svn commit: r435996 - in head: . security security/samhain security/samhain-client security/samhain-server security/samhain/files
Nikolai Lifanov
lifanov at FreeBSD.org
Sun Mar 12 17:07:25 UTC 2017
Author: lifanov
Date: Sun Mar 12 17:07:23 2017
New Revision: 435996
URL: https://svnweb.freebsd.org/changeset/ports/435996
Log:
add ports for Samhain Intrusion Detection System
Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).
Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.
PR: 214623
Submitted by: Nikola Kolev <koue at chaosophia.net>
Added:
head/security/samhain/
head/security/samhain-client/
head/security/samhain-client/Makefile (contents, props changed)
head/security/samhain-server/
head/security/samhain-server/Makefile (contents, props changed)
head/security/samhain/Makefile (contents, props changed)
head/security/samhain/distinfo (contents, props changed)
head/security/samhain/files/
head/security/samhain/files/fixsamhainrc.patch (contents, props changed)
head/security/samhain/files/fixyulerc.patch (contents, props changed)
head/security/samhain/files/patch-config.h.in (contents, props changed)
head/security/samhain/pkg-descr (contents, props changed)
head/security/samhain/pkg-message (contents, props changed)
head/security/samhain/pkg-plist (contents, props changed)
Modified:
head/GIDs
head/UIDs
head/security/Makefile
Modified: head/GIDs
==============================================================================
--- head/GIDs Sun Mar 12 16:44:33 2017 (r435995)
+++ head/GIDs Sun Mar 12 17:07:23 2017 (r435996)
@@ -107,7 +107,7 @@ octoprint:*:162:
_iked:*:163:
lightdm:*:164:
uwsgi:*:165:
-# free: 166
+yule:*:166:
# free: 167
# free: 168
# free: 169
Modified: head/UIDs
==============================================================================
--- head/UIDs Sun Mar 12 16:44:33 2017 (r435995)
+++ head/UIDs Sun Mar 12 17:07:23 2017 (r435996)
@@ -112,7 +112,7 @@ octoprint:*:162:162::0:0:OctoPrint Daemo
_iked:*:163:163::0:0:IKEv2 Daemon:/var/empty:/usr/sbin/nologin
lightdm:*:164:164::0:0:Light Display Manager:/var/lib/lightdm-data:/usr/sbin/nologin
uwsgi:*:165:165::0:0:uwsgi Daemon:/nonexistent:/usr/sbin/nologin
-# free: 166
+yule:*:166:166::0:0:Samhain Daemon:/nonexistent:/usr/sbin/nologin
# free: 167
# free: 168
# free: 169
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Sun Mar 12 16:44:33 2017 (r435995)
+++ head/security/Makefile Sun Mar 12 17:07:23 2017 (r435996)
@@ -1064,6 +1064,9 @@
SUBDIR += s2n
SUBDIR += safesh
SUBDIR += samba-virusfilter
+ SUBDIR += samhain
+ SUBDIR += samhain-client
+ SUBDIR += samhain-server
SUBDIR += sancp
SUBDIR += sasp
SUBDIR += scamp
Added: head/security/samhain-client/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain-client/Makefile Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,12 @@
+# Created by: Nikola Kolev <koue at chaosophia.net>
+# $FreeBSD$
+
+PKGNAMESUFFIX= -client
+
+COMMENT= Client daemon for the Samhain IDS
+
+WITH_CLIENT= yes
+
+MASTERDIR= ${.CURDIR}/../samhain
+
+.include "${MASTERDIR}/Makefile"
Added: head/security/samhain-server/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain-server/Makefile Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,20 @@
+# Created by: Nikola Kolev <koue at chaosophia.net>
+# $FreeBSD$
+
+# This port recognizes the following non-boolean tunables:
+#
+# WITH_RUNAS_USER:
+# Whe building with "WITH_SERVER" defined, the username of the
+# account Yule will run as. Defaults to "yule". If using
+# WITH_GNUPG, ensure that this user exists and has a pgp
+# keypair before installing.
+
+PKGNAMESUFFIX= -server
+
+COMMENT= Log server for the Samhain IDS
+
+WITH_SERVER= yes
+
+MASTERDIR= ${.CURDIR}/../samhain
+
+.include "${MASTERDIR}/Makefile"
Added: head/security/samhain/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/Makefile Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,220 @@
+# Created by: Nikola Kolev <koue at chaosophia.net>
+# $FreeBSD$
+
+PORTNAME= samhain
+PORTVERSION= 4.2.0
+CATEGORIES= security
+MASTER_SITES= http://la-samhna.de/archive/
+DISTNAME= samhain_signed-${PORTVERSION}
+
+MAINTAINER= koue at chaosophia.net
+COMMENT= Samhain Intrusion Detection System
+
+LICENSE= GPLv2
+
+OPTIONS_DEFINE= ASM DB_RELOAD DEBUG DNMALLOC ENCRYPT GNUPG IPV6 KCHECK LIBWRAP \
+ LOGFILE_MONITOR LOGIN_WATCH MAIL MOUNTS_CHECK MYSQL ODBC PGSQL \
+ PORT_CHECK PROCESS_CHECK POSIX_ACL PRELUDE PTRACE SRP STATIC \
+ SUIDCHECK UDP USERFILES XML_LOGS
+OPTIONS_DEFAULT=ASM DNMALLOC ENCRYPT IPV6 LIBWRAP MAIL SRP
+
+DB_RELOAD_DESC= Enable database reload on SIGHUP
+DNMALLOC_DESC= Enable dnmalloc
+ENCRYPT_DESC= Enable client/server encryption
+KCHECK_DESC= Enable rogue KLD detection
+LOGFILE_MONITOR_DESC= Enable monitor logfiles
+LOGIN_WATCH_DESC= Enable watch for login/logout
+MAIL_DESC= Enable internal SMTP mailer
+MOUNTS_CHECK_DESC= Enable check mount options on filesystems
+PORT_CHECK_DESC= Enable check ports
+PROCESS_CHECK_DESC= Enable check processes
+POSIX_ACL_DESC= Enable check posix acls
+PRELUDE_DESC= Enable Prelude Framework support
+PTRACE_DESC= Enable use anti-debugger options
+SRP_DESC= Enable SRP for authentication
+SUIDCHECK_DESC= Enable check for suid/sgid files
+UDP_DESC= Enable UDP server
+USERFILES_DESC= Enable check for users config files
+XML_LOGS_DESC= Enable XML-formatted logs
+
+OPTIONS_SUB= yes
+
+WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --localstatedir=/var \
+ --with-logserver=true \
+ --with-altlogserver=true \
+ --with-timeserver=true \
+ --with-alttimeserver=true
+
+USES= shebangfix
+SHEBANG_FILES= scripts/samhainadmin.pl.in
+
+ASM_CONFIGURE_ENABLE= asm
+
+DB_RELOAD_CONFIGURE_ENABLE= db-reload
+
+DEBUG_CONFIGURE_ENABLE= debug
+
+DNMALLOC_CONFIGURE_ENABLE= dnmalloc
+
+ENCRYPT_CONFIGURE_ENABLE= encrypt
+
+GNUPG_CONFIGURE_WITH= gpg=${PREFIX}/bin/gpg
+GNUPG_BUILD_DEPENDS= gpg:${PORTSDIR}/security/gnupg
+
+IPV6_CONFIGURE_ENABLE= ipv6
+
+KCHECK_CONFIGURE_WITH= kcheck
+
+LIBWRAP_CONFIGURE_WITH= libwrap
+
+LOGFILE_MONITOR_CONFIGURE_ENABLE= logfile-monitor
+
+LOGIN_WATCH_CONFIGURE_ENABLE= login-watch
+
+MAIL_CONFIGURE_ENABLE= mail
+
+MOUNTS_CHECK_CONFIGURE_ENABLE= mounts-check
+
+MYSQL_USES= mysql
+MYSQL_CONFIGURE_ARGS= --with-database=mysql
+
+ODBC_CONFIGURE_ARGS= --with-database=odbc
+ODBC_LIB_DEPENDS= libodbc.so:databases/unixODBC
+
+PGSQL_USES= pgsql
+PGSQL_CONFIGURE_ARGS= --with-database=postgresql
+
+PORT_CHECK_CONFIGURE_ENABLE= port-check
+
+PROCESS_CHECK_CONFIGURE_ENABLE= process-check
+
+POSIX_ACL_CONFIGURE_ENABLE= posix-acl
+
+PRELUDE_LIB_DEPENDS= prelude:${PORTSDIR}/security/libprelude
+PRELUDE_CONFIGURE_WITH= prelude
+
+PTRACE_CONFIGURE_ENABLE= ptrace
+
+SRP_CONFIGURE_ENABLE= srp
+
+STATIC_CONFIGURE_ENABLE= static
+
+SUIDCHECK_CONFIGURE_ENABLE= suidcheck
+
+UDP_CONFIGURE_ENABLE= udp
+
+USERFILES_CONFIGURE_ENABLE= userfiles
+
+XML_LOGS_CONFIGURE_ENABLE= xml-log
+
+.include <bsd.port.pre.mk>
+
+.if ${ARCH} == "amd64"
+CFLAGS+= -fPIC
+.endif
+
+.if defined(WITH_RUNAS_USER)
+CONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER}
+.else
+CONFIGURE_ARGS+= --enable-identity=yule
+.endif
+
+.if defined(WITH_CLIENT)
+CONFIGURE_ARGS+= --enable-network=client \
+ --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
+ --with-config-file=REQ_FROM_SERVER
+PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment "
+EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
+MAN5+= samhainrc.5
+MAN8+= samhain.8
+.elif defined(WITH_SERVER)
+USERS= yule
+GROUPS= yule
+CONFIGURE_ARGS+= --enable-network=server
+SUB_LIST+= WITH_YULE="yes"
+PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment "
+EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch
+MAN5+= yulerc.5
+MAN8+= yule.8
+.else
+SUB_LIST+= WITH_YULE=""
+PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment "
+EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
+MAN5+= samhainrc.5
+MAN8+= samhain.8
+.endif
+
+pre-everything::
+
+.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
+ @${ECHO_MSG}
+ @${ECHO_MSG} "Building Samhain in standalone mode."
+ @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
+ @${ECHO_MSG} "now, and build samhain from the samhain-client and"
+ @${ECHO_MSG} "samhain-server ports."
+ @${ECHO_MSG}
+.endif
+
+.if defined(WITH_CLIENT) && defined(WITH_SERVER)
+IGNORE= can't build client and server at once
+.endif
+
+.if ${PORT_OPTIONS:MKCHECK}
+ @${ECHO_MSG}
+ @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
+ @${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit"
+ @${ECHO_MSG} "Control-C and restart the build as root."
+ @${ECHO_MSG}
+.endif
+
+.if ${PORT_OPTIONS:MMYSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE= xml logging is required to log to MySQL
+.endif
+
+.if ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE= xml logging is required to log to Postgres
+.endif
+
+post-extract:
+ @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
+ @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
+
+post-install:
+.if !defined(WITH_SERVER)
+ @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/samhain.sh
+ @${CP} ${WRKSRC}/samhainrc ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+ @${CHGRP} wheel ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+.else
+ @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/yule.sh
+ @${CP} ${WRKSRC}/yulerc ${STAGEDIR}${PREFIX}/etc/yulerc.sample
+.endif
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_4.pdf ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/README ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${STAGEDIR}${DOCSDIR}
+
+post-stage:
+.if !defined(WITH_SERVER)
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain
+.endif
+.if defined(WITH_CLIENT)
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain_setpwd
+.endif
+.if defined(WITH_SERVER)
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yulectl
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule_setpwd
+.endif
+
+.include <bsd.port.post.mk>
Added: head/security/samhain/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/distinfo Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1479294621
+SHA256 (samhain_signed-4.2.0.tar.gz) = 6b2db91fc92b3a9fc2edcc6ee16438156753c05f69c114856289e9f25ba0e50a
+SIZE (samhain_signed-4.2.0.tar.gz) = 2134438
Added: head/security/samhain/files/fixsamhainrc.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/files/fixsamhainrc.patch Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/samhainrc.sample
+
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
Added: head/security/samhain/files/fixyulerc.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/files/fixyulerc.patch Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/yulerc.sample
+
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
Added: head/security/samhain/files/patch-config.h.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/files/patch-config.h.in Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,15 @@
+--- config.h.in.orig 2016-11-16 12:14:22 UTC
++++ config.h.in
+@@ -349,7 +349,11 @@
+ #undef HAVE_UINT64_T
+
+ /* Define if you have utmpx.h. */
+-#undef HAVE_UTMPX_H
++#define HAVE_UTMPX_H
++
++#define UTMPX_FILE "/var/log/utx.active"
++
++#define WTMPX_FILE "/var/log/utx.log"
+
+ /* Define if your struct utmpx has ut_xtime. */
+ #undef HAVE_UTXTIME
Added: head/security/samhain/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/pkg-descr Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,12 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+Samhain can optionally be used as client/server system to provide
+centralized monitoring for multiple host. Logging to a (MySQL or
+PostgreSQL) database is supported.
+
+WWW: http://la-samhna.de/samhain/
Added: head/security/samhain/pkg-message
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/pkg-message Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,14 @@
+
+###############################################################
+
+To start the samhain daemon at system boot, add:
+
+samhain_enable="YES"
+
+and/or
+
+yule_enable="YES"
+
+to /etc/rc.conf.
+
+###############################################################
Added: head/security/samhain/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/samhain/pkg-plist Sun Mar 12 17:07:23 2017 (r435996)
@@ -0,0 +1,31 @@
+%%PORTDOCS%%%%DOCSDIR%%/BUGS
+%%PORTDOCS%%%%DOCSDIR%%/FAQ.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html
+%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_4.pdf
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE
+%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt
+%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt
+%%PORTDOCS%%@dir %%DOCSDIR%%
+%%SAMHAIN%%@dir /var/lib
+%%SAMHAIN%%@dir /var/lib/samhain
+%%SAMHAIN%%@sample etc/samhainrc.sample
+%%SAMHAIN%%etc/rc.d/samhain.sh
+%%SAMHAIN%%man/man5/samhainrc.5.gz
+%%SAMHAIN%%man/man8/samhain.8.gz
+%%SAMHAIN%%sbin/samhain
+%%SETPWD%%sbin/samhain_setpwd
+%%YULE%%@dir /var/lib/yule
+%%YULE%%@dir /var/log/yule
+%%YULE%%@sample etc/yulerc.sample
+%%YULE%%@unexec echo "To delete the yule user permanently, use 'pw userdel yule'"
+%%YULE%%etc/rc.d/yule.sh
+%%YULE%%man/man5/yulerc.5.gz
+%%YULE%%man/man8/yule.8.gz
+%%YULE%%sbin/yule
+%%YULE%%sbin/yule_setpwd
+%%YULE%%sbin/yuleadmin.pl
+%%YULE%%sbin/yulectl
More information about the svn-ports-all
mailing list