diff options
author | jadawin <jadawin@FreeBSD.org> | 2008-09-29 22:00:04 +0800 |
---|---|---|
committer | jadawin <jadawin@FreeBSD.org> | 2008-09-29 22:00:04 +0800 |
commit | 41add931e020ff085cfd1868e3e8247cea6ca7d5 (patch) | |
tree | 9f10f9ef56dd41b6efded37d8ad63ae010937f7f /security | |
parent | 10da5798617b9865585f56c71e6dd0c6c36f7f4f (diff) | |
download | freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.gz freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.tar.zst freebsd-ports-gnome-41add931e020ff085cfd1868e3e8247cea6ca7d5.zip |
- Update to 1.6
PR: ports/127708
Submitted by: valerio.daelli _AT_ gmail _DOT_ com (maintainer)
Diffstat (limited to 'security')
-rw-r--r-- | security/ossec-hids-server/Makefile | 2 | ||||
-rw-r--r-- | security/ossec-hids-server/distinfo | 6 | ||||
-rw-r--r-- | security/ossec-hids-server/files/patch-InstallServer.sh | 16 | ||||
-rw-r--r-- | security/ossec-hids-server/files/patch-attack_rules.xml | 16 | ||||
-rw-r--r-- | security/ossec-hids-server/files/patch-mcafee_av_rules.xml | 18 | ||||
-rw-r--r-- | security/ossec-hids-server/files/patch-symantec-av_rules.xml | 17 | ||||
-rw-r--r-- | security/ossec-hids-server/files/pkg-message.in | 2 | ||||
-rw-r--r-- | security/ossec-hids-server/pkg-plist | 12 |
8 files changed, 81 insertions, 8 deletions
diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile index 8dfe96dfd453..ac4aaa6cfde2 100644 --- a/security/ossec-hids-server/Makefile +++ b/security/ossec-hids-server/Makefile @@ -6,7 +6,7 @@ # PORTNAME= ossec-hids -PORTVERSION= 1.4 +PORTVERSION= 1.6 PORTREVISION?= 0 CATEGORIES= security MASTER_SITES= http://www.ossec.net/files/ \ diff --git a/security/ossec-hids-server/distinfo b/security/ossec-hids-server/distinfo index 213d8658f0a1..9b10c7911fd0 100644 --- a/security/ossec-hids-server/distinfo +++ b/security/ossec-hids-server/distinfo @@ -1,3 +1,3 @@ -MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9 -SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f -SIZE (ossec-hids-1.4.tar.gz) = 598579 +MD5 (ossec-hids-1.6.tar.gz) = 2ed9ef649d44ad416047a4c28eaad13c +SHA256 (ossec-hids-1.6.tar.gz) = 07dc21b1d1b581c29c16ba0bdca525fabac775aa7f2be139708c5427261e0687 +SIZE (ossec-hids-1.6.tar.gz) = 666622 diff --git a/security/ossec-hids-server/files/patch-InstallServer.sh b/security/ossec-hids-server/files/patch-InstallServer.sh index f1f96cda5eb5..009fa93ac8af 100644 --- a/security/ossec-hids-server/files/patch-InstallServer.sh +++ b/security/ossec-hids-server/files/patch-InstallServer.sh @@ -1,7 +1,15 @@ -diff -ruN src/InstallServer.sh.orig src/InstallServer.sh ---- src/InstallServer.sh.orig Sun Jan 7 23:38:16 2007 -+++ src/InstallServer.sh Thu Apr 5 15:58:08 2007 -@@ -255,12 +255,12 @@ +--- src/InstallServer.sh 2008-08-22 20:42:09.000000000 +0000 ++++ src/InstallServer.sh 2008-09-28 22:10:45.000000000 +0000 +@@ -174,7 +174,7 @@ + fi + fi + +-cp -pr ../etc/rules/* ${DIR}/rules/ ++cp -pr ../etc/rules/*.xml ${DIR}/rules/ + + # If the local_rules is saved, moved it back + ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1 +@@ -284,12 +284,12 @@ ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then diff --git a/security/ossec-hids-server/files/patch-attack_rules.xml b/security/ossec-hids-server/files/patch-attack_rules.xml new file mode 100644 index 000000000000..04f0fc2c846f --- /dev/null +++ b/security/ossec-hids-server/files/patch-attack_rules.xml @@ -0,0 +1,16 @@ +--- etc/rules/attack_rules.xml 2008-08-29 17:15:08.000000000 +0000 ++++ attack_rules.xml 2008-09-28 21:39:52.000000000 +0000 +@@ -85,11 +85,13 @@ + <description>by a success.</description> + </rule> + ++<!-- + <rule id="40113" level="12" frequency="6" timeframe="360"> + <if_matched_group>virus</if_matched_group> + <description>Multiple viruses detected - Possible outbreak.</description> + <group>virus,</group> + </rule> ++--> + + </group> <!-- SYSLOG, ATTACKS, --> + diff --git a/security/ossec-hids-server/files/patch-mcafee_av_rules.xml b/security/ossec-hids-server/files/patch-mcafee_av_rules.xml new file mode 100644 index 000000000000..9e2c95dc7784 --- /dev/null +++ b/security/ossec-hids-server/files/patch-mcafee_av_rules.xml @@ -0,0 +1,18 @@ +--- etc/rules/mcafee_av_rules.xml 2008-08-28 15:56:00.000000000 +0000 ++++ mcafee_av_rules.xml 2008-09-28 21:39:52.000000000 +0000 +@@ -42,6 +42,7 @@ + <description>McAfee Windows AV error event.</description> + </rule> + ++<!-- + <rule id="7504" level="12"> + <if_sid>7500</if_sid> + <regex>$MCAFEE_VIRUS</regex> +@@ -62,6 +63,7 @@ + <group>virus</group> + <description>McAfee Windows AV - Virus detected and file will be deleted.</description> + </rule> ++--> + + <rule id="7507" level="3"> + <if_sid>7500</if_sid> diff --git a/security/ossec-hids-server/files/patch-symantec-av_rules.xml b/security/ossec-hids-server/files/patch-symantec-av_rules.xml new file mode 100644 index 000000000000..20cc6a69535b --- /dev/null +++ b/security/ossec-hids-server/files/patch-symantec-av_rules.xml @@ -0,0 +1,17 @@ +--- etc/rules/symantec-av_rules.xml 2008-06-17 17:03:56.000000000 +0000 ++++ symantec-av_rules.xml 2008-09-28 21:39:52.000000000 +0000 +@@ -31,12 +31,14 @@ + <description>Grouping of Symantec AV rules from eventlog.</description> + </rule> + ++<!-- + <rule id="7310" level="9"> + <if_sid>7300, 7301</if_sid> + <id>^5$|^17$</id> + <group>virus</group> + <description>Virus detected.</description> + </rule> ++--> + + <rule id="7320" level="3"> + <if_sid>7300, 7301</if_sid> diff --git a/security/ossec-hids-server/files/pkg-message.in b/security/ossec-hids-server/files/pkg-message.in index d4be60736e68..7b6a0e4131d9 100644 --- a/security/ossec-hids-server/files/pkg-message.in +++ b/security/ossec-hids-server/files/pkg-message.in @@ -16,3 +16,5 @@ http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput When you deinstall this port after starting the daemons once, many directories that are created by the daemons will remain. To fully remove the port you need to delete those directories manually. +To further enhance the security on your system, you may also enable some checks +in PAM for a fast reaction against intrusions. diff --git a/security/ossec-hids-server/pkg-plist b/security/ossec-hids-server/pkg-plist index 6b9397bfd7d9..f471f0747524 100644 --- a/security/ossec-hids-server/pkg-plist +++ b/security/ossec-hids-server/pkg-plist @@ -19,6 +19,10 @@ %%PORTNAME%%/bin/ossec-remoted %%PORTNAME%%/bin/ossec-syscheckd %%PORTNAME%%/bin/syscheck_update +%%PORTNAME%%/bin/ossec-csyslogd +%%PORTNAME%%/bin/agent_control +%%PORTNAME%%/bin/syscheck_control +%%PORTNAME%%/bin/rootcheck_control %%PORTNAME%%/etc/decoder.xml %%PORTNAME%%/etc/internal_options.conf @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi @@ -29,6 +33,9 @@ %%PORTNAME%%/etc/shared/win_applications_rcl.txt %%PORTNAME%%/etc/shared/win_audit_rcl.txt %%PORTNAME%%/etc/shared/win_malware_rcl.txt +%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt +%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt +%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt %%PORTNAME%%/logs/ossec.log %%PORTNAME%%/rules/apache_rules.xml %%PORTNAME%%/rules/arpwatch_rules.xml @@ -73,6 +80,11 @@ %%PORTNAME%%/rules/vsftpd_rules.xml %%PORTNAME%%/rules/web_rules.xml %%PORTNAME%%/rules/zeus_rules.xml +%%PORTNAME%%/rules/vmware_rules.xml +%%PORTNAME%%/rules/vmpop3d_rules.xml +%%PORTNAME%%/rules/solaris_bsm_rules.xml +%%PORTNAME%%/rules/mcafee_av_rules.xml +%%PORTNAME%%/rules/asterisk_rules.xml @dirrmtry %%PORTNAME%%/var/run @dirrmtry %%PORTNAME%%/var @dirrmtry %%PORTNAME%%/tmp |