- Update to 1.6

PR: ports/127708 Submitted by: valerio.daelli _AT_ gmail _DOT_ com (maintainer)
author: jadawin <jadawin@FreeBSD.org> 2008-09-29 22:00:04 +0800
committer: jadawin <jadawin@FreeBSD.org> 2008-09-29 22:00:04 +0800
commit: 41add931e020ff085cfd1868e3e8247cea6ca7d5 (patch)
tree: 9f10f9ef56dd41b6efded37d8ad63ae010937f7f /security/ossec-hids-server
parent: 10da5798617b9865585f56c71e6dd0c6c36f7f4f (diff)
download: freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.gz
freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.zst
freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.zip
8 files changed, 81 insertions, 8 deletions
diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile
index 8dfe96dfd453..ac4aaa6cfde2 100644
--- a/security/ossec-hids-server/Makefile
+++ b/security/ossec-hids-server/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	ossec-hids
-PORTVERSION=	1.4
+PORTVERSION=	1.6
 PORTREVISION?=	0
 CATEGORIES=	security
 MASTER_SITES=	http://www.ossec.net/files/ \
diff --git a/security/ossec-hids-server/distinfo b/security/ossec-hids-server/distinfo
index 213d8658f0a1..9b10c7911fd0 100644
--- a/security/ossec-hids-server/distinfo
+++ b/security/ossec-hids-server/distinfo
@@ -1,3 +1,3 @@
-MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9
-SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f
-SIZE (ossec-hids-1.4.tar.gz) = 598579
+MD5 (ossec-hids-1.6.tar.gz) = 2ed9ef649d44ad416047a4c28eaad13c
+SHA256 (ossec-hids-1.6.tar.gz) = 07dc21b1d1b581c29c16ba0bdca525fabac775aa7f2be139708c5427261e0687
+SIZE (ossec-hids-1.6.tar.gz) = 666622
diff --git a/security/ossec-hids-server/files/patch-InstallServer.sh b/security/ossec-hids-server/files/patch-InstallServer.sh
index f1f96cda5eb5..009fa93ac8af 100644
--- a/security/ossec-hids-server/files/patch-InstallServer.sh
+++ b/security/ossec-hids-server/files/patch-InstallServer.sh
@@ -1,7 +1,15 @@
-diff -ruN src/InstallServer.sh.orig src/InstallServer.sh
---- src/InstallServer.sh.orig	Sun Jan  7 23:38:16 2007
-+++ src/InstallServer.sh	Thu Apr  5 15:58:08 2007
-@@ -255,12 +255,12 @@
+--- src/InstallServer.sh	2008-08-22 20:42:09.000000000 +0000
++++ src/InstallServer.sh	2008-09-28 22:10:45.000000000 +0000
+@@ -174,7 +174,7 @@
+     fi    
+ fi
+     
+-cp -pr ../etc/rules/* ${DIR}/rules/
++cp -pr ../etc/rules/*.xml ${DIR}/rules/
+ 
+ # If the local_rules is saved, moved it back
+ ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
+@@ -284,12 +284,12 @@
  
  ls ../etc/ossec.mc > /dev/null 2>&1
  if [ $? = 0 ]; then
diff --git a/security/ossec-hids-server/files/patch-attack_rules.xml b/security/ossec-hids-server/files/patch-attack_rules.xml
new file mode 100644
index 000000000000..04f0fc2c846f
--- /dev/null
+++ b/security/ossec-hids-server/files/patch-attack_rules.xml
@@ -0,0 +1,16 @@
+--- etc/rules/attack_rules.xml	2008-08-29 17:15:08.000000000 +0000
++++ attack_rules.xml	2008-09-28 21:39:52.000000000 +0000
+@@ -85,11 +85,13 @@
+     <description>by a success.</description>
+   </rule>
+ 
++<!--
+   <rule id="40113" level="12" frequency="6" timeframe="360">
+     <if_matched_group>virus</if_matched_group>
+     <description>Multiple viruses detected - Possible outbreak.</description>
+     <group>virus,</group>
+   </rule>
++-->
+   
+ </group> <!-- SYSLOG, ATTACKS, -->
+ 
diff --git a/security/ossec-hids-server/files/patch-mcafee_av_rules.xml b/security/ossec-hids-server/files/patch-mcafee_av_rules.xml
new file mode 100644
index 000000000000..9e2c95dc7784
--- /dev/null
+++ b/security/ossec-hids-server/files/patch-mcafee_av_rules.xml
@@ -0,0 +1,18 @@
+--- etc/rules/mcafee_av_rules.xml	2008-08-28 15:56:00.000000000 +0000
++++ mcafee_av_rules.xml	2008-09-28 21:39:52.000000000 +0000
+@@ -42,6 +42,7 @@
+     <description>McAfee Windows AV error event.</description>
+   </rule>
+ 
++<!--
+   <rule id="7504" level="12">
+     <if_sid>7500</if_sid>
+     <regex>$MCAFEE_VIRUS</regex>
+@@ -62,6 +63,7 @@
+     <group>virus</group>
+     <description>McAfee Windows AV - Virus detected and file will be deleted.</description>
+   </rule>
++-->
+ 
+   <rule id="7507" level="3">
+     <if_sid>7500</if_sid>
diff --git a/security/ossec-hids-server/files/patch-symantec-av_rules.xml b/security/ossec-hids-server/files/patch-symantec-av_rules.xml
new file mode 100644
index 000000000000..20cc6a69535b
--- /dev/null
+++ b/security/ossec-hids-server/files/patch-symantec-av_rules.xml
@@ -0,0 +1,17 @@
+--- etc/rules/symantec-av_rules.xml	2008-06-17 17:03:56.000000000 +0000
++++ symantec-av_rules.xml	2008-09-28 21:39:52.000000000 +0000
+@@ -31,12 +31,14 @@
+     <description>Grouping of Symantec AV rules from eventlog.</description>
+   </rule>
+ 
++<!--
+   <rule id="7310" level="9">
+     <if_sid>7300, 7301</if_sid>
+     <id>^5$|^17$</id>
+     <group>virus</group>
+     <description>Virus detected.</description>
+   </rule>
++-->
+   
+   <rule id="7320" level="3">
+     <if_sid>7300, 7301</if_sid>
diff --git a/security/ossec-hids-server/files/pkg-message.in b/security/ossec-hids-server/files/pkg-message.in
index d4be60736e68..7b6a0e4131d9 100644
--- a/security/ossec-hids-server/files/pkg-message.in
+++ b/security/ossec-hids-server/files/pkg-message.in
@@ -16,3 +16,5 @@ http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput
 When you deinstall this port after starting the daemons once, many directories that are
 created by the daemons will remain.  To fully remove the port you need to delete those
 directories manually.
+To further enhance the security on your system, you may also enable some checks
+in PAM for a fast reaction against intrusions.
diff --git a/security/ossec-hids-server/pkg-plist b/security/ossec-hids-server/pkg-plist
index 6b9397bfd7d9..f471f0747524 100644
--- a/security/ossec-hids-server/pkg-plist
+++ b/security/ossec-hids-server/pkg-plist
@@ -19,6 +19,10 @@
 %%PORTNAME%%/bin/ossec-remoted
 %%PORTNAME%%/bin/ossec-syscheckd
 %%PORTNAME%%/bin/syscheck_update
+%%PORTNAME%%/bin/ossec-csyslogd
+%%PORTNAME%%/bin/agent_control
+%%PORTNAME%%/bin/syscheck_control
+%%PORTNAME%%/bin/rootcheck_control
 %%PORTNAME%%/etc/decoder.xml
 %%PORTNAME%%/etc/internal_options.conf
 @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
@@ -29,6 +33,9 @@
 %%PORTNAME%%/etc/shared/win_applications_rcl.txt
 %%PORTNAME%%/etc/shared/win_audit_rcl.txt
 %%PORTNAME%%/etc/shared/win_malware_rcl.txt
+%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
+%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
+%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
 %%PORTNAME%%/logs/ossec.log
 %%PORTNAME%%/rules/apache_rules.xml
 %%PORTNAME%%/rules/arpwatch_rules.xml
@@ -73,6 +80,11 @@
 %%PORTNAME%%/rules/vsftpd_rules.xml
 %%PORTNAME%%/rules/web_rules.xml
 %%PORTNAME%%/rules/zeus_rules.xml
+%%PORTNAME%%/rules/vmware_rules.xml
+%%PORTNAME%%/rules/vmpop3d_rules.xml
+%%PORTNAME%%/rules/solaris_bsm_rules.xml
+%%PORTNAME%%/rules/mcafee_av_rules.xml
+%%PORTNAME%%/rules/asterisk_rules.xml
 @dirrmtry %%PORTNAME%%/var/run
 @dirrmtry %%PORTNAME%%/var
 @dirrmtry %%PORTNAME%%/tmp
author	jadawin <jadawin@FreeBSD.org>	2008-09-29 22:00:04 +0800
committer	jadawin <jadawin@FreeBSD.org>	2008-09-29 22:00:04 +0800
commit	41add931e020ff085cfd1868e3e8247cea6ca7d5 (patch)
tree	9f10f9ef56dd41b6efded37d8ad63ae010937f7f /security/ossec-hids-server
parent	10da5798617b9865585f56c71e6dd0c6c36f7f4f (diff)
download	freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.gz freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.zst freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.zip