svn commit: r511915 - in head/security: . wazuh-agent wazuh-agent/files
Bernhard Froehlich
decke at FreeBSD.org
Fri Sep 13 07:45:38 UTC 2019
Author: decke
Date: Fri Sep 13 07:45:37 2019
New Revision: 511915
URL: https://svnweb.freebsd.org/changeset/ports/511915
Log:
The Wazuh agent runs on the hosts that you want to monitor.
It is multi-platform and provides the following capabilities:
- Log and data collection
- File integrity monitoring
- Rootkit and malware detection
- Security policy monitoring.
- Configuration assessments
- Software inventory
In addition, it communicates with the Wazuh manager, sending data in near
real-time through an encrypted and authenticated channel.
WWW: https://github.com/wazuh/wazuh
PR: 237900
Submitted by: Michael Muenz <m.muenz at gmail.com>
Added:
head/security/wazuh-agent/
head/security/wazuh-agent/Makefile (contents, props changed)
head/security/wazuh-agent/distinfo (contents, props changed)
head/security/wazuh-agent/files/
head/security/wazuh-agent/files/patch-src_external_openssl_Makefile (contents, props changed)
head/security/wazuh-agent/pkg-descr (contents, props changed)
head/security/wazuh-agent/pkg-plist (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Fri Sep 13 07:21:51 2019 (r511914)
+++ head/security/Makefile Fri Sep 13 07:45:37 2019 (r511915)
@@ -1307,6 +1307,7 @@
SUBDIR += vxquery
SUBDIR += w3af
SUBDIR += wapiti
+ SUBDIR += wazuh-agent
SUBDIR += webfwlog
SUBDIR += webscarab
SUBDIR += whatweb
Added: head/security/wazuh-agent/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wazuh-agent/Makefile Fri Sep 13 07:45:37 2019 (r511915)
@@ -0,0 +1,104 @@
+# $FreeBSD$
+
+PORTNAME= wazuh
+DISTVERSIONPREFIX= v
+DISTVERSION= 3.9.5
+CATEGORIES= security
+MASTER_SITES= https://packages.wazuh.com/deps/3.9/
+PKGNAMESUFFIX= -agent
+DISTFILES= cJSON.tar.gz src_cpython.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \
+ libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz zlib.tar.gz \
+ audit-userspace.tar.gz msgpack.tar.gz
+DIST_SUBDIR= ${PORTNAME}-${DISTVERSION}
+EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
+
+MAINTAINER= m.muenz at gmail.com
+COMMENT= Security tool to monitor and check logs and intrusions
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+BUILD_DEPENDS= curl:ftp/curl
+RUN_DEPENDS= curl:ftp/curl
+
+USES= gmake perl5 readline shebangfix uidfix
+
+USE_GITHUB= yes
+
+CONFLICTS_INSTALL= ossec-*
+
+SHEBANG_FILES= ${WRKSRC}/contrib/util.sh \
+ ${WRKSRC}/src/external/openssl/Configurations/unix-checker.pm \
+ ${WRKSRC}/src/init/ossec-client.sh \
+ ${WRKSRC}/wodles/oscap/oscap.py \
+ ${WRKSRC}/active-response/*.sh
+
+USERS= ossec ossecm ossecr
+GROUPS= ossec
+
+OSSEC_GROUP= ossec
+OSSEC_USER= ossec
+
+WAZUHPREFIX= /var/ossec
+
+WAZUHMOD750= / /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \
+ /active-response /active-response/bin /agentless /var /backup /queue/rids \
+ /wodles/oscap /wodles/oscap/content
+
+WAZUHMOD770= /logs /queue/alerts /queue/ossec /etc /etc/shared /.ssh /var/run /var/upgrade \
+ /var/wodles /var/incoming
+
+# extract all extra distfiles in src/external
+post-extract:
+ @for file in ${DISTFILES}; do \
+ if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \
+ then \
+ exit 1; \
+ fi; \
+ done
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|/usr/bin/perl|${PERL}|g' \
+ ${WRKSRC}/src/external/openssl/Makefile \
+ ${WRKSRC}/src/external/openssl/configdata.pm
+
+do-build:
+ @cd ${WRKSRC}/src && ${GMAKE} TARGET=agent
+
+do-install:
+ @for mod750 in ${WAZUHMOD750}; do \
+ ${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \
+ done
+
+ @for mod770 in ${WAZUHMOD770}; do \
+ ${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \
+ done
+
+ ${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib
+ ${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin
+ ${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
+ ${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
+ ${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/
+ ${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf
+ ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf
+ ${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample
+ ${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys
+ ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log
+ ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json
+ ${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log
+ ${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/
+ ${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control
+ ${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/
+ ${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/
+ ${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/
+ ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
+ ${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
+
+.include <bsd.port.mk>
Added: head/security/wazuh-agent/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wazuh-agent/distinfo Fri Sep 13 07:45:37 2019 (r511915)
@@ -0,0 +1,27 @@
+TIMESTAMP = 1568194130
+SHA256 (wazuh-3.9.5/cJSON.tar.gz) = 8c517c658209cb96c2dcdfdd6bf7bb434adfb2fff3484b3464d2750cafd74e76
+SIZE (wazuh-3.9.5/cJSON.tar.gz) = 20001
+SHA256 (wazuh-3.9.5/src_cpython.tar.gz) = 7df9bf6560b77de0ab0279cb0b9e1f51dd28d0d20c26f640feab976208daf2d7
+SIZE (wazuh-3.9.5/src_cpython.tar.gz) = 78209203
+SHA256 (wazuh-3.9.5/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66
+SIZE (wazuh-3.9.5/curl.tar.gz) = 3692998
+SHA256 (wazuh-3.9.5/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b
+SIZE (wazuh-3.9.5/libdb.tar.gz) = 4283467
+SHA256 (wazuh-3.9.5/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69
+SIZE (wazuh-3.9.5/libffi.tar.gz) = 964576
+SHA256 (wazuh-3.9.5/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a
+SIZE (wazuh-3.9.5/libyaml.tar.gz) = 424656
+SHA256 (wazuh-3.9.5/openssl.tar.gz) = ed55973f4b604b9c27bb660fcdf85f69335b80b07c3bf4c63528ed8fcd74a678
+SIZE (wazuh-3.9.5/openssl.tar.gz) = 5603935
+SHA256 (wazuh-3.9.5/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2
+SIZE (wazuh-3.9.5/procps.tar.gz) = 55692
+SHA256 (wazuh-3.9.5/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2
+SIZE (wazuh-3.9.5/sqlite.tar.gz) = 1980218
+SHA256 (wazuh-3.9.5/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01
+SIZE (wazuh-3.9.5/zlib.tar.gz) = 643568
+SHA256 (wazuh-3.9.5/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434
+SIZE (wazuh-3.9.5/audit-userspace.tar.gz) = 1682820
+SHA256 (wazuh-3.9.5/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2
+SIZE (wazuh-3.9.5/msgpack.tar.gz) = 591294
+SHA256 (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 3761377e6e0f639c9b4542a72a5519f36323a251f04eddaf802205ebded42334
+SIZE (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 14789176
Added: head/security/wazuh-agent/files/patch-src_external_openssl_Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wazuh-agent/files/patch-src_external_openssl_Makefile Fri Sep 13 07:45:37 2019 (r511915)
@@ -0,0 +1,11 @@
+--- src/external/openssl/Makefile.orig 2019-09-11 11:27:31 UTC
++++ src/external/openssl/Makefile
+@@ -73,7 +73,7 @@ HTMLSUFFIX=html
+
+ CROSS_COMPILE=
+ CC= $(CROSS_COMPILE)cc
+-CFLAGS=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR="\"$(OPENSSLDIR)\"" -DENGINESDIR="\"$(ENGINESDIR)\"" -O
++CFLAGS=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR="\"$(OPENSSLDIR)\"" -DENGINESDIR="\"$(ENGINESDIR)\"" -O -fPIC
+ CFLAGS_Q=-DNDEBUG -DOPENSSL_NO_DYNAMIC_ENGINE -DOPENSSLDIR=\"\\\"$(OPENSSLDIR)\\\"\" -DENGINESDIR=\"\\\"$(ENGINESDIR)\\\"\"
+ LDFLAGS=
+ PLIB_LDFLAGS=
Added: head/security/wazuh-agent/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wazuh-agent/pkg-descr Fri Sep 13 07:45:37 2019 (r511915)
@@ -0,0 +1,14 @@
+The Wazuh agent runs on the hosts that you want to monitor.
+It is multi-platform and provides the following capabilities:
+
+- Log and data collection
+- File integrity monitoring
+- Rootkit and malware detection
+- Security policy monitoring.
+- Configuration assessments
+- Software inventory
+
+In addition, it communicates with the Wazuh manager, sending data in near
+real-time through an encrypted and authenticated channel.
+
+WWW: https://github.com/wazuh/wazuh
Added: head/security/wazuh-agent/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wazuh-agent/pkg-plist Fri Sep 13 07:45:37 2019 (r511915)
@@ -0,0 +1,98 @@
+ at info(root,ossec,0750) /var/ossec/active-response/bin/default-firewall-drop.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/disable-account.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/firewalld-drop.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/host-deny.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/ip-customblock.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/ipfw.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/ipfw_mac.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/kaspersky.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/npf.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/ossec-slack.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/ossec-tweeter.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/pf.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/restart-ossec.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/restart.sh
+ at info(root,ossec,0750) /var/ossec/active-response/bin/route-null.sh
+ at info(root,ossec,0750) /var/ossec/agentless/main.exp
+ at info(root,ossec,0750) /var/ossec/agentless/register_host.sh
+ at info(root,ossec,0750) /var/ossec/agentless/ssh.exp
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_asa-fwsmconfig_diff
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_foundry_diff
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_generic_diff
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_bsd
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_integrity_check_linux
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_nopass.exp
+ at info(root,ossec,0750) /var/ossec/agentless/ssh_pixconfig_diff
+ at info(root,ossec,0750) /var/ossec/agentless/sshlogin.exp
+ at info(root,ossec,0750) /var/ossec/agentless/su.exp
+ at info(root,root,0750) /var/ossec/bin/agent-auth
+ at info(root,root,0750) /var/ossec/bin/manage_agents
+ at info(root,root,0750) /var/ossec/bin/ossec-agentd
+ at info(root,root,0750) /var/ossec/bin/ossec-control
+ at info(root,root,0750) /var/ossec/bin/ossec-execd
+ at info(root,root,0750) /var/ossec/bin/ossec-logcollector
+ at info(root,root,0750) /var/ossec/bin/ossec-syscheckd
+ at info(root,root,0750) /var/ossec/bin/util.sh
+ at info(root,root,0750) /var/ossec/bin/wazuh-modulesd
+ at info(root,ossec,0640) /var/ossec/etc/client.keys
+ at info(root,ossec,0640) /var/ossec/etc/internal_options.conf
+ at info(root,ossec,0640) /var/ossec/etc/local_internal_options.conf
+ at info(root,ossec,0640) /var/ossec/etc/ossec.conf.sample
+ at info(root,ossec,0640) /var/ossec/etc/ossec.conf
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_apache2224_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_debian_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_community_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel6_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel7_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_rhel_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_sles11_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_sles12_linux_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL1_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_domainL2_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL1_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/cis_win2012r2_memberL2_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/rootkit_files.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/rootkit_trojans.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/system_audit_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/system_audit_ssh.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/win_applications_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/win_audit_rcl.txt
+ at info(root,ossec,0660) /var/ossec/etc/shared/win_malware_rcl.txt
+ at info(root,ossec,0640) /var/ossec/etc/wpk_root.pem
+ at info(root,ossec,0750) /var/ossec/lib/libwazuhext.so
+ at info(ossec,ossec,0666) /var/ossec/logs/active-responses.log
+ at info(ossec,ossec,0666) /var/ossec/logs/ossec.json
+ at info(ossec,ossec,0666) /var/ossec/logs/ossec.log
+ at info(root,ossec,0750) /var/ossec/wodles/oscap/oscap.py
+ at info(root,ossec,0750) /var/ossec/wodles/oscap/template_oval.xsl
+ at info(root,ossec,0750) /var/ossec/wodles/oscap/template_xccdf.xsl
+ at dir(root,ossec,0770) /var/ossec/.ssh
+ at dir(root,ossec,0750) /var/ossec/active-response/bin
+ at dir(root,ossec,0750) /var/ossec/active-response
+ at dir(root,ossec,0750) /var/ossec/agentless
+ at dir(root,ossec,0750) /var/ossec/backup
+ at dir(root,wheel,0750) /var/ossec/bin
+ at dir(root,ossec,0770) /var/ossec/etc/shared
+ at dir(ossec,ossec,0770) /var/ossec/etc
+ at dir(root,ossec,0750) /var/ossec/lib
+ at dir(ossec,ossec,0750) /var/ossec/logs/ossec
+ at dir(ossec,ossec,0770) /var/ossec/logs
+ at dir(ossec,ossec,0770) /var/ossec/queue/alerts
+ at dir(ossec,ossec,0750) /var/ossec/queue/diff
+ at dir(ossec,ossec,0770) /var/ossec/queue/ossec
+ at dir(ossec,ossec,0750) /var/ossec/queue/rids
+ at dir(root,ossec,0750) /var/ossec/queue
+ at dir(root,ossec,0750) /var/ossec/ruleset/sca
+ at dir(root,ossec,0750) /var/ossec/ruleset
+ at dir(root,ossec,1770) /var/ossec/tmp
+ at dir(root,ossec,0770) /var/ossec/var/incoming
+ at dir(root,ossec,0770) /var/ossec/var/run
+ at dir(root,ossec,0770) /var/ossec/var/upgrade
+ at dir(root,ossec,0770) /var/ossec/var/wodles
+ at dir(root,ossec,0750) /var/ossec/var
+ at dir(root,ossec,0750) /var/ossec/wodles/oscap/content
+ at dir(root,ossec,0750) /var/ossec/wodles/oscap
+ at dir(root,ossec,0750) /var/ossec/wodles
+ at dir(root,ossec,0750) /var/ossec
More information about the svn-ports-head
mailing list