Attachment #198749 for bug #232794




# $FreeBSD$

PORTNAME=	ossec-hids
PORTVERSION=	3.1.0
PORTREVISION=
CATEGORIES=	security

MAINTAINER=	dominik.lisiak@bemsoft.pl
COMMENT=	Security tool to monitor and check logs and intrusions

LICENSE=	GPLv2

RUN_DEPENDS=	ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}

USES=		metaport

OPTIONS_DEFINE=		CONFIG

OPTIONS_SINGLE=		G_TYPE
OPTIONS_SINGLE_G_TYPE=	LOCAL AGENT SERVER

OPTIONS_DEFAULT=	CONFIG LOCAL

CONFIG_DESC=		Install configuration manager and samples
G_TYPE_DESC=		Installation type
LOCAL_DESC=		Analizes local data only (standalone)
AGENT_DESC=		Sends local data to the server for analysis
SERVER_DESC=		Analizes local data and data received from multiple agents

CONFIG_VARS=		RUN_DEPENDS+=ossec-hids-${OSSEC_TYPE}-config>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}-config
LOCAL_VARS=		OSSEC_TYPE=local
AGENT_VARS=		OSSEC_TYPE=agent
SERVER_VARS=		OSSEC_TYPE=server

.include <bsd.port.mk>

Line 0 Link Here

(-)security/ossec-hids/pkg-descr (+6 lines)
	1	OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
	2	System (HIDS). It has a powerful correlation and analysis engine, integrating
	3	log analysis, file integrity checking, Windows registry monitoring, centralized
	4	policy enforcement, rootkit detection, real-time alerting and active response.
	5
	6	WWW: https://ossec.github.io

Line 0 Link Here

(-)security/ossec-hids-agent-config/Makefile (+7 lines)
	1	# $FreeBSD$
	2
	3	OSSEC_TYPE= agent
	4
	5	MASTERDIR= ${.CURDIR}/../ossec-hids-local-config
	6
	7	.include "${MASTERDIR}/Makefile"




# Created by: Valerio Daelli <valerio.daelli@gmail.com>
# $FreeBSD$

OSSEC_TYPE=	agent
COMMENT=	Client port of ossec-hids

MASTERDIR=	${.CURDIR}/../ossec-hids-local

MASTERDIR=	${.CURDIR}/../ossec-hids-server

PLIST=		${.CURDIR}/pkg-plist.client

.include "${MASTERDIR}/Makefile"




%%PORTNAME%%/active-response/bin/disable-account.sh
%%PORTNAME%%/active-response/bin/firewall-drop.sh
%%PORTNAME%%/active-response/bin/host-deny.sh
%%PORTNAME%%/active-response/bin/ip-customblock.sh
%%PORTNAME%%/active-response/bin/ipfw.sh
%%PORTNAME%%/active-response/bin/ipfw_mac.sh
%%PORTNAME%%/active-response/bin/ossec-tweeter.sh
%%PORTNAME%%/active-response/bin/pf.sh
%%PORTNAME%%/active-response/bin/restart-ossec.sh
%%PORTNAME%%/active-response/bin/route-null.sh
%%PORTNAME%%/bin/agent-auth
%%PORTNAME%%/bin/manage_agents
%%PORTNAME%%/bin/ossec-agentd
%%PORTNAME%%/bin/ossec-control
%%PORTNAME%%/bin/ossec-execd
%%PORTNAME%%/bin/ossec-logcollector
%%PORTNAME%%/bin/ossec-lua
%%PORTNAME%%/bin/ossec-luac
%%PORTNAME%%/bin/ossec-syscheckd
%%PORTNAME%%/bin/util.sh
@group ossec
%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
%%PORTNAME%%/etc/shared/rootkit_trojans.txt
%%PORTNAME%%/etc/shared/rootkit_files.txt
%%PORTNAME%%/etc/shared/system_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_malware_rcl.txt
%%PORTNAME%%/etc/shared/win_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
@sample %%PORTNAME%%/etc/ossec.conf.sample
%%PORTNAME%%/etc/internal_options.conf
@owner ossec
%%PORTNAME%%/logs/ossec.log
@owner
%%PORTNAME%%/agentless/main.exp
%%PORTNAME%%/agentless/sshlogin.exp
%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
%%PORTNAME%%/agentless/ssh_foundry_diff
%%PORTNAME%%/agentless/ssh_pixconfig_diff
%%PORTNAME%%/agentless/ssh_nopass.exp
%%PORTNAME%%/agentless/ssh_integrity_check_linux
%%PORTNAME%%/agentless/ssh_integrity_check_bsd
%%PORTNAME%%/agentless/ssh_generic_diff
%%PORTNAME%%/agentless/ssh.exp
%%PORTNAME%%/agentless/register_host.sh
%%PORTNAME%%/agentless/su.exp
@dir %%PORTNAME%%/agentless
@dir %%PORTNAME%%/active-response/bin
@dir %%PORTNAME%%/active-response
@dir %%PORTNAME%%/etc/shared
@dir %%PORTNAME%%/etc
@dir %%PORTNAME%%/tmp
@dir %%PORTNAME%%/var/run
@dir %%PORTNAME%%/var
@dir %%PORTNAME%%/queue/syscheck
@dir %%PORTNAME%%/queue/rids
@owner ossec
@dir %%PORTNAME%%/queue/ossec
@dir %%PORTNAME%%/queue/diff
@owner
@dir %%PORTNAME%%/queue/alerts
@dir %%PORTNAME%%/queue
@dir %%PORTNAME%%/logs
@dir %%PORTNAME%%/bin
@owner ossec
@dir %%PORTNAME%%/.ssh
@owner
@dir %%PORTNAME%%




# Created by: Valerio Daelli <valerio.daelli@gmail.com>
# $FreeBSD$

PORTNAME=	ossec-hids
PORTVERSION=	3.1.0
PORTREVISION=
CATEGORIES=	security
PKGNAMESUFFIX=	-${OSSEC_TYPE}

MAINTAINER=	dominik.lisiak@bemsoft.pl
COMMENT=	Security tool to monitor and check logs and intrusions

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

OSSEC_TYPE?=	local

.if ${OSSEC_TYPE} == local
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-agent-* \
			ossec-hids-server-*
.elif ${OSSEC_TYPE} == agent
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-local-* \
			ossec-hids-server-*
.elif ${OSSEC_TYPE} == server
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-agent-* \
			ossec-hids-local-*
.endif

.if ${OSSEC_TYPE} != agent
RUN_DEPENDS=	expect:lang/expect
.endif

GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
INOTIFY_LIB_DEPENDS=	libinotify.so:devel/libinotify
PRELUDE_LIB_DEPENDS=	libprelude.so:security/libprelude
ZEROMQ_LIB_DEPENDS=	libczmq.so:net/czmq

USES=		gmake readline ssl
MYSQL_USE=	mysql
PGSQL_USES=	pgsql

USE_GITHUB=	yes
GH_ACCOUNT=	ossec
USE_RC_SUBR=	ossec-hids

.if ${OSSEC_TYPE} != agent
USES+=		shebangfix
SHEBANG_LANG=	expect
expect_OLD_CMD=	"/usr/bin/env expect"
expect_CMD=	${LOCALBASE}/bin/expect
SHEBANG_FILES=	src/agentlessd/scripts/main.exp \
		src/agentlessd/scripts/ssh.exp \
		src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
		src/agentlessd/scripts/ssh_foundry_diff \
		src/agentlessd/scripts/ssh_generic_diff \
		src/agentlessd/scripts/ssh_integrity_check_bsd \
		src/agentlessd/scripts/ssh_integrity_check_linux \
		src/agentlessd/scripts/ssh_nopass.exp \
		src/agentlessd/scripts/ssh_pixconfig_diff \
		src/agentlessd/scripts/sshlogin.exp \
		src/agentlessd/scripts/su.exp
.endif

OPTIONS_SUB=			yes
OPTIONS_DEFINE=			DOCS INOTIFY

.if ${OSSEC_TYPE} != agent
OPTIONS_DEFINE+=		GEOIP PRELUDE ZEROMQ

OPTIONS_RADIO=			DATABASE
OPTIONS_RADIO_DATABASE=		MYSQL PGSQL
.endif

OPTIONS_DEFAULT=		INOTIFY

INOTIFY_DESC=		Kevent based real time monitoring
PRELUDE_DESC=		Sensor support from Prelude SIEM
ZEROMQ_DESC=		ZeroMQ support (experimental)
DATABASE_DESC=		Database output

GEOIP_VARS=	OSSEC_ARGS+=USE_GEOIP=yes
INOTIFY_VARS=	OSSEC_ARGS+=USE_INOTIFY=yes
PRELUDE_VARS=	OSSEC_ARGS+=USE_PRELUDE=yes
ZEROMQ_VARS=	OSSEC_ARGS+=USE_ZEROMQ=yes
MYSQL_VARS=	OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
PGSQL_VARS=	OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema

OSSEC_ARGS+=	TARGET=${OSSEC_TYPE}
.if ${OSSEC_TYPE} == agent
STRIP_FILES=	agent-auth \
		manage_agents \
		ossec-agentd \
		ossec-execd \
		ossec-logcollector \
		ossec-lua \
		ossec-luac \
		ossec-syscheckd
.else
STRIP_FILES=	agent_control \
		clear_stats \
		list_agents \
		manage_agents \
		ossec-agentlessd \
		ossec-analysisd \
		ossec-authd \
		ossec-csyslogd \
		ossec-dbd \
		ossec-execd \
		ossec-logcollector \
		ossec-logtest \
		ossec-lua \
		ossec-luac \
		ossec-maild \
		ossec-makelists \
		ossec-monitord \
		ossec-regex \
		ossec-remoted \
		ossec-reportd \
		ossec-syscheckd \
		rootcheck_control \
		syscheck_control \
		syscheck_update \
		verify-agent-conf
.endif
.if defined(MAINTAINER_MODE)
OSSEC_HOME=		${PREFIX}/${PORTNAME}
.else
OSSEC_HOME?=		${PREFIX}/${PORTNAME}
.endif
OSSEC_RC=		${PREFIX}/etc/rc.d/ossec-hids
FIREWALL_DROP_BIN=	${OSSEC_HOME}/active-response/bin/firewall-drop.sh
IPFILTER_BIN=		${OSSEC_HOME}/active-response/bin/ipfilter.sh
RESTART_OSSEC_BIN=	${OSSEC_HOME}/active-response/bin/restart-ossec.sh
SHARED_DIR=		${OSSEC_HOME}/etc/shared
INTERNAL_OPTS_CONF=	${OSSEC_HOME}/etc/local_internal_options.conf

.if empty(USER)
USER=$$(${ID} -un)
.endif
.if empty(GROUP)
GROUP=$$(${ID} -gn)
.endif

.if !defined(MAINTAINER_MODE)
USER_ARGS+=	OSSEC_GROUP=${GROUP} \
		OSSEC_USER=${USER} \
		OSSEC_USER_MAIL=${USER} \
		OSSEC_USER_REM=${USER}
.endif
OSSEC_USER=	ossec
OSSEC_GROUP=	ossec
USERS=		${OSSEC_USER} ossecm ossecr
GROUPS=		${OSSEC_GROUP}

SUB_LIST+=	PORTNAME=${PORTNAME} \
		CATEGORY=${CATEGORIES:[1]} \
		OSSEC_TYPE=${OSSEC_TYPE} \
		OSSEC_HOME=${OSSEC_HOME} \
		VERSION=${PORTVERSION} \
		DB_TYPE=${DB_TYPE} \
		DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
		USER=${USER} \
		OSSEC_USER=${OSSEC_USER} \
		OSSEC_GROUP=${OSSEC_GROUP} \
		OSSEC_RC=${OSSEC_RC}
SUB_FILES=	pkg-install \
		pkg-deinstall \
		${PKGMSG_FILES} \
		restart-ossec.sh

.if defined(MAINTAINER_MODE)
PLIST_SUB=	OSSEC_HOME=${PORTNAME}
.else
PLIST_SUB=	OSSEC_HOME=${OSSEC_HOME}
.endif
PLIST=		${PKGDIR}/pkg-plist-${OSSEC_TYPE}
DOCSFILES=	BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md
PKGHELP=	${PKGDIR}/pkg-help-${OSSEC_TYPE}
PKGMESSAGE=	${WRKDIR}/pkg-message
PKGMSG_FILES=	message-header

CFLAGS+=	-I${LOCALBASE}/include

BUILD_ARGS+=	${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
INSTALL_ARGS+=	${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}

.include <bsd.port.pre.mk>

PKGMSG_FILES+=	message-firewall message-config

post-patch:
	@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
		-e 's|-lreadline|& ${LDFLAGS}|' \
		${WRKSRC}/src/external/lua/src/Makefile

do-build:
	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build

do-install:
	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install

post-install:
	@${MV} -f ${STAGEDIR}${INTERNAL_OPTS_CONF} ${STAGEDIR}${INTERNAL_OPTS_CONF}.sample
	@${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN}
	@${CP} -f ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN}
	@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
.if defined(MAINTAINER_MODE)
	@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
.endif
	
.if ${OSSEC_TYPE} == agent
.if defined(MAINTAINER_MODE)
	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
.else
	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
.endif
.endif
	@${ECHO_CMD} -n > ${PKGMESSAGE}
.for file_name in ${PKGMSG_FILES}
	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
	@${ECHO_CMD} >> ${PKGMESSAGE}
.endfor
.for file_name in ${STRIP_FILES}
	@${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name}
.endfor

.if defined(MAINTAINER_MODE)
plist: makeplist
	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
.endif

post-install-DOCS-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample

post-install-MYSQL-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}

post-install-PGSQL-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}

.include <bsd.port.post.mk>

Line 0 Link Here

(-)security/ossec-hids-local/distinfo (+3 lines)
	1	TIMESTAMP = 1539457911
	2	SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
	3	SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469

Line 0 Link Here

(-)security/ossec-hids-local/files/message-config.in (+5 lines)
	1	Consider installing "%%CATEGORY%%/%%PORTNAME%%-%%OSSEC_TYPE%%-config" to ease
	2	OSSEC configuration.
	3
	4	For additional help execute:
	5	# %%PREFIX%%/etc/rc.d/ossec-hids help

Line 0 Link Here

(-)security/ossec-hids-local/files/message-database.in (+8 lines)
	1	The database schema file:
	2	%%DB_SCHEMA%%
	3
	4	To enable database output execute:
	5	# %%OSSEC_HOME%%/bin/ossec-control enable database
	6
	7	For further steps see the documentation:
	8	https://www.ossec.net/docs/syntax/head_ossec_config.database_output.html




If you intend to use "firewall-drop" active response on this OSSEC instance
create the script:
%%OSSEC_HOME%%/active-response/bin/firewall-drop.sh

You can copy or hard link (symbolic link is not supported) one of the scripts
already provided by OSSEC:
%%OSSEC_HOME%%/active-response/bin/ipfilter.sh
%%OSSEC_HOME%%/active-response/bin/ipfw.sh
%%OSSEC_HOME%%/active-response/bin/pf.sh

For further steps see the documentation:
https://www.ossec.net/docs/syntax/head_ossec_config.active-response.html

Line 0 Link Here

(-)security/ossec-hids-local/files/message-header.in (+10 lines)
	1	All the files related to OSSEC have been installed in:
	2	%%OSSEC_HOME%%
	3
	4	You need to create main configuration file:
	5	%%OSSEC_HOME%%/etc/ossec.conf
	6
	7	For information on proper configuration see:
	8	https://www.ossec.net/docs/syntax/ossec_config.html
	9
	10	To enable the startup script add ossec_hids_enable="YES" to /etc/rc.conf.




#!/bin/sh
#
# PROVIDE: ossec_hids
# REQUIRE: DAEMON
# BEFORE:  LOGIN
# KEYWORD: shutdown

# ossec_hids_enable (bool):             Set it to YES to enable %%PORTNAME%%.
#                                       Default: NO
# ossec_hids_clear_log (bool):          Set it to YES to clear ossec.log before %%PORTNAME%% startup.
#                                       Default: NO
# ossec_hids_clear_ar_log (bool):       Set it to YES to clear active-responses.log before %%PORTNAME%% startup.
#                                       Default: NO
# ossec_hids_fetch_connect_time (int):  Time in seconds to wait for the download of the shared configuration to start.
#                                       Used only by agent installation.
#                                       Default: 30
# ossec_hids_fetch_read_time (int):     Time in seconds to wait for subsequent download chunks of the shared configuration.
#                                       Used only by agent installation.
#                                       Default: 10

. /etc/rc.subr

name="ossec_hids"
rcvar=ossec_hids_enable

load_rc_config $name

: ${ossec_hids_enable="NO"}
: ${ossec_hids_clear_log="NO"}
: ${ossec_hids_clear_ar_log="NO"}
: ${ossec_hids_fetch_connect_time=30}
: ${ossec_hids_fetch_read_time=10}

ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"

ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"

agent_conf="${ossec_home}/etc/shared/agent.conf"
agent_conf_dir="${ossec_home}/etc/agent.conf.d"
agent_conf_bin="${ossec_home}/bin/config/agent-conf"

ossec_client_keys="${ossec_home}/etc/client.keys"
ossec_ar_tmp="${ossec_home}/active-response"
ossec_log="${ossec_home}/logs/ossec.log"
ossec_ar_log="${ossec_home}/logs/active-responses.log"
ossec_merged="${ossec_home}/etc/shared/merged.mg"

ossec_local_time="/etc/localtime"

extra_commands="help status reload ossec_conf"
case ${ossec_type} in
    server)
        extra_commands="${extra_commands} agent_conf manage_agent reset_counter"
        ;;
    agent)
        extra_commands="${extra_commands} agent_conf manage_agent reset_counter config_profile fetch_config"
        ;;
esac
if [ -x "${ossec_conf_bin}" ]; then
    extra_commands="${extra_commands} merge_config"
fi

ossec_rc_command=$1
shift 1

help_cmd="ossec_hids_help $@"
start_cmd="ossec_hids_command start $@"
stop_cmd="ossec_hids_command stop $@"
restart_cmd="ossec_hids_command restart $@"
status_cmd="ossec_hids_command status $@"
reload_cmd="ossec_hids_command reload $@"
manage_agent_cmd="ossec_hids_manage_agent $@"
reset_counter_cmd="ossec_hids_reset_counter $@"
config_profile_cmd="ossec_hids_config_profile $@"
fetch_config_cmd="ossec_hids_fetch_config $@"
merge_config_cmd="ossec_hids_create_config force $@"
ossec_conf_cmd="ossec_hids_ossec_conf $@"
agent_conf_cmd="ossec_hids_agent_conf $@"

start_precmd="ossec_hids_create_env && ossec_hids_create_config && ossec_hids_clean && ossec_hids_check"
restart_precmd="${start_precmd}"
reload_precmd="ossec_hids_create_env && ossec_hids_create_config"
config_profile_precmd="ossec_hids_check"
fetch_config_precmd="${start_precmd}"

agent_ids_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'"
agent_names_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*Name:[[:space:]]*([^,]+).*|\1|p'"

ossec_hids_help() {
    local indent="    "

    echo "Additional commands:"
    echo

    for command in ${extra_commands}; do
        case ${command} in
            ossec_conf)
                echo "${command}"
                if [ -x "${ossec_conf_bin}" ]; then
                    echo "${indent}Displays the \"ossec.conf\" as it would have been produced"
                    echo "${indent}by merging files from \"ossec.conf.d\" directory."
                    echo "${indent}Does not overwrite the actual \"ossec.conf\"."
                else
                    echo "${indent}Displays the current \"ossec.conf\"."
                fi
                echo
            ;;
            agent_conf)
                echo "${command}"
                if [ -x "${agent_conf_bin}" ]; then
                    echo "${indent}Displays the \"agent.conf\" as it would have been produced"
                    echo "${indent}by merging files from \"agent.conf.d\" directory."
                    echo "${indent}Does not overwrite the actual \"agent.conf\"."
                else
                    echo "${indent}Displays the current \"agent.conf\"."
                fi
                echo
            ;;
            manage_agent)
                echo "${command} [...]"
                echo "${indent}Executes OSSEC Agent Manager."
                echo "${indent}Any additional arguments will be passed along (-h for help)."
                echo "${indent}Use this command to export and import agent keys."
                echo
            ;;
            reset_counter)
                case ${ossec_type} in
                    server)
                        echo "${command} <agent_name>"
                        echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter(s)."
                        echo "${indent}Only the counter for the given <agent_name> is reset."
                        echo "${indent}If the <agent_name> is \"-\", then counters for all agents are reset."
                    ;;
                    agent)
                        echo "${command}"
                        echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter."
                    ;;
                esac
                echo "${indent}Use this command on both the server and the agent to bring back connectivity."
                echo "${indent}The typical scenario for desynchronization of counters is one of the OSSEC"
                echo "${indent}instances has been restored from backup."
                echo "${indent}Use the following procedure:"
                echo "${indent}1. Reset counter on the agent."
                echo "${indent}2. Reset counter on the server for that specific agent."
                echo "${indent}3. Start the server."
                echo "${indent}4. Start the agent."
                echo
            ;;
            config_profile)
                echo "${command}"
                echo "${indent}Displays a list (i.e. union of sets) of applicable (to this agent) configuration"
                echo "${indent}profiles sent by the server (current \"agent.conf\") merged with configuration"
                echo "${indent}profiles enabled on this agent (current \"ossec.conf\"). Each entry on the list"
                echo "${indent}is marked with one of the following markers:"
                echo "${indent}(+) - The profile is sent by the server and is enabled on this agent."
                echo "${indent}(-) - The profile is sent by the server and is applicable for this agent, but is"
                echo "${indent}      not enabled in the \"ossec.conf\"."
                echo "${indent}(?) - The profile is enabled on this agent, but is not sent by the server or is"
                echo "${indent}      not applicable to this agent."
                echo
            ;;
            fetch_config)
                echo "${command}"
                echo "${indent}(Re)starts the agent with a fresh copy of server shared configuration (including"
                echo "${indent}\"agent.conf\"). Command can also be used to ensure server connectivity."
                echo
            ;;
            merge_config)
                echo "${command}"
                echo "${indent}Creates \"ossec.conf\" by merging files from \"ossec.conf.d\" directory."
                case ${ossec_type} in
                    server)
                        echo "${indent}Creates \"agent.conf\" by merging files from \"agent.conf.d\" directory."
                    ;;
                esac
                echo "${indent}Usually you do not need to run this command, because configuration files will"
                echo "${indent}be merged before OSSEC startup if any of them has been modified/created/deleted"
                echo "${indent}since the last merging. This command, however, does merging unconditionally."
                echo
            ;;
        esac
    done

    echo "To avoid problems with this script and the port in general, keep your XML-like"
    echo "configuration pretty printed. Place element tags in single and separate lines."
    echo "Comments can span on multiple but still separate lines."
    echo "Do NOT use the following formatting:"
    echo
    echo "${indent}<elementA"
    echo "${indent}${indent}attribute=\"value\"><!-- I am a long and"
    echo "${indent}${indent}${indent}descriptive comment -->"
    echo "${indent}${indent}<elementB>"
    echo "${indent}${indent}${indent}Some content"
    echo "${indent}${indent}</elementB><elementC>"
    echo "${indent}${indent}${indent}Another content</elementC>"
    echo "${indent}</elementA>"
    echo
    echo "Use instead:"
    echo
    echo "${indent}<elementA attribute=\"value\">"
    echo "${indent}${indent}<!-- I am a long and"
    echo "${indent}${indent}descriptive comment -->"
    echo "${indent}${indent}<elementB>Some content</elementB>"
    echo "${indent}${indent}<elementC>Another content</elementC>"
    echo "${indent}</elementA>"
    echo
}

ossec_hids_create_file() {
    local path=$1
    local owner=$2
    local mode=$3

    if [ ! -e "${path}" ]; then
        touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
    fi
}

ossec_hids_check() {
    case ${ossec_type} in
        server)
            if [ ! -s "${ossec_client_keys}" ]; then
                echo "WARNING: There are no client keys created - remote connections will be disabled."
                echo
            fi
            ;;
        agent)
            if [ ! -s "${ossec_client_keys}" ]; then
                echo "WARNING: There are is no client key imported - connection to server not possible."
                echo
            else
                if [ $(eval ${agent_ids_cmd} | wc -l) -gt 1 ]; then
                    echo "ERROR: There are multiple client keys imported - only one is allowed."
                    echo
                    return 1
                fi
            fi
            ;;
    esac

    return 0
}

ossec_hids_inline_content() {
    local element="$1"
    sed -En "s|.*<${element}>(.*)</${element}>.*|\1|p"
}

ossec_hids_remove_comments() {
    # Comments must be on separate lines i.e. not next to uncommented code
    awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
}

ossec_hids_config_profile() {
    if [ ! -f "${ossec_conf}" ]; then
        echo -n "ERROR: The \"${ossec_conf}\" is missing."
        if [ -x "${ossec_conf_bin}" ]; then
            echo " Run:"
            echo "$(realpath $0) merge_config"
        else
            echo
        fi
        echo
        return 1
    fi
    if [ ! -f "${agent_conf}" ]; then
        echo "ERROR: The \"${agent_conf}\" is missing. Run:"
        echo "$(realpath $0) fetch_config"
        echo
        return 1
    fi

    local os="FreeBSD"
    local name=$(eval ${agent_names_cmd})

    local server_profiles=`ossec_hids_remove_comments < "${agent_conf}" | sed -En \
        -e "s|.*<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]+name=\"${name}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]+os=\"${os}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]*>.*|\1|p" \
        -e "s|.*<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]*>.*|\1|p" \
        | sort -u`

    local agent_profiles=$(ossec_hids_remove_comments < "${ossec_conf}" | ossec_hids_inline_content "config-profile" | sed -E 's|[[:space:]]*,[[:space:]]*| |g')

    local output=""
    for server_profile in ${server_profiles}; do
        local matching_profile=""
        for agent_profile in ${agent_profiles}; do
            if [ "${agent_profile}" == "${server_profile}" ]; then
                matching_profile="${agent_profile}"
                break
            fi
        done
        if [ -n "${matching_profile}" ]; then
            output="${output}(+) ${server_profile}
"
        else
            output="${output}(-) ${server_profile}
"
        fi
    done
    for agent_profile in ${agent_profiles}; do
        local matching_profile=""
        for server_profile in ${server_profiles}; do
            if [ "${server_profile}" == "${agent_profile}" ]; then
                matching_profile="${server_profile}"
                break
            fi
        done
        if [ -z "${matching_profile}" ]; then
            output="${output}(?) ${agent_profile}
"
        fi
    done

    echo -n "${output}" | sort -k 2
}

ossec_hids_config_is_outdated() {
    local dst_file="$1"
    local src_dir="$2"

    if [ ! -e "${dst_file}" ]; then
        return 0
    fi

    if [ "${src_dir}" -nt "${dst_file}" ]; then
        return 0
    fi

    for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do
        if [ "${src_file}" -nt "${dst_file}" ]; then
            return 0
        fi
    done

    return 1
}

ossec_hids_create_config() {
    case ${ossec_type} in
        server)
            if [ -x "${agent_conf_bin}" ]; then
                # Merge agent.conf.d files into agent.conf
                if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
                    ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
                    "${agent_conf_bin}" > "${agent_conf}"
                fi
            fi
            ;;
    esac

    if [ -x "${ossec_conf_bin}" ]; then
        # Merge ossec.conf.d files into ossec.conf
        if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
            ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
            "${ossec_conf_bin}" > "${ossec_conf}"
        fi
    fi

    return 0
}

ossec_hids_create_env() {
    # Copy required files from outside of home directory
    if [ ! -e "${ossec_local_time}" ]; then
        echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"."
        echo
        return 1
    fi
    install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"

    return 0
}

ossec_hids_clean() {
    if [ "${ossec_type}" == "server" ]; then
        rm -f "${ossec_merged}"
    fi

    if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then
        echo -n > "${ossec_log}"
    fi

    if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then
        echo -n > "${ossec_ar_log}"
    fi

    return 0
}

ossec_hids_reset_counter() {
    local agent_name="$1"

    ossec_hids_command stop
    sleep 1
    echo

    case ${ossec_type} in
        server)
            if [ -z "${agent_name}" ]; then
                echo "ERROR: Specify agent name to reset counter for this agent or \"-\" to reset counters for all agents."
                echo
                return 1
            fi
            local agent_counter=0
            if [ "${agent_name}" == "-" ]; then
                for agent_id in $(eval ${agent_ids_cmd}); do
                    if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
                        rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
                    fi
                done
            else
                local agent_id=`${ossec_home}/bin/manage_agents -l | sed -En -e "s|.*ID:[[:space:]]*([[:digit:]]+),[[:space:]]*Name:[[:space:]]${agent_name},.*|\1|p"`
                if [ -n "${agent_id}" ]; then
                    if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
                        rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
                    fi
                fi
            fi
            echo "Removed ${agent_counter} counter(s)."
            echo
            ;;
        agent)
            local agent_counter=0
            for agent_id in $(eval ${agent_ids_cmd}); do
                # Should be executed only once
                if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
                    rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
                fi
            done
            echo "Removed ${agent_counter} counter(s)."
            echo
            ;;
    esac

    return 0
}

ossec_hids_fetch_config() {
    ossec_hids_command stop
    sleep 1
    echo
    rm -f "${ossec_merged}"
    ossec_hids_command start || return 1
    echo
    echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start."
    sleep ${ossec_hids_fetch_connect_time}
    if [ ! -s "${ossec_merged}" ]; then
        echo "ERROR: Failed to download shared configuration from the OSSEC server."
        echo
        local ossec_log_tail=$(tail "${ossec_log}")
        echo "Portion of the \"${ossec_log}\":"
        echo "${ossec_log_tail}"
        echo
        if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then
            echo "Check if your configuration contains the correct server address in \"server-ip\" option."
            echo
        else
            local ossec_rc_path="$(realpath $0)"
            echo "Is the imported agent key correct? To import it run:"
            echo "${ossec_rc_path} manage_agent"
            echo
            echo "If you are certain the imported agent key is correct, then run:"
            echo "${ossec_rc_path} reset_counter"
            echo "${ossec_rc_path} fetch_config"
            echo
            echo "If this does't help, you need to reset counter on the server."
            echo "If the server runs FreeBSD port of OSSEC, run:"
            echo "On the agent:"
            echo "${ossec_rc_path} reset_counter"
            echo "On the server:"
            echo "${ossec_rc_path} reset_counter $(eval ${agent_names_cmd})"
            echo "${ossec_rc_path} start"
            echo "On the agent:"
            echo "${ossec_rc_path} fetch_config"
            echo
        fi
        ossec_hids_command stop
        return 1
    else
        # The download has started
        while true; do
            local current_time=$(date +%s)
            local modification_time=$(stat -f %m "${ossec_merged}")
            if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then
                echo "Download finished."
                echo
                ossec_hids_command restart || return 1
                break;
            else
                echo "Download in progress..."
                sleep ${ossec_hids_fetch_read_time}
            fi
        done
    fi

    return 0
}

ossec_hids_ossec_conf() {
    if [ -x "${ossec_conf_bin}" ]; then
        "${ossec_conf_bin}"
    elif [ -f "${ossec_conf}" ]; then
        cat "${ossec_conf}"
    fi
}

ossec_hids_agent_conf() {
    if [ -x "${agent_conf_bin}" ]; then
        "${agent_conf_bin}"
    elif [ -f "${agent_conf}" ]; then
        cat "${agent_conf}"
    fi
}

ossec_hids_manage_agent() {
    "${ossec_home}/bin/manage_agents" $@
    return $?
}

ossec_hids_command() {
    "${ossec_home}/bin/ossec-control" $1
    return $?
}

run_rc_command "${ossec_rc_command}"

Line 0 Link Here

(-)security/ossec-hids-local/files/patch-src_Makefile (+10 lines)
	1	--- src/Makefile.orig 2018-10-11 22:25:16 UTC
	2	+++ src/Makefile
	3	@@ -406,7 +406,6 @@ endif
	4	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff
	5
	6	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc
	7	- install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc
	8
	9	install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp
	10




#!/bin/sh

ossec_home="%%OSSEC_HOME%%"
ar_conf="${ossec_home}/etc/shared/ar.conf"
merged_mg="${ossec_home}/etc/shared/merged.mg"
client_keys="${ossec_home}/etc/client.keys"
firewall_drop="${ossec_home}/active-response/bin/firewall-drop.sh"
local_time="${ossec_home}/etc/localtime"

if [ "$2" == "DEINSTALL"  ]; then
    rm -f "${ar_conf}"
    rm -f "${merged_mg}"
    if [ ! -s "${client_keys}" ]; then
        rm -f "${client_keys}"
    fi
    rm -f "${firewall_drop}"
    rm -f "${local_time}"
fi




#!/bin/sh

ossec_home="%%OSSEC_HOME%%"
client_keys="${ossec_home}/etc/client.keys"

create_file() {
    local path=$1
    local owner=$2
    local mode=$3

    if [ ! -e "${path}" ]; then
        touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
    fi
}

if [ "$2" == "POST-INSTALL"  ]; then
    pw usermod %%OSSEC_USER%% -d "${ossec_home}"
    pw usermod ossecm -d "${ossec_home}"
    pw usermod ossecr -d "${ossec_home}"
    chown %%USER%%:%%OSSEC_GROUP%% "${ossec_home}"

    create_file "${client_keys}" root:ossec 0640
fi




#!/bin/sh

# This script is part of FreeBSD port - report any issues to the port MAINTAINER

ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
ossec_rc="%%OSSEC_RC%%"

ACTION=$1
USER=$2
IP=$3

LOCAL=`dirname $0`;
cd $LOCAL
cd ../../tmp

# Logging the call
echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log"

case ${ACTION} in
    add)
        "${ossec_rc}" restart
        exit 0
        ;;
    delete)
        exit 0
        ;;
    *)
        echo "$0: invalid action: ${ACTION}"
        exit 1
        ;;
esac

Line 0 Link Here

(-)security/ossec-hids-local/pkg-descr (+6 lines)
	1	OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
	2	System (HIDS). It has a powerful correlation and analysis engine, integrating
	3	log analysis, file integrity checking, Windows registry monitoring, centralized
	4	policy enforcement, rootkit detection, real-time alerting and active response.
	5
	6	WWW: https://ossec.github.io




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
@dir(,,0550) %%OSSEC_HOME%%/bin
@(,,0550) %%OSSEC_HOME%%/bin/agent-auth
@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
@(,,0550) %%OSSEC_HOME%%/bin/util.sh
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
@dir(,ossec,0550) %%OSSEC_HOME%%/queue
@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
@dir(,ossec,0550) %%OSSEC_HOME%%/var
@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
%%PORTDOCS%%%%DOCSDIR%%/BUGS
%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
%%PORTDOCS%%%%DOCSDIR%%/LICENSE
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
@dir(,ossec,0550) %%OSSEC_HOME%%/agentless
@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
@dir(,,0550) %%OSSEC_HOME%%/bin
@(,,0550) %%OSSEC_HOME%%/bin/agent_control
@(,,0550) %%OSSEC_HOME%%/bin/clear_stats
@(,,0550) %%OSSEC_HOME%%/bin/list_agents
@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
@(,,0550) %%OSSEC_HOME%%/bin/util.sh
@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
@dir(,ossec,0550) %%OSSEC_HOME%%/rules
@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
@dir(,ossec,0550) %%OSSEC_HOME%%/queue
@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
@dir(,ossec,0550) %%OSSEC_HOME%%/var
@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
%%PORTDOCS%%%%DOCSDIR%%/BUGS
%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
%%PORTDOCS%%%%DOCSDIR%%/LICENSE
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
%%MYSQL%%%%DOCSDIR%%/mysql.schema
%%PGSQL%%%%DOCSDIR%%/postgresql.schema




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
@dir(,ossec,0550) %%OSSEC_HOME%%/agentless
@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
@dir(,,0550) %%OSSEC_HOME%%/bin
@(,,0550) %%OSSEC_HOME%%/bin/agent_control
@(,,0550) %%OSSEC_HOME%%/bin/clear_stats
@(,,0550) %%OSSEC_HOME%%/bin/list_agents
@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
@(,,0550) %%OSSEC_HOME%%/bin/util.sh
@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
@dir(,ossec,0550) %%OSSEC_HOME%%/rules
@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
@dir(,ossec,0550) %%OSSEC_HOME%%/queue
@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
@dir(,ossec,0550) %%OSSEC_HOME%%/var
@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
%%PORTDOCS%%%%DOCSDIR%%/BUGS
%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
%%PORTDOCS%%%%DOCSDIR%%/LICENSE
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
%%MYSQL%%%%DOCSDIR%%/mysql.schema
%%PGSQL%%%%DOCSDIR%%/postgresql.schema




#!/bin/sh

# Script generates entries for pkg-plist.
# Do not use it directly. Use the following command instead:
#
# make MAINTAINER_MODE=yes clean plist

OSSEC_TYPE=$1
OSSEC_HOME=$2
PLIST=$3
WORKDIR=$4
STAGEDIR=$5

staged_plist="${WORKDIR}/.staged-plist"
fixed_lines=""
if [ "${OSSEC_TYPE}" != "agent" ]; then
    fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema"
fi
skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema"
skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua"
sample_paths="/etc/local_internal_options.conf.sample"
if [ "${OSSEC_TYPE}" == "agent" ]; then
    skip_paths="${skip_paths} /rules /agentless /.ssh"
fi

print_path() {
    local path="$1"
    local command="$2"
    local full_path="${STAGEDIR}${OSSEC_HOME}${path}"
    if [ -z "${command}" ]; then
        command="@"
        if [ -d "${full_path}" ]; then
            command="@dir"
        fi
    fi
    local user=`stat -f "%Su" "${full_path}"`
    if [ "${user}" == "${USER}" ]; then
        user=""
    fi
    local group=`stat -f "%Sg" "${full_path}"`
    if [ "${group}" == "${GROUP}" ]; then
        group=""
    fi
    local mode=`stat -f "%p" "${full_path}" | tail -c 5`
    echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
}

echo -n > "${PLIST}"

print_path

done_paths=""
while read line; do
    skip_line=""
    for e in ${skip_lines}; do
        if [ "${e}" == "${line}" ]; then
            skip_line="${e}"
            break
        fi
    done
    if [ -z "${skip_line}" ]; then
        path=""
        case $line in
            "@dir %%OSSEC_HOME%%"*)
                path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"`
                ;;
            "%%OSSEC_HOME%%"*)
                path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"`
                ;;
            "%%"*)
                unchanged_lines="${unchanged_lines} ${line}"
                ;;
        esac
        if [ -n "${path}" ]; then
            segments=`echo "${path}" | tr "/" "\n"`
            path=""
            for segment in ${segments}; do
                path="${path}/${segment}"
                skip_path=""
                for e in ${skip_paths}; do
                    if [ "${e}" == "${path}" ]; then
                        skip_path="${e}"
                        break
                    fi
                done
                if [ -n "${skip_path}" ]; then
                    break
                fi
                done_path=""
                for e in ${done_paths}; do
                    if [ "${e}" == "${path}" ]; then
                        done_path="${e}"
                        break
                    fi
                done
                if [ -z "${done_path}" ]; then
                    done_paths="${done_paths} ${path}"
                    sample_path=""
                    for e in ${sample_paths}; do
                        if [ "${e}" == "${path}" ]; then
                            sample_path="${e}"
                            break
                        fi
                    done
                    if [ -n "${sample_path}" ]; then
                        print_path "${path}" @sample
                    else
                        print_path "${path}"
                    fi
                fi
            done
        fi
    fi
done < "${staged_plist}"

unchanged_lines="${unchanged_lines} ${fixed_lines}"
for line in ${unchanged_lines}; do
    echo "${line}" >> "${PLIST}"
done




# $FreeBSD$

PORTNAME=	ossec-hids
PORTVERSION=	3.1.0
PORTREVISION=
CATEGORIES=	security
PKGNAMESUFFIX=	-${OSSEC_TYPE}-config

MAINTAINER=	dominik.lisiak@bemsoft.pl
COMMENT=	Configuration manager for ossec-hids

LICENSE=	GPLv2

OSSEC_TYPE?=	local

MASTERDIR?=	${.CURDIR}

.if ${OSSEC_TYPE} == local
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-agent-* \
			ossec-hids-server-*
.elif ${OSSEC_TYPE} == agent
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-local-* \
			ossec-hids-server-*
.elif ${OSSEC_TYPE} == server
CONFLICTS_INSTALL=	ossec-hids-client-* \
			ossec-hids-agent-* \
			ossec-hids-local-*
.endif

.if !defined(MAINTAINER_MODE)
RUN_DEPENDS=	ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}
.endif

.if defined(MAINTAINER_MODE)
USE_GITHUB=	yes
GH_ACCOUNT=	ossec
.else
MASTER_SITES=	#
DISTFILES=	#
EXTRACT_ONLY=	#
.endif
NO_BUILD=	yes
NO_ARCH=	yes

OPTIONS_SUB=			yes

OPTIONS_SINGLE=			FIREWALL
OPTIONS_SINGLE_FIREWALL=	IPF IPFW PF

OPTIONS_DEFAULT+=		IPF

FIREWALL_DESC=		Active Response Firewall
PF_DESC=		Packet Filter
IPFW_DESC=		ipfirewall
IPF_DESC=		ipfilter

TEMPL_ENABLED_HEADER=		template-header-enabled.xml
TEMPL_DISABLED_HEADER=		template-header-disabled.xml
TEMPL_SAMPLE_HEADER=		template-header-sample.xml
TEMPL_PUSHED_ENABLED_HEADER=	${TEMPL_ENABLED_HEADER}
TEMPL_PUSHED_DISABLED_HEADER=	${TEMPL_DISABLED_HEADER}

TEMPL_SAMPLE=		template-sample-${OSSEC_TYPE}.xml
TEMPL_SAMPLE_DB=	template-sample-database.xml

PF_VARS=		FW_DROP=pf.sh PKGMSG_FILES+=message-pf
IPFW_VARS=		FW_DROP=ipfw.sh
IPF_VARS=		FW_DROP=ipfilter.sh

.if defined(MAINTAINER_MODE)
OSSEC_HOME=		${PREFIX}/${PORTNAME}
.else
OSSEC_HOME?=		${PREFIX}/${PORTNAME}
.endif
OSSEC_RC=		${PREFIX}/etc/rc.d/ossec-hids
TEMPL_TO_OSSEC=		${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME}
TEMPL_TO_AGENT=		${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME}

OSSEC_DIR=		${STAGEDIR}${OSSEC_HOME}
BIN_DIR=		${OSSEC_DIR}/bin
CONF_BIN_DIR=		${BIN_DIR}/config
OSSEC_CONF_BIN=		${CONF_BIN_DIR}/ossec-conf
AGENT_CONF_BIN=		${CONF_BIN_DIR}/agent-conf
COMMAND_BIN_DIR=	${BIN_DIR}/command

AR_BIN_DIR=		${OSSEC_DIR}/active-response/bin
MERGE_CONFIG_BIN=	${AR_BIN_DIR}/merge-config.sh

ETC_DIR=		${OSSEC_DIR}/etc
OSSEC_CONF_DIR=		${ETC_DIR}/ossec.conf.d
AGENT_CONF_DIR=		${ETC_DIR}/agent.conf.d
OSSEC_LOCAL_CONF_DIR=	${OSSEC_CONF_DIR}/disabled
AGENT_LOCAL_CONF_DIR=	${AGENT_CONF_DIR}/disabled
OSSEC_SAMPLE_CONF=	${OSSEC_CONF_DIR}/900.local.conf.sample
COMMAND_CONF_DIR=	${ETC_DIR}
COMMAND_CONF=		${COMMAND_CONF_DIR}/command.conf.sample
RULES_DIR=		${OSSEC_DIR}/rules

.if empty(USER)
USER=$$(${ID} -un)
.endif
.if empty(GROUP)
GROUP=$$(${ID} -gn)
.endif

OSSEC_USER=	ossec
OSSEC_GROUP=	ossec

SUB_LIST+=	PORTNAME=${PORTNAME} \
		OSSEC_TYPE=${OSSEC_TYPE} \
		OSSEC_HOME=${OSSEC_HOME} \
		VERSION=${PORTVERSION} \
		USER=${USER} \
		OSSEC_USER=${OSSEC_USER} \
		OSSEC_GROUP=${OSSEC_GROUP} \
		OSSEC_RC=${OSSEC_RC} \
		FW_DROP=${FW_DROP}
SUB_FILES=	pkg-install \
		pkg-deinstall \
		${PKGMSG_FILES} \
		${TEMPL_ENABLED_HEADER} \
		${TEMPL_DISABLED_HEADER} \
		${TEMPL_SAMPLE_HEADER} \
		${TEMPL_PUSHED_ENABLED_HEADER} \
		${TEMPL_PUSHED_DISABLED_HEADER} \
		${TEMPL_SAMPLE} \
		merge-config.sh \
		ossec-conf \
		command.conf
.if ${OSSEC_TYPE} == server
SUB_FILES+=	agent-conf
.endif

.if defined(MAINTAINER_MODE)
PLIST_SUB=	OSSEC_HOME=${PORTNAME}
.else
PLIST_SUB=	OSSEC_HOME=${OSSEC_HOME}
.endif
PLIST=		${PKGDIR}/pkg-plist-${OSSEC_TYPE}
PKGHELP=	${PKGDIR}/pkg-help-${OSSEC_TYPE}
PKGMESSAGE=	${WRKDIR}/pkg-message
PKGMSG_FILES=	message-ossec-conf
.if ${OSSEC_TYPE} == server
PKGMSG_FILES+=	message-agent-conf
.endif

CONF_GROUPS=	RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS

############################################################

.for conf_group in ${CONF_GROUPS}
. include "${MASTERDIR}/opt-${conf_group:tl}.mk"
${conf_group}_INSTANCE_OPTIONS=
${conf_group}_PUSHED_OPTIONS=
. for option in ${${conf_group}_OPTIONS}
.  if ${${option}_DEFINE:M${OSSEC_TYPE}}
${conf_group}_INSTANCE_OPTIONS+=		${option}
${conf_group}_ALL_OPTIONS+=			${option}
.  endif
.  if ${${option}_DEFINE:Mpushed}
.   if ${OSSEC_TYPE} == server
${conf_group}_PUSHED_OPTIONS+=			${option}
.   endif
.   if !${${conf_group}_ALL_OPTIONS:M${option}}
${conf_group}_ALL_OPTIONS+=			${option}
.   endif
.  endif
. endfor
.endfor

############################################################

.for conf_group in ${CONF_GROUPS}
. if !empty(${conf_group}_PROFILE)
.  if ${OSSEC_TYPE} == agent
.   if empty(CLIENT_PROFILES)
CLIENT_PROFILES:=	${${conf_group}_PROFILE}
.   else
CLIENT_PROFILES:=	${CLIENT_PROFILES}, ${${conf_group}_PROFILE}
.   endif
.  endif
SUB_LIST+=		${conf_group}_PROFILE=${${conf_group}_PROFILE}
. endif
. for option in ${${conf_group}_ALL_OPTIONS}
.  if !empty(${option}_PROFILE)
.   if ${OSSEC_TYPE} == agent
.    if empty(CLIENT_PROFILES)
CLIENT_PROFILES:=	${${option}_PROFILE}
.    else
CLIENT_PROFILES:=	${CLIENT_PROFILES}, ${${option}_PROFILE}
.    endif
.   endif
SUB_LIST+=		${option}_PROFILE=${${option}_PROFILE}
.  endif
. endfor
.endfor

SUB_LIST+=		CLIENT_PROFILES="${CLIENT_PROFILES}"

############################################################

.for conf_group in ${CONF_GROUPS}
. for option in ${${conf_group}_ALL_OPTIONS}
.  if !defined(${option}_TEMPLATE)
${option}_TEMPLATE=	template-${option:tl:S/_/-/g}.xml
.  endif
.  if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}}
SUB_FILES+=		${${option}_TEMPLATE}
.  endif
. endfor
.endfor

.for file_name in ${RULES_FILES}
SUB_FILES+=		rules-${file_name}.xml
.endfor

.for file_name in ${CMDOUT_SCRIPTS}
SUB_FILES+=		command-${file_name}.sh
.endfor

############################################################

.for conf_group in ${CONF_GROUPS}
. for option in ${${conf_group}_INSTANCE_OPTIONS}
.  if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
${${${option}_DEPENDS}_OPTION}_VARS+=		${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
${${${option}_DEPENDS}_OPTION}_VARS_OFF+=	${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
.  elif !empty(${option}_OPTION)
OPTIONS_GROUP_G_${conf_group}+=			${${option}_OPTION}
${${option}_OPTION}_DESC=			${${option}_DESC}
.   if ${${option}_DEFAULT:M${OSSEC_TYPE}}
OPTIONS_DEFAULT+=				${${option}_OPTION}
.   endif
${${option}_OPTION}_VARS+=			${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
${${option}_OPTION}_VARS_OFF+=			${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
.  endif
. endfor
. if !empty(OPTIONS_GROUP_G_${conf_group})
OPTIONS_GROUP+=			G_${conf_group}
G_${conf_group}_DESC=		${${conf_group}_DESC}
. endif
.endfor

############################################################

.for conf_group in ${CONF_GROUPS}
. for option in ${${conf_group}_PUSHED_OPTIONS}
.  if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}}
${${${option}_DEPENDS}_OPTION}_P_VARS+=		${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+=	${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
.  elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
${${${option}_DEPENDS}_OPTION}_VARS+=		${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
${${${option}_DEPENDS}_OPTION}_VARS_OFF+=	${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
.  elif !empty(${option}_OPTION)
OPTIONS_GROUP_G_${conf_group}_P+=		${${option}_OPTION}_P
${${option}_OPTION}_P_DESC=			${${option}_DESC}
.   if !empty(${option}_PROFILE)
${${option}_OPTION}_P_DESC+=			(profile: ${${option}_PROFILE})
.   endif
.   if ${${option}_DEFAULT:Mpushed}
OPTIONS_DEFAULT+=				${${option}_OPTION}_P
.   endif
${${option}_OPTION}_P_VARS+=			${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
${${option}_OPTION}_P_VARS_OFF+=		${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
.  endif
. endfor
. if !empty(OPTIONS_GROUP_G_${conf_group}_P)
OPTIONS_GROUP+=			G_${conf_group}_P
G_${conf_group}_P_DESC=		Pushed ${${conf_group}_DESC}
.  if !empty(${conf_group}_PROFILE)
G_${conf_group}_P_DESC+=	(profile: ${${conf_group}_PROFILE})
.  endif
. endif
.endfor

############################################################

.include <bsd.port.pre.mk>

show-opts:
.for conf_group in ${CONF_GROUPS}
	@${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}"
. for option in ${${conf_group}_INSTANCE_OPTIONS}
	@${ECHO_CMD} "  ${option}: ${${option}_DESC}"
.  if empty(${option}_TEMPLATE)
	@${ECHO_CMD} "    Template: -"
.  else
	@${ECHO_CMD} "    Template: ${${option}_TEMPLATE}"
.  endif
.  if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
	@${ECHO_CMD} "    Enabled:  true"
.  endif
.  if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
	@${ECHO_CMD} "    Enabled:  false"
.  endif
.  if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
	@${ECHO_CMD} "    Pushed:   true"
.  endif
.  if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
	@${ECHO_CMD} "    Pushed:   false"
.  endif
. endfor
.endfor

pre-install:
	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \
		${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \
		${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \
		${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \
		${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}

ossec-dirs:
	@${MKDIR} -p ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR}
.if ${OSSEC_TYPE} != agent
	@${MKDIR} -p ${RULES_DIR}
.endif
.if ${OSSEC_TYPE} == server
	@${MKDIR} -p ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
.endif

ossec-scripts:
	@${CP} -f ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN}
.if ${OSSEC_TYPE} == server
	@${CP} -f ${WRKDIR}/agent-conf ${AGENT_CONF_BIN}
.endif
.for file_name in ${CMDOUT_SCRIPTS}
	@${CP} -f ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh
.endfor
	@${CP} -f ${WRKDIR}/command.conf ${COMMAND_CONF}
	@${CP} -f ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN}

ossec-rules:
.if ${OSSEC_TYPE} != agent
. for file_name in ${RULES_FILES}
	@${SED} -e 's|<?xml.*?>||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml
. endfor
.endif

ossec-conf-managed:
.for conf_group in ${CONF_GROUPS}
. if !empty(${conf_group}_INSTANCE_OPTIONS)
	@${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
.  if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED)
.   for option in ${${conf_group}_INSTANCE_OPTIONS}
.    if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
.     if !empty(${option}_TEMPLATE)
	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
	@${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
	@${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
.     endif
.    endif
.   endfor
.  endif
. endif
.endfor

ossec-conf-local:
.for conf_group in ${CONF_GROUPS}
. if !empty(${conf_group}_INSTANCE_OPTIONS)
	@${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
.  if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED)
.   for option in ${${conf_group}_INSTANCE_OPTIONS}
.    if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
.     if !empty(${option}_TEMPLATE)
	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
	@${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
	@${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
.     endif
.    endif
.   endfor
.  endif
. endif
.endfor

ossec-conf-sample:
	@${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF}
	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
	@${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF}
	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
	@-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \
		${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \
		${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}

agent-conf-managed:
.for conf_group in ${CONF_GROUPS}
. if !empty(${conf_group}_PUSHED_OPTIONS)
	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
.  if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED)
.   for option in ${${conf_group}_PUSHED_OPTIONS}
.    if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
.     if !empty(${option}_TEMPLATE)
	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
	@${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
	@${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
.     endif
.    endif
.   endfor
.  endif
. endif
.endfor

agent-conf-local:
.for conf_group in ${CONF_GROUPS}
. if !empty(${conf_group}_PUSHED_OPTIONS)
	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
.  if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED)
.   for option in ${${conf_group}_PUSHED_OPTIONS}
.    if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
.     if !empty(${option}_TEMPLATE)
	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
	@${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
	@${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
.     endif
.    endif
.   endfor
.  endif
. endif
.endfor

do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local

ossec-permissions:
	@${CHMOD} -R 550 ${OSSEC_DIR}
	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/*
	@${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR}
.if ${OSSEC_TYPE} != agent
	@${CHMOD} 640 ${RULES_DIR}/*
.endif
.if ${OSSEC_TYPE} == server
	@${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/*
	@${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
.endif
.if defined(MAINTAINER_MODE)
	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
.endif

post-install: ossec-permissions
	@${ECHO_CMD} -n > ${PKGMESSAGE}
.for file_name in ${PKGMSG_FILES}
	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
	@${ECHO_CMD} >> ${PKGMESSAGE}
.endfor

.if defined(MAINTAINER_MODE)
plist: makeplist
	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}

rules: extract
	@${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
.endif

.include <bsd.port.post.mk>

Line 0 Link Here

(-)security/ossec-hids-local-config/distinfo (+3 lines)
	1	TIMESTAMP = 1539459620
	2	SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
	3	SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469




#!/bin/sh

ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"

agent_conf_dir="${ossec_home}/etc/agent.conf.d"
agent_conf_files="${agent_conf_dir}/*.conf"

select_elements() {
    local element="$1"
    sed -n "/<${element}.*>/,/<\/${element}>/p"
}

remove_comments() {
    # Comments must be on separate lines i.e. not next to uncommented code
    awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
}

remove_empty_lines() {
    sed '/^\s*$/d'
}

agent_conf() {

    echo "<!-- OSSEC HIDS %%VERSION%% -->"
    echo
    echo "<!-- DO NOT EDIT - file generated automatically - edit \"agent.conf.d/900.local.conf\" instead -->"
    echo

    cat $@ | remove_comments | select_elements "agent_config" | remove_empty_lines
}

agent_conf "${agent_conf_files}"

Line 0 Link Here

(-)security/ossec-hids-local-config/files/command-last-logins.sh.in (+8 lines)
	1	#!/bin/sh
	2
	3	# This script is part of FreeBSD port - report any issues to the port MAINTAINER
	4
	5	ossec_home="%%OSSEC_HOME%%"
	6	. "${ossec_home}/etc/command.conf"
	7
	8	last -n ${last_logins}




#!/bin/sh

# This script is part of FreeBSD port - report any issues to the port MAINTAINER

family=$1
protocol=$2
ports=$3

if [ -z "${ports}" ]; then
    privileged_ports="1-$((`sysctl -n net.inet.ip.portrange.first` - 1))"

    ossec_home="%%OSSEC_HOME%%"
    . "${ossec_home}/etc/command.conf"

    ports="privileged_${protocol}_ports"
    eval ports=\$${ports}
fi

sockstat -l -${family} -P ${protocol} -p ${ports} | grep -Eo '[^[:space:]]+:[0-9]+' | sort -u

Line 0 Link Here

(-)security/ossec-hids-local-config/files/command.conf.in (+6 lines)
	1	#!/bin/sh
	2
	3	last_logins=5
	4
	5	privileged_tcp_ports=${privileged_ports},10050-10051
	6	privileged_udp_ports=${privileged_ports}




#!/bin/sh

# This script is part of FreeBSD port - report any issues to the port MAINTAINER

ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
ossec_rc="%%OSSEC_RC%%"

ACTION=$1
USER=$2
IP=$3

LOCAL=`dirname $0`;
cd $LOCAL
cd ../../tmp

# Logging the call
echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log"

case ${ACTION} in
    add)
        "${ossec_rc}" merge_config
        exit 0
        ;;
    delete)
        exit 0
        ;;
    *)
        echo "$0: invalid action: ${ACTION}"
        exit 1
        ;;
esac

Line 0 Link Here

(-)security/ossec-hids-local-config/files/message-agent-conf.in (+3 lines)
	1	The "agent.conf" must no longer be used for configuration. It will be
	2	overwritten by merged "*.conf" files from the configuration directory:
	3	%%OSSEC_HOME%%/etc/agent.conf.d

Line 0 Link Here

(-)security/ossec-hids-local-config/files/message-ossec-conf.in (+3 lines)
	1	The "ossec.conf" must no longer be used for configuration. It will be
	2	overwritten by merged "*.conf" files from the configuration directory:
	3	%%OSSEC_HOME%%/etc/ossec.conf.d

Line 0 Link Here

(-)security/ossec-hids-local-config/files/message-pf.in (+4 lines)
	1	Add the ossec_fwtable to /etc/pf.conf if using "firewall-drop" active response:
	2	table <ossec_fwtable> persist
	3	block in quick from <ossec_fwtable> to any
	4	block out quick from any to <ossec_fwtable>




#!/bin/sh

ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"

ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_files="${ossec_conf_dir}/*.conf"

select_elements_content() {
    local element="$1"
    sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }"
}

remove_elements() {
    local element="$1"
    sed -e "/<${element}>/,/<\/${element}>/d"
}

remove_comments() {
    # Comments must be on separate lines i.e. not next to uncommented code
    awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
}

remove_empty_lines() {
    sed '/^\s*$/d'
}

ossec_conf() {
    echo "<!-- OSSEC HIDS %%VERSION%% -->"
    echo
    echo "<!-- DO NOT EDIT - file generated automatically - edit \"ossec.conf.d/900.local.conf\" instead -->"
    echo
    echo "<ossec_config>"

    if [ "${ossec_type}" != "agent"  ]; then
        if cat $@ | remove_comments | grep -q "<rules>"; then
            echo "  <rules>"
            cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines
            echo "  </rules>"
        fi
    fi

    if cat $@ | remove_comments | grep -q "<rootcheck>"; then
        echo "  <rootcheck>"
        cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines
        echo "  </rootcheck>"
    fi

    if cat $@ | remove_comments | grep -q "<syscheck>"; then
        echo "  <syscheck>"
        cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines
        echo "  </syscheck>"
    fi

    cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" |  remove_elements "syscheck" | remove_empty_lines

    echo "</ossec_config>"
}

ossec_conf "${ossec_conf_files}"

Line 0 Link Here

(-)security/ossec-hids-local-config/files/pkg-deinstall.in (+10 lines)
	1	#!/bin/sh
	2
	3	ossec_home="%%OSSEC_HOME%%"
	4	ossec_conf="${ossec_home}/etc/ossec.conf"
	5	agent_conf="${ossec_home}/etc/shared/agent.conf"
	6
	7	if [ "$2" == "DEINSTALL" ]; then
	8	rm -f "${ossec_conf}"
	9	rm -f "${agent_conf}"
	10	fi




#!/bin/sh

ossec_home="%%OSSEC_HOME%%"
ar_bin_dir="${ossec_home}/active-response/bin"
ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_bak="${ossec_conf}.bak"
agent_conf="${ossec_home}/etc/shared/agent.conf"
agent_conf_bak="${ossec_home}/etc/agent.conf.bak"

if [ "$2" == "POST-INSTALL"  ]; then
    ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh"

    if [ -e "${ossec_conf}" ]; then
        mv -f "${ossec_conf}" "${ossec_conf_bak}"
        echo
        echo "WARNING:"
        echo "  Existing \"${ossec_conf}\" has been saved to \"${ossec_conf_bak}\"."
        echo
    fi

    case "$1" in
        ossec-hids-server*)
            if [ -e "${agent_conf}" ]; then
                mv -f "${agent_conf}" "${agent_conf_bak}"
                echo
                echo "WARNING:"
                echo "  Existing \"${agent_conf}\" has been saved to \"${agent_conf_bak}\"."
                echo
            fi
            ;;
    esac
fi




<?xml version="1.0" encoding="UTF-8"?>
<group name="ossec,">

  <rule id="56041" level="1">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-last-logins'</match>
    <check_diff />
    <description>List of the last logged in users.</description> 
  </rule>

  <rule id="56042" level="1">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-tcp4-all'</match>
    <check_diff />
    <description>Listening IPv4 TCP port opened or closed.</description>
  </rule>

  <rule id="56043" level="7">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-tcp4'</match>
    <check_diff />
    <description>Listening IPv4 TCP port opened or closed.</description>
  </rule>

  <rule id="56044" level="1">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-tcp6-all'</match>
    <check_diff />
    <description>Listening IPv6 TCP port opened or closed.</description>
  </rule>

  <rule id="56045" level="7">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-tcp6'</match>
    <check_diff />
    <description>Listening IPv6 TCP port opened or closed.</description>
  </rule>

  <rule id="56046" level="1">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-udp4-all'</match>
    <check_diff />
    <description>Listening IPv4 UDP port opened or closed.</description>
  </rule>

  <rule id="56047" level="7">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-udp4'</match>
    <check_diff />
    <description>Listening IPv4 UDP port opened or closed.</description>
  </rule>

  <rule id="56048" level="1">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-udp6-all'</match>
    <check_diff />
    <description>Listening IPv6 UDP port opened or closed.</description>
  </rule>

  <rule id="56049" level="7">
    <if_sid>530</if_sid>
    <match>ossec: output: 'freebsd-open-ports-udp6'</match>
    <check_diff />
    <description>Listening IPv6 UDP port opened or closed.</description>
  </rule>

</group>




<?xml version="1.0" encoding="UTF-8"?>
<group name="ossec,">

  <rule id="56001" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>%%OSSEC_HOME%%/etc/ossec.conf.d</match>
    <description>ossec.conf.d has been modified</description>
  </rule>

  <rule id="56002" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>%%OSSEC_HOME%%/etc/ossec.conf</match>
    <description>ossec.conf has been modified</description>
  </rule>

  <rule id="56003" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>/var/ossec/etc/ossec.conf.d</match>
    <description>ossec.conf.d has been modified</description>
  </rule>

  <rule id="56004" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>/var/ossec/etc/ossec.conf</match>
    <description>ossec.conf has been modified</description>
  </rule>

  <rule id="56021" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>%%OSSEC_HOME%%/etc/agent.conf.d</match>
    <description>agent.conf.d has been modified</description>
  </rule>

  <rule id="56022" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>%%OSSEC_HOME%%/etc/shared/agent.conf</match>
    <description>agent.conf has been modified</description>
  </rule>

  <rule id="56023" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>/var/ossec/etc/agent.conf.d</match>
    <description>agent.conf.d has been modified</description>
  </rule>

  <rule id="56024" level="10" ignore="10">
    <if_group>syscheck</if_group>
    <match>/var/ossec/etc/shared/agent.conf</match>
    <description>agent.conf has been modified</description>
  </rule>

</group>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <command>
    <name>host-deny</name>
    <executable>host-deny.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>firewall-drop</name>
    <executable>firewall-drop.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>disable-account</name>
    <executable>disable-account.sh</executable>
    <expect>user</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

  <command>
    <name>restart-ossec</name>
    <executable>restart-ossec.sh</executable>
    <expect></expect>
  </command>

  <command>
    <name>route-null</name>
    <executable>route-null.sh</executable>
    <expect>srcip</expect>
    <timeout_allowed>yes</timeout_allowed>
  </command>

</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<command>
	5	<name>merge-config</name>
	6	<executable>merge-config.sh</executable>
	7	<expect></expect>
	8	</command>
	9
	10	</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <active-response>
    <!-- Block the IP on the firewall. -->
    <!-- See: http://www.ossec.net/docs/syntax/head_ossec_config.active-response.html#active-response-options -->
    <command>firewall-drop</command>
    <location>local</location>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <active-response>
    <!-- Deny the IP in "/etc/hosts.allow" or "/etc/hosts.deny". -->
    <command>host-deny</command>
    <location>local</location>
    <level>6</level>
    <timeout>600</timeout>
  </active-response>

</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-ar-merge.xml.in (+11 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<active-response>
	5	<!-- Create "ossec.conf" and "agent.conf" if "ossec.conf.d/" or "agent.conf.d/" files change. -->
	6	<command>merge-config</command>
	7	<location>local</location>
	8	<rules_id>56001,56003,56021,56023</rules_id>
	9	</active-response>
	10
	11	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-ar-restart.xml.in (+11 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<active-response>
	5	<!-- Restart OSSEC if "ossec.conf" or "agent.conf" changes. -->
	6	<command>restart-ossec</command>
	7	<location>local</location>
	8	<rules_id>56002,56004,56022,56024</rules_id>
	9	</active-response>
	10
	11	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in (+10 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<localfile>
	5	<log_format>full_command</log_format>
	6	<command>%%OSSEC_HOME%%/bin/command/last-logins.sh</command>
	7	<alias>freebsd-last-logins</alias>
	8	</localfile>
	9
	10	</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp 1-65535</command>
    <alias>freebsd-open-ports-tcp4-all</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp</command>
    <alias>freebsd-open-ports-tcp4</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp 1-65535</command>
    <alias>freebsd-open-ports-tcp6-all</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp</command>
    <alias>freebsd-open-ports-tcp6</alias>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp 1-65535</command>
    <alias>freebsd-open-ports-udp4-all</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp</command>
    <alias>freebsd-open-ports-udp4</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp 1-65535</command>
    <alias>freebsd-open-ports-udp6-all</alias>
  </localfile>

  <localfile>
    <log_format>full_command</log_format>
    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp</command>
    <alias>freebsd-open-ports-udp6</alias>
  </localfile>

</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-header-disabled.xml.in (+10 lines)
	1	<!-- OSSEC HIDS %%VERSION%% -->
	2
	3	<!-- DO NOT EDIT - file generated automatically using disabled port options -->
	4
	5	<!--
	6	You can indirectly edit this file by copying it to the parent directory.
	7	The copied file will not be deleted or modified during port removal or
	8	upgrades.
	9	-->
	10

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-header-enabled.xml.in (+4 lines)
	1	<!-- OSSEC HIDS %%VERSION%% -->
	2
	3	<!-- DO NOT EDIT - file generated automatically using enabled port options -->
	4

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-header-sample.xml.in (+1 lines)
	1	<!-- Place customized configuration here - it will not be overwritten during upgrades. -->




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_APACHE_PROFILE%%">

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd-error.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/httpd-access.log</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_APACHE_PROFILE%%">

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/apache2/error.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/apache2/access.log</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_NGINX_PROFILE%%">

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/error.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/access.log</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_NGINX_PROFILE%%">

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/error.log</location>
  </localfile>

  <localfile>
    <log_format>apache</log_format>
    <location>/var/log/nginx/access.log</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_RADIUS_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/radius.log</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_RADIUS_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/freeradius/radius.log</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_RESPONSE_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>%%OSSEC_HOME%%/logs/active-responses.log</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_RESPONSE_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_SYSTEM_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/auth.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/maillog</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/security</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/userlog</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/xferlog</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_SYSTEM_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/auth.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/dpkg.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/kern.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/mail.log</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/messages</location>
  </localfile>

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/syslog</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%LOGS_VSFTPD_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/vsftpd.log</location>
  </localfile>

</template_config>

<template_config os="Linux" profile="%%LOGS_VSFTPD_PROFILE%%">

  <localfile>
    <log_format>syslog</log_format>
    <location>/var/log/vsftpd.log</location>
  </localfile>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%ROOTCHECK_BASIC_PROFILE%%">

  <rootcheck>
    <rootkit_files>%%OSSEC_HOME%%/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>%%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt</system_audit>
    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt</system_audit>
  </rootcheck>

</template_config>

<template_config os="Linux" profile="%%ROOTCHECK_BASIC_PROFILE%%">

  <rootcheck>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
  </rootcheck>

</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in (+9 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2
	3	<template_config os="Linux" profile="%%ROOTCHECK_CIS_L1_PROFILE%%">
	4
	5	<rootcheck>
	6	<system_audit>/var/ossec/etc/shared/cis_debianlinux7-8_L1_rcl.txt</system_audit>
	7	</rootcheck>
	8
	9	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in (+9 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2
	3	<template_config os="Linux" profile="%%ROOTCHECK_CIS_L2_PROFILE%%">
	4
	5	<rootcheck>
	6	<system_audit>/var/ossec/etc/shared/cis_debianlinux7-8_L2_rcl.txt</system_audit>
	7	</rootcheck>
	8
	9	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in (+9 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2
	3	<template_config os="Linux" profile="%%ROOTCHECK_CIS_PROFILE%%">
	4
	5	<rootcheck>
	6	<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
	7	</rootcheck>
	8
	9	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-rules-cmdout.xml.in (+8 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<rules>
	5	<include>freebsd_cmdout_rules.xml</include>
	6	</rules>
	7
	8	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-rules-config.xml.in (+8 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config>
	3
	4	<rules>
	5	<include>freebsd_config_rules.xml</include>
	6	</rules>
	7
	8	</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <rules>
    <include>rules_config.xml</include>
    <include>ossec_rules.xml</include>
    <include>syslog_rules.xml</include>
    <include>sendmail_rules.xml</include>
    <include>postfix_rules.xml</include>
    <include>spamd_rules.xml</include>
    <include>imapd_rules.xml</include>
    <include>mailscanner_rules.xml</include>
    <include>ms-exchange_rules.xml</include>
    <include>courier_rules.xml</include>
    <include>firewall_rules.xml</include>
    <include>pix_rules.xml</include>
    <include>netscreenfw_rules.xml</include>
    <include>cisco-ios_rules.xml</include>
    <include>sonicwall_rules.xml</include>
    <include>pam_rules.xml</include>
    <include>telnetd_rules.xml</include>
    <include>sshd_rules.xml</include>
    <include>solaris_bsm_rules.xml</include>
    <include>asterisk_rules.xml</include>
    <include>ms_dhcp_rules.xml</include>
    <include>arpwatch_rules.xml</include>
    <include>symantec-av_rules.xml</include>
    <include>symantec-ws_rules.xml</include>
    <include>trend-osce_rules.xml</include>
    <include>hordeimp_rules.xml</include>
    <include>roundcube_rules.xml</include>
    <include>wordpress_rules.xml</include>
    <include>cimserver_rules.xml</include>
    <include>dovecot_rules.xml</include>
    <include>vmpop3d_rules.xml</include>
    <include>vpopmail_rules.xml</include>
    <include>ftpd_rules.xml</include>
    <include>proftpd_rules.xml</include>
    <include>pure-ftpd_rules.xml</include>
    <include>vsftpd_rules.xml</include>
    <include>ms_ftpd_rules.xml</include>
    <include>named_rules.xml</include>
    <include>exim_rules.xml</include>
    <include>smbd_rules.xml</include>
    <include>racoon_rules.xml</include>
    <include>vpn_concentrator_rules.xml</include>
    <include>msauth_rules.xml</include>
    <include>mcafee_av_rules.xml</include>
    <include>ms-se_rules.xml</include>
    <include>sysmon_rules.xml</include>
    <include>ms_ipsec_rules.xml</include>
    <include>vmware_rules.xml</include>
    <include>ids_rules.xml</include>
    <include>apache_rules.xml</include>
    <include>web_rules.xml</include>
    <include>zeus_rules.xml</include>
    <include>nginx_rules.xml</include>
    <include>php_rules.xml</include>
    <include>web_appsec_rules.xml</include>
    <include>squid_rules.xml</include>
    <include>attack_rules.xml</include>
    <include>systemd_rules.xml</include>
    <include>firewalld_rules.xml</include>
    <include>mysql_rules.xml</include>
    <include>postgresql_rules.xml</include>
    <include>dropbear_rules.xml</include>
    <include>openbsd_rules.xml</include>
    <include>apparmor_rules.xml</include>
    <include>clam_av_rules.xml</include>
    <include>openbsd-dhcpd_rules.xml</include>
    <include>nsd_rules.xml</include>
    <include>owncloud_rules.xml</include>
    <include>proxmox-ve_rules.xml</include>
    <include>opensmtpd_rules.xml</include>
    <include>dnsmasq_rules.xml</include>
    <include>linux_usbdetect_rules.xml</include>
    <include>ms1016_usbdetect_rules.xml</include>
    <include>ms_firewall_rules.xml</include>
    <include>psad_rules.xml</include>
    <include>unbound_rules.xml</include>
    <include>local_rules.xml</include>

    <!-- Files not included by default -->
    <!--<include>policy_rules.xml</include>-->
  </rules>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <client>
    <!-- Specify the IP address of the %%PORTNAME%% server. -->
    <server-ip>1.2.3.4</server-ip>
    <!-- Alternatively, specify the hostname of the %%PORTNAME%% server. -->
    <!-- <server-hostname>example.com</server-hostname> -->

    <!-- Specifies the agent.conf profiles to be used by the agent. Multiple profiles can be included, separated by a comma and a space. -->
    <!-- <config-profile>%%CLIENT_PROFILES%%</config-profile> -->
  </client>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>
  <!-- Run "%%OSSEC_HOME%%/bin/ossec-control enable database" to enable ossec-dbd. -->
  <database_output>
    <hostname>localhost</hostname>
    <username>ossec</username>
    <password>secret</password>
    <database>ossec</database>
    <type>%%DB_TYPE%%</type>
  </database_output>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <global>
    <!-- Uncomment to enable email notifications. -->
    <!--
    <email_notification>yes</email_notification>
    <email_to>example@example.com</email_to>
    <smtp_server>smtp.example.com</smtp_server>
    <email_from>ossecm@example.com</email_from>
    -->

    <!-- List of IP addresses that should never be blocked by the active response (one per element). -->
    <white_list>127.0.0.1</white_list>
  </global>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <remote>
    <connection>secure</connection>
    <!-- OSSEC server listens on all interfacees by default. -->
    <!-- <local_ip>1.2.3.4</local_ip> -->
  </remote>

  <global>
    <!-- Uncomment to enable email notifications. -->
    <!--
    <email_notification>yes</email_notification>
    <email_to>example@example.com</email_to>
    <smtp_server>smtp.example.com</smtp_server>
    <email_from>ossecm@example.com</email_from>
    -->

    <!-- List of IP addresses that should never be blocked by the active response (one per element). -->
    <white_list>127.0.0.1</white_list>
  </global>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%SYSCHECK_BASIC_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,%%PREFIX%%/bin,%%PREFIX%%/sbin</directories>
    <directories realtime="yes" check_all="yes">/etc,%%PREFIX%%/etc</directories>
  </syscheck>

</template_config>

<template_config os="Linux" profile="%%SYSCHECK_BASIC_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin</directories>
    <directories realtime="yes" check_all="yes">/etc,/usr/local/etc</directories>
  </syscheck>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD">

  <syscheck>
    <ignore>/etc/hosts.allow</ignore>
  </syscheck>

</template_config>

<template_config os="Linux">

  <syscheck>
    <ignore>/etc/hosts.deny</ignore>
  </syscheck>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD">

  <syscheck>
    <alert_new_files>yes</alert_new_files>
  </syscheck>

</template_config>

<template_config os="Linux">

  <syscheck>
    <alert_new_files>yes</alert_new_files>
  </syscheck>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD">

  <syscheck>
    <auto_ignore>no</auto_ignore>
  </syscheck>

</template_config>

<template_config os="Linux">

  <syscheck>
    <auto_ignore>no</auto_ignore>
  </syscheck>

</template_config>




<?xml version="1.0" encoding="UTF-8"?>
<template_config os="FreeBSD" profile="%%SYSCHECK_OSSEC_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes">%%OSSEC_SYSCHECK_BIN_DIRS%%</directories>
    <directories realtime="yes" check_all="yes">%%OSSEC_SYSCHECK_ETC_DIRS%%</directories>
  </syscheck>

</template_config>

<template_config os="Linux" profile="%%SYSCHECK_OSSEC_PROFILE%%">

  <syscheck>
    <directories realtime="yes" check_all="yes">/var/ossec/bin,/var/ossec/active-response,/var/ossec/agentless</directories>
    <directories realtime="yes" check_all="yes">/var/ossec/etc,/var/ossec/rules</directories>
  </syscheck>

</template_config>




AR_MANAGED_CONF=	110.active-response.conf
AR_LOCAL_CONF=		510.active-response.local.conf

AR_DESC=		Active Response

# Default commands
AR_CMDS_DEFAULT_OPTION=	DEFAULT_C
AR_CMDS_DEFAULT_DESC=	Commands provided by OSSEC
AR_CMDS_DEFAULT_DEFINE=	server local
AR_CMDS_DEFAULT_DEFAULT=server local
AR_OPTIONS+=		AR_CMDS_DEFAULT

# Config merge commands
AR_CMDS_MERGE_OPTION=	MERGE_C
AR_CMDS_MERGE_DESC=	Commands to merge configuration files
AR_CMDS_MERGE_DEFINE=	server local
AR_CMDS_MERGE_DEFAULT=	server local
AR_OPTIONS+=		AR_CMDS_MERGE

# Config merge active response
AR_MERGE_OPTION=	MERGE_AR
AR_MERGE_DESC=		Merge configuration files when they change
AR_MERGE_DEFINE=	server local
AR_MERGE_DEFAULT=	server local
AR_OPTIONS+=		AR_MERGE

# OSSEC restart active response
AR_RESTART_OPTION=	RESTART_AR
AR_RESTART_DESC=	Restart OSSEC when main configuration files change
AR_RESTART_DEFINE=	server local
AR_RESTART_DEFAULT=	server local
AR_OPTIONS+=		AR_RESTART

# Host deny active response
AR_HOSTDENY_OPTION=	HOSTDENY_AR
AR_HOSTDENY_DESC=	Block the attacker's IP using access control files
AR_HOSTDENY_DEFINE=	server local
AR_HOSTDENY_DEFAULT=
AR_OPTIONS+=		AR_HOSTDENY

# Firewall drop active response
AR_FWDROP_OPTION=	FWDROP_AR
AR_FWDROP_DESC=		Block the attacker's IP on the firewall
AR_FWDROP_DEFINE=	server local
AR_FWDROP_DEFAULT=
AR_OPTIONS+=		AR_FWDROP




CMDOUT_MANAGED_CONF=		140.command-output.conf
CMDOUT_LOCAL_CONF=		540.command-output.local.conf

CMDOUT_DESC=			Command Output Monitoring

CMDOUT_SCRIPTS=			last-logins open-ports

# Last logins
CMDOUT_LAST_LOGINS_OPTION=	LOGINS
CMDOUT_LAST_LOGINS_DESC=	Last logins
CMDOUT_LAST_LOGINS_DEFINE=	server local agent
CMDOUT_LAST_LOGINS_DEFAULT=	server local agent
CMDOUT_OPTIONS+=		CMDOUT_LAST_LOGINS

# Open TCP ports
CMDOUT_OPEN_PORTS_TCP_OPTION=	PORTS_TCP
CMDOUT_OPEN_PORTS_TCP_DESC=	Open TCP ports
CMDOUT_OPEN_PORTS_TCP_DEFINE=	server local agent
CMDOUT_OPEN_PORTS_TCP_DEFAULT=	server local agent
CMDOUT_OPTIONS+=		CMDOUT_OPEN_PORTS_TCP

# Open UDP ports
CMDOUT_OPEN_PORTS_UDP_OPTION=	PORTS_UDP
CMDOUT_OPEN_PORTS_UDP_DESC=	Open UDP ports
CMDOUT_OPEN_PORTS_UDP_DEFINE=	server local agent
CMDOUT_OPEN_PORTS_UDP_DEFAULT=	server local agent
CMDOUT_OPTIONS+=		CMDOUT_OPEN_PORTS_UDP




LOGS_MANAGED_CONF=	150.logs.conf
LOGS_LOCAL_CONF=	550.logs.local.conf

LOGS_DESC=		Log Monitoring

# Default logs support
LOGS_SYSTEM_OPTION=	SYSTEM
LOGS_SYSTEM_PROFILE=	system-logs
LOGS_SYSTEM_DESC=	Default system logs
LOGS_SYSTEM_DEFINE=	server local agent pushed
LOGS_SYSTEM_DEFAULT=	server local pushed
LOGS_OPTIONS+=		LOGS_SYSTEM

# Active response log support
LOGS_RESPONSE_OPTION=	RESPONSE
LOGS_RESPONSE_PROFILE=	active-response-logs
LOGS_RESPONSE_DESC=	Active response logs
LOGS_RESPONSE_DEFINE=	server local agent pushed
LOGS_RESPONSE_DEFAULT=	server local pushed
LOGS_OPTIONS+=		LOGS_RESPONSE

# Apache logs support
LOGS_APACHE_OPTION=	APACHE
LOGS_APACHE_PROFILE=	apache-logs
LOGS_APACHE_DESC=	Apache logs
LOGS_APACHE_DEFINE=	server local agent pushed
LOGS_APACHE_DEFAULT=	pushed
LOGS_OPTIONS+=		LOGS_APACHE

# Nginx logs support
LOGS_NGINX_OPTION=	NGINX
LOGS_NGINX_PROFILE=	nginx-logs
LOGS_NGINX_DESC=	Nginx logs
LOGS_NGINX_DEFINE=	server local agent pushed
LOGS_NGINX_DEFAULT=	pushed
LOGS_OPTIONS+=		LOGS_NGINX

# Radius logs support
LOGS_RADIUS_OPTION=	RADIUS
LOGS_RADIUS_PROFILE=	radius-logs
LOGS_RADIUS_DESC=	FreeRADIUS logs
LOGS_RADIUS_DEFINE=	server local agent pushed
LOGS_RADIUS_DEFAULT=	pushed
LOGS_OPTIONS+=		LOGS_RADIUS

# Vsftpd logs support
LOGS_VSFTPD_OPTION=	VSFTPD
LOGS_VSFTPD_PROFILE=	vsftpd-logs
LOGS_VSFTPD_DESC=	Vsftpd logs
LOGS_VSFTPD_DEFINE=	server local agent pushed
LOGS_VSFTPD_DEFAULT=	pushed
LOGS_OPTIONS+=		LOGS_VSFTPD




ROOTCHECK_MANAGED_CONF=		120.rootcheck.conf
ROOTCHECK_LOCAL_CONF=		520.rootcheck.local.conf

ROOTCHECK_DESC=			System Audit and Rootkit Detection (rootcheck)

# Basic
ROOTCHECK_BASIC_OPTION=		BASIC_RC
ROOTCHECK_BASIC_PROFILE=	basic-rootcheck
ROOTCHECK_BASIC_DESC=		Basic audit and rootkits
ROOTCHECK_BASIC_DEFINE=		server local agent pushed
ROOTCHECK_BASIC_DEFAULT=	server local pushed
ROOTCHECK_OPTIONS+=		ROOTCHECK_BASIC

# CIS default
ROOTCHECK_CIS_OPTION=		CIS_RC
ROOTCHECK_CIS_PROFILE=		cis-rootcheck
ROOTCHECK_CIS_DESC=		CIS benchmark - Legacy
ROOTCHECK_CIS_DEFINE=		pushed
ROOTCHECK_CIS_DEFAULT=		pushed
ROOTCHECK_OPTIONS+=		ROOTCHECK_CIS

# CIS level 1
ROOTCHECK_CIS_L1_OPTION=	CIS_L1_RC
ROOTCHECK_CIS_L1_PROFILE=	cis-level1-rootcheck
ROOTCHECK_CIS_L1_DESC=		CIS benchmark - Level 1
ROOTCHECK_CIS_L1_DEFINE=	pushed
ROOTCHECK_CIS_L1_DEFAULT=	pushed
ROOTCHECK_OPTIONS+=		ROOTCHECK_CIS_L1

# CIS level 2
ROOTCHECK_CIS_L2_OPTION=	CIS_L2_RC
ROOTCHECK_CIS_L2_PROFILE=	cis-level2-rootcheck
ROOTCHECK_CIS_L2_DESC=		CIS benchmark - Level 2
ROOTCHECK_CIS_L2_DEFINE=	pushed
ROOTCHECK_CIS_L2_DEFAULT=	pushed
ROOTCHECK_OPTIONS+=		ROOTCHECK_CIS_L2




RULES_MANAGED_CONF=	100.rules.conf
RULES_LOCAL_CONF=	500.rules.local.conf

RULES_DESC=		Alerting Rules

RULES_FILES=		config cmdout

# Default rules
RULES_DEFAULT_OPTION=	DEFAULT_R
RULES_DEFAULT_DESC=	Rules provided by OSSEC
RULES_DEFAULT_DEFINE=	server local
RULES_DEFAULT_DEFAULT=	server local
RULES_OPTIONS+=		RULES_DEFAULT

# Config rules
RULES_CONFIG_OPTION=	CONFIG_R
RULES_CONFIG_DESC=	Alert changes of the OSSEC main configuration files
RULES_CONFIG_DEFINE=	server local
RULES_CONFIG_DEFAULT=	server local
RULES_OPTIONS+=		RULES_CONFIG

# Command output rules
RULES_CMDOUT_OPTION=	CMDOUT_R
RULES_CMDOUT_DESC=	Alert changes of output of the monitored commands
RULES_CMDOUT_DEFINE=	server local
RULES_CMDOUT_DEFAULT=	server local
RULES_OPTIONS+=		RULES_CMDOUT




SYSCHECK_MANAGED_CONF=		130.syscheck.conf
SYSCHECK_LOCAL_CONF=		530.syscheck.local.conf

SYSCHECK_DESC=			File Integrity Checking (syscheck)

# Default direcotries
SYSCHECK_BASIC_OPTION=		BASIC_SC
SYSCHECK_BASIC_PROFILE=		basic-syscheck
SYSCHECK_BASIC_DESC=		"bin", "sbin" and "etc"
SYSCHECK_BASIC_DEFINE=		server local agent pushed
SYSCHECK_BASIC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_BASIC

# OSSEC directories
SYSCHECK_OSSEC_OPTION=		OSSEC_SC
SYSCHECK_OSSEC_PROFILE=		ossec-syscheck
SYSCHECK_OSSEC_DESC=		OSSEC directories
SYSCHECK_OSSEC_DEFINE=		server local agent pushed
SYSCHECK_OSSEC_DEFAULT=		server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_OSSEC

# Alert new files
SYSCHECK_NEWFILES_OPTION=	NEWFILES_SC
SYSCHECK_NEWFILES_DESC=		Alert on new files created
SYSCHECK_NEWFILES_DEFINE=	server local
SYSCHECK_NEWFILES_DEFAULT=	server local
SYSCHECK_OPTIONS+=		SYSCHECK_NEWFILES

# Disable auto_ignore
SYSCHECK_NOAUTO_OPTION=		NOAUTO_SC
SYSCHECK_NOAUTO_DESC=		Disable auto_ignore feature
SYSCHECK_NOAUTO_DEFINE=		server local
SYSCHECK_NOAUTO_DEFAULT=	server local
SYSCHECK_OPTIONS+=		SYSCHECK_NOAUTO

# Ignore /etc/hosts.allow
SYSCHECK_HOSTDENY_DEPENDS=	AR_HOSTDENY
SYSCHECK_HOSTDENY_OPTION=	HOSTDENY_SC
SYSCHECK_HOSTDENY_DESC=		Ignore access control files
SYSCHECK_HOSTDENY_DEFINE=	server local agent pushed
SYSCHECK_HOSTDENY_DEFAULT=	server local pushed
SYSCHECK_OPTIONS+=		SYSCHECK_HOSTDENY

Line 0 Link Here

(-)security/ossec-hids-local-config/pkg-descr (+9 lines)
	1	OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
	2	System (HIDS). It has a powerful correlation and analysis engine, integrating
	3	log analysis, file integrity checking, Windows registry monitoring, centralized
	4	policy enforcement, rootkit detection, real-time alerting and active response.
	5
	6	This package adds the configuration overlay with samples, additional rules,
	7	commands, scripts and support for multiple configuration files.
	8
	9	WWW: https://ossec.github.io




Unless stated otherwise, every option here corresponds to certain configuration
block which would be placed in one of the configuration files in "ossec.conf.d"
directory. Disabled options will do the same, but for "ossec.conf.d/disabled"
directory. All "*.conf" files from the "ossec.conf.d" directory will be merged
into "ossec.conf" in alphabetic order. If you are not satisfied with the
generated configuration, you can disable the corresponding option and use files
from "ossec.conf.d/disabled" directory as samples.

Most of the options are disabled by default, because it is expected that the
server will push the agent configuration using "agent.conf". FreeBSD port of
OSSEC server extended with similar "config" port does this by default. If this
is the case, then the "ossec.conf" should only enable required profiles.

Files generated by the port will be overwritten during port upgrades so any
additional configuration should be put in separate files.

Command Output Monitoring:

  Adds additional commands, the output of which can be monitored. To actually
  send alerts about the changing output, the proper rules need to be configured
  on the server as well. For security reasons commands cannot be pushed by the
  server and thus must be configured locally on every agent.
  These commands can be tweaked in "command.conf".

Active Response Firewall:

  Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC.
  This option is only meaningful if this OSSEC instance will be the target of
  "firewall-drop" active response (configured on the server).




Unless stated otherwise, every option here corresponds to certain configuration
block which would be placed in one of the configuration files in "ossec.conf.d"
directory. Disabled options will do the same, but for "ossec.conf.d/disabled"
directory. All "*.conf" files from the "ossec.conf.d" directory will be merged
into "ossec.conf" in alphabetic order. If you are not satisfied with the
generated configuration, you can disable the corresponding option and use files
from "ossec.conf.d/disabled" directory as samples.

Files generated by the port will be overwritten during port upgrades so any
additional configuration should be put in separate files.

File Integrity Checking:

  NOAUTO_SC:
    OSSEC by default will ignore files that change too often (after the third
    change). This option disables this feature. Files that change too often
    as a result of correct system operation should better be added to ignore
    list manually.

Command Output Monitoring:

  Adds additional commands, the output of which can be monitored. To actually
  send alerts about the changing output, the proper rules need to be configured
  as well (see CMDOUT_R option).
  These commands can be tweaked in "command.conf".

Active Response Firewall:

  Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC.
  This option is only meaningful if "firewall-drop" active response will be
  enabled in the configuration.




Unless stated otherwise, every option here corresponds to certain configuration
block which would be placed in one of the configuration files in "ossec.conf.d"
directory. Disabled options will do the same, but for "ossec.conf.d/disabled"
directory. All "*.conf" files from the "ossec.conf.d" directory will be merged
into "ossec.conf" in alphabetic order. If you are not satisfied with the
generated configuration, you can disable the corresponding option and use files
from "ossec.conf.d/disabled" directory as samples.

The "pushed" sections (*_P options) relate to configuration pushed to agents
using "agent.conf". The generated configuration blocks will be placed in
"agent.conf.d" and "agent.conf.d/disabled" directories.
Note that the agent needs to enable proper profile to benefit from "agent.conf"
configuration pushed by the server. This also means that profiles not enabled
on the agent are ignored. This is why all "pushed" options are enabled by
default. The port currently contains configuration templates for the following
agent systems:

  - FreeBSD
  - Debian Linux

Consider contributing to the port by contacting the maintainer and providing
configuration templates for other operating systems runnig OSSEC agents.

Files generated by the port will be overwritten during port upgrades so any
additional configuration should be put in separate files.

File Integrity Checking:

  NOAUTO_SC:
    OSSEC by default will ignore files that change too often (after the third
    change). This option disables this feature. Files that change too often
    as a result of correct system operation should better be added to ignore
    list manually.

Command Output Monitoring:

  Adds additional commands, the output of which can be monitored. To actually
  send alerts about the changing output, the proper rules need to be configured
  as well (see CMDOUT_R option).
  These commands can be tweaked in "command.conf".

Active Response Firewall:

  Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC.
  This option is only meaningful if this OSSEC instance will be the target of
  "firewall-drop" active response.




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
@dir(,,0550) %%OSSEC_HOME%%/bin
@dir(,,0550) %%OSSEC_HOME%%/bin/command
@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
@dir(,,0550) %%OSSEC_HOME%%/bin/config
@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
@dir(,,0550) %%OSSEC_HOME%%/bin
@dir(,,0550) %%OSSEC_HOME%%/bin/command
@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
@dir(,,0550) %%OSSEC_HOME%%/bin/config
@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
@dir(,ossec,0550) %%OSSEC_HOME%%/rules
@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml




@dir(,ossec,0550) %%OSSEC_HOME%%
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
@dir(,,0550) %%OSSEC_HOME%%/bin
@dir(,,0550) %%OSSEC_HOME%%/bin/command
@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
@dir(,,0550) %%OSSEC_HOME%%/bin/config
@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf
@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
@dir(,ossec,0550) %%OSSEC_HOME%%/rules
@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml




#!/bin/sh

# Script generates entries for pkg-plist.
# Do not use it directly. Use the following command instead:
#
# make MAINTAINER_MODE=yes clean plist

OSSEC_TYPE=$1
OSSEC_HOME=$2
PLIST=$3
WORKDIR=$4
STAGEDIR=$5

staged_plist="${WORKDIR}/.staged-plist"
fixed_lines=""
skip_lines=""
skip_paths=""
sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample"

print_path() {
    local path="$1"
    local command="$2"
    local full_path="${STAGEDIR}${OSSEC_HOME}${path}"
    if [ -z "${command}" ]; then
        command="@"
        if [ -d "${full_path}" ]; then
            command="@dir"
        fi
    fi
    local user=`stat -f "%Su" "${full_path}"`
    if [ "${user}" == "${USER}" ]; then
        user=""
    fi
    local group=`stat -f "%Sg" "${full_path}"`
    if [ "${group}" == "${GROUP}" ]; then
        group=""
    fi
    local mode=`stat -f "%p" "${full_path}" | tail -c 5`
    echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
}

echo -n > "${PLIST}"

print_path

done_paths=""
while read line; do
    skip_line=""
    for e in ${skip_lines}; do
        if [ "${e}" == "${line}" ]; then
            skip_line="${e}"
            break
        fi
    done
    if [ -z "${skip_line}" ]; then
        path=""
        case $line in
            "@dir %%OSSEC_HOME%%"*)
                path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"`
                ;;
            "%%OSSEC_HOME%%"*)
                path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"`
                ;;
            "%%"*)
                unchanged_lines="${unchanged_lines} ${line}"
                ;;
        esac
        if [ -n "${path}" ]; then
            segments=`echo "${path}" | tr "/" "\n"`
            path=""
            for segment in ${segments}; do
                path="${path}/${segment}"
                skip_path=""
                for e in ${skip_paths}; do
                    if [ "${e}" == "${path}" ]; then
                        skip_path="${e}"
                        break
                    fi
                done
                if [ -n "${skip_path}" ]; then
                    break
                fi
                done_path=""
                for e in ${done_paths}; do
                    if [ "${e}" == "${path}" ]; then
                        done_path="${e}"
                        break
                    fi
                done
                if [ -z "${done_path}" ]; then
                    done_paths="${done_paths} ${path}"
                    sample_path=""
                    for e in ${sample_paths}; do
                        if [ "${e}" == "${path}" ]; then
                            sample_path="${e}"
                            break
                        fi
                    done
                    if [ -n "${sample_path}" ]; then
                        print_path "${path}" @sample
                    else
                        print_path "${path}"
                    fi
                fi
            done
        fi
    fi
done < "${staged_plist}"

unchanged_lines="${unchanged_lines} ${fixed_lines}"
for line in ${unchanged_lines}; do
    echo "${line}" >> "${PLIST}"
done




#!/bin/sh

# Script generates entries for template-rules-default.xml.in.
# Do not use it directly. Use the following command instead:
#
# make MAINTAINER_MODE=yes rules

rules_template=$1
src_dir=$2

skip_files="policy_rules.xml local_rules.xml"
append_files="local_rules.xml"

rules=""
for file in `find "${src_dir}/etc/rules" -depth 1 -name "*.xml"`; do
    file_name="${file##*/}"
    skip_file=""
    for e in ${skip_files}; do
        if [ "${e}" == "${file_name}" ]; then
            skip_file="${e}"
            break
        fi
    done
    if [ -z "${skip_file}" ]; then
        rule_ids=`sed -Ene 's|^.*<rule[[:space:]]+id="([0-9]+)".*$|\1|p' "${file}"`
        if [ -n "${rule_ids}" ]; then
            min_rule_id=`echo "${rule_ids}" | sort -n | head -n 1`
            ref_rule_ids=`sed -Ene 's|^.*<if_sid>([0-9,]+)</if_sid>.*$|\1|p' "${file}" | tr ',' '\n'`
            for ref_rule_id in ${ref_rule_ids}; do
                found_rule_id=""
                for rule_id in ${rule_ids}; do
                    if [ "${ref_rule_id}" = "${rule_id}" ]; then
                        found_rule_id="${rule_id}"
                        break
                    fi
                done
                if [ -z "${found_rule_id}" ]; then
                    # The referenced rule id is not present in this file so it must come from another
                    if [ ${ref_rule_id} -gt ${min_rule_id} ]; then
                        # Ordering by referenced rule id doesn't need to give proper results, but let's hope it does
                        min_rule_id=$((ref_rule_id + 1))
                    fi
                fi
            done

            rules="${rules}${min_rule_id} ${file_name}
"
        fi
    fi
done

echo -n "${rules}" | sort -n

if [ -n "${rules_template}" ]; then
    rules=`echo -n "${rules}" | sort -n | cut -d' ' -f2`
    for file_name in ${append_files}; do
        rules="${rules}
${file_name}"
    done

    echo '<?xml version="1.0" encoding="UTF-8"?>
<template_config>

  <rules>' > "${rules_template}"

    for rule in ${rules}; do
        echo "    <include>${rule}</include>" >> "${rules_template}"
    done

    echo '
    <!-- Files not included by default -->' >> "${rules_template}"

    for skip_file in ${skip_files}; do
        append_file=""
        for e in ${append_files}; do
            if [ "${e}" == "${skip_file}" ]; then
                append_file="${e}"
                break
            fi
        done
        if [ -z "${append_file}" ]; then
            echo "    <!--<include>${skip_file}</include>-->" >> "${rules_template}"
        fi
    done

    echo '  </rules>

</template_config>' >> "${rules_template}"
fi




#!/bin/sh

if [ $# -lt 3 ]; then
    echo "Too few arguments"
    echo "Usage: `basename $0` <ossec_type> <ossec_prefix> <ossec_file>"
    exit 1
fi

ossec_type="$1"
ossec_prefix="$2"
ossec_file="$3"

if [ ! -f "${ossec_file}" ]; then
    echo "File \"${ossec_file}\" does not exist"
    exit 1
fi

ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response"
ossec_syscheck_etc_dirs="${ossec_prefix}/etc"

replace() {
    sed -e 's|<template_config \(.*\)>|<agent_config \1>|' \
        -e 's|</template_config>|</agent_config>|' \
        -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \
        -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \
        "${ossec_file}"
}

extract() {
    sed -n '/^<agent_config .*>$/,/^<\/agent_config>$/p'
}

replace | extract




#!/bin/sh

if [ $# -lt 3 ]; then
    echo "Too few arguments"
    echo "Usage: `basename $0` <ossec_type> <ossec_prefix> <ossec_file>"
    exit 1
fi

ossec_type="$1"
ossec_prefix="$2"
ossec_file="$3"

if [ ! -f "${ossec_file}" ]; then
    echo "File \"${ossec_file}\" does not exist"
    exit 1
fi

ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response"
ossec_syscheck_etc_dirs="${ossec_prefix}/etc"
if [ "${ossec_type}" != "agent" ]; then
    ossec_syscheck_bin_dirs="${ossec_syscheck_bin_dirs},${ossec_prefix}/agentless"
    ossec_syscheck_etc_dirs="${ossec_syscheck_etc_dirs},${ossec_prefix}/rules"
fi

replace() {
    if grep -q "<template_config>" "${ossec_file}"; then
        sed -e 's|<template_config>|<ossec_config>|' \
            -e 's|</template_config>|</ossec_config>|' \
            -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \
            -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \
            "${ossec_file}"
    else
        sed -e 's|<template_config .*os="FreeBSD".*>|<ossec_config>|' \
            -e 's|</template_config>|</ossec_config>|' \
            -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \
            -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \
            "${ossec_file}"
    fi
}

extract() {
    sed -n '/^<ossec_config.*>$/,/^<\/ossec_config>$/p'
}

replace | extract




# Created by: Valerio Daelli <valerio.daelli@gmail.com>
# $FreeBSD$

OSSEC_TYPE=	server
PORTVERSION=	2.8.3
DISTVERSIONPREFIX=	v
PORTREVISION?=	3
CATEGORIES=	security
PKGNAMESUFFIX=	-server

MASTERDIR=	${.CURDIR}/../ossec-hids-local
COMMENT?=	Security tool to monitor and check logs and intrusions

.include "${MASTERDIR}/Makefile"
GH_ACCOUNT=	ossec
USE_RC_SUBR=	ossec-hids

CFLAGS+=	-ferror-limit=0

USES=		readline ssl

.if defined(MAINTAINER_MODE)
UID_FILES+=	../../UIDs
GID_FILES+=	../../GIDs
.endif
USERS=		ossec ossecm ossecr
GROUPS=		ossec

.if !defined(CLIENT_ONLY)
OPTIONS_DEFINE=	MYSQL PGSQL

MYSQL_VARS=	WITH_DB=yes
MYSQL_USE=	MYSQL=client
MYSQL_PORTDOCS=	mysql.schema

PGSQL_VARS=	WITH_DB=yes
PGSQL_USES=	pgsql
PGSQL_PORTDOCS=	postgresql.schema

RUN_DEPENDS=	expect:lang/expect

USES+=		shebangfix
SHEBANG_LANG=	expect
expect_OLD_CMD=	"/usr/bin/env expect"
expect_CMD=	${LOCALBASE}/bin/expect
SHEBANG_FILES=	src/agentlessd/scripts/main.exp \
		src/agentlessd/scripts/ssh.exp \
		src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
		src/agentlessd/scripts/ssh_foundry_diff \
		src/agentlessd/scripts/ssh_generic_diff \
		src/agentlessd/scripts/ssh_integrity_check_bsd \
		src/agentlessd/scripts/ssh_integrity_check_linux \
		src/agentlessd/scripts/ssh_nopass.exp \
		src/agentlessd/scripts/ssh_pixconfig_diff \
		src/agentlessd/scripts/sshlogin.exp \
		src/agentlessd/scripts/su.exp
.endif
OPTIONS_DEFINE+=	DOCS

SUB_LIST=	PORTNAME=${PORTNAME}
SUB_FILES=	pkg-message
PLIST_SUB=	PORTNAME=${PORTNAME}
DOCSFILES=	BUGS CONFIG CONTRIBUTORS INSTALL LICENSE
PORTDOCS=	${DOCSFILES}

BROKEN_aarch64=		Fails to compile: error: use of undeclared identifier __LDPGSZ

.include <bsd.port.pre.mk>

STRIP_FILES=	ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update
.if defined(CLIENT_ONLY)
SUB_LIST+=	PRECMD=:
PKGNAMESUFFIX=	-client
CONFLICTS_INSTALL=	ossec-hids-server-[0-9]* ossec-hids-local-[0-9]*
STRIP_FILES=	agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd
.elif defined(LOCAL_ONLY)
SUB_LIST+=	PRECMD=ossechids_start_precmd
PKGNAMESUFFIX=	-local
CONFLICTS_INSTALL=	ossec-hids-client-[0-9]* ossec-hids-server-[0-9]*
.else
SUB_LIST+=	PRECMD=ossechids_start_precmd
CONFLICTS_INSTALL=	ossec-hids-client-[0-9]* ossec-hids-local-[0-9]*
.endif

post-patch:
	@${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h
	@${ECHO} "DIR=\"${STAGEDIR}${PREFIX}/${PORTNAME}\"" > ${WRKSRC}/src/LOCATION
	@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
		-e 's|-lreadline|& ${LDFLAGS}|' \
		${WRKSRC}/src/external/lua-5.2.3/src/Makefile
	@${REINPLACE_CMD} -e 's|OPENSSLCMD=|OPENSSLCMD=-L${OPENSSLLIB} |' \
		${WRKSRC}/src/Makeall

do-build:
.if defined(WITH_DB)
.if defined(CLIENT_ONLY)
	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
.elif defined(LOCAL_ONLY)
	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} setdb;${MAKE} all;${MAKE} build
.else
	@cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build
.endif
.else
.if defined(CLIENT_ONLY)
	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build; \
		${MAKE} unsetdb
.elif defined(LOCAL_ONLY)
	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build; \
		${MAKE} unsetdb
.else
	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build;${MAKE} unsetdb
.endif
.endif

do-install:
.if defined(CLIENT_ONLY)
	@cd ${WRKSRC}/src; ${MAKE} agent
.elif defined(LOCAL_ONLY)
	@cd ${WRKSRC}/src; ${MAKE} local
.else
	@cd ${WRKSRC}/src; ${MAKE} server
.endif
	@${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/etc
.for file in ${STRIP_FILES}
	${STRIP_CMD} ${STAGEDIR}${PREFIX}/ossec-hids/bin/${file}
.endfor

.if defined(CLIENT_ONLY)
	@${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
.elif defined(LOCAL_ONLY)
	${CP} ${WRKSRC}/etc/ossec-local.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
.else
	${CP} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
.endif

post-install-DOCS-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}

post-install-MYSQL-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR}

post-install-PGSQL-on:
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR}

.include <bsd.port.post.mk>

Lines 1-2 Link Here

(-)security/ossec-hids-server/distinfo (-2 lines)
1	SHA256 (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd
2	SIZE (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 1642095




#!/bin/sh
# 
# PROVIDE: ossechids
# REQUIRE: DAEMON
# BEFORE:  LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="ossechids"
rcvar=ossechids_enable

load_rc_config $name

: ${ossechids_enable="NO"}
: ${ossechids_user="ossec"}
: ${ossechids_group="ossec"}

start_precmd=%%PRECMD%%
start_cmd="ossechids_command start"
stop_cmd="ossechids_command stop"
restart_cmd="ossechids_command restart"
status_cmd="ossechids_command status"
reload_cmd="ossechids_command reload"

command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control"
required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf"
extra_commands="reload"

fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue
ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue
ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log
active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log

ossechids_start_precmd() {
    # These files are not created by the daemons with the correct
    # ownership, so create them here before starting up the system,
    # if they don't already exist. This is only done for the "local" and
    # "server" installation types.
    if [ ! -e ${fts_queue} ]; then
        touch ${fts_queue}
        chown ${ossechids_user}:${ossechids_group} ${fts_queue}
        chmod 640 ${fts_queue}
    fi
    if [ ! -e ${ig_queue} ]; then
        touch ${ig_queue}
        chown ${ossechids_user}:${ossechids_group} ${ig_queue}
        chmod 640 ${ig_queue}
    fi

    # Ensure logfiles are created with the correct ownership and mode
    for log in ${ossec_log} ${active_responses_log}; do
	if [ ! -e ${log} ]; then
	    touch ${log}
	    chown ${ossechids_user}:${ossechids_group} ${log}
	    chmod 660 ${log}
	fi
    done
}

ossechids_command() {
	${command} ${rc_arg}
}

run_rc_command "$1"




--- src/InstallAgent.sh.orig	2015-10-12 21:21:06 UTC
+++ src/InstallAgent.sh
@@ -37,11 +37,11 @@ fi
 
 # Creating groups/users
 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
-    grep "^${USER}" /etc/passwd > /dev/null 2>&1
-    if [ ! $? = 0 ]; then
-    /usr/sbin/pw groupadd ${GROUP}
-	/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
-    fi
+    #grep "^${USER}" /etc/passwd > /dev/null 2>&1
+    #if [ ! $? = 0 ]; then
+    #/usr/sbin/pw groupadd ${GROUP}
+	#/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+    #fi
 
 elif [ "$UNAME" = "SunOS" ]; then
     grep "^${USER}" /etc/passwd > /dev/null 2>&1
@@ -106,22 +106,17 @@ for i in ${subdirs}; do
 done
 
 # Default for all directories
-chmod -R 550 ${DIR}
-chown -R root:${GROUP} ${DIR}
+chmod -R 750 ${DIR}
 
 # To the ossec queue (default for agentd to read)
-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
 chmod -R 770 ${DIR}/queue/ossec
 
 # For the logging user
-chown -R ${USER}:${GROUP} ${DIR}/logs
 chmod -R 750 ${DIR}/logs
 chmod -R 775 ${DIR}/queue/rids
 touch ${DIR}/logs/ossec.log
-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
 chmod 664 ${DIR}/logs/ossec.log
 
-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
 chmod -R 750 ${DIR}/queue/diff
 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
 
@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp
 
 
 # For the etc dir
-chmod 550 ${DIR}/etc
-chown -R root:${GROUP} ${DIR}/etc
+chmod 750 ${DIR}/etc
 
 ls /etc/localtime > /dev/null 2>&1
 if [ $? = 0 ]; then
@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then
     mkdir -p ${DIR}/usr/share/lib/zoneinfo/
     chmod -R 555 ${DIR}/usr/
     cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
-    chown -R root:${GROUP} ${DIR}/usr/
 fi    
 
 ls /etc/TIMEZONE > /dev/null 2>&1
 if [ $? = 0 ]; then
     cp -p /etc/TIMEZONE ${DIR}/etc/;
-    chown root:${GROUP} ${DIR}/etc/TIMEZONE
     chmod 555 ${DIR}/etc/TIMEZONE
 fi
             
@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con
 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
 cp -pr agentlessd/scripts/* ${DIR}/agentless/
 
-chown root:${GROUP} ${DIR}/etc/internal_options.conf
-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
-chown root:${GROUP} ${DIR}/agentless/*
-chown ${USER}:${GROUP} ${DIR}/.ssh
-chown -R root:${GROUP} ${DIR}/etc/shared
-
-chmod 550 ${DIR}/etc
+chmod 750 ${DIR}/etc
 chmod 440 ${DIR}/etc/internal_options.conf
 chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
 chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
 chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
-chmod 550 ${DIR}/agentless/*
+chmod 750 ${DIR}/agentless/*
 chmod 700 ${DIR}/.ssh
 
 
 # For the /var/run
 chmod 770 ${DIR}/var/run
-chown root:${GROUP} ${DIR}/var/run
 
 
 # Moving the binary files
@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin
 cp -pr ../contrib/util.sh ${DIR}/bin/
 cp -pr external/lua/src/ossec-lua ${DIR}/bin/
 cp -pr external/lua/src/ossec-luac ${DIR}/bin/
-chown root:${GROUP} ${DIR}/bin/util.sh
 chmod +x ${DIR}/bin/util.sh
 
 # Copying active response modules
@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul
 cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
 cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
 chmod 755 ${DIR}/active-response/bin/*
-chown root:${GROUP} ${DIR}/active-response/bin/*
 
-chown root:${GROUP} ${DIR}/bin/*
-chmod 550 ${DIR}/bin/*
+chmod 750 ${DIR}/bin/*
 
 
 # Moving the config file
@@ -229,7 +210,6 @@ if [ $? = 0 ]; then
 else    
     cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
 fi
-chown root:${GROUP} ${DIR}/etc/ossec.conf
 chmod 440 ${DIR}/etc/ossec.conf
 
 




--- src/InstallServer.sh.orig	2015-10-12 21:21:06 UTC
+++ src/InstallServer.sh
@@ -44,13 +44,13 @@ fi
 
 # Creating groups/users
 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
-    grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
-    if [ ! $? = 0 ]; then
-    /usr/sbin/pw groupadd ${GROUP}
-	/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
-	/usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
-	/usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
-    fi
+#    grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
+#    if [ ! $? = 0 ]; then
+#    /usr/sbin/pw groupadd ${GROUP}
+#	/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+#	/usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+#	/usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+#    fi
 
 elif [ "$UNAME" = "SunOS" ]; then
     grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
@@ -121,66 +121,49 @@ for i in ${subdirs}; do
 done
 
 # Default for all directories
-chmod 550 ${DIR}
-chmod 550 ${DIR}/*
-chown root:${GROUP} ${DIR}
-chown root:${GROUP} ${DIR}/*
+chmod 750 ${DIR}
+chmod 750 ${DIR}/*
 
 # AnalysisD needs to write to alerts: log, mail and cmds
-chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
 chmod -R 770 ${DIR}/queue/alerts
 
 # To the ossec queue (default for analysisd to read)
-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
 chmod -R 770 ${DIR}/queue/ossec
 
 # To the ossec fts queue
-chown -R ${USER}:${GROUP} ${DIR}/queue/fts
 chmod -R 750 ${DIR}/queue/fts
 chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
 
 # To the ossec syscheck/rootcheck queue
-chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
 chmod -R 750 ${DIR}/queue/syscheck
 chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1
 
-chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
 chmod -R 750 ${DIR}/queue/rootcheck
 chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
 
-chown ${USER}:${GROUP} ${DIR}/queue/diff
-chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
 chmod 750 ${DIR}/queue/diff
 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
 
-chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
 chmod -R 750 ${DIR}/queue/agent-info
 chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
-chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
 chmod -R 750 ${DIR}/queue/rids
 chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
 
-chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
 chmod -R 750 ${DIR}/queue/agentless
 chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
 
-chown -R root:${GROUP} ${DIR}/tmp
-chmod 1550 ${DIR}/tmp
+chmod 1750 ${DIR}/tmp
 
 
 # For the stats directory
-chown -R ${USER}:${GROUP} ${DIR}/stats
 chmod -R 750 ${DIR}/stats
 
 # For the logging user
-chown -R ${USER}:${GROUP} ${DIR}/logs
 chmod -R 750 ${DIR}/logs
 touch ${DIR}/logs/ossec.log
-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
 chmod 660 ${DIR}/logs/ossec.log
 
 touch ${DIR}/logs/active-responses.log
-chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
 chmod 660 ${DIR}/logs/active-responses.log
 
 # For the rules directory
@@ -198,7 +181,7 @@ if [ $? = 0 ]; then
     fi    
 fi
     
-cp -pr ../etc/rules/* ${DIR}/rules/
+cp -pr ../etc/rules/*.xml ${DIR}/rules/
 find ${DIR}/rules/ -type f -exec chmod 440 {} \;
 
 # If the local_rules is saved, moved it back
@@ -207,37 +190,33 @@ if [ $? = 0 ]; then
     mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
 fi    
 
-chown -R root:${GROUP} ${DIR}/rules
-chmod -R 550 ${DIR}/rules
+chmod -R 750 ${DIR}/rules
 
 
 # For the etc dir
-chmod 550 ${DIR}/etc
-chown -R root:${GROUP} ${DIR}/etc
+chmod 750 ${DIR}/etc
 ls /etc/localtime > /dev/null 2>&1
 if [ $? = 0 ]; then
     cp -pL /etc/localtime ${DIR}/etc/;
     chmod 440 ${DIR}/etc/localtime
-    chown root:${GROUP} ${DIR}/etc/localtime 
 fi
 
 # Solaris Needs some extra files
 if [ "$UNAME" = "SunOS" ]; then
     mkdir -p ${DIR}/usr/share/lib/zoneinfo/
-    chmod -R 550 ${DIR}/usr/
+    chmod -R 750 ${DIR}/usr/
     cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
 fi
 
 ls /etc/TIMEZONE > /dev/null 2>&1
 if [ $? = 0 ]; then
     cp -p /etc/TIMEZONE ${DIR}/etc/;
-    chmod 550 ${DIR}/etc/TIMEZONE
+    chmod 750 ${DIR}/etc/TIMEZONE
 fi
                         
 
 # For the /var/run
 chmod 770 ${DIR}/var/run
-chown root:${GROUP} ${DIR}/var/run
 
 # Moving the binary files
 cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
@@ -260,7 +239,6 @@ cp -pr util/rootcheck_control ${DIR}/bin
 cp -pr external/lua/src/ossec-lua ${DIR}/bin/
 cp -pr external/lua/src/ossec-luac ${DIR}/bin/
 cp -pr ../contrib/util.sh ${DIR}/bin/
-chown root:${GROUP} ${DIR}/bin/util.sh
 chmod +x ${DIR}/bin/util.sh
 
 # Local install chosen
@@ -290,23 +268,15 @@ fi
   
 cp -pr ../etc/internal_options.conf ${DIR}/etc/
 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
-chown root:${GROUP} ${DIR}/etc/decoder.xml
-chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
-chown root:${GROUP} ${DIR}/etc/internal_options.conf
-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
-chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1
-chown root:${GROUP} ${DIR}/etc/shared/*
-chown root:${GROUP} ${DIR}/agentless/*
-chown ${USER}:${GROUP} ${DIR}/.ssh
 chmod 440 ${DIR}/etc/decoder.xml
 chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
 chmod 440 ${DIR}/etc/internal_options.conf
 chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1
-chmod 550 ${DIR}/etc
+chmod 750 ${DIR}/etc
 chmod 770 ${DIR}/etc/shared
 chmod 440 ${DIR}/etc/shared/*
-chmod 550 ${DIR}/agentless/*
+chmod 750 ${DIR}/agentless/*
 rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
 chmod 700 ${DIR}/.ssh
 
@@ -316,11 +286,9 @@ sh ./init/fw-check.sh execute > /dev/nul
 cp -p ../active-response/*.sh ${DIR}/active-response/bin/
 cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
 
-chmod 550 ${DIR}/active-response/bin/*
-chown root:${GROUP} ${DIR}/active-response/bin/*
+chmod 750 ${DIR}/active-response/bin/*
 
-chown root:${GROUP} ${DIR}/bin/*
-chmod 550 ${DIR}/bin/*
+chmod 750 ${DIR}/bin/*
 
 
 # Moving the config file
@@ -331,12 +299,11 @@ fi
 
 ls ../etc/ossec.mc > /dev/null 2>&1
 if [ $? = 0 ]; then
-    cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
+    cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf.sample
 else    
-    cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf
+    cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf.sample
 fi
-chown root:${GROUP} ${DIR}/etc/ossec.conf
-chmod 440 ${DIR}/etc/ossec.conf
+chmod 640 ${DIR}/etc/ossec.conf.sample
 
 
 

Lines 1-5 Link Here

(-)security/ossec-hids-server/files/patch-src__LOCATION (-5 lines)
1	--- src/LOCATION.orig 2015-10-12 21:21:06 UTC
2	+++ src/LOCATION
3	@@ -1 +1 @@
4	-DIR="/var/ossec"
5	+DIR="/usr/ports/security/ossec-hids-server/work/stage/usr/local/ossec-hids"

Lines 1-11 Link Here

(-)security/ossec-hids-server/files/patch-src__headers__defs.h (-11 lines)
1	--- src/headers/defs.h.orig 2015-10-12 21:21:06 UTC
2	+++ src/headers/defs.h
3	@@ -98,7 +98,7 @@ http://www.ossec.net/main/license/\n"
4	#endif
5
6	#ifndef DEFAULTDIR
7	- #define DEFAULTDIR "/var/ossec"
8	+ #define DEFAULTDIR "/usr/local/ossec-hids"
9	#endif
10
11

Lines 1-11 Link Here

(-)security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema (-11 lines)
1	--- src/os_dbd/mysql.schema.orig 2015-10-12 21:21:06 UTC
2	+++ src/os_dbd/mysql.schema
3	@@ -45,7 +45,7 @@ CREATE TABLE server
4	last_contact INT UNSIGNED NOT NULL,
5	version VARCHAR(32) NOT NULL,
6	hostname VARCHAR(64) NOT NULL UNIQUE,
7	- information VARCHAR(128) NOT NULL,
8	+ information TEXT NOT NULL,
9	PRIMARY KEY (id)
10	);
11

Lines 1-11 Link Here

(-)security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema (-11 lines)
1	--- src/os_dbd/postgresql.schema.orig 2015-10-12 21:21:06 UTC
2	+++ src/os_dbd/postgresql.schema
3	@@ -47,7 +47,7 @@ CREATE TABLE server
4	last_contact INT8 NOT NULL,
5	version VARCHAR(32) NOT NULL,
6	hostname VARCHAR(64) NOT NULL UNIQUE,
7	- information VARCHAR(128) NOT NULL,
8	+ information TEXT NOT NULL,
9	PRIMARY KEY (id)
10	);
11




After installation, you need to edit the ossec.conf file to reflect
the correct settings for your environment.  All the files related
to %%PORTNAME%% have been installed in %%PREFIX%%/%%PORTNAME%% and
its subdirectories.

For information on proper configuration, see http://www.ossec.net/.

To enable the startup script, add ossechids_enable="YES" to
/etc/rc.conf.  To enable database output, execute:

%%PREFIX%%/%%PORTNAME%%/bin/ossec-control enable database

Then check this documentation:

http://www.ossec.net/doc/manual/output/database-output.html

When you deinstall this port after starting the daemons once, many
directories that are created by the daemons will remain.  To fully
remove the port you need to delete those directories manually.  To
further enhance the security on your system, you may also enable
some checks in PAM for a fast reaction against intrusions.

Lines 1-6 Link Here

(-)security/ossec-hids-server/pkg-descr (-6 lines)
1	OSSEC is an Open Source Host-based Intrusion Detection System.
2	It performs log analysis, integrity checking, Windows registry
3	monitoring, rootkit detection, time-based alerting and active
4	response.
5
6	WWW: http://www.ossec.net/




%%PORTNAME%%/active-response/bin/disable-account.sh
%%PORTNAME%%/active-response/bin/firewall-drop.sh
%%PORTNAME%%/active-response/bin/host-deny.sh
%%PORTNAME%%/active-response/bin/ip-customblock.sh
%%PORTNAME%%/active-response/bin/ipfw_mac.sh
%%PORTNAME%%/active-response/bin/ipfw.sh
%%PORTNAME%%/active-response/bin/ossec-tweeter.sh
%%PORTNAME%%/active-response/bin/pf.sh
%%PORTNAME%%/active-response/bin/restart-ossec.sh
%%PORTNAME%%/active-response/bin/route-null.sh
%%PORTNAME%%/bin/agent_control
%%PORTNAME%%/bin/clear_stats
%%PORTNAME%%/bin/list_agents
%%PORTNAME%%/bin/manage_agents
%%PORTNAME%%/bin/ossec-agentlessd
%%PORTNAME%%/bin/ossec-analysisd
%%PORTNAME%%/bin/ossec-authd
%%PORTNAME%%/bin/ossec-control
%%PORTNAME%%/bin/ossec-csyslogd
%%PORTNAME%%/bin/ossec-dbd
%%PORTNAME%%/bin/ossec-execd
%%PORTNAME%%/bin/ossec-logcollector
%%PORTNAME%%/bin/ossec-logtest
%%PORTNAME%%/bin/ossec-lua
%%PORTNAME%%/bin/ossec-luac
%%PORTNAME%%/bin/ossec-maild
%%PORTNAME%%/bin/ossec-makelists
%%PORTNAME%%/bin/ossec-monitord
%%PORTNAME%%/bin/ossec-regex
%%PORTNAME%%/bin/ossec-remoted
%%PORTNAME%%/bin/ossec-reportd
%%PORTNAME%%/bin/ossec-syscheckd
%%PORTNAME%%/bin/rootcheck_control
%%PORTNAME%%/bin/syscheck_control
%%PORTNAME%%/bin/syscheck_update
%%PORTNAME%%/bin/util.sh
%%PORTNAME%%/bin/verify-agent-conf
@group ossec
%%PORTNAME%%/etc/decoder.xml
%%PORTNAME%%/etc/internal_options.conf
@sample %%PORTNAME%%/etc/ossec.conf.sample
%%PORTNAME%%/etc/shared/rootkit_files.txt
%%PORTNAME%%/etc/shared/rootkit_trojans.txt
%%PORTNAME%%/etc/shared/system_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
%%PORTNAME%%/etc/shared/win_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_malware_rcl.txt
%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
@owner
@group
@mode
%%PORTNAME%%/rules/apache_rules.xml
%%PORTNAME%%/rules/arpwatch_rules.xml
%%PORTNAME%%/rules/asterisk_rules.xml
%%PORTNAME%%/rules/attack_rules.xml
%%PORTNAME%%/rules/cimserver_rules.xml
%%PORTNAME%%/rules/cisco-ios_rules.xml
%%PORTNAME%%/rules/clam_av_rules.xml
%%PORTNAME%%/rules/courier_rules.xml
%%PORTNAME%%/rules/dovecot_rules.xml
%%PORTNAME%%/rules/dropbear_rules.xml
%%PORTNAME%%/rules/firewall_rules.xml
%%PORTNAME%%/rules/ftpd_rules.xml
%%PORTNAME%%/rules/hordeimp_rules.xml
%%PORTNAME%%/rules/ids_rules.xml
%%PORTNAME%%/rules/imapd_rules.xml
%%PORTNAME%%/rules/local_rules.xml
%%PORTNAME%%/rules/mailscanner_rules.xml
%%PORTNAME%%/rules/mcafee_av_rules.xml
%%PORTNAME%%/rules/ms-exchange_rules.xml
%%PORTNAME%%/rules/ms-se_rules.xml
%%PORTNAME%%/rules/ms_dhcp_rules.xml
%%PORTNAME%%/rules/ms_ftpd_rules.xml
%%PORTNAME%%/rules/msauth_rules.xml
%%PORTNAME%%/rules/mysql_rules.xml
%%PORTNAME%%/rules/named_rules.xml
%%PORTNAME%%/rules/netscreenfw_rules.xml
%%PORTNAME%%/rules/nginx_rules.xml
%%PORTNAME%%/rules/openbsd_rules.xml
%%PORTNAME%%/rules/ossec_rules.xml
%%PORTNAME%%/rules/pam_rules.xml
%%PORTNAME%%/rules/php_rules.xml
%%PORTNAME%%/rules/pix_rules.xml
%%PORTNAME%%/rules/policy_rules.xml
%%PORTNAME%%/rules/postfix_rules.xml
%%PORTNAME%%/rules/postgresql_rules.xml
%%PORTNAME%%/rules/proftpd_rules.xml
%%PORTNAME%%/rules/pure-ftpd_rules.xml
%%PORTNAME%%/rules/racoon_rules.xml
%%PORTNAME%%/rules/roundcube_rules.xml
%%PORTNAME%%/rules/rules_config.xml
%%PORTNAME%%/rules/sendmail_rules.xml
%%PORTNAME%%/rules/smbd_rules.xml
%%PORTNAME%%/rules/solaris_bsm_rules.xml
%%PORTNAME%%/rules/sonicwall_rules.xml
%%PORTNAME%%/rules/spamd_rules.xml
%%PORTNAME%%/rules/squid_rules.xml
%%PORTNAME%%/rules/sshd_rules.xml
%%PORTNAME%%/rules/symantec-av_rules.xml
%%PORTNAME%%/rules/symantec-ws_rules.xml
%%PORTNAME%%/rules/syslog_rules.xml
%%PORTNAME%%/rules/telnetd_rules.xml
%%PORTNAME%%/rules/trend-osce_rules.xml
%%PORTNAME%%/rules/vmpop3d_rules.xml
%%PORTNAME%%/rules/vmware_rules.xml
%%PORTNAME%%/rules/vpn_concentrator_rules.xml
%%PORTNAME%%/rules/vpopmail_rules.xml
%%PORTNAME%%/rules/vsftpd_rules.xml
%%PORTNAME%%/rules/web_appsec_rules.xml
%%PORTNAME%%/rules/web_rules.xml
%%PORTNAME%%/rules/wordpress_rules.xml
%%PORTNAME%%/rules/zeus_rules.xml
@owner root
@group ossec
%%PORTNAME%%/agentless/main.exp
%%PORTNAME%%/agentless/register_host.sh
%%PORTNAME%%/agentless/ssh.exp
%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
%%PORTNAME%%/agentless/ssh_foundry_diff
%%PORTNAME%%/agentless/ssh_generic_diff
%%PORTNAME%%/agentless/ssh_integrity_check_bsd
%%PORTNAME%%/agentless/ssh_integrity_check_linux
%%PORTNAME%%/agentless/ssh_nopass.exp
%%PORTNAME%%/agentless/ssh_pixconfig_diff
%%PORTNAME%%/agentless/sshlogin.exp
%%PORTNAME%%/agentless/su.exp
@(ossec,,) %%PORTNAME%%/logs/active-responses.log
@(ossec,,) %%PORTNAME%%/logs/ossec.log
@mode 550
@dir %%PORTNAME%%/.ssh
@dir %%PORTNAME%%/active-response/bin
@dir %%PORTNAME%%/active-response
@dir %%PORTNAME%%/agentless
@dir %%PORTNAME%%/bin
@dir %%PORTNAME%%/etc/shared
@dir %%PORTNAME%%/etc
@dir %%PORTNAME%%/queue/rootcheck
@dir %%PORTNAME%%/rules
@dir %%PORTNAME%%/tmp
@mode 770
@dir %%PORTNAME%%/var/run
@mode 550
@dir %%PORTNAME%%/var
@owner ossec
@mode 770
@dir %%PORTNAME%%/queue/alerts
@dir %%PORTNAME%%/queue/ossec
@mode 750
@dir %%PORTNAME%%/queue/fts
@dir %%PORTNAME%%/queue/syscheck
@dir %%PORTNAME%%/queue/diff
@dir %%PORTNAME%%/queue/agentless
@dir %%PORTNAME%%/stats
@dir %%PORTNAME%%/logs/alerts
@dir %%PORTNAME%%/logs/archives
@dir %%PORTNAME%%/logs/firewall
@dir %%PORTNAME%%/logs
@owner ossecr
@dir %%PORTNAME%%/queue/agent-info
@dir %%PORTNAME%%/queue/rids
@owner ossec
@mode 550
@dir %%PORTNAME%%/queue
@owner root
@mode 550
@dir %%PORTNAME%%

Line 0 Link Here

(-)security/ossec-hids-server-config/Makefile (+7 lines)
	1	# $FreeBSD$
	2
	3	OSSEC_TYPE= server
	4
	5	MASTERDIR= ${.CURDIR}/../ossec-hids-local-config
	6
	7	.include "${MASTERDIR}/Makefile"

Return to bug 232794

Line 0 Link Here

(-)security/ossec-hids/Makefile (+35 lines)
	1	# $FreeBSD$
	2
	3	PORTNAME= ossec-hids
	4	PORTVERSION= 3.1.0
	5	PORTREVISION=
	6	CATEGORIES= security
	7
	8	MAINTAINER= dominik.lisiak@bemsoft.pl
	9	COMMENT= Security tool to monitor and check logs and intrusions
	10
	11	LICENSE= GPLv2
	12
	13	RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}
	14
	15	USES= metaport
	16
	17	OPTIONS_DEFINE= CONFIG
	18
	19	OPTIONS_SINGLE= G_TYPE
	20	OPTIONS_SINGLE_G_TYPE= LOCAL AGENT SERVER
	21
	22	OPTIONS_DEFAULT= CONFIG LOCAL
	23
	24	CONFIG_DESC= Install configuration manager and samples
	25	G_TYPE_DESC= Installation type
	26	LOCAL_DESC= Analizes local data only (standalone)
	27	AGENT_DESC= Sends local data to the server for analysis
	28	SERVER_DESC= Analizes local data and data received from multiple agents
	29
	30	CONFIG_VARS= RUN_DEPENDS+=ossec-hids-${OSSEC_TYPE}-config>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}-config
	31	LOCAL_VARS= OSSEC_TYPE=local
	32	AGENT_VARS= OSSEC_TYPE=agent
	33	SERVER_VARS= OSSEC_TYPE=server
	34
	35	.include <bsd.port.mk>

Lines 1-13 Link Here

(-)security/ossec-hids-client/Makefile (-8 / +2 lines)
1	# Created by: Valerio Daelli <valerio.daelli@gmail.com>
2	# $FreeBSD$	1	# $FreeBSD$
3		2
4	PORTREVISION= 0	3	OSSEC_TYPE= agent
5	COMMENT= Client port of ossec-hids
6		4
7	CLIENT_ONLY= yes	5	MASTERDIR= ${.CURDIR}/../ossec-hids-local
8		6
9	MASTERDIR= ${.CURDIR}/../ossec-hids-server
10
11	PLIST= ${.CURDIR}/pkg-plist.client
12
13	.include "${MASTERDIR}/Makefile"	7	.include "${MASTERDIR}/Makefile"

Lines 1-69 Link Here

(-)security/ossec-hids-client/pkg-plist.client (-69 lines)
1	%%PORTNAME%%/active-response/bin/disable-account.sh
2	%%PORTNAME%%/active-response/bin/firewall-drop.sh
3	%%PORTNAME%%/active-response/bin/host-deny.sh
4	%%PORTNAME%%/active-response/bin/ip-customblock.sh
5	%%PORTNAME%%/active-response/bin/ipfw.sh
6	%%PORTNAME%%/active-response/bin/ipfw_mac.sh
7	%%PORTNAME%%/active-response/bin/ossec-tweeter.sh
8	%%PORTNAME%%/active-response/bin/pf.sh
9	%%PORTNAME%%/active-response/bin/restart-ossec.sh
10	%%PORTNAME%%/active-response/bin/route-null.sh
11	%%PORTNAME%%/bin/agent-auth
12	%%PORTNAME%%/bin/manage_agents
13	%%PORTNAME%%/bin/ossec-agentd
14	%%PORTNAME%%/bin/ossec-control
15	%%PORTNAME%%/bin/ossec-execd
16	%%PORTNAME%%/bin/ossec-logcollector
17	%%PORTNAME%%/bin/ossec-lua
18	%%PORTNAME%%/bin/ossec-luac
19	%%PORTNAME%%/bin/ossec-syscheckd
20	%%PORTNAME%%/bin/util.sh
21	@group ossec
22	%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
23	%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
24	%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
25	%%PORTNAME%%/etc/shared/rootkit_trojans.txt
26	%%PORTNAME%%/etc/shared/rootkit_files.txt
27	%%PORTNAME%%/etc/shared/system_audit_rcl.txt
28	%%PORTNAME%%/etc/shared/win_malware_rcl.txt
29	%%PORTNAME%%/etc/shared/win_audit_rcl.txt
30	%%PORTNAME%%/etc/shared/win_applications_rcl.txt
31	@sample %%PORTNAME%%/etc/ossec.conf.sample
32	%%PORTNAME%%/etc/internal_options.conf
33	@owner ossec
34	%%PORTNAME%%/logs/ossec.log
35	@owner
36	%%PORTNAME%%/agentless/main.exp
37	%%PORTNAME%%/agentless/sshlogin.exp
38	%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
39	%%PORTNAME%%/agentless/ssh_foundry_diff
40	%%PORTNAME%%/agentless/ssh_pixconfig_diff
41	%%PORTNAME%%/agentless/ssh_nopass.exp
42	%%PORTNAME%%/agentless/ssh_integrity_check_linux
43	%%PORTNAME%%/agentless/ssh_integrity_check_bsd
44	%%PORTNAME%%/agentless/ssh_generic_diff
45	%%PORTNAME%%/agentless/ssh.exp
46	%%PORTNAME%%/agentless/register_host.sh
47	%%PORTNAME%%/agentless/su.exp
48	@dir %%PORTNAME%%/agentless
49	@dir %%PORTNAME%%/active-response/bin
50	@dir %%PORTNAME%%/active-response
51	@dir %%PORTNAME%%/etc/shared
52	@dir %%PORTNAME%%/etc
53	@dir %%PORTNAME%%/tmp
54	@dir %%PORTNAME%%/var/run
55	@dir %%PORTNAME%%/var
56	@dir %%PORTNAME%%/queue/syscheck
57	@dir %%PORTNAME%%/queue/rids
58	@owner ossec
59	@dir %%PORTNAME%%/queue/ossec
60	@dir %%PORTNAME%%/queue/diff
61	@owner
62	@dir %%PORTNAME%%/queue/alerts
63	@dir %%PORTNAME%%/queue
64	@dir %%PORTNAME%%/logs
65	@dir %%PORTNAME%%/bin
66	@owner ossec
67	@dir %%PORTNAME%%/.ssh
68	@owner
69	@dir %%PORTNAME%%

Lines 1-11 Link Here

(-)security/ossec-hids-local/Makefile (-6 / +242 lines)
1	# Created by: Valerio Daelli <valerio.daelli@gmail.com>
2	# $FreeBSD$	1	# $FreeBSD$
3		2
4	PORTREVISION= 1	3	PORTNAME= ossec-hids
5	COMMENT= Client and server (local) port of ossec-hids	4	PORTVERSION= 3.1.0
		5	PORTREVISION=
		6	CATEGORIES= security
		7	PKGNAMESUFFIX= -${OSSEC_TYPE}
6		8
7	LOCAL_ONLY= yes	9	MAINTAINER= dominik.lisiak@bemsoft.pl
		10	COMMENT= Security tool to monitor and check logs and intrusions
8		11
9	MASTERDIR= ${.CURDIR}/../ossec-hids-server	12	LICENSE= GPLv2
		13	LICENSE_FILE= ${WRKSRC}/LICENSE
10		14
11	.include "${MASTERDIR}/Makefile"	15	OSSEC_TYPE?= local
		16
		17	.if ${OSSEC_TYPE} == local
		18	CONFLICTS_INSTALL= ossec-hids-client-* \
		19	ossec-hids-agent-* \
		20	ossec-hids-server-*
		21	.elif ${OSSEC_TYPE} == agent
		22	CONFLICTS_INSTALL= ossec-hids-client-* \
		23	ossec-hids-local-* \
		24	ossec-hids-server-*
		25	.elif ${OSSEC_TYPE} == server
		26	CONFLICTS_INSTALL= ossec-hids-client-* \
		27	ossec-hids-agent-* \
		28	ossec-hids-local-*
		29	.endif
		30
		31	.if ${OSSEC_TYPE} != agent
		32	RUN_DEPENDS= expect:lang/expect
		33	.endif
		34
		35	GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP
		36	INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify
		37	PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude
		38	ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq
		39
		40	USES= gmake readline ssl
		41	MYSQL_USE= mysql
		42	PGSQL_USES= pgsql
		43
		44	USE_GITHUB= yes
		45	GH_ACCOUNT= ossec
		46	USE_RC_SUBR= ossec-hids
		47
		48	.if ${OSSEC_TYPE} != agent
		49	USES+= shebangfix
		50	SHEBANG_LANG= expect
		51	expect_OLD_CMD= "/usr/bin/env expect"
		52	expect_CMD= ${LOCALBASE}/bin/expect
		53	SHEBANG_FILES= src/agentlessd/scripts/main.exp \
		54	src/agentlessd/scripts/ssh.exp \
		55	src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
		56	src/agentlessd/scripts/ssh_foundry_diff \
		57	src/agentlessd/scripts/ssh_generic_diff \
		58	src/agentlessd/scripts/ssh_integrity_check_bsd \
		59	src/agentlessd/scripts/ssh_integrity_check_linux \
		60	src/agentlessd/scripts/ssh_nopass.exp \
		61	src/agentlessd/scripts/ssh_pixconfig_diff \
		62	src/agentlessd/scripts/sshlogin.exp \
		63	src/agentlessd/scripts/su.exp
		64	.endif
		65
		66	OPTIONS_SUB= yes
		67	OPTIONS_DEFINE= DOCS INOTIFY
		68
		69	.if ${OSSEC_TYPE} != agent
		70	OPTIONS_DEFINE+= GEOIP PRELUDE ZEROMQ
		71
		72	OPTIONS_RADIO= DATABASE
		73	OPTIONS_RADIO_DATABASE= MYSQL PGSQL
		74	.endif
		75
		76	OPTIONS_DEFAULT= INOTIFY
		77
		78	INOTIFY_DESC= Kevent based real time monitoring
		79	PRELUDE_DESC= Sensor support from Prelude SIEM
80	ZEROMQ_DESC= ZeroMQ support (experimental)
81	DATABASE_DESC= Database output
82
83	GEOIP_VARS= OSSEC_ARGS+=USE_GEOIP=yes
84	INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes
85	PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes
86	ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes
87	MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
88	PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema
89
90	OSSEC_ARGS+= TARGET=${OSSEC_TYPE}
91	.if ${OSSEC_TYPE} == agent
92	STRIP_FILES= agent-auth \
93	manage_agents \
94	ossec-agentd \
95	ossec-execd \
96	ossec-logcollector \
97	ossec-lua \
98	ossec-luac \
99	ossec-syscheckd
100	.else
101	STRIP_FILES= agent_control \
102	clear_stats \
103	list_agents \
104	manage_agents \
105	ossec-agentlessd \
106	ossec-analysisd \
107	ossec-authd \
108	ossec-csyslogd \
109	ossec-dbd \
110	ossec-execd \
111	ossec-logcollector \
112	ossec-logtest \
113	ossec-lua \
114	ossec-luac \
115	ossec-maild \
116	ossec-makelists \
117	ossec-monitord \
118	ossec-regex \
119	ossec-remoted \
120	ossec-reportd \
121	ossec-syscheckd \
122	rootcheck_control \
123	syscheck_control \
124	syscheck_update \
125	verify-agent-conf
126	.endif
127	.if defined(MAINTAINER_MODE)
128	OSSEC_HOME= ${PREFIX}/${PORTNAME}
129	.else
130	OSSEC_HOME?= ${PREFIX}/${PORTNAME}
131	.endif
132	OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids
133	FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh
134	IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh
135	RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh
136	SHARED_DIR= ${OSSEC_HOME}/etc/shared
137	INTERNAL_OPTS_CONF= ${OSSEC_HOME}/etc/local_internal_options.conf
138
139	.if empty(USER)
140	USER=$$(${ID} -un)
141	.endif
142	.if empty(GROUP)
143	GROUP=$$(${ID} -gn)
144	.endif
145
146	.if !defined(MAINTAINER_MODE)
147	USER_ARGS+= OSSEC_GROUP=${GROUP} \
148	OSSEC_USER=${USER} \
149	OSSEC_USER_MAIL=${USER} \
150	OSSEC_USER_REM=${USER}
151	.endif
152	OSSEC_USER= ossec
153	OSSEC_GROUP= ossec
154	USERS= ${OSSEC_USER} ossecm ossecr
155	GROUPS= ${OSSEC_GROUP}
156
157	SUB_LIST+= PORTNAME=${PORTNAME} \
158	CATEGORY=${CATEGORIES:[1]} \
159	OSSEC_TYPE=${OSSEC_TYPE} \
160	OSSEC_HOME=${OSSEC_HOME} \
161	VERSION=${PORTVERSION} \
162	DB_TYPE=${DB_TYPE} \
163	DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
164	USER=${USER} \
165	OSSEC_USER=${OSSEC_USER} \
166	OSSEC_GROUP=${OSSEC_GROUP} \
167	OSSEC_RC=${OSSEC_RC}
168	SUB_FILES= pkg-install \
169	pkg-deinstall \
170	${PKGMSG_FILES} \
171	restart-ossec.sh
172
173	.if defined(MAINTAINER_MODE)
174	PLIST_SUB= OSSEC_HOME=${PORTNAME}
175	.else
176	PLIST_SUB= OSSEC_HOME=${OSSEC_HOME}
177	.endif
178	PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE}
179	DOCSFILES= BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md
180	PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
181	PKGMESSAGE= ${WRKDIR}/pkg-message
182	PKGMSG_FILES= message-header
183
184	CFLAGS+= -I${LOCALBASE}/include
185
186	BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
187	INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}
188
189	.include <bsd.port.pre.mk>
190
191	PKGMSG_FILES+= message-firewall message-config
192
193	post-patch:
194	@${REINPLACE_CMD} -e 's\|-DLUA_USE_LINUX\|& ${CPPFLAGS}\|' \
195	-e 's\|-lreadline\|& ${LDFLAGS}\|' \
196	${WRKSRC}/src/external/lua/src/Makefile
197
198	do-build:
199	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build
200
201	do-install:
202	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install
203
204	post-install:
205	@${MV} -f ${STAGEDIR}${INTERNAL_OPTS_CONF} ${STAGEDIR}${INTERNAL_OPTS_CONF}.sample
206	@${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN}
207	@${CP} -f ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN}
208	@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
209	.if defined(MAINTAINER_MODE)
210	@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
211	.endif
212
213	.if ${OSSEC_TYPE} == agent
214	.if defined(MAINTAINER_MODE)
215	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
216	.else
217	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
218	.endif
219	.endif
220	@${ECHO_CMD} -n > ${PKGMESSAGE}
221	.for file_name in ${PKGMSG_FILES}
222	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
223	@${ECHO_CMD} >> ${PKGMESSAGE}
224	.endfor
225	.for file_name in ${STRIP_FILES}
226	@${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name}
227	.endfor
228
229	.if defined(MAINTAINER_MODE)
230	plist: makeplist
231	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
232	.endif
233
234	post-install-DOCS-on:
235	@${MKDIR} ${STAGEDIR}${DOCSDIR}
236	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
237	@cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample
238
239	post-install-MYSQL-on:
240	@${MKDIR} ${STAGEDIR}${DOCSDIR}
241	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
242
243	post-install-PGSQL-on:
244	@${MKDIR} ${STAGEDIR}${DOCSDIR}
245	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
246
247	.include <bsd.port.post.mk>

Line 0 Link Here

(-)security/ossec-hids-local/files/message-firewall.in (+12 lines)
	1	If you intend to use "firewall-drop" active response on this OSSEC instance
	2	create the script:
	3	%%OSSEC_HOME%%/active-response/bin/firewall-drop.sh
	4
	5	You can copy or hard link (symbolic link is not supported) one of the scripts
	6	already provided by OSSEC:
	7	%%OSSEC_HOME%%/active-response/bin/ipfilter.sh
	8	%%OSSEC_HOME%%/active-response/bin/ipfw.sh
	9	%%OSSEC_HOME%%/active-response/bin/pf.sh
	10
	11	For further steps see the documentation:
	12	https://www.ossec.net/docs/syntax/head_ossec_config.active-response.html

Line 0 Link Here

(-)security/ossec-hids-local/files/ossec-hids.in (+537 lines)
		1	#!/bin/sh
		2	#
		3	# PROVIDE: ossec_hids
		4	# REQUIRE: DAEMON
		5	# BEFORE: LOGIN
		6	# KEYWORD: shutdown
		7
		8	# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%.
		9	# Default: NO
		10	# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup.
		11	# Default: NO
		12	# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup.
		13	# Default: NO
		14	# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start.
		15	# Used only by agent installation.
		16	# Default: 30
		17	# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration.
		18	# Used only by agent installation.
		19	# Default: 10
		20
		21	. /etc/rc.subr
		22
		23	name="ossec_hids"
		24	rcvar=ossec_hids_enable
		25
		26	load_rc_config $name
		27
		28	: ${ossec_hids_enable="NO"}
		29	: ${ossec_hids_clear_log="NO"}
		30	: ${ossec_hids_clear_ar_log="NO"}
		31	: ${ossec_hids_fetch_connect_time=30}
		32	: ${ossec_hids_fetch_read_time=10}
		33
		34	ossec_type="%%OSSEC_TYPE%%"
		35	ossec_home="%%OSSEC_HOME%%"
		36
		37	ossec_conf="${ossec_home}/etc/ossec.conf"
		38	ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
		39	ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"
		40
		41	agent_conf="${ossec_home}/etc/shared/agent.conf"
		42	agent_conf_dir="${ossec_home}/etc/agent.conf.d"
		43	agent_conf_bin="${ossec_home}/bin/config/agent-conf"
		44
		45	ossec_client_keys="${ossec_home}/etc/client.keys"
		46	ossec_ar_tmp="${ossec_home}/active-response"
		47	ossec_log="${ossec_home}/logs/ossec.log"
		48	ossec_ar_log="${ossec_home}/logs/active-responses.log"
		49	ossec_merged="${ossec_home}/etc/shared/merged.mg"
		50
		51	ossec_local_time="/etc/localtime"
		52
		53	extra_commands="help status reload ossec_conf"
		54	case ${ossec_type} in
		55	server)
		56	extra_commands="${extra_commands} agent_conf manage_agent reset_counter"
		57	;;
		58	agent)
		59	extra_commands="${extra_commands} agent_conf manage_agent reset_counter config_profile fetch_config"
		60	;;
		61	esac
		62	if [ -x "${ossec_conf_bin}" ]; then
		63	extra_commands="${extra_commands} merge_config"
		64	fi
65
66	ossec_rc_command=$1
67	shift 1
68
69	help_cmd="ossec_hids_help $@"
70	start_cmd="ossec_hids_command start $@"
71	stop_cmd="ossec_hids_command stop $@"
72	restart_cmd="ossec_hids_command restart $@"
73	status_cmd="ossec_hids_command status $@"
74	reload_cmd="ossec_hids_command reload $@"
75	manage_agent_cmd="ossec_hids_manage_agent $@"
76	reset_counter_cmd="ossec_hids_reset_counter $@"
77	config_profile_cmd="ossec_hids_config_profile $@"
78	fetch_config_cmd="ossec_hids_fetch_config $@"
79	merge_config_cmd="ossec_hids_create_config force $@"
80	ossec_conf_cmd="ossec_hids_ossec_conf $@"
81	agent_conf_cmd="ossec_hids_agent_conf $@"
82
83	start_precmd="ossec_hids_create_env && ossec_hids_create_config && ossec_hids_clean && ossec_hids_check"
84	restart_precmd="${start_precmd}"
85	reload_precmd="ossec_hids_create_env && ossec_hids_create_config"
86	config_profile_precmd="ossec_hids_check"
87	fetch_config_precmd="${start_precmd}"
88
89	agent_ids_cmd="${ossec_home}/bin/manage_agents -l \| sed -En -e 's\|.ID:[[:space:]]([[:digit:]]+).*\|\1\|p'"
90	agent_names_cmd="${ossec_home}/bin/manage_agents -l \| sed -En -e 's\|.Name:[[:space:]]([^,]+).*\|\1\|p'"
91
92	ossec_hids_help() {
93	local indent=" "
94
95	echo "Additional commands:"
96	echo
97
98	for command in ${extra_commands}; do
99	case ${command} in
100	ossec_conf)
101	echo "${command}"
102	if [ -x "${ossec_conf_bin}" ]; then
103	echo "${indent}Displays the \"ossec.conf\" as it would have been produced"
104	echo "${indent}by merging files from \"ossec.conf.d\" directory."
105	echo "${indent}Does not overwrite the actual \"ossec.conf\"."
106	else
107	echo "${indent}Displays the current \"ossec.conf\"."
108	fi
109	echo
110	;;
111	agent_conf)
112	echo "${command}"
113	if [ -x "${agent_conf_bin}" ]; then
114	echo "${indent}Displays the \"agent.conf\" as it would have been produced"
115	echo "${indent}by merging files from \"agent.conf.d\" directory."
116	echo "${indent}Does not overwrite the actual \"agent.conf\"."
117	else
118	echo "${indent}Displays the current \"agent.conf\"."
119	fi
120	echo
121	;;
122	manage_agent)
123	echo "${command} [...]"
124	echo "${indent}Executes OSSEC Agent Manager."
125	echo "${indent}Any additional arguments will be passed along (-h for help)."
126	echo "${indent}Use this command to export and import agent keys."
127	echo
128	;;
129	reset_counter)
130	case ${ossec_type} in
131	server)
132	echo "${command} <agent_name>"
133	echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter(s)."
134	echo "${indent}Only the counter for the given <agent_name> is reset."
135	echo "${indent}If the <agent_name> is \"-\", then counters for all agents are reset."
136	;;
137	agent)
138	echo "${command}"
139	echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter."
140	;;
141	esac
142	echo "${indent}Use this command on both the server and the agent to bring back connectivity."
143	echo "${indent}The typical scenario for desynchronization of counters is one of the OSSEC"
144	echo "${indent}instances has been restored from backup."
145	echo "${indent}Use the following procedure:"
146	echo "${indent}1. Reset counter on the agent."
147	echo "${indent}2. Reset counter on the server for that specific agent."
148	echo "${indent}3. Start the server."
149	echo "${indent}4. Start the agent."
150	echo
151	;;
152	config_profile)
153	echo "${command}"
154	echo "${indent}Displays a list (i.e. union of sets) of applicable (to this agent) configuration"
155	echo "${indent}profiles sent by the server (current \"agent.conf\") merged with configuration"
156	echo "${indent}profiles enabled on this agent (current \"ossec.conf\"). Each entry on the list"
157	echo "${indent}is marked with one of the following markers:"
158	echo "${indent}(+) - The profile is sent by the server and is enabled on this agent."
159	echo "${indent}(-) - The profile is sent by the server and is applicable for this agent, but is"
160	echo "${indent} not enabled in the \"ossec.conf\"."
161	echo "${indent}(?) - The profile is enabled on this agent, but is not sent by the server or is"
162	echo "${indent} not applicable to this agent."
163	echo
164	;;
165	fetch_config)
166	echo "${command}"
167	echo "${indent}(Re)starts the agent with a fresh copy of server shared configuration (including"
168	echo "${indent}\"agent.conf\"). Command can also be used to ensure server connectivity."
169	echo
170	;;
171	merge_config)
172	echo "${command}"
173	echo "${indent}Creates \"ossec.conf\" by merging files from \"ossec.conf.d\" directory."
174	case ${ossec_type} in
175	server)
176	echo "${indent}Creates \"agent.conf\" by merging files from \"agent.conf.d\" directory."
177	;;
178	esac
179	echo "${indent}Usually you do not need to run this command, because configuration files will"
180	echo "${indent}be merged before OSSEC startup if any of them has been modified/created/deleted"
181	echo "${indent}since the last merging. This command, however, does merging unconditionally."
182	echo
183	;;
184	esac
185	done
186
187	echo "To avoid problems with this script and the port in general, keep your XML-like"
188	echo "configuration pretty printed. Place element tags in single and separate lines."
189	echo "Comments can span on multiple but still separate lines."
190	echo "Do NOT use the following formatting:"
191	echo
192	echo "${indent}<elementA"
193	echo "${indent}${indent}attribute=\"value\"><!-- I am a long and"
194	echo "${indent}${indent}${indent}descriptive comment -->"
195	echo "${indent}${indent}<elementB>"
196	echo "${indent}${indent}${indent}Some content"
197	echo "${indent}${indent}</elementB><elementC>"
198	echo "${indent}${indent}${indent}Another content</elementC>"
199	echo "${indent}</elementA>"
200	echo
201	echo "Use instead:"
202	echo
203	echo "${indent}<elementA attribute=\"value\">"
204	echo "${indent}${indent}<!-- I am a long and"
205	echo "${indent}${indent}descriptive comment -->"
206	echo "${indent}${indent}<elementB>Some content</elementB>"
207	echo "${indent}${indent}<elementC>Another content</elementC>"
208	echo "${indent}</elementA>"
209	echo
210	}
211
212	ossec_hids_create_file() {
213	local path=$1
214	local owner=$2
215	local mode=$3
216
217	if [ ! -e "${path}" ]; then
218	touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
219	fi
220	}
221
222	ossec_hids_check() {
223	case ${ossec_type} in
224	server)
225	if [ ! -s "${ossec_client_keys}" ]; then
226	echo "WARNING: There are no client keys created - remote connections will be disabled."
227	echo
228	fi
229	;;
230	agent)
231	if [ ! -s "${ossec_client_keys}" ]; then
232	echo "WARNING: There are is no client key imported - connection to server not possible."
233	echo
234	else
235	if [ $(eval ${agent_ids_cmd} \| wc -l) -gt 1 ]; then
236	echo "ERROR: There are multiple client keys imported - only one is allowed."
237	echo
238	return 1
239	fi
240	fi
241	;;
242	esac
243
244	return 0
245	}
246
247	ossec_hids_inline_content() {
248	local element="$1"
249	sed -En "s\|.<${element}>(.)</${element}>.*\|\1\|p"
250	}
251
252	ossec_hids_remove_comments() {
253	# Comments must be on separate lines i.e. not next to uncommented code
254	awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
255	}
256
257	ossec_hids_config_profile() {
258	if [ ! -f "${ossec_conf}" ]; then
259	echo -n "ERROR: The \"${ossec_conf}\" is missing."
260	if [ -x "${ossec_conf_bin}" ]; then
261	echo " Run:"
262	echo "$(realpath $0) merge_config"
263	else
264	echo
265	fi
266	echo
267	return 1
268	fi
269	if [ ! -f "${agent_conf}" ]; then
270	echo "ERROR: The \"${agent_conf}\" is missing. Run:"
271	echo "$(realpath $0) fetch_config"
272	echo
273	return 1
274	fi
275
276	local os="FreeBSD"
277	local name=$(eval ${agent_names_cmd})
278
279	local server_profiles=`ossec_hids_remove_comments < "${agent_conf}" \| sed -En \
280	-e "s\|.<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]>.*\|\1\|p" \
281	-e "s\|.<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]>.*\|\1\|p" \
282	-e "s\|.<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]>.*\|\1\|p" \
283	-e "s\|.<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]>.*\|\1\|p" \
284	-e "s\|.<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]>.*\|\1\|p" \
285	-e "s\|.<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]+name=\"${name}\"[[:space:]]>.*\|\1\|p" \
286	-e "s\|.<agent_config[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]+os=\"${os}\"[[:space:]]>.*\|\1\|p" \
287	-e "s\|.<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+name=\"${name}\"[[:space:]]>.*\|\1\|p" \
288	-e "s\|.<agent_config[[:space:]]+os=\"${os}\"[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]>.*\|\1\|p" \
289	-e "s\|.<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]+os=\"${os}\"[[:space:]]>.*\|\1\|p" \
290	-e "s\|.<agent_config[[:space:]]+name=\"${name}\"[[:space:]]+os=\"${os}\"[[:space:]]+profile=\"([^\"]+)\"[[:space:]]>.*\|\1\|p" \
291	\| sort -u`
292
293	local agent_profiles=$(ossec_hids_remove_comments < "${ossec_conf}" \| ossec_hids_inline_content "config-profile" \| sed -E 's\|[[:space:]],[[:space:]]\| \|g')
294
295	local output=""
296	for server_profile in ${server_profiles}; do
297	local matching_profile=""
298	for agent_profile in ${agent_profiles}; do
299	if [ "${agent_profile}" == "${server_profile}" ]; then
300	matching_profile="${agent_profile}"
301	break
302	fi
303	done
304	if [ -n "${matching_profile}" ]; then
305	output="${output}(+) ${server_profile}
306	"
307	else
308	output="${output}(-) ${server_profile}
309	"
310	fi
311	done
312	for agent_profile in ${agent_profiles}; do
313	local matching_profile=""
314	for server_profile in ${server_profiles}; do
315	if [ "${server_profile}" == "${agent_profile}" ]; then
316	matching_profile="${server_profile}"
317	break
318	fi
319	done
320	if [ -z "${matching_profile}" ]; then
321	output="${output}(?) ${agent_profile}
322	"
323	fi
324	done
325
326	echo -n "${output}" \| sort -k 2
327	}
328
329	ossec_hids_config_is_outdated() {
330	local dst_file="$1"
331	local src_dir="$2"
332
333	if [ ! -e "${dst_file}" ]; then
334	return 0
335	fi
336
337	if [ "${src_dir}" -nt "${dst_file}" ]; then
338	return 0
339	fi
340
341	for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do
342	if [ "${src_file}" -nt "${dst_file}" ]; then
343	return 0
344	fi
345	done
346
347	return 1
348	}
349
350	ossec_hids_create_config() {
351	case ${ossec_type} in
352	server)
353	if [ -x "${agent_conf_bin}" ]; then
354	# Merge agent.conf.d files into agent.conf
355	if [ "$1" == "force" ] \|\| ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
356	ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
357	"${agent_conf_bin}" > "${agent_conf}"
358	fi
359	fi
360	;;
361	esac
362
363	if [ -x "${ossec_conf_bin}" ]; then
364	# Merge ossec.conf.d files into ossec.conf
365	if [ "$1" == "force" ] \|\| ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
366	ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
367	"${ossec_conf_bin}" > "${ossec_conf}"
368	fi
369	fi
370
371	return 0
372	}
373
374	ossec_hids_create_env() {
375	# Copy required files from outside of home directory
376	if [ ! -e "${ossec_local_time}" ]; then
377	echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"."
378	echo
379	return 1
380	fi
381	install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
382
383	return 0
384	}
385
386	ossec_hids_clean() {
387	if [ "${ossec_type}" == "server" ]; then
388	rm -f "${ossec_merged}"
389	fi
390
391	if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then
392	echo -n > "${ossec_log}"
393	fi
394
395	if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then
396	echo -n > "${ossec_ar_log}"
397	fi
398
399	return 0
400	}
401
402	ossec_hids_reset_counter() {
403	local agent_name="$1"
404
405	ossec_hids_command stop
406	sleep 1
407	echo
408
409	case ${ossec_type} in
410	server)
411	if [ -z "${agent_name}" ]; then
412	echo "ERROR: Specify agent name to reset counter for this agent or \"-\" to reset counters for all agents."
413	echo
414	return 1
415	fi
416	local agent_counter=0
417	if [ "${agent_name}" == "-" ]; then
418	for agent_id in $(eval ${agent_ids_cmd}); do
419	if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
420	rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
421	fi
422	done
423	else
424	local agent_id=`${ossec_home}/bin/manage_agents -l \| sed -En -e "s\|.ID:[[:space:]]([[:digit:]]+),[[:space:]]Name:[[:space:]]${agent_name},.\|\1\|p"`
425	if [ -n "${agent_id}" ]; then
426	if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
427	rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
428	fi
429	fi
430	fi
431	echo "Removed ${agent_counter} counter(s)."
432	echo
433	;;
434	agent)
435	local agent_counter=0
436	for agent_id in $(eval ${agent_ids_cmd}); do
437	# Should be executed only once
438	if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
439	rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
440	fi
441	done
442	echo "Removed ${agent_counter} counter(s)."
443	echo
444	;;
445	esac
446
447	return 0
448	}
449
450	ossec_hids_fetch_config() {
451	ossec_hids_command stop
452	sleep 1
453	echo
454	rm -f "${ossec_merged}"
455	ossec_hids_command start \|\| return 1
456	echo
457	echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start."
458	sleep ${ossec_hids_fetch_connect_time}
459	if [ ! -s "${ossec_merged}" ]; then
460	echo "ERROR: Failed to download shared configuration from the OSSEC server."
461	echo
462	local ossec_log_tail=$(tail "${ossec_log}")
463	echo "Portion of the \"${ossec_log}\":"
464	echo "${ossec_log_tail}"
465	echo
466	if echo "${ossec_log_tail}" \| grep -q "ERROR: Unable to send message to"; then
467	echo "Check if your configuration contains the correct server address in \"server-ip\" option."
468	echo
469	else
470	local ossec_rc_path="$(realpath $0)"
471	echo "Is the imported agent key correct? To import it run:"
472	echo "${ossec_rc_path} manage_agent"
473	echo
474	echo "If you are certain the imported agent key is correct, then run:"
475	echo "${ossec_rc_path} reset_counter"
476	echo "${ossec_rc_path} fetch_config"
477	echo
478	echo "If this does't help, you need to reset counter on the server."
479	echo "If the server runs FreeBSD port of OSSEC, run:"
480	echo "On the agent:"
481	echo "${ossec_rc_path} reset_counter"
482	echo "On the server:"
483	echo "${ossec_rc_path} reset_counter $(eval ${agent_names_cmd})"
484	echo "${ossec_rc_path} start"
485	echo "On the agent:"
486	echo "${ossec_rc_path} fetch_config"
487	echo
488	fi
489	ossec_hids_command stop
490	return 1
491	else
492	# The download has started
493	while true; do
494	local current_time=$(date +%s)
495	local modification_time=$(stat -f %m "${ossec_merged}")
496	if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then
497	echo "Download finished."
498	echo
499	ossec_hids_command restart \|\| return 1
500	break;
501	else
502	echo "Download in progress..."
503	sleep ${ossec_hids_fetch_read_time}
504	fi
505	done
506	fi
507
508	return 0
509	}
510
511	ossec_hids_ossec_conf() {
512	if [ -x "${ossec_conf_bin}" ]; then
513	"${ossec_conf_bin}"
514	elif [ -f "${ossec_conf}" ]; then
515	cat "${ossec_conf}"
516	fi
517	}
518
519	ossec_hids_agent_conf() {
520	if [ -x "${agent_conf_bin}" ]; then
521	"${agent_conf_bin}"
522	elif [ -f "${agent_conf}" ]; then
523	cat "${agent_conf}"
524	fi
525	}
526
527	ossec_hids_manage_agent() {
528	"${ossec_home}/bin/manage_agents" $@
529	return $?
530	}
531
532	ossec_hids_command() {
533	"${ossec_home}/bin/ossec-control" $1
534	return $?
535	}
536
537	run_rc_command "${ossec_rc_command}"

Line 0 Link Here

(-)security/ossec-hids-local/files/pkg-deinstall.in (+18 lines)
	1	#!/bin/sh
	2
	3	ossec_home="%%OSSEC_HOME%%"
	4	ar_conf="${ossec_home}/etc/shared/ar.conf"
	5	merged_mg="${ossec_home}/etc/shared/merged.mg"
	6	client_keys="${ossec_home}/etc/client.keys"
	7	firewall_drop="${ossec_home}/active-response/bin/firewall-drop.sh"
	8	local_time="${ossec_home}/etc/localtime"
	9
	10	if [ "$2" == "DEINSTALL" ]; then
	11	rm -f "${ar_conf}"
	12	rm -f "${merged_mg}"
	13	if [ ! -s "${client_keys}" ]; then
	14	rm -f "${client_keys}"
	15	fi
	16	rm -f "${firewall_drop}"
	17	rm -f "${local_time}"
	18	fi

Line 0 Link Here

(-)security/ossec-hids-local/files/pkg-install.in (+23 lines)
	1	#!/bin/sh
	2
	3	ossec_home="%%OSSEC_HOME%%"
	4	client_keys="${ossec_home}/etc/client.keys"
	5
	6	create_file() {
	7	local path=$1
	8	local owner=$2
	9	local mode=$3
	10
	11	if [ ! -e "${path}" ]; then
	12	touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
	13	fi
	14	}
	15
	16	if [ "$2" == "POST-INSTALL" ]; then
	17	pw usermod %%OSSEC_USER%% -d "${ossec_home}"
	18	pw usermod ossecm -d "${ossec_home}"
	19	pw usermod ossecr -d "${ossec_home}"
	20	chown %%USER%%:%%OSSEC_GROUP%% "${ossec_home}"
	21
	22	create_file "${client_keys}" root:ossec 0640
	23	fi

Line 0 Link Here

(-)security/ossec-hids-local/files/restart-ossec.sh.in (+32 lines)
	1	#!/bin/sh
	2
	3	# This script is part of FreeBSD port - report any issues to the port MAINTAINER
	4
	5	ossec_type="%%OSSEC_TYPE%%"
	6	ossec_home="%%OSSEC_HOME%%"
	7	ossec_rc="%%OSSEC_RC%%"
	8
	9	ACTION=$1
	10	USER=$2
	11	IP=$3
	12
	13	LOCAL=`dirname $0`;
	14	cd $LOCAL
	15	cd ../../tmp
	16
	17	# Logging the call
	18	echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log"
	19
	20	case ${ACTION} in
	21	add)
	22	"${ossec_rc}" restart
	23	exit 0
	24	;;
	25	delete)
	26	exit 0
	27	;;
	28	*)
	29	echo "$0: invalid action: ${ACTION}"
	30	exit 1
	31	;;
	32	esac

Line 0 Link Here

(-)security/ossec-hids-local/pkg-plist-agent (+79 lines)
		1	@dir(,ossec,0550) %%OSSEC_HOME%%
		2	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
		3	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
		4	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
		5	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
		6	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
		7	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
		8	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
		9	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
		10	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
		11	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
		12	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
		13	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
		14	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
		15	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
		16	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
		17	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
		18	@dir(,,0550) %%OSSEC_HOME%%/bin
		19	@(,,0550) %%OSSEC_HOME%%/bin/agent-auth
		20	@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
		21	@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd
		22	@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
		23	@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
		24	@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
		25	@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
		26	@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
		27	@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
		28	@(,,0550) %%OSSEC_HOME%%/bin/util.sh
		29	@dir(,ossec,0550) %%OSSEC_HOME%%/etc
		30	@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
		31	@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
		32	@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
		33	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
		34	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
		35	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
		36	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
		37	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
		38	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
		39	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
		40	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
		41	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
		42	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
		43	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
		44	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
		45	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
		46	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
		47	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
		48	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
		49	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
		50	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
		51	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
		52	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
		53	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
		54	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
		55	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
		56	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
		57	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
		58	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
		59	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
		60	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
		61	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
		62	@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
		63	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
		64	@dir(,ossec,0550) %%OSSEC_HOME%%/queue
65	@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
66	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
67	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
68	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids
69	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
70	@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
71	@dir(,ossec,0550) %%OSSEC_HOME%%/var
72	@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
73	%%PORTDOCS%%%%DOCSDIR%%/BUGS
74	%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
75	%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
76	%%PORTDOCS%%%%DOCSDIR%%/LICENSE
77	%%PORTDOCS%%%%DOCSDIR%%/README.md
78	%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
79	%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample

Line 0 Link Here

(-)security/ossec-hids-local/pkg-plist-local (+200 lines)
		1	@dir(,ossec,0550) %%OSSEC_HOME%%
		2	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
		3	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
		4	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
		5	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
		6	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
		7	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
		8	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
		9	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
		10	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
		11	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
		12	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
		13	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
		14	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
		15	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
		16	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
		17	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
		18	@dir(,ossec,0550) %%OSSEC_HOME%%/agentless
		19	@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
		20	@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
		21	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
		22	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
		23	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
		24	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
		25	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
		26	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
		27	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
		28	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
		29	@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
		30	@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
		31	@dir(,,0550) %%OSSEC_HOME%%/bin
		32	@(,,0550) %%OSSEC_HOME%%/bin/agent_control
		33	@(,,0550) %%OSSEC_HOME%%/bin/clear_stats
		34	@(,,0550) %%OSSEC_HOME%%/bin/list_agents
		35	@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
		36	@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
		37	@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
		38	@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
		39	@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
		40	@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
		41	@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
		42	@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
		43	@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
		44	@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
		45	@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
		46	@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
		47	@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
		48	@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
		49	@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
		50	@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
		51	@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
		52	@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
		53	@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
		54	@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
		55	@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
		56	@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
		57	@(,,0550) %%OSSEC_HOME%%/bin/util.sh
		58	@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
		59	@dir(,ossec,0550) %%OSSEC_HOME%%/etc
		60	@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
		61	@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
		62	@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
		63	@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
		64	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
65	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
66	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
67	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
68	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
69	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
70	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
71	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
72	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
73	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
74	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
75	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
76	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
77	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
78	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
79	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
80	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
81	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
82	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
83	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
84	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
85	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
86	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
87	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
88	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
89	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
90	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
91	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
92	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
93	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
94	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
95	@dir(,ossec,0550) %%OSSEC_HOME%%/rules
96	@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
97	@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
98	@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
99	@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
100	@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
101	@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
102	@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
103	@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
104	@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
105	@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
106	@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
107	@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
108	@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
109	@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
110	@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
111	@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
112	@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
113	@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
114	@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
115	@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
116	@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
117	@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
118	@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
119	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
120	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
121	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
122	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
123	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
124	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
125	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
126	@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
127	@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
128	@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
129	@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
130	@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
131	@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
132	@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
133	@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
134	@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
135	@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
136	@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
137	@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
138	@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
139	@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
140	@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
141	@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
142	@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
143	@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
144	@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
145	@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
146	@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
147	@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
148	@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
149	@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
150	@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
151	@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
152	@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
153	@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
154	@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
155	@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
156	@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
157	@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
158	@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
159	@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
160	@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
161	@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
162	@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
163	@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
164	@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
165	@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
166	@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
167	@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
168	@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
169	@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
170	@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
171	@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
172	@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
173	@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
174	@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
175	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
176	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
177	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
178	@dir(,ossec,0550) %%OSSEC_HOME%%/queue
179	@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
180	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
181	@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
182	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
183	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
184	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
185	@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
186	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
187	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
188	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
189	@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
190	@dir(,ossec,0550) %%OSSEC_HOME%%/var
191	@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
192	%%PORTDOCS%%%%DOCSDIR%%/BUGS
193	%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
194	%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
195	%%PORTDOCS%%%%DOCSDIR%%/LICENSE
196	%%PORTDOCS%%%%DOCSDIR%%/README.md
197	%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
198	%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
199	%%MYSQL%%%%DOCSDIR%%/mysql.schema
200	%%PGSQL%%%%DOCSDIR%%/postgresql.schema

Line 0 Link Here

(-)security/ossec-hids-local/pkg-plist-server (+200 lines)
		1	@dir(,ossec,0550) %%OSSEC_HOME%%
		2	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
		3	@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
		4	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
		5	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
		6	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
		7	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
		8	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
		9	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
		10	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
		11	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
		12	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh
		13	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh
		14	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh
		15	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
		16	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
		17	@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
		18	@dir(,ossec,0550) %%OSSEC_HOME%%/agentless
		19	@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
		20	@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
		21	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
		22	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
		23	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
		24	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
		25	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
		26	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
		27	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
		28	@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
		29	@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
		30	@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
		31	@dir(,,0550) %%OSSEC_HOME%%/bin
		32	@(,,0550) %%OSSEC_HOME%%/bin/agent_control
		33	@(,,0550) %%OSSEC_HOME%%/bin/clear_stats
		34	@(,,0550) %%OSSEC_HOME%%/bin/list_agents
		35	@(,,0550) %%OSSEC_HOME%%/bin/manage_agents
		36	@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
		37	@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
		38	@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
		39	@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
		40	@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
		41	@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
		42	@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
		43	@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
		44	@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
		45	@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
		46	@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
		47	@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
		48	@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
		49	@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
		50	@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
		51	@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
		52	@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
		53	@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
		54	@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
		55	@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
		56	@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
		57	@(,,0550) %%OSSEC_HOME%%/bin/util.sh
		58	@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
		59	@dir(,ossec,0550) %%OSSEC_HOME%%/etc
		60	@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
		61	@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
		62	@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
		63	@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
		64	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
65	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
66	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
67	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
68	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
69	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
70	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
71	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
72	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
73	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
74	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
75	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
76	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
77	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
78	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
79	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
80	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
81	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
82	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
83	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
84	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
85	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
86	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
87	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
88	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
89	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
90	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
91	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
92	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
93	@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
94	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
95	@dir(,ossec,0550) %%OSSEC_HOME%%/rules
96	@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
97	@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
98	@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
99	@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
100	@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
101	@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
102	@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
103	@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
104	@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
105	@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
106	@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
107	@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
108	@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
109	@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
110	@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
111	@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
112	@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
113	@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
114	@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
115	@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
116	@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
117	@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
118	@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
119	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
120	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
121	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
122	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
123	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
124	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
125	@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
126	@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
127	@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
128	@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
129	@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
130	@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
131	@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
132	@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
133	@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
134	@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
135	@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
136	@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
137	@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
138	@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
139	@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
140	@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
141	@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
142	@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
143	@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
144	@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
145	@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
146	@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
147	@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
148	@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
149	@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
150	@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
151	@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
152	@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
153	@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
154	@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
155	@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
156	@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
157	@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
158	@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
159	@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
160	@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
161	@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
162	@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
163	@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
164	@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
165	@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
166	@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
167	@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
168	@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
169	@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
170	@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
171	@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
172	@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
173	@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
174	@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
175	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
176	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
177	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
178	@dir(,ossec,0550) %%OSSEC_HOME%%/queue
179	@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
180	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
181	@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
182	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
183	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
184	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
185	@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
186	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
187	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
188	@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
189	@dir(,ossec,1550) %%OSSEC_HOME%%/tmp
190	@dir(,ossec,0550) %%OSSEC_HOME%%/var
191	@dir(,ossec,0770) %%OSSEC_HOME%%/var/run
192	%%PORTDOCS%%%%DOCSDIR%%/BUGS
193	%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG
194	%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
195	%%PORTDOCS%%%%DOCSDIR%%/LICENSE
196	%%PORTDOCS%%%%DOCSDIR%%/README.md
197	%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
198	%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
199	%%MYSQL%%%%DOCSDIR%%/mysql.schema
200	%%PGSQL%%%%DOCSDIR%%/postgresql.schema

Line 0 Link Here

(-)security/ossec-hids-local/scripts/plist.sh (+119 lines)
		1	#!/bin/sh
		2
		3	# Script generates entries for pkg-plist.
		4	# Do not use it directly. Use the following command instead:
		5	#
		6	# make MAINTAINER_MODE=yes clean plist
		7
		8	OSSEC_TYPE=$1
		9	OSSEC_HOME=$2
		10	PLIST=$3
		11	WORKDIR=$4
		12	STAGEDIR=$5
		13
		14	staged_plist="${WORKDIR}/.staged-plist"
		15	fixed_lines=""
		16	if [ "${OSSEC_TYPE}" != "agent" ]; then
		17	fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema"
		18	fi
		19	skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema"
		20	skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua"
		21	sample_paths="/etc/local_internal_options.conf.sample"
		22	if [ "${OSSEC_TYPE}" == "agent" ]; then
		23	skip_paths="${skip_paths} /rules /agentless /.ssh"
		24	fi
		25
		26	print_path() {
		27	local path="$1"
		28	local command="$2"
		29	local full_path="${STAGEDIR}${OSSEC_HOME}${path}"
		30	if [ -z "${command}" ]; then
		31	command="@"
		32	if [ -d "${full_path}" ]; then
		33	command="@dir"
		34	fi
		35	fi
		36	local user=`stat -f "%Su" "${full_path}"`
		37	if [ "${user}" == "${USER}" ]; then
		38	user=""
		39	fi
		40	local group=`stat -f "%Sg" "${full_path}"`
		41	if [ "${group}" == "${GROUP}" ]; then
		42	group=""
		43	fi
		44	local mode=`stat -f "%p" "${full_path}" \| tail -c 5`
		45	echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
		46	}
		47
		48	echo -n > "${PLIST}"
		49
		50	print_path
		51
		52	done_paths=""
		53	while read line; do
		54	skip_line=""
		55	for e in ${skip_lines}; do
		56	if [ "${e}" == "${line}" ]; then
		57	skip_line="${e}"
		58	break
		59	fi
		60	done
		61	if [ -z "${skip_line}" ]; then
		62	path=""
		63	case $line in
		64	"@dir %%OSSEC_HOME%%"*)
65	path=`echo "${line}" \| sed -e "s\|@dir %%OSSEC_HOME%%\|\|g"`
66	;;
67	"%%OSSEC_HOME%%"*)
68	path=`echo "${line}" \| sed -e "s\|%%OSSEC_HOME%%\|\|g"`
69	;;
70	"%%"*)
71	unchanged_lines="${unchanged_lines} ${line}"
72	;;
73	esac
74	if [ -n "${path}" ]; then
75	segments=`echo "${path}" \| tr "/" "\n"`
76	path=""
77	for segment in ${segments}; do
78	path="${path}/${segment}"
79	skip_path=""
80	for e in ${skip_paths}; do
81	if [ "${e}" == "${path}" ]; then
82	skip_path="${e}"
83	break
84	fi
85	done
86	if [ -n "${skip_path}" ]; then
87	break
88	fi
89	done_path=""
90	for e in ${done_paths}; do
91	if [ "${e}" == "${path}" ]; then
92	done_path="${e}"
93	break
94	fi
95	done
96	if [ -z "${done_path}" ]; then
97	done_paths="${done_paths} ${path}"
98	sample_path=""
99	for e in ${sample_paths}; do
100	if [ "${e}" == "${path}" ]; then
101	sample_path="${e}"
102	break
103	fi
104	done
105	if [ -n "${sample_path}" ]; then
106	print_path "${path}" @sample
107	else
108	print_path "${path}"
109	fi
110	fi
111	done
112	fi
113	fi
114	done < "${staged_plist}"
115
116	unchanged_lines="${unchanged_lines} ${fixed_lines}"
117	for line in ${unchanged_lines}; do
118	echo "${line}" >> "${PLIST}"
119	done

Line 0 Link Here

(-)security/ossec-hids-local-config/Makefile (+456 lines)
		1	# $FreeBSD$
		2
		3	PORTNAME= ossec-hids
		4	PORTVERSION= 3.1.0
		5	PORTREVISION=
		6	CATEGORIES= security
		7	PKGNAMESUFFIX= -${OSSEC_TYPE}-config
		8
		9	MAINTAINER= dominik.lisiak@bemsoft.pl
		10	COMMENT= Configuration manager for ossec-hids
		11
		12	LICENSE= GPLv2
		13
		14	OSSEC_TYPE?= local
		15
		16	MASTERDIR?= ${.CURDIR}
		17
		18	.if ${OSSEC_TYPE} == local
		19	CONFLICTS_INSTALL= ossec-hids-client-* \
		20	ossec-hids-agent-* \
		21	ossec-hids-server-*
		22	.elif ${OSSEC_TYPE} == agent
		23	CONFLICTS_INSTALL= ossec-hids-client-* \
		24	ossec-hids-local-* \
		25	ossec-hids-server-*
		26	.elif ${OSSEC_TYPE} == server
		27	CONFLICTS_INSTALL= ossec-hids-client-* \
		28	ossec-hids-agent-* \
		29	ossec-hids-local-*
		30	.endif
		31
		32	.if !defined(MAINTAINER_MODE)
		33	RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}
		34	.endif
		35
		36	.if defined(MAINTAINER_MODE)
		37	USE_GITHUB= yes
		38	GH_ACCOUNT= ossec
		39	.else
		40	MASTER_SITES= #
		41	DISTFILES= #
		42	EXTRACT_ONLY= #
		43	.endif
		44	NO_BUILD= yes
		45	NO_ARCH= yes
		46
		47	OPTIONS_SUB= yes
		48
		49	OPTIONS_SINGLE= FIREWALL
		50	OPTIONS_SINGLE_FIREWALL= IPF IPFW PF
		51
		52	OPTIONS_DEFAULT+= IPF
		53
		54	FIREWALL_DESC= Active Response Firewall
		55	PF_DESC= Packet Filter
		56	IPFW_DESC= ipfirewall
		57	IPF_DESC= ipfilter
		58
		59	TEMPL_ENABLED_HEADER= template-header-enabled.xml
		60	TEMPL_DISABLED_HEADER= template-header-disabled.xml
		61	TEMPL_SAMPLE_HEADER= template-header-sample.xml
		62	TEMPL_PUSHED_ENABLED_HEADER= ${TEMPL_ENABLED_HEADER}
		63	TEMPL_PUSHED_DISABLED_HEADER= ${TEMPL_DISABLED_HEADER}
		64
65	TEMPL_SAMPLE= template-sample-${OSSEC_TYPE}.xml
66	TEMPL_SAMPLE_DB= template-sample-database.xml
67
68	PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf
69	IPFW_VARS= FW_DROP=ipfw.sh
70	IPF_VARS= FW_DROP=ipfilter.sh
71
72	.if defined(MAINTAINER_MODE)
73	OSSEC_HOME= ${PREFIX}/${PORTNAME}
74	.else
75	OSSEC_HOME?= ${PREFIX}/${PORTNAME}
76	.endif
77	OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids
78	TEMPL_TO_OSSEC= ${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME}
79	TEMPL_TO_AGENT= ${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME}
80
81	OSSEC_DIR= ${STAGEDIR}${OSSEC_HOME}
82	BIN_DIR= ${OSSEC_DIR}/bin
83	CONF_BIN_DIR= ${BIN_DIR}/config
84	OSSEC_CONF_BIN= ${CONF_BIN_DIR}/ossec-conf
85	AGENT_CONF_BIN= ${CONF_BIN_DIR}/agent-conf
86	COMMAND_BIN_DIR= ${BIN_DIR}/command
87
88	AR_BIN_DIR= ${OSSEC_DIR}/active-response/bin
89	MERGE_CONFIG_BIN= ${AR_BIN_DIR}/merge-config.sh
90
91	ETC_DIR= ${OSSEC_DIR}/etc
92	OSSEC_CONF_DIR= ${ETC_DIR}/ossec.conf.d
93	AGENT_CONF_DIR= ${ETC_DIR}/agent.conf.d
94	OSSEC_LOCAL_CONF_DIR= ${OSSEC_CONF_DIR}/disabled
95	AGENT_LOCAL_CONF_DIR= ${AGENT_CONF_DIR}/disabled
96	OSSEC_SAMPLE_CONF= ${OSSEC_CONF_DIR}/900.local.conf.sample
97	COMMAND_CONF_DIR= ${ETC_DIR}
98	COMMAND_CONF= ${COMMAND_CONF_DIR}/command.conf.sample
99	RULES_DIR= ${OSSEC_DIR}/rules
100
101	.if empty(USER)
102	USER=$$(${ID} -un)
103	.endif
104	.if empty(GROUP)
105	GROUP=$$(${ID} -gn)
106	.endif
107
108	OSSEC_USER= ossec
109	OSSEC_GROUP= ossec
110
111	SUB_LIST+= PORTNAME=${PORTNAME} \
112	OSSEC_TYPE=${OSSEC_TYPE} \
113	OSSEC_HOME=${OSSEC_HOME} \
114	VERSION=${PORTVERSION} \
115	USER=${USER} \
116	OSSEC_USER=${OSSEC_USER} \
117	OSSEC_GROUP=${OSSEC_GROUP} \
118	OSSEC_RC=${OSSEC_RC} \
119	FW_DROP=${FW_DROP}
120	SUB_FILES= pkg-install \
121	pkg-deinstall \
122	${PKGMSG_FILES} \
123	${TEMPL_ENABLED_HEADER} \
124	${TEMPL_DISABLED_HEADER} \
125	${TEMPL_SAMPLE_HEADER} \
126	${TEMPL_PUSHED_ENABLED_HEADER} \
127	${TEMPL_PUSHED_DISABLED_HEADER} \
128	${TEMPL_SAMPLE} \
129	merge-config.sh \
130	ossec-conf \
131	command.conf
132	.if ${OSSEC_TYPE} == server
133	SUB_FILES+= agent-conf
134	.endif
135
136	.if defined(MAINTAINER_MODE)
137	PLIST_SUB= OSSEC_HOME=${PORTNAME}
138	.else
139	PLIST_SUB= OSSEC_HOME=${OSSEC_HOME}
140	.endif
141	PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE}
142	PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
143	PKGMESSAGE= ${WRKDIR}/pkg-message
144	PKGMSG_FILES= message-ossec-conf
145	.if ${OSSEC_TYPE} == server
146	PKGMSG_FILES+= message-agent-conf
147	.endif
148
149	CONF_GROUPS= RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS
150
151	############################################################
152
153	.for conf_group in ${CONF_GROUPS}
154	. include "${MASTERDIR}/opt-${conf_group:tl}.mk"
155	${conf_group}_INSTANCE_OPTIONS=
156	${conf_group}_PUSHED_OPTIONS=
157	. for option in ${${conf_group}_OPTIONS}
158	. if ${${option}_DEFINE:M${OSSEC_TYPE}}
159	${conf_group}_INSTANCE_OPTIONS+= ${option}
160	${conf_group}_ALL_OPTIONS+= ${option}
161	. endif
162	. if ${${option}_DEFINE:Mpushed}
163	. if ${OSSEC_TYPE} == server
164	${conf_group}_PUSHED_OPTIONS+= ${option}
165	. endif
166	. if !${${conf_group}_ALL_OPTIONS:M${option}}
167	${conf_group}_ALL_OPTIONS+= ${option}
168	. endif
169	. endif
170	. endfor
171	.endfor
172
173	############################################################
174
175	.for conf_group in ${CONF_GROUPS}
176	. if !empty(${conf_group}_PROFILE)
177	. if ${OSSEC_TYPE} == agent
178	. if empty(CLIENT_PROFILES)
179	CLIENT_PROFILES:= ${${conf_group}_PROFILE}
180	. else
181	CLIENT_PROFILES:= ${CLIENT_PROFILES}, ${${conf_group}_PROFILE}
182	. endif
183	. endif
184	SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE}
185	. endif
186	. for option in ${${conf_group}_ALL_OPTIONS}
187	. if !empty(${option}_PROFILE)
188	. if ${OSSEC_TYPE} == agent
189	. if empty(CLIENT_PROFILES)
190	CLIENT_PROFILES:= ${${option}_PROFILE}
191	. else
192	CLIENT_PROFILES:= ${CLIENT_PROFILES}, ${${option}_PROFILE}
193	. endif
194	. endif
195	SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE}
196	. endif
197	. endfor
198	.endfor
199
200	SUB_LIST+= CLIENT_PROFILES="${CLIENT_PROFILES}"
201
202	############################################################
203
204	.for conf_group in ${CONF_GROUPS}
205	. for option in ${${conf_group}_ALL_OPTIONS}
206	. if !defined(${option}_TEMPLATE)
207	${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml
208	. endif
209	. if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}}
210	SUB_FILES+= ${${option}_TEMPLATE}
211	. endif
212	. endfor
213	.endfor
214
215	.for file_name in ${RULES_FILES}
216	SUB_FILES+= rules-${file_name}.xml
217	.endfor
218
219	.for file_name in ${CMDOUT_SCRIPTS}
220	SUB_FILES+= command-${file_name}.sh
221	.endfor
222
223	############################################################
224
225	.for conf_group in ${CONF_GROUPS}
226	. for option in ${${conf_group}_INSTANCE_OPTIONS}
227	. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
228	${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
229	${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
230	. elif !empty(${option}_OPTION)
231	OPTIONS_GROUP_G_${conf_group}+= ${${option}_OPTION}
232	${${option}_OPTION}_DESC= ${${option}_DESC}
233	. if ${${option}_DEFAULT:M${OSSEC_TYPE}}
234	OPTIONS_DEFAULT+= ${${option}_OPTION}
235	. endif
236	${${option}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
237	${${option}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
238	. endif
239	. endfor
240	. if !empty(OPTIONS_GROUP_G_${conf_group})
241	OPTIONS_GROUP+= G_${conf_group}
242	G_${conf_group}_DESC= ${${conf_group}_DESC}
243	. endif
244	.endfor
245
246	############################################################
247
248	.for conf_group in ${CONF_GROUPS}
249	. for option in ${${conf_group}_PUSHED_OPTIONS}
250	. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}}
251	${${${option}_DEPENDS}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
252	${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
253	. elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
254	${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
255	${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
256	. elif !empty(${option}_OPTION)
257	OPTIONS_GROUP_G_${conf_group}_P+= ${${option}_OPTION}_P
258	${${option}_OPTION}_P_DESC= ${${option}_DESC}
259	. if !empty(${option}_PROFILE)
260	${${option}_OPTION}_P_DESC+= (profile: ${${option}_PROFILE})
261	. endif
262	. if ${${option}_DEFAULT:Mpushed}
263	OPTIONS_DEFAULT+= ${${option}_OPTION}_P
264	. endif
265	${${option}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
266	${${option}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
267	. endif
268	. endfor
269	. if !empty(OPTIONS_GROUP_G_${conf_group}_P)
270	OPTIONS_GROUP+= G_${conf_group}_P
271	G_${conf_group}_P_DESC= Pushed ${${conf_group}_DESC}
272	. if !empty(${conf_group}_PROFILE)
273	G_${conf_group}_P_DESC+= (profile: ${${conf_group}_PROFILE})
274	. endif
275	. endif
276	.endfor
277
278	############################################################
279
280	.include <bsd.port.pre.mk>
281
282	show-opts:
283	.for conf_group in ${CONF_GROUPS}
284	@${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}"
285	. for option in ${${conf_group}_INSTANCE_OPTIONS}
286	@${ECHO_CMD} " ${option}: ${${option}_DESC}"
287	. if empty(${option}_TEMPLATE)
288	@${ECHO_CMD} " Template: -"
289	. else
290	@${ECHO_CMD} " Template: ${${option}_TEMPLATE}"
291	. endif
292	. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
293	@${ECHO_CMD} " Enabled: true"
294	. endif
295	. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
296	@${ECHO_CMD} " Enabled: false"
297	. endif
298	. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
299	@${ECHO_CMD} " Pushed: true"
300	. endif
301	. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
302	@${ECHO_CMD} " Pushed: false"
303	. endif
304	. endfor
305	.endfor
306
307	pre-install:
308	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 \| ${GREP} -q 'PostgreSQL' && \
309	${SED} -e 's\|%%OSSEC_HOME%%\|${OSSEC_HOME}\|g' -e 's\|%%DB_TYPE%%\|postgresql\|g' \
310	${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
311	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 \| ${GREP} -q 'MySQL' && \
312	${SED} -e 's\|%%OSSEC_HOME%%\|${OSSEC_HOME}\|g' -e 's\|%%DB_TYPE%%\|mysql\|g' \
313	${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
314
315	ossec-dirs:
316	@${MKDIR} -p ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR}
317	.if ${OSSEC_TYPE} != agent
318	@${MKDIR} -p ${RULES_DIR}
319	.endif
320	.if ${OSSEC_TYPE} == server
321	@${MKDIR} -p ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
322	.endif
323
324	ossec-scripts:
325	@${CP} -f ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN}
326	.if ${OSSEC_TYPE} == server
327	@${CP} -f ${WRKDIR}/agent-conf ${AGENT_CONF_BIN}
328	.endif
329	.for file_name in ${CMDOUT_SCRIPTS}
330	@${CP} -f ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh
331	.endfor
332	@${CP} -f ${WRKDIR}/command.conf ${COMMAND_CONF}
333	@${CP} -f ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN}
334
335	ossec-rules:
336	.if ${OSSEC_TYPE} != agent
337	. for file_name in ${RULES_FILES}
338	@${SED} -e 's\|<?xml.*?>\|\|' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml
339	. endfor
340	.endif
341
342	ossec-conf-managed:
343	.for conf_group in ${CONF_GROUPS}
344	. if !empty(${conf_group}_INSTANCE_OPTIONS)
345	@${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
346	. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED)
347	. for option in ${${conf_group}_INSTANCE_OPTIONS}
348	. if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
349	. if !empty(${option}_TEMPLATE)
350	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
351	@${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
352	@${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
353	. endif
354	. endif
355	. endfor
356	. endif
357	. endif
358	.endfor
359
360	ossec-conf-local:
361	.for conf_group in ${CONF_GROUPS}
362	. if !empty(${conf_group}_INSTANCE_OPTIONS)
363	@${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
364	. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED)
365	. for option in ${${conf_group}_INSTANCE_OPTIONS}
366	. if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
367	. if !empty(${option}_TEMPLATE)
368	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
369	@${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
370	@${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
371	. endif
372	. endif
373	. endfor
374	. endif
375	. endif
376	.endfor
377
378	ossec-conf-sample:
379	@${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF}
380	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
381	@${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF}
382	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
383	@-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \
384	${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \
385	${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
386
387	agent-conf-managed:
388	.for conf_group in ${CONF_GROUPS}
389	. if !empty(${conf_group}_PUSHED_OPTIONS)
390	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
391	. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED)
392	. for option in ${${conf_group}_PUSHED_OPTIONS}
393	. if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
394	. if !empty(${option}_TEMPLATE)
395	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
396	@${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
397	@${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
398	. endif
399	. endif
400	. endfor
401	. endif
402	. endif
403	.endfor
404
405	agent-conf-local:
406	.for conf_group in ${CONF_GROUPS}
407	. if !empty(${conf_group}_PUSHED_OPTIONS)
408	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
409	. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED)
410	. for option in ${${conf_group}_PUSHED_OPTIONS}
411	. if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
412	. if !empty(${option}_TEMPLATE)
413	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
414	@${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
415	@${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
416	. endif
417	. endif
418	. endfor
419	. endif
420	. endif
421	.endfor
422
423	do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local
424
425	ossec-permissions:
426	@${CHMOD} -R 550 ${OSSEC_DIR}
427	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/*
428	@${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR}
429	.if ${OSSEC_TYPE} != agent
430	@${CHMOD} 640 ${RULES_DIR}/*
431	.endif
432	.if ${OSSEC_TYPE} == server
433	@${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/*
434	@${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
435	.endif
436	.if defined(MAINTAINER_MODE)
437	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
438	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
439	.endif
440
441	post-install: ossec-permissions
442	@${ECHO_CMD} -n > ${PKGMESSAGE}
443	.for file_name in ${PKGMSG_FILES}
444	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
445	@${ECHO_CMD} >> ${PKGMESSAGE}
446	.endfor
447
448	.if defined(MAINTAINER_MODE)
449	plist: makeplist
450	@${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
451
452	rules: extract
453	@${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
454	.endif
455
456	.include <bsd.port.post.mk>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/rules-cmdout.xml.in (+67 lines)
		1	<?xml version="1.0" encoding="UTF-8"?>
		2	<group name="ossec,">
		3
		4	<rule id="56041" level="1">
		5	<if_sid>530</if_sid>
		6	<match>ossec: output: 'freebsd-last-logins'</match>
		7	<check_diff />
		8	<description>List of the last logged in users.</description>
		9	</rule>
		10
		11	<rule id="56042" level="1">
		12	<if_sid>530</if_sid>
		13	<match>ossec: output: 'freebsd-open-ports-tcp4-all'</match>
		14	<check_diff />
		15	<description>Listening IPv4 TCP port opened or closed.</description>
		16	</rule>
		17
		18	<rule id="56043" level="7">
		19	<if_sid>530</if_sid>
		20	<match>ossec: output: 'freebsd-open-ports-tcp4'</match>
		21	<check_diff />
		22	<description>Listening IPv4 TCP port opened or closed.</description>
		23	</rule>
		24
		25	<rule id="56044" level="1">
		26	<if_sid>530</if_sid>
		27	<match>ossec: output: 'freebsd-open-ports-tcp6-all'</match>
		28	<check_diff />
		29	<description>Listening IPv6 TCP port opened or closed.</description>
		30	</rule>
		31
		32	<rule id="56045" level="7">
		33	<if_sid>530</if_sid>
		34	<match>ossec: output: 'freebsd-open-ports-tcp6'</match>
		35	<check_diff />
		36	<description>Listening IPv6 TCP port opened or closed.</description>
		37	</rule>
		38
		39	<rule id="56046" level="1">
		40	<if_sid>530</if_sid>
		41	<match>ossec: output: 'freebsd-open-ports-udp4-all'</match>
		42	<check_diff />
		43	<description>Listening IPv4 UDP port opened or closed.</description>
		44	</rule>
		45
		46	<rule id="56047" level="7">
		47	<if_sid>530</if_sid>
		48	<match>ossec: output: 'freebsd-open-ports-udp4'</match>
		49	<check_diff />
		50	<description>Listening IPv4 UDP port opened or closed.</description>
		51	</rule>
		52
		53	<rule id="56048" level="1">
		54	<if_sid>530</if_sid>
		55	<match>ossec: output: 'freebsd-open-ports-udp6-all'</match>
		56	<check_diff />
		57	<description>Listening IPv6 UDP port opened or closed.</description>
		58	</rule>
		59
		60	<rule id="56049" level="7">
		61	<if_sid>530</if_sid>
		62	<match>ossec: output: 'freebsd-open-ports-udp6'</match>
		63	<check_diff />
		64	<description>Listening IPv6 UDP port opened or closed.</description>
65	</rule>
66
67	</group>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-logs-apache.xml.in (+28 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config os="FreeBSD" profile="%%LOGS_APACHE_PROFILE%%">
	3
	4	<localfile>
	5	<log_format>apache</log_format>
	6	<location>/var/log/httpd-error.log</location>
	7	</localfile>
	8
	9	<localfile>
	10	<log_format>apache</log_format>
	11	<location>/var/log/httpd-access.log</location>
	12	</localfile>
	13
	14	</template_config>
	15
	16	<template_config os="Linux" profile="%%LOGS_APACHE_PROFILE%%">
	17
	18	<localfile>
	19	<log_format>apache</log_format>
	20	<location>/var/log/apache2/error.log</location>
	21	</localfile>
	22
	23	<localfile>
	24	<log_format>apache</log_format>
	25	<location>/var/log/apache2/access.log</location>
	26	</localfile>
	27
	28	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in (+16 lines)
	1	<?xml version="1.0" encoding="UTF-8"?>
	2	<template_config os="FreeBSD">
	3
	4	<syscheck>
	5	<ignore>/etc/hosts.allow</ignore>
	6	</syscheck>
	7
	8	</template_config>
	9
	10	<template_config os="Linux">
	11
	12	<syscheck>
	13	<ignore>/etc/hosts.deny</ignore>
	14	</syscheck>
	15
	16	</template_config>

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-ar.mk (+46 lines)
	1	AR_MANAGED_CONF= 110.active-response.conf
	2	AR_LOCAL_CONF= 510.active-response.local.conf
	3
	4	AR_DESC= Active Response
	5
	6	# Default commands
	7	AR_CMDS_DEFAULT_OPTION= DEFAULT_C
	8	AR_CMDS_DEFAULT_DESC= Commands provided by OSSEC
	9	AR_CMDS_DEFAULT_DEFINE= server local
	10	AR_CMDS_DEFAULT_DEFAULT=server local
	11	AR_OPTIONS+= AR_CMDS_DEFAULT
	12
	13	# Config merge commands
	14	AR_CMDS_MERGE_OPTION= MERGE_C
	15	AR_CMDS_MERGE_DESC= Commands to merge configuration files
	16	AR_CMDS_MERGE_DEFINE= server local
	17	AR_CMDS_MERGE_DEFAULT= server local
	18	AR_OPTIONS+= AR_CMDS_MERGE
	19
	20	# Config merge active response
	21	AR_MERGE_OPTION= MERGE_AR
	22	AR_MERGE_DESC= Merge configuration files when they change
	23	AR_MERGE_DEFINE= server local
	24	AR_MERGE_DEFAULT= server local
	25	AR_OPTIONS+= AR_MERGE
	26
	27	# OSSEC restart active response
	28	AR_RESTART_OPTION= RESTART_AR
	29	AR_RESTART_DESC= Restart OSSEC when main configuration files change
	30	AR_RESTART_DEFINE= server local
	31	AR_RESTART_DEFAULT= server local
	32	AR_OPTIONS+= AR_RESTART
	33
	34	# Host deny active response
	35	AR_HOSTDENY_OPTION= HOSTDENY_AR
	36	AR_HOSTDENY_DESC= Block the attacker's IP using access control files
	37	AR_HOSTDENY_DEFINE= server local
	38	AR_HOSTDENY_DEFAULT=
	39	AR_OPTIONS+= AR_HOSTDENY
	40
	41	# Firewall drop active response
	42	AR_FWDROP_OPTION= FWDROP_AR
	43	AR_FWDROP_DESC= Block the attacker's IP on the firewall
	44	AR_FWDROP_DEFINE= server local
	45	AR_FWDROP_DEFAULT=
	46	AR_OPTIONS+= AR_FWDROP

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-cmdout.mk (+27 lines)
	1	CMDOUT_MANAGED_CONF= 140.command-output.conf
	2	CMDOUT_LOCAL_CONF= 540.command-output.local.conf
	3
	4	CMDOUT_DESC= Command Output Monitoring
	5
	6	CMDOUT_SCRIPTS= last-logins open-ports
	7
	8	# Last logins
	9	CMDOUT_LAST_LOGINS_OPTION= LOGINS
	10	CMDOUT_LAST_LOGINS_DESC= Last logins
	11	CMDOUT_LAST_LOGINS_DEFINE= server local agent
	12	CMDOUT_LAST_LOGINS_DEFAULT= server local agent
	13	CMDOUT_OPTIONS+= CMDOUT_LAST_LOGINS
	14
	15	# Open TCP ports
	16	CMDOUT_OPEN_PORTS_TCP_OPTION= PORTS_TCP
	17	CMDOUT_OPEN_PORTS_TCP_DESC= Open TCP ports
	18	CMDOUT_OPEN_PORTS_TCP_DEFINE= server local agent
	19	CMDOUT_OPEN_PORTS_TCP_DEFAULT= server local agent
	20	CMDOUT_OPTIONS+= CMDOUT_OPEN_PORTS_TCP
	21
	22	# Open UDP ports
	23	CMDOUT_OPEN_PORTS_UDP_OPTION= PORTS_UDP
	24	CMDOUT_OPEN_PORTS_UDP_DESC= Open UDP ports
	25	CMDOUT_OPEN_PORTS_UDP_DEFINE= server local agent
	26	CMDOUT_OPEN_PORTS_UDP_DEFAULT= server local agent
	27	CMDOUT_OPTIONS+= CMDOUT_OPEN_PORTS_UDP

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-logs.mk (+52 lines)
	1	LOGS_MANAGED_CONF= 150.logs.conf
	2	LOGS_LOCAL_CONF= 550.logs.local.conf
	3
	4	LOGS_DESC= Log Monitoring
	5
	6	# Default logs support
	7	LOGS_SYSTEM_OPTION= SYSTEM
	8	LOGS_SYSTEM_PROFILE= system-logs
	9	LOGS_SYSTEM_DESC= Default system logs
	10	LOGS_SYSTEM_DEFINE= server local agent pushed
	11	LOGS_SYSTEM_DEFAULT= server local pushed
	12	LOGS_OPTIONS+= LOGS_SYSTEM
	13
	14	# Active response log support
	15	LOGS_RESPONSE_OPTION= RESPONSE
	16	LOGS_RESPONSE_PROFILE= active-response-logs
	17	LOGS_RESPONSE_DESC= Active response logs
	18	LOGS_RESPONSE_DEFINE= server local agent pushed
	19	LOGS_RESPONSE_DEFAULT= server local pushed
	20	LOGS_OPTIONS+= LOGS_RESPONSE
	21
	22	# Apache logs support
	23	LOGS_APACHE_OPTION= APACHE
	24	LOGS_APACHE_PROFILE= apache-logs
	25	LOGS_APACHE_DESC= Apache logs
	26	LOGS_APACHE_DEFINE= server local agent pushed
	27	LOGS_APACHE_DEFAULT= pushed
	28	LOGS_OPTIONS+= LOGS_APACHE
	29
	30	# Nginx logs support
	31	LOGS_NGINX_OPTION= NGINX
	32	LOGS_NGINX_PROFILE= nginx-logs
	33	LOGS_NGINX_DESC= Nginx logs
	34	LOGS_NGINX_DEFINE= server local agent pushed
	35	LOGS_NGINX_DEFAULT= pushed
	36	LOGS_OPTIONS+= LOGS_NGINX
	37
	38	# Radius logs support
	39	LOGS_RADIUS_OPTION= RADIUS
	40	LOGS_RADIUS_PROFILE= radius-logs
	41	LOGS_RADIUS_DESC= FreeRADIUS logs
	42	LOGS_RADIUS_DEFINE= server local agent pushed
	43	LOGS_RADIUS_DEFAULT= pushed
	44	LOGS_OPTIONS+= LOGS_RADIUS
	45
	46	# Vsftpd logs support
	47	LOGS_VSFTPD_OPTION= VSFTPD
	48	LOGS_VSFTPD_PROFILE= vsftpd-logs
	49	LOGS_VSFTPD_DESC= Vsftpd logs
	50	LOGS_VSFTPD_DEFINE= server local agent pushed
	51	LOGS_VSFTPD_DEFAULT= pushed
	52	LOGS_OPTIONS+= LOGS_VSFTPD

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-rootcheck.mk (+36 lines)
	1	ROOTCHECK_MANAGED_CONF= 120.rootcheck.conf
	2	ROOTCHECK_LOCAL_CONF= 520.rootcheck.local.conf
	3
	4	ROOTCHECK_DESC= System Audit and Rootkit Detection (rootcheck)
	5
	6	# Basic
	7	ROOTCHECK_BASIC_OPTION= BASIC_RC
	8	ROOTCHECK_BASIC_PROFILE= basic-rootcheck
	9	ROOTCHECK_BASIC_DESC= Basic audit and rootkits
	10	ROOTCHECK_BASIC_DEFINE= server local agent pushed
	11	ROOTCHECK_BASIC_DEFAULT= server local pushed
	12	ROOTCHECK_OPTIONS+= ROOTCHECK_BASIC
	13
	14	# CIS default
	15	ROOTCHECK_CIS_OPTION= CIS_RC
	16	ROOTCHECK_CIS_PROFILE= cis-rootcheck
	17	ROOTCHECK_CIS_DESC= CIS benchmark - Legacy
	18	ROOTCHECK_CIS_DEFINE= pushed
	19	ROOTCHECK_CIS_DEFAULT= pushed
	20	ROOTCHECK_OPTIONS+= ROOTCHECK_CIS
	21
	22	# CIS level 1
	23	ROOTCHECK_CIS_L1_OPTION= CIS_L1_RC
	24	ROOTCHECK_CIS_L1_PROFILE= cis-level1-rootcheck
	25	ROOTCHECK_CIS_L1_DESC= CIS benchmark - Level 1
	26	ROOTCHECK_CIS_L1_DEFINE= pushed
	27	ROOTCHECK_CIS_L1_DEFAULT= pushed
	28	ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L1
	29
	30	# CIS level 2
	31	ROOTCHECK_CIS_L2_OPTION= CIS_L2_RC
	32	ROOTCHECK_CIS_L2_PROFILE= cis-level2-rootcheck
	33	ROOTCHECK_CIS_L2_DESC= CIS benchmark - Level 2
	34	ROOTCHECK_CIS_L2_DEFINE= pushed
	35	ROOTCHECK_CIS_L2_DEFAULT= pushed
	36	ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L2

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-rules.mk (+27 lines)
	1	RULES_MANAGED_CONF= 100.rules.conf
	2	RULES_LOCAL_CONF= 500.rules.local.conf
	3
	4	RULES_DESC= Alerting Rules
	5
	6	RULES_FILES= config cmdout
	7
	8	# Default rules
	9	RULES_DEFAULT_OPTION= DEFAULT_R
	10	RULES_DEFAULT_DESC= Rules provided by OSSEC
	11	RULES_DEFAULT_DEFINE= server local
	12	RULES_DEFAULT_DEFAULT= server local
	13	RULES_OPTIONS+= RULES_DEFAULT
	14
	15	# Config rules
	16	RULES_CONFIG_OPTION= CONFIG_R
	17	RULES_CONFIG_DESC= Alert changes of the OSSEC main configuration files
	18	RULES_CONFIG_DEFINE= server local
	19	RULES_CONFIG_DEFAULT= server local
	20	RULES_OPTIONS+= RULES_CONFIG
	21
	22	# Command output rules
	23	RULES_CMDOUT_OPTION= CMDOUT_R
	24	RULES_CMDOUT_DESC= Alert changes of output of the monitored commands
	25	RULES_CMDOUT_DEFINE= server local
	26	RULES_CMDOUT_DEFAULT= server local
	27	RULES_OPTIONS+= RULES_CMDOUT

Line 0 Link Here

(-)security/ossec-hids-local-config/opt-syscheck.mk (+42 lines)
	1	SYSCHECK_MANAGED_CONF= 130.syscheck.conf
	2	SYSCHECK_LOCAL_CONF= 530.syscheck.local.conf
	3
	4	SYSCHECK_DESC= File Integrity Checking (syscheck)
	5
	6	# Default direcotries
	7	SYSCHECK_BASIC_OPTION= BASIC_SC
	8	SYSCHECK_BASIC_PROFILE= basic-syscheck
	9	SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc"
	10	SYSCHECK_BASIC_DEFINE= server local agent pushed
	11	SYSCHECK_BASIC_DEFAULT= server local pushed
	12	SYSCHECK_OPTIONS+= SYSCHECK_BASIC
	13
	14	# OSSEC directories
	15	SYSCHECK_OSSEC_OPTION= OSSEC_SC
	16	SYSCHECK_OSSEC_PROFILE= ossec-syscheck
	17	SYSCHECK_OSSEC_DESC= OSSEC directories
	18	SYSCHECK_OSSEC_DEFINE= server local agent pushed
	19	SYSCHECK_OSSEC_DEFAULT= server local pushed
	20	SYSCHECK_OPTIONS+= SYSCHECK_OSSEC
	21
	22	# Alert new files
	23	SYSCHECK_NEWFILES_OPTION= NEWFILES_SC
	24	SYSCHECK_NEWFILES_DESC= Alert on new files created
	25	SYSCHECK_NEWFILES_DEFINE= server local
	26	SYSCHECK_NEWFILES_DEFAULT= server local
	27	SYSCHECK_OPTIONS+= SYSCHECK_NEWFILES
	28
	29	# Disable auto_ignore
	30	SYSCHECK_NOAUTO_OPTION= NOAUTO_SC
	31	SYSCHECK_NOAUTO_DESC= Disable auto_ignore feature
	32	SYSCHECK_NOAUTO_DEFINE= server local
	33	SYSCHECK_NOAUTO_DEFAULT= server local
	34	SYSCHECK_OPTIONS+= SYSCHECK_NOAUTO
	35
	36	# Ignore /etc/hosts.allow
	37	SYSCHECK_HOSTDENY_DEPENDS= AR_HOSTDENY
	38	SYSCHECK_HOSTDENY_OPTION= HOSTDENY_SC
	39	SYSCHECK_HOSTDENY_DESC= Ignore access control files
	40	SYSCHECK_HOSTDENY_DEFINE= server local agent pushed
	41	SYSCHECK_HOSTDENY_DEFAULT= server local pushed
	42	SYSCHECK_OPTIONS+= SYSCHECK_HOSTDENY

Line 0 Link Here

(-)security/ossec-hids-local-config/pkg-help-agent (+29 lines)
	1	Unless stated otherwise, every option here corresponds to certain configuration
	2	block which would be placed in one of the configuration files in "ossec.conf.d"
	3	directory. Disabled options will do the same, but for "ossec.conf.d/disabled"
	4	directory. All "*.conf" files from the "ossec.conf.d" directory will be merged
	5	into "ossec.conf" in alphabetic order. If you are not satisfied with the
	6	generated configuration, you can disable the corresponding option and use files
	7	from "ossec.conf.d/disabled" directory as samples.
	8
	9	Most of the options are disabled by default, because it is expected that the
	10	server will push the agent configuration using "agent.conf". FreeBSD port of
	11	OSSEC server extended with similar "config" port does this by default. If this
	12	is the case, then the "ossec.conf" should only enable required profiles.
	13
	14	Files generated by the port will be overwritten during port upgrades so any
	15	additional configuration should be put in separate files.
	16
	17	Command Output Monitoring:
	18
	19	Adds additional commands, the output of which can be monitored. To actually
	20	send alerts about the changing output, the proper rules need to be configured
	21	on the server as well. For security reasons commands cannot be pushed by the
	22	server and thus must be configured locally on every agent.
	23	These commands can be tweaked in "command.conf".
	24
	25	Active Response Firewall:
	26
	27	Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC.
	28	This option is only meaningful if this OSSEC instance will be the target of
	29	"firewall-drop" active response (configured on the server).

Line 0 Link Here

(-)security/ossec-hids-local-config/scripts/plist.sh (+113 lines)
		1	#!/bin/sh
		2
		3	# Script generates entries for pkg-plist.
		4	# Do not use it directly. Use the following command instead:
		5	#
		6	# make MAINTAINER_MODE=yes clean plist
		7
		8	OSSEC_TYPE=$1
		9	OSSEC_HOME=$2
		10	PLIST=$3
		11	WORKDIR=$4
		12	STAGEDIR=$5
		13
		14	staged_plist="${WORKDIR}/.staged-plist"
		15	fixed_lines=""
		16	skip_lines=""
		17	skip_paths=""
		18	sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample"
		19
		20	print_path() {
		21	local path="$1"
		22	local command="$2"
		23	local full_path="${STAGEDIR}${OSSEC_HOME}${path}"
		24	if [ -z "${command}" ]; then
		25	command="@"
		26	if [ -d "${full_path}" ]; then
		27	command="@dir"
		28	fi
		29	fi
		30	local user=`stat -f "%Su" "${full_path}"`
		31	if [ "${user}" == "${USER}" ]; then
		32	user=""
		33	fi
		34	local group=`stat -f "%Sg" "${full_path}"`
		35	if [ "${group}" == "${GROUP}" ]; then
		36	group=""
		37	fi
		38	local mode=`stat -f "%p" "${full_path}" \| tail -c 5`
		39	echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
		40	}
		41
		42	echo -n > "${PLIST}"
		43
		44	print_path
		45
		46	done_paths=""
		47	while read line; do
		48	skip_line=""
		49	for e in ${skip_lines}; do
		50	if [ "${e}" == "${line}" ]; then
		51	skip_line="${e}"
		52	break
		53	fi
		54	done
		55	if [ -z "${skip_line}" ]; then
		56	path=""
		57	case $line in
		58	"@dir %%OSSEC_HOME%%"*)
		59	path=`echo "${line}" \| sed -e "s\|@dir %%OSSEC_HOME%%\|\|g"`
		60	;;
		61	"%%OSSEC_HOME%%"*)
		62	path=`echo "${line}" \| sed -e "s\|%%OSSEC_HOME%%\|\|g"`
		63	;;
		64	"%%"*)
65	unchanged_lines="${unchanged_lines} ${line}"
66	;;
67	esac
68	if [ -n "${path}" ]; then
69	segments=`echo "${path}" \| tr "/" "\n"`
70	path=""
71	for segment in ${segments}; do
72	path="${path}/${segment}"
73	skip_path=""
74	for e in ${skip_paths}; do
75	if [ "${e}" == "${path}" ]; then
76	skip_path="${e}"
77	break
78	fi
79	done
80	if [ -n "${skip_path}" ]; then
81	break
82	fi
83	done_path=""
84	for e in ${done_paths}; do
85	if [ "${e}" == "${path}" ]; then
86	done_path="${e}"
87	break
88	fi
89	done
90	if [ -z "${done_path}" ]; then
91	done_paths="${done_paths} ${path}"
92	sample_path=""
93	for e in ${sample_paths}; do
94	if [ "${e}" == "${path}" ]; then
95	sample_path="${e}"
96	break
97	fi
98	done
99	if [ -n "${sample_path}" ]; then
100	print_path "${path}" @sample
101	else
102	print_path "${path}"
103	fi
104	fi
105	done
106	fi
107	fi
108	done < "${staged_plist}"
109
110	unchanged_lines="${unchanged_lines} ${fixed_lines}"
111	for line in ${unchanged_lines}; do
112	echo "${line}" >> "${PLIST}"
113	done

Line 0 Link Here

(-)security/ossec-hids-local-config/scripts/rules.sh (+89 lines)
		1	#!/bin/sh
		2
		3	# Script generates entries for template-rules-default.xml.in.
		4	# Do not use it directly. Use the following command instead:
		5	#
		6	# make MAINTAINER_MODE=yes rules
		7
		8	rules_template=$1
		9	src_dir=$2
		10
		11	skip_files="policy_rules.xml local_rules.xml"
		12	append_files="local_rules.xml"
		13
		14	rules=""
		15	for file in `find "${src_dir}/etc/rules" -depth 1 -name "*.xml"`; do
		16	file_name="${file##*/}"
		17	skip_file=""
		18	for e in ${skip_files}; do
		19	if [ "${e}" == "${file_name}" ]; then
		20	skip_file="${e}"
		21	break
		22	fi
		23	done
		24	if [ -z "${skip_file}" ]; then
		25	rule_ids=`sed -Ene 's\|^.<rule[[:space:]]+id="([0-9]+)".$\|\1\|p' "${file}"`
		26	if [ -n "${rule_ids}" ]; then
		27	min_rule_id=`echo "${rule_ids}" \| sort -n \| head -n 1`
		28	ref_rule_ids=`sed -Ene 's\|^.<if_sid>([0-9,]+)</if_sid>.$\|\1\|p' "${file}" \| tr ',' '\n'`
		29	for ref_rule_id in ${ref_rule_ids}; do
		30	found_rule_id=""
		31	for rule_id in ${rule_ids}; do
		32	if [ "${ref_rule_id}" = "${rule_id}" ]; then
		33	found_rule_id="${rule_id}"
		34	break
		35	fi
		36	done
		37	if [ -z "${found_rule_id}" ]; then
		38	# The referenced rule id is not present in this file so it must come from another
		39	if [ ${ref_rule_id} -gt ${min_rule_id} ]; then
		40	# Ordering by referenced rule id doesn't need to give proper results, but let's hope it does
		41	min_rule_id=$((ref_rule_id + 1))
		42	fi
		43	fi
		44	done
		45
		46	rules="${rules}${min_rule_id} ${file_name}
		47	"
		48	fi
		49	fi
		50	done
		51
		52	echo -n "${rules}" \| sort -n
		53
		54	if [ -n "${rules_template}" ]; then
		55	rules=`echo -n "${rules}" \| sort -n \| cut -d' ' -f2`
		56	for file_name in ${append_files}; do
		57	rules="${rules}
		58	${file_name}"
		59	done
		60
		61	echo '<?xml version="1.0" encoding="UTF-8"?>
		62	<template_config>
		63
		64	<rules>' > "${rules_template}"
65
66	for rule in ${rules}; do
67	echo " <include>${rule}</include>" >> "${rules_template}"
68	done
69
70	echo '
71	<!-- Files not included by default -->' >> "${rules_template}"
72
73	for skip_file in ${skip_files}; do
74	append_file=""
75	for e in ${append_files}; do
76	if [ "${e}" == "${skip_file}" ]; then
77	append_file="${e}"
78	break
79	fi
80	done
81	if [ -z "${append_file}" ]; then
82	echo " <!--<include>${skip_file}</include>-->" >> "${rules_template}"
83	fi
84	done
85
86	echo ' </rules>
87
88	</template_config>' >> "${rules_template}"
89	fi

Line 0 Link Here

(-)security/ossec-hids-local-config/scripts/template-to-agent.sh (+33 lines)
	1	#!/bin/sh
	2
	3	if [ $# -lt 3 ]; then
	4	echo "Too few arguments"
	5	echo "Usage: `basename $0` <ossec_type> <ossec_prefix> <ossec_file>"
	6	exit 1
	7	fi
	8
	9	ossec_type="$1"
	10	ossec_prefix="$2"
	11	ossec_file="$3"
	12
	13	if [ ! -f "${ossec_file}" ]; then
	14	echo "File \"${ossec_file}\" does not exist"
	15	exit 1
	16	fi
	17
	18	ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response"
	19	ossec_syscheck_etc_dirs="${ossec_prefix}/etc"
	20
	21	replace() {
	22	sed -e 's\|<template_config \(.*\)>\|<agent_config \1>\|' \
	23	-e 's\|</template_config>\|</agent_config>\|' \
	24	-e "s\|%%OSSEC_SYSCHECK_BIN_DIRS%%\|${ossec_syscheck_bin_dirs}\|" \
	25	-e "s\|%%OSSEC_SYSCHECK_ETC_DIRS%%\|${ossec_syscheck_etc_dirs}\|" \
	26	"${ossec_file}"
	27	}
	28
	29	extract() {
	30	sed -n '/^<agent_config .*>$/,/^<\/agent_config>$/p'
	31	}
	32
	33	replace \| extract

Lines 1-148 Link Here

(-)security/ossec-hids-server/Makefile (-144 / +3 lines)
1	# Created by: Valerio Daelli <valerio.daelli@gmail.com>
2	# $FreeBSD$	1	# $FreeBSD$
3		2
4	PORTNAME= ossec-hids	3	OSSEC_TYPE= server
5	PORTVERSION= 2.8.3
6	DISTVERSIONPREFIX= v
7	PORTREVISION?= 3
8	CATEGORIES= security
9	PKGNAMESUFFIX= -server
10		4
11	MAINTAINER= dominik.lisiak@bemsoft.pl	5	MASTERDIR= ${.CURDIR}/../ossec-hids-local
12	COMMENT?= Security tool to monitor and check logs and intrusions
13		6
14	USE_GITHUB= yes	7	.include "${MASTERDIR}/Makefile"
15	GH_ACCOUNT= ossec
16	USE_RC_SUBR= ossec-hids
17
18	CFLAGS+= -ferror-limit=0
19
20	USES= readline ssl
21
22	.if defined(MAINTAINER_MODE)
23	UID_FILES+= ../../UIDs
24	GID_FILES+= ../../GIDs
25	.endif
26	USERS= ossec ossecm ossecr
27	GROUPS= ossec
28
29	.if !defined(CLIENT_ONLY)
30	OPTIONS_DEFINE= MYSQL PGSQL
31
32	MYSQL_VARS= WITH_DB=yes
33	MYSQL_USE= MYSQL=client
34	MYSQL_PORTDOCS= mysql.schema
35
36	PGSQL_VARS= WITH_DB=yes
37	PGSQL_USES= pgsql
38	PGSQL_PORTDOCS= postgresql.schema
39
40	RUN_DEPENDS= expect:lang/expect
41
42	USES+= shebangfix
43	SHEBANG_LANG= expect
44	expect_OLD_CMD= "/usr/bin/env expect"
45	expect_CMD= ${LOCALBASE}/bin/expect
46	SHEBANG_FILES= src/agentlessd/scripts/main.exp \
47	src/agentlessd/scripts/ssh.exp \
48	src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
49	src/agentlessd/scripts/ssh_foundry_diff \
50	src/agentlessd/scripts/ssh_generic_diff \
51	src/agentlessd/scripts/ssh_integrity_check_bsd \
52	src/agentlessd/scripts/ssh_integrity_check_linux \
53	src/agentlessd/scripts/ssh_nopass.exp \
54	src/agentlessd/scripts/ssh_pixconfig_diff \
55	src/agentlessd/scripts/sshlogin.exp \
56	src/agentlessd/scripts/su.exp
57	.endif
58	OPTIONS_DEFINE+= DOCS
59
60	SUB_LIST= PORTNAME=${PORTNAME}
61	SUB_FILES= pkg-message
62	PLIST_SUB= PORTNAME=${PORTNAME}
63	DOCSFILES= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE
64	PORTDOCS= ${DOCSFILES}
65
66	BROKEN_aarch64= Fails to compile: error: use of undeclared identifier __LDPGSZ
67
68	.include <bsd.port.pre.mk>
69
70	STRIP_FILES= ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update
71	.if defined(CLIENT_ONLY)
72	SUB_LIST+= PRECMD=:
73	PKGNAMESUFFIX= -client
74	CONFLICTS_INSTALL= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]*
75	STRIP_FILES= agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd
76	.elif defined(LOCAL_ONLY)
77	SUB_LIST+= PRECMD=ossechids_start_precmd
78	PKGNAMESUFFIX= -local
79	CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]*
80	.else
81	SUB_LIST+= PRECMD=ossechids_start_precmd
82	CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]*
83	.endif
84
85	post-patch:
86	@${REINPLACE_CMD} 's\|PREFIX\|${PREFIX}/${PORTNAME}\|' ${WRKSRC}/src/headers/defs.h
87	@${ECHO} "DIR=\"${STAGEDIR}${PREFIX}/${PORTNAME}\"" > ${WRKSRC}/src/LOCATION
88	@${REINPLACE_CMD} -e 's\|-DLUA_USE_LINUX\|& ${CPPFLAGS}\|' \
89	-e 's\|-lreadline\|& ${LDFLAGS}\|' \
90	${WRKSRC}/src/external/lua-5.2.3/src/Makefile
91	@${REINPLACE_CMD} -e 's\|OPENSSLCMD=\|OPENSSLCMD=-L${OPENSSLLIB} \|' \
92	${WRKSRC}/src/Makeall
93
94	do-build:
95	.if defined(WITH_DB)
96	.if defined(CLIENT_ONLY)
97	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
98	.elif defined(LOCAL_ONLY)
99	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} setdb;${MAKE} all;${MAKE} build
100	.else
101	@cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build
102	.endif
103	.else
104	.if defined(CLIENT_ONLY)
105	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build; \
106	${MAKE} unsetdb
107	.elif defined(LOCAL_ONLY)
108	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build; \
109	${MAKE} unsetdb
110	.else
111	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build;${MAKE} unsetdb
112	.endif
113	.endif
114
115	do-install:
116	.if defined(CLIENT_ONLY)
117	@cd ${WRKSRC}/src; ${MAKE} agent
118	.elif defined(LOCAL_ONLY)
119	@cd ${WRKSRC}/src; ${MAKE} local
120	.else
121	@cd ${WRKSRC}/src; ${MAKE} server
122	.endif
123	@${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/etc
124	.for file in ${STRIP_FILES}
125	${STRIP_CMD} ${STAGEDIR}${PREFIX}/ossec-hids/bin/${file}
126	.endfor
127
128	.if defined(CLIENT_ONLY)
129	@${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
130	.elif defined(LOCAL_ONLY)
131	${CP} ${WRKSRC}/etc/ossec-local.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
132	.else
133	${CP} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
134	.endif
135
136	post-install-DOCS-on:
137	@${MKDIR} ${STAGEDIR}${DOCSDIR}
138	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
139
140	post-install-MYSQL-on:
141	@${MKDIR} ${STAGEDIR}${DOCSDIR}
142	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR}
143
144	post-install-PGSQL-on:
145	@${MKDIR} ${STAGEDIR}${DOCSDIR}
146	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR}
147
148	.include <bsd.port.post.mk>

Lines 1-65 Link Here

(-)security/ossec-hids-server/files/ossec-hids.in (-65 lines)
1	#!/bin/sh
2	#
3	# PROVIDE: ossechids
4	# REQUIRE: DAEMON
5	# BEFORE: LOGIN
6	# KEYWORD: shutdown
7
8	. /etc/rc.subr
9
10	name="ossechids"
11	rcvar=ossechids_enable
12
13	load_rc_config $name
14
15	: ${ossechids_enable="NO"}
16	: ${ossechids_user="ossec"}
17	: ${ossechids_group="ossec"}
18
19	start_precmd=%%PRECMD%%
20	start_cmd="ossechids_command start"
21	stop_cmd="ossechids_command stop"
22	restart_cmd="ossechids_command restart"
23	status_cmd="ossechids_command status"
24	reload_cmd="ossechids_command reload"
25
26	command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control"
27	required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf"
28	extra_commands="reload"
29
30	fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue
31	ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue
32	ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log
33	active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log
34
35	ossechids_start_precmd() {
36	# These files are not created by the daemons with the correct
37	# ownership, so create them here before starting up the system,
38	# if they don't already exist. This is only done for the "local" and
39	# "server" installation types.
40	if [ ! -e ${fts_queue} ]; then
41	touch ${fts_queue}
42	chown ${ossechids_user}:${ossechids_group} ${fts_queue}
43	chmod 640 ${fts_queue}
44	fi
45	if [ ! -e ${ig_queue} ]; then
46	touch ${ig_queue}
47	chown ${ossechids_user}:${ossechids_group} ${ig_queue}
48	chmod 640 ${ig_queue}
49	fi
50
51	# Ensure logfiles are created with the correct ownership and mode
52	for log in ${ossec_log} ${active_responses_log}; do
53	if [ ! -e ${log} ]; then
54	touch ${log}
55	chown ${ossechids_user}:${ossechids_group} ${log}
56	chmod 660 ${log}
57	fi
58	done
59	}
60
61	ossechids_command() {
62	${command} ${rc_arg}
63	}
64
65	run_rc_command "$1"

Lines 1-123 Link Here

(-)security/ossec-hids-server/files/patch-src__InstallAgent.sh (-123 lines)
1	--- src/InstallAgent.sh.orig 2015-10-12 21:21:06 UTC
2	+++ src/InstallAgent.sh
3	@@ -37,11 +37,11 @@ fi
4
5	# Creating groups/users
6	if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
7	- grep "^${USER}" /etc/passwd > /dev/null 2>&1
8	- if [ ! $? = 0 ]; then
9	- /usr/sbin/pw groupadd ${GROUP}
10	- /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
11	- fi
12	+ #grep "^${USER}" /etc/passwd > /dev/null 2>&1
13	+ #if [ ! $? = 0 ]; then
14	+ #/usr/sbin/pw groupadd ${GROUP}
15	+ #/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
16	+ #fi
17
18	elif [ "$UNAME" = "SunOS" ]; then
19	grep "^${USER}" /etc/passwd > /dev/null 2>&1
20	@@ -106,22 +106,17 @@ for i in ${subdirs}; do
21	done
22
23	# Default for all directories
24	-chmod -R 550 ${DIR}
25	-chown -R root:${GROUP} ${DIR}
26	+chmod -R 750 ${DIR}
27
28	# To the ossec queue (default for agentd to read)
29	-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
30	chmod -R 770 ${DIR}/queue/ossec
31
32	# For the logging user
33	-chown -R ${USER}:${GROUP} ${DIR}/logs
34	chmod -R 750 ${DIR}/logs
35	chmod -R 775 ${DIR}/queue/rids
36	touch ${DIR}/logs/ossec.log
37	-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
38	chmod 664 ${DIR}/logs/ossec.log
39
40	-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
41	chmod -R 750 ${DIR}/queue/diff
42	chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
43
44	@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp
45
46
47	# For the etc dir
48	-chmod 550 ${DIR}/etc
49	-chown -R root:${GROUP} ${DIR}/etc
50	+chmod 750 ${DIR}/etc
51
52	ls /etc/localtime > /dev/null 2>&1
53	if [ $? = 0 ]; then
54	@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then
55	mkdir -p ${DIR}/usr/share/lib/zoneinfo/
56	chmod -R 555 ${DIR}/usr/
57	cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
58	- chown -R root:${GROUP} ${DIR}/usr/
59	fi
60
61	ls /etc/TIMEZONE > /dev/null 2>&1
62	if [ $? = 0 ]; then
63	cp -p /etc/TIMEZONE ${DIR}/etc/;
64	- chown root:${GROUP} ${DIR}/etc/TIMEZONE
65	chmod 555 ${DIR}/etc/TIMEZONE
66	fi
67
68	@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con
69	cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
70	cp -pr agentlessd/scripts/* ${DIR}/agentless/
71
72	-chown root:${GROUP} ${DIR}/etc/internal_options.conf
73	-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
74	-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
75	-chown root:${GROUP} ${DIR}/agentless/*
76	-chown ${USER}:${GROUP} ${DIR}/.ssh
77	-chown -R root:${GROUP} ${DIR}/etc/shared
78	-
79	-chmod 550 ${DIR}/etc
80	+chmod 750 ${DIR}/etc
81	chmod 440 ${DIR}/etc/internal_options.conf
82	chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
83	chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
84	chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
85	-chmod 550 ${DIR}/agentless/*
86	+chmod 750 ${DIR}/agentless/*
87	chmod 700 ${DIR}/.ssh
88
89
90	# For the /var/run
91	chmod 770 ${DIR}/var/run
92	-chown root:${GROUP} ${DIR}/var/run
93
94
95	# Moving the binary files
96	@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin
97	cp -pr ../contrib/util.sh ${DIR}/bin/
98	cp -pr external/lua/src/ossec-lua ${DIR}/bin/
99	cp -pr external/lua/src/ossec-luac ${DIR}/bin/
100	-chown root:${GROUP} ${DIR}/bin/util.sh
101	chmod +x ${DIR}/bin/util.sh
102
103	# Copying active response modules
104	@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul
105	cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
106	cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
107	chmod 755 ${DIR}/active-response/bin/*
108	-chown root:${GROUP} ${DIR}/active-response/bin/*
109
110	-chown root:${GROUP} ${DIR}/bin/*
111	-chmod 550 ${DIR}/bin/*
112	+chmod 750 ${DIR}/bin/*
113
114
115	# Moving the config file
116	@@ -229,7 +210,6 @@ if [ $? = 0 ]; then
117	else
118	cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
119	fi
120	-chown root:${GROUP} ${DIR}/etc/ossec.conf
121	chmod 440 ${DIR}/etc/ossec.conf
122
123