Add the bsmtrace port.

bsmtrace is a audit driven host based intrusion detection system which
operates on finite state machine principles.  Since it's audit driven,
it requires that operating system security auditing be enabled. This
requires FreeBSD 6.2 at a minimum.  By default it provides real-time
analysis through the use of an audit pipe, however it can operate on
regular audit trail files as well.

Approved by:	Pav
Reviewed by:	Pav (and others)

5 files changed, 64 insertions, 0 deletions

diff --git a/security/bsmtrace/Makefile b/security/bsmtrace/Makefile
new file mode 100644
index 000000000000..eafa4fbeea8c
--- /dev/null
+++ b/security/bsmtrace/Makefile
@@ -0,0 +1,46 @@
+# New ports collection makefile for:	bsmtrace
+# Date created:        13 March 2007
+# Whom:                alm
+#
+# $FreeBSD$
+#
+
+PORTNAME=	bsmtrace
+PORTVERSION=	1.0.3
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_LOCAL}
+MASTER_SITE_SUBDIR=	csjp
+
+MAINTAINER=	alm@FreeBSD.org
+COMMENT=	BSM based intrusion detection system
+
+SUB_FILES=	pkg-message
+MAN1=		bsmtrace.1
+MAN5=		bsmtrace.conf.5
+
+.include <bsd.port.pre.mk>
+.if ${OSVERSION} < 602000
+IGNORE=		release 6.2-RELEASE or later is required
+.endif
+
+.if defined(WITH_PCRE)
+LIB_DEPENDS+=	pcre.0:${PORTSDIR}/devel/pcre
+MAKE_ENV+=	PCRE=1
+.endif
+
+pre-build:
+	${REINPLACE_CMD} -e \
+		's,/etc/bsmtrace.conf,${PREFIX}/etc/bsmtrace.conf,' \
+		${WRKSRC}/config.h
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/bsmtrace ${PREFIX}/sbin
+	@${MKDIR} ${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/bsmtrace.conf ${EXAMPLESDIR}
+	${INSTALL_MAN} ${WRKSRC}/bsmtrace.1 ${MAN1PREFIX}/man/man1
+	${INSTALL_MAN} ${WRKSRC}/bsmtrace.conf.5 ${MAN5PREFIX}/man/man5
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/bsmtrace/distinfo b/security/bsmtrace/distinfo
new file mode 100644
index 000000000000..91959d480a6c
--- /dev/null
+++ b/security/bsmtrace/distinfo
@@ -0,0 +1,3 @@
+MD5 (bsmtrace-1.0.3.tar.gz) = a1199983d6121011cdf16e7c1a10a3df
+SHA256 (bsmtrace-1.0.3.tar.gz) = 41853c30a7c2bad821f8cb88f66640637821b7d2ac53db5abecfc8797645bd25
+SIZE (bsmtrace-1.0.3.tar.gz) = 22170
diff --git a/security/bsmtrace/files/pkg-message.in b/security/bsmtrace/files/pkg-message.in
new file mode 100644
index 000000000000..82e3c3dc6d95
--- /dev/null
+++ b/security/bsmtrace/files/pkg-message.in
@@ -0,0 +1,6 @@
+
+Please note a sample configuration file for bsmtrace has been installed
+in %%EXAMPLESDIR%%.  This file will not be
+suitable for your own system, but can be used as a reference to get
+started.
+i
diff --git a/security/bsmtrace/pkg-descr b/security/bsmtrace/pkg-descr
new file mode 100644
index 000000000000..8ae901b6734c
--- /dev/null
+++ b/security/bsmtrace/pkg-descr
@@ -0,0 +1,6 @@
+bsmtrace is a BSM based intrusion detection system, utilizing audit trails
+and real-time audit event analysis through auditpipe(4).  This host based
+IDS operates using a finite state machine principles with a flexible
+sequence driven signature system.
+
+WWW: http://people.freebsd.org/~csjp/bsmtrace/bsmtrace.txt
diff --git a/security/bsmtrace/pkg-plist b/security/bsmtrace/pkg-plist
new file mode 100644
index 000000000000..4d955c750db2
--- /dev/null
+++ b/security/bsmtrace/pkg-plist
@@ -0,0 +1,3 @@
+sbin/bsmtrace
+%%EXAMPLESDIR%%/bsmtrace.conf
+@dirrm %%EXAMPLESDIR%%