ports/85448: Maintainer Update: security/samhain 2.0.8 -> 2.0.9
David Thiel
lx at redundancy.redundancy.org
Mon Aug 29 19:00:47 UTC 2005
>Number: 85448
>Category: ports
>Synopsis: Maintainer Update: security/samhain 2.0.8 -> 2.0.9
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 29 19:00:39 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: David Thiel
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 5.4-STABLE FreeBSD 5.4-STABLE #9: Mon Jul 11 20:22:35 PDT 2005 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386
>Description:
Updating the samhain integrity checker to 2.0.9. This is a bugfix
and minor feature enhancement release. Several port configuration
changes have also been made.
Code changes:
- Improved support for prelude:
configurable mapping from samhain severities to prelude severities
correct reporting of FileAccess (conforming to IDMEF specs)
bugfixes
- fixes for a few compile errors
- fix for directory special file checking (was done with policy of parent
directory); also, the manual now states explicitely rules for precedence
- fix for unneccessary computation of checksums
Port changes:
- As per ports/85291, the samhainrc.sample file is chgrp'd to wheel, and
RUNAS_USER now defaults to "yule" properly.
- As per ports/85294, XML logging is now on by default and tunable. Building
with database support and without XML logging will cause an error.
>How-To-Repeat:
>Fix:
diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile Mon Aug 29 10:57:18 2005
+++ samhain/Makefile Mon Aug 29 11:46:34 2005
@@ -9,7 +9,9 @@
#
# WITH_RUNAS_USER:
# Whe building with "WITH_SERVER" defined, the username of the
-# account Yule will run as. Defaults to "yule".
+# account Yule will run as. Defaults to "yule". If using
+# WITH_GPG, ensure that this user exists and has a pgp
+# keypair before installing.
#
# WITH_LOG_SERVER, WITH_ALT_LOG_SERVER. When "WITH_CLIENT" is defined,
# these specify what server the client will fetch configuration
@@ -17,7 +19,7 @@
#
PORTNAME= samhain
-PORTVERSION= 2.0.8
+PORTVERSION= 2.0.9
CATEGORIES= security
MASTER_SITES= http://la-samhna.de/archive/ \
http://cold.darkambient.net/
@@ -30,6 +32,7 @@
GPG "Enable GnuPG support" off \
MYSQL "Enable MySQL logging" off \
POSTGRESQL "Enable PostgreSQL logging" off \
+ XML_LOGS "Enable XML-formatted logs" on \
LIBWRAP "Enable TCP wrapper support" on \
CLIENT "Build as Samhain network client" off \
SERVER "Build as Yule network server" off
@@ -44,8 +47,13 @@
CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \
--mandir=${PREFIX}/man --enable-suidcheck
+.if !defined(WITHOUT_XML_LOGS)
+CONFIGURE_ARGS+= --enable-xml-log
+.endif
.if defined(WITH_RUNAS_USER)
CONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER}
+.else
+CONFIGURE_ARGS+= --enable-identity=yule
.endif
.if defined(WITH_KCHECK)
CONFIGURE_ARGS+= --with-kcheck
@@ -56,10 +64,10 @@
.if defined(WITH_MYSQL)
CONFIGURE_ARGS+= --with-database=mysql \
--with-cflags=-I${LOCALBASE}/include/mysql \
- --with-libs=-L${LOCALBASE}/lib/mysql --enable-xml-log
+ --with-libs=-L${LOCALBASE}/lib/mysql
.endif
.if defined(WITH_POSTGRESQL)
-CONFIGURE_ARGS+= --with-database=postgresql --enable-xml-log
+CONFIGURE_ARGS+= --with-database=postgresql
.endif
.if !defined(WITHOUT_LIBWRAP)
CONFIGURE_ARGS+= --with-libwrap
@@ -117,6 +125,20 @@
@${ECHO_MSG}
.endif
+.if defined(WITH_MYSQL) && !defined(WITH_XML_LOGS)
+ @${ECHO_MSG}
+ @${ECHO_MSG} "XML logging is required to log to MySQL."
+ @${ECHO_MSG}
+.error "XML logging is required to log to MySQL."
+.endif
+
+.if defined(WITH_POSTGRESQL) && !defined(WITH_XML_LOGS)
+ @${ECHO_MSG}
+ @${ECHO_MSG} "XML logging is required to log to Postgres."
+ @${ECHO_MSG}
+.error "XML logging is required to log to Postgres."
+.endif
+
post-extract:
@${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
@@ -125,6 +147,7 @@
.if !defined(WITH_SERVER)
@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh.sample
@${CP} ${WRKSRC}/samhainrc ${PREFIX}/etc/samhainrc.sample
+ @${CHGRP} wheel ${PREFIX}/etc/samhainrc.sample
.else
@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh.sample
@${CP} ${WRKSRC}/yulerc ${PREFIX}/etc/yulerc.sample
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo Mon Aug 29 10:57:18 2005
+++ samhain/distinfo Mon Aug 29 11:02:00 2005
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-2.0.8.tar.gz) = 2364ae24f381a658db0f3be96cedabc4
-SIZE (samhain_signed-2.0.8.tar.gz) = 1194062
+MD5 (samhain_signed-2.0.9.tar.gz) = 48985d91400db746f1513fc332edb704
+SIZE (samhain_signed-2.0.9.tar.gz) = 1210510
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list