diff options
| author | brd <brd@FreeBSD.org> | 2014-07-14 10:46:37 +0800 |
|---|---|---|
| committer | brd <brd@FreeBSD.org> | 2014-07-14 10:46:37 +0800 |
| commit | 76c055aff3ef545504b5e1ca812d103fc749d6c1 (patch) | |
| tree | dcc566329ec9b7ce3455c96a9c50c3710068c798 /security | |
| parent | 9cafad2e5c47ea6c42fd1e813d4fec92bfd7b3dc (diff) | |
| download | freebsd-ports-gnome-76c055aff3ef545504b5e1ca812d103fc749d6c1.tar.gz freebsd-ports-gnome-76c055aff3ef545504b5e1ca812d103fc749d6c1.tar.zst freebsd-ports-gnome-76c055aff3ef545504b5e1ca812d103fc749d6c1.zip | |
- Update to 2.8
- Fix permissions preventing server and local from starting correctly
Reviewed by: swills@
Diffstat (limited to 'security')
15 files changed, 33 insertions, 223 deletions
diff --git a/security/ossec-hids-client/Makefile b/security/ossec-hids-client/Makefile index 29a814aa6ef4..f7a5b2ea1990 100644 --- a/security/ossec-hids-client/Makefile +++ b/security/ossec-hids-client/Makefile @@ -1,7 +1,6 @@ # Created by: Valerio Daelli <valerio.daelli@gmail.com> # $FreeBSD$ -PORTREVISION= 1 COMMENT= The client port of ossec-hids CLIENT_ONLY= yes diff --git a/security/ossec-hids-client/pkg-plist.client b/security/ossec-hids-client/pkg-plist.client index 86559e073aa3..6a717598df98 100644 --- a/security/ossec-hids-client/pkg-plist.client +++ b/security/ossec-hids-client/pkg-plist.client @@ -1,4 +1,3 @@ -@group ossec %%PORTNAME%%/active-response/bin/disable-account.sh %%PORTNAME%%/active-response/bin/firewall-drop.sh %%PORTNAME%%/active-response/bin/host-deny.sh @@ -15,8 +14,11 @@ %%PORTNAME%%/bin/ossec-control %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector +%%PORTNAME%%/bin/ossec-lua +%%PORTNAME%%/bin/ossec-luac %%PORTNAME%%/bin/ossec-syscheckd %%PORTNAME%%/bin/util.sh +@group ossec %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile index cfcaace188a5..451a605aabf6 100644 --- a/security/ossec-hids-server/Makefile +++ b/security/ossec-hids-server/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 2.7.1 +PORTVERSION= 2.8 PORTREVISION?= 0 CATEGORIES= security MASTER_SITES= http://www.ossec.net/files/ \ @@ -31,7 +31,7 @@ OPTIONS_DEFINE+= DOCS SUB_LIST= PORTNAME=${PORTNAME} SUB_FILES= pkg-message PLIST_SUB= PORTNAME=${PORTNAME} -PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE README +PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE .include <bsd.port.pre.mk> .if ${OSVERSION} < 800067 diff --git a/security/ossec-hids-server/distinfo b/security/ossec-hids-server/distinfo index 186a19254a95..de74803822f7 100644 --- a/security/ossec-hids-server/distinfo +++ b/security/ossec-hids-server/distinfo @@ -1,2 +1,2 @@ -SHA256 (ossec-hids-2.7.1.tar.gz) = a81d11cd6c3f21058968f5c72c25b160d3218ea28d648d8abd6a78f4ae4196ec -SIZE (ossec-hids-2.7.1.tar.gz) = 837818 +SHA256 (ossec-hids-2.8.tar.gz) = 991868627e4965d68ae453305d16bab5a73352aa3be411c302690223a938ff2b +SIZE (ossec-hids-2.8.tar.gz) = 1662990 diff --git a/security/ossec-hids-server/files/patch-install.sh b/security/ossec-hids-server/files/patch-install.sh deleted file mode 100644 index f25849897b6c..000000000000 --- a/security/ossec-hids-server/files/patch-install.sh +++ /dev/null @@ -1,32 +0,0 @@ ---- ./install.sh.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./install.sh 2014-04-21 19:52:35.000000000 -0600 -@@ -67,9 +67,6 @@ - echo "5- ${installing}" - - echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION} -- echo "CC=${CC}" >> ${LOCATION} -- echo "GCC=${CC}" >> ${LOCATION} -- echo "CLANG=clang" >> ${LOCATION} - - # Changing Config.OS with the new C flags - # Checking if debug is enabled -@@ -811,19 +808,6 @@ - export PATH - fi - -- ls "`which gcc`" > /dev/null 2>&1 -- if [ ! $? = 0 ]; then -- ls "`which cc`" > /dev/null 2>&1 -- if [ ! $? = 0 ]; then -- if [ "X${USER_BINARYINSTALL}" = "X" ]; then -- catError "0x3-dependencies" -- fi -- fi -- CC="cc" -- else -- CC="gcc" -- fi -- - PATH=$OLDOPATH - export PATH - } diff --git a/security/ossec-hids-server/files/patch-src__Config.Make b/security/ossec-hids-server/files/patch-src__Config.Make deleted file mode 100644 index 6b7cf9a84b10..000000000000 --- a/security/ossec-hids-server/files/patch-src__Config.Make +++ /dev/null @@ -1,11 +0,0 @@ ---- ./src/Config.Make.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/Config.Make 2014-04-21 19:52:35.000000000 -0600 -@@ -7,7 +7,7 @@ - include ${PT}LOCATION - include ${PT}Config.OS - -- -+CC?=cc - CFLAGS = -g -Wall -I${PT} -I${PT}headers ${CPATH} ${CEXTRA} ${DEXTRA} ${EEXTRA} ${FEXTRA} ${GEXTRA} ${HEXTRA} ${CGEOIP} -DARGV0=\"${NAME}\" -DXML_VAR=\"var\" -DOSSECHIDS - - SOURCES = *.c diff --git a/security/ossec-hids-server/files/patch-src__InstallAgent.sh b/security/ossec-hids-server/files/patch-src__InstallAgent.sh index 442d6eb3753e..93ce504f97fe 100644 --- a/security/ossec-hids-server/files/patch-src__InstallAgent.sh +++ b/security/ossec-hids-server/files/patch-src__InstallAgent.sh @@ -1,5 +1,5 @@ ---- src/InstallAgent.sh.orig 2013-10-29 12:13:44.000000000 -0600 -+++ src/InstallAgent.sh 2014-06-20 10:30:22.531480743 -0600 +--- ./src/InstallAgent.sh.orig 2014-07-13 15:25:05.161395378 -0600 ++++ ./src/InstallAgent.sh 2014-07-13 15:25:35.972393742 -0600 @@ -37,11 +37,11 @@ # Creating groups/users @@ -9,110 +9,11 @@ - /usr/sbin/pw groupadd ${GROUP} - /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} - fi -+# grep "^${USER}" /etc/passwd > /dev/null 2>&1 -+# if [ ! $? = 0 ]; then -+# /usr/sbin/pw groupadd ${GROUP} -+# /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} -+# fi ++ #grep "^${USER}" /etc/passwd > /dev/null 2>&1 ++ #if [ ! $? = 0 ]; then ++ #/usr/sbin/pw groupadd ${GROUP} ++ #/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} ++ #fi elif [ "$UNAME" = "SunOS" ]; then grep "^${USER}" /etc/passwd > /dev/null 2>&1 -@@ -107,21 +107,21 @@ - - # Default for all directories - chmod -R 550 ${DIR} --chown -R root:${GROUP} ${DIR} -+#chown -R root:${GROUP} ${DIR} - - # To the ossec queue (default for agentd to read) --chown -R ${USER}:${GROUP} ${DIR}/queue/ossec -+#chown -R ${USER}:${GROUP} ${DIR}/queue/ossec - chmod -R 770 ${DIR}/queue/ossec - - # For the logging user --chown -R ${USER}:${GROUP} ${DIR}/logs -+#chown -R ${USER}:${GROUP} ${DIR}/logs - chmod -R 750 ${DIR}/logs - chmod -R 775 ${DIR}/queue/rids - touch ${DIR}/logs/ossec.log --chown ${USER}:${GROUP} ${DIR}/logs/ossec.log -+#chown ${USER}:${GROUP} ${DIR}/logs/ossec.log - chmod 664 ${DIR}/logs/ossec.log - --chown -R ${USER}:${GROUP} ${DIR}/queue/diff -+#chown -R ${USER}:${GROUP} ${DIR}/queue/diff - chmod -R 750 ${DIR}/queue/diff - chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 - -@@ -130,7 +130,7 @@ - - # For the etc dir - chmod 550 ${DIR}/etc --chown -R root:${GROUP} ${DIR}/etc -+#chown -R root:${GROUP} ${DIR}/etc - - ls /etc/localtime > /dev/null 2>&1 - if [ $? = 0 ]; then -@@ -168,12 +168,12 @@ - cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 - cp -pr agentlessd/scripts/* ${DIR}/agentless/ - --chown root:${GROUP} ${DIR}/etc/internal_options.conf --chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 --chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 --chown root:${GROUP} ${DIR}/agentless/* --chown ${USER}:${GROUP} ${DIR}/.ssh --chown -R root:${GROUP} ${DIR}/etc/shared -+#chown root:${GROUP} ${DIR}/etc/internal_options.conf -+#chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 -+#chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 -+#chown root:${GROUP} ${DIR}/agentless/* -+#chown ${USER}:${GROUP} ${DIR}/.ssh -+#chown -R root:${GROUP} ${DIR}/etc/shared - - chmod 550 ${DIR}/etc - chmod 440 ${DIR}/etc/internal_options.conf -@@ -186,7 +186,7 @@ - - # For the /var/run - chmod 770 ${DIR}/var/run --chown root:${GROUP} ${DIR}/var/run -+#chown root:${GROUP} ${DIR}/var/run - - - # Moving the binary files -@@ -198,7 +198,7 @@ - cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control - cp -pr addagent/manage_agents ${DIR}/bin/ - cp -pr ../contrib/util.sh ${DIR}/bin/ --chown root:${GROUP} ${DIR}/bin/util.sh -+#chown root:${GROUP} ${DIR}/bin/util.sh - chmod +x ${DIR}/bin/util.sh - - # Copying active response modules -@@ -206,9 +206,9 @@ - cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ - cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ - chmod 755 ${DIR}/active-response/bin/* --chown root:${GROUP} ${DIR}/active-response/bin/* -+#chown root:${GROUP} ${DIR}/active-response/bin/* - --chown root:${GROUP} ${DIR}/bin/* -+#chown root:${GROUP} ${DIR}/bin/* - chmod 550 ${DIR}/bin/* - - -@@ -223,10 +223,10 @@ - if [ $? = 0 ]; then - cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf - else -- cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf -+ cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf.sample - fi --chown root:${GROUP} ${DIR}/etc/ossec.conf --chmod 440 ${DIR}/etc/ossec.conf -+#chown root:${GROUP} ${DIR}/etc/ossec.conf.sample -+chmod 440 ${DIR}/etc/ossec.conf.sample - - - diff --git a/security/ossec-hids-server/files/patch-src__InstallServer.sh b/security/ossec-hids-server/files/patch-src__InstallServer.sh index be74c30e9e42..83ee92787b5d 100644 --- a/security/ossec-hids-server/files/patch-src__InstallServer.sh +++ b/security/ossec-hids-server/files/patch-src__InstallServer.sh @@ -1,5 +1,5 @@ ---- ./src/InstallServer.sh.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/InstallServer.sh 2014-04-21 19:56:55.000000000 -0600 +--- ./src/InstallServer.sh.orig 2014-05-22 07:10:57.000000000 -0600 ++++ ./src/InstallServer.sh 2014-07-13 15:24:45.552390120 -0600 @@ -44,13 +44,13 @@ # Creating groups/users @@ -139,16 +139,16 @@ # Moving the binary files cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ -@@ -255,7 +255,7 @@ - cp -pr util/syscheck_control ${DIR}/bin/ - cp -pr util/rootcheck_control ${DIR}/bin/ +@@ -257,7 +257,7 @@ + cp -pr external/lua/src/ossec-lua ${DIR}/bin/ + cp -pr external/lua/src/ossec-luac ${DIR}/bin/ cp -pr ../contrib/util.sh ${DIR}/bin/ -chown root:${GROUP} ${DIR}/bin/util.sh +#chown root:${GROUP} ${DIR}/bin/util.sh chmod +x ${DIR}/bin/util.sh # Local install chosen -@@ -285,14 +285,14 @@ +@@ -287,14 +287,14 @@ cp -pr ../etc/internal_options.conf ${DIR}/etc/ cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/ @@ -171,7 +171,7 @@ chmod 440 ${DIR}/etc/decoder.xml chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 chmod 440 ${DIR}/etc/internal_options.conf -@@ -312,9 +312,9 @@ +@@ -314,9 +314,9 @@ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ chmod 550 ${DIR}/active-response/bin/* @@ -183,7 +183,7 @@ chmod 550 ${DIR}/bin/* -@@ -326,12 +326,12 @@ +@@ -328,12 +328,12 @@ ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then diff --git a/security/ossec-hids-server/files/patch-src__LOCATION b/security/ossec-hids-server/files/patch-src__LOCATION index f2ebade2745d..d63ccade4236 100644 --- a/security/ossec-hids-server/files/patch-src__LOCATION +++ b/security/ossec-hids-server/files/patch-src__LOCATION @@ -1,7 +1,5 @@ -diff -ruN src/LOCATION.orig src/LOCATION ---- src/LOCATION.orig Tue Oct 25 18:18:50 2005 -+++ src/LOCATION Mon Apr 2 10:51:37 2007 -@@ -1,2 +1,2 @@ +--- ./src/LOCATION.orig 2014-05-22 07:10:57.000000000 -0600 ++++ ./src/LOCATION 2014-07-13 15:24:45.561388082 -0600 +@@ -1 +1 @@ -DIR="/var/ossec" -+DIR="PREFIX" - CC=gcc ++DIR="/usr/local/poudriere/ports/svn/security/ossec-hids-server/work/stage/usr/local/ossec-hids" diff --git a/security/ossec-hids-server/files/patch-src__Makeall b/security/ossec-hids-server/files/patch-src__Makeall deleted file mode 100644 index 580cfc042e17..000000000000 --- a/security/ossec-hids-server/files/patch-src__Makeall +++ /dev/null @@ -1,19 +0,0 @@ ---- ./src/Makeall.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/Makeall 2014-04-21 19:52:35.000000000 -0600 -@@ -44,6 +44,7 @@ - ROOTCHECKBIN="rootcheck" - DIRECTORIES="" # Directories to make - -+. ./LOCATION - - # Setting SunOS path - if [ "X$OS" = "XSunOS" ]; then -@@ -104,7 +105,7 @@ - else - - echo 'int main() { short one = 1; char *cp = (char*)&one; if ( *cp == 0 ) return(1); else return(0); }' > isbigendian.c -- gcc -o isbigendian isbigendian.c -+ cc -o isbigendian isbigendian.c - ./isbigendian - if [ $? = 1 ]; then - echo "INFO: Big endian set." diff --git a/security/ossec-hids-server/files/patch-src__headers__defs.h b/security/ossec-hids-server/files/patch-src__headers__defs.h index cd65bae53d0d..467593078b85 100644 --- a/security/ossec-hids-server/files/patch-src__headers__defs.h +++ b/security/ossec-hids-server/files/patch-src__headers__defs.h @@ -1,5 +1,5 @@ ---- ./src/headers/defs.h.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/headers/defs.h 2014-04-21 19:52:35.000000000 -0600 +--- ./src/headers/defs.h.orig 2014-05-22 07:10:57.000000000 -0600 ++++ ./src/headers/defs.h 2014-07-13 15:24:45.559389869 -0600 @@ -98,7 +98,7 @@ #endif diff --git a/security/ossec-hids-server/files/patch-src__init__shared.sh b/security/ossec-hids-server/files/patch-src__init__shared.sh deleted file mode 100644 index 61ebc8f5e529..000000000000 --- a/security/ossec-hids-server/files/patch-src__init__shared.sh +++ /dev/null @@ -1,10 +0,0 @@ ---- ./src/init/shared.sh.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/init/shared.sh 2014-04-21 19:52:35.000000000 -0600 -@@ -28,7 +28,6 @@ - NAMESERVERS=`cat /etc/resolv.conf | grep "^nameserver" | cut -d " " -sf 2` - NAMESERVERS2=`cat /etc/resolv.conf | grep "^nameserver" | cut -sf 2` - HOST_CMD=`which host` --CC="" - NAME="OSSEC HIDS" - INSTYPE="server" - DEFAULT_DIR=`grep DIR ${LOCATION} | cut -f2 -d\"` diff --git a/security/ossec-hids-server/files/patch-src__os_crypto__sha1__Makefile b/security/ossec-hids-server/files/patch-src__os_crypto__sha1__Makefile deleted file mode 100644 index 3bae32c14a26..000000000000 --- a/security/ossec-hids-server/files/patch-src__os_crypto__sha1__Makefile +++ /dev/null @@ -1,10 +0,0 @@ ---- ./src/os_crypto/sha1/Makefile.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/os_crypto/sha1/Makefile 2014-04-21 19:52:35.000000000 -0600 -@@ -9,7 +9,6 @@ - - SRCS = sha1_op.c - sha1_OBJS = sha1_op.o --CC=$(GCC) - - - sha1: diff --git a/security/ossec-hids-server/files/patch-src__os_crypto__sha1__md32_common.h b/security/ossec-hids-server/files/patch-src__os_crypto__sha1__md32_common.h deleted file mode 100644 index 31cc66b254cb..000000000000 --- a/security/ossec-hids-server/files/patch-src__os_crypto__sha1__md32_common.h +++ /dev/null @@ -1,11 +0,0 @@ ---- ./src/os_crypto/sha1/md32_common.h.orig 2013-10-29 12:13:44.000000000 -0600 -+++ ./src/os_crypto/sha1/md32_common.h 2014-04-21 19:52:35.000000000 -0600 -@@ -607,7 +607,7 @@ - } - - #ifndef MD32_REG_T --#define MD32_REG_T long -+#define MD32_REG_T int - /* - * This comment was originaly written for MD5, which is why it - * discusses A-D. But it basically applies to all 32-bit digests, diff --git a/security/ossec-hids-server/pkg-plist b/security/ossec-hids-server/pkg-plist index 589897e0fe34..86617ea462ff 100644 --- a/security/ossec-hids-server/pkg-plist +++ b/security/ossec-hids-server/pkg-plist @@ -21,6 +21,8 @@ %%PORTNAME%%/bin/ossec-execd %%PORTNAME%%/bin/ossec-logcollector %%PORTNAME%%/bin/ossec-logtest +%%PORTNAME%%/bin/ossec-lua +%%PORTNAME%%/bin/ossec-luac %%PORTNAME%%/bin/ossec-maild %%PORTNAME%%/bin/ossec-makelists %%PORTNAME%%/bin/ossec-monitord @@ -33,6 +35,7 @@ %%PORTNAME%%/bin/syscheck_update %%PORTNAME%%/bin/util.sh %%PORTNAME%%/bin/verify-agent-conf +@group ossec %%PORTNAME%%/etc/decoder.xml %%PORTNAME%%/etc/internal_options.conf @sample %%PORTNAME%%/etc/ossec.conf.sample @@ -46,7 +49,6 @@ %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt @owner ossec -@group ossec @mode 660 %%PORTNAME%%/logs/active-responses.log %%PORTNAME%%/logs/ossec.log @@ -57,7 +59,6 @@ %%PORTNAME%%/rules/arpwatch_rules.xml %%PORTNAME%%/rules/asterisk_rules.xml %%PORTNAME%%/rules/attack_rules.xml -%%PORTNAME%%/rules/bro-ids_rules.xml %%PORTNAME%%/rules/cimserver_rules.xml %%PORTNAME%%/rules/cisco-ios_rules.xml %%PORTNAME%%/rules/clam_av_rules.xml @@ -140,7 +141,9 @@ @dirrmtry %%PORTNAME%%/queue/rootcheck @dirrmtry %%PORTNAME%%/rules @dirrmtry %%PORTNAME%%/tmp +@mode 770 @dirrmtry %%PORTNAME%%/var/run +@mode 550 @dirrmtry %%PORTNAME%%/var @owner ossec @mode 770 |