ports/122646: security/sguil-sensor, port upgrade, new version
Paul Schmehl
pauls at utdallas.edu
Fri Apr 11 03:50:04 UTC 2008
>Number: 122646
>Category: ports
>Synopsis: security/sguil-sensor, port upgrade, new version
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 11 03:50:04 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 7.0-STABLE i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 7.0-STABLE FreeBSD 7.0-STABLE #4: Mon Apr 7 15:22:19 CDT 2008 root at hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
This PR upgrades the port to version 0.7.0. Committer: Please note
there are three sguil ports; server, sensor and client. All three
must be committed at the same time. In addition, the security/barnyard-sguil6
port must be repocopied to security/barnyard-sguil for this port to function.
Please ensure that all four changes occur at the same time.
There are two files in the existing port that should be removed;
files/patch-sensor_agent.tcl and files/sensoragent.sh.in. Neither file is needed
in the new port.
>How-To-Repeat:
>Fix:
--- patch-Makefile begins here ---
--- Makefile.orig 2007-01-16 06:45:11.000000000 -0600
+++ Makefile 2008-04-10 21:07:04.000000000 -0500
@@ -6,8 +6,7 @@
#
PORTNAME= sguil-sensor
-PORTVERSION= 0.6.1
-PORTREVISION= 1
+PORTVERSION= 0.7.0
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= sguil
@@ -15,21 +14,23 @@
MAINTAINER= pauls at utdallas.edu
COMMENT= Sguil is a network security monitoring program
+LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls
RUN_DEPENDS= snort:${PORTSDIR}/security/snort \
- barnyard:${PORTSDIR}/security/barnyard-sguil6 \
+ barnyard:${PORTSDIR}/security/barnyard-sguil \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
-OPTIONS= SANCP "Include sancp support" off \
- TLS "Include openssl support" off
+OPTIONS= SANCP "Include sancp sensor" off \
+ PADS "Include pads sensor" off
NO_BUILD= yes
-USE_RC_SUBR= sensor_agent.sh
+USE_RC_SUBR= example_agent.sh pcap_agent.sh snort_agent.sh
TCLSH_CMD?= tclsh8.4
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
SUB_LIST= SGUILDIR=${SGUILDIR}
-SUB_FILES= pkg-message sensor_agent.sh
+SUB_FILES= pkg-message example_agent.sh pcap_agent.sh snort_agent.sh
PLIST_SUB= SGUILDIR=${SGUILDIR}
SGUILDIR?= sguil-sensor
+AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
OPENSSL.README TODO UPGRADE USAGE sguildb.dia
@@ -40,43 +41,75 @@
.if defined(WITH_SANCP)
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
+USE_RC_SUBR+= sancp_agent.sh
+SUB_FILES+= sancp_agent.sh
PLIST_SUB+= USESANCP=
.else
PLIST_SUB+= USESANCP="@comment "
.endif
-.if defined(WITH_TLS)
-LIB_DEPENDS+= tls:${PORTSDIR}/devel/tcltls
+.if defined(WITH_PADS)
+RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads
+USE_RC_SUBR+= pads_agent.sh
+SUB_FILES+= pads_agent.sh
+PLIST_SUB+= USEPADS=
+.else
+PLIST_SUB+= USEPADS="@comment "
.endif
post-patch:
-.for f in sensor_agent.tcl
+.for f in ${AGENTS}
@${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
${WRKSRC}/sensor/${f}
+ @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
+ ${WRKSRC}/sensor/${f}
.endfor
do-install:
@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
- ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl \
- ${PREFIX}/bin/${SGUILDIR}/sensor_agent.tcl
+ @${MKDIR} ${PREFIX}/etc/${SGUILDIR}
+.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+ ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
.for f in log_packets.sh
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.for f in sensor_agent.conf
+.for f in example_agent.conf pcap_agent.conf snort_agent.conf
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
- ${PREFIX}/etc/${f}-sample
+ ${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
.for f in log_packets.conf
${INSTALL_DATA} ${FILESDIR}/${f} \
- ${PREFIX}/etc/${f}-sample
+ ${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
.if defined(WITH_SANCP)
+.for f in sancp_agent.conf
+ ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
.for f in sancp.conf
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
${PREFIX}/etc/${f}-sample
.endfor
+.for f in sancp_agent.tcl
+ ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
+.endif
+.if defined(WITH_PADS)
+.for f in pads_agent.conf
+ ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
+.for f in pads_agent.tcl
+ ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
.endif
+post-install:
+
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC}/doc && ${INSTALL_DATA} \
--- patch-Makefile ends here ---
--- patch-distinfo begins here ---
--- distinfo.orig 2006-10-09 14:04:38.000000000 -0500
+++ distinfo 2008-04-10 21:07:04.000000000 -0500
@@ -1,3 +1,3 @@
-MD5 (sguil-sensor-0.6.1.tar.gz) = 62be71b0aa41ccacb7872839dc4bf5ad
-SHA256 (sguil-sensor-0.6.1.tar.gz) = b1da0fffeaecd69b9d8eeeb27025fdc3493a2eabfec8ed4153f688f11ee226eb
-SIZE (sguil-sensor-0.6.1.tar.gz) = 103441
+MD5 (sguil-sensor-0.7.0.tar.gz) = 911b3571fdaa00b7ddde3ec818232b3f
+SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
+SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
--- patch-distinfo ends here ---
--- patch-pkg-descr begins here ---
--- pkg-descr.orig 2006-10-09 14:04:38.000000000 -0500
+++ pkg-descr 2008-04-10 21:07:04.000000000 -0500
@@ -5,13 +5,14 @@
in order to function properly.
The sensor list includes security/barnyard, security/snort,
-security/sancp, tcpdump (a part of the OS) and devel/tcltls as
-well as lang/tcl84 and lang/tclX. Care has been taken to ensure
-that everything you need to build a working sguil operation is
-in the FreeBSD ports system or part of the OS already.
+security/sancp, net-mgmt/pads, tcpdump (a part of the OS)
+and devel/tcltls as well as lang/tcl84 and lang/tclX. Care
+has been taken to ensure that everything you need to build
+a working sguil operation is in the FreeBSD ports system or
+is part of the OS already.
Sguil currently functions as an analysis interface and has
-no snort sensor or rule management capabilities.
+rule management capabilities.
WWW: http://sguil.sourceforge.net/index.php
pauls at utdallas.edu
--- patch-pkg-descr ends here ---
--- patch-pkg-plist begins here ---
--- pkg-plist.orig 2006-10-09 14:04:38.000000000 -0500
+++ pkg-plist 2008-04-10 21:07:04.000000000 -0500
@@ -1,6 +1,15 @@
bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/sensor_agent.tcl
-etc/log_packets.conf-sample
+bin/%%SGUILDIR%%/example_agent.tcl
+bin/%%SGUILDIR%%/pcap_agent.tcl
+bin/%%SGUILDIR%%/snort_agent.tcl
+etc/%%SGUILDIR%%/example_agent.conf-sample
+etc/%%SGUILDIR%%/pcap_agent.conf-sample
+etc/%%SGUILDIR%%/snort_agent.conf-sample
+etc/%%SGUILDIR%%/log_packets.conf-sample
+%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
+%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
%%USESANCP%%etc/sancp.conf-sample
-etc/sensor_agent.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
+%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
@dirrm bin/%%SGUILDIR%%
+ at dirrmtry etc/%%SGUILDIR%%
--- patch-pkg-plist ends here ---
--- patch-files-log_packets.conf begins here ---
--- files/log_packets.conf.orig 2006-10-09 14:04:38.000000000 -0500
+++ files/log_packets.conf 2008-04-10 21:07:04.000000000 -0500
@@ -2,6 +2,11 @@
# Make sure you verify the location of
# each of the binaries on your OS
+# Edit these for your setup
+
+# Sensors hostname.
+# Note: If running multiple snort instances, then this must be different
+# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
HOSTNAME="myhost"
# Path to snort binary
SNORT_PATH="/usr/local/bin/snort"
--- patch-files-log_packets.conf ends here ---
--- patch-files-patch-log_packets.sh begins here ---
--- files/patch-log_packets.sh.orig 2006-10-09 14:04:38.000000000 -0500
+++ files/patch-log_packets.sh 2008-04-10 21:07:04.000000000 -0500
@@ -1,12 +1,13 @@
---- sensor/log_packets.sh.orig Fri Mar 24 13:12:18 2006
-+++ sensor/log_packets.sh Mon Mar 27 17:22:54 2006
-@@ -23,37 +23,16 @@
+--- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500
++++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500
+@@ -22,38 +22,16 @@
+ # #
##############################################################
-
--# Edit these for your setup
+# You shouldn't need to edit anything in this script
+-# Edit these for your setup
+-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
@@ -36,7 +37,7 @@
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/log_packets.conf
++CONF=/usr/local/etc/sguil-sensor/log_packets.conf
+if [ -r ${CONF} ]; then
+ . ${CONF}
+else
--- patch-files-patch-log_packets.sh ends here ---
--- example_agent.sh.in begins here ---
#!/bin/sh
# $FreeBSD$
# PROVIDE: example_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/%%SGUILDIR%%/rc.conf to enable example_agent:
# example_agent_enable (bool): Set to YES to enable example_agent
# Default: NO
# example_agent_conf (str): Sensor_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
#
. %%RC_SUBR%%
name="example_agent"
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
[ -z "$example_agent_enable" ] && example_agent_enable="NO"
[ -z "$example_agent_conf" ] && example_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"
load_rc_config $name
run_rc_command "$1"
--- example_agent.sh.in ends here ---
--- pads_agent.sh.in begins here ---
#!/bin/sh
# $FreeBSD$
# PROVIDE: pads_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/sguil-sensor/rc.conf to enable pads_agent:
# pads_agent_enable (bool): Set to YES to enable pads_agent
# Default: NO
# pads_agent_conf (str): Sensor_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
#
. %%RC_SUBR%%
name="pads_agent"
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
[ -z "$pads_agent_enable" ] && pads_agent_enable="NO"
[ -z "$pads_agent_conf" ] && pads_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"
load_rc_config $name
run_rc_command "$1"
--- pads_agent.sh.in ends here ---
--- pcap_agent.sh.in begins here ---
#!/bin/sh
# $FreeBSD$
# PROVIDE: pcap_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pcap_agent:
# pcap_agent_enable (bool): Set to YES to enable pcap_agent
# Default: NO
# pcap_agent_conf (str): Sensor_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
#
. %%RC_SUBR%%
name="pcap_agent"
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
[ -z "$pcap_agent_enable" ] && pcap_agent_enable="NO"
[ -z "$pcap_agent_conf" ] && pcap_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"
load_rc_config $name
run_rc_command "$1"
--- pcap_agent.sh.in ends here ---
--- sancp_agent.sh.in begins here ---
#!/bin/sh
# $FreeBSD$
# PROVIDE: sancp_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/sguil-sensor/rc.conf to enable sancp_agent:
# sancp_agent_enable (bool): Set to YES to enable sancp_agent
# Default: NO
# sancp_agent_conf (str): Sensor_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
#
. %%RC_SUBR%%
name="sancp_agent"
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
[ -z "$sancp_agent_enable" ] && sancp_agent_enable="NO"
[ -z "$sancp_agent_conf" ] && sancp_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"
load_rc_config $name
run_rc_command "$1"
--- sancp_agent.sh.in ends here ---
--- snort_agent.sh.in begins here ---
#!/bin/sh
# $FreeBSD$
# PROVIDE: snort_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/sguil-sensor/rc.conf to enable snort_agent:
# snort_agent_enable (bool): Set to YES to enable snort_agent
# Default: NO
# snort_agent_conf (str): Sensor_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf
#
. %%RC_SUBR%%
name="snort_agent"
rcvar=`set_rcvar`
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
[ -z "$snort_agent_enable" ] && snort_agent_enable="NO"
[ -z "$snort_agent_conf" ] && snort_agent_conf="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"
load_rc_config $name
run_rc_command "$1"
--- snort_agent.sh.in ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list