- Fix the permissions so ossec-hids-client will actually start.

1: Based on a submission by Johan

PR:		190709 [1]
Submitted by:	Johan Strom <johan@stromnet.se> [1]
Reviewed by:	swills@

3 files changed, 96 insertions, 3 deletions

diff --git a/security/ossec-hids-client/Makefile b/security/ossec-hids-client/Makefile
index f7a5b2ea1990..29a814aa6ef4 100644
--- a/security/ossec-hids-client/Makefile
+++ b/security/ossec-hids-client/Makefile
@@ -1,6 +1,7 @@
 # Created by: Valerio Daelli <valerio.daelli@gmail.com>
 # $FreeBSD$
 
+PORTREVISION=	1
 COMMENT=	The client port of ossec-hids
 
 CLIENT_ONLY=	yes
diff --git a/security/ossec-hids-client/pkg-plist.client b/security/ossec-hids-client/pkg-plist.client
index 83c0bd37d888..86559e073aa3 100644
--- a/security/ossec-hids-client/pkg-plist.client
+++ b/security/ossec-hids-client/pkg-plist.client
@@ -1,3 +1,4 @@
+@group ossec
 %%PORTNAME%%/active-response/bin/disable-account.sh
 %%PORTNAME%%/active-response/bin/firewall-drop.sh
 %%PORTNAME%%/active-response/bin/host-deny.sh
@@ -27,7 +28,9 @@
 %%PORTNAME%%/etc/shared/win_applications_rcl.txt
 @sample %%PORTNAME%%/etc/ossec.conf.sample
 %%PORTNAME%%/etc/internal_options.conf
+@owner ossec
 %%PORTNAME%%/logs/ossec.log
+@owner
 %%PORTNAME%%/agentless/main.exp
 %%PORTNAME%%/agentless/sshlogin.exp
 %%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
@@ -49,11 +52,15 @@
 @dirrmtry %%PORTNAME%%/var
 @dirrmtry %%PORTNAME%%/queue/syscheck
 @dirrmtry %%PORTNAME%%/queue/rids
+@owner ossec
 @dirrmtry %%PORTNAME%%/queue/ossec
 @dirrmtry %%PORTNAME%%/queue/diff
+@owner
 @dirrmtry %%PORTNAME%%/queue/alerts
 @dirrmtry %%PORTNAME%%/queue
 @dirrmtry %%PORTNAME%%/logs
 @dirrmtry %%PORTNAME%%/bin
+@owner ossec
 @dirrmtry %%PORTNAME%%/.ssh
+@owner
 @dirrmtry %%PORTNAME%%
diff --git a/security/ossec-hids-server/files/patch-src__InstallAgent.sh b/security/ossec-hids-server/files/patch-src__InstallAgent.sh
index be1773c57e79..442d6eb3753e 100644
--- a/security/ossec-hids-server/files/patch-src__InstallAgent.sh
+++ b/security/ossec-hids-server/files/patch-src__InstallAgent.sh
@@ -1,5 +1,5 @@
---- ./src/InstallAgent.sh.orig	2013-10-29 12:13:44.000000000 -0600
-+++ ./src/InstallAgent.sh	2014-05-16 07:12:31.133178776 -0600
+--- src/InstallAgent.sh.orig	2013-10-29 12:13:44.000000000 -0600
++++ src/InstallAgent.sh	2014-06-20 10:30:22.531480743 -0600
 @@ -37,11 +37,11 @@
  
  # Creating groups/users
@@ -17,6 +17,91 @@
  
  elif [ "$UNAME" = "SunOS" ]; then
      grep "^${USER}" /etc/passwd > /dev/null 2>&1
+@@ -107,21 +107,21 @@
+ 
+ # Default for all directories
+ chmod -R 550 ${DIR}
+-chown -R root:${GROUP} ${DIR}
++#chown -R root:${GROUP} ${DIR}
+ 
+ # To the ossec queue (default for agentd to read)
+-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
++#chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+ chmod -R 770 ${DIR}/queue/ossec
+ 
+ # For the logging user
+-chown -R ${USER}:${GROUP} ${DIR}/logs
++#chown -R ${USER}:${GROUP} ${DIR}/logs
+ chmod -R 750 ${DIR}/logs
+ chmod -R 775 ${DIR}/queue/rids
+ touch ${DIR}/logs/ossec.log
+-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
++#chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+ chmod 664 ${DIR}/logs/ossec.log
+ 
+-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
++#chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+ chmod -R 750 ${DIR}/queue/diff
+ chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
+ 
+@@ -130,7 +130,7 @@
+ 
+ # For the etc dir
+ chmod 550 ${DIR}/etc
+-chown -R root:${GROUP} ${DIR}/etc
++#chown -R root:${GROUP} ${DIR}/etc
+ 
+ ls /etc/localtime > /dev/null 2>&1
+ if [ $? = 0 ]; then
+@@ -168,12 +168,12 @@
+ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
+ cp -pr agentlessd/scripts/* ${DIR}/agentless/
+ 
+-chown root:${GROUP} ${DIR}/etc/internal_options.conf
+-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/agentless/*
+-chown ${USER}:${GROUP} ${DIR}/.ssh
+-chown -R root:${GROUP} ${DIR}/etc/shared
++#chown root:${GROUP} ${DIR}/etc/internal_options.conf
++#chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
++#chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
++#chown root:${GROUP} ${DIR}/agentless/*
++#chown ${USER}:${GROUP} ${DIR}/.ssh
++#chown -R root:${GROUP} ${DIR}/etc/shared
+ 
+ chmod 550 ${DIR}/etc
+ chmod 440 ${DIR}/etc/internal_options.conf
+@@ -186,7 +186,7 @@
+ 
+ # For the /var/run
+ chmod 770 ${DIR}/var/run
+-chown root:${GROUP} ${DIR}/var/run
++#chown root:${GROUP} ${DIR}/var/run
+ 
+ 
+ # Moving the binary files
+@@ -198,7 +198,7 @@
+ cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
+ cp -pr addagent/manage_agents ${DIR}/bin/
+ cp -pr ../contrib/util.sh ${DIR}/bin/
+-chown root:${GROUP} ${DIR}/bin/util.sh
++#chown root:${GROUP} ${DIR}/bin/util.sh
+ chmod +x ${DIR}/bin/util.sh
+ 
+ # Copying active response modules
+@@ -206,9 +206,9 @@
+ cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
+ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
+ chmod 755 ${DIR}/active-response/bin/*
+-chown root:${GROUP} ${DIR}/active-response/bin/*
++#chown root:${GROUP} ${DIR}/active-response/bin/*
+ 
+-chown root:${GROUP} ${DIR}/bin/*
++#chown root:${GROUP} ${DIR}/bin/*
+ chmod 550 ${DIR}/bin/*
+ 
+ 
 @@ -223,10 +223,10 @@
  if [ $? = 0 ]; then
      cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
@@ -26,7 +111,7 @@
  fi
 -chown root:${GROUP} ${DIR}/etc/ossec.conf
 -chmod 440 ${DIR}/etc/ossec.conf
-+chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
++#chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
 +chmod 440 ${DIR}/etc/ossec.conf.sample