FreeBSD Bugzilla – Attachment 130618 Details for
Bug 174592
security/sguil-sensor, port update
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
sguil-sensor.diff
sguil-sensor.diff (text/plain), 29.58 KB, created by
pauls
on 2012-12-20 15:50:00 UTC
(
hide
)
Description:
sguil-sensor.diff
Filename:
MIME Type:
Creator:
pauls
Created:
2012-12-20 15:50:00 UTC
Size:
29.58 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 309313) >+++ Makefile (working copy) >@@ -6,8 +6,7 @@ > # > > PORTNAME= sguil-sensor >-PORTVERSION= 0.7.0 >-PORTREVISION= 3 >+PORTVERSION= 0.8.0 > CATEGORIES= security > MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} > >@@ -15,104 +14,108 @@ > COMMENT= Sguil is a network security monitoring program > > LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls >-RUN_DEPENDS= snort:${PORTSDIR}/security/snort \ >- barnyard2:${PORTSDIR}/security/barnyard2 \ >+RUN_DEPENDS= barnyard2:${PORTSDIR}/security/barnyard2-sguil \ > ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX > >-OPTIONS= SANCP "Include sancp sensor" off \ >- PADS "Include pads sensor" off >+OPTIONS_DEFINE= PADS SANCP >+PADS_DESC= Include pads sensor >+SANCP_DESC= Include sancp sensor > >+LICENSE_NAME= QPLv1.0 >+LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL >+LICENSE_PERMS= auto-accept >+ > NO_BUILD= yes >-USE_RC_SUBR= example_agent pcap_agent snort_agent >-TCLSH_CMD?= tclsh8.4 >+USE_RC_SUBR= pcap_agent snort_agent >+TCL_VER= 8.5 >+TCLSH= tclsh${TCL_VER} > WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} >-SUB_LIST= SGUILDIR=${SGUILDIR} >+PATCH_WRKSRC= ${WRKSRC}/sensor >+SGUILDIR?= sguil-sensor >+SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH} > SUB_FILES= pkg-message > PLIST_SUB= SGUILDIR=${SGUILDIR} >-SGUILDIR?= sguil-sensor >-AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl >+AGENTS= pcap_agent.tcl snort_agent.tcl >+CONFS= pcap_agent.conf snort_agent.conf >+LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh >+WITH_PCRE= true > >-PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \ >- OPENSSL.README TODO UPGRADE USAGE sguildb.dia >+PORTDOCS1= README >+PORTDOCS2= README.daemonlogger >+PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \ >+ TODO UPGRADE USAGE sguildb.dia > >-.include <bsd.port.pre.mk> >+.include <bsd.port.options.mk> > >-WITH_PCRE= true >- >-.if defined(WITH_SANCP) >+.if ${PORT_OPTIONS:MSANCP} >+AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl >+CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf > RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp >-USE_RC_SUBR+= sancp_agent >-PLIST_SUB+= USESANCP= >+USE_RC_SUBR+= sancp_agent pcap_agent-sancp >+PLIST_SUB+= USESANCP="" > .else > PLIST_SUB+= USESANCP="@comment " > .endif > >-.if defined(WITH_PADS) >+.if ${PORT_OPTIONS:MPADS} >+AGENTS+= pads_agent.tcl >+CONFS+= pads_agent.conf > RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads > USE_RC_SUBR+= pads_agent >-PLIST_SUB+= USEPADS= >+PLIST_SUB+= USEPADS="" > .else > PLIST_SUB+= USEPADS="@comment " > .endif > > post-patch: > .for f in ${AGENTS} >- @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \ >+ @${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \ > ${WRKSRC}/sensor/${f} >- @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \ >- ${WRKSRC}/sensor/${f} > .endfor > > do-install: > @${MKDIR} ${PREFIX}/bin/${SGUILDIR} > @${MKDIR} ${PREFIX}/etc/${SGUILDIR} >-.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl >+ @${MKDIR} ${PREFIX}/share/${SGUILDIR} >+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib >+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/init >+ (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig") >+ (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init) >+.for f in ${AGENTS} > ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ > ${PREFIX}/bin/${SGUILDIR}/${f} > .endfor >-.for f in log_packets.sh >+.for f in ${LOG_SCRIPTS} > ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ > ${PREFIX}/bin/${SGUILDIR}/${f} > .endfor >-.for f in example_agent.conf pcap_agent.conf snort_agent.conf >+.for f in ${CONFS} > ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ > ${PREFIX}/etc/${SGUILDIR}/${f}-sample > .endfor >-.for f in log_packets.conf >- ${INSTALL_DATA} ${FILESDIR}/${f} \ >- ${PREFIX}/etc/${SGUILDIR}/${f}-sample >+.if ${PORT_OPTIONS:MSANCP} >+.for f in log_packets-sancp.sh >+ ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ >+ ${PREFIX}/bin/${SGUILDIR}/${f} > .endfor >-.if defined(WITH_SANCP) >-.for f in sancp_agent.conf >- ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ >- ${PREFIX}/etc/${SGUILDIR}/${f}-sample >-.endfor > .for f in sancp.conf > ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ >- ${PREFIX}/etc/${f}-sample >-.endfor >-.for f in sancp_agent.tcl >- ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ >- ${PREFIX}/bin/${SGUILDIR}/${f} >-.endfor >-.endif >-.if defined(WITH_PADS) >-.for f in pads_agent.conf >- ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ > ${PREFIX}/etc/${SGUILDIR}/${f}-sample > .endfor >-.for f in pads_agent.tcl >- ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ >- ${PREFIX}/bin/${SGUILDIR}/${f} >-.endfor > .endif > post-install: > >-.if !defined(NOPORTDOCS) >+.if ${PORT_OPTIONS:MDOCS} > @${MKDIR} ${DOCSDIR} >- cd ${WRKSRC}/doc && ${INSTALL_DATA} \ >- ${PORTDOCS} ${DOCSDIR} >+ cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR} >+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR} >+ cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR} >+.if ${PORT_OPTIONS:MSANCP} >+.for f in README.sancp_indexed_pcap >+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR} >+.endfor > .endif >+.endif > @${CAT} ${PKGMESSAGE} > >-.include <bsd.port.post.mk> >+.include <bsd.port.mk> >Index: distinfo >=================================================================== >--- distinfo (revision 309313) >+++ distinfo (working copy) >@@ -1,2 +1,2 @@ >-SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b >-SIZE (sguil-sensor-0.7.0.tar.gz) = 68436 >+SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5 >+SIZE (sguil-sensor-0.8.0.tar.gz) = 142829 >Index: files/example_agent.in >=================================================================== >--- files/example_agent.in (revision 309313) >+++ files/example_agent.in (working copy) >@@ -1,34 +0,0 @@ >-#!/bin/sh >- >-# $FreeBSD$ >- >-# PROVIDE: example_agent >-# REQUIRE: DAEMON >-# KEYWORD: shutdown >- >-# Add the following line to /etc/rc.conf to enable example_agent: >-# example_agent_enable (bool): Set to YES to enable example_agent >-# Default: NO >-# example_agent_conf (str): Example_agent configuration file >-# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf >-# example_agent_flags (str): Default: -D >-# >- >-. /etc/rc.subr >- >-load_rc_config example_agent >- >-#set defaults >-example_agent_enable=${example_agent_enable:-"NO"} >-example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"} >-example_agent_flags=${example_agent_flags:-"-D"} >- >-name="example_agent" >-rcvar=example_agent_enable >-command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl" >-command_args="-c ${example_agent_conf} ${example_agent_flags}" >-procname="%%PREFIX%%/bin/tclsh8.4" >-pidfile="/var/run/${name}.pid" >-check_pidfile="${pidfile} ${procname} /bin/sh" >- >-run_rc_command "$1" >Index: files/log_packets.conf >=================================================================== >--- files/log_packets.conf (revision 309313) >+++ files/log_packets.conf (working copy) >@@ -1,35 +0,0 @@ >-# Conf file for the log_packets script >-# Make sure you verify the location of >-# each of the binaries on your OS >- >-# Edit these for your setup >- >-# Sensors hostname. >-# Note: If running multiple snort instances, then this must be different >-# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) >-HOSTNAME="myhost" >-# Path to snort binary >-SNORT_PATH="/usr/local/bin/snort" >-# Directory to log pcap data to (date dirs will be created in here) >-# Note: The path $HOSTNAME/dailylogs, will be appended to this. >-LOG_DIR="/snort_data" >-# Percentage of disk to try and maintain >-MAX_DISK_USE=90 >-# Interface to 'listen' to. >-INTERFACE="eth0" >-# Other options to use when starting snort >-#OPTIONS="-u sguil -g sguil -m 122" >-# Where to store the pid >-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" >-# How do we run ps >-PS="ps awx" >-# Where is grep >-GREP="/usr/bin/grep" >-#Add BPFs here. >-#The below is an example of a filter for ignoring outbound HTTP from my network >-# to the world. >-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' >- >-#Some installs may need these >-#LD_LIBRARY_PATH=/usr/local/lib/mysql >-#export LD_LIBRARY_PATH >Index: files/pads_agent.in >=================================================================== >--- files/pads_agent.in (revision 309313) >+++ files/pads_agent.in (working copy) >@@ -16,19 +16,51 @@ > > . /etc/rc.subr > >-load_rc_config pads_agent >+name="pads_agent" >+rcvar=${name}_enable >+load_rc_config ${name} > > #set defaults >-pads_agent_enable=${pads_agent_enable:-"NO"} >-pads_agent_conf=${pads_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"} >-pads_agent_flags=${pads_agent_flags:-"-D"} >+: ${pads_agent_enable:="NO"} >+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"} >+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"} > >-name="pads_agent" >-rcvar=pads_agent_enable > command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl" >-command_args="-c ${pads_agent_conf} ${pads_agent_flags}" >-procname="%%PREFIX%%/bin/tclsh8.4" >+procname="%%PREFIX%%/bin/%%TCLSH%%" > pidfile="/var/run/${name}.pid" >-check_pidfile="${pidfile} ${procname} /bin/sh" > >+start_precmd="pads_agent_ck4fifo" >+stop_postcmd="pads_agent_rmfifo" >+ >+pads_agent_ck4fifo() >+{ >+ LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` >+ HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` >+ PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo >+ >+ if [ ! -p ${PADS_FIFO} ]; then >+ echo "${PADS_FIFO} does not exist. Creating now....." >+ /usr/bin/mkfifo ${PADS_FIFO} >+ fi >+ echo "Checking for ${PADS_FIFO}...." >+ if [ -p ${PADS_FIFO} ]; then >+ echo "Confirmed! ${PADS_FIFO} exists." >+ else >+ echo "I tried to create ${PADS_FIFO} and failed." >+ echo "You will need to create it manually before starting ${name}." >+ fi >+} >+ >+pads_agent_rmfifo() >+{ >+ LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` >+ HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` >+ PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo >+ >+ if [ -p ${PADS_FIFO} ]; then >+ /bin/rm ${PADS_FIFO} >+ echo "Removing ${PADS_FIFO}...." >+ fi >+} >+ > run_rc_command "$1" >Index: files/patch-log_packets.sh >=================================================================== >--- files/patch-log_packets.sh (revision 309313) >+++ files/patch-log_packets.sh (working copy) >@@ -1,50 +0,0 @@ >---- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500 >-+++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500 >-@@ -22,38 +22,16 @@ >- # # >- ############################################################## >- >-+# You shouldn't need to edit anything in this script >- >--# Edit these for your setup >-- >--# Sensors hostname. >--# Note: If running multiple snort instances, then this must be different >--# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) >--HOSTNAME="myhost" >--# Path to snort binary >--SNORT_PATH="/usr/local/bin/snort" >--# Directory to log pcap data to (date dirs will be created in here) >--# Note: The path $HOSTNAME/dailylogs, will be appended to this. >--LOG_DIR="/snort_data" >--# Percentage of disk to try and maintain >--MAX_DISK_USE=90 >--# Interface to 'listen' to. >--INTERFACE="eth0" >--# Other options to use when starting snort >--#OPTIONS="-u sguil -g sguil -m 122" >--# Where to store the pid >--PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" >--# How do we run ps >--PS="ps awx" >--# Where is grep >--GREP="/usr/bin/grep" >--#Add BPFs here. >--#The below is an example of a filter for ignoring outbound HTTP from my network >--# to the world. >--#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)' >-- >--#Some installs may need these >--#LD_LIBRARY_PATH=/usr/local/lib/mysql >--#export LD_LIBRARY_PATH >-+CONF=/usr/local/etc/sguil-sensor/log_packets.conf >-+if [ -r ${CONF} ]; then >-+ . ${CONF} >-+else >-+ echo "Your conf file is either missing or the path " >-+ echo "in the log_packets.sh script is incorrect." >-+ exit 1 >-+fi >- >- TZ=GMT >- export TZ >Index: files/patch-ossec_agent.tcl >=================================================================== >--- files/patch-ossec_agent.tcl (revision 0) >+++ files/patch-ossec_agent.tcl (working copy) >@@ -0,0 +1,30 @@ >+--- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000 >++++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code >+ # distributed with sguil. >+@@ -593,9 +591,9 @@ >+ if { ![info exists CONF_FILE] } { >+ >+ # No conf file specified check the defaults >+- if { [file exists /etc/ossec_agent.conf] } { >++ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } { >+ >+- set CONF_FILE /etc/ossec_agent.conf >++ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf >+ >+ } elseif { [file exists ./ossec_agent.conf] } { >+ >+@@ -604,7 +602,7 @@ >+ } else { >+ >+ puts "Couldn't determine where the ossec_agent.tcl config file is" >+- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf." >+ DisplayUsage $argv0 >+ >+ } >Index: files/patch-pads_agent.tcl >=================================================================== >--- files/patch-pads_agent.tcl (revision 0) >+++ files/patch-pads_agent.tcl (working copy) >@@ -0,0 +1,39 @@ >+--- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000 >++++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ # >+ >+@@ -332,7 +330,7 @@ >+ id process group set >+ if {[fork]} {exit 0} >+ set PID [id process] >+- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" } >++ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" } >+ set PID_DIR [file dirname $PID_FILE] >+ if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } { >+ puts "ERROR: Directory $PID_DIR does not exists or is not writable." >+@@ -380,16 +378,16 @@ >+ } >+ } >+ # Parse the config file here >+-# Default location is /etc/pads_agent.conf or pwd >++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd >+ if { ![info exists CONF_FILE] } { >+ # No conf file specified check the defaults >+- if { [file exists /etc/pads_agent.conf] } { >+- set CONF_FILE /etc/pads_agent.conf >++ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } { >++ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf >+ } elseif { [file exists ./pads_agent.conf] } { >+ set CONF_FILE ./pads_agent.conf >+ } else { >+ puts "Couldn't determine where the sensor_agent.tcl config file is" >+- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf." >+ DisplayUsage $argv0 >+ } >+ } >Index: files/patch-pcap_agent-sancp.tcl >=================================================================== >--- files/patch-pcap_agent-sancp.tcl (revision 0) >+++ files/patch-pcap_agent-sancp.tcl (working copy) >@@ -0,0 +1,35 @@ >+--- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000 >++++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ # >+ >+@@ -754,13 +752,13 @@ >+ } >+ >+ # Parse the config file here >+-# Default location is /etc/pcap_agent.conf or pwd >++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd >+ if { ![info exists CONF_FILE] } { >+ >+ # No conf file specified check the defaults >+- if { [file exists /etc/pcap_agent.conf] } { >++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { >+ >+- set CONF_FILE /etc/pcap_agent.conf >++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf >+ >+ } elseif { [file exists ./pcap_agent.conf] } { >+ >+@@ -769,7 +767,7 @@ >+ } else { >+ >+ puts "Couldn't determine where the pcap_agent.tcl config file is" >+- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." >+ DisplayUsage $argv0 >+ >+ } >Index: files/patch-pcap_agent.tcl >=================================================================== >--- files/patch-pcap_agent.tcl (revision 0) >+++ files/patch-pcap_agent.tcl (working copy) >@@ -0,0 +1,35 @@ >+--- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000 >++++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ # >+ >+@@ -771,13 +769,13 @@ >+ } >+ >+ # Parse the config file here >+-# Default location is /etc/pcap_agent.conf or pwd >++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd >+ if { ![info exists CONF_FILE] } { >+ >+ # No conf file specified check the defaults >+- if { [file exists /etc/pcap_agent.conf] } { >++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { >+ >+- set CONF_FILE /etc/pcap_agent.conf >++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf >+ >+ } elseif { [file exists ./pcap_agent.conf] } { >+ >+@@ -786,7 +784,7 @@ >+ } else { >+ >+ puts "Couldn't determine where the pcap_agent.tcl config file is" >+- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." >+ DisplayUsage $argv0 >+ >+ } >Index: files/patch-sancp_agent.tcl >=================================================================== >--- files/patch-sancp_agent.tcl (revision 0) >+++ files/patch-sancp_agent.tcl (working copy) >@@ -0,0 +1,30 @@ >+--- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000 >++++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ # >+ >+@@ -582,16 +580,16 @@ >+ } >+ } >+ # Parse the config file here >+-# Default location is /etc/sancp_agent.conf or pwd >++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd >+ if { ![info exists CONF_FILE] } { >+ # No conf file specified check the defaults >+- if { [file exists /etc/sancp_agent.conf] } { >+- set CONF_FILE /etc/sancp_agent.conf >++ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } { >++ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf >+ } elseif { [file exists ./sancp_agent.conf] } { >+ set CONF_FILE ./sancp_agent.conf >+ } else { >+ puts "Couldn't determine where the sancp_agent.tcl config file is" >+- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf." >+ DisplayUsage $argv0 >+ } >+ } >Index: files/patch-snort_agent.tcl >=================================================================== >--- files/patch-snort_agent.tcl (revision 0) >+++ files/patch-snort_agent.tcl (working copy) >@@ -0,0 +1,35 @@ >+--- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000 >++++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000 >+@@ -1,6 +1,4 @@ >+ #!/bin/sh >+-# Run tcl from users PATH \ >+-exec tclsh "$0" "$@" >+ >+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ # >+ >+@@ -680,13 +678,13 @@ >+ } >+ >+ # Parse the config file here >+-# Default location is /etc/snort_agent.conf or pwd >++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd >+ if { ![info exists CONF_FILE] } { >+ >+ # No conf file specified check the defaults >+- if { [file exists /etc/snort_agent.conf] } { >++ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } { >+ >+- set CONF_FILE /etc/snort_agent.conf >++ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf >+ >+ } elseif { [file exists ./snort_agent.conf] } { >+ >+@@ -695,7 +693,7 @@ >+ } else { >+ >+ puts "Couldn't determine where the snort_agent.tcl config file is" >+- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf." >++ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf." >+ DisplayUsage $argv0 >+ >+ } >Index: files/pcap_agent-sancp.in >=================================================================== >--- files/pcap_agent-sancp.in (revision 0) >+++ files/pcap_agent-sancp.in (working copy) >@@ -0,0 +1,32 @@ >+#!/bin/sh >+ >+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 302141 2012-08-05 23:19:36Z dougb $ >+ >+# PROVIDE: pcap_agent-sancp >+# REQUIRE: DAEMON >+# KEYWORD: shutdown >+ >+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp: >+# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp >+# Default: NO >+# pcap_agent-sancp_conf (str): Pads_agent configuration file >+# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf >+# pcap_agent-sancp_flags (str): Default: -D >+# >+ >+. /etc/rc.subr >+ >+name="pcap_agent-sancp" >+rcvar=pcap_agent-sancp_enable >+load_rc_config pcap_agent-sancp >+ >+#set defaults >+: ${pcap_agent-sancp_enable:="NO"} >+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"} >+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"} >+ >+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl" >+procname="%%PREFIX%%/bin/%%TCLSH%%" >+pidfile="/var/run/${name}.pid" >+ >+run_rc_command "$1" >Index: files/pcap_agent.in >=================================================================== >--- files/pcap_agent.in (revision 309313) >+++ files/pcap_agent.in (working copy) >@@ -16,19 +16,17 @@ > > . /etc/rc.subr > >+name="pcap_agent" >+rcvar=pcap_agent_enable > load_rc_config pcap_agent > > #set defaults >-pcap_agent_enable=${pcap_agent_enable:-"NO"} >-pcap_agent_conf=${pcap_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"} >-pcap_agent_flags=${pcap_agent_flags:-"-D"} >+: ${pcap_agent_enable:="NO"} >+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"} >+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"} > >-name="pcap_agent" >-rcvar=pcap_agent_enable > command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl" >-command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}" >-procname="%%PREFIX%%/bin/tclsh8.4" >+procname="%%PREFIX%%/bin/%%TCLSH%%" > pidfile="/var/run/${name}.pid" >-check_pidfile="${pidfile} ${procname} /bin/sh" > > run_rc_command "$1" >Index: files/pkg-message.in >=================================================================== >--- files/pkg-message.in (revision 309313) >+++ files/pkg-message.in (working copy) >@@ -2,13 +2,11 @@ > * !!!!!!!!!!! WARNING !!!!!!!!!!! * > *********************************** > >-If you already had barnyard installed, this port will NOT deinstall >-it and install the barnyard-sguil6 port instead. You will need to >-deinstall the barnyard port and install the barnyard-sguil6 port yourself >-instead. This port WILL NOT WORK without the barnyard-sguil6 port!! >+If you already had barnyard2 installed, this port will NOT deinstall >+it and install the barnyard2-sguil port instead. You will need to >+deinstall the barnyard2 port and install the barnyard2-sguil port yourself >+instead. This port WILL NOT WORK without the barnyard2-sguil port!! > >-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%) >-to fit your configuration before running the log_packets.sh script. > See the %%DOCSDIR%%/INSTALL doc for details on the > configuration and for croning the script. > >@@ -16,13 +14,18 @@ > quickly. You should probably configure sguil et al to log to > another partition/location (e.g. /nsm/tmp/). > >-You must ALSO edit all of the sensor conf fileis (located in >+You must ALSO edit all of the sensor conf files (located in > %%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before > starting the sensor_agents. > >+A number of ancilliary things have been installed in >+%%PREFIX%%/share/%%SGUILDIR%%. >+ > If you chose to run sancp, and you already had a sancp.conf file in > %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one. >-The new sancp.conf-sample file contains the settings for squil. >-If you still want to maintain the customized sancp.conf file, then copy >-the new sancp.conf-sample file to sguild-sancp.conf (for example) and >-add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. >+The new sancp.conf-sample file contains the settings for squil. NOTE: >+the conf file is for sancp 1.5.3. It may need additional edits to work >+with the current ports version of sancp. If you still want to maintain >+the customized sancp.conf file, then copy the new sancp.conf-sample >+file to sguild-sancp.conf (for example) and add >+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. >Index: files/sancp_agent.in >=================================================================== >--- files/sancp_agent.in (revision 309313) >+++ files/sancp_agent.in (working copy) >@@ -16,19 +16,17 @@ > > . /etc/rc.subr > >+name="sancp_agent" >+rcvar=sancp_agent_enable > load_rc_config sancp_agent > > #set defaults >-sancp_agent_enable=${sancp_agent_enable:-"NO"} >-sancp_agent_conf=${sancp_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"} >-sancp_agent_flags=${sancp_agent_flags:-"-D"} >+: ${sancp_agent_enable:="NO"} >+: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"} >+: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"} > >-name="sancp_agent" >-rcvar=sancp_agent_enable > command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl" >-command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}" >-procname="%%PREFIX%%/bin/tclsh8.4" >+procname="%%PREFIX%%/bin/%%TCLSH%%" > pidfile="/var/run/${name}.pid" >-check_pidfile="${pidfile} ${procname} /bin/sh" > > run_rc_command "$1" >Index: files/snort_agent.in >=================================================================== >--- files/snort_agent.in (revision 309313) >+++ files/snort_agent.in (working copy) >@@ -16,19 +16,17 @@ > > . /etc/rc.subr > >+name="snort_agent" >+rcvar=snort_agent_enable > load_rc_config snort_agent > > #set defaults >-snort_agent_enable=${snort_agent_enable:-"NO"} >-snort_agent_conf=${snort_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"} >-snort_agent_flags=${snort_agent_flags:-"-D"} >+: ${snort_agent_enable:="NO"} >+: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"} >+: ${snort_agent_flags:="-D -c ${snort_agent_conf}"} > >-name="snort_agent" >-rcvar=snort_agent_enable > command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl" >-command_args="-c ${snort_agent_conf} ${snort_agent_flags}" >-procname="%%PREFIX%%/bin/tclsh8.4" >+procname="%%PREFIX%%/bin/%%TCLSH%%" > pidfile="/var/run/${name}.pid" >-check_pidfile="${pidfile} ${procname} /bin/sh" > > run_rc_command "$1" >Index: pkg-descr >=================================================================== >--- pkg-descr (revision 309313) >+++ pkg-descr (working copy) >@@ -4,7 +4,7 @@ > (www.tcl.tk). Sguil also relies on other open source software > in order to function properly. > >-The sensor list includes security/barnyard, security/snort, >+The sensor list includes security/barnyard2-sguil, security/snort, > security/sancp, net-mgmt/pads, tcpdump (a part of the OS) > and devel/tcltls as well as lang/tcl84 and lang/tclX. Care > has been taken to ensure that everything you need to build >@@ -15,4 +15,3 @@ > rule management capabilities. > > WWW: http://sguil.sourceforge.net/index.php >-pauls@utdallas.edu >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 309313) >+++ pkg-plist (working copy) >@@ -1,15 +1,41 @@ >+bin/%%SGUILDIR%%/log_packets-daemonlogger.sh > bin/%%SGUILDIR%%/log_packets.sh >-bin/%%SGUILDIR%%/example_agent.tcl > bin/%%SGUILDIR%%/pcap_agent.tcl > bin/%%SGUILDIR%%/snort_agent.tcl >-etc/%%SGUILDIR%%/example_agent.conf-sample > etc/%%SGUILDIR%%/pcap_agent.conf-sample > etc/%%SGUILDIR%%/snort_agent.conf-sample >-etc/%%SGUILDIR%%/log_packets.conf-sample >+%%DOCSDIR%%/CHANGES >+%%DOCSDIR%%/FAQ >+%%DOCSDIR%%/INSTALL >+%%DOCSDIR%%/INSTALL.openbsd >+%%DOCSDIR%%/OPENSSL.README >+%%DOCSDIR%%/README >+%%DOCSDIR%%/README.daemonlogger >+%%DOCSDIR%%/TODO >+%%DOCSDIR%%/UPGRADE >+%%DOCSDIR%%/USAGE >+%%DOCSDIR%%/sguildb.dia >+share/%%SGUILDIR%%/contrib/ossec_agent/README >+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf >+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl >+share/%%SGUILDIR%%/contrib/portscan_loader/Makefile >+share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c >+share/%%SGUILDIR%%/init/sensoragent > %%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl > %%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample >-%%USESANCP%%etc/sancp.conf-sample >+%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh >+%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl > %%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl > %%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample >+%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample >+%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample >+%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample >+%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap >+@dirrm share/%%SGUILDIR%%/init >+@dirrm share/%%SGUILDIR%%/contrib/portscan_loader >+@dirrm share/%%SGUILDIR%%/contrib/ossec_agent >+@dirrm share/%%SGUILDIR%%/contrib >+@dirrm share/%%SGUILDIR%% >+@dirrmtry etc/%%SGUILDIR%% > @dirrm bin/%%SGUILDIR%% >-@dirrmtry etc/%%SGUILDIR%% >+@dirrm %%DOCSDIR%%
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 174592
: 130618