From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Jun 2 17:30:08 2007 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C083516A469 for ; Sat, 2 Jun 2007 17:30:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 9E7F313C510 for ; Sat, 2 Jun 2007 17:30:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l52HU8c0023922 for ; Sat, 2 Jun 2007 17:30:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l52HU8vt023920; Sat, 2 Jun 2007 17:30:08 GMT (envelope-from gnats) Resent-Date: Sat, 2 Jun 2007 17:30:08 GMT Resent-Message-Id: <200706021730.l52HU8vt023920@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Schmehl Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 296CE16A47B for ; Sat, 2 Jun 2007 17:21:40 +0000 (UTC) (envelope-from root+utd59514@utdallas.edu) Received: from smtp2.utdallas.edu (smtp2.utdallas.edu [129.110.10.33]) by mx1.freebsd.org (Postfix) with ESMTP id 0E49513C43E for ; Sat, 2 Jun 2007 17:21:40 +0000 (UTC) (envelope-from root+utd59514@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) by smtp2.utdallas.edu (Postfix) with ESMTP id 922EA5C133 for ; Sat, 2 Jun 2007 12:21:39 -0500 (CDT) Received: by utd59514.utdallas.edu (Postfix, from userid 0) id 8DEA126183A; Sat, 2 Jun 2007 12:21:39 -0500 (CDT) Message-Id: <20070602172139.8DEA126183A@utd59514.utdallas.edu> Date: Sat, 2 Jun 2007 12:21:39 -0500 (CDT) From: Paul Schmehl To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/113259: security/ossec-hids-server, multiple critical problems X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jun 2007 17:30:08 -0000 >Number: 113259 >Category: ports >Synopsis: security/ossec-hids-server, multiple critical problems >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Jun 02 17:30:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Paul Schmehl >Release: FreeBSD 6.0-SECURITY i386 >Organization: The University of Texas at Dallas >Environment: System: FreeBSD hostname.utdallas.edu 6.0-SECURITY FreeBSD 6.0-SECURITY #0: Wed Feb 14 12:22:36 UTC 2007 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: The startup script for this port doesn't work, the pkg-plist is incomplete and generates tons of errors if the daemons have been started once, and the Makefile incorrectly handles the slave ports. Patches attached to this PR correct the problems with the master port. A separate PR will be submitted to correct problems with one of the slave ports. I also added a pkg-message file to provide some basic information for the installer. The Makefile has been patched to properly handle the slave ports, remove unnecessary elements and provide the appropriate conf file based on which port is installed. PORTDOCS were also added to the Makefile, as well as the pkg-message. The pkg-plist has been edited to use @dirrmtry instead of @dirrm, because after the daemons have been started once, multiple new directories and files are created in the ossec-hids subdirectories, none of which the port can know about at installation time. Some file removals have been added to remove install files that were missed by the original submitter. It now correctly removes all files if the daemons have never been run and leaves the directory structure in place if they have been run, removing only those files that were installed originally. The startup script has been edited to correct the path to the command that starts all the original daemons and to correct the path to the ossec.conf file. Since the path to that file is hardcoded during the build, the conf file cannot be placed in the standard location of ${PREFIX}/etc. PLEASE NOTE: the pkg-plist.client included in this port should be removed. A separate PR for the client slave port will be provided with a pkg-plist.client file called by its Makefile. >How-To-Repeat: >Fix: Without these patches none of the ports work at all --- patch-Makefile begins here --- --- Makefile.orig Fri Jun 1 19:12:51 2007 +++ Makefile Sat Jun 2 02:03:08 2007 @@ -18,6 +18,11 @@ USE_RC_SUBR= ossec-hids +SUB_LIST= PORTNAME=${PORTNAME} +SUB_FILES= pkg-message +PLIST_SUB= PORTNAME=${PORTNAME} +PORTDOCS= BUGS CONFIG CONTRIB INSTALL LICENSE README + .include .if defined(CLIENT_ONLY) @@ -34,8 +39,6 @@ @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/LOCATION @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h -do-configure: - do-build: @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build @@ -51,12 +54,27 @@ .endif post-install: +.if defined(CLIENT_ONLY) + ${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample + @if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \ + ${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \ + fi +.elif defined(LOCAL_ONLY) + ${CP} ${WRKSRC}/etc/ossec-local.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample @if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \ - ${CP} ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample ${PREFIX}/${PORTNAME}/etc/ossec.conf ; \ + ${CP} ${WRKSRC}/etc/ossec-local.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \ fi +.else + @if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \ + ${CP} ${WRKSRC}/etc/ossec-server.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \ + fi +.endif -.if defined(CLIENT_ONLY) -PLIST=${PKGDIR}/pkg-plist.client +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} .endif + + @${CAT} ${PKGMESSAGE} .include --- patch-Makefile ends here --- --- patch-pkg-plist begins here --- --- pkg-plist.orig Fri Jun 1 20:06:29 2007 +++ pkg-plist Sat Jun 2 00:45:22 2007 @@ -1,85 +1,85 @@ -ossec-hids/active-response/bin/disable-account.sh -ossec-hids/active-response/bin/firewall-drop.sh -ossec-hids/active-response/bin/host-deny.sh -ossec-hids/active-response/bin/route-null.sh -ossec-hids/bin/clear_stats -ossec-hids/bin/list_agents -ossec-hids/bin/manage_agents -ossec-hids/bin/ossec-agentd -ossec-hids/bin/ossec-analysisd -ossec-hids/bin/ossec-control -ossec-hids/bin/ossec-execd -ossec-hids/bin/ossec-logcollector -ossec-hids/bin/ossec-maild -ossec-hids/bin/ossec-monitord -ossec-hids/bin/ossec-remoted -ossec-hids/bin/ossec-syscheckd -ossec-hids/bin/syscheck_update -ossec-hids/etc/decoder.xml -ossec-hids/etc/internal_options.conf -@unexec if cmp -s %D/ossec-hids/etc/ossec.conf.sample %D/ossec-hids/etc/ossec.conf; then rm -f %D/ossec-hids/etc/ossec.conf; fi -ossec-hids/etc/ossec.conf.sample -@exec if [ ! -f %D/ossec-hids/etc/ossec.conf ] ; then cp -p %D/ossec-hids/etc/ossec.conf.sample %D/ossec-hids/etc/orbit.conf; fi -ossec-hids/etc/shared/rootkit_files.txt -ossec-hids/etc/shared/rootkit_trojans.txt -ossec-hids/logs/ossec.log -ossec-hids/rules/apache_rules.xml -ossec-hids/rules/arpwatch_rules.xml -ossec-hids/rules/attack_rules.xml -ossec-hids/rules/firewall_rules.xml -ossec-hids/rules/ftpd_rules.xml -ossec-hids/rules/hordeimp_rules.xml -ossec-hids/rules/ids_rules.xml -ossec-hids/rules/imapd_rules.xml -ossec-hids/rules/local_rules.xml -ossec-hids/rules/mailscanner_rules.xml -ossec-hids/rules/ms-exchange_rules.xml -ossec-hids/rules/ms_ftpd_rules.xml -ossec-hids/rules/msauth_rules.xml -ossec-hids/rules/named_rules.xml -ossec-hids/rules/netscreenfw_rules.xml -ossec-hids/rules/ossec_rules.xml -ossec-hids/rules/pam_rules.xml -ossec-hids/rules/pix_rules.xml -ossec-hids/rules/policy_rules.xml -ossec-hids/rules/postfix_rules.xml -ossec-hids/rules/proftpd_rules.xml -ossec-hids/rules/pure-ftpd_rules.xml -ossec-hids/rules/racoon_rules.xml -ossec-hids/rules/rules_config.xml -ossec-hids/rules/sendmail_rules.xml -ossec-hids/rules/smbd_rules.xml -ossec-hids/rules/spamd_rules.xml -ossec-hids/rules/squid_rules.xml -ossec-hids/rules/sshd_rules.xml -ossec-hids/rules/symantec-av_rules.xml -ossec-hids/rules/syslog_rules.xml -ossec-hids/rules/telnetd_rules.xml -ossec-hids/rules/vpn_concentrator_rules.xml -ossec-hids/rules/vpopmail_rules.xml -ossec-hids/rules/vsftpd_rules.xml -ossec-hids/rules/web_rules.xml -ossec-hids/rules/zeus_rules.xml -@dirrm ossec-hids/var/run -@dirrm ossec-hids/var -@dirrm ossec-hids/tmp -@dirrm ossec-hids/stats -@dirrm ossec-hids/rules -@dirrm ossec-hids/queue/syscheck -@dirrm ossec-hids/queue/rootcheck -@dirrm ossec-hids/queue/rids -@dirrm ossec-hids/queue/ossec -@dirrm ossec-hids/queue/fts -@dirrm ossec-hids/queue/alerts -@dirrm ossec-hids/queue/agent-info -@dirrm ossec-hids/queue -@dirrm ossec-hids/logs/firewall -@dirrm ossec-hids/logs/archives -@dirrm ossec-hids/logs/alerts -@dirrm ossec-hids/logs -@dirrm ossec-hids/etc/shared -@dirrm ossec-hids/etc -@dirrm ossec-hids/bin -@dirrm ossec-hids/active-response/bin -@dirrm ossec-hids/active-response -@dirrm ossec-hids +%%PORTNAME%%/active-response/bin/disable-account.sh +%%PORTNAME%%/active-response/bin/firewall-drop.sh +%%PORTNAME%%/active-response/bin/host-deny.sh +%%PORTNAME%%/active-response/bin/route-null.sh +%%PORTNAME%%/bin/clear_stats +%%PORTNAME%%/bin/list_agents +%%PORTNAME%%/bin/manage_agents +%%PORTNAME%%/bin/ossec-agentd +%%PORTNAME%%/bin/ossec-analysisd +%%PORTNAME%%/bin/ossec-control +%%PORTNAME%%/bin/ossec-execd +%%PORTNAME%%/bin/ossec-logcollector +%%PORTNAME%%/bin/ossec-maild +%%PORTNAME%%/bin/ossec-monitord +%%PORTNAME%%/bin/ossec-remoted +%%PORTNAME%%/bin/ossec-syscheckd +%%PORTNAME%%/bin/syscheck_update +%%PORTNAME%%/etc/decoder.xml +%%PORTNAME%%/etc/internal_options.conf +@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi +%%PORTNAME%%/etc/ossec.conf.sample +%%PORTNAME%%/etc/localtime +%%PORTNAME%%/etc/shared/rootkit_files.txt +%%PORTNAME%%/etc/shared/rootkit_trojans.txt +%%PORTNAME%%/logs/ossec.log +%%PORTNAME%%/rules/apache_rules.xml +%%PORTNAME%%/rules/arpwatch_rules.xml +%%PORTNAME%%/rules/attack_rules.xml +%%PORTNAME%%/rules/firewall_rules.xml +%%PORTNAME%%/rules/ftpd_rules.xml +%%PORTNAME%%/rules/hordeimp_rules.xml +%%PORTNAME%%/rules/ids_rules.xml +%%PORTNAME%%/rules/imapd_rules.xml +%%PORTNAME%%/rules/local_rules.xml +%%PORTNAME%%/rules/mailscanner_rules.xml +%%PORTNAME%%/rules/ms-exchange_rules.xml +%%PORTNAME%%/rules/ms_ftpd_rules.xml +%%PORTNAME%%/rules/msauth_rules.xml +%%PORTNAME%%/rules/named_rules.xml +%%PORTNAME%%/rules/netscreenfw_rules.xml +%%PORTNAME%%/rules/ossec_rules.xml +%%PORTNAME%%/rules/pam_rules.xml +%%PORTNAME%%/rules/pix_rules.xml +%%PORTNAME%%/rules/policy_rules.xml +%%PORTNAME%%/rules/postfix_rules.xml +%%PORTNAME%%/rules/proftpd_rules.xml +%%PORTNAME%%/rules/pure-ftpd_rules.xml +%%PORTNAME%%/rules/racoon_rules.xml +%%PORTNAME%%/rules/rules_config.xml +%%PORTNAME%%/rules/sendmail_rules.xml +%%PORTNAME%%/rules/smbd_rules.xml +%%PORTNAME%%/rules/spamd_rules.xml +%%PORTNAME%%/rules/squid_rules.xml +%%PORTNAME%%/rules/sshd_rules.xml +%%PORTNAME%%/rules/symantec-av_rules.xml +%%PORTNAME%%/rules/syslog_rules.xml +%%PORTNAME%%/rules/telnetd_rules.xml +%%PORTNAME%%/rules/vpn_concentrator_rules.xml +%%PORTNAME%%/rules/vpopmail_rules.xml +%%PORTNAME%%/rules/vsftpd_rules.xml +%%PORTNAME%%/rules/web_rules.xml +%%PORTNAME%%/rules/zeus_rules.xml +@dirrmtry %%PORTNAME%%/var/run +@dirrmtry %%PORTNAME%%/var +@dirrmtry %%PORTNAME%%/tmp +@dirrmtry %%PORTNAME%%/stats +@dirrmtry %%PORTNAME%%/rules +@dirrmtry %%PORTNAME%%/queue/syscheck +@dirrmtry %%PORTNAME%%/queue/rootcheck +@dirrmtry %%PORTNAME%%/queue/rids +@dirrmtry %%PORTNAME%%/queue/ossec +@dirrmtry %%PORTNAME%%/queue/fts +@dirrmtry %%PORTNAME%%/queue/alerts +@dirrmtry %%PORTNAME%%/queue/agent-info +@dirrmtry %%PORTNAME%%/queue +@dirrmtry %%PORTNAME%%/logs/firewall +@dirrmtry %%PORTNAME%%/logs/archives +@dirrmtry %%PORTNAME%%/logs/alerts +@dirrmtry %%PORTNAME%%/logs +@dirrmtry %%PORTNAME%%/etc/shared +@dirrmtry %%PORTNAME%%/etc +@dirrmtry %%PORTNAME%%/bin +@dirrmtry %%PORTNAME%%/active-response/bin +@dirrmtry %%PORTNAME%%/active-response +@dirrmtry %%PORTNAME%% --- patch-pkg-plist ends here --- --- patch-files-ossec-hids.in begins here --- --- files/ossec-hids.in.orig Fri Jun 1 22:32:31 2007 +++ files/ossec-hids.in Sat Jun 2 00:12:21 2007 @@ -20,8 +20,8 @@ restart_cmd=${name}_restart status_cmd=${name}_status -command="%%PREFIX%%/bin/ossec-control" -required_files="%%PREFIX%%/etc/ossec.conf" +command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control" +required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf" ossechids_start() { $command start --- patch-files-ossec-hids.in ends here --- --- pkg-message.in begins here --- After installation, you need to edit the ossec.conf file to reflect the correct settings for your environment. All the files related to %%PORTNAME%% have been installed in %%PREFIX%%/%%PORTNAME%% and its subdirectories. For information on proper configuration, see http://www.ossec.net/. To enable the startup script, add ossec-hids_enable="YES" to /etc/rc.conf. When you deinstall this port after starting the daemons once, many directories that are created by the daemons will remain. To fully remove the port you need to delete those directories manually. --- pkg-message.in ends here --- >Release-Note: >Audit-Trail: >Unformatted: