Bug 113259 - security/ossec-hids-server, multiple critical problems
Summary: security/ossec-hids-server, multiple critical problems
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-02 18:30 UTC by pauls
Modified: 2007-06-09 11:50 UTC (History)
0 users

See Also:

Attachments
patch-files-ossec-hids.in (412 bytes, text/plain)
2007-06-02 18:30 UTC, pauls 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pauls 2007-06-02 18:30:08 UTC 
	The startup script for this port doesn't work, the pkg-plist is incomplete
        and generates tons of errors if the daemons have been started once, and
        the Makefile incorrectly handles the slave ports.  Patches attached to this
        PR correct the problems with the master port.  A separate PR will be submitted
        to correct problems with one of the slave ports.  I also added a pkg-message
	file to provide some basic information for the installer.

	The Makefile has been patched to properly handle the slave ports, remove unnecessary
	elements and provide the appropriate conf file based on which port is installed.
	PORTDOCS were also added to the Makefile, as well as the pkg-message.

	The pkg-plist has been edited to use @dirrmtry instead of @dirrm, because after the
	daemons have been started once, multiple new directories and files are created in
	the ossec-hids subdirectories, none of which the port can know about at installation
	time.  Some file removals have been added to remove install files that were missed
	by the original submitter.  It now correctly removes all files if the daemons have
	never been run and leaves the directory structure in place if they have been run, 
	removing only those files that were installed originally.

	The startup script has been edited to correct the path to the command that starts all
	the original daemons and to correct the path to the ossec.conf file.  Since the path
	to that file is hardcoded during the build, the conf file cannot be placed in the
	standard location of ${PREFIX}/etc.

	PLEASE NOTE: the pkg-plist.client included in this port should be removed.  A separate
	PR for the client slave port will be provided with a pkg-plist.client file called by
	its Makefile.

Fix: Without these patches none of the ports work at all

--- pkg-plist.orig	Fri Jun  1 20:06:29 2007
+++ pkg-plist	Sat Jun  2 00:45:22 2007
@@ -1,85 +1,85 @@
-ossec-hids/active-response/bin/disable-account.sh
-ossec-hids/active-response/bin/firewall-drop.sh
-ossec-hids/active-response/bin/host-deny.sh
-ossec-hids/active-response/bin/route-null.sh
-ossec-hids/bin/clear_stats
-ossec-hids/bin/list_agents
-ossec-hids/bin/manage_agents
-ossec-hids/bin/ossec-agentd
-ossec-hids/bin/ossec-analysisd
-ossec-hids/bin/ossec-control
-ossec-hids/bin/ossec-execd
-ossec-hids/bin/ossec-logcollector
-ossec-hids/bin/ossec-maild
-ossec-hids/bin/ossec-monitord
-ossec-hids/bin/ossec-remoted
-ossec-hids/bin/ossec-syscheckd
-ossec-hids/bin/syscheck_update
-ossec-hids/etc/decoder.xml
-ossec-hids/etc/internal_options.conf
-@unexec if cmp -s %D/ossec-hids/etc/ossec.conf.sample %D/ossec-hids/etc/ossec.conf; then rm -f %D/ossec-hids/etc/ossec.conf; fi
-ossec-hids/etc/ossec.conf.sample
-@exec if [ ! -f %D/ossec-hids/etc/ossec.conf ] ; then cp -p %D/ossec-hids/etc/ossec.conf.sample %D/ossec-hids/etc/orbit.conf; fi
-ossec-hids/etc/shared/rootkit_files.txt
-ossec-hids/etc/shared/rootkit_trojans.txt
-ossec-hids/logs/ossec.log
-ossec-hids/rules/apache_rules.xml
-ossec-hids/rules/arpwatch_rules.xml
-ossec-hids/rules/attack_rules.xml
-ossec-hids/rules/firewall_rules.xml
-ossec-hids/rules/ftpd_rules.xml
-ossec-hids/rules/hordeimp_rules.xml
-ossec-hids/rules/ids_rules.xml
-ossec-hids/rules/imapd_rules.xml
-ossec-hids/rules/local_rules.xml
-ossec-hids/rules/mailscanner_rules.xml
-ossec-hids/rules/ms-exchange_rules.xml
-ossec-hids/rules/ms_ftpd_rules.xml
-ossec-hids/rules/msauth_rules.xml
-ossec-hids/rules/named_rules.xml
-ossec-hids/rules/netscreenfw_rules.xml
-ossec-hids/rules/ossec_rules.xml
-ossec-hids/rules/pam_rules.xml
-ossec-hids/rules/pix_rules.xml
-ossec-hids/rules/policy_rules.xml
-ossec-hids/rules/postfix_rules.xml
-ossec-hids/rules/proftpd_rules.xml
-ossec-hids/rules/pure-ftpd_rules.xml
-ossec-hids/rules/racoon_rules.xml
-ossec-hids/rules/rules_config.xml
-ossec-hids/rules/sendmail_rules.xml
-ossec-hids/rules/smbd_rules.xml
-ossec-hids/rules/spamd_rules.xml
-ossec-hids/rules/squid_rules.xml
-ossec-hids/rules/sshd_rules.xml
-ossec-hids/rules/symantec-av_rules.xml
-ossec-hids/rules/syslog_rules.xml
-ossec-hids/rules/telnetd_rules.xml
-ossec-hids/rules/vpn_concentrator_rules.xml
-ossec-hids/rules/vpopmail_rules.xml
-ossec-hids/rules/vsftpd_rules.xml
-ossec-hids/rules/web_rules.xml
-ossec-hids/rules/zeus_rules.xml
-@dirrm ossec-hids/var/run
-@dirrm ossec-hids/var
-@dirrm ossec-hids/tmp
-@dirrm ossec-hids/stats
-@dirrm ossec-hids/rules
-@dirrm ossec-hids/queue/syscheck
-@dirrm ossec-hids/queue/rootcheck
-@dirrm ossec-hids/queue/rids
-@dirrm ossec-hids/queue/ossec
-@dirrm ossec-hids/queue/fts
-@dirrm ossec-hids/queue/alerts
-@dirrm ossec-hids/queue/agent-info
-@dirrm ossec-hids/queue
-@dirrm ossec-hids/logs/firewall
-@dirrm ossec-hids/logs/archives
-@dirrm ossec-hids/logs/alerts
-@dirrm ossec-hids/logs
-@dirrm ossec-hids/etc/shared
-@dirrm ossec-hids/etc
-@dirrm ossec-hids/bin
-@dirrm ossec-hids/active-response/bin
-@dirrm ossec-hids/active-response
-@dirrm ossec-hids
+%%PORTNAME%%/active-response/bin/disable-account.sh
+%%PORTNAME%%/active-response/bin/firewall-drop.sh
+%%PORTNAME%%/active-response/bin/host-deny.sh
+%%PORTNAME%%/active-response/bin/route-null.sh
+%%PORTNAME%%/bin/clear_stats
+%%PORTNAME%%/bin/list_agents
+%%PORTNAME%%/bin/manage_agents
+%%PORTNAME%%/bin/ossec-agentd
+%%PORTNAME%%/bin/ossec-analysisd
+%%PORTNAME%%/bin/ossec-control
+%%PORTNAME%%/bin/ossec-execd
+%%PORTNAME%%/bin/ossec-logcollector
+%%PORTNAME%%/bin/ossec-maild
+%%PORTNAME%%/bin/ossec-monitord
+%%PORTNAME%%/bin/ossec-remoted
+%%PORTNAME%%/bin/ossec-syscheckd
+%%PORTNAME%%/bin/syscheck_update
+%%PORTNAME%%/etc/decoder.xml
+%%PORTNAME%%/etc/internal_options.conf
+@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
+%%PORTNAME%%/etc/ossec.conf.sample
+%%PORTNAME%%/etc/localtime
+%%PORTNAME%%/etc/shared/rootkit_files.txt
+%%PORTNAME%%/etc/shared/rootkit_trojans.txt
+%%PORTNAME%%/logs/ossec.log
+%%PORTNAME%%/rules/apache_rules.xml
+%%PORTNAME%%/rules/arpwatch_rules.xml
+%%PORTNAME%%/rules/attack_rules.xml
+%%PORTNAME%%/rules/firewall_rules.xml
+%%PORTNAME%%/rules/ftpd_rules.xml
+%%PORTNAME%%/rules/hordeimp_rules.xml
+%%PORTNAME%%/rules/ids_rules.xml
+%%PORTNAME%%/rules/imapd_rules.xml
+%%PORTNAME%%/rules/local_rules.xml
+%%PORTNAME%%/rules/mailscanner_rules.xml
+%%PORTNAME%%/rules/ms-exchange_rules.xml
+%%PORTNAME%%/rules/ms_ftpd_rules.xml
+%%PORTNAME%%/rules/msauth_rules.xml
+%%PORTNAME%%/rules/named_rules.xml
+%%PORTNAME%%/rules/netscreenfw_rules.xml
+%%PORTNAME%%/rules/ossec_rules.xml
+%%PORTNAME%%/rules/pam_rules.xml
+%%PORTNAME%%/rules/pix_rules.xml
+%%PORTNAME%%/rules/policy_rules.xml
+%%PORTNAME%%/rules/postfix_rules.xml
+%%PORTNAME%%/rules/proftpd_rules.xml
+%%PORTNAME%%/rules/pure-ftpd_rules.xml
+%%PORTNAME%%/rules/racoon_rules.xml
+%%PORTNAME%%/rules/rules_config.xml
+%%PORTNAME%%/rules/sendmail_rules.xml
+%%PORTNAME%%/rules/smbd_rules.xml
+%%PORTNAME%%/rules/spamd_rules.xml
+%%PORTNAME%%/rules/squid_rules.xml
+%%PORTNAME%%/rules/sshd_rules.xml
+%%PORTNAME%%/rules/symantec-av_rules.xml
+%%PORTNAME%%/rules/syslog_rules.xml
+%%PORTNAME%%/rules/telnetd_rules.xml
+%%PORTNAME%%/rules/vpn_concentrator_rules.xml
+%%PORTNAME%%/rules/vpopmail_rules.xml
+%%PORTNAME%%/rules/vsftpd_rules.xml
+%%PORTNAME%%/rules/web_rules.xml
+%%PORTNAME%%/rules/zeus_rules.xml
+@dirrmtry %%PORTNAME%%/var/run
+@dirrmtry %%PORTNAME%%/var
+@dirrmtry %%PORTNAME%%/tmp
+@dirrmtry %%PORTNAME%%/stats
+@dirrmtry %%PORTNAME%%/rules
+@dirrmtry %%PORTNAME%%/queue/syscheck
+@dirrmtry %%PORTNAME%%/queue/rootcheck
+@dirrmtry %%PORTNAME%%/queue/rids
+@dirrmtry %%PORTNAME%%/queue/ossec
+@dirrmtry %%PORTNAME%%/queue/fts
+@dirrmtry %%PORTNAME%%/queue/alerts
+@dirrmtry %%PORTNAME%%/queue/agent-info
+@dirrmtry %%PORTNAME%%/queue
+@dirrmtry %%PORTNAME%%/logs/firewall
+@dirrmtry %%PORTNAME%%/logs/archives
+@dirrmtry %%PORTNAME%%/logs/alerts
+@dirrmtry %%PORTNAME%%/logs
+@dirrmtry %%PORTNAME%%/etc/shared
+@dirrmtry %%PORTNAME%%/etc
+@dirrmtry %%PORTNAME%%/bin
+@dirrmtry %%PORTNAME%%/active-response/bin
+@dirrmtry %%PORTNAME%%/active-response
+@dirrmtry %%PORTNAME%%
--- patch-pkg-plist ends here ---



After installation, you need to edit the ossec.conf file to reflect the correct settings
for your environment.  All the files related to %%PORTNAME%% have been installed in
%%PREFIX%%/%%PORTNAME%% and its subdirectories.

For information on proper configuration, see http://www.ossec.net/.

To enable the startup script, add ossec-hids_enable="YES" to /etc/rc.conf.

When you deinstall this port after starting the daemons once, many directories that are
created by the daemons will remain.  To fully remove the port you need to delete those
directories manually.
--- pkg-message.in ends here -----KUUCVcNenKRPP6R6V89HhAqki1ZkezfvWIi707fcAqxMCZqR
Content-Type: text/plain; name="patch-Makefile"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="patch-Makefile"

--- Makefile.orig	Fri Jun  1 19:12:51 2007
+++ Makefile	Sat Jun  2 02:03:08 2007
@@ -18,6 +18,11 @@
 
 USE_RC_SUBR=	ossec-hids
 
+SUB_LIST=	PORTNAME=${PORTNAME}
+SUB_FILES=	pkg-message
+PLIST_SUB=	PORTNAME=${PORTNAME}
+PORTDOCS=	BUGS CONFIG CONTRIB INSTALL LICENSE README
+
 .include <bsd.port.pre.mk>
 
 .if defined(CLIENT_ONLY)
@@ -34,8 +39,6 @@
 	@${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/LOCATION
 	@${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h
 
-do-configure:
-
 do-build:
 	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build
 
@@ -51,12 +54,27 @@
 .endif
 
 post-install:
+.if defined(CLIENT_ONLY)
+	${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
+	@if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \
+	${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \
+	fi
+.elif defined(LOCAL_ONLY)
+	${CP} ${WRKSRC}/etc/ossec-local.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
 	@if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \
-	${CP} ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample ${PREFIX}/${PORTNAME}/etc/ossec.conf ; \
+	${CP} ${WRKSRC}/etc/ossec-local.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \
 	fi
+.else
+	@if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \
+	${CP} ${WRKSRC}/etc/ossec-server.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \
+	fi
+.endif
 
-.if defined(CLIENT_ONLY)
-PLIST=${PKGDIR}/pkg-plist.client
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif
+
+	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.post.mk>
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-06-02 18:30:17 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 Valerio Daelli 2007-06-06 14:34:17 UTC 
Patch approved.
Thanks!
Comment 3 Martin Wilke freebsd_committer freebsd_triage 2007-06-06 18:33:19 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 4 dfilter service freebsd_committer freebsd_triage 2007-06-09 11:41:14 UTC 
miwi        2007-06-09 10:41:07 UTC

  FreeBSD ports repository

  Modified files:
    security/ossec-hids-server Makefile pkg-plist 
    security/ossec-hids-server/files ossec-hids.in 
  Added files:
    security/ossec-hids-server/files pkg-message.in 
  Removed files:
    security/ossec-hids-server pkg-plist.client 
  Log:
  - Respect DOCS
  - Fix pkg-plist
  - Fix rc script
  
  PR:             113259
  Submitted by:   Paul Schmehl <pauls@utdallas.edu>
  Approved by:    maintainer
  
  Revision  Changes    Path
  1.6       +23 -5     ports/security/ossec-hids-server/Makefile
  1.2       +2 -2      ports/security/ossec-hids-server/files/ossec-hids.in
  1.1       +11 -0     ports/security/ossec-hids-server/files/pkg-message.in (new)
  1.4       +84 -85    ports/security/ossec-hids-server/pkg-plist
  1.3       +0 -34     ports/security/ossec-hids-server/pkg-plist.client (dead)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Martin Wilke freebsd_committer freebsd_triage 2007-06-09 11:43:12 UTC 
State Changed
From-To: feedback->closed

Thanks for you good works. Committed.