Date: 3 Jun 2003 18:33:37 -0000 From: David Thiel <lx@redundancy.redundancy.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/52912: Update of Samhain to 1.7.8 Message-ID: <20030603183337.18159.qmail@redundancy.redundancy.org> Resent-Message-ID: <200306031840.h53Ie5Oh051499@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52912 >Category: ports >Synopsis: Update of Samhain to 1.7.8 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Jun 03 11:40:05 PDT 2003 >Closed-Date: >Last-Modified: >Originator: David Thiel >Release: FreeBSD 4.8-STABLE i386 >Organization: >Environment: System: FreeBSD redundancy.redundancy.org 4.8-STABLE FreeBSD 4.8-STABLE #10: Fri May 2 14:59:53 PDT 2003 lx@redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386 >Description: Update to version 1.7.8 Fix build when MySQL logging is enabled Add LOG_SERVER and ALT_LOG_SERVER tunables Require LOG_SERVER be defined for clients Have clients request config and signatures from server by default Change TRUSTED_USER to a more accurate name (RUNAS_USER) Fix sample config file install/deinstall Add documentation on tunables >How-To-Repeat: >Fix: Committer, could you please remove patch-ab from cvs? diff -ruN samhain.bak/Makefile samhain/Makefile --- samhain.bak/Makefile Sun Apr 27 17:42:09 2003 +++ samhain/Makefile Mon Jun 2 16:43:46 2003 @@ -4,12 +4,41 @@ # # $FreeBSD: ports/security/samhain/Makefile,v 1.2 2003/04/28 00:42:31 naddy Exp $ # +# +# This port recognizes the following tunables: +# +# RUNAS_USER: +# The username of the account Samhain/Yule will run as. +# Usually just "samhain" or "yule". +# +# WITH_GPG: +# Instructs the port to sign configuration files using the +# GNU Privacy Guard. +# +# WITH_KCHECK: +# Enable support for rogue kernel module detection. +# +# WITH_MYSQL: +# Enable support for logging to a MySQL database. Due to there +# being multiple current versions of MySQL, dependency for this +# is NOT checked. +# +# WITH_POSTGRESQL: +# Enable support for logging to a Postgres database. Untested. +# +# SERVER: +# Builds as Yule, Samhain's central logging server. Mutually exclusive +# with CLIENT. +# +# CLIENT: +# Builds as a client to Yule. Fetches configuration files +# and signature database from LOG_SERVER, and optionally, ALT_LOG_SERVER. +# PORTNAME= samhain -PORTVERSION= 1.7.5 +PORTVERSION= 1.7.8 CATEGORIES= security -MASTER_SITES= http://la-samhna.de/samhain/ \ - http://samhain.securecirt.org/ +MASTER_SITES= http://samhain.securecirt.org/ DISTFILES= samhain_signed-${PORTVERSION}.tar.gz MAINTAINER= lx@redundancy.redundancy.org @@ -20,10 +49,11 @@ .endif GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var --mandir=${PREFIX}/man +CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \ + --mandir=${PREFIX}/man --enable-suidcheck -.if defined(TRUSTED_USER) -CONFIGURE_ARGS+= --enable-identity=${TRUSTED_USER} +.if defined(RUNAS_USER) +CONFIGURE_ARGS+= --enable-identity=${RUNAS_USER} .endif .if defined(WITH_KCHECK) CONFIGURE_ARGS+= --with-kcheck @@ -32,33 +62,68 @@ CONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg .endif .if defined(WITH_MYSQL) -CONFIGURE_ARGS+= --with-database=mysql +CONFIGURE_ARGS+= --with-database=mysql \ + --with-cflags=-I${LOCALBASE}/include/mysql \ + --with-libs=-L${LOCALBASE}/lib/mysql --enable-xml-log .endif .if defined(WITH_POSTGRES) -CONFIGURE_ARGS+= --with-database=postgresql +CONFIGURE_ARGS+= --with-database=postgresql --enable-xml-log .endif .if defined(CLIENT) -CONFIGURE_ARGS+= --enable-network=client +CONFIGURE_ARGS+= --enable-network=client \ + --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ + --with-config-file=REQ_FROM_SERVER --with-logserver=${LOG_SERVER} PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .elif defined(SERVER) CONFIGURE_ARGS+= --enable-network=server PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch MAN5= yulerc.5 MAN8= yule.8 .else PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .endif +.if defined(ALT_LOG_SERVER) +CONFIGURE_ARGS+= --with-altlogserver=${ALT_LOG_SERVER} +.endif pre-everything:: .if !defined(CLIENT) && !defined(SERVER) + @${ECHO_MSG} @${ECHO_MSG} "Building in standalone mode." @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" @${ECHO_MSG} "now and make with SERVER=yes or CLIENT=yes." + @${ECHO_MSG} +.endif + +.if defined(CLIENT) && defined(SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Can't build client and server at once!" + @${ECHO_MSG} +.error "Can't build client and server at once!" +.endif + +.if defined(CLIENT) && !defined(LOG_SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Please define LOG_SERVER (and ALT_LOG_SERVER, if " + @${ECHO_MSG} "applicable), the machine(s) this client will log to." + @${ECHO_MSG} +.error "Please define LOG_SERVER." +.endif + +.if defined(WITH_KCHECK) + @${ECHO_MSG} + @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem." + @${ECHO_MSG} "If you're not building as root, please hit Control-C and" + @${ECHO_MSG} "restart the build as root." + @${ECHO_MSG} .endif post-extract: diff -ruN samhain.bak/distinfo samhain/distinfo --- samhain.bak/distinfo Sun Apr 27 17:42:09 2003 +++ samhain/distinfo Mon Jun 2 13:54:10 2003 @@ -1 +1 @@ -MD5 (samhain_signed-1.7.5.tar.gz) = ab1102d1eca6f4e37453d5893a49a8ee +MD5 (samhain_signed-1.7.8.tar.gz) = 3c6513e49fa30e86d57797dcffce6b3f diff -ruN samhain.bak/files/fixsamhainrc.patch samhain/files/fixsamhainrc.patch --- samhain.bak/files/fixsamhainrc.patch Wed Dec 31 16:00:00 1969 +++ samhain/files/fixsamhainrc.patch Mon Jun 2 16:04:42 2003 @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/samhainrc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ diff -ruN samhain.bak/files/fixyulerc.patch samhain/files/fixyulerc.patch --- samhain.bak/files/fixyulerc.patch Wed Dec 31 16:00:00 1969 +++ samhain/files/fixyulerc.patch Mon Jun 2 16:19:19 2003 @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/yulerc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ diff -ruN samhain.bak/files/patch-aa samhain/files/patch-aa --- samhain.bak/files/patch-aa Sun Apr 13 06:16:52 2003 +++ samhain/files/patch-aa Mon Jun 2 15:23:18 2003 @@ -19,7 +19,7 @@ echo " The server will run as user @myident@ if started with";\ echo " root privileges, otherwise as the user of the parent ";\ - echo " process (use --enable-identity=USER to change).";\ -+ echo " process (use TRUSTED_USER=USER to change).";\ ++ echo " process (use RUNAS_USER=USER to change).";\ echo;\ echo " You may want to use: make install-user";\ echo;\ diff -ruN samhain.bak/files/patch-ab samhain/files/patch-ab --- samhain.bak/files/patch-ab Sun Apr 13 06:16:52 2003 +++ samhain/files/patch-ab Wed Dec 31 16:00:00 1969 @@ -1,11 +0,0 @@ ---- samhain-install.sh.in Wed Jan 15 16:51:57 2003 -+++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 -@@ -13,7 +13,7 @@ - mandir=@mandir@ - - sysconfdir=@sysconfdir@ --configfile=@myconffile@ -+configfile=/usr/local/etc/samhainrc.sample - - pid_file=@mylockfile@ - pid_dir=@mylockdir@ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030603183337.18159.qmail>