Index: security/ossec-hids/Makefile =================================================================== --- security/ossec-hids/Makefile (nonexistent) +++ security/ossec-hids/Makefile (working copy) @@ -0,0 +1,35 @@ +# $FreeBSD$ + +PORTNAME= ossec-hids +PORTVERSION= 3.1.0 +PORTREVISION= +CATEGORIES= security + +MAINTAINER= dominik.lisiak@bemsoft.pl +COMMENT= Security tool to monitor and check logs and intrusions + +LICENSE= GPLv2 + +RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE} + +USES= metaport + +OPTIONS_DEFINE= CONFIG + +OPTIONS_SINGLE= G_TYPE +OPTIONS_SINGLE_G_TYPE= LOCAL AGENT SERVER + +OPTIONS_DEFAULT= CONFIG LOCAL + +CONFIG_DESC= Install configuration manager and samples +G_TYPE_DESC= Installation type +LOCAL_DESC= Analizes local data only (standalone) +AGENT_DESC= Sends local data to the server for analysis +SERVER_DESC= Analizes local data and data received from multiple agents + +CONFIG_VARS= RUN_DEPENDS+=ossec-hids-${OSSEC_TYPE}-config>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}-config +LOCAL_VARS= OSSEC_TYPE=local +AGENT_VARS= OSSEC_TYPE=agent +SERVER_VARS= OSSEC_TYPE=server + +.include Property changes on: security/ossec-hids/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids/pkg-descr =================================================================== --- security/ossec-hids/pkg-descr (nonexistent) +++ security/ossec-hids/pkg-descr (working copy) @@ -0,0 +1,6 @@ +OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection +System (HIDS). It has a powerful correlation and analysis engine, integrating +log analysis, file integrity checking, Windows registry monitoring, centralized +policy enforcement, rootkit detection, real-time alerting and active response. + +WWW: https://ossec.github.io Property changes on: security/ossec-hids/pkg-descr ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-agent-config/Makefile =================================================================== --- security/ossec-hids-agent-config/Makefile (nonexistent) +++ security/ossec-hids-agent-config/Makefile (working copy) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +OSSEC_TYPE= agent + +MASTERDIR= ${.CURDIR}/../ossec-hids-local-config + +.include "${MASTERDIR}/Makefile" Property changes on: security/ossec-hids-agent-config/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-client/Makefile =================================================================== --- security/ossec-hids-client/Makefile (revision 484108) +++ security/ossec-hids-client/Makefile (working copy) @@ -1,13 +1,7 @@ -# Created by: Valerio Daelli # $FreeBSD$ -PORTREVISION= 0 -COMMENT= Client port of ossec-hids +OSSEC_TYPE= agent -CLIENT_ONLY= yes +MASTERDIR= ${.CURDIR}/../ossec-hids-local -MASTERDIR= ${.CURDIR}/../ossec-hids-server - -PLIST= ${.CURDIR}/pkg-plist.client - .include "${MASTERDIR}/Makefile" Index: security/ossec-hids-client/pkg-plist.client =================================================================== --- security/ossec-hids-client/pkg-plist.client (revision 484108) +++ security/ossec-hids-client/pkg-plist.client (nonexistent) @@ -1,69 +0,0 @@ -%%PORTNAME%%/active-response/bin/disable-account.sh -%%PORTNAME%%/active-response/bin/firewall-drop.sh -%%PORTNAME%%/active-response/bin/host-deny.sh -%%PORTNAME%%/active-response/bin/ip-customblock.sh -%%PORTNAME%%/active-response/bin/ipfw.sh -%%PORTNAME%%/active-response/bin/ipfw_mac.sh -%%PORTNAME%%/active-response/bin/ossec-tweeter.sh -%%PORTNAME%%/active-response/bin/pf.sh -%%PORTNAME%%/active-response/bin/restart-ossec.sh -%%PORTNAME%%/active-response/bin/route-null.sh -%%PORTNAME%%/bin/agent-auth -%%PORTNAME%%/bin/manage_agents -%%PORTNAME%%/bin/ossec-agentd -%%PORTNAME%%/bin/ossec-control -%%PORTNAME%%/bin/ossec-execd -%%PORTNAME%%/bin/ossec-logcollector -%%PORTNAME%%/bin/ossec-lua -%%PORTNAME%%/bin/ossec-luac -%%PORTNAME%%/bin/ossec-syscheckd -%%PORTNAME%%/bin/util.sh -@group ossec -%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt -%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt -%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt -%%PORTNAME%%/etc/shared/rootkit_trojans.txt -%%PORTNAME%%/etc/shared/rootkit_files.txt -%%PORTNAME%%/etc/shared/system_audit_rcl.txt -%%PORTNAME%%/etc/shared/win_malware_rcl.txt -%%PORTNAME%%/etc/shared/win_audit_rcl.txt -%%PORTNAME%%/etc/shared/win_applications_rcl.txt -@sample %%PORTNAME%%/etc/ossec.conf.sample -%%PORTNAME%%/etc/internal_options.conf -@owner ossec -%%PORTNAME%%/logs/ossec.log -@owner -%%PORTNAME%%/agentless/main.exp -%%PORTNAME%%/agentless/sshlogin.exp -%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff -%%PORTNAME%%/agentless/ssh_foundry_diff -%%PORTNAME%%/agentless/ssh_pixconfig_diff -%%PORTNAME%%/agentless/ssh_nopass.exp -%%PORTNAME%%/agentless/ssh_integrity_check_linux -%%PORTNAME%%/agentless/ssh_integrity_check_bsd -%%PORTNAME%%/agentless/ssh_generic_diff -%%PORTNAME%%/agentless/ssh.exp -%%PORTNAME%%/agentless/register_host.sh -%%PORTNAME%%/agentless/su.exp -@dir %%PORTNAME%%/agentless -@dir %%PORTNAME%%/active-response/bin -@dir %%PORTNAME%%/active-response -@dir %%PORTNAME%%/etc/shared -@dir %%PORTNAME%%/etc -@dir %%PORTNAME%%/tmp -@dir %%PORTNAME%%/var/run -@dir %%PORTNAME%%/var -@dir %%PORTNAME%%/queue/syscheck -@dir %%PORTNAME%%/queue/rids -@owner ossec -@dir %%PORTNAME%%/queue/ossec -@dir %%PORTNAME%%/queue/diff -@owner -@dir %%PORTNAME%%/queue/alerts -@dir %%PORTNAME%%/queue -@dir %%PORTNAME%%/logs -@dir %%PORTNAME%%/bin -@owner ossec -@dir %%PORTNAME%%/.ssh -@owner -@dir %%PORTNAME%% Property changes on: security/ossec-hids-client/pkg-plist.client ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-local/Makefile =================================================================== --- security/ossec-hids-local/Makefile (revision 484108) +++ security/ossec-hids-local/Makefile (working copy) @@ -1,11 +1,247 @@ -# Created by: Valerio Daelli # $FreeBSD$ -PORTREVISION= 1 -COMMENT= Client and server (local) port of ossec-hids +PORTNAME= ossec-hids +PORTVERSION= 3.1.0 +PORTREVISION= +CATEGORIES= security +PKGNAMESUFFIX= -${OSSEC_TYPE} -LOCAL_ONLY= yes +MAINTAINER= dominik.lisiak@bemsoft.pl +COMMENT= Security tool to monitor and check logs and intrusions -MASTERDIR= ${.CURDIR}/../ossec-hids-server +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE -.include "${MASTERDIR}/Makefile" +OSSEC_TYPE?= local + +.if ${OSSEC_TYPE} == local +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == agent +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-local-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == server +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-local-* +.endif + +.if ${OSSEC_TYPE} != agent +RUN_DEPENDS= expect:lang/expect +.endif + +GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP +INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify +PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude +ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq + +USES= gmake readline ssl +MYSQL_USE= mysql +PGSQL_USES= pgsql + +USE_GITHUB= yes +GH_ACCOUNT= ossec +USE_RC_SUBR= ossec-hids + +.if ${OSSEC_TYPE} != agent +USES+= shebangfix +SHEBANG_LANG= expect +expect_OLD_CMD= "/usr/bin/env expect" +expect_CMD= ${LOCALBASE}/bin/expect +SHEBANG_FILES= src/agentlessd/scripts/main.exp \ + src/agentlessd/scripts/ssh.exp \ + src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ + src/agentlessd/scripts/ssh_foundry_diff \ + src/agentlessd/scripts/ssh_generic_diff \ + src/agentlessd/scripts/ssh_integrity_check_bsd \ + src/agentlessd/scripts/ssh_integrity_check_linux \ + src/agentlessd/scripts/ssh_nopass.exp \ + src/agentlessd/scripts/ssh_pixconfig_diff \ + src/agentlessd/scripts/sshlogin.exp \ + src/agentlessd/scripts/su.exp +.endif + +OPTIONS_SUB= yes +OPTIONS_DEFINE= DOCS INOTIFY + +.if ${OSSEC_TYPE} != agent +OPTIONS_DEFINE+= GEOIP PRELUDE ZEROMQ + +OPTIONS_RADIO= DATABASE +OPTIONS_RADIO_DATABASE= MYSQL PGSQL +.endif + +OPTIONS_DEFAULT= INOTIFY + +INOTIFY_DESC= Kevent based real time monitoring +PRELUDE_DESC= Sensor support from Prelude SIEM +ZEROMQ_DESC= ZeroMQ support (experimental) +DATABASE_DESC= Database output + +GEOIP_VARS= OSSEC_ARGS+=USE_GEOIP=yes +INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes +PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes +ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes +MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema +PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema + +OSSEC_ARGS+= TARGET=${OSSEC_TYPE} +.if ${OSSEC_TYPE} == agent +STRIP_FILES= agent-auth \ + manage_agents \ + ossec-agentd \ + ossec-execd \ + ossec-logcollector \ + ossec-lua \ + ossec-luac \ + ossec-syscheckd +.else +STRIP_FILES= agent_control \ + clear_stats \ + list_agents \ + manage_agents \ + ossec-agentlessd \ + ossec-analysisd \ + ossec-authd \ + ossec-csyslogd \ + ossec-dbd \ + ossec-execd \ + ossec-logcollector \ + ossec-logtest \ + ossec-lua \ + ossec-luac \ + ossec-maild \ + ossec-makelists \ + ossec-monitord \ + ossec-regex \ + ossec-remoted \ + ossec-reportd \ + ossec-syscheckd \ + rootcheck_control \ + syscheck_control \ + syscheck_update \ + verify-agent-conf +.endif +.if defined(MAINTAINER_MODE) +OSSEC_HOME= ${PREFIX}/${PORTNAME} +.else +OSSEC_HOME?= ${PREFIX}/${PORTNAME} +.endif +OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids +FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh +IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh +RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh +SHARED_DIR= ${OSSEC_HOME}/etc/shared +INTERNAL_OPTS_CONF= ${OSSEC_HOME}/etc/local_internal_options.conf + +.if empty(USER) +USER=$$(${ID} -un) +.endif +.if empty(GROUP) +GROUP=$$(${ID} -gn) +.endif + +.if !defined(MAINTAINER_MODE) +USER_ARGS+= OSSEC_GROUP=${GROUP} \ + OSSEC_USER=${USER} \ + OSSEC_USER_MAIL=${USER} \ + OSSEC_USER_REM=${USER} +.endif +OSSEC_USER= ossec +OSSEC_GROUP= ossec +USERS= ${OSSEC_USER} ossecm ossecr +GROUPS= ${OSSEC_GROUP} + +SUB_LIST+= PORTNAME=${PORTNAME} \ + CATEGORY=${CATEGORIES:[1]} \ + OSSEC_TYPE=${OSSEC_TYPE} \ + OSSEC_HOME=${OSSEC_HOME} \ + VERSION=${PORTVERSION} \ + DB_TYPE=${DB_TYPE} \ + DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \ + USER=${USER} \ + OSSEC_USER=${OSSEC_USER} \ + OSSEC_GROUP=${OSSEC_GROUP} \ + OSSEC_RC=${OSSEC_RC} +SUB_FILES= pkg-install \ + pkg-deinstall \ + ${PKGMSG_FILES} \ + restart-ossec.sh + +.if defined(MAINTAINER_MODE) +PLIST_SUB= OSSEC_HOME=${PORTNAME} +.else +PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} +.endif +PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} +DOCSFILES= BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md +PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} +PKGMESSAGE= ${WRKDIR}/pkg-message +PKGMSG_FILES= message-header + +CFLAGS+= -I${LOCALBASE}/include + +BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME} +INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME} + +.include + +PKGMSG_FILES+= message-firewall message-config + +post-patch: + @${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \ + -e 's|-lreadline|& ${LDFLAGS}|' \ + ${WRKSRC}/src/external/lua/src/Makefile + +do-build: + @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build + +do-install: + @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install + +post-install: + @${MV} -f ${STAGEDIR}${INTERNAL_OPTS_CONF} ${STAGEDIR}${INTERNAL_OPTS_CONF}.sample + @${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN} + @${CP} -f ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN} + @${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN} +.if defined(MAINTAINER_MODE) + @${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN} +.endif + +.if ${OSSEC_TYPE} == agent +.if defined(MAINTAINER_MODE) + @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done +.else + @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done +.endif +.endif + @${ECHO_CMD} -n > ${PKGMESSAGE} +.for file_name in ${PKGMSG_FILES} + @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} + @${ECHO_CMD} >> ${PKGMESSAGE} +.endfor +.for file_name in ${STRIP_FILES} + @${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name} +.endfor + +.if defined(MAINTAINER_MODE) +plist: makeplist + @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} +.endif + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample + +post-install-MYSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} + +post-install-PGSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} + +.include Index: security/ossec-hids-local/distinfo =================================================================== --- security/ossec-hids-local/distinfo (nonexistent) +++ security/ossec-hids-local/distinfo (working copy) @@ -0,0 +1,3 @@ +TIMESTAMP = 1539457911 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 Property changes on: security/ossec-hids-local/distinfo ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/message-config.in =================================================================== --- security/ossec-hids-local/files/message-config.in (nonexistent) +++ security/ossec-hids-local/files/message-config.in (working copy) @@ -0,0 +1,5 @@ +Consider installing "%%CATEGORY%%/%%PORTNAME%%-%%OSSEC_TYPE%%-config" to ease +OSSEC configuration. + +For additional help execute: +# %%PREFIX%%/etc/rc.d/ossec-hids help Property changes on: security/ossec-hids-local/files/message-config.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/message-database.in =================================================================== --- security/ossec-hids-local/files/message-database.in (nonexistent) +++ security/ossec-hids-local/files/message-database.in (working copy) @@ -0,0 +1,8 @@ +The database schema file: +%%DB_SCHEMA%% + +To enable database output execute: +# %%OSSEC_HOME%%/bin/ossec-control enable database + +For further steps see the documentation: +https://www.ossec.net/docs/syntax/head_ossec_config.database_output.html Property changes on: security/ossec-hids-local/files/message-database.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/message-firewall.in =================================================================== --- security/ossec-hids-local/files/message-firewall.in (nonexistent) +++ security/ossec-hids-local/files/message-firewall.in (working copy) @@ -0,0 +1,12 @@ +If you intend to use "firewall-drop" active response on this OSSEC instance +create the script: +%%OSSEC_HOME%%/active-response/bin/firewall-drop.sh + +You can copy or hard link (symbolic link is not supported) one of the scripts +already provided by OSSEC: +%%OSSEC_HOME%%/active-response/bin/ipfilter.sh +%%OSSEC_HOME%%/active-response/bin/ipfw.sh +%%OSSEC_HOME%%/active-response/bin/pf.sh + +For further steps see the documentation: +https://www.ossec.net/docs/syntax/head_ossec_config.active-response.html Property changes on: security/ossec-hids-local/files/message-firewall.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/message-header.in =================================================================== --- security/ossec-hids-local/files/message-header.in (nonexistent) +++ security/ossec-hids-local/files/message-header.in (working copy) @@ -0,0 +1,10 @@ +All the files related to OSSEC have been installed in: +%%OSSEC_HOME%% + +You need to create main configuration file: +%%OSSEC_HOME%%/etc/ossec.conf + +For information on proper configuration see: +https://www.ossec.net/docs/syntax/ossec_config.html + +To enable the startup script add ossec_hids_enable="YES" to /etc/rc.conf. Property changes on: security/ossec-hids-local/files/message-header.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/ossec-hids.in =================================================================== --- security/ossec-hids-local/files/ossec-hids.in (nonexistent) +++ security/ossec-hids-local/files/ossec-hids.in (working copy) @@ -0,0 +1,537 @@ +#!/bin/sh +# +# PROVIDE: ossec_hids +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. +# Default: NO +# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start. +# Used only by agent installation. +# Default: 30 +# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration. +# Used only by agent installation. +# Default: 10 + +. /etc/rc.subr + +name="ossec_hids" +rcvar=ossec_hids_enable + +load_rc_config $name + +: ${ossec_hids_enable="NO"} +: ${ossec_hids_clear_log="NO"} +: ${ossec_hids_clear_ar_log="NO"} +: ${ossec_hids_fetch_connect_time=30} +: ${ossec_hids_fetch_read_time=10} + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" + +ossec_conf="${ossec_home}/etc/ossec.conf" +ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" +ossec_conf_bin="${ossec_home}/bin/config/ossec-conf" + +agent_conf="${ossec_home}/etc/shared/agent.conf" +agent_conf_dir="${ossec_home}/etc/agent.conf.d" +agent_conf_bin="${ossec_home}/bin/config/agent-conf" + +ossec_client_keys="${ossec_home}/etc/client.keys" +ossec_ar_tmp="${ossec_home}/active-response" +ossec_log="${ossec_home}/logs/ossec.log" +ossec_ar_log="${ossec_home}/logs/active-responses.log" +ossec_merged="${ossec_home}/etc/shared/merged.mg" + +ossec_local_time="/etc/localtime" + +extra_commands="help status reload ossec_conf" +case ${ossec_type} in + server) + extra_commands="${extra_commands} agent_conf manage_agent reset_counter" + ;; + agent) + extra_commands="${extra_commands} agent_conf manage_agent reset_counter config_profile fetch_config" + ;; +esac +if [ -x "${ossec_conf_bin}" ]; then + extra_commands="${extra_commands} merge_config" +fi + +ossec_rc_command=$1 +shift 1 + +help_cmd="ossec_hids_help $@" +start_cmd="ossec_hids_command start $@" +stop_cmd="ossec_hids_command stop $@" +restart_cmd="ossec_hids_command restart $@" +status_cmd="ossec_hids_command status $@" +reload_cmd="ossec_hids_command reload $@" +manage_agent_cmd="ossec_hids_manage_agent $@" +reset_counter_cmd="ossec_hids_reset_counter $@" +config_profile_cmd="ossec_hids_config_profile $@" +fetch_config_cmd="ossec_hids_fetch_config $@" +merge_config_cmd="ossec_hids_create_config force $@" +ossec_conf_cmd="ossec_hids_ossec_conf $@" +agent_conf_cmd="ossec_hids_agent_conf $@" + +start_precmd="ossec_hids_create_env && ossec_hids_create_config && ossec_hids_clean && ossec_hids_check" +restart_precmd="${start_precmd}" +reload_precmd="ossec_hids_create_env && ossec_hids_create_config" +config_profile_precmd="ossec_hids_check" +fetch_config_precmd="${start_precmd}" + +agent_ids_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'" +agent_names_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*Name:[[:space:]]*([^,]+).*|\1|p'" + +ossec_hids_help() { + local indent=" " + + echo "Additional commands:" + echo + + for command in ${extra_commands}; do + case ${command} in + ossec_conf) + echo "${command}" + if [ -x "${ossec_conf_bin}" ]; then + echo "${indent}Displays the \"ossec.conf\" as it would have been produced" + echo "${indent}by merging files from \"ossec.conf.d\" directory." + echo "${indent}Does not overwrite the actual \"ossec.conf\"." + else + echo "${indent}Displays the current \"ossec.conf\"." + fi + echo + ;; + agent_conf) + echo "${command}" + if [ -x "${agent_conf_bin}" ]; then + echo "${indent}Displays the \"agent.conf\" as it would have been produced" + echo "${indent}by merging files from \"agent.conf.d\" directory." + echo "${indent}Does not overwrite the actual \"agent.conf\"." + else + echo "${indent}Displays the current \"agent.conf\"." + fi + echo + ;; + manage_agent) + echo "${command} [...]" + echo "${indent}Executes OSSEC Agent Manager." + echo "${indent}Any additional arguments will be passed along (-h for help)." + echo "${indent}Use this command to export and import agent keys." + echo + ;; + reset_counter) + case ${ossec_type} in + server) + echo "${command} " + echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter(s)." + echo "${indent}Only the counter for the given is reset." + echo "${indent}If the is \"-\", then counters for all agents are reset." + ;; + agent) + echo "${command}" + echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter." + ;; + esac + echo "${indent}Use this command on both the server and the agent to bring back connectivity." + echo "${indent}The typical scenario for desynchronization of counters is one of the OSSEC" + echo "${indent}instances has been restored from backup." + echo "${indent}Use the following procedure:" + echo "${indent}1. Reset counter on the agent." + echo "${indent}2. Reset counter on the server for that specific agent." + echo "${indent}3. Start the server." + echo "${indent}4. Start the agent." + echo + ;; + config_profile) + echo "${command}" + echo "${indent}Displays a list (i.e. union of sets) of applicable (to this agent) configuration" + echo "${indent}profiles sent by the server (current \"agent.conf\") merged with configuration" + echo "${indent}profiles enabled on this agent (current \"ossec.conf\"). Each entry on the list" + echo "${indent}is marked with one of the following markers:" + echo "${indent}(+) - The profile is sent by the server and is enabled on this agent." + echo "${indent}(-) - The profile is sent by the server and is applicable for this agent, but is" + echo "${indent} not enabled in the \"ossec.conf\"." + echo "${indent}(?) - The profile is enabled on this agent, but is not sent by the server or is" + echo "${indent} not applicable to this agent." + echo + ;; + fetch_config) + echo "${command}" + echo "${indent}(Re)starts the agent with a fresh copy of server shared configuration (including" + echo "${indent}\"agent.conf\"). Command can also be used to ensure server connectivity." + echo + ;; + merge_config) + echo "${command}" + echo "${indent}Creates \"ossec.conf\" by merging files from \"ossec.conf.d\" directory." + case ${ossec_type} in + server) + echo "${indent}Creates \"agent.conf\" by merging files from \"agent.conf.d\" directory." + ;; + esac + echo "${indent}Usually you do not need to run this command, because configuration files will" + echo "${indent}be merged before OSSEC startup if any of them has been modified/created/deleted" + echo "${indent}since the last merging. This command, however, does merging unconditionally." + echo + ;; + esac + done + + echo "To avoid problems with this script and the port in general, keep your XML-like" + echo "configuration pretty printed. Place element tags in single and separate lines." + echo "Comments can span on multiple but still separate lines." + echo "Do NOT use the following formatting:" + echo + echo "${indent}" + echo "${indent}${indent}" + echo "${indent}${indent}${indent}Some content" + echo "${indent}${indent}" + echo "${indent}${indent}${indent}Another content" + echo "${indent}" + echo + echo "Use instead:" + echo + echo "${indent}" + echo "${indent}${indent}" + echo "${indent}${indent}Some content" + echo "${indent}${indent}Another content" + echo "${indent}" + echo +} + +ossec_hids_create_file() { + local path=$1 + local owner=$2 + local mode=$3 + + if [ ! -e "${path}" ]; then + touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}" + fi +} + +ossec_hids_check() { + case ${ossec_type} in + server) + if [ ! -s "${ossec_client_keys}" ]; then + echo "WARNING: There are no client keys created - remote connections will be disabled." + echo + fi + ;; + agent) + if [ ! -s "${ossec_client_keys}" ]; then + echo "WARNING: There are is no client key imported - connection to server not possible." + echo + else + if [ $(eval ${agent_ids_cmd} | wc -l) -gt 1 ]; then + echo "ERROR: There are multiple client keys imported - only one is allowed." + echo + return 1 + fi + fi + ;; + esac + + return 0 +} + +ossec_hids_inline_content() { + local element="$1" + sed -En "s|.*<${element}>(.*).*|\1|p" +} + +ossec_hids_remove_comments() { + # Comments must be on separate lines i.e. not next to uncommented code + awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' +} + +ossec_hids_config_profile() { + if [ ! -f "${ossec_conf}" ]; then + echo -n "ERROR: The \"${ossec_conf}\" is missing." + if [ -x "${ossec_conf_bin}" ]; then + echo " Run:" + echo "$(realpath $0) merge_config" + else + echo + fi + echo + return 1 + fi + if [ ! -f "${agent_conf}" ]; then + echo "ERROR: The \"${agent_conf}\" is missing. Run:" + echo "$(realpath $0) fetch_config" + echo + return 1 + fi + + local os="FreeBSD" + local name=$(eval ${agent_names_cmd}) + + local server_profiles=`ossec_hids_remove_comments < "${agent_conf}" | sed -En \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + -e "s|.*.*|\1|p" \ + | sort -u` + + local agent_profiles=$(ossec_hids_remove_comments < "${ossec_conf}" | ossec_hids_inline_content "config-profile" | sed -E 's|[[:space:]]*,[[:space:]]*| |g') + + local output="" + for server_profile in ${server_profiles}; do + local matching_profile="" + for agent_profile in ${agent_profiles}; do + if [ "${agent_profile}" == "${server_profile}" ]; then + matching_profile="${agent_profile}" + break + fi + done + if [ -n "${matching_profile}" ]; then + output="${output}(+) ${server_profile} +" + else + output="${output}(-) ${server_profile} +" + fi + done + for agent_profile in ${agent_profiles}; do + local matching_profile="" + for server_profile in ${server_profiles}; do + if [ "${server_profile}" == "${agent_profile}" ]; then + matching_profile="${server_profile}" + break + fi + done + if [ -z "${matching_profile}" ]; then + output="${output}(?) ${agent_profile} +" + fi + done + + echo -n "${output}" | sort -k 2 +} + +ossec_hids_config_is_outdated() { + local dst_file="$1" + local src_dir="$2" + + if [ ! -e "${dst_file}" ]; then + return 0 + fi + + if [ "${src_dir}" -nt "${dst_file}" ]; then + return 0 + fi + + for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do + if [ "${src_file}" -nt "${dst_file}" ]; then + return 0 + fi + done + + return 1 +} + +ossec_hids_create_config() { + case ${ossec_type} in + server) + if [ -x "${agent_conf_bin}" ]; then + # Merge agent.conf.d files into agent.conf + if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then + ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 + "${agent_conf_bin}" > "${agent_conf}" + fi + fi + ;; + esac + + if [ -x "${ossec_conf_bin}" ]; then + # Merge ossec.conf.d files into ossec.conf + if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then + ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 + "${ossec_conf_bin}" > "${ossec_conf}" + fi + fi + + return 0 +} + +ossec_hids_create_env() { + # Copy required files from outside of home directory + if [ ! -e "${ossec_local_time}" ]; then + echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"." + echo + return 1 + fi + install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" + + return 0 +} + +ossec_hids_clean() { + if [ "${ossec_type}" == "server" ]; then + rm -f "${ossec_merged}" + fi + + if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then + echo -n > "${ossec_log}" + fi + + if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then + echo -n > "${ossec_ar_log}" + fi + + return 0 +} + +ossec_hids_reset_counter() { + local agent_name="$1" + + ossec_hids_command stop + sleep 1 + echo + + case ${ossec_type} in + server) + if [ -z "${agent_name}" ]; then + echo "ERROR: Specify agent name to reset counter for this agent or \"-\" to reset counters for all agents." + echo + return 1 + fi + local agent_counter=0 + if [ "${agent_name}" == "-" ]; then + for agent_id in $(eval ${agent_ids_cmd}); do + if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then + rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) + fi + done + else + local agent_id=`${ossec_home}/bin/manage_agents -l | sed -En -e "s|.*ID:[[:space:]]*([[:digit:]]+),[[:space:]]*Name:[[:space:]]${agent_name},.*|\1|p"` + if [ -n "${agent_id}" ]; then + if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then + rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) + fi + fi + fi + echo "Removed ${agent_counter} counter(s)." + echo + ;; + agent) + local agent_counter=0 + for agent_id in $(eval ${agent_ids_cmd}); do + # Should be executed only once + if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then + rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) + fi + done + echo "Removed ${agent_counter} counter(s)." + echo + ;; + esac + + return 0 +} + +ossec_hids_fetch_config() { + ossec_hids_command stop + sleep 1 + echo + rm -f "${ossec_merged}" + ossec_hids_command start || return 1 + echo + echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start." + sleep ${ossec_hids_fetch_connect_time} + if [ ! -s "${ossec_merged}" ]; then + echo "ERROR: Failed to download shared configuration from the OSSEC server." + echo + local ossec_log_tail=$(tail "${ossec_log}") + echo "Portion of the \"${ossec_log}\":" + echo "${ossec_log_tail}" + echo + if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then + echo "Check if your configuration contains the correct server address in \"server-ip\" option." + echo + else + local ossec_rc_path="$(realpath $0)" + echo "Is the imported agent key correct? To import it run:" + echo "${ossec_rc_path} manage_agent" + echo + echo "If you are certain the imported agent key is correct, then run:" + echo "${ossec_rc_path} reset_counter" + echo "${ossec_rc_path} fetch_config" + echo + echo "If this does't help, you need to reset counter on the server." + echo "If the server runs FreeBSD port of OSSEC, run:" + echo "On the agent:" + echo "${ossec_rc_path} reset_counter" + echo "On the server:" + echo "${ossec_rc_path} reset_counter $(eval ${agent_names_cmd})" + echo "${ossec_rc_path} start" + echo "On the agent:" + echo "${ossec_rc_path} fetch_config" + echo + fi + ossec_hids_command stop + return 1 + else + # The download has started + while true; do + local current_time=$(date +%s) + local modification_time=$(stat -f %m "${ossec_merged}") + if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then + echo "Download finished." + echo + ossec_hids_command restart || return 1 + break; + else + echo "Download in progress..." + sleep ${ossec_hids_fetch_read_time} + fi + done + fi + + return 0 +} + +ossec_hids_ossec_conf() { + if [ -x "${ossec_conf_bin}" ]; then + "${ossec_conf_bin}" + elif [ -f "${ossec_conf}" ]; then + cat "${ossec_conf}" + fi +} + +ossec_hids_agent_conf() { + if [ -x "${agent_conf_bin}" ]; then + "${agent_conf_bin}" + elif [ -f "${agent_conf}" ]; then + cat "${agent_conf}" + fi +} + +ossec_hids_manage_agent() { + "${ossec_home}/bin/manage_agents" $@ + return $? +} + +ossec_hids_command() { + "${ossec_home}/bin/ossec-control" $1 + return $? +} + +run_rc_command "${ossec_rc_command}" Property changes on: security/ossec-hids-local/files/ossec-hids.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/patch-src_Makefile =================================================================== --- security/ossec-hids-local/files/patch-src_Makefile (nonexistent) +++ security/ossec-hids-local/files/patch-src_Makefile (working copy) @@ -0,0 +1,10 @@ +--- src/Makefile.orig 2018-10-11 22:25:16 UTC ++++ src/Makefile +@@ -406,7 +406,6 @@ endif + install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff + + install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc +- install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc + + install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp + Property changes on: security/ossec-hids-local/files/patch-src_Makefile ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/pkg-deinstall.in =================================================================== --- security/ossec-hids-local/files/pkg-deinstall.in (nonexistent) +++ security/ossec-hids-local/files/pkg-deinstall.in (working copy) @@ -0,0 +1,18 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +ar_conf="${ossec_home}/etc/shared/ar.conf" +merged_mg="${ossec_home}/etc/shared/merged.mg" +client_keys="${ossec_home}/etc/client.keys" +firewall_drop="${ossec_home}/active-response/bin/firewall-drop.sh" +local_time="${ossec_home}/etc/localtime" + +if [ "$2" == "DEINSTALL" ]; then + rm -f "${ar_conf}" + rm -f "${merged_mg}" + if [ ! -s "${client_keys}" ]; then + rm -f "${client_keys}" + fi + rm -f "${firewall_drop}" + rm -f "${local_time}" +fi Property changes on: security/ossec-hids-local/files/pkg-deinstall.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/pkg-install.in =================================================================== --- security/ossec-hids-local/files/pkg-install.in (nonexistent) +++ security/ossec-hids-local/files/pkg-install.in (working copy) @@ -0,0 +1,23 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +client_keys="${ossec_home}/etc/client.keys" + +create_file() { + local path=$1 + local owner=$2 + local mode=$3 + + if [ ! -e "${path}" ]; then + touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}" + fi +} + +if [ "$2" == "POST-INSTALL" ]; then + pw usermod %%OSSEC_USER%% -d "${ossec_home}" + pw usermod ossecm -d "${ossec_home}" + pw usermod ossecr -d "${ossec_home}" + chown %%USER%%:%%OSSEC_GROUP%% "${ossec_home}" + + create_file "${client_keys}" root:ossec 0640 +fi Property changes on: security/ossec-hids-local/files/pkg-install.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/files/restart-ossec.sh.in =================================================================== --- security/ossec-hids-local/files/restart-ossec.sh.in (nonexistent) +++ security/ossec-hids-local/files/restart-ossec.sh.in (working copy) @@ -0,0 +1,32 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" +ossec_rc="%%OSSEC_RC%%" + +ACTION=$1 +USER=$2 +IP=$3 + +LOCAL=`dirname $0`; +cd $LOCAL +cd ../../tmp + +# Logging the call +echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log" + +case ${ACTION} in + add) + "${ossec_rc}" restart + exit 0 + ;; + delete) + exit 0 + ;; + *) + echo "$0: invalid action: ${ACTION}" + exit 1 + ;; +esac Property changes on: security/ossec-hids-local/files/restart-ossec.sh.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/pkg-descr =================================================================== --- security/ossec-hids-local/pkg-descr (nonexistent) +++ security/ossec-hids-local/pkg-descr (working copy) @@ -0,0 +1,6 @@ +OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection +System (HIDS). It has a powerful correlation and analysis engine, integrating +log analysis, file integrity checking, Windows registry monitoring, centralized +policy enforcement, rootkit detection, real-time alerting and active response. + +WWW: https://ossec.github.io Property changes on: security/ossec-hids-local/pkg-descr ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/pkg-plist-agent =================================================================== --- security/ossec-hids-local/pkg-plist-agent (nonexistent) +++ security/ossec-hids-local/pkg-plist-agent (working copy) @@ -0,0 +1,79 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent-auth +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS +%%PORTDOCS%%%%DOCSDIR%%/LICENSE +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md +%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample Property changes on: security/ossec-hids-local/pkg-plist-agent ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/pkg-plist-local =================================================================== --- security/ossec-hids-local/pkg-plist-local (nonexistent) +++ security/ossec-hids-local/pkg-plist-local (working copy) @@ -0,0 +1,200 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/agentless +@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent_control +@(,,0550) %%OSSEC_HOME%%/bin/clear_stats +@(,,0550) %%OSSEC_HOME%%/bin/list_agents +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild +@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists +@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord +@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex +@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted +@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml +@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS +%%PORTDOCS%%%%DOCSDIR%%/LICENSE +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md +%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%MYSQL%%%%DOCSDIR%%/mysql.schema +%%PGSQL%%%%DOCSDIR%%/postgresql.schema Property changes on: security/ossec-hids-local/pkg-plist-local ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/pkg-plist-server =================================================================== --- security/ossec-hids-local/pkg-plist-server (nonexistent) +++ security/ossec-hids-local/pkg-plist-server (working copy) @@ -0,0 +1,200 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/agentless +@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent_control +@(,,0550) %%OSSEC_HOME%%/bin/clear_stats +@(,,0550) %%OSSEC_HOME%%/bin/list_agents +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild +@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists +@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord +@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex +@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted +@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml +@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS +%%PORTDOCS%%%%DOCSDIR%%/LICENSE +%%PORTDOCS%%%%DOCSDIR%%/README.md +%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md +%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%MYSQL%%%%DOCSDIR%%/mysql.schema +%%PGSQL%%%%DOCSDIR%%/postgresql.schema Property changes on: security/ossec-hids-local/pkg-plist-server ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local/scripts/plist.sh =================================================================== --- security/ossec-hids-local/scripts/plist.sh (nonexistent) +++ security/ossec-hids-local/scripts/plist.sh (working copy) @@ -0,0 +1,119 @@ +#!/bin/sh + +# Script generates entries for pkg-plist. +# Do not use it directly. Use the following command instead: +# +# make MAINTAINER_MODE=yes clean plist + +OSSEC_TYPE=$1 +OSSEC_HOME=$2 +PLIST=$3 +WORKDIR=$4 +STAGEDIR=$5 + +staged_plist="${WORKDIR}/.staged-plist" +fixed_lines="" +if [ "${OSSEC_TYPE}" != "agent" ]; then + fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema" +fi +skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" +skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua" +sample_paths="/etc/local_internal_options.conf.sample" +if [ "${OSSEC_TYPE}" == "agent" ]; then + skip_paths="${skip_paths} /rules /agentless /.ssh" +fi + +print_path() { + local path="$1" + local command="$2" + local full_path="${STAGEDIR}${OSSEC_HOME}${path}" + if [ -z "${command}" ]; then + command="@" + if [ -d "${full_path}" ]; then + command="@dir" + fi + fi + local user=`stat -f "%Su" "${full_path}"` + if [ "${user}" == "${USER}" ]; then + user="" + fi + local group=`stat -f "%Sg" "${full_path}"` + if [ "${group}" == "${GROUP}" ]; then + group="" + fi + local mode=`stat -f "%p" "${full_path}" | tail -c 5` + echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" +} + +echo -n > "${PLIST}" + +print_path + +done_paths="" +while read line; do + skip_line="" + for e in ${skip_lines}; do + if [ "${e}" == "${line}" ]; then + skip_line="${e}" + break + fi + done + if [ -z "${skip_line}" ]; then + path="" + case $line in + "@dir %%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` + ;; + "%%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` + ;; + "%%"*) + unchanged_lines="${unchanged_lines} ${line}" + ;; + esac + if [ -n "${path}" ]; then + segments=`echo "${path}" | tr "/" "\n"` + path="" + for segment in ${segments}; do + path="${path}/${segment}" + skip_path="" + for e in ${skip_paths}; do + if [ "${e}" == "${path}" ]; then + skip_path="${e}" + break + fi + done + if [ -n "${skip_path}" ]; then + break + fi + done_path="" + for e in ${done_paths}; do + if [ "${e}" == "${path}" ]; then + done_path="${e}" + break + fi + done + if [ -z "${done_path}" ]; then + done_paths="${done_paths} ${path}" + sample_path="" + for e in ${sample_paths}; do + if [ "${e}" == "${path}" ]; then + sample_path="${e}" + break + fi + done + if [ -n "${sample_path}" ]; then + print_path "${path}" @sample + else + print_path "${path}" + fi + fi + done + fi + fi +done < "${staged_plist}" + +unchanged_lines="${unchanged_lines} ${fixed_lines}" +for line in ${unchanged_lines}; do + echo "${line}" >> "${PLIST}" +done Property changes on: security/ossec-hids-local/scripts/plist.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/Makefile =================================================================== --- security/ossec-hids-local-config/Makefile (nonexistent) +++ security/ossec-hids-local-config/Makefile (working copy) @@ -0,0 +1,460 @@ +# $FreeBSD$ + +PORTNAME= ossec-hids +PORTVERSION= 3.1.0 +PORTREVISION= +CATEGORIES= security +PKGNAMESUFFIX= -${OSSEC_TYPE}-config + +MAINTAINER= dominik.lisiak@bemsoft.pl +COMMENT= Configuration manager for ossec-hids + +LICENSE= GPLv2 + +OSSEC_TYPE?= local + +MASTERDIR?= ${.CURDIR} + +.if ${OSSEC_TYPE} == local +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == agent +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-local-* \ + ossec-hids-server-* +.elif ${OSSEC_TYPE} == server +CONFLICTS_INSTALL= ossec-hids-client-* \ + ossec-hids-agent-* \ + ossec-hids-local-* +.endif + +.if !defined(MAINTAINER_MODE) +RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE} +.endif + +.if defined(MAINTAINER_MODE) +USE_GITHUB= yes +GH_ACCOUNT= ossec +.else +MASTER_SITES= # +DISTFILES= # +EXTRACT_ONLY= # +.endif +NO_BUILD= yes +NO_ARCH= yes + +OPTIONS_SUB= yes + +OPTIONS_SINGLE= FIREWALL +OPTIONS_SINGLE_FIREWALL= IPF IPFW PF + +OPTIONS_DEFAULT+= IPF + +FIREWALL_DESC= Active Response Firewall +PF_DESC= Packet Filter +IPFW_DESC= ipfirewall +IPF_DESC= ipfilter + +TEMPL_ENABLED_HEADER= template-header-enabled.xml +TEMPL_DISABLED_HEADER= template-header-disabled.xml +TEMPL_SAMPLE_HEADER= template-header-sample.xml +TEMPL_PUSHED_ENABLED_HEADER= ${TEMPL_ENABLED_HEADER} +TEMPL_PUSHED_DISABLED_HEADER= ${TEMPL_DISABLED_HEADER} + +TEMPL_SAMPLE= template-sample-${OSSEC_TYPE}.xml +TEMPL_SAMPLE_DB= template-sample-database.xml + +PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf +IPFW_VARS= FW_DROP=ipfw.sh +IPF_VARS= FW_DROP=ipfilter.sh + +.if defined(MAINTAINER_MODE) +OSSEC_HOME= ${PREFIX}/${PORTNAME} +.else +OSSEC_HOME?= ${PREFIX}/${PORTNAME} +.endif +OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids +TEMPL_TO_OSSEC= ${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME} +TEMPL_TO_AGENT= ${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME} + +OSSEC_DIR= ${STAGEDIR}${OSSEC_HOME} +BIN_DIR= ${OSSEC_DIR}/bin +CONF_BIN_DIR= ${BIN_DIR}/config +OSSEC_CONF_BIN= ${CONF_BIN_DIR}/ossec-conf +AGENT_CONF_BIN= ${CONF_BIN_DIR}/agent-conf +COMMAND_BIN_DIR= ${BIN_DIR}/command + +AR_BIN_DIR= ${OSSEC_DIR}/active-response/bin +MERGE_CONFIG_BIN= ${AR_BIN_DIR}/merge-config.sh + +ETC_DIR= ${OSSEC_DIR}/etc +OSSEC_CONF_DIR= ${ETC_DIR}/ossec.conf.d +AGENT_CONF_DIR= ${ETC_DIR}/agent.conf.d +OSSEC_LOCAL_CONF_DIR= ${OSSEC_CONF_DIR}/disabled +AGENT_LOCAL_CONF_DIR= ${AGENT_CONF_DIR}/disabled +OSSEC_SAMPLE_CONF= ${OSSEC_CONF_DIR}/900.local.conf.sample +COMMAND_CONF_DIR= ${ETC_DIR} +COMMAND_CONF= ${COMMAND_CONF_DIR}/command.conf.sample +RULES_DIR= ${OSSEC_DIR}/rules + +.if empty(USER) +USER=$$(${ID} -un) +.endif +.if empty(GROUP) +GROUP=$$(${ID} -gn) +.endif + +OSSEC_USER= ossec +OSSEC_GROUP= ossec + +SUB_LIST+= PORTNAME=${PORTNAME} \ + OSSEC_TYPE=${OSSEC_TYPE} \ + OSSEC_HOME=${OSSEC_HOME} \ + VERSION=${PORTVERSION} \ + USER=${USER} \ + OSSEC_USER=${OSSEC_USER} \ + OSSEC_GROUP=${OSSEC_GROUP} \ + OSSEC_RC=${OSSEC_RC} \ + FW_DROP=${FW_DROP} +SUB_FILES= pkg-install \ + pkg-deinstall \ + ${PKGMSG_FILES} \ + ${TEMPL_ENABLED_HEADER} \ + ${TEMPL_DISABLED_HEADER} \ + ${TEMPL_SAMPLE_HEADER} \ + ${TEMPL_PUSHED_ENABLED_HEADER} \ + ${TEMPL_PUSHED_DISABLED_HEADER} \ + ${TEMPL_SAMPLE} \ + merge-config.sh \ + ossec-conf \ + command.conf +.if ${OSSEC_TYPE} == server +SUB_FILES+= agent-conf +.endif + +.if defined(MAINTAINER_MODE) +PLIST_SUB= OSSEC_HOME=${PORTNAME} +.else +PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} +.endif +PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} +PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} +PKGMESSAGE= ${WRKDIR}/pkg-message +PKGMSG_FILES= message-ossec-conf +.if ${OSSEC_TYPE} == server +PKGMSG_FILES+= message-agent-conf +.endif + +CONF_GROUPS= RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. include "${MASTERDIR}/opt-${conf_group:tl}.mk" +${conf_group}_INSTANCE_OPTIONS= +${conf_group}_PUSHED_OPTIONS= +. for option in ${${conf_group}_OPTIONS} +. if ${${option}_DEFINE:M${OSSEC_TYPE}} +${conf_group}_INSTANCE_OPTIONS+= ${option} +${conf_group}_ALL_OPTIONS+= ${option} +. endif +. if ${${option}_DEFINE:Mpushed} +. if ${OSSEC_TYPE} == server +${conf_group}_PUSHED_OPTIONS+= ${option} +. endif +. if !${${conf_group}_ALL_OPTIONS:M${option}} +${conf_group}_ALL_OPTIONS+= ${option} +. endif +. endif +. endfor +.endfor + +############################################################ + +CONFIG_PROFILES= +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PROFILE) +. if ${OSSEC_TYPE} == agent +. if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}} +CONFIG_PROFILES+= ${${conf_group}_PROFILE} +. endif +. endif +SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE} +. endif +. for option in ${${conf_group}_ALL_OPTIONS} +. if !empty(${option}_PROFILE) +. if ${OSSEC_TYPE} == agent +. if !${CONFIG_PROFILES:M${${option}_PROFILE}} +CONFIG_PROFILES+= ${${option}_PROFILE} +. endif +. endif +SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE} +. endif +. endfor +.endfor + +.for profile in ${CONFIG_PROFILES} +. if empty(CONFIG_PROFILE_VALUE) +CONFIG_PROFILE_VALUE:= ${profile} +. else +CONFIG_PROFILE_VALUE:= ${CONFIG_PROFILE_VALUE}, ${profile} +. endif +.endfor +SUB_LIST+= CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}" + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_ALL_OPTIONS} +. if !defined(${option}_TEMPLATE) +${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml +. endif +. if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}} +SUB_FILES+= ${${option}_TEMPLATE} +. endif +. endfor +.endfor + +.for file_name in ${RULES_FILES} +SUB_FILES+= rules-${file_name}.xml +.endfor + +.for file_name in ${CMDOUT_SCRIPTS} +SUB_FILES+= command-${file_name}.sh +.endfor + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_OPTION) +OPTIONS_GROUP_G_${conf_group}+= ${${option}_OPTION} +${${option}_OPTION}_DESC= ${${option}_DESC} +. if ${${option}_DEFAULT:M${OSSEC_TYPE}} +OPTIONS_DEFAULT+= ${${option}_OPTION} +. endif +${${option}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} +${${option}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} +. endif +. endfor +. if !empty(OPTIONS_GROUP_G_${conf_group}) +OPTIONS_GROUP+= G_${conf_group} +G_${conf_group}_DESC= ${${conf_group}_DESC} +. endif +.endfor + +############################################################ + +.for conf_group in ${CONF_GROUPS} +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} +${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. elif !empty(${option}_OPTION) +OPTIONS_GROUP_G_${conf_group}_P+= ${${option}_OPTION}_P +${${option}_OPTION}_P_DESC= ${${option}_DESC} +. if !empty(${option}_PROFILE) +${${option}_OPTION}_P_DESC+= (profile: ${${option}_PROFILE}) +. endif +. if ${${option}_DEFAULT:Mpushed} +OPTIONS_DEFAULT+= ${${option}_OPTION}_P +. endif +${${option}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} +${${option}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} +. endif +. endfor +. if !empty(OPTIONS_GROUP_G_${conf_group}_P) +OPTIONS_GROUP+= G_${conf_group}_P +G_${conf_group}_P_DESC= Pushed ${${conf_group}_DESC} +. if !empty(${conf_group}_PROFILE) +G_${conf_group}_P_DESC+= (profile: ${${conf_group}_PROFILE}) +. endif +. endif +.endfor + +############################################################ + +.include + +show-opts: +.for conf_group in ${CONF_GROUPS} + @${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}" +. for option in ${${conf_group}_INSTANCE_OPTIONS} + @${ECHO_CMD} " ${option}: ${${option}_DESC}" +. if empty(${option}_TEMPLATE) + @${ECHO_CMD} " Template: -" +. else + @${ECHO_CMD} " Template: ${${option}_TEMPLATE}" +. endif +. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} + @${ECHO_CMD} " Enabled: true" +. endif +. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} + @${ECHO_CMD} " Enabled: false" +. endif +. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} + @${ECHO_CMD} " Pushed: true" +. endif +. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} + @${ECHO_CMD} " Pushed: false" +. endif +. endfor +.endfor + +pre-install: + @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \ + ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \ + ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} + @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \ + ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \ + ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} + +ossec-dirs: + @${MKDIR} -p ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR} +.if ${OSSEC_TYPE} != agent + @${MKDIR} -p ${RULES_DIR} +.endif +.if ${OSSEC_TYPE} == server + @${MKDIR} -p ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} +.endif + +ossec-scripts: + @${CP} -f ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN} +.if ${OSSEC_TYPE} == server + @${CP} -f ${WRKDIR}/agent-conf ${AGENT_CONF_BIN} +.endif +.for file_name in ${CMDOUT_SCRIPTS} + @${CP} -f ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh +.endfor + @${CP} -f ${WRKDIR}/command.conf ${COMMAND_CONF} + @${CP} -f ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN} + +ossec-rules: +.if ${OSSEC_TYPE} != agent +. for file_name in ${RULES_FILES} + @${SED} -e 's|||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml +. endfor +.endif + +ossec-conf-managed: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_INSTANCE_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +ossec-conf-local: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_INSTANCE_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) +. for option in ${${conf_group}_INSTANCE_OPTIONS} +. if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +ossec-conf-sample: + @${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF} + @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + @${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF} + @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + @-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \ + ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \ + ${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} + +agent-conf-managed: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PUSHED_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} + @${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +agent-conf-local: +.for conf_group in ${CONF_GROUPS} +. if !empty(${conf_group}_PUSHED_OPTIONS) + @${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) +. for option in ${${conf_group}_PUSHED_OPTIONS} +. if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} +. if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} + @${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} +. endif +. endif +. endfor +. endif +. endif +.endfor + +do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local + +ossec-permissions: + @${CHMOD} -R 550 ${OSSEC_DIR} + @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/* + @${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} +.if ${OSSEC_TYPE} != agent + @${CHMOD} 640 ${RULES_DIR}/* +.endif +.if ${OSSEC_TYPE} == server + @${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/* + @${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} +.endif +.if defined(MAINTAINER_MODE) + @${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR} + @${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR} +.endif + +post-install: ossec-permissions + @${ECHO_CMD} -n > ${PKGMESSAGE} +.for file_name in ${PKGMSG_FILES} + @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} + @${ECHO_CMD} >> ${PKGMESSAGE} +.endfor + +.if defined(MAINTAINER_MODE) +plist: makeplist + @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} + +rules: extract + @${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC} +.endif + +.include Property changes on: security/ossec-hids-local-config/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/distinfo =================================================================== --- security/ossec-hids-local-config/distinfo (nonexistent) +++ security/ossec-hids-local-config/distinfo (working copy) @@ -0,0 +1,3 @@ +TIMESTAMP = 1539459620 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 Property changes on: security/ossec-hids-local-config/distinfo ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/agent-conf.in =================================================================== --- security/ossec-hids-local-config/files/agent-conf.in (nonexistent) +++ security/ossec-hids-local-config/files/agent-conf.in (working copy) @@ -0,0 +1,33 @@ +#!/bin/sh + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" + +agent_conf_dir="${ossec_home}/etc/agent.conf.d" +agent_conf_files="${agent_conf_dir}/*.conf" + +select_elements() { + local element="$1" + sed -n "/<${element}.*>/,/<\/${element}>/p" +} + +remove_comments() { + # Comments must be on separate lines i.e. not next to uncommented code + awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' +} + +remove_empty_lines() { + sed '/^\s*$/d' +} + +agent_conf() { + + echo "" + echo + echo "" + echo + + cat $@ | remove_comments | select_elements "agent_config" | remove_empty_lines +} + +agent_conf "${agent_conf_files}" Property changes on: security/ossec-hids-local-config/files/agent-conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/command-last-logins.sh.in =================================================================== --- security/ossec-hids-local-config/files/command-last-logins.sh.in (nonexistent) +++ security/ossec-hids-local-config/files/command-last-logins.sh.in (working copy) @@ -0,0 +1,8 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +ossec_home="%%OSSEC_HOME%%" +. "${ossec_home}/etc/command.conf" + +last -n ${last_logins} Property changes on: security/ossec-hids-local-config/files/command-last-logins.sh.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/command-open-ports.sh.in =================================================================== --- security/ossec-hids-local-config/files/command-open-ports.sh.in (nonexistent) +++ security/ossec-hids-local-config/files/command-open-ports.sh.in (working copy) @@ -0,0 +1,19 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +family=$1 +protocol=$2 +ports=$3 + +if [ -z "${ports}" ]; then + privileged_ports="1-$((`sysctl -n net.inet.ip.portrange.first` - 1))" + + ossec_home="%%OSSEC_HOME%%" + . "${ossec_home}/etc/command.conf" + + ports="privileged_${protocol}_ports" + eval ports=\$${ports} +fi + +sockstat -l -${family} -P ${protocol} -p ${ports} | grep -Eo '[^[:space:]]+:[0-9]+' | sort -u Property changes on: security/ossec-hids-local-config/files/command-open-ports.sh.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/command.conf.in =================================================================== --- security/ossec-hids-local-config/files/command.conf.in (nonexistent) +++ security/ossec-hids-local-config/files/command.conf.in (working copy) @@ -0,0 +1,6 @@ +#!/bin/sh + +last_logins=5 + +privileged_tcp_ports=${privileged_ports},10050-10051 +privileged_udp_ports=${privileged_ports} Property changes on: security/ossec-hids-local-config/files/command.conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/merge-config.sh.in =================================================================== --- security/ossec-hids-local-config/files/merge-config.sh.in (nonexistent) +++ security/ossec-hids-local-config/files/merge-config.sh.in (working copy) @@ -0,0 +1,32 @@ +#!/bin/sh + +# This script is part of FreeBSD port - report any issues to the port MAINTAINER + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" +ossec_rc="%%OSSEC_RC%%" + +ACTION=$1 +USER=$2 +IP=$3 + +LOCAL=`dirname $0`; +cd $LOCAL +cd ../../tmp + +# Logging the call +echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log" + +case ${ACTION} in + add) + "${ossec_rc}" merge_config + exit 0 + ;; + delete) + exit 0 + ;; + *) + echo "$0: invalid action: ${ACTION}" + exit 1 + ;; +esac Property changes on: security/ossec-hids-local-config/files/merge-config.sh.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/message-agent-conf.in =================================================================== --- security/ossec-hids-local-config/files/message-agent-conf.in (nonexistent) +++ security/ossec-hids-local-config/files/message-agent-conf.in (working copy) @@ -0,0 +1,3 @@ +The "agent.conf" must no longer be used for configuration. It will be +overwritten by merged "*.conf" files from the configuration directory: +%%OSSEC_HOME%%/etc/agent.conf.d Property changes on: security/ossec-hids-local-config/files/message-agent-conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/message-ossec-conf.in =================================================================== --- security/ossec-hids-local-config/files/message-ossec-conf.in (nonexistent) +++ security/ossec-hids-local-config/files/message-ossec-conf.in (working copy) @@ -0,0 +1,3 @@ +The "ossec.conf" must no longer be used for configuration. It will be +overwritten by merged "*.conf" files from the configuration directory: +%%OSSEC_HOME%%/etc/ossec.conf.d Property changes on: security/ossec-hids-local-config/files/message-ossec-conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/message-pf.in =================================================================== --- security/ossec-hids-local-config/files/message-pf.in (nonexistent) +++ security/ossec-hids-local-config/files/message-pf.in (working copy) @@ -0,0 +1,4 @@ +Add the ossec_fwtable to /etc/pf.conf if using "firewall-drop" active response: + table persist + block in quick from to any + block out quick from any to Property changes on: security/ossec-hids-local-config/files/message-pf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/ossec-conf.in =================================================================== --- security/ossec-hids-local-config/files/ossec-conf.in (nonexistent) +++ security/ossec-hids-local-config/files/ossec-conf.in (working copy) @@ -0,0 +1,60 @@ +#!/bin/sh + +ossec_type="%%OSSEC_TYPE%%" +ossec_home="%%OSSEC_HOME%%" + +ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" +ossec_conf_files="${ossec_conf_dir}/*.conf" + +select_elements_content() { + local element="$1" + sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }" +} + +remove_elements() { + local element="$1" + sed -e "/<${element}>/,/<\/${element}>/d" +} + +remove_comments() { + # Comments must be on separate lines i.e. not next to uncommented code + awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' +} + +remove_empty_lines() { + sed '/^\s*$/d' +} + +ossec_conf() { + echo "" + echo + echo "" + echo + echo "" + + if [ "${ossec_type}" != "agent" ]; then + if cat $@ | remove_comments | grep -q ""; then + echo " " + cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines + echo " " + fi + fi + + if cat $@ | remove_comments | grep -q ""; then + echo " " + cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines + echo " " + fi + + if cat $@ | remove_comments | grep -q ""; then + echo " " + cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines + echo " " + fi + + cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" | remove_elements "syscheck" | remove_empty_lines + + echo "" +} + +ossec_conf "${ossec_conf_files}" Property changes on: security/ossec-hids-local-config/files/ossec-conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/pkg-deinstall.in =================================================================== --- security/ossec-hids-local-config/files/pkg-deinstall.in (nonexistent) +++ security/ossec-hids-local-config/files/pkg-deinstall.in (working copy) @@ -0,0 +1,10 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +ossec_conf="${ossec_home}/etc/ossec.conf" +agent_conf="${ossec_home}/etc/shared/agent.conf" + +if [ "$2" == "DEINSTALL" ]; then + rm -f "${ossec_conf}" + rm -f "${agent_conf}" +fi Property changes on: security/ossec-hids-local-config/files/pkg-deinstall.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/pkg-install.in =================================================================== --- security/ossec-hids-local-config/files/pkg-install.in (nonexistent) +++ security/ossec-hids-local-config/files/pkg-install.in (working copy) @@ -0,0 +1,32 @@ +#!/bin/sh + +ossec_home="%%OSSEC_HOME%%" +ar_bin_dir="${ossec_home}/active-response/bin" +ossec_conf="${ossec_home}/etc/ossec.conf" +ossec_conf_bak="${ossec_conf}.bak" +agent_conf="${ossec_home}/etc/shared/agent.conf" +agent_conf_bak="${ossec_home}/etc/agent.conf.bak" + +if [ "$2" == "POST-INSTALL" ]; then + ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + + if [ -e "${ossec_conf}" ]; then + mv -f "${ossec_conf}" "${ossec_conf_bak}" + echo + echo "WARNING:" + echo " Existing \"${ossec_conf}\" has been saved to \"${ossec_conf_bak}\"." + echo + fi + + case "$1" in + ossec-hids-server*) + if [ -e "${agent_conf}" ]; then + mv -f "${agent_conf}" "${agent_conf_bak}" + echo + echo "WARNING:" + echo " Existing \"${agent_conf}\" has been saved to \"${agent_conf_bak}\"." + echo + fi + ;; + esac +fi Property changes on: security/ossec-hids-local-config/files/pkg-install.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/rules-cmdout.xml.in =================================================================== --- security/ossec-hids-local-config/files/rules-cmdout.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/rules-cmdout.xml.in (working copy) @@ -0,0 +1,67 @@ + + + + + 530 + ossec: output: 'freebsd-last-logins' + + List of the last logged in users. + + + + 530 + ossec: output: 'freebsd-open-ports-tcp4-all' + + Listening IPv4 TCP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-tcp4' + + Listening IPv4 TCP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-tcp6-all' + + Listening IPv6 TCP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-tcp6' + + Listening IPv6 TCP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-udp4-all' + + Listening IPv4 UDP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-udp4' + + Listening IPv4 UDP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-udp6-all' + + Listening IPv6 UDP port opened or closed. + + + + 530 + ossec: output: 'freebsd-open-ports-udp6' + + Listening IPv6 UDP port opened or closed. + + + Property changes on: security/ossec-hids-local-config/files/rules-cmdout.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/rules-config.xml.in =================================================================== --- security/ossec-hids-local-config/files/rules-config.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/rules-config.xml.in (working copy) @@ -0,0 +1,52 @@ + + + + + syscheck + %%OSSEC_HOME%%/etc/ossec.conf.d + ossec.conf.d has been modified + + + + syscheck + %%OSSEC_HOME%%/etc/ossec.conf + ossec.conf has been modified + + + + syscheck + /var/ossec/etc/ossec.conf.d + ossec.conf.d has been modified + + + + syscheck + /var/ossec/etc/ossec.conf + ossec.conf has been modified + + + + syscheck + %%OSSEC_HOME%%/etc/agent.conf.d + agent.conf.d has been modified + + + + syscheck + %%OSSEC_HOME%%/etc/shared/agent.conf + agent.conf has been modified + + + + syscheck + /var/ossec/etc/agent.conf.d + agent.conf.d has been modified + + + + syscheck + /var/ossec/etc/shared/agent.conf + agent.conf has been modified + + + Property changes on: security/ossec-hids-local-config/files/rules-config.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in (working copy) @@ -0,0 +1,38 @@ + + + + + host-deny + host-deny.sh + srcip + yes + + + + firewall-drop + firewall-drop.sh + srcip + yes + + + + disable-account + disable-account.sh + user + yes + + + + restart-ossec + restart-ossec.sh + + + + + route-null + route-null.sh + srcip + yes + + + Property changes on: security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in (working copy) @@ -0,0 +1,10 @@ + + + + + merge-config + merge-config.sh + + + + Property changes on: security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in (working copy) @@ -0,0 +1,13 @@ + + + + + + + firewall-drop + local + 6 + 600 + + + Property changes on: security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in (working copy) @@ -0,0 +1,12 @@ + + + + + + host-deny + local + 6 + 600 + + + Property changes on: security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-merge.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-merge.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-merge.xml.in (working copy) @@ -0,0 +1,11 @@ + + + + + + merge-config + local + 56001,56003,56021,56023 + + + Property changes on: security/ossec-hids-local-config/files/template-ar-merge.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-ar-restart.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-ar-restart.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-ar-restart.xml.in (working copy) @@ -0,0 +1,11 @@ + + + + + + restart-ossec + local + 56002,56004,56022,56024 + + + Property changes on: security/ossec-hids-local-config/files/template-ar-restart.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in (working copy) @@ -0,0 +1,10 @@ + + + + + full_command + %%OSSEC_HOME%%/bin/command/last-logins.sh + freebsd-last-logins + + + Property changes on: security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in (working copy) @@ -0,0 +1,28 @@ + + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp 1-65535 + freebsd-open-ports-tcp4-all + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp + freebsd-open-ports-tcp4 + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp 1-65535 + freebsd-open-ports-tcp6-all + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp + freebsd-open-ports-tcp6 + + + Property changes on: security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in (working copy) @@ -0,0 +1,28 @@ + + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp 1-65535 + freebsd-open-ports-udp4-all + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp + freebsd-open-ports-udp4 + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp 1-65535 + freebsd-open-ports-udp6-all + + + + full_command + %%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp + freebsd-open-ports-udp6 + + + Property changes on: security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-header-disabled.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-header-disabled.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-header-disabled.xml.in (working copy) @@ -0,0 +1,10 @@ + + + + + + Property changes on: security/ossec-hids-local-config/files/template-header-disabled.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-header-enabled.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-header-enabled.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-header-enabled.xml.in (working copy) @@ -0,0 +1,4 @@ + + + + Property changes on: security/ossec-hids-local-config/files/template-header-enabled.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-header-sample.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-header-sample.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-header-sample.xml.in (working copy) @@ -0,0 +1 @@ + Property changes on: security/ossec-hids-local-config/files/template-header-sample.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-apache.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-apache.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-apache.xml.in (working copy) @@ -0,0 +1,28 @@ + + + + + apache + /var/log/httpd-error.log + + + + apache + /var/log/httpd-access.log + + + + + + + + apache + /var/log/apache2/error.log + + + + apache + /var/log/apache2/access.log + + + Property changes on: security/ossec-hids-local-config/files/template-logs-apache.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-basic.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-basic.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-basic.xml.in (working copy) @@ -0,0 +1,68 @@ + + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/maillog + + + + syslog + /var/log/messages + + + + syslog + /var/log/security + + + + syslog + /var/log/userlog + + + + syslog + /var/log/xferlog + + + + + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/dpkg.log + + + + syslog + /var/log/kern.log + + + + syslog + /var/log/mail.log + + + + syslog + /var/log/messages + + + + syslog + /var/log/syslog + + + Property changes on: security/ossec-hids-local-config/files/template-logs-basic.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-nginx.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-nginx.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-nginx.xml.in (working copy) @@ -0,0 +1,28 @@ + + + + + apache + /var/log/nginx/error.log + + + + apache + /var/log/nginx/access.log + + + + + + + + apache + /var/log/nginx/error.log + + + + apache + /var/log/nginx/access.log + + + Property changes on: security/ossec-hids-local-config/files/template-logs-nginx.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-ossec.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-ossec.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-ossec.xml.in (working copy) @@ -0,0 +1,18 @@ + + + + + syslog + %%OSSEC_HOME%%/logs/active-responses.log + + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + Property changes on: security/ossec-hids-local-config/files/template-logs-ossec.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-radius.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-radius.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-radius.xml.in (working copy) @@ -0,0 +1,18 @@ + + + + + syslog + /var/log/radius.log + + + + + + + + syslog + /var/log/freeradius/radius.log + + + Property changes on: security/ossec-hids-local-config/files/template-logs-radius.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in (working copy) @@ -0,0 +1,18 @@ + + + + + syslog + /var/log/vsftpd.log + + + + + + + + syslog + /var/log/vsftpd.log + + + Property changes on: security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in (working copy) @@ -0,0 +1,22 @@ + + + + + %%OSSEC_HOME%%/etc/shared/rootkit_files.txt + %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt + %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt + %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt + + + + + + + + /var/ossec/etc/shared/rootkit_files.txt + /var/ossec/etc/shared/rootkit_trojans.txt + /var/ossec/etc/shared/system_audit_rcl.txt + /var/ossec/etc/shared/system_audit_ssh.txt + + + Property changes on: security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in (working copy) @@ -0,0 +1,9 @@ + + + + + + /var/ossec/etc/shared/cis_debianlinux7-8_L1_rcl.txt + + + Property changes on: security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in (working copy) @@ -0,0 +1,9 @@ + + + + + + /var/ossec/etc/shared/cis_debianlinux7-8_L2_rcl.txt + + + Property changes on: security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in (working copy) @@ -0,0 +1,9 @@ + + + + + + /var/ossec/etc/shared/cis_debian_linux_rcl.txt + + + Property changes on: security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rules-cmdout.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rules-cmdout.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rules-cmdout.xml.in (working copy) @@ -0,0 +1,8 @@ + + + + + freebsd_cmdout_rules.xml + + + Property changes on: security/ossec-hids-local-config/files/template-rules-cmdout.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rules-config.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rules-config.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rules-config.xml.in (working copy) @@ -0,0 +1,8 @@ + + + + + freebsd_config_rules.xml + + + Property changes on: security/ossec-hids-local-config/files/template-rules-config.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-rules-default.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-rules-default.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-rules-default.xml.in (working copy) @@ -0,0 +1,87 @@ + + + + + rules_config.xml + ossec_rules.xml + syslog_rules.xml + sendmail_rules.xml + postfix_rules.xml + spamd_rules.xml + imapd_rules.xml + mailscanner_rules.xml + ms-exchange_rules.xml + courier_rules.xml + firewall_rules.xml + pix_rules.xml + netscreenfw_rules.xml + cisco-ios_rules.xml + sonicwall_rules.xml + pam_rules.xml + telnetd_rules.xml + sshd_rules.xml + solaris_bsm_rules.xml + asterisk_rules.xml + ms_dhcp_rules.xml + arpwatch_rules.xml + symantec-av_rules.xml + symantec-ws_rules.xml + trend-osce_rules.xml + hordeimp_rules.xml + roundcube_rules.xml + wordpress_rules.xml + cimserver_rules.xml + dovecot_rules.xml + vmpop3d_rules.xml + vpopmail_rules.xml + ftpd_rules.xml + proftpd_rules.xml + pure-ftpd_rules.xml + vsftpd_rules.xml + ms_ftpd_rules.xml + named_rules.xml + exim_rules.xml + smbd_rules.xml + racoon_rules.xml + vpn_concentrator_rules.xml + msauth_rules.xml + mcafee_av_rules.xml + ms-se_rules.xml + sysmon_rules.xml + ms_ipsec_rules.xml + vmware_rules.xml + ids_rules.xml + apache_rules.xml + web_rules.xml + zeus_rules.xml + nginx_rules.xml + php_rules.xml + web_appsec_rules.xml + squid_rules.xml + attack_rules.xml + systemd_rules.xml + firewalld_rules.xml + mysql_rules.xml + postgresql_rules.xml + dropbear_rules.xml + openbsd_rules.xml + apparmor_rules.xml + clam_av_rules.xml + openbsd-dhcpd_rules.xml + nsd_rules.xml + owncloud_rules.xml + proxmox-ve_rules.xml + opensmtpd_rules.xml + dnsmasq_rules.xml + linux_usbdetect_rules.xml + ms1016_usbdetect_rules.xml + ms_firewall_rules.xml + psad_rules.xml + unbound_rules.xml + local_rules.xml + + + + + + Property changes on: security/ossec-hids-local-config/files/template-rules-default.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-sample-agent.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-sample-agent.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-sample-agent.xml.in (working copy) @@ -0,0 +1,14 @@ + + + + + + 1.2.3.4 + + + + + + + + Property changes on: security/ossec-hids-local-config/files/template-sample-agent.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-sample-database.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-sample-database.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-sample-database.xml.in (working copy) @@ -0,0 +1,12 @@ + + + + + localhost + ossec + secret + ossec + %%DB_TYPE%% + + + Property changes on: security/ossec-hids-local-config/files/template-sample-database.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-sample-local.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-sample-local.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-sample-local.xml.in (working copy) @@ -0,0 +1,17 @@ + + + + + + + + + 127.0.0.1 + + + Property changes on: security/ossec-hids-local-config/files/template-sample-local.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-sample-server.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-sample-server.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-sample-server.xml.in (working copy) @@ -0,0 +1,23 @@ + + + + + secure + + + + + + + + + + 127.0.0.1 + + + Property changes on: security/ossec-hids-local-config/files/template-sample-server.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-syscheck-basic.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-syscheck-basic.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-syscheck-basic.xml.in (working copy) @@ -0,0 +1,18 @@ + + + + + /bin,/sbin,/usr/bin,/usr/sbin,%%PREFIX%%/bin,%%PREFIX%%/sbin + /etc,%%PREFIX%%/etc + + + + + + + + /bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin + /etc,/usr/local/etc + + + Property changes on: security/ossec-hids-local-config/files/template-syscheck-basic.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in (working copy) @@ -0,0 +1,16 @@ + + + + + /etc/hosts.allow + + + + + + + + /etc/hosts.deny + + + Property changes on: security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in (working copy) @@ -0,0 +1,16 @@ + + + + + yes + + + + + + + + yes + + + Property changes on: security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in (working copy) @@ -0,0 +1,16 @@ + + + + + no + + + + + + + + no + + + Property changes on: security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in =================================================================== --- security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in (nonexistent) +++ security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in (working copy) @@ -0,0 +1,18 @@ + + + + + %%OSSEC_SYSCHECK_BIN_DIRS%% + %%OSSEC_SYSCHECK_ETC_DIRS%% + + + + + + + + /var/ossec/bin,/var/ossec/active-response,/var/ossec/agentless + /var/ossec/etc,/var/ossec/rules + + + Property changes on: security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-ar.mk =================================================================== --- security/ossec-hids-local-config/opt-ar.mk (nonexistent) +++ security/ossec-hids-local-config/opt-ar.mk (working copy) @@ -0,0 +1,46 @@ +AR_MANAGED_CONF= 110.active-response.conf +AR_LOCAL_CONF= 510.active-response.local.conf + +AR_DESC= Active Response + +# Default commands +AR_CMDS_DEFAULT_OPTION= DEFAULT_C +AR_CMDS_DEFAULT_DESC= Commands provided by OSSEC +AR_CMDS_DEFAULT_DEFINE= server local +AR_CMDS_DEFAULT_DEFAULT=server local +AR_OPTIONS+= AR_CMDS_DEFAULT + +# Config merge commands +AR_CMDS_MERGE_OPTION= MERGE_C +AR_CMDS_MERGE_DESC= Commands to merge configuration files +AR_CMDS_MERGE_DEFINE= server local +AR_CMDS_MERGE_DEFAULT= server local +AR_OPTIONS+= AR_CMDS_MERGE + +# Config merge active response +AR_MERGE_OPTION= MERGE_AR +AR_MERGE_DESC= Merge configuration files when they change +AR_MERGE_DEFINE= server local +AR_MERGE_DEFAULT= server local +AR_OPTIONS+= AR_MERGE + +# OSSEC restart active response +AR_RESTART_OPTION= RESTART_AR +AR_RESTART_DESC= Restart OSSEC when main configuration files change +AR_RESTART_DEFINE= server local +AR_RESTART_DEFAULT= server local +AR_OPTIONS+= AR_RESTART + +# Host deny active response +AR_HOSTDENY_OPTION= HOSTDENY_AR +AR_HOSTDENY_DESC= Block the attacker's IP using access control files +AR_HOSTDENY_DEFINE= server local +AR_HOSTDENY_DEFAULT= +AR_OPTIONS+= AR_HOSTDENY + +# Firewall drop active response +AR_FWDROP_OPTION= FWDROP_AR +AR_FWDROP_DESC= Block the attacker's IP on the firewall +AR_FWDROP_DEFINE= server local +AR_FWDROP_DEFAULT= +AR_OPTIONS+= AR_FWDROP Property changes on: security/ossec-hids-local-config/opt-ar.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-cmdout.mk =================================================================== --- security/ossec-hids-local-config/opt-cmdout.mk (nonexistent) +++ security/ossec-hids-local-config/opt-cmdout.mk (working copy) @@ -0,0 +1,27 @@ +CMDOUT_MANAGED_CONF= 140.command-output.conf +CMDOUT_LOCAL_CONF= 540.command-output.local.conf + +CMDOUT_DESC= Command Output Monitoring + +CMDOUT_SCRIPTS= last-logins open-ports + +# Last logins +CMDOUT_LAST_LOGINS_OPTION= LOGINS +CMDOUT_LAST_LOGINS_DESC= Last logins +CMDOUT_LAST_LOGINS_DEFINE= server local agent +CMDOUT_LAST_LOGINS_DEFAULT= server local agent +CMDOUT_OPTIONS+= CMDOUT_LAST_LOGINS + +# Open TCP ports +CMDOUT_OPEN_PORTS_TCP_OPTION= PORTS_TCP +CMDOUT_OPEN_PORTS_TCP_DESC= Open TCP ports +CMDOUT_OPEN_PORTS_TCP_DEFINE= server local agent +CMDOUT_OPEN_PORTS_TCP_DEFAULT= server local agent +CMDOUT_OPTIONS+= CMDOUT_OPEN_PORTS_TCP + +# Open UDP ports +CMDOUT_OPEN_PORTS_UDP_OPTION= PORTS_UDP +CMDOUT_OPEN_PORTS_UDP_DESC= Open UDP ports +CMDOUT_OPEN_PORTS_UDP_DEFINE= server local agent +CMDOUT_OPEN_PORTS_UDP_DEFAULT= server local agent +CMDOUT_OPTIONS+= CMDOUT_OPEN_PORTS_UDP Property changes on: security/ossec-hids-local-config/opt-cmdout.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-logs.mk =================================================================== --- security/ossec-hids-local-config/opt-logs.mk (nonexistent) +++ security/ossec-hids-local-config/opt-logs.mk (working copy) @@ -0,0 +1,52 @@ +LOGS_MANAGED_CONF= 150.logs.conf +LOGS_LOCAL_CONF= 550.logs.local.conf + +LOGS_DESC= Log Monitoring + +# Default logs support +LOGS_BASIC_OPTION= BASIC +LOGS_BASIC_PROFILE= basic +LOGS_BASIC_DESC= Default system logs +LOGS_BASIC_DEFINE= server local agent pushed +LOGS_BASIC_DEFAULT= server local pushed +LOGS_OPTIONS+= LOGS_BASIC + +# Active response log support +LOGS_OSSEC_OPTION= OSSEC +LOGS_OSSEC_PROFILE= ossec +LOGS_OSSEC_DESC= Active response logs +LOGS_OSSEC_DEFINE= server local agent pushed +LOGS_OSSEC_DEFAULT= server local pushed +LOGS_OPTIONS+= LOGS_OSSEC + +# Apache logs support +LOGS_APACHE_OPTION= APACHE +LOGS_APACHE_PROFILE= apache +LOGS_APACHE_DESC= Apache logs +LOGS_APACHE_DEFINE= server local agent pushed +LOGS_APACHE_DEFAULT= pushed +LOGS_OPTIONS+= LOGS_APACHE + +# Nginx logs support +LOGS_NGINX_OPTION= NGINX +LOGS_NGINX_PROFILE= nginx +LOGS_NGINX_DESC= Nginx logs +LOGS_NGINX_DEFINE= server local agent pushed +LOGS_NGINX_DEFAULT= pushed +LOGS_OPTIONS+= LOGS_NGINX + +# Radius logs support +LOGS_RADIUS_OPTION= RADIUS +LOGS_RADIUS_PROFILE= radius +LOGS_RADIUS_DESC= FreeRADIUS logs +LOGS_RADIUS_DEFINE= server local agent pushed +LOGS_RADIUS_DEFAULT= pushed +LOGS_OPTIONS+= LOGS_RADIUS + +# Vsftpd logs support +LOGS_VSFTPD_OPTION= VSFTPD +LOGS_VSFTPD_PROFILE= vsftpd +LOGS_VSFTPD_DESC= Vsftpd logs +LOGS_VSFTPD_DEFINE= server local agent pushed +LOGS_VSFTPD_DEFAULT= pushed +LOGS_OPTIONS+= LOGS_VSFTPD Property changes on: security/ossec-hids-local-config/opt-logs.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-rootcheck.mk =================================================================== --- security/ossec-hids-local-config/opt-rootcheck.mk (nonexistent) +++ security/ossec-hids-local-config/opt-rootcheck.mk (working copy) @@ -0,0 +1,36 @@ +ROOTCHECK_MANAGED_CONF= 120.rootcheck.conf +ROOTCHECK_LOCAL_CONF= 520.rootcheck.local.conf + +ROOTCHECK_DESC= System Audit and Rootkit Detection (rootcheck) + +# Basic +ROOTCHECK_BASIC_OPTION= BASIC_RC +ROOTCHECK_BASIC_PROFILE= basic +ROOTCHECK_BASIC_DESC= Basic audit and rootkits +ROOTCHECK_BASIC_DEFINE= server local agent pushed +ROOTCHECK_BASIC_DEFAULT= server local pushed +ROOTCHECK_OPTIONS+= ROOTCHECK_BASIC + +# CIS default +ROOTCHECK_CIS_OPTION= CIS_RC +ROOTCHECK_CIS_PROFILE= cis +ROOTCHECK_CIS_DESC= CIS benchmark - Legacy +ROOTCHECK_CIS_DEFINE= pushed +ROOTCHECK_CIS_DEFAULT= pushed +ROOTCHECK_OPTIONS+= ROOTCHECK_CIS + +# CIS level 1 +ROOTCHECK_CIS_L1_OPTION= CIS_L1_RC +ROOTCHECK_CIS_L1_PROFILE= cis-level1 +ROOTCHECK_CIS_L1_DESC= CIS benchmark - Level 1 +ROOTCHECK_CIS_L1_DEFINE= pushed +ROOTCHECK_CIS_L1_DEFAULT= pushed +ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L1 + +# CIS level 2 +ROOTCHECK_CIS_L2_OPTION= CIS_L2_RC +ROOTCHECK_CIS_L2_PROFILE= cis-level2 +ROOTCHECK_CIS_L2_DESC= CIS benchmark - Level 2 +ROOTCHECK_CIS_L2_DEFINE= pushed +ROOTCHECK_CIS_L2_DEFAULT= pushed +ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L2 Property changes on: security/ossec-hids-local-config/opt-rootcheck.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-rules.mk =================================================================== --- security/ossec-hids-local-config/opt-rules.mk (nonexistent) +++ security/ossec-hids-local-config/opt-rules.mk (working copy) @@ -0,0 +1,27 @@ +RULES_MANAGED_CONF= 100.rules.conf +RULES_LOCAL_CONF= 500.rules.local.conf + +RULES_DESC= Alerting Rules + +RULES_FILES= config cmdout + +# Default rules +RULES_DEFAULT_OPTION= DEFAULT_R +RULES_DEFAULT_DESC= Rules provided by OSSEC +RULES_DEFAULT_DEFINE= server local +RULES_DEFAULT_DEFAULT= server local +RULES_OPTIONS+= RULES_DEFAULT + +# Config rules +RULES_CONFIG_OPTION= CONFIG_R +RULES_CONFIG_DESC= Alert changes of the OSSEC main configuration files +RULES_CONFIG_DEFINE= server local +RULES_CONFIG_DEFAULT= server local +RULES_OPTIONS+= RULES_CONFIG + +# Command output rules +RULES_CMDOUT_OPTION= CMDOUT_R +RULES_CMDOUT_DESC= Alert changes of output of the monitored commands +RULES_CMDOUT_DEFINE= server local +RULES_CMDOUT_DEFAULT= server local +RULES_OPTIONS+= RULES_CMDOUT Property changes on: security/ossec-hids-local-config/opt-rules.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/opt-syscheck.mk =================================================================== --- security/ossec-hids-local-config/opt-syscheck.mk (nonexistent) +++ security/ossec-hids-local-config/opt-syscheck.mk (working copy) @@ -0,0 +1,42 @@ +SYSCHECK_MANAGED_CONF= 130.syscheck.conf +SYSCHECK_LOCAL_CONF= 530.syscheck.local.conf + +SYSCHECK_DESC= File Integrity Checking (syscheck) + +# Default direcotries +SYSCHECK_BASIC_OPTION= BASIC_SC +SYSCHECK_BASIC_PROFILE= basic +SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc" +SYSCHECK_BASIC_DEFINE= server local agent pushed +SYSCHECK_BASIC_DEFAULT= server local pushed +SYSCHECK_OPTIONS+= SYSCHECK_BASIC + +# OSSEC directories +SYSCHECK_OSSEC_OPTION= OSSEC_SC +SYSCHECK_OSSEC_PROFILE= ossec +SYSCHECK_OSSEC_DESC= OSSEC directories +SYSCHECK_OSSEC_DEFINE= server local agent pushed +SYSCHECK_OSSEC_DEFAULT= server local pushed +SYSCHECK_OPTIONS+= SYSCHECK_OSSEC + +# Alert new files +SYSCHECK_NEWFILES_OPTION= NEWFILES_SC +SYSCHECK_NEWFILES_DESC= Alert on new files created +SYSCHECK_NEWFILES_DEFINE= server local +SYSCHECK_NEWFILES_DEFAULT= server local +SYSCHECK_OPTIONS+= SYSCHECK_NEWFILES + +# Disable auto_ignore +SYSCHECK_NOAUTO_OPTION= NOAUTO_SC +SYSCHECK_NOAUTO_DESC= Disable auto_ignore feature +SYSCHECK_NOAUTO_DEFINE= server local +SYSCHECK_NOAUTO_DEFAULT= server local +SYSCHECK_OPTIONS+= SYSCHECK_NOAUTO + +# Ignore /etc/hosts.allow +SYSCHECK_HOSTDENY_DEPENDS= AR_HOSTDENY +SYSCHECK_HOSTDENY_OPTION= HOSTDENY_SC +SYSCHECK_HOSTDENY_DESC= Ignore access control files +SYSCHECK_HOSTDENY_DEFINE= server local agent pushed +SYSCHECK_HOSTDENY_DEFAULT= server local pushed +SYSCHECK_OPTIONS+= SYSCHECK_HOSTDENY Property changes on: security/ossec-hids-local-config/opt-syscheck.mk ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-descr =================================================================== --- security/ossec-hids-local-config/pkg-descr (nonexistent) +++ security/ossec-hids-local-config/pkg-descr (working copy) @@ -0,0 +1,9 @@ +OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection +System (HIDS). It has a powerful correlation and analysis engine, integrating +log analysis, file integrity checking, Windows registry monitoring, centralized +policy enforcement, rootkit detection, real-time alerting and active response. + +This package adds the configuration overlay with samples, additional rules, +commands, scripts and support for multiple configuration files. + +WWW: https://ossec.github.io Property changes on: security/ossec-hids-local-config/pkg-descr ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-help-agent =================================================================== --- security/ossec-hids-local-config/pkg-help-agent (nonexistent) +++ security/ossec-hids-local-config/pkg-help-agent (working copy) @@ -0,0 +1,29 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +Most of the options are disabled by default, because it is expected that the +server will push the agent configuration using "agent.conf". FreeBSD port of +OSSEC server extended with similar "config" port does this by default. If this +is the case, then the "ossec.conf" should only enable required profiles. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + on the server as well. For security reasons commands cannot be pushed by the + server and thus must be configured locally on every agent. + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if this OSSEC instance will be the target of + "firewall-drop" active response (configured on the server). Property changes on: security/ossec-hids-local-config/pkg-help-agent ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-help-local =================================================================== --- security/ossec-hids-local-config/pkg-help-local (nonexistent) +++ security/ossec-hids-local-config/pkg-help-local (working copy) @@ -0,0 +1,31 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +File Integrity Checking: + + NOAUTO_SC: + OSSEC by default will ignore files that change too often (after the third + change). This option disables this feature. Files that change too often + as a result of correct system operation should better be added to ignore + list manually. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + as well (see CMDOUT_R option). + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if "firewall-drop" active response will be + enabled in the configuration. Property changes on: security/ossec-hids-local-config/pkg-help-local ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-help-server =================================================================== --- security/ossec-hids-local-config/pkg-help-server (nonexistent) +++ security/ossec-hids-local-config/pkg-help-server (working copy) @@ -0,0 +1,46 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +The "pushed" sections (*_P options) relate to configuration pushed to agents +using "agent.conf". The generated configuration blocks will be placed in +"agent.conf.d" and "agent.conf.d/disabled" directories. +Note that the agent needs to enable proper profile to benefit from "agent.conf" +configuration pushed by the server. This also means that profiles not enabled +on the agent are ignored. This is why all "pushed" options are enabled by +default. The port currently contains configuration templates for the following +agent systems: + + - FreeBSD + - Debian Linux + +Consider contributing to the port by contacting the maintainer and providing +configuration templates for other operating systems runnig OSSEC agents. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +File Integrity Checking: + + NOAUTO_SC: + OSSEC by default will ignore files that change too often (after the third + change). This option disables this feature. Files that change too often + as a result of correct system operation should better be added to ignore + list manually. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + as well (see CMDOUT_R option). + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if this OSSEC instance will be the target of + "firewall-drop" active response. Property changes on: security/ossec-hids-local-config/pkg-help-server ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-plist-agent =================================================================== --- security/ossec-hids-local-config/pkg-plist-agent (nonexistent) +++ security/ossec-hids-local-config/pkg-plist-agent (working copy) @@ -0,0 +1,23 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf Property changes on: security/ossec-hids-local-config/pkg-plist-agent ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-plist-local =================================================================== --- security/ossec-hids-local-config/pkg-plist-local (nonexistent) +++ security/ossec-hids-local-config/pkg-plist-local (working copy) @@ -0,0 +1,30 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml Property changes on: security/ossec-hids-local-config/pkg-plist-local ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/pkg-plist-server =================================================================== --- security/ossec-hids-local-config/pkg-plist-server (nonexistent) +++ security/ossec-hids-local-config/pkg-plist-server (working copy) @@ -0,0 +1,39 @@ +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml Property changes on: security/ossec-hids-local-config/pkg-plist-server ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/scripts/plist.sh =================================================================== --- security/ossec-hids-local-config/scripts/plist.sh (nonexistent) +++ security/ossec-hids-local-config/scripts/plist.sh (working copy) @@ -0,0 +1,113 @@ +#!/bin/sh + +# Script generates entries for pkg-plist. +# Do not use it directly. Use the following command instead: +# +# make MAINTAINER_MODE=yes clean plist + +OSSEC_TYPE=$1 +OSSEC_HOME=$2 +PLIST=$3 +WORKDIR=$4 +STAGEDIR=$5 + +staged_plist="${WORKDIR}/.staged-plist" +fixed_lines="" +skip_lines="" +skip_paths="" +sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample" + +print_path() { + local path="$1" + local command="$2" + local full_path="${STAGEDIR}${OSSEC_HOME}${path}" + if [ -z "${command}" ]; then + command="@" + if [ -d "${full_path}" ]; then + command="@dir" + fi + fi + local user=`stat -f "%Su" "${full_path}"` + if [ "${user}" == "${USER}" ]; then + user="" + fi + local group=`stat -f "%Sg" "${full_path}"` + if [ "${group}" == "${GROUP}" ]; then + group="" + fi + local mode=`stat -f "%p" "${full_path}" | tail -c 5` + echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" +} + +echo -n > "${PLIST}" + +print_path + +done_paths="" +while read line; do + skip_line="" + for e in ${skip_lines}; do + if [ "${e}" == "${line}" ]; then + skip_line="${e}" + break + fi + done + if [ -z "${skip_line}" ]; then + path="" + case $line in + "@dir %%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` + ;; + "%%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` + ;; + "%%"*) + unchanged_lines="${unchanged_lines} ${line}" + ;; + esac + if [ -n "${path}" ]; then + segments=`echo "${path}" | tr "/" "\n"` + path="" + for segment in ${segments}; do + path="${path}/${segment}" + skip_path="" + for e in ${skip_paths}; do + if [ "${e}" == "${path}" ]; then + skip_path="${e}" + break + fi + done + if [ -n "${skip_path}" ]; then + break + fi + done_path="" + for e in ${done_paths}; do + if [ "${e}" == "${path}" ]; then + done_path="${e}" + break + fi + done + if [ -z "${done_path}" ]; then + done_paths="${done_paths} ${path}" + sample_path="" + for e in ${sample_paths}; do + if [ "${e}" == "${path}" ]; then + sample_path="${e}" + break + fi + done + if [ -n "${sample_path}" ]; then + print_path "${path}" @sample + else + print_path "${path}" + fi + fi + done + fi + fi +done < "${staged_plist}" + +unchanged_lines="${unchanged_lines} ${fixed_lines}" +for line in ${unchanged_lines}; do + echo "${line}" >> "${PLIST}" +done Property changes on: security/ossec-hids-local-config/scripts/plist.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/scripts/rules.sh =================================================================== --- security/ossec-hids-local-config/scripts/rules.sh (nonexistent) +++ security/ossec-hids-local-config/scripts/rules.sh (working copy) @@ -0,0 +1,89 @@ +#!/bin/sh + +# Script generates entries for template-rules-default.xml.in. +# Do not use it directly. Use the following command instead: +# +# make MAINTAINER_MODE=yes rules + +rules_template=$1 +src_dir=$2 + +skip_files="policy_rules.xml local_rules.xml" +append_files="local_rules.xml" + +rules="" +for file in `find "${src_dir}/etc/rules" -depth 1 -name "*.xml"`; do + file_name="${file##*/}" + skip_file="" + for e in ${skip_files}; do + if [ "${e}" == "${file_name}" ]; then + skip_file="${e}" + break + fi + done + if [ -z "${skip_file}" ]; then + rule_ids=`sed -Ene 's|^.*([0-9,]+).*$|\1|p' "${file}" | tr ',' '\n'` + for ref_rule_id in ${ref_rule_ids}; do + found_rule_id="" + for rule_id in ${rule_ids}; do + if [ "${ref_rule_id}" = "${rule_id}" ]; then + found_rule_id="${rule_id}" + break + fi + done + if [ -z "${found_rule_id}" ]; then + # The referenced rule id is not present in this file so it must come from another + if [ ${ref_rule_id} -gt ${min_rule_id} ]; then + # Ordering by referenced rule id doesn't need to give proper results, but let's hope it does + min_rule_id=$((ref_rule_id + 1)) + fi + fi + done + + rules="${rules}${min_rule_id} ${file_name} +" + fi + fi +done + +echo -n "${rules}" | sort -n + +if [ -n "${rules_template}" ]; then + rules=`echo -n "${rules}" | sort -n | cut -d' ' -f2` + for file_name in ${append_files}; do + rules="${rules} +${file_name}" + done + + echo ' + + + ' > "${rules_template}" + + for rule in ${rules}; do + echo " ${rule}" >> "${rules_template}" + done + + echo ' + ' >> "${rules_template}" + + for skip_file in ${skip_files}; do + append_file="" + for e in ${append_files}; do + if [ "${e}" == "${skip_file}" ]; then + append_file="${e}" + break + fi + done + if [ -z "${append_file}" ]; then + echo " " >> "${rules_template}" + fi + done + + echo ' + +' >> "${rules_template}" +fi Property changes on: security/ossec-hids-local-config/scripts/rules.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/scripts/template-to-agent.sh =================================================================== --- security/ossec-hids-local-config/scripts/template-to-agent.sh (nonexistent) +++ security/ossec-hids-local-config/scripts/template-to-agent.sh (working copy) @@ -0,0 +1,33 @@ +#!/bin/sh + +if [ $# -lt 3 ]; then + echo "Too few arguments" + echo "Usage: `basename $0` " + exit 1 +fi + +ossec_type="$1" +ossec_prefix="$2" +ossec_file="$3" + +if [ ! -f "${ossec_file}" ]; then + echo "File \"${ossec_file}\" does not exist" + exit 1 +fi + +ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response" +ossec_syscheck_etc_dirs="${ossec_prefix}/etc" + +replace() { + sed -e 's|||' \ + -e 's|||' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" +} + +extract() { + sed -n '/^$/,/^<\/agent_config>$/p' +} + +replace | extract Property changes on: security/ossec-hids-local-config/scripts/template-to-agent.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-local-config/scripts/template-to-ossec.sh =================================================================== --- security/ossec-hids-local-config/scripts/template-to-ossec.sh (nonexistent) +++ security/ossec-hids-local-config/scripts/template-to-ossec.sh (working copy) @@ -0,0 +1,45 @@ +#!/bin/sh + +if [ $# -lt 3 ]; then + echo "Too few arguments" + echo "Usage: `basename $0` " + exit 1 +fi + +ossec_type="$1" +ossec_prefix="$2" +ossec_file="$3" + +if [ ! -f "${ossec_file}" ]; then + echo "File \"${ossec_file}\" does not exist" + exit 1 +fi + +ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response" +ossec_syscheck_etc_dirs="${ossec_prefix}/etc" +if [ "${ossec_type}" != "agent" ]; then + ossec_syscheck_bin_dirs="${ossec_syscheck_bin_dirs},${ossec_prefix}/agentless" + ossec_syscheck_etc_dirs="${ossec_syscheck_etc_dirs},${ossec_prefix}/rules" +fi + +replace() { + if grep -q "" "${ossec_file}"; then + sed -e 's|||' \ + -e 's|||' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" + else + sed -e 's|||' \ + -e 's|||' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" + fi +} + +extract() { + sed -n '/^$/,/^<\/ossec_config>$/p' +} + +replace | extract Property changes on: security/ossec-hids-local-config/scripts/template-to-ossec.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: security/ossec-hids-server/Makefile =================================================================== --- security/ossec-hids-server/Makefile (revision 484108) +++ security/ossec-hids-server/Makefile (working copy) @@ -1,148 +1,7 @@ -# Created by: Valerio Daelli # $FreeBSD$ -PORTNAME= ossec-hids -PORTVERSION= 2.8.3 -DISTVERSIONPREFIX= v -PORTREVISION?= 3 -CATEGORIES= security -PKGNAMESUFFIX= -server +OSSEC_TYPE= server -MAINTAINER= dominik.lisiak@bemsoft.pl -COMMENT?= Security tool to monitor and check logs and intrusions +MASTERDIR= ${.CURDIR}/../ossec-hids-local -USE_GITHUB= yes -GH_ACCOUNT= ossec -USE_RC_SUBR= ossec-hids - -CFLAGS+= -ferror-limit=0 - -USES= readline ssl - -.if defined(MAINTAINER_MODE) -UID_FILES+= ../../UIDs -GID_FILES+= ../../GIDs -.endif -USERS= ossec ossecm ossecr -GROUPS= ossec - -.if !defined(CLIENT_ONLY) -OPTIONS_DEFINE= MYSQL PGSQL - -MYSQL_VARS= WITH_DB=yes -MYSQL_USE= MYSQL=client -MYSQL_PORTDOCS= mysql.schema - -PGSQL_VARS= WITH_DB=yes -PGSQL_USES= pgsql -PGSQL_PORTDOCS= postgresql.schema - -RUN_DEPENDS= expect:lang/expect - -USES+= shebangfix -SHEBANG_LANG= expect -expect_OLD_CMD= "/usr/bin/env expect" -expect_CMD= ${LOCALBASE}/bin/expect -SHEBANG_FILES= src/agentlessd/scripts/main.exp \ - src/agentlessd/scripts/ssh.exp \ - src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ - src/agentlessd/scripts/ssh_foundry_diff \ - src/agentlessd/scripts/ssh_generic_diff \ - src/agentlessd/scripts/ssh_integrity_check_bsd \ - src/agentlessd/scripts/ssh_integrity_check_linux \ - src/agentlessd/scripts/ssh_nopass.exp \ - src/agentlessd/scripts/ssh_pixconfig_diff \ - src/agentlessd/scripts/sshlogin.exp \ - src/agentlessd/scripts/su.exp -.endif -OPTIONS_DEFINE+= DOCS - -SUB_LIST= PORTNAME=${PORTNAME} -SUB_FILES= pkg-message -PLIST_SUB= PORTNAME=${PORTNAME} -DOCSFILES= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE -PORTDOCS= ${DOCSFILES} - -BROKEN_aarch64= Fails to compile: error: use of undeclared identifier __LDPGSZ - -.include - -STRIP_FILES= ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update -.if defined(CLIENT_ONLY) -SUB_LIST+= PRECMD=: -PKGNAMESUFFIX= -client -CONFLICTS_INSTALL= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]* -STRIP_FILES= agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd -.elif defined(LOCAL_ONLY) -SUB_LIST+= PRECMD=ossechids_start_precmd -PKGNAMESUFFIX= -local -CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]* -.else -SUB_LIST+= PRECMD=ossechids_start_precmd -CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]* -.endif - -post-patch: - @${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h - @${ECHO} "DIR=\"${STAGEDIR}${PREFIX}/${PORTNAME}\"" > ${WRKSRC}/src/LOCATION - @${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \ - -e 's|-lreadline|& ${LDFLAGS}|' \ - ${WRKSRC}/src/external/lua-5.2.3/src/Makefile - @${REINPLACE_CMD} -e 's|OPENSSLCMD=|OPENSSLCMD=-L${OPENSSLLIB} |' \ - ${WRKSRC}/src/Makeall - -do-build: -.if defined(WITH_DB) -.if defined(CLIENT_ONLY) - @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build -.elif defined(LOCAL_ONLY) - @cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} setdb;${MAKE} all;${MAKE} build -.else - @cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build -.endif -.else -.if defined(CLIENT_ONLY) - @cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build; \ - ${MAKE} unsetdb -.elif defined(LOCAL_ONLY) - @cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build; \ - ${MAKE} unsetdb -.else - @cd ${WRKSRC}/src;${MAKE} all;${MAKE} build;${MAKE} unsetdb -.endif -.endif - -do-install: -.if defined(CLIENT_ONLY) - @cd ${WRKSRC}/src; ${MAKE} agent -.elif defined(LOCAL_ONLY) - @cd ${WRKSRC}/src; ${MAKE} local -.else - @cd ${WRKSRC}/src; ${MAKE} server -.endif - @${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/etc -.for file in ${STRIP_FILES} - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/ossec-hids/bin/${file} -.endfor - -.if defined(CLIENT_ONLY) - @${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample -.elif defined(LOCAL_ONLY) - ${CP} ${WRKSRC}/etc/ossec-local.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample -.else - ${CP} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample -.endif - -post-install-DOCS-on: - @${MKDIR} ${STAGEDIR}${DOCSDIR} - @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} - -post-install-MYSQL-on: - @${MKDIR} ${STAGEDIR}${DOCSDIR} - @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR} - -post-install-PGSQL-on: - @${MKDIR} ${STAGEDIR}${DOCSDIR} - @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR} - -.include +.include "${MASTERDIR}/Makefile" Index: security/ossec-hids-server/distinfo =================================================================== --- security/ossec-hids-server/distinfo (revision 484108) +++ security/ossec-hids-server/distinfo (nonexistent) @@ -1,2 +0,0 @@ -SHA256 (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd -SIZE (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 1642095 Property changes on: security/ossec-hids-server/distinfo ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/ossec-hids.in =================================================================== --- security/ossec-hids-server/files/ossec-hids.in (revision 484108) +++ security/ossec-hids-server/files/ossec-hids.in (nonexistent) @@ -1,65 +0,0 @@ -#!/bin/sh -# -# PROVIDE: ossechids -# REQUIRE: DAEMON -# BEFORE: LOGIN -# KEYWORD: shutdown - -. /etc/rc.subr - -name="ossechids" -rcvar=ossechids_enable - -load_rc_config $name - -: ${ossechids_enable="NO"} -: ${ossechids_user="ossec"} -: ${ossechids_group="ossec"} - -start_precmd=%%PRECMD%% -start_cmd="ossechids_command start" -stop_cmd="ossechids_command stop" -restart_cmd="ossechids_command restart" -status_cmd="ossechids_command status" -reload_cmd="ossechids_command reload" - -command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control" -required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf" -extra_commands="reload" - -fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue -ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue -ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log -active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log - -ossechids_start_precmd() { - # These files are not created by the daemons with the correct - # ownership, so create them here before starting up the system, - # if they don't already exist. This is only done for the "local" and - # "server" installation types. - if [ ! -e ${fts_queue} ]; then - touch ${fts_queue} - chown ${ossechids_user}:${ossechids_group} ${fts_queue} - chmod 640 ${fts_queue} - fi - if [ ! -e ${ig_queue} ]; then - touch ${ig_queue} - chown ${ossechids_user}:${ossechids_group} ${ig_queue} - chmod 640 ${ig_queue} - fi - - # Ensure logfiles are created with the correct ownership and mode - for log in ${ossec_log} ${active_responses_log}; do - if [ ! -e ${log} ]; then - touch ${log} - chown ${ossechids_user}:${ossechids_group} ${log} - chmod 660 ${log} - fi - done -} - -ossechids_command() { - ${command} ${rc_arg} -} - -run_rc_command "$1" Property changes on: security/ossec-hids-server/files/ossec-hids.in ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src__InstallAgent.sh =================================================================== --- security/ossec-hids-server/files/patch-src__InstallAgent.sh (revision 484108) +++ security/ossec-hids-server/files/patch-src__InstallAgent.sh (nonexistent) @@ -1,123 +0,0 @@ ---- src/InstallAgent.sh.orig 2015-10-12 21:21:06 UTC -+++ src/InstallAgent.sh -@@ -37,11 +37,11 @@ fi - - # Creating groups/users - if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then -- grep "^${USER}" /etc/passwd > /dev/null 2>&1 -- if [ ! $? = 0 ]; then -- /usr/sbin/pw groupadd ${GROUP} -- /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} -- fi -+ #grep "^${USER}" /etc/passwd > /dev/null 2>&1 -+ #if [ ! $? = 0 ]; then -+ #/usr/sbin/pw groupadd ${GROUP} -+ #/usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} -+ #fi - - elif [ "$UNAME" = "SunOS" ]; then - grep "^${USER}" /etc/passwd > /dev/null 2>&1 -@@ -106,22 +106,17 @@ for i in ${subdirs}; do - done - - # Default for all directories --chmod -R 550 ${DIR} --chown -R root:${GROUP} ${DIR} -+chmod -R 750 ${DIR} - - # To the ossec queue (default for agentd to read) --chown -R ${USER}:${GROUP} ${DIR}/queue/ossec - chmod -R 770 ${DIR}/queue/ossec - - # For the logging user --chown -R ${USER}:${GROUP} ${DIR}/logs - chmod -R 750 ${DIR}/logs - chmod -R 775 ${DIR}/queue/rids - touch ${DIR}/logs/ossec.log --chown ${USER}:${GROUP} ${DIR}/logs/ossec.log - chmod 664 ${DIR}/logs/ossec.log - --chown -R ${USER}:${GROUP} ${DIR}/queue/diff - chmod -R 750 ${DIR}/queue/diff - chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 - -@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp - - - # For the etc dir --chmod 550 ${DIR}/etc --chown -R root:${GROUP} ${DIR}/etc -+chmod 750 ${DIR}/etc - - ls /etc/localtime > /dev/null 2>&1 - if [ $? = 0 ]; then -@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then - mkdir -p ${DIR}/usr/share/lib/zoneinfo/ - chmod -R 555 ${DIR}/usr/ - cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ -- chown -R root:${GROUP} ${DIR}/usr/ - fi - - ls /etc/TIMEZONE > /dev/null 2>&1 - if [ $? = 0 ]; then - cp -p /etc/TIMEZONE ${DIR}/etc/; -- chown root:${GROUP} ${DIR}/etc/TIMEZONE - chmod 555 ${DIR}/etc/TIMEZONE - fi - -@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con - cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 - cp -pr agentlessd/scripts/* ${DIR}/agentless/ - --chown root:${GROUP} ${DIR}/etc/internal_options.conf --chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 --chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 --chown root:${GROUP} ${DIR}/agentless/* --chown ${USER}:${GROUP} ${DIR}/.ssh --chown -R root:${GROUP} ${DIR}/etc/shared -- --chmod 550 ${DIR}/etc -+chmod 750 ${DIR}/etc - chmod 440 ${DIR}/etc/internal_options.conf - chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 - chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 - chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it --chmod 550 ${DIR}/agentless/* -+chmod 750 ${DIR}/agentless/* - chmod 700 ${DIR}/.ssh - - - # For the /var/run - chmod 770 ${DIR}/var/run --chown root:${GROUP} ${DIR}/var/run - - - # Moving the binary files -@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin - cp -pr ../contrib/util.sh ${DIR}/bin/ - cp -pr external/lua/src/ossec-lua ${DIR}/bin/ - cp -pr external/lua/src/ossec-luac ${DIR}/bin/ --chown root:${GROUP} ${DIR}/bin/util.sh - chmod +x ${DIR}/bin/util.sh - - # Copying active response modules -@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul - cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ - cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ - chmod 755 ${DIR}/active-response/bin/* --chown root:${GROUP} ${DIR}/active-response/bin/* - --chown root:${GROUP} ${DIR}/bin/* --chmod 550 ${DIR}/bin/* -+chmod 750 ${DIR}/bin/* - - - # Moving the config file -@@ -229,7 +210,6 @@ if [ $? = 0 ]; then - else - cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf - fi --chown root:${GROUP} ${DIR}/etc/ossec.conf - chmod 440 ${DIR}/etc/ossec.conf - - Property changes on: security/ossec-hids-server/files/patch-src__InstallAgent.sh ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src__InstallServer.sh =================================================================== --- security/ossec-hids-server/files/patch-src__InstallServer.sh (revision 484108) +++ security/ossec-hids-server/files/patch-src__InstallServer.sh (nonexistent) @@ -1,208 +0,0 @@ ---- src/InstallServer.sh.orig 2015-10-12 21:21:06 UTC -+++ src/InstallServer.sh -@@ -44,13 +44,13 @@ fi - - # Creating groups/users - if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then -- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -- if [ ! $? = 0 ]; then -- /usr/sbin/pw groupadd ${GROUP} -- /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} -- /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP} -- /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP} -- fi -+# grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -+# if [ ! $? = 0 ]; then -+# /usr/sbin/pw groupadd ${GROUP} -+# /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} -+# /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP} -+# /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP} -+# fi - - elif [ "$UNAME" = "SunOS" ]; then - grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -@@ -121,66 +121,49 @@ for i in ${subdirs}; do - done - - # Default for all directories --chmod 550 ${DIR} --chmod 550 ${DIR}/* --chown root:${GROUP} ${DIR} --chown root:${GROUP} ${DIR}/* -+chmod 750 ${DIR} -+chmod 750 ${DIR}/* - - # AnalysisD needs to write to alerts: log, mail and cmds --chown -R ${USER}:${GROUP} ${DIR}/queue/alerts - chmod -R 770 ${DIR}/queue/alerts - - # To the ossec queue (default for analysisd to read) --chown -R ${USER}:${GROUP} ${DIR}/queue/ossec - chmod -R 770 ${DIR}/queue/ossec - - # To the ossec fts queue --chown -R ${USER}:${GROUP} ${DIR}/queue/fts - chmod -R 750 ${DIR}/queue/fts - chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1 - - # To the ossec syscheck/rootcheck queue --chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck - chmod -R 750 ${DIR}/queue/syscheck - chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 - --chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck - chmod -R 750 ${DIR}/queue/rootcheck - chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 - --chown ${USER}:${GROUP} ${DIR}/queue/diff --chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1 - chmod 750 ${DIR}/queue/diff - chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 - --chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info - chmod -R 750 ${DIR}/queue/agent-info - chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1 --chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids - chmod -R 750 ${DIR}/queue/rids - chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1 - --chown -R ${USER}:${GROUP} ${DIR}/queue/agentless - chmod -R 750 ${DIR}/queue/agentless - chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 - --chown -R root:${GROUP} ${DIR}/tmp --chmod 1550 ${DIR}/tmp -+chmod 1750 ${DIR}/tmp - - - # For the stats directory --chown -R ${USER}:${GROUP} ${DIR}/stats - chmod -R 750 ${DIR}/stats - - # For the logging user --chown -R ${USER}:${GROUP} ${DIR}/logs - chmod -R 750 ${DIR}/logs - touch ${DIR}/logs/ossec.log --chown ${USER}:${GROUP} ${DIR}/logs/ossec.log - chmod 660 ${DIR}/logs/ossec.log - - touch ${DIR}/logs/active-responses.log --chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log - chmod 660 ${DIR}/logs/active-responses.log - - # For the rules directory -@@ -198,7 +181,7 @@ if [ $? = 0 ]; then - fi - fi - --cp -pr ../etc/rules/* ${DIR}/rules/ -+cp -pr ../etc/rules/*.xml ${DIR}/rules/ - find ${DIR}/rules/ -type f -exec chmod 440 {} \; - - # If the local_rules is saved, moved it back -@@ -207,37 +190,33 @@ if [ $? = 0 ]; then - mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml - fi - --chown -R root:${GROUP} ${DIR}/rules --chmod -R 550 ${DIR}/rules -+chmod -R 750 ${DIR}/rules - - - # For the etc dir --chmod 550 ${DIR}/etc --chown -R root:${GROUP} ${DIR}/etc -+chmod 750 ${DIR}/etc - ls /etc/localtime > /dev/null 2>&1 - if [ $? = 0 ]; then - cp -pL /etc/localtime ${DIR}/etc/; - chmod 440 ${DIR}/etc/localtime -- chown root:${GROUP} ${DIR}/etc/localtime - fi - - # Solaris Needs some extra files - if [ "$UNAME" = "SunOS" ]; then - mkdir -p ${DIR}/usr/share/lib/zoneinfo/ -- chmod -R 550 ${DIR}/usr/ -+ chmod -R 750 ${DIR}/usr/ - cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ - fi - - ls /etc/TIMEZONE > /dev/null 2>&1 - if [ $? = 0 ]; then - cp -p /etc/TIMEZONE ${DIR}/etc/; -- chmod 550 ${DIR}/etc/TIMEZONE -+ chmod 750 ${DIR}/etc/TIMEZONE - fi - - - # For the /var/run - chmod 770 ${DIR}/var/run --chown root:${GROUP} ${DIR}/var/run - - # Moving the binary files - cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ -@@ -260,7 +239,6 @@ cp -pr util/rootcheck_control ${DIR}/bin - cp -pr external/lua/src/ossec-lua ${DIR}/bin/ - cp -pr external/lua/src/ossec-luac ${DIR}/bin/ - cp -pr ../contrib/util.sh ${DIR}/bin/ --chown root:${GROUP} ${DIR}/bin/util.sh - chmod +x ${DIR}/bin/util.sh - - # Local install chosen -@@ -290,23 +268,15 @@ fi - - cp -pr ../etc/internal_options.conf ${DIR}/etc/ - cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/ --chown root:${GROUP} ${DIR}/etc/decoder.xml --chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 --chown root:${GROUP} ${DIR}/etc/internal_options.conf --chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 --chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 --chown root:${GROUP} ${DIR}/etc/shared/* --chown root:${GROUP} ${DIR}/agentless/* --chown ${USER}:${GROUP} ${DIR}/.ssh - chmod 440 ${DIR}/etc/decoder.xml - chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 - chmod 440 ${DIR}/etc/internal_options.conf - chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 - chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 --chmod 550 ${DIR}/etc -+chmod 750 ${DIR}/etc - chmod 770 ${DIR}/etc/shared - chmod 440 ${DIR}/etc/shared/* --chmod 550 ${DIR}/agentless/* -+chmod 750 ${DIR}/agentless/* - rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 - chmod 700 ${DIR}/.ssh - -@@ -316,11 +286,9 @@ sh ./init/fw-check.sh execute > /dev/nul - cp -p ../active-response/*.sh ${DIR}/active-response/bin/ - cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ - --chmod 550 ${DIR}/active-response/bin/* --chown root:${GROUP} ${DIR}/active-response/bin/* -+chmod 750 ${DIR}/active-response/bin/* - --chown root:${GROUP} ${DIR}/bin/* --chmod 550 ${DIR}/bin/* -+chmod 750 ${DIR}/bin/* - - - # Moving the config file -@@ -331,12 +299,11 @@ fi - - ls ../etc/ossec.mc > /dev/null 2>&1 - if [ $? = 0 ]; then -- cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf -+ cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf.sample - else -- cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf -+ cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf.sample - fi --chown root:${GROUP} ${DIR}/etc/ossec.conf --chmod 440 ${DIR}/etc/ossec.conf -+chmod 640 ${DIR}/etc/ossec.conf.sample - - - Property changes on: security/ossec-hids-server/files/patch-src__InstallServer.sh ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src__LOCATION =================================================================== --- security/ossec-hids-server/files/patch-src__LOCATION (revision 484108) +++ security/ossec-hids-server/files/patch-src__LOCATION (nonexistent) @@ -1,5 +0,0 @@ ---- src/LOCATION.orig 2015-10-12 21:21:06 UTC -+++ src/LOCATION -@@ -1 +1 @@ --DIR="/var/ossec" -+DIR="/usr/ports/security/ossec-hids-server/work/stage/usr/local/ossec-hids" Property changes on: security/ossec-hids-server/files/patch-src__LOCATION ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src__headers__defs.h =================================================================== --- security/ossec-hids-server/files/patch-src__headers__defs.h (revision 484108) +++ security/ossec-hids-server/files/patch-src__headers__defs.h (nonexistent) @@ -1,11 +0,0 @@ ---- src/headers/defs.h.orig 2015-10-12 21:21:06 UTC -+++ src/headers/defs.h -@@ -98,7 +98,7 @@ http://www.ossec.net/main/license/\n" - #endif - - #ifndef DEFAULTDIR -- #define DEFAULTDIR "/var/ossec" -+ #define DEFAULTDIR "/usr/local/ossec-hids" - #endif - - Property changes on: security/ossec-hids-server/files/patch-src__headers__defs.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema =================================================================== --- security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema (revision 484108) +++ security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema (nonexistent) @@ -1,11 +0,0 @@ ---- src/os_dbd/mysql.schema.orig 2015-10-12 21:21:06 UTC -+++ src/os_dbd/mysql.schema -@@ -45,7 +45,7 @@ CREATE TABLE server - last_contact INT UNSIGNED NOT NULL, - version VARCHAR(32) NOT NULL, - hostname VARCHAR(64) NOT NULL UNIQUE, -- information VARCHAR(128) NOT NULL, -+ information TEXT NOT NULL, - PRIMARY KEY (id) - ); - Property changes on: security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema =================================================================== --- security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema (revision 484108) +++ security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema (nonexistent) @@ -1,11 +0,0 @@ ---- src/os_dbd/postgresql.schema.orig 2015-10-12 21:21:06 UTC -+++ src/os_dbd/postgresql.schema -@@ -47,7 +47,7 @@ CREATE TABLE server - last_contact INT8 NOT NULL, - version VARCHAR(32) NOT NULL, - hostname VARCHAR(64) NOT NULL UNIQUE, -- information VARCHAR(128) NOT NULL, -+ information TEXT NOT NULL, - PRIMARY KEY (id) - ); - Property changes on: security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/files/pkg-message.in =================================================================== --- security/ossec-hids-server/files/pkg-message.in (revision 484108) +++ security/ossec-hids-server/files/pkg-message.in (nonexistent) @@ -1,21 +0,0 @@ -After installation, you need to edit the ossec.conf file to reflect -the correct settings for your environment. All the files related -to %%PORTNAME%% have been installed in %%PREFIX%%/%%PORTNAME%% and -its subdirectories. - -For information on proper configuration, see http://www.ossec.net/. - -To enable the startup script, add ossechids_enable="YES" to -/etc/rc.conf. To enable database output, execute: - -%%PREFIX%%/%%PORTNAME%%/bin/ossec-control enable database - -Then check this documentation: - -http://www.ossec.net/doc/manual/output/database-output.html - -When you deinstall this port after starting the daemons once, many -directories that are created by the daemons will remain. To fully -remove the port you need to delete those directories manually. To -further enhance the security on your system, you may also enable -some checks in PAM for a fast reaction against intrusions. Property changes on: security/ossec-hids-server/files/pkg-message.in ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/pkg-descr =================================================================== --- security/ossec-hids-server/pkg-descr (revision 484108) +++ security/ossec-hids-server/pkg-descr (nonexistent) @@ -1,6 +0,0 @@ -OSSEC is an Open Source Host-based Intrusion Detection System. -It performs log analysis, integrity checking, Windows registry -monitoring, rootkit detection, time-based alerting and active -response. - -WWW: http://www.ossec.net/ Property changes on: security/ossec-hids-server/pkg-descr ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server/pkg-plist =================================================================== --- security/ossec-hids-server/pkg-plist (revision 484108) +++ security/ossec-hids-server/pkg-plist (nonexistent) @@ -1,168 +0,0 @@ -%%PORTNAME%%/active-response/bin/disable-account.sh -%%PORTNAME%%/active-response/bin/firewall-drop.sh -%%PORTNAME%%/active-response/bin/host-deny.sh -%%PORTNAME%%/active-response/bin/ip-customblock.sh -%%PORTNAME%%/active-response/bin/ipfw_mac.sh -%%PORTNAME%%/active-response/bin/ipfw.sh -%%PORTNAME%%/active-response/bin/ossec-tweeter.sh -%%PORTNAME%%/active-response/bin/pf.sh -%%PORTNAME%%/active-response/bin/restart-ossec.sh -%%PORTNAME%%/active-response/bin/route-null.sh -%%PORTNAME%%/bin/agent_control -%%PORTNAME%%/bin/clear_stats -%%PORTNAME%%/bin/list_agents -%%PORTNAME%%/bin/manage_agents -%%PORTNAME%%/bin/ossec-agentlessd -%%PORTNAME%%/bin/ossec-analysisd -%%PORTNAME%%/bin/ossec-authd -%%PORTNAME%%/bin/ossec-control -%%PORTNAME%%/bin/ossec-csyslogd -%%PORTNAME%%/bin/ossec-dbd -%%PORTNAME%%/bin/ossec-execd -%%PORTNAME%%/bin/ossec-logcollector -%%PORTNAME%%/bin/ossec-logtest -%%PORTNAME%%/bin/ossec-lua -%%PORTNAME%%/bin/ossec-luac -%%PORTNAME%%/bin/ossec-maild -%%PORTNAME%%/bin/ossec-makelists -%%PORTNAME%%/bin/ossec-monitord -%%PORTNAME%%/bin/ossec-regex -%%PORTNAME%%/bin/ossec-remoted -%%PORTNAME%%/bin/ossec-reportd -%%PORTNAME%%/bin/ossec-syscheckd -%%PORTNAME%%/bin/rootcheck_control -%%PORTNAME%%/bin/syscheck_control -%%PORTNAME%%/bin/syscheck_update -%%PORTNAME%%/bin/util.sh -%%PORTNAME%%/bin/verify-agent-conf -@group ossec -%%PORTNAME%%/etc/decoder.xml -%%PORTNAME%%/etc/internal_options.conf -@sample %%PORTNAME%%/etc/ossec.conf.sample -%%PORTNAME%%/etc/shared/rootkit_files.txt -%%PORTNAME%%/etc/shared/rootkit_trojans.txt -%%PORTNAME%%/etc/shared/system_audit_rcl.txt -%%PORTNAME%%/etc/shared/win_applications_rcl.txt -%%PORTNAME%%/etc/shared/win_audit_rcl.txt -%%PORTNAME%%/etc/shared/win_malware_rcl.txt -%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt -%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt -%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt -@owner -@group -@mode -%%PORTNAME%%/rules/apache_rules.xml -%%PORTNAME%%/rules/arpwatch_rules.xml -%%PORTNAME%%/rules/asterisk_rules.xml -%%PORTNAME%%/rules/attack_rules.xml -%%PORTNAME%%/rules/cimserver_rules.xml -%%PORTNAME%%/rules/cisco-ios_rules.xml -%%PORTNAME%%/rules/clam_av_rules.xml -%%PORTNAME%%/rules/courier_rules.xml -%%PORTNAME%%/rules/dovecot_rules.xml -%%PORTNAME%%/rules/dropbear_rules.xml -%%PORTNAME%%/rules/firewall_rules.xml -%%PORTNAME%%/rules/ftpd_rules.xml -%%PORTNAME%%/rules/hordeimp_rules.xml -%%PORTNAME%%/rules/ids_rules.xml -%%PORTNAME%%/rules/imapd_rules.xml -%%PORTNAME%%/rules/local_rules.xml -%%PORTNAME%%/rules/mailscanner_rules.xml -%%PORTNAME%%/rules/mcafee_av_rules.xml -%%PORTNAME%%/rules/ms-exchange_rules.xml -%%PORTNAME%%/rules/ms-se_rules.xml -%%PORTNAME%%/rules/ms_dhcp_rules.xml -%%PORTNAME%%/rules/ms_ftpd_rules.xml -%%PORTNAME%%/rules/msauth_rules.xml -%%PORTNAME%%/rules/mysql_rules.xml -%%PORTNAME%%/rules/named_rules.xml -%%PORTNAME%%/rules/netscreenfw_rules.xml -%%PORTNAME%%/rules/nginx_rules.xml -%%PORTNAME%%/rules/openbsd_rules.xml -%%PORTNAME%%/rules/ossec_rules.xml -%%PORTNAME%%/rules/pam_rules.xml -%%PORTNAME%%/rules/php_rules.xml -%%PORTNAME%%/rules/pix_rules.xml -%%PORTNAME%%/rules/policy_rules.xml -%%PORTNAME%%/rules/postfix_rules.xml -%%PORTNAME%%/rules/postgresql_rules.xml -%%PORTNAME%%/rules/proftpd_rules.xml -%%PORTNAME%%/rules/pure-ftpd_rules.xml -%%PORTNAME%%/rules/racoon_rules.xml -%%PORTNAME%%/rules/roundcube_rules.xml -%%PORTNAME%%/rules/rules_config.xml -%%PORTNAME%%/rules/sendmail_rules.xml -%%PORTNAME%%/rules/smbd_rules.xml -%%PORTNAME%%/rules/solaris_bsm_rules.xml -%%PORTNAME%%/rules/sonicwall_rules.xml -%%PORTNAME%%/rules/spamd_rules.xml -%%PORTNAME%%/rules/squid_rules.xml -%%PORTNAME%%/rules/sshd_rules.xml -%%PORTNAME%%/rules/symantec-av_rules.xml -%%PORTNAME%%/rules/symantec-ws_rules.xml -%%PORTNAME%%/rules/syslog_rules.xml -%%PORTNAME%%/rules/telnetd_rules.xml -%%PORTNAME%%/rules/trend-osce_rules.xml -%%PORTNAME%%/rules/vmpop3d_rules.xml -%%PORTNAME%%/rules/vmware_rules.xml -%%PORTNAME%%/rules/vpn_concentrator_rules.xml -%%PORTNAME%%/rules/vpopmail_rules.xml -%%PORTNAME%%/rules/vsftpd_rules.xml -%%PORTNAME%%/rules/web_appsec_rules.xml -%%PORTNAME%%/rules/web_rules.xml -%%PORTNAME%%/rules/wordpress_rules.xml -%%PORTNAME%%/rules/zeus_rules.xml -@owner root -@group ossec -%%PORTNAME%%/agentless/main.exp -%%PORTNAME%%/agentless/register_host.sh -%%PORTNAME%%/agentless/ssh.exp -%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff -%%PORTNAME%%/agentless/ssh_foundry_diff -%%PORTNAME%%/agentless/ssh_generic_diff -%%PORTNAME%%/agentless/ssh_integrity_check_bsd -%%PORTNAME%%/agentless/ssh_integrity_check_linux -%%PORTNAME%%/agentless/ssh_nopass.exp -%%PORTNAME%%/agentless/ssh_pixconfig_diff -%%PORTNAME%%/agentless/sshlogin.exp -%%PORTNAME%%/agentless/su.exp -@(ossec,,) %%PORTNAME%%/logs/active-responses.log -@(ossec,,) %%PORTNAME%%/logs/ossec.log -@mode 550 -@dir %%PORTNAME%%/.ssh -@dir %%PORTNAME%%/active-response/bin -@dir %%PORTNAME%%/active-response -@dir %%PORTNAME%%/agentless -@dir %%PORTNAME%%/bin -@dir %%PORTNAME%%/etc/shared -@dir %%PORTNAME%%/etc -@dir %%PORTNAME%%/queue/rootcheck -@dir %%PORTNAME%%/rules -@dir %%PORTNAME%%/tmp -@mode 770 -@dir %%PORTNAME%%/var/run -@mode 550 -@dir %%PORTNAME%%/var -@owner ossec -@mode 770 -@dir %%PORTNAME%%/queue/alerts -@dir %%PORTNAME%%/queue/ossec -@mode 750 -@dir %%PORTNAME%%/queue/fts -@dir %%PORTNAME%%/queue/syscheck -@dir %%PORTNAME%%/queue/diff -@dir %%PORTNAME%%/queue/agentless -@dir %%PORTNAME%%/stats -@dir %%PORTNAME%%/logs/alerts -@dir %%PORTNAME%%/logs/archives -@dir %%PORTNAME%%/logs/firewall -@dir %%PORTNAME%%/logs -@owner ossecr -@dir %%PORTNAME%%/queue/agent-info -@dir %%PORTNAME%%/queue/rids -@owner ossec -@mode 550 -@dir %%PORTNAME%%/queue -@owner root -@mode 550 -@dir %%PORTNAME%% Property changes on: security/ossec-hids-server/pkg-plist ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: security/ossec-hids-server-config/Makefile =================================================================== --- security/ossec-hids-server-config/Makefile (nonexistent) +++ security/ossec-hids-server-config/Makefile (working copy) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +OSSEC_TYPE= server + +MASTERDIR= ${.CURDIR}/../ossec-hids-local-config + +.include "${MASTERDIR}/Makefile" Property changes on: security/ossec-hids-server-config/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property