Bug 232794 - security/ossec-hids-server: update from 2.8.3 to 3.1.0
Summary: security/ossec-hids-server: update from 2.8.3 to 3.1.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
URL:
Keywords:
Depends on:
Blocks: 218633 218668
  Show dependency treegraph
 
Reported: 2018-10-29 20:14 UTC by Dominik Lisiak
Modified: 2018-11-19 14:24 UTC (History)
2 users (show)

See Also:


Attachments
ossec-hids-3.1.0.diff (221.14 KB, patch)
2018-10-29 20:14 UTC, Dominik Lisiak
no flags Details | Diff
UIDs.diff (1.00 KB, patch)
2018-10-29 20:15 UTC, Dominik Lisiak
no flags Details | Diff
MOVED (103 bytes, text/plain)
2018-10-29 20:16 UTC, Dominik Lisiak
no flags Details
UPDATING (1.05 KB, text/plain)
2018-10-29 20:16 UTC, Dominik Lisiak
no flags Details
ossec-hids-3.1.0.diff (221.10 KB, patch)
2018-11-04 17:17 UTC, Dominik Lisiak
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dominik Lisiak 2018-10-29 20:14:55 UTC
Created attachment 198749 [details]
ossec-hids-3.1.0.diff

Major update from 2.8.3 to 3.1.0. The port has been almost completely redesigned.
This issue obsoletes bug #229716.


The ossec-hids-3.1.0.diff should be applied on ports tree root.

It includes updates for:
security/ossec-hids-server
security/ossec-hids-local
security/ossec-hids-client - it has been renamed to security/ossec-hids-agent

It also includes new ports:
security/ossec-hids-server-config - does not require building
security/ossec-hids-local-config - does not require building
security/ossec-hids-agent-config - does not require building
security/ossec-hids - meta port for all of the above

The following svn command needs to be run on ports tree root AFTER applying ossec-hids-3.1.0.diff:
svn move security/ossec-hids-client security/ossec-hids-agent


The "UIDs.diff" should be applied on ports tree root.

It changes the home directory of ossec, ossecm and ossecr users to "/nonexistent". Reason for the change is that OSSEC ports can now be installed in non default home directory. The package installation script will update the user home directories accordingly.


"MOVED" - contains text that should be added to "MOVED" file
"UPDATING" - contains text that should be added to "UPDATING" file
Comment 1 Dominik Lisiak 2018-10-29 20:15:42 UTC
Created attachment 198750 [details]
UIDs.diff
Comment 2 Dominik Lisiak 2018-10-29 20:16:12 UTC
Created attachment 198751 [details]
MOVED
Comment 3 Dominik Lisiak 2018-10-29 20:16:36 UTC
Created attachment 198752 [details]
UPDATING
Comment 4 Dominik Lisiak 2018-11-04 17:17:20 UTC
Created attachment 198944 [details]
ossec-hids-3.1.0.diff
Comment 5 Steve Wills freebsd_committer 2018-11-09 17:16:33 UTC
(In reply to Dominik Lisiak from comment #4)
I think security/ossec-hids-agent is missing from the patch.
Comment 6 Dominik Lisiak 2018-11-09 17:44:08 UTC
(In reply to Steve Wills from comment #5)
It is not missing. As I wrote in the description.
The following svn command needs to be run on ports tree root AFTER applying ossec-hids-3.1.0.diff:
svn move security/ossec-hids-client security/ossec-hids-agent
Comment 7 commit-hook freebsd_committer 2018-11-09 18:53:25 UTC
A commit references this bug:

Author: swills
Date: Fri Nov  9 18:52:27 UTC 2018
New revision: 484537
URL: https://svnweb.freebsd.org/changeset/ports/484537

Log:
  security/ossec-hids-server: update from 2.8.3 to 3.1.0

  PR:		232794
  Submitted by:	Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer)

Changes:
  head/MOVED
  head/UIDs
  head/UPDATING
  head/security/Makefile
  head/security/ossec-hids/
  head/security/ossec-hids/Makefile
  head/security/ossec-hids/pkg-descr
  head/security/ossec-hids-agent/
  head/security/ossec-hids-agent/Makefile
  head/security/ossec-hids-agent/pkg-plist.client
  head/security/ossec-hids-agent-config/
  head/security/ossec-hids-agent-config/Makefile
  head/security/ossec-hids-client/
  head/security/ossec-hids-local/Makefile
  head/security/ossec-hids-local/distinfo
  head/security/ossec-hids-local/files/
  head/security/ossec-hids-local/files/message-config.in
  head/security/ossec-hids-local/files/message-database.in
  head/security/ossec-hids-local/files/message-firewall.in
  head/security/ossec-hids-local/files/message-header.in
  head/security/ossec-hids-local/files/ossec-hids.in
  head/security/ossec-hids-local/files/patch-src_Makefile
  head/security/ossec-hids-local/files/pkg-deinstall.in
  head/security/ossec-hids-local/files/pkg-install.in
  head/security/ossec-hids-local/files/restart-ossec.sh.in
  head/security/ossec-hids-local/pkg-descr
  head/security/ossec-hids-local/pkg-plist-agent
  head/security/ossec-hids-local/pkg-plist-local
  head/security/ossec-hids-local/pkg-plist-server
  head/security/ossec-hids-local/scripts/
  head/security/ossec-hids-local/scripts/plist.sh
  head/security/ossec-hids-local-config/
  head/security/ossec-hids-local-config/Makefile
  head/security/ossec-hids-local-config/distinfo
  head/security/ossec-hids-local-config/files/
  head/security/ossec-hids-local-config/files/agent-conf.in
  head/security/ossec-hids-local-config/files/command-last-logins.sh.in
  head/security/ossec-hids-local-config/files/command-open-ports.sh.in
  head/security/ossec-hids-local-config/files/command.conf.in
  head/security/ossec-hids-local-config/files/merge-config.sh.in
  head/security/ossec-hids-local-config/files/message-agent-conf.in
  head/security/ossec-hids-local-config/files/message-ossec-conf.in
  head/security/ossec-hids-local-config/files/message-pf.in
  head/security/ossec-hids-local-config/files/ossec-conf.in
  head/security/ossec-hids-local-config/files/pkg-deinstall.in
  head/security/ossec-hids-local-config/files/pkg-install.in
  head/security/ossec-hids-local-config/files/rules-cmdout.xml.in
  head/security/ossec-hids-local-config/files/rules-config.xml.in
  head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in
  head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in
  head/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in
  head/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in
  head/security/ossec-hids-local-config/files/template-ar-merge.xml.in
  head/security/ossec-hids-local-config/files/template-ar-restart.xml.in
  head/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in
  head/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in
  head/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in
  head/security/ossec-hids-local-config/files/template-header-disabled.xml.in
  head/security/ossec-hids-local-config/files/template-header-enabled.xml.in
  head/security/ossec-hids-local-config/files/template-header-sample.xml.in
  head/security/ossec-hids-local-config/files/template-logs-apache.xml.in
  head/security/ossec-hids-local-config/files/template-logs-basic.xml.in
  head/security/ossec-hids-local-config/files/template-logs-nginx.xml.in
  head/security/ossec-hids-local-config/files/template-logs-ossec.xml.in
  head/security/ossec-hids-local-config/files/template-logs-radius.xml.in
  head/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in
  head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
  head/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in
  head/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in
  head/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in
  head/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in
  head/security/ossec-hids-local-config/files/template-rules-config.xml.in
  head/security/ossec-hids-local-config/files/template-rules-default.xml.in
  head/security/ossec-hids-local-config/files/template-sample-agent.xml.in
  head/security/ossec-hids-local-config/files/template-sample-database.xml.in
  head/security/ossec-hids-local-config/files/template-sample-local.xml.in
  head/security/ossec-hids-local-config/files/template-sample-server.xml.in
  head/security/ossec-hids-local-config/files/template-syscheck-basic.xml.in
  head/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
  head/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
  head/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
  head/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
  head/security/ossec-hids-local-config/opt-ar.mk
  head/security/ossec-hids-local-config/opt-cmdout.mk
  head/security/ossec-hids-local-config/opt-logs.mk
  head/security/ossec-hids-local-config/opt-rootcheck.mk
  head/security/ossec-hids-local-config/opt-rules.mk
  head/security/ossec-hids-local-config/opt-syscheck.mk
  head/security/ossec-hids-local-config/pkg-descr
  head/security/ossec-hids-local-config/pkg-help-agent
  head/security/ossec-hids-local-config/pkg-help-local
  head/security/ossec-hids-local-config/pkg-help-server
  head/security/ossec-hids-local-config/pkg-plist-agent
  head/security/ossec-hids-local-config/pkg-plist-local
  head/security/ossec-hids-local-config/pkg-plist-server
  head/security/ossec-hids-local-config/scripts/
  head/security/ossec-hids-local-config/scripts/plist.sh
  head/security/ossec-hids-local-config/scripts/rules.sh
  head/security/ossec-hids-local-config/scripts/template-to-agent.sh
  head/security/ossec-hids-local-config/scripts/template-to-ossec.sh
  head/security/ossec-hids-server/Makefile
  head/security/ossec-hids-server/distinfo
  head/security/ossec-hids-server/files/
  head/security/ossec-hids-server/pkg-descr
  head/security/ossec-hids-server/pkg-plist
  head/security/ossec-hids-server-config/
  head/security/ossec-hids-server-config/Makefile
Comment 8 Steve Wills freebsd_committer 2018-11-09 18:55:51 UTC
(In reply to Dominik Lisiak from comment #6)
Ah, sorry, thanks.

There was no patch to ports/security/Makefile, I've done that. Also, to avoid this error:

/bin/sh: /usr/ports/security/ossec-hids-agent-config/../ossec-hids-local-config/scripts/template-to-ossec.sh: Permission denied

I've added the ${SH} to the lines where TEMPL_TO_OSSEC and TEMPL_TO_AGENT are run.

Had to clean up whitespace in a few places and change "${MKDIR} -p" to "${MKDIR}" and "${CP} -f" to "${CP}".

Let me know if I missed anything. Thanks for the patch! Committed!
Comment 9 Arkadiy 2018-11-19 12:03:54 UTC
Hi

I am trying to upgrade ossec-hids-client-2.8.3 to ossec-hids-agent-3.1.0. After ports tree update I see "New version available: ossec-hids-server-3.1.0" and don't see ossec-hids-agent-3.1.0. I have not ossec-hids-server installation on this server. Why I see server-3.1.0 instead of agent-3.1.0?  
Could you check the ports in the tree?

Thank you.
Comment 10 Arkadiy 2018-11-19 14:24:57 UTC
I do clean install:
   #portmaster security/ossec-hids-agent

The result is:
   #pkg info | grep ossec
   ossec-hids-server-3.1.0 Security tool to monitor and check logs and intrusions

Looks like errors in the Makefile. Could you please check?

Thank you.