ports/104227: new port submission, security/sguil-server
Paul Schmehl
pauls at utdallas.edu
Mon Oct 9 21:40:34 UTC 2006
>Number: 104227
>Category: ports
>Synopsis: new port submission, security/sguil-server
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 09 21:40:17 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl <pauls at utdallas.edu>
>Release: FreeBSD 6.0-RELEASE-p6 i386
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 6.0-RELEASE-p6 FreeBSD 6.0-RELEASE-p6 #1: Sat Apr 1 21:39:10 CST 2006 root at hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
This is a new port submission. This port is the server portion that
complements the security/sguil-sensor port that has already been
committed. Both are part of a network security management system.
>How-To-Repeat:
>Fix:
--- sguild.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# .
# ./pkg-plist
# ./files
# ./files/patch-sguild
# ./files/patch-sguild.access
# ./files/patch-sguild.conf
# ./files/sguild.sh.in
# ./files/pkg-message.in
# ./Makefile
# ./pkg-descr
# ./distinfo
#
echo c - .
mkdir -p . > /dev/null 2>&1
echo x - ./pkg-plist
sed 's/^X//' >./pkg-plist << 'END-of-./pkg-plist'
Xbin/archive_sguildb.tcl
Xbin/incident_report.tcl
Xbin/sguild
Xetc/%%SGUILDIR%%/autocat.conf-sample
Xetc/%%SGUILDIR%%/sguild.access-sample
Xetc/%%SGUILDIR%%/sguild.conf-sample
Xetc/%%SGUILDIR%%/sguild.email-sample
Xetc/%%SGUILDIR%%/sguild.queries-sample
Xetc/%%SGUILDIR%%/sguild.reports-sample
Xetc/%%SGUILDIR%%/sguild.users-sample
Xlib/%%SGUILDIR%%/SguildAccess.tcl
Xlib/%%SGUILDIR%%/SguildAutoCat.tcl
Xlib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl
Xlib/%%SGUILDIR%%/SguildConnect.tcl
Xlib/%%SGUILDIR%%/SguildCreateDB.tcl
Xlib/%%SGUILDIR%%/SguildEmailEvent.tcl
Xlib/%%SGUILDIR%%/SguildEvent.tcl
Xlib/%%SGUILDIR%%/SguildGenericDB.tcl
Xlib/%%SGUILDIR%%/SguildHealthChecks.tcl
Xlib/%%SGUILDIR%%/SguildLoaderd.tcl
Xlib/%%SGUILDIR%%/SguildMysqlMerge.tcl
Xlib/%%SGUILDIR%%/SguildQueryd.tcl
Xlib/%%SGUILDIR%%/SguildReportBuilder.tcl
Xlib/%%SGUILDIR%%/SguildSendComms.tcl
Xlib/%%SGUILDIR%%/SguildSensorAgentComms.tcl
Xlib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl
Xlib/%%SGUILDIR%%/SguildTranscript.tcl
Xlib/%%SGUILDIR%%/SguildUtils.tcl
Xshare/%%SGUILDIR%%/create_ruledb.sql
Xshare/%%SGUILDIR%%/create_sguildb.sql
Xshare/%%SGUILDIR%%/migrate_event.tcl
Xshare/%%SGUILDIR%%/migrate_sancp.tcl
Xshare/%%SGUILDIR%%/update_sguildb_v5-v6.sql
Xshare/%%SGUILDIR%%/update_sguildb_v6-v7.sql
Xshare/%%SGUILDIR%%/update_sguildb_v7-v8.sql
Xshare/%%SGUILDIR%%/update_sguildb_v8-v9.sql
Xshare/%%SGUILDIR%%/update_sguildb_v9-v10.sql
Xshare/%%SGUILDIR%%/update_sguildb_v10-v11.sql
X at dirrm share/%%SGUILDIR%%
X at unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguild.conf ] ; then rmdir %D/etc/%%SGUILDIR%%; fi
X at dirrm lib/%%SGUILDIR%%
END-of-./pkg-plist
echo c - ./files
mkdir -p ./files > /dev/null 2>&1
echo x - ./files/patch-sguild
sed 's/^X//' >./files/patch-sguild << 'END-of-./files/patch-sguild'
X--- sguild.orig Tue Mar 28 04:36:05 2006
X+++ sguild Tue Mar 28 04:37:10 2006
X@@ -229,7 +229,7 @@
X package require tls
X # Check for certs
X if {![info exists CERTS_PATH]} {
X- set CERTS_PATH /etc/sguild/certs
X+ set CERTS_PATH /usr/local/etc/sguil-server/certs
X }
X if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} {
X puts "ERROR: $CERTS_PATH does not exist or is not a directory"
X@@ -251,13 +251,13 @@
X
X if { ![info exists CONF_FILE] } {
X # No conf file specified check the defaults
X- if { [file exists /etc/sguild/sguild.conf] } {
X- set CONF_FILE /etc/sguild/sguild.conf
X+ if { [file exists /usr/local/etc/sguil-server/sguild.conf] } {
X+ set CONF_FILE /usr/local/etc/sguil-server/sguild.conf
X } elseif { [file exists ./sguild.conf] } {
X set CONF_FILE ./sguild.conf
X } else {
X puts "Couldn't determine where the sguil config file is"
X- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
X+ puts "Looked for ./sguild.conf and /usr/local/etc/sguil-server/sguild.conf."
X DisplayUsage $argv0
X }
X }
X@@ -338,17 +338,17 @@
X # Check for a valid USERS file
X if { ![info exists USERS_FILE] } {
X # No users file was specified. Go with the defaults
X- if { [file exists /etc/sguild/sguild.users] } {
X- set USERS_FILE "/etc/sguild/sguild.users"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.users] } {
X+ set USERS_FILE "/usr/local/etc/sguil-server/sguild.users"
X } elseif { [file exists ./sguild.users] } {
X set USERS_FILE "./sguild.users"
X } else {
X if { [info exists ADDUSER] && $ADDUSER } {
X- CreateUsersFile "/etc/sguild/sguild.users"
X+ CreateUsersFile "/usr/local/etc/sguil-server/sguild.users"
X } else {
X set DEBUG 2
X LogMessage "ERROR: Could not find a sguild.users file."
X- LogMessage " Checked in ./ and /etc/sguild/"
X+ LogMessage " Checked in ./ and /usr/local/etc/sguil-server/"
X DisplayUsage $argv0
X }
X }
X@@ -376,8 +376,8 @@
X # Load accessfile
X if { ![info exists ACCESS_FILE] } {
X # Check the defaults
X- if { [file exists /etc/sguild/sguild.access] } {
X- set ACCESS_FILE "/etc/sguild/sguild.access"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.access] } {
X+ set ACCESS_FILE "/usr/local/etc/sguil-server/sguild.access"
X } elseif { [file exists ./sguild.access] } {
X set ACCESS_FILE "./sguild.access"
X } else {
X@@ -391,8 +391,8 @@
X }
X # Load auto cat config
X if { ![info exists AUTOCAT_FILE] } {
X- if { [file exists /etc/sguild/autocat.conf] } {
X- set AUTOCAT_FILE "/etc/sguild/autocat.conf"
X+ if { [file exists /usr/local/etc/sguil-server/autocat.conf] } {
X+ set AUTOCAT_FILE "/usr/local/etc/sguil-server/autocat.conf"
X } else {
X set AUTOCAT_FILE "./autocat.conf"
X }
X@@ -402,8 +402,8 @@
X }
X # Load email config file
X if { ![info exists EMAIL_FILE] } {
X- if { [file exists /etc/sguild/sguild.email] } {
X- set EMAIL_FILE "/etc/sguild/sguild.email"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.email] } {
X+ set EMAIL_FILE "/usr/local/etc/sguil-server/sguild.email"
X } else {
X set EMAIL_FILE "./sguild.email"
X }
X@@ -415,8 +415,8 @@
X }
X # Load global queries.
X if { ![info exists GLOBAL_QRY_FILE] } {
X- if { [file exists /etc/sguild/sguild.queries] } {
X- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.queries] } {
X+ set GLOBAL_QRY_FILE "/usr/local/etc/sguil-server/sguild.queries"
X } else {
X set GLOBAL_QRY_FILE "./sguild.queries"
X }
X@@ -428,8 +428,8 @@
X }
X # Load report queries.
X if { ![info exists REPORT_QRY_FILE] } {
X- if { [file exists /etc/sguild/sguild.reports] } {
X- set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
X+ if { [file exists /usr/local/etc/sguil-server/sguild.reports] } {
X+ set REPORT_QRY_FILE "/usr/local/etc/sguil-server/sguild.reports"
X } else {
X set REPORT_QRY_FILE "./sguild.reports"
X }
END-of-./files/patch-sguild
echo x - ./files/patch-sguild.access
sed 's/^X//' >./files/patch-sguild.access << 'END-of-./files/patch-sguild.access'
X--- sguild.access.orig Tue Mar 28 03:36:31 2006
X+++ sguild.access Tue Mar 28 03:37:44 2006
X@@ -4,7 +4,8 @@
X # This file is used by sguild for access control. It is read upon init #
X # or when sguild receives a HUP signal. #
X # #
X-# By default, sguild will look first for /etc/sguild/sguild.access, #
X+# By default, sguild will look first for #
X+# /usrlocal//etc/sguild/sguild.access, #
X # then ./sguild.access unless the -A /path/to/sguild.access switch #
X # is used. #
X # #
END-of-./files/patch-sguild.access
echo x - ./files/patch-sguild.conf
sed 's/^X//' >./files/patch-sguild.conf << 'END-of-./files/patch-sguild.conf'
X*** sguild.conf.orig Tue Mar 28 02:38:13 2006
X--- sguild.conf Tue Mar 28 02:39:47 2006
X***************
X*** 2,6 ****
X
X # Path the sguild libs
X! set SGUILD_LIB_PATH ./lib
X
X # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty.
X--- 2,6 ----
X
X # Path the sguild libs
X! set SGUILD_LIB_PATH /usr/local/lib/sguil-server/
X
X # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty.
X***************
X*** 61,65 ****
X # You MUST have tcpflow installed to get xscripts
X # http://www.circlemud.org/~jelson/software/tcpflow/
X! set TCPFLOW "/usr/bin/tcpflow"
X
X # p0f - (C) Michal Zalewski <lcamtuf at gis.net>, William Stearns <wstearns at pobox.com>
X--- 61,65 ----
X # You MUST have tcpflow installed to get xscripts
X # http://www.circlemud.org/~jelson/software/tcpflow/
X! set TCPFLOW "/usr/local/bin/tcpflow"
X
X # p0f - (C) Michal Zalewski <lcamtuf at gis.net>, William Stearns <wstearns at pobox.com>
X***************
X*** 72,76 ****
X # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
X # add any others you may need here.
X! set P0F_PATH "/usr/sbin/p0f"
X
X # Email config moved to sguild.email
X--- 72,76 ----
X # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
X # add any others you may need here.
X! set P0F_PATH "/usr/local/bin/p0f"
X
X # Email config moved to sguild.email
END-of-./files/patch-sguild.conf
echo x - ./files/sguild.sh.in
sed 's/^X//' >./files/sguild.sh.in << 'END-of-./files/sguild.sh.in'
X#!/bin/sh
X
X# PROVIDE: sguild
X# REQUIRE: DAEMON
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable sguild:
X# sguild_enable (bool): Set to YES to enable sguild
X# Default: NO
X# sguild_flags (str): Extra flags passed to sguild
X# Default: -D
X# sguild_conf (str): Sguild configuration file
X# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
X
X. %%RC_SUBR%%
X
Xname="sguild"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/bin/${name}"
Xprocname="%%TCLSH%%"
Xcheck_process="${command} /bin/sh"
Xstop_cmd="sguild_stop"
X
Xsguild_enable=${sguild_enable-NO}
Xsguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
Xsguild_flags=${sguild_flags--D}
X[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
X
Xsguild_stop() {
X if [ -z "${rc_pid}" ]; then
X echo "${name} not running?"
X else
X echo "Stopping ${name}."
X `/bin/kill -9 ${rc_pid}`
X wait_for_pids "${rc_pid}"
X if [ -f "/var/run/${name}.pid" ]; then
X `rm -f /var/run/${name}.pid`
X fi
X fi
X}
X
Xload_rc_config ${name}
Xrun_rc_command "$1"
END-of-./files/sguild.sh.in
echo x - ./files/pkg-message.in
sed 's/^X//' >./files/pkg-message.in << 'END-of-./files/pkg-message.in'
X ***********************************
X * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X ***********************************
X
XIf you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
Xthey were not overwritten. If this is a first time install, you
Xmust copy the sample files to the corresponding conf file and
Xedit the various config files for your site. See the INSTALL
Xdoc in %%DOCSDIR%% for details.
X
XThe sql scripts for creating database tables were placed in
Xthe %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE
XNOTE: LOG_DIR is not set by this install. You MUST create the
Xcorrect LOG_DIRS and put a copy of the snort rules you use in
XLOG_DIR/rules.
X
XThe sguild, archive_sguildb.tcl and incident_report.tcl scripts
Xwere placed in %%PREFIX%%/bin/. The incident_report.tcl
Xscript is from the contrib section. There is no documentation
Xand the script's variables must be edited before it is used.
X
XA startup script, named sguild.sh was installed in
X%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf
Xper the instructions in the script.
X
XFor general questions, see the sguil faq:
Xhttp://sguil.sourceforge.net/index.php?page=faq
XFor detailed install instructions see Richard Bejtlich's
Xexcellent guide at his blog:
Xhttp://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html
END-of-./files/pkg-message.in
echo x - ./Makefile
sed 's/^X//' >./Makefile << 'END-of-./Makefile'
X# New ports collection makefile for: sguil-server
X# Date created: 9 Oct 2006
X# Whom: Paul Schmehl <pauls at utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sguil-server
XPORTVERSION= 0.6.1
XCATEGORIES= security
XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
XMASTER_SITE_SUBDIR= sguil
X
XMAINTAINER= pauls at utdallas.edu
XCOMMENT= Squil is a network security management program
X
XRUN_DEPENDS= p0f:${PORTSDIR}/net-mgmt/p0f \
X tcpflow:${PORTSDIR}/net/tcpflow \
X dtplite:${PORTSDIR}/devel/tcllib \
X barnyard:${PORTSDIR}/security/barnyard-sguil6 \
X ${LOCALBASE}/lib/tcl8.4/mysqltcl:${PORTSDIR}/databases/mysqltcl \
X ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
XLIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls
X
XNO_BUILD= yes
XUSE_RC_SUBR= sguild.sh
XTCLSH_CMD?= ${PREFIX}/bin/tclsh8.4
XSGUILDIR?= sguil-server
XWRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
XPATCH_WRKSRC= ${WRKSRC}/server
XPLIST_SUB= SGUILDIR=${SGUILDIR}
XSUB_FILES= pkg-message
XSUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD}
XLIBRARIES= SguildAccess.tcl SguildEvent.tcl SguildReportBuilder.tcl \
X SguildAutoCat.tcl SguildGenericDB.tcl SguildSendComms.tcl \
X SguildClientCmdRcvd.tcl SguildHealthChecks.tcl SguildSensorAgentComms.tcl \
X SguildConnect.tcl SguildLoaderd.tcl SguildSensorCmdRcvd.tcl \
X SguildCreateDB.tcl SguildMysqlMerge.tcl SguildTranscript.tcl \
X SguildEmailEvent.tcl SguildQueryd.tcl SguildUtils.tcl
XSCRIPTS= create_ruledb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \
X create_sguildb.sql update_sguildb_v5-v6.sql update_sguildb_v9-v10.sql \
X migrate_event.tcl update_sguildb_v6-v7.sql migrate_sancp.tcl update_sguildb_v7-v8.sql
XCONFS= autocat.conf sguild.access sguild.conf sguild.email sguild.queries sguild.reports sguild.users
X
XPORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
X OPENSSL.README TODO USAGE sguildb.dia
X
X.include <bsd.port.pre.mk>
X
Xpost-patch:
X.for f in archive_sguildb.tcl sguild contrib/incident_report.tcl
X @${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f}
X.endfor
X
Xdo-install:
X @${MKDIR} ${PREFIX}/etc/${SGUILDIR}
X @${MKDIR} ${PREFIX}/lib/${SGUILDIR}
X @${MKDIR} ${PREFIX}/share/${SGUILDIR}
X.for f in archive_sguildb.tcl sguild
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f}
X.endfor
X.for f in incident_report.tcl
X ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/contrib/${f} ${PREFIX}/bin/${f}
X.endfor
X.for f in ${CONFS}
X ${INSTALL_DATA} ${WRKSRC}/server/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample
X.endfor
X.for f in ${LIBRARIES}
X ${INSTALL_DATA} ${WRKSRC}/server/lib/${f} ${PREFIX}/lib/${SGUILDIR}/${f}
X.endfor
X.for f in ${SCRIPTS}
X ${INSTALL_DATA} ${WRKSRC}/server/sql_scripts/${f} ${PREFIX}/share/${SGUILDIR}/${f}
X.endfor
Xpost-install:
X.if !defined(NOPORTDOCS)
X @${MKDIR} ${DOCSDIR}
X cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X @${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-./Makefile
echo x - ./pkg-descr
sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr'
XSguil is an open source tool to implement Network
XSecurity Monitoring (NSM). NSM is the collection,
Xanalysis, and escalation of indications and warnings
Xto detect and respond to intrusions. NSM tools are
Xused more for network audit and specialized
Xapplications than traditional alert-centric "intrusion
Xdetection" systems.
X
XWant to learn more about Network Security Monitoring
X(NSM)? Then check out Richard Bejtlich's recently
Xreleased book, The Tao of Network Security Monitoring:
XBeyond Intrusion Detection. An excerpt reads:
X
X"Network security monitoring (NSM) equips security
Xstaff to deal with the inevitable consequences of too
Xfew resources and too many responsibilities. NSM collects
Xthe data needed to generate better assessment, detection,
Xand response processes--resulting in decreased impact from
Xunauthorized activities."
X
XWWW: http://sguil.sourceforge.net/index.php
Xpauls at utdallas.edu
END-of-./pkg-descr
echo x - ./distinfo
sed 's/^X//' >./distinfo << 'END-of-./distinfo'
XMD5 (sguil-server-0.6.1.tar.gz) = 27decbe3c6528bf2c86c74b35b8f7b3b
XSHA256 (sguil-server-0.6.1.tar.gz) = 22aea8f76da0530ae7ee9a68efe1de7615bec47a7702c93f8fe338d57590ce57
XSIZE (sguil-server-0.6.1.tar.gz) = 92901
END-of-./distinfo
exit
--- sguild.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list