ports/117763: [PATCH]: upgrade of ossec-hids-server 1.3 -> 1.4

Fri Nov 2 11:20:02 UTC 2007

>Number:         117763
>Category:       ports
>Synopsis:       [PATCH]: upgrade of ossec-hids-server 1.3 -> 1.4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 02 11:20:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Valerio Daelli
>Release:        FreeBSD 6.2-RELEASE-p6 amd64
>Organization:
IFOM 
>Environment:
System: FreeBSD sodio.ifom-ieo-campus.it 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #8: Tue Jul 24 17:16:37 CEST 2007 root at sodio.ifom-ieo-campus.it:/usr/obj/usr/src/sys/SODIO amd64


	
>Description:
This patch upgrade ossec-hids-server from 1.3 to 1.4. I also fixed few problems 
with ossec-hids-client (thanks to Ivan Lago).  See next PRs.
	
>How-To-Repeat:
	
>Fix:

--- PATCH-OSSEC-HIDS-SERVER begins here ---
diff -ruN /usr/ports/security/ossec-hids-server/Makefile /root/ossec-hids-server/Makefile
--- /usr/ports/security/ossec-hids-server/Makefile	Mon Sep 10 10:20:02 2007
+++ /root/ossec-hids-server/Makefile	Wed Oct 31 16:09:06 2007
@@ -1,23 +1,29 @@
 # New ports collection makefile for:	ossec-hids-server
-# Date created:		23 July 2006
+# Date created:		30 October 2007
 # Whom:			Valerio Daelli <valerio.daelli at gmail.com>
 #
 # $FreeBSD: ports/security/ossec-hids-server/Makefile,v 1.7 2007/09/10 08:20:02 edwin Exp $
 #
 
 PORTNAME=	ossec-hids
-PORTVERSION=	1.3
+PORTVERSION=	1.4
 PORTREVISION?=	0
 CATEGORIES=	security
 MASTER_SITES=	http://www.ossec.net/files/ \
 		http://www.ossec.net/files/old/
-PKGNAMESUFFIX?=	-server
+PKGNAMESUFFIX=	-server
 
 MAINTAINER=	valerio.daelli at gmail.com
 COMMENT=	A security tool to monitor and check logs and intrusions
 
 USE_RC_SUBR=	ossec-hids
 
+.if defined(WITH_DB)
+USE_MYSQL=yes
+USE_PGSQL=yes
+USE_BDB=yes
+.endif
+
 SUB_LIST=	PORTNAME=${PORTNAME}
 SUB_FILES=	pkg-message
 PLIST_SUB=	PORTNAME=${PORTNAME}
@@ -40,7 +46,19 @@
 	@${REINPLACE_CMD} 's|PREFIX|${PREFIX}/${PORTNAME}|' ${WRKSRC}/src/headers/defs.h
 
 do-build:
+.if defined(WITH_DB)
+.if defined(CLIENT_ONLY)
+	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
+.else
+	@cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build
+.endif
+.else
+.if defined(CLIENT_ONLY)
+	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
+.else
 	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build
+.endif
+.endif
 
 .if defined(CLIENT_ONLY)
 do-install:
diff -ruN /usr/ports/security/ossec-hids-server/distinfo /root/ossec-hids-server/distinfo
--- /usr/ports/security/ossec-hids-server/distinfo	Mon Sep 10 10:20:02 2007
+++ /root/ossec-hids-server/distinfo	Wed Oct 31 15:19:41 2007
@@ -1,3 +1,3 @@
-MD5 (ossec-hids-1.3.tar.gz) = 5ab287c009c48c72ffcbf1e2574e8bf6
-SHA256 (ossec-hids-1.3.tar.gz) = 71aab72703ce2513a7e9d1bfe89aa8b288cf43fdcc84d5cc3f2696c2981af14e
-SIZE (ossec-hids-1.3.tar.gz) = 553438
+MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9
+SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f
+SIZE (ossec-hids-1.4.tar.gz) = 598579
diff -ruN /usr/ports/security/ossec-hids-server/files/pkg-message.in /root/ossec-hids-server/files/pkg-message.in
--- /usr/ports/security/ossec-hids-server/files/pkg-message.in	Sat Jun  9 12:41:07 2007
+++ /root/ossec-hids-server/files/pkg-message.in	Wed Oct 31 15:19:41 2007
@@ -4,7 +4,14 @@
 
 For information on proper configuration, see http://www.ossec.net/.
 
-To enable the startup script, add ossec-hids_enable="YES" to /etc/rc.conf.
+To enable the startup script, add ossechids_enable="YES" to /etc/rc.conf.
+To enable database output, execute:
+
+%%PREFIX%%/%%PORTNAME%%/bin/ossec-control enable database
+
+Then check this tutorial:
+
+http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput
 
 When you deinstall this port after starting the daemons once, many directories that are
 created by the daemons will remain.  To fully remove the port you need to delete those
diff -ruN /usr/ports/security/ossec-hids-server/pkg-plist /root/ossec-hids-server/pkg-plist
--- /usr/ports/security/ossec-hids-server/pkg-plist	Mon Sep 10 10:20:02 2007
+++ /root/ossec-hids-server/pkg-plist	Wed Oct 31 15:19:41 2007
@@ -1,12 +1,16 @@
 %%PORTNAME%%/active-response/bin/disable-account.sh
 %%PORTNAME%%/active-response/bin/firewall-drop.sh
 %%PORTNAME%%/active-response/bin/host-deny.sh
+%%PORTNAME%%/active-response/bin/ipfw_mac.sh
+%%PORTNAME%%/active-response/bin/ipfw.sh
+%%PORTNAME%%/active-response/bin/pf.sh
 %%PORTNAME%%/active-response/bin/route-null.sh
 %%PORTNAME%%/bin/clear_stats
 %%PORTNAME%%/bin/list_agents
 %%PORTNAME%%/bin/manage_agents
 %%PORTNAME%%/bin/ossec-agentd
 %%PORTNAME%%/bin/ossec-analysisd
+%%PORTNAME%%/bin/ossec-dbd
 %%PORTNAME%%/bin/ossec-control
 %%PORTNAME%%/bin/ossec-execd
 %%PORTNAME%%/bin/ossec-logcollector
@@ -19,8 +23,10 @@
 %%PORTNAME%%/etc/internal_options.conf
 @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
 %%PORTNAME%%/etc/ossec.conf.sample
+%%PORTNAME%%//etc/localtime
 %%PORTNAME%%/etc/shared/rootkit_files.txt
 %%PORTNAME%%/etc/shared/rootkit_trojans.txt
+%%PORTNAME%%/etc/shared/system_audit_rcl.txt
 %%PORTNAME%%/etc/shared/win_applications_rcl.txt
 %%PORTNAME%%/etc/shared/win_audit_rcl.txt
 %%PORTNAME%%/etc/shared/win_malware_rcl.txt
@@ -40,6 +46,7 @@
 %%PORTNAME%%/rules/ms-exchange_rules.xml
 %%PORTNAME%%/rules/ms_ftpd_rules.xml
 %%PORTNAME%%/rules/msauth_rules.xml
+%%PORTNAME%%/rules/mysql_rules.xml
 %%PORTNAME%%/rules/named_rules.xml
 %%PORTNAME%%/rules/netscreenfw_rules.xml
 %%PORTNAME%%/rules/ossec_rules.xml
@@ -47,12 +54,14 @@
 %%PORTNAME%%/rules/pix_rules.xml
 %%PORTNAME%%/rules/policy_rules.xml
 %%PORTNAME%%/rules/postfix_rules.xml
+%%PORTNAME%%/rules/postgresql_rules.xml
 %%PORTNAME%%/rules/proftpd_rules.xml
 %%PORTNAME%%/rules/pure-ftpd_rules.xml
 %%PORTNAME%%/rules/racoon_rules.xml
 %%PORTNAME%%/rules/rules_config.xml
 %%PORTNAME%%/rules/sendmail_rules.xml
 %%PORTNAME%%/rules/smbd_rules.xml
+%%PORTNAME%%/rules/sonicwall_rules.xml
 %%PORTNAME%%/rules/spamd_rules.xml
 %%PORTNAME%%/rules/squid_rules.xml
 %%PORTNAME%%/rules/sshd_rules.xml
--- PATCH-OSSEC-HIDS-SERVER ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

