Bug 174956
| Summary: | security/sguil-client, port update | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | pauls | ||||
| Component: | Individual Port(s) | Assignee: | freebsd-ports-bugs (Nobody) <ports-bugs> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
pauls
2013-01-03 21:40:02 UTC
Author: miwi Date: Mon Feb 18 00:56:47 2013 New Revision: 312466 URL: http://svnweb.freebsd.org/changeset/ports/312466 Log: - Update to 0.8.0 - Trim header - Convert to OPTIONSng PR: 174956 Submitted by: maintainer Added: head/security/sguil-sensor/files/patch-ossec_agent.tcl (contents, props changed) head/security/sguil-sensor/files/patch-pads_agent.tcl (contents, props changed) head/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl (contents, props changed) head/security/sguil-sensor/files/patch-pcap_agent.tcl (contents, props changed) head/security/sguil-sensor/files/patch-sancp_agent.tcl (contents, props changed) head/security/sguil-sensor/files/patch-snort_agent.tcl (contents, props changed) head/security/sguil-sensor/files/pcap_agent-sancp.in (contents, props changed) Deleted: head/security/sguil-sensor/files/log_packets.conf head/security/sguil-sensor/files/patch-log_packets.sh Modified: head/security/sguil-sensor/Makefile (contents, props changed) head/security/sguil-sensor/distinfo (contents, props changed) head/security/sguil-sensor/files/pads_agent.in (contents, props changed) head/security/sguil-sensor/files/pcap_agent.in (contents, props changed) head/security/sguil-sensor/files/pkg-message.in (contents, props changed) head/security/sguil-sensor/files/sancp_agent.in (contents, props changed) head/security/sguil-sensor/files/snort_agent.in (contents, props changed) head/security/sguil-sensor/pkg-descr (contents, props changed) head/security/sguil-sensor/pkg-plist (contents, props changed) Modified: head/security/sguil-sensor/Makefile ============================================================================== --- head/security/sguil-sensor/Makefile Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/Makefile Mon Feb 18 00:56:47 2013 (r312466) @@ -1,13 +1,8 @@ -# New ports collection makefile for: sguil-sensor -# Date created: 23 Mar 2006 -# Whom: Paul Schmehl <pauls@utdallas.edu> -# +# Created by: Paul Schmehl <pauls@utdallas.edu> # $FreeBSD$ -# PORTNAME= sguil-sensor -PORTVERSION= 0.7.0 -PORTREVISION= 3 +PORTVERSION= 0.8.0 CATEGORIES= security MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} @@ -15,104 +10,108 @@ MAINTAINER= pauls@utdallas.edu COMMENT= Sguil is a network security monitoring program LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls -RUN_DEPENDS= snort:${PORTSDIR}/security/snort \ - barnyard2:${PORTSDIR}/security/barnyard2 \ +RUN_DEPENDS= barnyard2:${PORTSDIR}/security/barnyard2-sguil \ ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX -OPTIONS= SANCP "Include sancp sensor" off \ - PADS "Include pads sensor" off +OPTIONS_DEFINE= PADS SANCP +PADS_DESC= Include pads sensor +SANCP_DESC= Include sancp sensor + +LICENSE_NAME= QPLv1.0 +LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL +LICENSE_PERMS= auto-accept NO_BUILD= yes -USE_RC_SUBR= example_agent pcap_agent snort_agent -TCLSH_CMD?= tclsh8.4 +USE_RC_SUBR= pcap_agent snort_agent +TCL_VER= 8.5 +TCLSH= tclsh${TCL_VER} WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} -SUB_LIST= SGUILDIR=${SGUILDIR} +PATCH_WRKSRC= ${WRKSRC}/sensor +SGUILDIR?= sguil-sensor +SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH} SUB_FILES= pkg-message PLIST_SUB= SGUILDIR=${SGUILDIR} -SGUILDIR?= sguil-sensor -AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl - -PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \ - OPENSSL.README TODO UPGRADE USAGE sguildb.dia - -.include <bsd.port.pre.mk> - +AGENTS= pcap_agent.tcl snort_agent.tcl +CONFS= pcap_agent.conf snort_agent.conf +LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh WITH_PCRE= true -.if defined(WITH_SANCP) +PORTDOCS1= README +PORTDOCS2= README.daemonlogger +PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \ + TODO UPGRADE USAGE sguildb.dia + +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MSANCP} +AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl +CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp -USE_RC_SUBR+= sancp_agent -PLIST_SUB+= USESANCP= +USE_RC_SUBR+= sancp_agent pcap_agent-sancp +PLIST_SUB+= USESANCP="" .else PLIST_SUB+= USESANCP="@comment " .endif -.if defined(WITH_PADS) +.if ${PORT_OPTIONS:MPADS} +AGENTS+= pads_agent.tcl +CONFS+= pads_agent.conf RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads USE_RC_SUBR+= pads_agent -PLIST_SUB+= USEPADS= +PLIST_SUB+= USEPADS="" .else PLIST_SUB+= USEPADS="@comment " .endif post-patch: .for f in ${AGENTS} - @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \ - ${WRKSRC}/sensor/${f} - @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \ + @${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \ ${WRKSRC}/sensor/${f} .endfor do-install: @${MKDIR} ${PREFIX}/bin/${SGUILDIR} @${MKDIR} ${PREFIX}/etc/${SGUILDIR} -.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl + @${MKDIR} ${PREFIX}/share/${SGUILDIR} + @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib + @${MKDIR} ${PREFIX}/share/${SGUILDIR}/init + (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig") + (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init) +.for f in ${AGENTS} ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor -.for f in log_packets.sh +.for f in ${LOG_SCRIPTS} ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ ${PREFIX}/bin/${SGUILDIR}/${f} .endfor -.for f in example_agent.conf pcap_agent.conf snort_agent.conf +.for f in ${CONFS} ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor -.for f in log_packets.conf - ${INSTALL_DATA} ${FILESDIR}/${f} \ - ${PREFIX}/etc/${SGUILDIR}/${f}-sample -.endfor -.if defined(WITH_SANCP) -.for f in sancp_agent.conf - ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ - ${PREFIX}/etc/${SGUILDIR}/${f}-sample +.if ${PORT_OPTIONS:MSANCP} +.for f in log_packets-sancp.sh + ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ + ${PREFIX}/bin/${SGUILDIR}/${f} .endfor .for f in sancp.conf ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ - ${PREFIX}/etc/${f}-sample -.endfor -.for f in sancp_agent.tcl - ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ - ${PREFIX}/bin/${SGUILDIR}/${f} -.endfor -.endif -.if defined(WITH_PADS) -.for f in pads_agent.conf - ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ ${PREFIX}/etc/${SGUILDIR}/${f}-sample .endfor -.for f in pads_agent.tcl - ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \ - ${PREFIX}/bin/${SGUILDIR}/${f} -.endfor .endif post-install: -.if !defined(NOPORTDOCS) +.if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${DOCSDIR} - cd ${WRKSRC}/doc && ${INSTALL_DATA} \ - ${PORTDOCS} ${DOCSDIR} + cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR} + cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR} + cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR} +.if ${PORT_OPTIONS:MSANCP} +.for f in README.sancp_indexed_pcap + cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR} +.endfor +.endif .endif @${CAT} ${PKGMESSAGE} -.include <bsd.port.post.mk> +.include <bsd.port.mk> Modified: head/security/sguil-sensor/distinfo ============================================================================== --- head/security/sguil-sensor/distinfo Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/distinfo Mon Feb 18 00:56:47 2013 (r312466) @@ -1,2 +1,2 @@ -SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b -SIZE (sguil-sensor-0.7.0.tar.gz) = 68436 +SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5 +SIZE (sguil-sensor-0.8.0.tar.gz) = 142829 Modified: head/security/sguil-sensor/files/pads_agent.in ============================================================================== --- head/security/sguil-sensor/files/pads_agent.in Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/files/pads_agent.in Mon Feb 18 00:56:47 2013 (r312466) @@ -16,19 +16,51 @@ . /etc/rc.subr -load_rc_config pads_agent +name="pads_agent" +rcvar=${name}_enable +load_rc_config ${name} #set defaults -pads_agent_enable=${pads_agent_enable:-"NO"} -pads_agent_conf=${pads_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"} -pads_agent_flags=${pads_agent_flags:-"-D"} +: ${pads_agent_enable:="NO"} +: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"} +: ${pads_agent_flags:="-D -c ${pads_agent_conf}"} -name="pads_agent" -rcvar=pads_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl" -command_args="-c ${pads_agent_conf} ${pads_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/%%TCLSH%%" pidfile="/var/run/${name}.pid" -check_pidfile="${pidfile} ${procname} /bin/sh" + +start_precmd="pads_agent_ck4fifo" +stop_postcmd="pads_agent_rmfifo" + +pads_agent_ck4fifo() +{ + LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` + HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` + PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo + + if [ ! -p ${PADS_FIFO} ]; then + echo "${PADS_FIFO} does not exist. Creating now....." + /usr/bin/mkfifo ${PADS_FIFO} + fi + echo "Checking for ${PADS_FIFO}...." + if [ -p ${PADS_FIFO} ]; then + echo "Confirmed! ${PADS_FIFO} exists." + else + echo "I tried to create ${PADS_FIFO} and failed." + echo "You will need to create it manually before starting ${name}." + fi +} + +pads_agent_rmfifo() +{ + LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` + HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` + PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo + + if [ -p ${PADS_FIFO} ]; then + /bin/rm ${PADS_FIFO} + echo "Removing ${PADS_FIFO}...." + fi +} run_rc_command "$1" Added: head/security/sguil-sensor/files/patch-ossec_agent.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-ossec_agent.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,30 @@ +--- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000 ++++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code + # distributed with sguil. +@@ -593,9 +591,9 @@ + if { ![info exists CONF_FILE] } { + + # No conf file specified check the defaults +- if { [file exists /etc/ossec_agent.conf] } { ++ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } { + +- set CONF_FILE /etc/ossec_agent.conf ++ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf + + } elseif { [file exists ./ossec_agent.conf] } { + +@@ -604,7 +602,7 @@ + } else { + + puts "Couldn't determine where the ossec_agent.tcl config file is" +- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf." + DisplayUsage $argv0 + + } Added: head/security/sguil-sensor/files/patch-pads_agent.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-pads_agent.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,39 @@ +--- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000 ++++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ # + +@@ -332,7 +330,7 @@ + id process group set + if {[fork]} {exit 0} + set PID [id process] +- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" } ++ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" } + set PID_DIR [file dirname $PID_FILE] + if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } { + puts "ERROR: Directory $PID_DIR does not exists or is not writable." +@@ -380,16 +378,16 @@ + } + } + # Parse the config file here +-# Default location is /etc/pads_agent.conf or pwd ++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd + if { ![info exists CONF_FILE] } { + # No conf file specified check the defaults +- if { [file exists /etc/pads_agent.conf] } { +- set CONF_FILE /etc/pads_agent.conf ++ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } { ++ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf + } elseif { [file exists ./pads_agent.conf] } { + set CONF_FILE ./pads_agent.conf + } else { + puts "Couldn't determine where the sensor_agent.tcl config file is" +- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf." + DisplayUsage $argv0 + } + } Added: head/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,35 @@ +--- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000 ++++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ # + +@@ -754,13 +752,13 @@ + } + + # Parse the config file here +-# Default location is /etc/pcap_agent.conf or pwd ++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd + if { ![info exists CONF_FILE] } { + + # No conf file specified check the defaults +- if { [file exists /etc/pcap_agent.conf] } { ++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { + +- set CONF_FILE /etc/pcap_agent.conf ++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf + + } elseif { [file exists ./pcap_agent.conf] } { + +@@ -769,7 +767,7 @@ + } else { + + puts "Couldn't determine where the pcap_agent.tcl config file is" +- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." + DisplayUsage $argv0 + + } Added: head/security/sguil-sensor/files/patch-pcap_agent.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-pcap_agent.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,35 @@ +--- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000 ++++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ # + +@@ -771,13 +769,13 @@ + } + + # Parse the config file here +-# Default location is /etc/pcap_agent.conf or pwd ++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd + if { ![info exists CONF_FILE] } { + + # No conf file specified check the defaults +- if { [file exists /etc/pcap_agent.conf] } { ++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { + +- set CONF_FILE /etc/pcap_agent.conf ++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf + + } elseif { [file exists ./pcap_agent.conf] } { + +@@ -786,7 +784,7 @@ + } else { + + puts "Couldn't determine where the pcap_agent.tcl config file is" +- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." + DisplayUsage $argv0 + + } Added: head/security/sguil-sensor/files/patch-sancp_agent.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-sancp_agent.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,30 @@ +--- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000 ++++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ # + +@@ -582,16 +580,16 @@ + } + } + # Parse the config file here +-# Default location is /etc/sancp_agent.conf or pwd ++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd + if { ![info exists CONF_FILE] } { + # No conf file specified check the defaults +- if { [file exists /etc/sancp_agent.conf] } { +- set CONF_FILE /etc/sancp_agent.conf ++ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } { ++ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf + } elseif { [file exists ./sancp_agent.conf] } { + set CONF_FILE ./sancp_agent.conf + } else { + puts "Couldn't determine where the sancp_agent.tcl config file is" +- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf." + DisplayUsage $argv0 + } + } Added: head/security/sguil-sensor/files/patch-snort_agent.tcl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/patch-snort_agent.tcl Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,35 @@ +--- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000 ++++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000 +@@ -1,6 +1,4 @@ + #!/bin/sh +-# Run tcl from users PATH \ +-exec tclsh "$0" "$@" + + # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ # + +@@ -680,13 +678,13 @@ + } + + # Parse the config file here +-# Default location is /etc/snort_agent.conf or pwd ++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd + if { ![info exists CONF_FILE] } { + + # No conf file specified check the defaults +- if { [file exists /etc/snort_agent.conf] } { ++ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } { + +- set CONF_FILE /etc/snort_agent.conf ++ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf + + } elseif { [file exists ./snort_agent.conf] } { + +@@ -695,7 +693,7 @@ + } else { + + puts "Couldn't determine where the snort_agent.tcl config file is" +- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf." ++ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf." + DisplayUsage $argv0 + + } Added: head/security/sguil-sensor/files/pcap_agent-sancp.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sguil-sensor/files/pcap_agent-sancp.in Mon Feb 18 00:56:47 2013 (r312466) @@ -0,0 +1,32 @@ +#!/bin/sh + +# $FreeBSD$ + +# PROVIDE: pcap_agent-sancp +# REQUIRE: DAEMON +# KEYWORD: shutdown + +# Add the following line to /etc/rc.conf to enable pcap_agent-sancp: +# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp +# Default: NO +# pcap_agent-sancp_conf (str): Pads_agent configuration file +# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf +# pcap_agent-sancp_flags (str): Default: -D +# + +. /etc/rc.subr + +name="pcap_agent-sancp" +rcvar=pcap_agent-sancp_enable +load_rc_config pcap_agent-sancp + +#set defaults +: ${pcap_agent-sancp_enable:="NO"} +: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"} +: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"} + +command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl" +procname="%%PREFIX%%/bin/%%TCLSH%%" +pidfile="/var/run/${name}.pid" + +run_rc_command "$1" Modified: head/security/sguil-sensor/files/pcap_agent.in ============================================================================== --- head/security/sguil-sensor/files/pcap_agent.in Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/files/pcap_agent.in Mon Feb 18 00:56:47 2013 (r312466) @@ -16,19 +16,17 @@ . /etc/rc.subr +name="pcap_agent" +rcvar=pcap_agent_enable load_rc_config pcap_agent #set defaults -pcap_agent_enable=${pcap_agent_enable:-"NO"} -pcap_agent_conf=${pcap_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"} -pcap_agent_flags=${pcap_agent_flags:-"-D"} +: ${pcap_agent_enable:="NO"} +: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"} +: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"} -name="pcap_agent" -rcvar=pcap_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl" -command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/%%TCLSH%%" pidfile="/var/run/${name}.pid" -check_pidfile="${pidfile} ${procname} /bin/sh" run_rc_command "$1" Modified: head/security/sguil-sensor/files/pkg-message.in ============================================================================== --- head/security/sguil-sensor/files/pkg-message.in Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/files/pkg-message.in Mon Feb 18 00:56:47 2013 (r312466) @@ -2,13 +2,11 @@ * !!!!!!!!!!! WARNING !!!!!!!!!!! * *********************************** -If you already had barnyard installed, this port will NOT deinstall -it and install the barnyard-sguil6 port instead. You will need to -deinstall the barnyard port and install the barnyard-sguil6 port yourself -instead. This port WILL NOT WORK without the barnyard-sguil6 port!! +If you already had barnyard2 installed, this port will NOT deinstall +it and install the barnyard2-sguil port instead. You will need to +deinstall the barnyard2 port and install the barnyard2-sguil port yourself +instead. This port WILL NOT WORK without the barnyard2-sguil port!! -You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%) -to fit your configuration before running the log_packets.sh script. See the %%DOCSDIR%%/INSTALL doc for details on the configuration and for croning the script. @@ -16,13 +14,18 @@ WARNING!!! Sguil et al will fill up you quickly. You should probably configure sguil et al to log to another partition/location (e.g. /nsm/tmp/). -You must ALSO edit all of the sensor conf fileis (located in +You must ALSO edit all of the sensor conf files (located in %%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before starting the sensor_agents. +A number of ancilliary things have been installed in +%%PREFIX%%/share/%%SGUILDIR%%. + If you chose to run sancp, and you already had a sancp.conf file in %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one. -The new sancp.conf-sample file contains the settings for squil. -If you still want to maintain the customized sancp.conf file, then copy -the new sancp.conf-sample file to sguild-sancp.conf (for example) and -add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. +The new sancp.conf-sample file contains the settings for squil. NOTE: +the conf file is for sancp 1.5.3. It may need additional edits to work +with the current ports version of sancp. If you still want to maintain +the customized sancp.conf file, then copy the new sancp.conf-sample +file to sguild-sancp.conf (for example) and add +sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. Modified: head/security/sguil-sensor/files/sancp_agent.in ============================================================================== --- head/security/sguil-sensor/files/sancp_agent.in Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/files/sancp_agent.in Mon Feb 18 00:56:47 2013 (r312466) @@ -16,19 +16,17 @@ . /etc/rc.subr +name="sancp_agent" +rcvar=sancp_agent_enable load_rc_config sancp_agent #set defaults -sancp_agent_enable=${sancp_agent_enable:-"NO"} -sancp_agent_conf=${sancp_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"} -sancp_agent_flags=${sancp_agent_flags:-"-D"} +: ${sancp_agent_enable:="NO"} +: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"} +: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"} -name="sancp_agent" -rcvar=sancp_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl" -command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/%%TCLSH%%" pidfile="/var/run/${name}.pid" -check_pidfile="${pidfile} ${procname} /bin/sh" run_rc_command "$1" Modified: head/security/sguil-sensor/files/snort_agent.in ============================================================================== --- head/security/sguil-sensor/files/snort_agent.in Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/files/snort_agent.in Mon Feb 18 00:56:47 2013 (r312466) @@ -16,19 +16,17 @@ . /etc/rc.subr +name="snort_agent" +rcvar=snort_agent_enable load_rc_config snort_agent #set defaults -snort_agent_enable=${snort_agent_enable:-"NO"} -snort_agent_conf=${snort_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"} -snort_agent_flags=${snort_agent_flags:-"-D"} +: ${snort_agent_enable:="NO"} +: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"} +: ${snort_agent_flags:="-D -c ${snort_agent_conf}"} -name="snort_agent" -rcvar=snort_agent_enable command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl" -command_args="-c ${snort_agent_conf} ${snort_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" +procname="%%PREFIX%%/bin/%%TCLSH%%" pidfile="/var/run/${name}.pid" -check_pidfile="${pidfile} ${procname} /bin/sh" run_rc_command "$1" Modified: head/security/sguil-sensor/pkg-descr ============================================================================== --- head/security/sguil-sensor/pkg-descr Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/pkg-descr Mon Feb 18 00:56:47 2013 (r312466) @@ -4,7 +4,7 @@ The actual interface and GUI server are (www.tcl.tk). Sguil also relies on other open source software in order to function properly. -The sensor list includes security/barnyard, security/snort, +The sensor list includes security/barnyard2-sguil, security/snort, security/sancp, net-mgmt/pads, tcpdump (a part of the OS) and devel/tcltls as well as lang/tcl84 and lang/tclX. Care has been taken to ensure that everything you need to build @@ -15,4 +15,3 @@ Sguil currently functions as an analysis rule management capabilities. WWW: http://sguil.sourceforge.net/index.php -pauls@utdallas.edu Modified: head/security/sguil-sensor/pkg-plist ============================================================================== --- head/security/sguil-sensor/pkg-plist Mon Feb 18 00:54:18 2013 (r312465) +++ head/security/sguil-sensor/pkg-plist Mon Feb 18 00:56:47 2013 (r312466) @@ -1,15 +1,41 @@ +bin/%%SGUILDIR%%/log_packets-daemonlogger.sh bin/%%SGUILDIR%%/log_packets.sh -bin/%%SGUILDIR%%/example_agent.tcl bin/%%SGUILDIR%%/pcap_agent.tcl bin/%%SGUILDIR%%/snort_agent.tcl -etc/%%SGUILDIR%%/example_agent.conf-sample etc/%%SGUILDIR%%/pcap_agent.conf-sample etc/%%SGUILDIR%%/snort_agent.conf-sample -etc/%%SGUILDIR%%/log_packets.conf-sample +share/%%SGUILDIR%%/contrib/ossec_agent/README +share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf +share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl +share/%%SGUILDIR%%/contrib/portscan_loader/Makefile +share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c +share/%%SGUILDIR%%/init/sensoragent +%%PORTDOCS%%%%DOCSDIR%%/CHANGES +%%PORTDOCS%%%%DOCSDIR%%/FAQ +%%PORTDOCS%%%%DOCSDIR%%/INSTALL +%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd +%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/TODO +%%PORTDOCS%%%%DOCSDIR%%/UPGRADE +%%PORTDOCS%%%%DOCSDIR%%/USAGE +%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia +%%PORTDOCS%%%%DOCSDIR%%/README.daemonlogger %%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl %%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample -%%USESANCP%%etc/sancp.conf-sample +%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh +%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl %%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl %%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample -@dirrm bin/%%SGUILDIR%% +%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample +%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample +%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample +%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap +@dirrm share/%%SGUILDIR%%/init +@dirrm share/%%SGUILDIR%%/contrib/portscan_loader +@dirrm share/%%SGUILDIR%%/contrib/ossec_agent +@dirrm share/%%SGUILDIR%%/contrib +@dirrm share/%%SGUILDIR%% @dirrmtry etc/%%SGUILDIR%% +@dirrm bin/%%SGUILDIR%% +%%PORTDOCS%%@dirrm %%DOCSDIR%% _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" State Changed From-To: open->closed Committed. Thanks! |
