ports/127708: [patch] update of ossec-hids from 1.4 -> 1.6
valerio.daelli at gmail.com
valerio.daelli at gmail.com
Mon Sep 29 09:10:01 UTC 2008
>Number: 127708
>Category: ports
>Synopsis: [patch] update of ossec-hids from 1.4 -> 1.6
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Sep 29 09:10:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Valerio Daelli
>Release: FreeBSD 6.2-RELEASE-p6 amd64
>Organization:
>Environment:
System: FreeBSD sodio.ifom-ieo-campus.it 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #8: Tue Jul 24 17:16:37 CEST 2007 root at sodio.ifom-ieo-campus.it:/usr/obj/usr/src/sys/SODIO amd64
>Description:
This patch updates ossec-hids from 1.4 to 1.6
>How-To-Repeat:
>Fix:
cd /usr/ports/security/ossec-hids-server
patch -p1 < ../OSSEC-HIDS-SERVER.patch
--- OSSEC-HIDS-SERVER.patch begins here ---
diff -ruN ossec-hids-server.OLD/Makefile ossec-hids-server/Makefile
--- ossec-hids-server.OLD/Makefile 2007-12-30 10:53:43.000000000 +0000
+++ ossec-hids-server/Makefile 2008-09-28 20:15:10.000000000 +0000
@@ -6,7 +6,7 @@
#
PORTNAME= ossec-hids
-PORTVERSION= 1.4
+PORTVERSION= 1.6
PORTREVISION?= 0
CATEGORIES= security
MASTER_SITES= http://www.ossec.net/files/ \
diff -ruN ossec-hids-server.OLD/distinfo ossec-hids-server/distinfo
--- ossec-hids-server.OLD/distinfo 2007-12-30 10:53:43.000000000 +0000
+++ ossec-hids-server/distinfo 2008-09-28 20:15:13.000000000 +0000
@@ -1,3 +1,3 @@
-MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9
-SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f
-SIZE (ossec-hids-1.4.tar.gz) = 598579
+MD5 (ossec-hids-1.6.tar.gz) = 2ed9ef649d44ad416047a4c28eaad13c
+SHA256 (ossec-hids-1.6.tar.gz) = 07dc21b1d1b581c29c16ba0bdca525fabac775aa7f2be139708c5427261e0687
+SIZE (ossec-hids-1.6.tar.gz) = 666622
diff -ruN ossec-hids-server.OLD/files/patch-InstallServer.sh ossec-hids-server/files/patch-InstallServer.sh
--- ossec-hids-server.OLD/files/patch-InstallServer.sh 2007-04-20 21:29:20.000000000 +0000
+++ ossec-hids-server/files/patch-InstallServer.sh 2008-09-28 22:13:41.000000000 +0000
@@ -1,7 +1,15 @@
-diff -ruN src/InstallServer.sh.orig src/InstallServer.sh
---- src/InstallServer.sh.orig Sun Jan 7 23:38:16 2007
-+++ src/InstallServer.sh Thu Apr 5 15:58:08 2007
-@@ -255,12 +255,12 @@
+--- src/InstallServer.sh 2008-08-22 20:42:09.000000000 +0000
++++ src/InstallServer.sh 2008-09-28 22:10:45.000000000 +0000
+@@ -174,7 +174,7 @@
+ fi
+ fi
+
+-cp -pr ../etc/rules/* ${DIR}/rules/
++cp -pr ../etc/rules/*.xml ${DIR}/rules/
+
+ # If the local_rules is saved, moved it back
+ ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
+@@ -284,12 +284,12 @@
ls ../etc/ossec.mc > /dev/null 2>&1
if [ $? = 0 ]; then
diff -ruN ossec-hids-server.OLD/files/patch-attack_rules.xml ossec-hids-server/files/patch-attack_rules.xml
--- ossec-hids-server.OLD/files/patch-attack_rules.xml 1970-01-01 00:00:00.000000000 +0000
+++ ossec-hids-server/files/patch-attack_rules.xml 2008-09-28 21:55:30.000000000 +0000
@@ -0,0 +1,16 @@
+--- etc/rules/attack_rules.xml 2008-08-29 17:15:08.000000000 +0000
++++ attack_rules.xml 2008-09-28 21:39:52.000000000 +0000
+@@ -85,11 +85,13 @@
+ <description>by a success.</description>
+ </rule>
+
++<!--
+ <rule id="40113" level="12" frequency="6" timeframe="360">
+ <if_matched_group>virus</if_matched_group>
+ <description>Multiple viruses detected - Possible outbreak.</description>
+ <group>virus,</group>
+ </rule>
++-->
+
+ </group> <!-- SYSLOG, ATTACKS, -->
+
diff -ruN ossec-hids-server.OLD/files/patch-mcafee_av_rules.xml ossec-hids-server/files/patch-mcafee_av_rules.xml
--- ossec-hids-server.OLD/files/patch-mcafee_av_rules.xml 1970-01-01 00:00:00.000000000 +0000
+++ ossec-hids-server/files/patch-mcafee_av_rules.xml 2008-09-28 21:55:36.000000000 +0000
@@ -0,0 +1,18 @@
+--- etc/rules/mcafee_av_rules.xml 2008-08-28 15:56:00.000000000 +0000
++++ mcafee_av_rules.xml 2008-09-28 21:39:52.000000000 +0000
+@@ -42,6 +42,7 @@
+ <description>McAfee Windows AV error event.</description>
+ </rule>
+
++<!--
+ <rule id="7504" level="12">
+ <if_sid>7500</if_sid>
+ <regex>$MCAFEE_VIRUS</regex>
+@@ -62,6 +63,7 @@
+ <group>virus</group>
+ <description>McAfee Windows AV - Virus detected and file will be deleted.</description>
+ </rule>
++-->
+
+ <rule id="7507" level="3">
+ <if_sid>7500</if_sid>
diff -ruN ossec-hids-server.OLD/files/patch-symantec-av_rules.xml ossec-hids-server/files/patch-symantec-av_rules.xml
--- ossec-hids-server.OLD/files/patch-symantec-av_rules.xml 1970-01-01 00:00:00.000000000 +0000
+++ ossec-hids-server/files/patch-symantec-av_rules.xml 2008-09-28 21:55:42.000000000 +0000
@@ -0,0 +1,17 @@
+--- etc/rules/symantec-av_rules.xml 2008-06-17 17:03:56.000000000 +0000
++++ symantec-av_rules.xml 2008-09-28 21:39:52.000000000 +0000
+@@ -31,12 +31,14 @@
+ <description>Grouping of Symantec AV rules from eventlog.</description>
+ </rule>
+
++<!--
+ <rule id="7310" level="9">
+ <if_sid>7300, 7301</if_sid>
+ <id>^5$|^17$</id>
+ <group>virus</group>
+ <description>Virus detected.</description>
+ </rule>
++-->
+
+ <rule id="7320" level="3">
+ <if_sid>7300, 7301</if_sid>
diff -ruN ossec-hids-server.OLD/files/pkg-message.in ossec-hids-server/files/pkg-message.in
--- ossec-hids-server.OLD/files/pkg-message.in 2007-12-30 10:53:43.000000000 +0000
+++ ossec-hids-server/files/pkg-message.in 2008-09-28 21:35:18.000000000 +0000
@@ -16,3 +16,5 @@
When you deinstall this port after starting the daemons once, many directories that are
created by the daemons will remain. To fully remove the port you need to delete those
directories manually.
+To further enhance the security on your system, you may also enable some checks
+in PAM for a fast reaction against intrusions.
diff -ruN ossec-hids-server.OLD/pkg-plist ossec-hids-server/pkg-plist
--- ossec-hids-server.OLD/pkg-plist 2007-12-30 10:53:43.000000000 +0000
+++ ossec-hids-server/pkg-plist 2008-09-28 22:16:56.000000000 +0000
@@ -19,6 +19,10 @@
%%PORTNAME%%/bin/ossec-remoted
%%PORTNAME%%/bin/ossec-syscheckd
%%PORTNAME%%/bin/syscheck_update
+%%PORTNAME%%/bin/ossec-csyslogd
+%%PORTNAME%%/bin/agent_control
+%%PORTNAME%%/bin/syscheck_control
+%%PORTNAME%%/bin/rootcheck_control
%%PORTNAME%%/etc/decoder.xml
%%PORTNAME%%/etc/internal_options.conf
@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
@@ -29,6 +33,9 @@
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
%%PORTNAME%%/etc/shared/win_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_malware_rcl.txt
+%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
+%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
+%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
%%PORTNAME%%/logs/ossec.log
%%PORTNAME%%/rules/apache_rules.xml
%%PORTNAME%%/rules/arpwatch_rules.xml
@@ -73,6 +80,11 @@
%%PORTNAME%%/rules/vsftpd_rules.xml
%%PORTNAME%%/rules/web_rules.xml
%%PORTNAME%%/rules/zeus_rules.xml
+%%PORTNAME%%/rules/vmware_rules.xml
+%%PORTNAME%%/rules/vmpop3d_rules.xml
+%%PORTNAME%%/rules/solaris_bsm_rules.xml
+%%PORTNAME%%/rules/mcafee_av_rules.xml
+%%PORTNAME%%/rules/asterisk_rules.xml
@dirrmtry %%PORTNAME%%/var/run
@dirrmtry %%PORTNAME%%/var
@dirrmtry %%PORTNAME%%/tmp
--- OSSEC-HIDS-SERVER.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list