svn commit: r413754 - in head/security/ossec-hids-server: . files
Matthew Seaman
matthew at FreeBSD.org
Thu Apr 21 19:37:14 UTC 2016
Author: matthew
Date: Thu Apr 21 19:37:11 2016
New Revision: 413754
URL: https://svnweb.freebsd.org/changeset/ports/413754
Log:
* Modernize OPTIONS handling somewhat: this fixes compilation when
either the MYSQL or PGSQL options are enabled
* Add OPTION-dependent targets to install the postgresql or mysql DB
schemas as portdocs when either of those two options are enabled.
* Add a patch for the DB schemas to allow for longer entries in the
system.information column (submitted upstream and committed as
https://github.com/ossec/ossec-hids/commit/7a4b0d32e2b67bbef5d68dd7aeeee4e70b9c1982
* Add a 'reload' command to the ossec-hids RC script
* Update to version 2.8.3
* Generally update patch files via 'make makepatch'
* Change expect scripts used by agentlessd to group ossec so they are
executable by the ossec user.
* Use shebangfix to set an explicit path to where expect is installed,
since it isn't on the default path inherited from the system init
scripts, so /usr/bin/env doesn't find the command interpreter.
* Change CONFLICTS to CONFLICTS_INSTALL between each of the the
ossec-hids-{client,local,server} ports.
DB changes compile tested with postgresql and mysql, but only
thoroughly run-time tested with postgresql.
PR: 208935
Submitted by: matthew
Approved by: brd (maintainer)
Added:
head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema (contents, props changed)
head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema (contents, props changed)
Modified:
head/security/ossec-hids-server/Makefile
head/security/ossec-hids-server/distinfo
head/security/ossec-hids-server/files/ossec-hids.in
head/security/ossec-hids-server/files/patch-src__InstallAgent.sh
head/security/ossec-hids-server/files/patch-src__InstallServer.sh
head/security/ossec-hids-server/files/patch-src__LOCATION
head/security/ossec-hids-server/files/patch-src__headers__defs.h
head/security/ossec-hids-server/pkg-plist
Modified: head/security/ossec-hids-server/Makefile
==============================================================================
--- head/security/ossec-hids-server/Makefile Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/Makefile Thu Apr 21 19:37:11 2016 (r413754)
@@ -2,7 +2,8 @@
# $FreeBSD$
PORTNAME= ossec-hids
-PORTVERSION= 2.8.2
+PORTVERSION= 2.8.3
+DISTVERSIONPREFIX= v
PORTREVISION?= 0
CATEGORIES= security
USE_GITHUB= yes
@@ -28,41 +29,57 @@ GROUPS= ossec
.if !defined(CLIENT_ONLY)
OPTIONS_DEFINE= MYSQL PGSQL
+
+MYSQL_VARS= WITH_DB=yes
+MYSQL_USE= MYSQL=client
+MYSQL_PORTDOCS= mysql.schema
+
+PGSQL_VARS= WITH_DB=yes
+PGSQL_USES= pgsql
+PGSQL_PORTDOCS= postgresql.schema
+
+RUN_DEPENDS= expect:lang/expect
+
+USES+= shebangfix
+SHEBANG_LANG= expect
+expect_OLD_CMD= "/usr/bin/env expect"
+expect_CMD= ${LOCALBASE}/bin/expect
+SHEBANG_FILES= src/agentlessd/scripts/main.exp \
+ src/agentlessd/scripts/ssh.exp \
+ src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
+ src/agentlessd/scripts/ssh_foundry_diff \
+ src/agentlessd/scripts/ssh_generic_diff \
+ src/agentlessd/scripts/ssh_integrity_check_bsd \
+ src/agentlessd/scripts/ssh_integrity_check_linux \
+ src/agentlessd/scripts/ssh_nopass.exp \
+ src/agentlessd/scripts/ssh_pixconfig_diff \
+ src/agentlessd/scripts/sshlogin.exp \
+ src/agentlessd/scripts/su.exp
.endif
OPTIONS_DEFINE+= DOCS
SUB_LIST= PORTNAME=${PORTNAME}
SUB_FILES= pkg-message
PLIST_SUB= PORTNAME=${PORTNAME}
-PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE
+DOCSFILES= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE
+PORTDOCS= ${DOCSFILES}
.include <bsd.port.pre.mk>
-.if !defined(CLIENT_ONLY)
-.if ${PORT_OPTIONS:MMYSQL}
-WITH_DB= yes
-USE_MYSQL= client
-.endif
-
-.if ${PORT_OPTIONS:MPGSQL}
-WITH_DB= yes
-USES+= pgsql
-.endif
-.endif
STRIP_FILES= ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update
.if defined(CLIENT_ONLY)
SUB_LIST+= PRECMD=:
PKGNAMESUFFIX= -client
-CONFLICTS= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]*
+CONFLICTS_INSTALL= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]*
STRIP_FILES= agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd
.elif defined(LOCAL_ONLY)
SUB_LIST+= PRECMD=ossechids_start_precmd
PKGNAMESUFFIX= -local
-CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]*
+CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]*
.else
SUB_LIST+= PRECMD=ossechids_start_precmd
-CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]*
+CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]*
.endif
post-patch:
@@ -116,6 +133,14 @@ do-install:
post-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
- @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}
+ @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
+
+post-install-MYSQL-on:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR}
+
+post-install-PGSQL-on:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR}
.include <bsd.port.post.mk>
Modified: head/security/ossec-hids-server/distinfo
==============================================================================
--- head/security/ossec-hids-server/distinfo Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/distinfo Thu Apr 21 19:37:11 2016 (r413754)
@@ -1,2 +1,2 @@
-SHA256 (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 61e0892175a79fe119c8bab886cd41fcc3be9b84526600b06c18fa178a59cb34
-SIZE (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 1635142
+SHA256 (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd
+SIZE (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 1642095
Modified: head/security/ossec-hids-server/files/ossec-hids.in
==============================================================================
--- head/security/ossec-hids-server/files/ossec-hids.in Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/files/ossec-hids.in Thu Apr 21 19:37:11 2016 (r413754)
@@ -21,12 +21,16 @@ start_cmd="ossechids_command start"
stop_cmd="ossechids_command stop"
restart_cmd="ossechids_command restart"
status_cmd="ossechids_command status"
+reload_cmd="ossechids_command reload"
command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control"
required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf"
+extra_commands="reload"
fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue
ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue
+ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log
+active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log
ossechids_start_precmd() {
# These files are not created by the daemons with the correct
@@ -43,6 +47,15 @@ ossechids_start_precmd() {
chown ${ossechids_user}:${ossechids_group} ${ig_queue}
chmod 640 ${ig_queue}
fi
+
+ # Ensure logfiles are created with the correct ownership and mode
+ for log in ${ossec_log} ${active_responses_log}; do
+ if [ ! -e ${log} ]; then
+ touch ${log}
+ chown ${ossechids_user}:${ossechids_group} ${log}
+ chmod 660 ${log}
+ fi
+ done
}
ossechids_command() {
Modified: head/security/ossec-hids-server/files/patch-src__InstallAgent.sh
==============================================================================
--- head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Thu Apr 21 19:37:11 2016 (r413754)
@@ -1,4 +1,4 @@
---- src/InstallAgent.sh.orig 2015-06-10 15:38:32 UTC
+--- src/InstallAgent.sh.orig 2015-10-12 21:21:06 UTC
+++ src/InstallAgent.sh
@@ -37,11 +37,11 @@ fi
@@ -41,7 +41,7 @@
chmod -R 750 ${DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
-@@ -129,8 +124,7 @@ chmod 740 ${DIR}/queue/diff/* > /dev/nul
+@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp
# For the etc dir
@@ -51,7 +51,7 @@
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
-@@ -142,13 +136,11 @@ if [ "$UNAME" = "SunOS" ]; then
+@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then
mkdir -p ${DIR}/usr/share/lib/zoneinfo/
chmod -R 555 ${DIR}/usr/
cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
@@ -65,7 +65,7 @@
chmod 555 ${DIR}/etc/TIMEZONE
fi
-@@ -168,25 +160,17 @@ cp -pr ../etc/local_internal_options.con
+@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con
cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
cp -pr agentlessd/scripts/* ${DIR}/agentless/
@@ -93,7 +93,7 @@
# Moving the binary files
-@@ -200,7 +184,6 @@ cp -pr addagent/manage_agents ${DIR}/bin
+@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin
cp -pr ../contrib/util.sh ${DIR}/bin/
cp -pr external/lua/src/ossec-lua ${DIR}/bin/
cp -pr external/lua/src/ossec-luac ${DIR}/bin/
@@ -101,7 +101,7 @@
chmod +x ${DIR}/bin/util.sh
# Copying active response modules
-@@ -208,10 +191,8 @@ sh ./init/fw-check.sh execute > /dev/nul
+@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul
cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
chmod 755 ${DIR}/active-response/bin/*
@@ -113,7 +113,7 @@
# Moving the config file
-@@ -227,7 +208,6 @@ if [ $? = 0 ]; then
+@@ -229,7 +210,6 @@ if [ $? = 0 ]; then
else
cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
fi
Modified: head/security/ossec-hids-server/files/patch-src__InstallServer.sh
==============================================================================
--- head/security/ossec-hids-server/files/patch-src__InstallServer.sh Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/files/patch-src__InstallServer.sh Thu Apr 21 19:37:11 2016 (r413754)
@@ -1,4 +1,4 @@
---- src/InstallServer.sh.orig 2015-06-10 15:38:32 UTC
+--- src/InstallServer.sh.orig 2015-10-12 21:21:06 UTC
+++ src/InstallServer.sh
@@ -44,13 +44,13 @@ fi
@@ -21,7 +21,7 @@
elif [ "$UNAME" = "SunOS" ]; then
grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
-@@ -121,63 +121,47 @@ for i in ${subdirs}; do
+@@ -121,66 +121,49 @@ for i in ${subdirs}; do
done
# Default for all directories
@@ -70,6 +70,10 @@
chmod -R 750 ${DIR}/queue/agentless
chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
+-chown -R root:${GROUP} ${DIR}/tmp
+-chmod 1550 ${DIR}/tmp
++chmod 1750 ${DIR}/tmp
+
# For the stats directory
-chown -R ${USER}:${GROUP} ${DIR}/stats
@@ -87,7 +91,7 @@
chmod 660 ${DIR}/logs/active-responses.log
# For the rules directory
-@@ -195,7 +179,7 @@ if [ $? = 0 ]; then
+@@ -198,7 +181,7 @@ if [ $? = 0 ]; then
fi
fi
@@ -96,7 +100,7 @@
find ${DIR}/rules/ -type f -exec chmod 440 {} \;
# If the local_rules is saved, moved it back
-@@ -204,37 +188,33 @@ if [ $? = 0 ]; then
+@@ -207,37 +190,33 @@ if [ $? = 0 ]; then
mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
fi
@@ -138,7 +142,7 @@
# Moving the binary files
cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
-@@ -257,7 +237,6 @@ cp -pr util/rootcheck_control ${DIR}/bin
+@@ -260,7 +239,6 @@ cp -pr util/rootcheck_control ${DIR}/bin
cp -pr external/lua/src/ossec-lua ${DIR}/bin/
cp -pr external/lua/src/ossec-luac ${DIR}/bin/
cp -pr ../contrib/util.sh ${DIR}/bin/
@@ -146,7 +150,7 @@
chmod +x ${DIR}/bin/util.sh
# Local install chosen
-@@ -287,23 +266,15 @@ fi
+@@ -290,23 +268,15 @@ fi
cp -pr ../etc/internal_options.conf ${DIR}/etc/
cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
@@ -172,7 +176,7 @@
rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
chmod 700 ${DIR}/.ssh
-@@ -313,11 +284,9 @@ sh ./init/fw-check.sh execute > /dev/nul
+@@ -316,11 +286,9 @@ sh ./init/fw-check.sh execute > /dev/nul
cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
@@ -186,7 +190,7 @@
# Moving the config file
-@@ -328,12 +297,11 @@ fi
+@@ -331,12 +299,11 @@ fi
ls ../etc/ossec.mc > /dev/null 2>&1
if [ $? = 0 ]; then
Modified: head/security/ossec-hids-server/files/patch-src__LOCATION
==============================================================================
--- head/security/ossec-hids-server/files/patch-src__LOCATION Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/files/patch-src__LOCATION Thu Apr 21 19:37:11 2016 (r413754)
@@ -1,5 +1,5 @@
---- ./src/LOCATION.orig 2014-05-22 07:10:57.000000000 -0600
-+++ ./src/LOCATION 2014-07-13 15:24:45.561388082 -0600
+--- src/LOCATION.orig 2015-10-12 21:21:06 UTC
++++ src/LOCATION
@@ -1 +1 @@
-DIR="/var/ossec"
-+DIR="/usr/local/poudriere/ports/svn/security/ossec-hids-server/work/stage/usr/local/ossec-hids"
++DIR="/usr/ports/security/ossec-hids-server/work/stage/usr/local/ossec-hids"
Modified: head/security/ossec-hids-server/files/patch-src__headers__defs.h
==============================================================================
--- head/security/ossec-hids-server/files/patch-src__headers__defs.h Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/files/patch-src__headers__defs.h Thu Apr 21 19:37:11 2016 (r413754)
@@ -1,6 +1,6 @@
---- ./src/headers/defs.h.orig 2014-05-22 07:10:57.000000000 -0600
-+++ ./src/headers/defs.h 2014-07-13 15:24:45.559389869 -0600
-@@ -98,7 +98,7 @@
+--- src/headers/defs.h.orig 2015-10-12 21:21:06 UTC
++++ src/headers/defs.h
+@@ -98,7 +98,7 @@ http://www.ossec.net/main/license/\n"
#endif
#ifndef DEFAULTDIR
Added: head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema Thu Apr 21 19:37:11 2016 (r413754)
@@ -0,0 +1,11 @@
+--- src/os_dbd/mysql.schema.orig 2015-10-12 21:21:06 UTC
++++ src/os_dbd/mysql.schema
+@@ -45,7 +45,7 @@ CREATE TABLE server
+ last_contact INT UNSIGNED NOT NULL,
+ version VARCHAR(32) NOT NULL,
+ hostname VARCHAR(64) NOT NULL UNIQUE,
+- information VARCHAR(128) NOT NULL,
++ information TEXT NOT NULL,
+ PRIMARY KEY (id)
+ );
+
Added: head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema Thu Apr 21 19:37:11 2016 (r413754)
@@ -0,0 +1,11 @@
+--- src/os_dbd/postgresql.schema.orig 2015-10-12 21:21:06 UTC
++++ src/os_dbd/postgresql.schema
+@@ -47,7 +47,7 @@ CREATE TABLE server
+ last_contact INT8 NOT NULL,
+ version VARCHAR(32) NOT NULL,
+ hostname VARCHAR(64) NOT NULL UNIQUE,
+- information VARCHAR(128) NOT NULL,
++ information TEXT NOT NULL,
+ PRIMARY KEY (id)
+ );
+
Modified: head/security/ossec-hids-server/pkg-plist
==============================================================================
--- head/security/ossec-hids-server/pkg-plist Thu Apr 21 19:29:14 2016 (r413753)
+++ head/security/ossec-hids-server/pkg-plist Thu Apr 21 19:37:11 2016 (r413754)
@@ -48,10 +48,6 @@
%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
- at owner ossec
- at mode 660
-%%PORTNAME%%/logs/active-responses.log
-%%PORTNAME%%/logs/ossec.log
@owner
@group
@mode
@@ -116,6 +112,8 @@
%%PORTNAME%%/rules/web_rules.xml
%%PORTNAME%%/rules/wordpress_rules.xml
%%PORTNAME%%/rules/zeus_rules.xml
+ at owner root
+ at group ossec
%%PORTNAME%%/agentless/main.exp
%%PORTNAME%%/agentless/register_host.sh
%%PORTNAME%%/agentless/ssh.exp
@@ -128,8 +126,6 @@
%%PORTNAME%%/agentless/ssh_pixconfig_diff
%%PORTNAME%%/agentless/sshlogin.exp
%%PORTNAME%%/agentless/su.exp
- at owner root
- at group ossec
@mode 550
@dir %%PORTNAME%%/.ssh
@dir %%PORTNAME%%/active-response/bin
More information about the svn-ports-all
mailing list