/etc/localtime
Xossec-hids/etc/shared/rootkit_files.txt
Xossec-hids/etc/shared/rootkit_trojans.txt
X@unexec if cmp -s ossec-hids/etc/ossec.conf.sample ossec-hids/etc/ossec.conf; then rm -f ossec-hids/etc/ossec.conf; fi
Xossec-hids/etc/ossec.conf.sample
X@exec if [ ! -f ossec-hids/etc/ossec.conf ] ; then cp -p ossec-hids/etc/ossec.conf.sample ossec-hids/etc/orbit.conf; fi
Xossec-hids/logs/ossec.log
Xossec-hids/rules/apache_rules.xml
Xossec-hids/rules/arpwatch_rules.xml
Xossec-hids/rules/attack_rules.xml
Xossec-hids/rules/firewall_rules.xml
Xossec-hids/rules/ftpd_rules.xml
Xossec-hids/rules/hordeimp_rules.xml
Xossec-hids/rules/ids_rules.xml
Xossec-hids/rules/imapd_rules.xml
Xossec-hids/rules/local_rules.xml
Xossec-hids/rules/mailscanner_rules.xml
Xossec-hids/rules/ms-exchange_rules.xml
Xossec-hids/rules/ms_ftpd_rules.xml
Xossec-hids/rules/msauth_rules.xml
Xossec-hids/rules/named_rules.xml
Xossec-hids/rules/netscreenfw_rules.xml
Xossec-hids/rules/ossec_rules.xml
Xossec-hids/rules/pam_rules.xml
Xossec-hids/rules/pix_rules.xml
Xossec-hids/rules/policy_rules.xml
Xossec-hids/rules/postfix_rules.xml
Xossec-hids/rules/proftpd_rules.xml
Xossec-hids/rules/pure-ftpd_rules.xml
Xossec-hids/rules/racoon_rules.xml
Xossec-hids/rules/rules_config.xml
Xossec-hids/rules/sendmail_rules.xml
Xossec-hids/rules/smbd_rules.xml
Xossec-hids/rules/spamd_rules.xml
Xossec-hids/rules/squid_rules.xml
Xossec-hids/rules/sshd_rules.xml
Xossec-hids/rules/symantec-av_rules.xml
Xossec-hids/rules/syslog_rules.xml
Xossec-hids/rules/telnetd_rules.xml
Xossec-hids/rules/vpn_concentrator_rules.xml
Xossec-hids/rules/vpopmail_rules.xml
Xossec-hids/rules/vsftpd_rules.xml
Xossec-hids/rules/web_rules.xml
Xetc/rc.d/ossec-hids
X@dirrm ossec-hids/var/run
X@dirrm ossec-hids/var
X@dirrm ossec-hids/tmp
X@dirrm ossec-hids/stats
X@dirrm ossec-hids/rules
X@dirrm ossec-hids/queue/syscheck
X@dirrm ossec-hids/queue/rootcheck
X@dirrm ossec-hids/queue/rids
X@dirrm ossec-hids/queue/ossec
X@dirrm ossec-hids/queue/fts
X@dirrm ossec-hids/queue/alerts
X@dirrm ossec-hids/queue/agent-info
X@dirrm ossec-hids/queue
X@dirrm ossec-hids/logs/firewall
X@dirrm ossec-hids/logs/archives
X@dirrm ossec-hids/logs/alerts
X@dirrm ossec-hids/logs
X@dirrm ossec-hids/bin
END-of-/root/ossec-hids-server/pkg-plist
exit
--- SHAR-OSSEC-HIDS-SERVER ends here ---
--- SHAR-OSSEC-HIDS-LOCAL begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /root/ossec-hids-local/
# /root/ossec-hids-local/Makefile
#
echo c - /root/ossec-hids-local/
mkdir -p /root/ossec-hids-local/ > /dev/null 2>&1
echo x - /root/ossec-hids-local/Makefile
sed 's/^X//' >/root/ossec-hids-local/Makefile << 'END-of-/root/ossec-hids-local/Makefile'
X# New ports collection makefile for: ossec-hids-client
X# Date created: 23 July 2006
X# Whom: Valerio Daelli <valerio.daelli@gmail.com>
X#
X# $FreeBSD$
X#
X
XLOCAL_ONLY= yes
X
XMASTERDIR= ${.CURDIR}/../ossec-hids-server
X
X.include "${MASTERDIR}/Makefile"
END-of-/root/ossec-hids-local/Makefile
exit
--- SHAR-OSSEC-HIDS-LOCAL ends here ---
--- SHAR-OSSEC-HIDS-CLIENT begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# /root/ossec-hids-client/
# /root/ossec-hids-client/Makefile
#
echo c - /root/ossec-hids-client/
mkdir -p /root/ossec-hids-client/ > /dev/null 2>&1
echo x - /root/ossec-hids-client/Makefile
sed 's/^X//' >/root/ossec-hids-client/Makefile << 'END-of-/root/ossec-hids-client/Makefile'
X# New ports collection makefile for: ossec-hids-client
X# Date created: 23 July 2006
X# Whom: Valerio Daelli <valerio.daelli@gmail.com>
X#
X# $FreeBSD$
X#
X
XCLIENT_ONLY= yes
X
XMASTERDIR= ${.CURDIR}/../ossec-hids-server
X
X.include "${MASTERDIR}/Makefile"
END-of-/root/ossec-hids-client/Makefile
exit
--- SHAR-OSSEC-HIDS-CLIENT ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070410113222.2612313C489>