Date: Tue, 22 Jun 2010 08:10:36 GMT From: Marco Re <laza_bsd@laza.it> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/148057: [patch] upgrade of security/ossec-hids-server and security/ossec-hids-client to last release (2.4.1) Message-ID: <201006220810.o5M8AaIo089404@www.freebsd.org> Resent-Message-ID: <201006220820.o5M8K2gb025405@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 148057 >Category: ports >Synopsis: [patch] upgrade of security/ossec-hids-server and security/ossec-hids-client to last release (2.4.1) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jun 22 08:20:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Marco Re >Release: FreeBSD 8.0-RELEASE amd64 >Organization: >Environment: FreeBSD contactlab.lan 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: there is a new release on the official web site >How-To-Repeat: >Fix: apply the following patches. Patch attached with submission follows: diff -ruN ossec-hids-client.bak/pkg-plist.client ossec-hids-client/pkg-plist.client --- ossec-hids-client.bak/pkg-plist.client 2009-03-24 01:37:24.000000000 +0100 +++ ossec-hids-client/pkg-plist.client 2010-06-21 13:44:46.000000000 +0200 @@ -3,7 +3,9 @@ %%PORTNAME%%/active-response/bin/host-deny.sh %%PORTNAME%%/active-response/bin/ipfw.sh %%PORTNAME%%/active-response/bin/ipfw_mac.sh +%%PORTNAME%%/active-response/bin/ossec-tweeter.sh %%PORTNAME%%/active-response/bin/pf.sh +%%PORTNAME%%/active-response/bin/restart-ossec.sh %%PORTNAME%%/active-response/bin/route-null.sh %%PORTNAME%%/bin/manage_agents %%PORTNAME%%/bin/ossec-agentd @@ -11,7 +13,6 @@ %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector %%PORTNAME%%/bin/ossec-syscheckd -%%PORTNAME%%/etc/internal_options.conf %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt @@ -23,9 +24,13 @@ %%PORTNAME%%/etc/shared/win_applications_rcl.txt @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi %%PORTNAME%%/etc/ossec.conf.sample +%%PORTNAME%%/etc/localtime +%%PORTNAME%%/etc/internal_options.conf %%PORTNAME%%/logs/ossec.log %%PORTNAME%%/agentless/main.exp %%PORTNAME%%/agentless/sshlogin.exp +%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff +%%PORTNAME%%/agentless/ssh_foundry_diff %%PORTNAME%%/agentless/ssh_pixconfig_diff %%PORTNAME%%/agentless/ssh_nopass.exp %%PORTNAME%%/agentless/ssh_integrity_check_linux @@ -35,7 +40,6 @@ %%PORTNAME%%/agentless/register_host.sh %%PORTNAME%%/agentless/su.exp @dirrmtry %%PORTNAME%%/agentless -@dirrmtry %%PORTNAME%%/active-response/bin/firewalls @dirrmtry %%PORTNAME%%/active-response/bin @dirrmtry %%PORTNAME%%/active-response @dirrmtry %%PORTNAME%%/etc/shared diff -ruN ossec-hids-server.bak/Makefile ossec-hids-server/Makefile --- ossec-hids-server.bak/Makefile 2009-03-24 01:37:24.000000000 +0100 +++ ossec-hids-server/Makefile 2010-06-16 13:39:29.000000000 +0200 @@ -6,7 +6,7 @@ # PORTNAME= ossec-hids -PORTVERSION= 2.0 +PORTVERSION= 2.4.1 PORTREVISION?= 0 CATEGORIES= security MASTER_SITES= http://www.ossec.net/files/ \ diff -ruN ossec-hids-server.bak/distinfo ossec-hids-server/distinfo --- ossec-hids-server.bak/distinfo 2009-03-24 01:37:24.000000000 +0100 +++ ossec-hids-server/distinfo 2010-06-21 10:29:22.000000000 +0200 @@ -1,3 +1,3 @@ -MD5 (ossec-hids-2.0.tar.gz) = 113d3df5f556f7f0e3df2d203d2ef73d -SHA256 (ossec-hids-2.0.tar.gz) = 4640384c20d2b7a80c266180fd6b1a73703f8fda1794ced4c82d4ab4abbcb250 -SIZE (ossec-hids-2.0.tar.gz) = 687694 +MD5 (ossec-hids-2.4.1.tar.gz) = 6796daf0feeae4223f3c1c455ee9350e +SHA256 (ossec-hids-2.4.1.tar.gz) = 5bb1e48699a38f1c553e31349c20dda06c9fcfc15f5862e16c7fd90456960455 +SIZE (ossec-hids-2.4.1.tar.gz) = 727599 diff -ruN ossec-hids-server.bak/files/patch-attack_rules.xml ossec-hids-server/files/patch-attack_rules.xml --- ossec-hids-server.bak/files/patch-attack_rules.xml 2008-09-29 16:00:04.000000000 +0200 +++ ossec-hids-server/files/patch-attack_rules.xml 1970-01-01 01:00:00.000000000 +0100 @@ -1,16 +0,0 @@ ---- etc/rules/attack_rules.xml 2008-08-29 17:15:08.000000000 +0000 -+++ attack_rules.xml 2008-09-28 21:39:52.000000000 +0000 -@@ -85,11 +85,13 @@ - <description>by a success.</description> - </rule> - -+<!-- - <rule id="40113" level="12" frequency="6" timeframe="360"> - <if_matched_group>virus</if_matched_group> - <description>Multiple viruses detected - Possible outbreak.</description> - <group>virus,</group> - </rule> -+--> - - </group> <!-- SYSLOG, ATTACKS, --> - diff -ruN ossec-hids-server.bak/files/patch-mcafee_av_rules.xml ossec-hids-server/files/patch-mcafee_av_rules.xml --- ossec-hids-server.bak/files/patch-mcafee_av_rules.xml 2008-09-29 16:00:04.000000000 +0200 +++ ossec-hids-server/files/patch-mcafee_av_rules.xml 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ ---- etc/rules/mcafee_av_rules.xml 2008-08-28 15:56:00.000000000 +0000 -+++ mcafee_av_rules.xml 2008-09-28 21:39:52.000000000 +0000 -@@ -42,6 +42,7 @@ - <description>McAfee Windows AV error event.</description> - </rule> - -+<!-- - <rule id="7504" level="12"> - <if_sid>7500</if_sid> - <regex>$MCAFEE_VIRUS</regex> -@@ -62,6 +63,7 @@ - <group>virus</group> - <description>McAfee Windows AV - Virus detected and file will be deleted.</description> - </rule> -+--> - - <rule id="7507" level="3"> - <if_sid>7500</if_sid> diff -ruN ossec-hids-server.bak/files/patch-symantec-av_rules.xml ossec-hids-server/files/patch-symantec-av_rules.xml --- ossec-hids-server.bak/files/patch-symantec-av_rules.xml 2008-09-29 16:00:04.000000000 +0200 +++ ossec-hids-server/files/patch-symantec-av_rules.xml 1970-01-01 01:00:00.000000000 +0100 @@ -1,17 +0,0 @@ ---- etc/rules/symantec-av_rules.xml 2008-06-17 17:03:56.000000000 +0000 -+++ symantec-av_rules.xml 2008-09-28 21:39:52.000000000 +0000 -@@ -31,12 +31,14 @@ - <description>Grouping of Symantec AV rules from eventlog.</description> - </rule> - -+<!-- - <rule id="7310" level="9"> - <if_sid>7300, 7301</if_sid> - <id>^5$|^17$</id> - <group>virus</group> - <description>Virus detected.</description> - </rule> -+--> - - <rule id="7320" level="3"> - <if_sid>7300, 7301</if_sid> diff -ruN ossec-hids-server.bak/pkg-plist ossec-hids-server/pkg-plist --- ossec-hids-server.bak/pkg-plist 2009-03-24 01:37:24.000000000 +0100 +++ ossec-hids-server/pkg-plist 2010-06-21 13:32:09.000000000 +0200 @@ -3,28 +3,32 @@ %%PORTNAME%%/active-response/bin/host-deny.sh %%PORTNAME%%/active-response/bin/ipfw_mac.sh %%PORTNAME%%/active-response/bin/ipfw.sh +%%PORTNAME%%/active-response/bin/ossec-tweeter.sh %%PORTNAME%%/active-response/bin/pf.sh +%%PORTNAME%%/active-response/bin/restart-ossec.sh %%PORTNAME%%/active-response/bin/route-null.sh +%%PORTNAME%%/bin/agent_control %%PORTNAME%%/bin/clear_stats %%PORTNAME%%/bin/list_agents %%PORTNAME%%/bin/manage_agents %%PORTNAME%%/bin/ossec-agentd +%%PORTNAME%%/bin/ossec-agentlessd %%PORTNAME%%/bin/ossec-analysisd -%%PORTNAME%%/bin/ossec-dbd %%PORTNAME%%/bin/ossec-control +%%PORTNAME%%/bin/ossec-csyslogd +%%PORTNAME%%/bin/ossec-dbd %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector +%%PORTNAME%%/bin/ossec-logtest %%PORTNAME%%/bin/ossec-maild %%PORTNAME%%/bin/ossec-monitord %%PORTNAME%%/bin/ossec-remoted +%%PORTNAME%%/bin/ossec-reportd %%PORTNAME%%/bin/ossec-syscheckd -%%PORTNAME%%/bin/syscheck_update -%%PORTNAME%%/bin/ossec-csyslogd -%%PORTNAME%%/bin/agent_control -%%PORTNAME%%/bin/syscheck_control %%PORTNAME%%/bin/rootcheck_control -%%PORTNAME%%/bin/ossec-reportd -%%PORTNAME%%/bin/ossec-agentlessd +%%PORTNAME%%/bin/syscheck_control +%%PORTNAME%%/bin/syscheck_update +%%PORTNAME%%/bin/verify-agent-conf %%PORTNAME%%/etc/decoder.xml %%PORTNAME%%/etc/internal_options.conf @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi @@ -41,9 +45,12 @@ %%PORTNAME%%/logs/ossec.log %%PORTNAME%%/rules/apache_rules.xml %%PORTNAME%%/rules/arpwatch_rules.xml +%%PORTNAME%%/rules/asterisk_rules.xml %%PORTNAME%%/rules/attack_rules.xml +%%PORTNAME%%/rules/cimserver_rules.xml %%PORTNAME%%/rules/cisco-ios_rules.xml %%PORTNAME%%/rules/courier_rules.xml +%%PORTNAME%%/rules/dovecot_rules.xml %%PORTNAME%%/rules/firewall_rules.xml %%PORTNAME%%/rules/ftpd_rules.xml %%PORTNAME%%/rules/hordeimp_rules.xml @@ -51,14 +58,19 @@ %%PORTNAME%%/rules/imapd_rules.xml %%PORTNAME%%/rules/local_rules.xml %%PORTNAME%%/rules/mailscanner_rules.xml +%%PORTNAME%%/rules/mcafee_av_rules.xml %%PORTNAME%%/rules/ms-exchange_rules.xml +%%PORTNAME%%/rules/ms-se_rules.xml +%%PORTNAME%%/rules/ms_dhcp_rules.xml %%PORTNAME%%/rules/ms_ftpd_rules.xml %%PORTNAME%%/rules/msauth_rules.xml %%PORTNAME%%/rules/mysql_rules.xml %%PORTNAME%%/rules/named_rules.xml %%PORTNAME%%/rules/netscreenfw_rules.xml +%%PORTNAME%%/rules/nginx_rules.xml %%PORTNAME%%/rules/ossec_rules.xml %%PORTNAME%%/rules/pam_rules.xml +%%PORTNAME%%/rules/php_rules.xml %%PORTNAME%%/rules/pix_rules.xml %%PORTNAME%%/rules/policy_rules.xml %%PORTNAME%%/rules/postfix_rules.xml @@ -66,9 +78,11 @@ %%PORTNAME%%/rules/proftpd_rules.xml %%PORTNAME%%/rules/pure-ftpd_rules.xml %%PORTNAME%%/rules/racoon_rules.xml +%%PORTNAME%%/rules/roundcube_rules.xml %%PORTNAME%%/rules/rules_config.xml %%PORTNAME%%/rules/sendmail_rules.xml %%PORTNAME%%/rules/smbd_rules.xml +%%PORTNAME%%/rules/solaris_bsm_rules.xml %%PORTNAME%%/rules/sonicwall_rules.xml %%PORTNAME%%/rules/spamd_rules.xml %%PORTNAME%%/rules/squid_rules.xml @@ -77,50 +91,54 @@ %%PORTNAME%%/rules/symantec-ws_rules.xml %%PORTNAME%%/rules/syslog_rules.xml %%PORTNAME%%/rules/telnetd_rules.xml +%%PORTNAME%%/rules/trend-osce_rules.xml +%%PORTNAME%%/rules/vmpop3d_rules.xml +%%PORTNAME%%/rules/vmware_rules.xml %%PORTNAME%%/rules/vpn_concentrator_rules.xml %%PORTNAME%%/rules/vpopmail_rules.xml %%PORTNAME%%/rules/vsftpd_rules.xml %%PORTNAME%%/rules/web_rules.xml +%%PORTNAME%%/rules/wordpress_rules.xml %%PORTNAME%%/rules/zeus_rules.xml -%%PORTNAME%%/rules/vmware_rules.xml -%%PORTNAME%%/rules/vmpop3d_rules.xml -%%PORTNAME%%/rules/solaris_bsm_rules.xml -%%PORTNAME%%/rules/mcafee_av_rules.xml -%%PORTNAME%%/rules/asterisk_rules.xml %%PORTNAME%%/agentless/main.exp -%%PORTNAME%%/agentless/sshlogin.exp -%%PORTNAME%%/agentless/ssh_pixconfig_diff -%%PORTNAME%%/agentless/ssh_nopass.exp -%%PORTNAME%%/agentless/ssh_integrity_check_linux -%%PORTNAME%%/agentless/ssh_integrity_check_bsd -%%PORTNAME%%/agentless/ssh_generic_diff -%%PORTNAME%%/agentless/ssh.exp %%PORTNAME%%/agentless/register_host.sh +%%PORTNAME%%/agentless/ssh.exp +%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff +%%PORTNAME%%/agentless/ssh_foundry_diff +%%PORTNAME%%/agentless/ssh_generic_diff +%%PORTNAME%%/agentless/ssh_integrity_check_bsd +%%PORTNAME%%/agentless/ssh_integrity_check_linux +%%PORTNAME%%/agentless/ssh_nopass.exp +%%PORTNAME%%/agentless/ssh_pixconfig_diff +%%PORTNAME%%/agentless/sshlogin.exp %%PORTNAME%%/agentless/su.exp -@dirrmtry %%PORTNAME%%/agentless @dirrmtry %%PORTNAME%%/.ssh -@dirrmtry %%PORTNAME%%/var/run -@dirrmtry %%PORTNAME%%/var -@dirrmtry %%PORTNAME%%/tmp -@dirrmtry %%PORTNAME%%/stats -@dirrmtry %%PORTNAME%%/rules -@dirrmtry %%PORTNAME%%/queue/syscheck -@dirrmtry %%PORTNAME%%/queue/rootcheck -@dirrmtry %%PORTNAME%%/queue/rids -@dirrmtry %%PORTNAME%%/queue/ossec -@dirrmtry %%PORTNAME%%/queue/fts -@dirrmtry %%PORTNAME%%/queue/alerts +@dirrmtry %%PORTNAME%%/active-response/bin +@dirrmtry %%PORTNAME%%/active-response +@dirrmtry %%PORTNAME%%/agentless +@dirrmtry %%PORTNAME%%/bin +@dirrmtry %%PORTNAME%%/etc/shared +@dirrmtry %%PORTNAME%%/etc +@dirrmtry %%PORTNAME%%/logs/alerts +@dirrmtry %%PORTNAME%%/logs/archives +@dirrmtry %%PORTNAME%%/logs/firewall +@dirrmtry %%PORTNAME%%/logs @dirrmtry %%PORTNAME%%/queue/agent-info -@dirrmtry %%PORTNAME%%/queue/diff @dirrmtry %%PORTNAME%%/queue/agentless +@dirrmtry %%PORTNAME%%/queue/alerts +@dirrmtry %%PORTNAME%%/queue/diff +@dirrmtry %%PORTNAME%%/queue/fts +@dirrmtry %%PORTNAME%%/queue/ossec +@dirrmtry %%PORTNAME%%/queue/rids +@dirrmtry %%PORTNAME%%/queue/rootcheck +@dirrmtry %%PORTNAME%%/queue/syscheck @dirrmtry %%PORTNAME%%/queue -@dirrmtry %%PORTNAME%%/logs/firewall -@dirrmtry %%PORTNAME%%/logs/archives -@dirrmtry %%PORTNAME%%/logs/alerts -@dirrmtry %%PORTNAME%%/logs -@dirrmtry %%PORTNAME%%/etc/shared -@dirrmtry %%PORTNAME%%/etc -@dirrmtry %%PORTNAME%%/bin -@dirrmtry %%PORTNAME%%/active-response/bin -@dirrmtry %%PORTNAME%%/active-response +@dirrmtry %%PORTNAME%%/rules +@dirrmtry %%PORTNAME%%/stats/hourly-average +@dirrmtry %%PORTNAME%%/stats/totals +@dirrmtry %%PORTNAME%%/stats/weekly-average +@dirrmtry %%PORTNAME%%/stats +@dirrmtry %%PORTNAME%%/tmp +@dirrmtry %%PORTNAME%%/var/run +@dirrmtry %%PORTNAME%%/var @dirrmtry %%PORTNAME%% >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006220810.o5M8AaIo089404>