Attachment #199338 for bug #233168





PORTNAME=	ossec-hids
PORTVERSION=	3.1.0
PORTREVISION=	1
CATEGORIES=	security
PKGNAMESUFFIX=	-${OSSEC_TYPE}


MYSQL_VARS=	OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
PGSQL_VARS=	OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema

OSSEC_ARGS+=	TARGET=${OSSEC_TYPE}
.if ${OSSEC_TYPE} == agent
STRIP_FILES=	agent-auth \
		manage_agents \


CFLAGS+=	-I${LOCALBASE}/include

OSSEC_ARGS+=	TARGET=${OSSEC_TYPE} INSTALL_LOCALTIME=no
.if !defined(MAINTAINER_MODE)
OSSEC_ARGS+=	INSTALL_CMD=install
.endif
BUILD_ARGS+=	${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
INSTALL_ARGS+=	${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}


	@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
		-e 's|-lreadline|& ${LDFLAGS}|' \
		${WRKSRC}/src/external/lua/src/Makefile
.if ${ARCH:Mmips*} || ${ARCH:Mpowerpc*} || ${ARCH} == sparc64
	@${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile
.endif

do-build:
	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build


.if defined(MAINTAINER_MODE)
plist: makeplist
	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
.endif

post-install-DOCS-on:




--- src/Makefile.orig	2018-10-11 22:25:16 UTC
+++ src/Makefile
@@ -20,6 +20,9 @@ OSSEC_USER?=ossec
 OSSEC_USER_MAIL?=ossecm
 OSSEC_USER_REM?=ossecr
 
+INSTALL_CMD?=install -m $(1) -o $(2) -g $(3)
+INSTALL_LOCALTIME?=yes
+
 USE_PRELUDE?=no
 USE_ZEROMQ?=no
 USE_GEOIP?=no
@@ -366,10 +369,10 @@ endif
 install: install-${TARGET}
 
 install-agent: install-common
-	install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin
-	install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin
 
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
 
 install-local: install-server-generic
 
@@ -379,127 +382,129 @@ install-server: install-server-generic
 install-server: install-server-generic
 
 install-common: build
 	./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs
-	install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
+	$(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
 
-	install -d -m 0550 -o root -g 0 ${PREFIX}/bin
-	install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin

-	install -m 0550 -o root -g 0 manage_agents ${PREFIX}/bin
-	install -m 0550 -o root -g 0 ../contrib/util.sh ${PREFIX}/bin/
-	install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
+	$(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
 
 ifeq (${LUA_ENABLE},yes)
-	install -d -m 0550 -o root -g 0 ${PREFIX}/lua

-	install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled
-	install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
-	install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua
+	$(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native
+	$(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled
+	$(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
 endif
 
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue

-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue
+	$(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff
 
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc
-	install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc
+ifeq (${INSTALL_LOCALTIME},yes)
+	$(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc
+endif
 
-	install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp
+	$(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp
 
 ifneq (,$(wildcard /etc/TIMEZONE))
-	install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/
+	$(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/
 endif
 # Solaris Needs some extra files
 ifeq (${uname_S},SunOS)
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/
 	cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
 endif
-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/
 ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
 endif
 ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
-	install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys
 endif
 ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
 ifneq (,$(wildcard ../etc/ossec.mc))
-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
 else
-	install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
 endif
 endif
 
-	install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared
-	install -m 0640 -o ${OSSEC_USER} -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/
+	$(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared
+	$(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/
 
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless
-	install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/
 
-	install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh
+	$(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh
 
-	install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/
-	install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
 
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var
-	install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var
+	$(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run
 
 	./init/fw-check.sh execute
 

-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall
+	$(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall
 
-	install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin
-	install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin

-	install -m 0550 -o root -g 0 agent_control ${PREFIX}/bin/
-	install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/
-	install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin
+	$(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/
+	$(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/
 
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats
-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats
+	$(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules
 ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
 	cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
-	install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
 	rm ${PREFIX}/rules/local_rules.xml.installbackup
 else
-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
 endif
 
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts
 
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck
 
-	install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info
-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless
+	$(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info
+	$(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless
 
-	install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
+	$(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
 
-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/
+	$(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/
 
 	rm -f ${PREFIX}/etc/shared/merged.mg
 





PORTNAME=	ossec-hids
PORTVERSION=	3.1.0
PORTREVISION=	1
CATEGORIES=	security
PKGNAMESUFFIX=	-${OSSEC_TYPE}-config


do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local

ossec-permissions:
.if defined(MAINTAINER_MODE)
	@${CHMOD} -R 550 ${OSSEC_DIR}
	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_LOCAL_CONF_DIR}/* ${OSSEC_CONF_DIR}/*
	@${CHMOD} 550 ${OSSEC_LOCAL_CONF_DIR} ${OSSEC_CONF_DIR}
. if ${OSSEC_TYPE} != agent
	@${CHMOD} 640 ${RULES_DIR}/*
. endif
. if ${OSSEC_TYPE} == server
	@${CHMOD} 640 ${AGENT_LOCAL_CONF_DIR}/* ${AGENT_CONF_DIR}/*
	@${CHMOD} 550 ${AGENT_LOCAL_CONF_DIR} ${AGENT_CONF_DIR}
. endif
.if defined(MAINTAINER_MODE)
	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
.endif


.if defined(MAINTAINER_MODE)
plist: makeplist
	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}

rules: extract
	@${SH} ${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
.endif

.include <bsd.port.post.mk>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%SYSCHECK_PGSQL_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes" restrict=".conf">/var/db/postgres</directories>
  </syscheck>

</template_config>

<template_config os="Linux" profile="%%SYSCHECK_PGSQL_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes" restrict=".conf">/var/lib/postgresql</directories>
  </syscheck>

</template_config>

Lines 6-12 Link Here

(-)security/ossec-hids-local-config/opt-logs.mk (-2 / +2 lines)
6	# Default logs support	6	# Default logs support
7	LOGS_BASIC_OPTION= BASIC	7	LOGS_BASIC_OPTION= BASIC
8	LOGS_BASIC_PROFILE= basic	8	LOGS_BASIC_PROFILE= basic
9	LOGS_BASIC_DESC= Default system logs	9	LOGS_BASIC_DESC= Basic system logs
10	LOGS_BASIC_DEFINE= server local agent pushed	10	LOGS_BASIC_DEFINE= server local agent pushed
11	LOGS_BASIC_DEFAULT= server local pushed	11	LOGS_BASIC_DEFAULT= server local pushed
12	LOGS_OPTIONS+= LOGS_BASIC	12	LOGS_OPTIONS+= LOGS_BASIC
Lines 14-20 Link Here
14	# Active response log support	14	# Active response log support
15	LOGS_OSSEC_OPTION= OSSEC	15	LOGS_OSSEC_OPTION= OSSEC
16	LOGS_OSSEC_PROFILE= ossec	16	LOGS_OSSEC_PROFILE= ossec
17	LOGS_OSSEC_DESC= Active response logs	17	LOGS_OSSEC_DESC= OSSEC active response logs
18	LOGS_OSSEC_DEFINE= server local agent pushed	18	LOGS_OSSEC_DEFINE= server local agent pushed
19	LOGS_OSSEC_DEFAULT= server local pushed	19	LOGS_OSSEC_DEFAULT= server local pushed
20	LOGS_OPTIONS+= LOGS_OSSEC	20	LOGS_OPTIONS+= LOGS_OSSEC





SYSCHECK_DESC=			File Integrity Checking (syscheck)

# Default direcotries
SYSCHECK_BASIC_OPTION=		BASIC_SC
SYSCHECK_BASIC_PROFILE=		basic
SYSCHECK_BASIC_DESC=		"bin", "sbin" and "etc"
SYSCHECK_BASIC_DEFINE=		server local agent pushed
SYSCHECK_BASIC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_BASIC

# OSSEC directories
SYSCHECK_OSSEC_OPTION=		OSSEC_SC
SYSCHECK_OSSEC_PROFILE=		ossec
SYSCHECK_OSSEC_DESC=		OSSEC directories
SYSCHECK_OSSEC_DEFINE=		server local agent pushed
SYSCHECK_OSSEC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_OSSEC

# Alert new files
SYSCHECK_NEWFILES_OPTION=	NEWFILES_SC
SYSCHECK_NEWFILES_DESC=		Alert on new files created

SYSCHECK_HOSTDENY_DEFINE=	server local agent pushed
SYSCHECK_HOSTDENY_DEFAULT=	server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_HOSTDENY

# Default direcotries
SYSCHECK_BASIC_OPTION=		BASIC_SC
SYSCHECK_BASIC_PROFILE=		basic
SYSCHECK_BASIC_DESC=		"bin", "sbin" and "etc" directories
SYSCHECK_BASIC_DEFINE=		server local agent pushed
SYSCHECK_BASIC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_BASIC

# OSSEC directories
SYSCHECK_OSSEC_OPTION=		OSSEC_SC
SYSCHECK_OSSEC_PROFILE=		ossec
SYSCHECK_OSSEC_DESC=		OSSEC directories
SYSCHECK_OSSEC_DEFINE=		server local agent pushed
SYSCHECK_OSSEC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_OSSEC

# PostgreSQL directory
SYSCHECK_PGSQL_OPTION=		PGSQL_SC
SYSCHECK_PGSQL_PROFILE=		postgresql
SYSCHECK_PGSQL_DESC=		PostgreSQL configuration files
SYSCHECK_PGSQL_DEFINE=		server local agent pushed
SYSCHECK_PGSQL_DEFAULT=		pushed
SYSCHECK_OPTIONS+=		SYSCHECK_PGSQL

Return to bug 233168

Lines 2-8 Link Here

(-)security/ossec-hids-local-config/Makefile (-12 / +12 lines)
2		2
3	PORTNAME= ossec-hids	3	PORTNAME= ossec-hids
4	PORTVERSION= 3.1.0	4	PORTVERSION= 3.1.0
5	PORTREVISION=	5	PORTREVISION= 1
6	CATEGORIES= security	6	CATEGORIES= security
7	PKGNAMESUFFIX= -${OSSEC_TYPE}-config	7	PKGNAMESUFFIX= -${OSSEC_TYPE}-config
8		8
Lines 427-443 Link Here
427	do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local	427	do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local
428		428
429	ossec-permissions:	429	ossec-permissions:
		430	.if defined(MAINTAINER_MODE)
430	@${CHMOD} -R 550 ${OSSEC_DIR}	431	@${CHMOD} -R 550 ${OSSEC_DIR}
431	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/*	432	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_LOCAL_CONF_DIR}/* ${OSSEC_CONF_DIR}/*
432	@${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR}	433	@${CHMOD} 550 ${OSSEC_LOCAL_CONF_DIR} ${OSSEC_CONF_DIR}
433	.if ${OSSEC_TYPE} != agent	434	. if ${OSSEC_TYPE} != agent
434	@${CHMOD} 640 ${RULES_DIR}/*	435	@${CHMOD} 640 ${RULES_DIR}/*
435	.endif	436	. endif
436	.if ${OSSEC_TYPE} == server	437	. if ${OSSEC_TYPE} == server
437	@${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/*	438	@${CHMOD} 640 ${AGENT_LOCAL_CONF_DIR}/* ${AGENT_CONF_DIR}/*
438	@${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}	439	@${CHMOD} 550 ${AGENT_LOCAL_CONF_DIR} ${AGENT_CONF_DIR}
439	.endif	440	. endif
440	.if defined(MAINTAINER_MODE)
441	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}	441	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
442	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}	442	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
443	.endif	443	.endif
Lines 451-460 Link Here
451		451
452	.if defined(MAINTAINER_MODE)	452	.if defined(MAINTAINER_MODE)
453	plist: makeplist	453	plist: makeplist
454	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}	454	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
455		455
456	rules: extract	456	rules: extract
457	@${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}	457	@${SH} ${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
458	.endif	458	.endif
459		459
460	.include <bsd.port.post.mk>	460	.include <bsd.port.post.mk>

Lines 2-8 Link Here

(-)security/ossec-hids-local/Makefile (-3 / +9 lines)
2		2
3	PORTNAME= ossec-hids	3	PORTNAME= ossec-hids
4	PORTVERSION= 3.1.0	4	PORTVERSION= 3.1.0
5	PORTREVISION=	5	PORTREVISION= 1
6	CATEGORIES= security	6	CATEGORIES= security
7	PKGNAMESUFFIX= -${OSSEC_TYPE}	7	PKGNAMESUFFIX= -${OSSEC_TYPE}
8		8
Lines 88-94 Link Here
88	MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema	88	MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
89	PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema	89	PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema
90		90
91	OSSEC_ARGS+= TARGET=${OSSEC_TYPE}
92	.if ${OSSEC_TYPE} == agent	91	.if ${OSSEC_TYPE} == agent
93	STRIP_FILES= agent-auth \	92	STRIP_FILES= agent-auth \
94	manage_agents \	93	manage_agents \
Lines 184-189 Link Here
184		183
185	CFLAGS+= -I${LOCALBASE}/include	184	CFLAGS+= -I${LOCALBASE}/include
186		185
		186	OSSEC_ARGS+= TARGET=${OSSEC_TYPE} INSTALL_LOCALTIME=no
		187	.if !defined(MAINTAINER_MODE)
		188	OSSEC_ARGS+= INSTALL_CMD=install
		189	.endif
187	BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}	190	BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
188	INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}	191	INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}
189		192
Lines 195-200 Link Here
195	@${REINPLACE_CMD} -e 's\|-DLUA_USE_LINUX\|& ${CPPFLAGS}\|' \	198	@${REINPLACE_CMD} -e 's\|-DLUA_USE_LINUX\|& ${CPPFLAGS}\|' \
196	-e 's\|-lreadline\|& ${LDFLAGS}\|' \	199	-e 's\|-lreadline\|& ${LDFLAGS}\|' \
197	${WRKSRC}/src/external/lua/src/Makefile	200	${WRKSRC}/src/external/lua/src/Makefile
		201	.if ${ARCH:Mmips} \|\| ${ARCH:Mpowerpc} \|\| ${ARCH} == sparc64
		202	@${REINPLACE_CMD} -e 's\|-Wno-implicit-fallthrough\|\|g' ${WRKSRC}/src/Makefile
		203	.endif
198		204
199	do-build:	205	do-build:
200	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build	206	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build
Lines 229-235 Link Here
229		235
230	.if defined(MAINTAINER_MODE)	236	.if defined(MAINTAINER_MODE)
231	plist: makeplist	237	plist: makeplist
232	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}	238	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
233	.endif	239	.endif
234		240
235	post-install-DOCS-on:	241	post-install-DOCS-on:

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in (+16 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config os="FreeBSD" profile="%%SYSCHECK_PGSQL_PROFILE%%">
	3
	4	<syscheck>
	5	<directories realtime="yes" check_all="yes" restrict=".conf">/var/db/postgres</directories>
	6	</syscheck>
	7
	8	</template_config>
	9
	10	<template_config os="Linux" profile="%%SYSCHECK_PGSQL_PROFILE%%">
	11
	12	<syscheck>
	13	<directories realtime="yes" check_all="yes" restrict=".conf">/var/lib/postgresql</directories>
	14	</syscheck>
	15
	16	</template_config>

Lines 3-24 Link Here

(-)security/ossec-hids-local-config/opt-syscheck.mk (-16 / +24 lines)
3		3
4	SYSCHECK_DESC= File Integrity Checking (syscheck)	4	SYSCHECK_DESC= File Integrity Checking (syscheck)
5		5
6	# Default direcotries
7	SYSCHECK_BASIC_OPTION= BASIC_SC
8	SYSCHECK_BASIC_PROFILE= basic
9	SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc"
10	SYSCHECK_BASIC_DEFINE= server local agent pushed
11	SYSCHECK_BASIC_DEFAULT= server local pushed
12	SYSCHECK_OPTIONS+= SYSCHECK_BASIC
13
14	# OSSEC directories
15	SYSCHECK_OSSEC_OPTION= OSSEC_SC
16	SYSCHECK_OSSEC_PROFILE= ossec
17	SYSCHECK_OSSEC_DESC= OSSEC directories
18	SYSCHECK_OSSEC_DEFINE= server local agent pushed
19	SYSCHECK_OSSEC_DEFAULT= server local pushed
20	SYSCHECK_OPTIONS+= SYSCHECK_OSSEC
21
22	# Alert new files	6	# Alert new files
23	SYSCHECK_NEWFILES_OPTION= NEWFILES_SC	7	SYSCHECK_NEWFILES_OPTION= NEWFILES_SC
24	SYSCHECK_NEWFILES_DESC= Alert on new files created	8	SYSCHECK_NEWFILES_DESC= Alert on new files created
Lines 40-42 Link Here
40	SYSCHECK_HOSTDENY_DEFINE= server local agent pushed	24	SYSCHECK_HOSTDENY_DEFINE= server local agent pushed
41	SYSCHECK_HOSTDENY_DEFAULT= server local pushed	25	SYSCHECK_HOSTDENY_DEFAULT= server local pushed
42	SYSCHECK_OPTIONS+= SYSCHECK_HOSTDENY	26	SYSCHECK_OPTIONS+= SYSCHECK_HOSTDENY
		27
		28	# Default direcotries
		29	SYSCHECK_BASIC_OPTION= BASIC_SC
		30	SYSCHECK_BASIC_PROFILE= basic
		31	SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc" directories
		32	SYSCHECK_BASIC_DEFINE= server local agent pushed
		33	SYSCHECK_BASIC_DEFAULT= server local pushed
		34	SYSCHECK_OPTIONS+= SYSCHECK_BASIC
		35
		36	# OSSEC directories
		37	SYSCHECK_OSSEC_OPTION= OSSEC_SC
		38	SYSCHECK_OSSEC_PROFILE= ossec
		39	SYSCHECK_OSSEC_DESC= OSSEC directories
		40	SYSCHECK_OSSEC_DEFINE= server local agent pushed
		41	SYSCHECK_OSSEC_DEFAULT= server local pushed
		42	SYSCHECK_OPTIONS+= SYSCHECK_OSSEC
		43
		44	# PostgreSQL directory
		45	SYSCHECK_PGSQL_OPTION= PGSQL_SC
		46	SYSCHECK_PGSQL_PROFILE= postgresql
		47	SYSCHECK_PGSQL_DESC= PostgreSQL configuration files
		48	SYSCHECK_PGSQL_DEFINE= server local agent pushed
		49	SYSCHECK_PGSQL_DEFAULT= pushed
		50	SYSCHECK_OPTIONS+= SYSCHECK_PGSQL