122647 – security/sguil-server, port upgrade, new version

no flags

This PR updates the security/sguil-server port to the new version - 0.7.0
	Committer: Please note - there are three sguil port; server, sensor & client
	All three must be updated at the same time.  Please do not commit this update
	without also committing the other two.  In addition, a repocopy of security/barnyard-sguil6
	to security/barnyard-squil is required in order for the sensor port to work.  So all four
	changes must be committed at the same time.

Fix: --- distinfo.orig	2006-10-30 20:43:25.000000000 -0600
+++ distinfo	2008-04-10 21:06:48.000000000 -0500
@@ -1,3 +1,3 @@
-MD5 (sguil-server-0.6.1.tar.gz) = 27decbe3c6528bf2c86c74b35b8f7b3b
-SHA256 (sguil-server-0.6.1.tar.gz) = 22aea8f76da0530ae7ee9a68efe1de7615bec47a7702c93f8fe338d57590ce57
-SIZE (sguil-server-0.6.1.tar.gz) = 92901
+MD5 (sguil-server-0.7.0.tar.gz) = 2ba67b1a98ed92f43072ecd98d9e15eb
+SHA256 (sguil-server-0.7.0.tar.gz) = 8ed845779c516b7bcb092454d339a26bca69f52689f9f07831fb41a3efe58809
+SIZE (sguil-server-0.7.0.tar.gz) = 103440

--- patch-distinfo ends here ---

--- files/pkg-message.in.orig	2006-10-30 20:43:25.000000000 -0600
+++ files/pkg-message.in	2008-04-10 21:06:48.000000000 -0500
@@ -2,11 +2,21 @@
          * !!!!!!!!!!! WARNING !!!!!!!!!!! *
          ***********************************
 
+PLEASE NOTE: If you are upgrading from a previous version,
+read the UPGRADE doc (in %%DOCSDIR%%) before proceeding!!!
+Some noteworthy changes in version 0.7.0:
+SSL is now required for server, sensor and client.
+The sguild.conf and sguild.email files have changed.
+You MUST run the upgrade_0.7.tcl script to clean up and
+prepare the database before running the new version.  BE SURE
+TO BACK UP YOUR DATABASE BEFORE PROCEEDING!!!
+
 If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
 they were not overwritten.  If this is a first time install, you
 must copy the sample files to the corresponding conf file and 
 edit the various config files for your site.  See the INSTALL
-doc in %%DOCSDIR%% for details.
+doc in %%DOCSDIR%% for details.  If this is an upgrade, replace
+your existing conf file with the new one and edit accordingly.
 
 The sql scripts for creating database tables were placed in
 the %%PREFIX%%/share/%%SGUILDIR%%/ directory.  PLEASE 
@@ -23,8 +33,12 @@
 %%PREFIX%%/etc/rc.d/.  To enable it, edit /etc/rc.conf
 per the instructions in the script.
 
+NOTE:  Sguild now runs under the sguil user account not root!
+
 For general questions, see the sguil faq: 
-http://sguil.sourceforge.net/index.php?page=faq
+http://www.vorant.com/nsmwiki/Sguil_FAQ or visit the nsm wiki:
+http://www.vorant.com/nsmwiki/Main_Page
+
 For detailed install instructions see Richard Bejtlich's
 excellent guide at his blog: 
 http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html
--- patch-files-pkg-message.in ends here ---

--- files/patch-sguild.access.orig	2006-10-30 20:43:25.000000000 -0600
+++ files/patch-sguild.access	2008-04-10 21:06:48.000000000 -0500
@@ -1,12 +1,12 @@
---- sguild.access.orig	Tue Mar 28 03:36:31 2006
-+++ sguild.access	Tue Mar 28 03:37:44 2006
+--- sguild.access.orig	2008-04-03 17:55:46.000000000 -0500
++++ sguild.access	2008-04-03 17:56:50.000000000 -0500
 @@ -4,7 +4,8 @@
  # This file is used by sguild for access control. It is read upon init  #
  # or when sguild receives a HUP signal.                                 #
  #                                                                       #
 -# By default, sguild will look first for /etc/sguild/sguild.access,     #
 +# By default, sguild will look first for                                #
-+# /usrlocal//etc/sguild/sguild.access,                                  #
++# /usr/local/etc/sguild/sguild.access,                                  #       
  # then ./sguild.access unless the -A /path/to/sguild.access switch      #
  # is used.                                                              #
  #                                                                       #
--- patch-files-sguild.access ends here ---

--- files/sguild.sh.in.orig	2007-02-26 17:02:04.000000000 -0600
+++ files/sguild.sh.in	2008-04-10 21:06:48.000000000 -0500
@@ -21,12 +21,13 @@
 
 command="%%PREFIX%%/bin/${name}"
 procname="%%TCLSH%%"
-pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
+check_process="${procname}"
+sguild_user="sguil"
+pid="/var/run/%%SGUILDIR%%/${name}.pid"
 
 sguild_enable=${sguild_enable-NO}
 sguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
-sguild_flags=${sguild_flags--D}
+sguild_flags=${sguild_flags--D -P ${pid}}
 [ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
 
 load_rc_config ${name}
--- patch-files-sguild.sh.in ends here ---



#!/bin/sh
#
# $FreeBSD$
#

USER="sguil"

# Make sure we're in the right stage of the process
if [ "$2" = "DEINSTALL" ]; then
	echo "Stopping sguild......"
	%%PREFIX%%/etc/rc.d/sguild stop
	%%PREFIX%%/etc/rc.d/sguild poll
	echo "Would you like to remove the sguild certs?" ; read ans
	case "$ans" in
	    y*|Y*)
		if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key ]; then
			rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key
		fi
		if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem ]; then
			rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem
		fi
		;;
	    n*|N*)
		;;
	    *)
		exit 64
		;;
	esac
	cd %%PREFIX%%/etc/%%SGUILDIR%% || exit 1
# Remove the conf files *if* they have not been altered
	for f in autocat.conf sguild.access sguild.conf sguild.email \
		sguild.queries sguild.reports sguild.users; do
		cmp -s -z ${f} ${f}-sample && rm ${f}
	done
# Remove the user and group if the installer chooses to
	echo "Would you like to remove the sguil user and group?" ; read ans
	case "$ans" in
	    y*|Y*)
		if pw usershow "${USER}" 2>/dev/null 1>&2; then 
			pw userdel -n sguil
		fi
		if pw groupshow "${USER}" 2>/dev/null 1>&2; then
			pw groupdel -n sguil
		fi
		;;
	    n*|N*)
		;;
	    *)
		;;
	esac
fi
if [ "$2" = "POST-DEINSTALL" ]; then
	# If the user exists, then display a message
	if pw usershow "${USER}" 2>/dev/null 1>&2; then
		echo "To delete the '${USER}' user permanently, use 'pw userdel ${USER}'"
	fi
	# If the group exists, then display a message
	if pw groupshow "${USER}" 2>/dev/null 1>&2; then
		echo "To delete the '${USER}' group permanently, use 'pw groupdel ${USER}'"
	fi
fi

exit 0
--- pkg-deinstall.in ends here -----Q6d9VCQ9phhFNXDzfoCkNPZm18rJE3i9vVDevB3tReXXSbXC
Content-Type: text/plain; name="patch-Makefile"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="patch-Makefile"

--- Makefile.orig	2007-01-16 06:45:12.000000000 -0600
+++ Makefile	2008-04-10 21:06:48.000000000 -0500
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	sguil-server
-PORTVERSION=	0.6.1
-PORTREVISION=	1
+PORTVERSION=	0.7.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	sguil
@@ -18,7 +17,6 @@
 RUN_DEPENDS=	p0f:${PORTSDIR}/net-mgmt/p0f \
 		tcpflow:${PORTSDIR}/net/tcpflow \
 		dtplite:${PORTSDIR}/devel/tcllib \
-		barnyard:${PORTSDIR}/security/barnyard-sguil6 \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
 LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
 
@@ -29,24 +27,33 @@
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
 PATCH_WRKSRC=	${WRKSRC}/server
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
-SUB_FILES=	pkg-message
-SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD}
-LIBRARIES=	SguildAccess.tcl SguildEvent.tcl SguildReportBuilder.tcl \
-		SguildAutoCat.tcl SguildGenericDB.tcl SguildSendComms.tcl \
+SUB_FILES=	pkg-message pkg-install pkg-deinstall
+SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD} CURDIR=${.CURDIR} \
+		WRKSRC=${WRKSRC} DOCSDIR=${DOCSDIR}
+LIBRARIES=	SguildAccess.tcl SguildGenericDB.tcl SguildReportBuilder.tcl \
+		SguildAutoCat.tcl SguildGenericEvent.tcl SguildSendComms.tcl \
 		SguildClientCmdRcvd.tcl SguildHealthChecks.tcl SguildSensorAgentComms.tcl \
 		SguildConnect.tcl SguildLoaderd.tcl SguildSensorCmdRcvd.tcl \
 		SguildCreateDB.tcl SguildMysqlMerge.tcl SguildTranscript.tcl \
-		SguildEmailEvent.tcl SguildQueryd.tcl SguildUtils.tcl
-SCRIPTS=	create_ruledb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \
-		create_sguildb.sql update_sguildb_v5-v6.sql update_sguildb_v9-v10.sql \
-		migrate_event.tcl update_sguildb_v6-v7.sql migrate_sancp.tcl update_sguildb_v7-v8.sql
+		SguildEmailEvent.tcl SguildPadsLib.tcl SguildUtils.tcl \
+		SguildEvent.tcl SguildQueryd.tcl
+SCRIPTS=	create_ruledb.sql update_0.7.tcl update_sguildb_v7-v8.sql \
+		create_sguildb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \
+		migrate_event.tcl update_sguildb_v11-v12.sql update_sguildb_v9-v10.sql \
+		migrate_sancp.tcl update_sguildb_v5-v6.sql sancp_cleanup.tcl update_sguildb_v6-v7.sql
 CONFS=		autocat.conf sguild.access sguild.conf sguild.email sguild.queries sguild.reports sguild.users
 
-PORTDOCS=	CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
-		OPENSSL.README TODO USAGE sguildb.dia
+PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
+		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+
+OPTIONS=	MYSQL50 "Install mysql50 server" off
 
 .include <bsd.port.pre.mk>
 
+.if defined(WITH_MYSQL50)
+RUN_DEPENDS+=	${LOCALBASE}/libexec/mysqld:${PORTSDIR}/databases/mysql50-server
+.endif
+
 MYSQLTCL_VER!=	cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION
 
 RUN_DEPENDS+=	${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl
@@ -56,10 +63,15 @@
 	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f}
 .endfor
 
-do-install:
-	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
+pre-su-install:
+	@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
+		${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
+pre-install:
 	@${MKDIR} ${PREFIX}/lib/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/share/${SGUILDIR}
+	@${MKDIR} /var/run/${SGUILDIR}
+do-install:
 .for f in archive_sguildb.tcl sguild
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f}
 .endfor
@@ -80,6 +92,9 @@
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif
+	@${SETENV} PKG_PREFIX=${PREFIX} && PORTSDIR=${PORTSDIR} \
+		${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+
 	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.post.mk>