ports/85448: Maintainer Update: security/samhain 2.0.8 -> 2.0.9

David Thiel lx at redundancy.redundancy.org
Mon Aug 29 19:00:47 UTC 2005 

>Number:         85448
>Category:       ports
>Synopsis:       Maintainer Update: security/samhain 2.0.8 -> 2.0.9
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 29 19:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     David Thiel
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 5.4-STABLE FreeBSD 5.4-STABLE #9: Mon Jul 11 20:22:35 PDT 2005 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386


>Description:

Updating the samhain integrity checker to 2.0.9. This is a bugfix
and minor feature enhancement release. Several port configuration 
changes have also been made.

Code changes:

 -  Improved support for prelude:
    configurable mapping from samhain severities to prelude severities
    correct reporting of FileAccess (conforming to IDMEF specs)
    bugfixes

 -  fixes for a few compile errors

 -  fix for directory special file checking (was done with policy of parent
    directory); also, the manual now states explicitely rules for precedence

 -  fix for unneccessary computation of checksums

Port changes:

- As per ports/85291, the samhainrc.sample file is chgrp'd to wheel, and
	RUNAS_USER now defaults to "yule" properly.

- As per ports/85294, XML logging is now on by default and tunable. Building
	with database support and without XML logging will cause an error.

>How-To-Repeat:
>Fix:

diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile	Mon Aug 29 10:57:18 2005
+++ samhain/Makefile	Mon Aug 29 11:46:34 2005
@@ -9,7 +9,9 @@
 #
 # WITH_RUNAS_USER:
 #	Whe building with "WITH_SERVER" defined, the username of the
-#	account Yule will run as. Defaults to "yule".
+#	account Yule will run as. Defaults to "yule". If using
+#	WITH_GPG, ensure that this user exists and has a pgp 
+#	keypair before installing.
 #
 # WITH_LOG_SERVER, WITH_ALT_LOG_SERVER. When "WITH_CLIENT" is defined,
 # 	these specify what server the client will fetch configuration
@@ -17,7 +19,7 @@
 #
 
 PORTNAME=	samhain
-PORTVERSION=	2.0.8
+PORTVERSION=	2.0.9
 CATEGORIES=	security
 MASTER_SITES=	http://la-samhna.de/archive/ \
 		http://cold.darkambient.net/
@@ -30,6 +32,7 @@
 		GPG "Enable GnuPG support" off \
 		MYSQL "Enable MySQL logging" off \
 		POSTGRESQL "Enable PostgreSQL logging" off \
+		XML_LOGS "Enable XML-formatted logs" on \
 		LIBWRAP "Enable TCP wrapper support" on \
 		CLIENT "Build as Samhain network client" off \
 		SERVER "Build as Yule network server" off
@@ -44,8 +47,13 @@
 CONFIGURE_ARGS=	--enable-login-watch --localstatedir=/var \
 		--mandir=${PREFIX}/man --enable-suidcheck
 
+.if !defined(WITHOUT_XML_LOGS)
+CONFIGURE_ARGS+=	--enable-xml-log
+.endif
 .if defined(WITH_RUNAS_USER)
 CONFIGURE_ARGS+=	--enable-identity=${WITH_RUNAS_USER}
+.else 
+CONFIGURE_ARGS+=	--enable-identity=yule
 .endif
 .if defined(WITH_KCHECK)
 CONFIGURE_ARGS+=	--with-kcheck
@@ -56,10 +64,10 @@
 .if defined(WITH_MYSQL)
 CONFIGURE_ARGS+=	--with-database=mysql \
 			--with-cflags=-I${LOCALBASE}/include/mysql \
-			--with-libs=-L${LOCALBASE}/lib/mysql --enable-xml-log
+			--with-libs=-L${LOCALBASE}/lib/mysql
 .endif
 .if defined(WITH_POSTGRESQL)
-CONFIGURE_ARGS+=	--with-database=postgresql --enable-xml-log
+CONFIGURE_ARGS+=	--with-database=postgresql
 .endif
 .if !defined(WITHOUT_LIBWRAP)
 CONFIGURE_ARGS+=	--with-libwrap
@@ -117,6 +125,20 @@
 	@${ECHO_MSG}
 .endif
 
+.if defined(WITH_MYSQL) && !defined(WITH_XML_LOGS)
+	@${ECHO_MSG}
+	@${ECHO_MSG} "XML logging is required to log to MySQL."
+	@${ECHO_MSG}
+.error "XML logging is required to log to MySQL."
+.endif
+
+.if defined(WITH_POSTGRESQL) && !defined(WITH_XML_LOGS)
+	@${ECHO_MSG}
+	@${ECHO_MSG} "XML logging is required to log to Postgres."
+	@${ECHO_MSG}
+.error "XML logging is required to log to Postgres."
+.endif
+
 post-extract:
 	@${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
 	@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
@@ -125,6 +147,7 @@
 .if !defined(WITH_SERVER)
 	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh.sample
 	@${CP} ${WRKSRC}/samhainrc ${PREFIX}/etc/samhainrc.sample
+	@${CHGRP} wheel ${PREFIX}/etc/samhainrc.sample
 .else
 	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh.sample
 	@${CP} ${WRKSRC}/yulerc ${PREFIX}/etc/yulerc.sample
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo	Mon Aug 29 10:57:18 2005
+++ samhain/distinfo	Mon Aug 29 11:02:00 2005
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-2.0.8.tar.gz) = 2364ae24f381a658db0f3be96cedabc4
-SIZE (samhain_signed-2.0.8.tar.gz) = 1194062
+MD5 (samhain_signed-2.0.9.tar.gz) = 48985d91400db746f1513fc332edb704
+SIZE (samhain_signed-2.0.9.tar.gz) = 1210510
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list