ports/174592: security/sguil-sensor, port update
Paul Schmehl
pauls at utdallas.edu
Thu Dec 20 15:50:01 UTC 2012
>Number: 174592
>Category: ports
>Synopsis: security/sguil-sensor, port update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 20 15:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Paul Schmehl
>Release: FreeBSD 8.3-STABLE amd64
>Organization:
The University of Texas at Dallas
>Environment:
System: FreeBSD hostname.utdallas.edu 8.3-STABLE FreeBSD 8.3-STABLE #2 r243378M: Wed Nov 21 22:16:38 UTC 2012 root at hostname.utdallas.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
security/sguil-sensor, update port to version 0.8.0
update to new OPTIONS framework and add LICENSE
>How-To-Repeat:
>Fix:
--- sguil-sensor.diff begins here ---
Index: Makefile
===================================================================
--- Makefile (revision 309313)
+++ Makefile (working copy)
@@ -6,8 +6,7 @@
#
PORTNAME= sguil-sensor
-PORTVERSION= 0.7.0
-PORTREVISION= 3
+PORTVERSION= 0.8.0
CATEGORIES= security
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
@@ -15,104 +14,108 @@
COMMENT= Sguil is a network security monitoring program
LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls
-RUN_DEPENDS= snort:${PORTSDIR}/security/snort \
- barnyard2:${PORTSDIR}/security/barnyard2 \
+RUN_DEPENDS= barnyard2:${PORTSDIR}/security/barnyard2-sguil \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
-OPTIONS= SANCP "Include sancp sensor" off \
- PADS "Include pads sensor" off
+OPTIONS_DEFINE= PADS SANCP
+PADS_DESC= Include pads sensor
+SANCP_DESC= Include sancp sensor
+LICENSE_NAME= QPLv1.0
+LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
+LICENSE_PERMS= auto-accept
+
NO_BUILD= yes
-USE_RC_SUBR= example_agent pcap_agent snort_agent
-TCLSH_CMD?= tclsh8.4
+USE_RC_SUBR= pcap_agent snort_agent
+TCL_VER= 8.5
+TCLSH= tclsh${TCL_VER}
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
-SUB_LIST= SGUILDIR=${SGUILDIR}
+PATCH_WRKSRC= ${WRKSRC}/sensor
+SGUILDIR?= sguil-sensor
+SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
SUB_FILES= pkg-message
PLIST_SUB= SGUILDIR=${SGUILDIR}
-SGUILDIR?= sguil-sensor
-AGENTS= example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
+AGENTS= pcap_agent.tcl snort_agent.tcl
+CONFS= pcap_agent.conf snort_agent.conf
+LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh
+WITH_PCRE= true
-PORTDOCS= CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
- OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+PORTDOCS1= README
+PORTDOCS2= README.daemonlogger
+PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
+ TODO UPGRADE USAGE sguildb.dia
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
-WITH_PCRE= true
-
-.if defined(WITH_SANCP)
+.if ${PORT_OPTIONS:MSANCP}
+AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl
+CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
-USE_RC_SUBR+= sancp_agent
-PLIST_SUB+= USESANCP=
+USE_RC_SUBR+= sancp_agent pcap_agent-sancp
+PLIST_SUB+= USESANCP=""
.else
PLIST_SUB+= USESANCP="@comment "
.endif
-.if defined(WITH_PADS)
+.if ${PORT_OPTIONS:MPADS}
+AGENTS+= pads_agent.tcl
+CONFS+= pads_agent.conf
RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads
USE_RC_SUBR+= pads_agent
-PLIST_SUB+= USEPADS=
+PLIST_SUB+= USEPADS=""
.else
PLIST_SUB+= USEPADS="@comment "
.endif
post-patch:
.for f in ${AGENTS}
- @${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
+ @${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
${WRKSRC}/sensor/${f}
- @${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
- ${WRKSRC}/sensor/${f}
.endfor
do-install:
@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
-.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
+ @${MKDIR} ${PREFIX}/share/${SGUILDIR}/init
+ (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig")
+ (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init)
+.for f in ${AGENTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.for f in log_packets.sh
+.for f in ${LOG_SCRIPTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.for f in example_agent.conf pcap_agent.conf snort_agent.conf
+.for f in ${CONFS}
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
-.for f in log_packets.conf
- ${INSTALL_DATA} ${FILESDIR}/${f} \
- ${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.if ${PORT_OPTIONS:MSANCP}
+.for f in log_packets-sancp.sh
+ ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+ ${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
-.if defined(WITH_SANCP)
-.for f in sancp_agent.conf
- ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
- ${PREFIX}/etc/${SGUILDIR}/${f}-sample
-.endfor
.for f in sancp.conf
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
- ${PREFIX}/etc/${f}-sample
-.endfor
-.for f in sancp_agent.tcl
- ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
- ${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
-.endif
-.if defined(WITH_PADS)
-.for f in pads_agent.conf
- ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
-.for f in pads_agent.tcl
- ${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
- ${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
.endif
post-install:
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
- cd ${WRKSRC}/doc && ${INSTALL_DATA} \
- ${PORTDOCS} ${DOCSDIR}
+ cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
+ cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR}
+.if ${PORT_OPTIONS:MSANCP}
+.for f in README.sancp_indexed_pcap
+ cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR}
+.endfor
.endif
+.endif
@${CAT} ${PKGMESSAGE}
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Index: distinfo
===================================================================
--- distinfo (revision 309313)
+++ distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
-SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
+SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
+SIZE (sguil-sensor-0.8.0.tar.gz) = 142829
Index: files/example_agent.in
===================================================================
--- files/example_agent.in (revision 309313)
+++ files/example_agent.in (working copy)
@@ -1,34 +0,0 @@
-#!/bin/sh
-
-# $FreeBSD$
-
-# PROVIDE: example_agent
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-
-# Add the following line to /etc/rc.conf to enable example_agent:
-# example_agent_enable (bool): Set to YES to enable example_agent
-# Default: NO
-# example_agent_conf (str): Example_agent configuration file
-# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
-# example_agent_flags (str): Default: -D
-#
-
-. /etc/rc.subr
-
-load_rc_config example_agent
-
-#set defaults
-example_agent_enable=${example_agent_enable:-"NO"}
-example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
-example_agent_flags=${example_agent_flags:-"-D"}
-
-name="example_agent"
-rcvar=example_agent_enable
-command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
-command_args="-c ${example_agent_conf} ${example_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
-pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
-
-run_rc_command "$1"
Index: files/log_packets.conf
===================================================================
--- files/log_packets.conf (revision 309313)
+++ files/log_packets.conf (working copy)
@@ -1,35 +0,0 @@
-# Conf file for the log_packets script
-# Make sure you verify the location of
-# each of the binaries on your OS
-
-# Edit these for your setup
-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
-HOSTNAME="myhost"
-# Path to snort binary
-SNORT_PATH="/usr/local/bin/snort"
-# Directory to log pcap data to (date dirs will be created in here)
-# Note: The path $HOSTNAME/dailylogs, will be appended to this.
-LOG_DIR="/snort_data"
-# Percentage of disk to try and maintain
-MAX_DISK_USE=90
-# Interface to 'listen' to.
-INTERFACE="eth0"
-# Other options to use when starting snort
-#OPTIONS="-u sguil -g sguil -m 122"
-# Where to store the pid
-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
-# How do we run ps
-PS="ps awx"
-# Where is grep
-GREP="/usr/bin/grep"
-#Add BPFs here.
-#The below is an example of a filter for ignoring outbound HTTP from my network
-# to the world.
-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
-
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
Index: files/pads_agent.in
===================================================================
--- files/pads_agent.in (revision 309313)
+++ files/pads_agent.in (working copy)
@@ -16,19 +16,51 @@
. /etc/rc.subr
-load_rc_config pads_agent
+name="pads_agent"
+rcvar=${name}_enable
+load_rc_config ${name}
#set defaults
-pads_agent_enable=${pads_agent_enable:-"NO"}
-pads_agent_conf=${pads_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
-pads_agent_flags=${pads_agent_flags:-"-D"}
+: ${pads_agent_enable:="NO"}
+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
-name="pads_agent"
-rcvar=pads_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
-command_args="-c ${pads_agent_conf} ${pads_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
+start_precmd="pads_agent_ck4fifo"
+stop_postcmd="pads_agent_rmfifo"
+
+pads_agent_ck4fifo()
+{
+ LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+ HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+ PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+ if [ ! -p ${PADS_FIFO} ]; then
+ echo "${PADS_FIFO} does not exist. Creating now....."
+ /usr/bin/mkfifo ${PADS_FIFO}
+ fi
+ echo "Checking for ${PADS_FIFO}...."
+ if [ -p ${PADS_FIFO} ]; then
+ echo "Confirmed! ${PADS_FIFO} exists."
+ else
+ echo "I tried to create ${PADS_FIFO} and failed."
+ echo "You will need to create it manually before starting ${name}."
+ fi
+}
+
+pads_agent_rmfifo()
+{
+ LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+ HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+ PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+ if [ -p ${PADS_FIFO} ]; then
+ /bin/rm ${PADS_FIFO}
+ echo "Removing ${PADS_FIFO}...."
+ fi
+}
+
run_rc_command "$1"
Index: files/patch-log_packets.sh
===================================================================
--- files/patch-log_packets.sh (revision 309313)
+++ files/patch-log_packets.sh (working copy)
@@ -1,50 +0,0 @@
---- sensor/log_packets.sh.orig 2008-04-03 22:16:22.000000000 -0500
-+++ sensor/log_packets.sh 2008-04-03 22:22:20.000000000 -0500
-@@ -22,38 +22,16 @@
- # #
- ##############################################################
-
-+# You shouldn't need to edit anything in this script
-
--# Edit these for your setup
--
--# Sensors hostname.
--# Note: If running multiple snort instances, then this must be different
--# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
--HOSTNAME="myhost"
--# Path to snort binary
--SNORT_PATH="/usr/local/bin/snort"
--# Directory to log pcap data to (date dirs will be created in here)
--# Note: The path $HOSTNAME/dailylogs, will be appended to this.
--LOG_DIR="/snort_data"
--# Percentage of disk to try and maintain
--MAX_DISK_USE=90
--# Interface to 'listen' to.
--INTERFACE="eth0"
--# Other options to use when starting snort
--#OPTIONS="-u sguil -g sguil -m 122"
--# Where to store the pid
--PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
--# How do we run ps
--PS="ps awx"
--# Where is grep
--GREP="/usr/bin/grep"
--#Add BPFs here.
--#The below is an example of a filter for ignoring outbound HTTP from my network
--# to the world.
--#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
--
--#Some installs may need these
--#LD_LIBRARY_PATH=/usr/local/lib/mysql
--#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/sguil-sensor/log_packets.conf
-+if [ -r ${CONF} ]; then
-+ . ${CONF}
-+else
-+ echo "Your conf file is either missing or the path "
-+ echo "in the log_packets.sh script is incorrect."
-+ exit 1
-+fi
-
- TZ=GMT
- export TZ
Index: files/patch-ossec_agent.tcl
===================================================================
--- files/patch-ossec_agent.tcl (revision 0)
+++ files/patch-ossec_agent.tcl (working copy)
@@ -0,0 +1,30 @@
+--- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000
++++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code
+ # distributed with sguil.
+@@ -593,9 +591,9 @@
+ if { ![info exists CONF_FILE] } {
+
+ # No conf file specified check the defaults
+- if { [file exists /etc/ossec_agent.conf] } {
++ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
+
+- set CONF_FILE /etc/ossec_agent.conf
++ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
+
+ } elseif { [file exists ./ossec_agent.conf] } {
+
+@@ -604,7 +602,7 @@
+ } else {
+
+ puts "Couldn't determine where the ossec_agent.tcl config file is"
+- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
+ DisplayUsage $argv0
+
+ }
Index: files/patch-pads_agent.tcl
===================================================================
--- files/patch-pads_agent.tcl (revision 0)
+++ files/patch-pads_agent.tcl (working copy)
@@ -0,0 +1,39 @@
+--- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000
++++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
+
+@@ -332,7 +330,7 @@
+ id process group set
+ if {[fork]} {exit 0}
+ set PID [id process]
+- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
++ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
+ set PID_DIR [file dirname $PID_FILE]
+ if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
+ puts "ERROR: Directory $PID_DIR does not exists or is not writable."
+@@ -380,16 +378,16 @@
+ }
+ }
+ # Parse the config file here
+-# Default location is /etc/pads_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ # No conf file specified check the defaults
+- if { [file exists /etc/pads_agent.conf] } {
+- set CONF_FILE /etc/pads_agent.conf
++ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
++ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
+ } elseif { [file exists ./pads_agent.conf] } {
+ set CONF_FILE ./pads_agent.conf
+ } else {
+ puts "Couldn't determine where the sensor_agent.tcl config file is"
+- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
+ DisplayUsage $argv0
+ }
+ }
Index: files/patch-pcap_agent-sancp.tcl
===================================================================
--- files/patch-pcap_agent-sancp.tcl (revision 0)
+++ files/patch-pcap_agent-sancp.tcl (working copy)
@@ -0,0 +1,35 @@
+--- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000
++++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
+
+@@ -754,13 +752,13 @@
+ }
+
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+
+ # No conf file specified check the defaults
+- if { [file exists /etc/pcap_agent.conf] } {
++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+
+- set CONF_FILE /etc/pcap_agent.conf
++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+
+ } elseif { [file exists ./pcap_agent.conf] } {
+
+@@ -769,7 +767,7 @@
+ } else {
+
+ puts "Couldn't determine where the pcap_agent.tcl config file is"
+- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+ DisplayUsage $argv0
+
+ }
Index: files/patch-pcap_agent.tcl
===================================================================
--- files/patch-pcap_agent.tcl (revision 0)
+++ files/patch-pcap_agent.tcl (working copy)
@@ -0,0 +1,35 @@
+--- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000
++++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
+
+@@ -771,13 +769,13 @@
+ }
+
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+
+ # No conf file specified check the defaults
+- if { [file exists /etc/pcap_agent.conf] } {
++ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+
+- set CONF_FILE /etc/pcap_agent.conf
++ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+
+ } elseif { [file exists ./pcap_agent.conf] } {
+
+@@ -786,7 +784,7 @@
+ } else {
+
+ puts "Couldn't determine where the pcap_agent.tcl config file is"
+- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+ DisplayUsage $argv0
+
+ }
Index: files/patch-sancp_agent.tcl
===================================================================
--- files/patch-sancp_agent.tcl (revision 0)
+++ files/patch-sancp_agent.tcl (working copy)
@@ -0,0 +1,30 @@
+--- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000
++++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
+
+@@ -582,16 +580,16 @@
+ }
+ }
+ # Parse the config file here
+-# Default location is /etc/sancp_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ # No conf file specified check the defaults
+- if { [file exists /etc/sancp_agent.conf] } {
+- set CONF_FILE /etc/sancp_agent.conf
++ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
++ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
+ } elseif { [file exists ./sancp_agent.conf] } {
+ set CONF_FILE ./sancp_agent.conf
+ } else {
+ puts "Couldn't determine where the sancp_agent.tcl config file is"
+- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
+ DisplayUsage $argv0
+ }
+ }
Index: files/patch-snort_agent.tcl
===================================================================
--- files/patch-snort_agent.tcl (revision 0)
+++ files/patch-snort_agent.tcl (working copy)
@@ -0,0 +1,35 @@
+--- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000
++++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+
+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
+
+@@ -680,13 +678,13 @@
+ }
+
+ # Parse the config file here
+-# Default location is /etc/snort_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+
+ # No conf file specified check the defaults
+- if { [file exists /etc/snort_agent.conf] } {
++ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
+
+- set CONF_FILE /etc/snort_agent.conf
++ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
+
+ } elseif { [file exists ./snort_agent.conf] } {
+
+@@ -695,7 +693,7 @@
+ } else {
+
+ puts "Couldn't determine where the snort_agent.tcl config file is"
+- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
++ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
+ DisplayUsage $argv0
+
+ }
Index: files/pcap_agent-sancp.in
===================================================================
--- files/pcap_agent-sancp.in (revision 0)
+++ files/pcap_agent-sancp.in (working copy)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 302141 2012-08-05 23:19:36Z dougb $
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp
+# Default: NO
+# pcap_agent-sancp_conf (str): Pads_agent configuration file
+# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str): Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+load_rc_config pcap_agent-sancp
+
+#set defaults
+: ${pcap_agent-sancp_enable:="NO"}
+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"
Index: files/pcap_agent.in
===================================================================
--- files/pcap_agent.in (revision 309313)
+++ files/pcap_agent.in (working copy)
@@ -16,19 +16,17 @@
. /etc/rc.subr
+name="pcap_agent"
+rcvar=pcap_agent_enable
load_rc_config pcap_agent
#set defaults
-pcap_agent_enable=${pcap_agent_enable:-"NO"}
-pcap_agent_conf=${pcap_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
-pcap_agent_flags=${pcap_agent_flags:-"-D"}
+: ${pcap_agent_enable:="NO"}
+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
-name="pcap_agent"
-rcvar=pcap_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
-command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
run_rc_command "$1"
Index: files/pkg-message.in
===================================================================
--- files/pkg-message.in (revision 309313)
+++ files/pkg-message.in (working copy)
@@ -2,13 +2,11 @@
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
-If you already had barnyard installed, this port will NOT deinstall
-it and install the barnyard-sguil6 port instead. You will need to
-deinstall the barnyard port and install the barnyard-sguil6 port yourself
-instead. This port WILL NOT WORK without the barnyard-sguil6 port!!
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead. You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead. This port WILL NOT WORK without the barnyard2-sguil port!!
-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
-to fit your configuration before running the log_packets.sh script.
See the %%DOCSDIR%%/INSTALL doc for details on the
configuration and for croning the script.
@@ -16,13 +14,18 @@
quickly. You should probably configure sguil et al to log to
another partition/location (e.g. /nsm/tmp/).
-You must ALSO edit all of the sensor conf fileis (located in
+You must ALSO edit all of the sensor conf files (located in
%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before
starting the sensor_agents.
+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SGUILDIR%%.
+
If you chose to run sancp, and you already had a sancp.conf file in
%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
-The new sancp.conf-sample file contains the settings for squil.
-If you still want to maintain the customized sancp.conf file, then copy
-the new sancp.conf-sample file to sguild-sancp.conf (for example) and
-add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3. It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
Index: files/sancp_agent.in
===================================================================
--- files/sancp_agent.in (revision 309313)
+++ files/sancp_agent.in (working copy)
@@ -16,19 +16,17 @@
. /etc/rc.subr
+name="sancp_agent"
+rcvar=sancp_agent_enable
load_rc_config sancp_agent
#set defaults
-sancp_agent_enable=${sancp_agent_enable:-"NO"}
-sancp_agent_conf=${sancp_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
-sancp_agent_flags=${sancp_agent_flags:-"-D"}
+: ${sancp_agent_enable:="NO"}
+: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
+: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
-name="sancp_agent"
-rcvar=sancp_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
-command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
run_rc_command "$1"
Index: files/snort_agent.in
===================================================================
--- files/snort_agent.in (revision 309313)
+++ files/snort_agent.in (working copy)
@@ -16,19 +16,17 @@
. /etc/rc.subr
+name="snort_agent"
+rcvar=snort_agent_enable
load_rc_config snort_agent
#set defaults
-snort_agent_enable=${snort_agent_enable:-"NO"}
-snort_agent_conf=${snort_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
-snort_agent_flags=${snort_agent_flags:-"-D"}
+: ${snort_agent_enable:="NO"}
+: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
+: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
-name="snort_agent"
-rcvar=snort_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
-command_args="-c ${snort_agent_conf} ${snort_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
run_rc_command "$1"
Index: pkg-descr
===================================================================
--- pkg-descr (revision 309313)
+++ pkg-descr (working copy)
@@ -4,7 +4,7 @@
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
-The sensor list includes security/barnyard, security/snort,
+The sensor list includes security/barnyard2-sguil, security/snort,
security/sancp, net-mgmt/pads, tcpdump (a part of the OS)
and devel/tcltls as well as lang/tcl84 and lang/tclX. Care
has been taken to ensure that everything you need to build
@@ -15,4 +15,3 @@
rule management capabilities.
WWW: http://sguil.sourceforge.net/index.php
-pauls at utdallas.edu
Index: pkg-plist
===================================================================
--- pkg-plist (revision 309313)
+++ pkg-plist (working copy)
@@ -1,15 +1,41 @@
+bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/example_agent.tcl
bin/%%SGUILDIR%%/pcap_agent.tcl
bin/%%SGUILDIR%%/snort_agent.tcl
-etc/%%SGUILDIR%%/example_agent.conf-sample
etc/%%SGUILDIR%%/pcap_agent.conf-sample
etc/%%SGUILDIR%%/snort_agent.conf-sample
-etc/%%SGUILDIR%%/log_packets.conf-sample
+%%DOCSDIR%%/CHANGES
+%%DOCSDIR%%/FAQ
+%%DOCSDIR%%/INSTALL
+%%DOCSDIR%%/INSTALL.openbsd
+%%DOCSDIR%%/OPENSSL.README
+%%DOCSDIR%%/README
+%%DOCSDIR%%/README.daemonlogger
+%%DOCSDIR%%/TODO
+%%DOCSDIR%%/UPGRADE
+%%DOCSDIR%%/USAGE
+%%DOCSDIR%%/sguildb.dia
+share/%%SGUILDIR%%/contrib/ossec_agent/README
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
+share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
+share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
+share/%%SGUILDIR%%/init/sensoragent
%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
-%%USESANCP%%etc/sancp.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
+%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
+%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
+ at dirrm share/%%SGUILDIR%%/init
+ at dirrm share/%%SGUILDIR%%/contrib/portscan_loader
+ at dirrm share/%%SGUILDIR%%/contrib/ossec_agent
+ at dirrm share/%%SGUILDIR%%/contrib
+ at dirrm share/%%SGUILDIR%%
+ at dirrmtry etc/%%SGUILDIR%%
@dirrm bin/%%SGUILDIR%%
- at dirrmtry etc/%%SGUILDIR%%
+ at dirrm %%DOCSDIR%%
--- sguil-sensor.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list