svn commit: r484537 - in head: . security security/ossec-hids security/ossec-hids-agent security/ossec-hids-agent-config security/ossec-hids-client security/ossec-hids-local security/ossec-hids-loc...
Steve Wills
swills at FreeBSD.org
Fri Nov 9 18:52:28 UTC 2018
Author: swills
Date: Fri Nov 9 18:52:21 2018
New Revision: 484537
URL: https://svnweb.freebsd.org/changeset/ports/484537
Log:
security/ossec-hids-server: update from 2.8.3 to 3.1.0
PR: 232794
Submitted by: Dominik Lisiak <dominik.lisiak at bemsoft.pl> (maintainer)
Added:
head/security/ossec-hids/
head/security/ossec-hids-agent/
- copied from r484536, head/security/ossec-hids-client/
head/security/ossec-hids-agent-config/
head/security/ossec-hids-agent-config/Makefile (contents, props changed)
head/security/ossec-hids-local-config/
head/security/ossec-hids-local-config/Makefile (contents, props changed)
head/security/ossec-hids-local-config/distinfo (contents, props changed)
head/security/ossec-hids-local-config/files/
head/security/ossec-hids-local-config/files/agent-conf.in (contents, props changed)
head/security/ossec-hids-local-config/files/command-last-logins.sh.in (contents, props changed)
head/security/ossec-hids-local-config/files/command-open-ports.sh.in (contents, props changed)
head/security/ossec-hids-local-config/files/command.conf.in (contents, props changed)
head/security/ossec-hids-local-config/files/merge-config.sh.in (contents, props changed)
head/security/ossec-hids-local-config/files/message-agent-conf.in (contents, props changed)
head/security/ossec-hids-local-config/files/message-ossec-conf.in (contents, props changed)
head/security/ossec-hids-local-config/files/message-pf.in (contents, props changed)
head/security/ossec-hids-local-config/files/ossec-conf.in (contents, props changed)
head/security/ossec-hids-local-config/files/pkg-deinstall.in (contents, props changed)
head/security/ossec-hids-local-config/files/pkg-install.in (contents, props changed)
head/security/ossec-hids-local-config/files/rules-cmdout.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/rules-config.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-merge.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-ar-restart.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-header-disabled.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-header-enabled.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-header-sample.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-apache.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-basic.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-nginx.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-ossec.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-radius.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rules-config.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-rules-default.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-sample-agent.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-sample-database.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-sample-local.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-sample-server.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-syscheck-basic.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in (contents, props changed)
head/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in (contents, props changed)
head/security/ossec-hids-local-config/opt-ar.mk (contents, props changed)
head/security/ossec-hids-local-config/opt-cmdout.mk (contents, props changed)
head/security/ossec-hids-local-config/opt-logs.mk (contents, props changed)
head/security/ossec-hids-local-config/opt-rootcheck.mk (contents, props changed)
head/security/ossec-hids-local-config/opt-rules.mk (contents, props changed)
head/security/ossec-hids-local-config/opt-syscheck.mk (contents, props changed)
head/security/ossec-hids-local-config/pkg-descr (contents, props changed)
head/security/ossec-hids-local-config/pkg-help-agent (contents, props changed)
head/security/ossec-hids-local-config/pkg-help-local (contents, props changed)
head/security/ossec-hids-local-config/pkg-help-server (contents, props changed)
head/security/ossec-hids-local-config/pkg-plist-agent (contents, props changed)
head/security/ossec-hids-local-config/pkg-plist-local (contents, props changed)
head/security/ossec-hids-local-config/pkg-plist-server (contents, props changed)
head/security/ossec-hids-local-config/scripts/
head/security/ossec-hids-local-config/scripts/plist.sh (contents, props changed)
head/security/ossec-hids-local-config/scripts/rules.sh (contents, props changed)
head/security/ossec-hids-local-config/scripts/template-to-agent.sh (contents, props changed)
head/security/ossec-hids-local-config/scripts/template-to-ossec.sh (contents, props changed)
head/security/ossec-hids-local/distinfo (contents, props changed)
head/security/ossec-hids-local/files/
head/security/ossec-hids-local/files/message-config.in (contents, props changed)
head/security/ossec-hids-local/files/message-database.in (contents, props changed)
head/security/ossec-hids-local/files/message-firewall.in (contents, props changed)
head/security/ossec-hids-local/files/message-header.in (contents, props changed)
head/security/ossec-hids-local/files/ossec-hids.in (contents, props changed)
head/security/ossec-hids-local/files/patch-src_Makefile (contents, props changed)
head/security/ossec-hids-local/files/pkg-deinstall.in (contents, props changed)
head/security/ossec-hids-local/files/pkg-install.in (contents, props changed)
head/security/ossec-hids-local/files/restart-ossec.sh.in (contents, props changed)
head/security/ossec-hids-local/pkg-descr (contents, props changed)
head/security/ossec-hids-local/pkg-plist-agent (contents, props changed)
head/security/ossec-hids-local/pkg-plist-local (contents, props changed)
head/security/ossec-hids-local/pkg-plist-server (contents, props changed)
head/security/ossec-hids-local/scripts/
head/security/ossec-hids-local/scripts/plist.sh (contents, props changed)
head/security/ossec-hids-server-config/
head/security/ossec-hids-server-config/Makefile (contents, props changed)
head/security/ossec-hids/Makefile (contents, props changed)
head/security/ossec-hids/pkg-descr (contents, props changed)
Deleted:
head/security/ossec-hids-agent/pkg-plist.client
head/security/ossec-hids-client/
head/security/ossec-hids-server/distinfo
head/security/ossec-hids-server/files/
head/security/ossec-hids-server/pkg-descr
head/security/ossec-hids-server/pkg-plist
Modified:
head/MOVED
head/UIDs
head/UPDATING
head/security/Makefile
head/security/ossec-hids-agent/Makefile
head/security/ossec-hids-local/Makefile
head/security/ossec-hids-server/Makefile
Modified: head/MOVED
==============================================================================
--- head/MOVED Fri Nov 9 18:14:43 2018 (r484536)
+++ head/MOVED Fri Nov 9 18:52:21 2018 (r484537)
@@ -10623,3 +10623,4 @@ science/fvm|science/code_saturne|2018-11-04|Code_Satur
science/mei|science/code_saturne|2018-11-04|Code_Saturne merged bft, ecs, fvm, mei and ncs
x11-wm/cde|x11/cde|2018-11-03|Recategorise
misc/rumprun||2018-11-06|Has expired: "fails with current compilers"
+security/ossec-hids-client|security/ossec-hids-agent|2018-10-29|Agent is the name used in documentation
Modified: head/UIDs
==============================================================================
--- head/UIDs Fri Nov 9 18:14:43 2018 (r484536)
+++ head/UIDs Fri Nov 9 18:52:21 2018 (r484537)
@@ -912,9 +912,9 @@ zookeeper:*:962:962::0:0:zookeeper user:/nonexistent:/
fluentd:*:963:963::0:0:fluentd user:/nonexistent:/usr/sbin/nologin
git_daemon:*:964:964::0:0:git daemon:/nonexistent:/usr/sbin/nologin
elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin
-ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin
-ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin
-ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin
+ossec:*:966:966::0:0:OSSEC user:/nonexistent:/usr/sbin/nologin
+ossecm:*:967:966::0:0:OSSEC mail user:/nonexistent:/usr/sbin/nologin
+ossecr:*:968:966::0:0:OSSEC rem user:/nonexistent:/usr/sbin/nologin
kippo:*:969:969::0:0:kippo user:/nonexistent:/usr/sbin/nologin
colord:*:970:970::0:0:colord color management daemon:/nonexistent:/usr/sbin/nologin
shibd:*:971:971::0:0:Shibboleth SAML daemon:/nonexistent:/usr/sbin/nologin
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Fri Nov 9 18:14:43 2018 (r484536)
+++ head/UPDATING Fri Nov 9 18:52:21 2018 (r484537)
@@ -5,6 +5,38 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20181109
+ AFFECTS: users of security/ossec-hids-server
+ AUTHOR: dominik.lisiak at bemsoft.pl
+
+ The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable".
+
+ If using database output, you need to recreate database using new schema
+ provided in /usr/local/share/doc/ossec-hids.
+
+20181109
+ AFFECTS: users of security/ossec-hids-local
+ AUTHOR: dominik.lisiak at bemsoft.pl
+
+ The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable".
+
+ If using database output, you need to recreate database using new schema
+ provided in /usr/local/share/doc/ossec-hids.
+
+20181109
+ AFFECTS: users of security/ossec-hids-client
+ AUTHOR: dominik.lisiak at bemsoft.pl
+
+ The ossec-hids-client port has been renamed to ossec-hids-agent.
+ Portmaster users will need to run this command:
+
+ portmaster -o security/ossec-hids-agent security/ossec-hids-client
+
+ If the switch doesn't happen automatically for you, just delete the
+ ossec-hids-client package and install ossec-hids-agent.
+
+ The "ossechids_enable" rc variable has been renamed to "ossec_hids_enable".
+
20181104:
AFFECTS: users of sysutils/ansible*
AUTHOR: lifanov at FreeBSD.org
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Fri Nov 9 18:14:43 2018 (r484536)
+++ head/security/Makefile Fri Nov 9 18:52:21 2018 (r484537)
@@ -490,9 +490,13 @@
SUBDIR += ophcrack
SUBDIR += orthrus
SUBDIR += osiris
- SUBDIR += ossec-hids-client
+ SUBDIR += ossec-hids
+ SUBDIR += ossec-hids-agent
+ SUBDIR += ossec-hids-agent-config
SUBDIR += ossec-hids-local
+ SUBDIR += ossec-hids-local-config
SUBDIR += ossec-hids-server
+ SUBDIR += ossec-hids-server-config
SUBDIR += osslsigncode
SUBDIR += otpw
SUBDIR += outguess
Added: head/security/ossec-hids-agent-config/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-agent-config/Makefile Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+OSSEC_TYPE= agent
+
+MASTERDIR= ${.CURDIR}/../ossec-hids-local-config
+
+.include "${MASTERDIR}/Makefile"
Modified: head/security/ossec-hids-agent/Makefile
==============================================================================
--- head/security/ossec-hids-client/Makefile Fri Nov 9 18:14:43 2018 (r484536)
+++ head/security/ossec-hids-agent/Makefile Fri Nov 9 18:52:21 2018 (r484537)
@@ -1,13 +1,7 @@
-# Created by: Valerio Daelli <valerio.daelli at gmail.com>
# $FreeBSD$
-PORTREVISION= 0
-COMMENT= Client port of ossec-hids
+OSSEC_TYPE= agent
-CLIENT_ONLY= yes
-
-MASTERDIR= ${.CURDIR}/../ossec-hids-server
-
-PLIST= ${.CURDIR}/pkg-plist.client
+MASTERDIR= ${.CURDIR}/../ossec-hids-local
.include "${MASTERDIR}/Makefile"
Added: head/security/ossec-hids-local-config/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/Makefile Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,460 @@
+# $FreeBSD$
+
+PORTNAME= ossec-hids
+PORTVERSION= 3.1.0
+PORTREVISION=
+CATEGORIES= security
+PKGNAMESUFFIX= -${OSSEC_TYPE}-config
+
+MAINTAINER= dominik.lisiak at bemsoft.pl
+COMMENT= Configuration manager for ossec-hids
+
+LICENSE= GPLv2
+
+OSSEC_TYPE?= local
+
+MASTERDIR?= ${.CURDIR}
+
+.if ${OSSEC_TYPE} == local
+CONFLICTS_INSTALL= ossec-hids-client-* \
+ ossec-hids-agent-* \
+ ossec-hids-server-*
+.elif ${OSSEC_TYPE} == agent
+CONFLICTS_INSTALL= ossec-hids-client-* \
+ ossec-hids-local-* \
+ ossec-hids-server-*
+.elif ${OSSEC_TYPE} == server
+CONFLICTS_INSTALL= ossec-hids-client-* \
+ ossec-hids-agent-* \
+ ossec-hids-local-*
+.endif
+
+.if !defined(MAINTAINER_MODE)
+RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}
+.endif
+
+.if defined(MAINTAINER_MODE)
+USE_GITHUB= yes
+GH_ACCOUNT= ossec
+.else
+MASTER_SITES= #
+DISTFILES= #
+EXTRACT_ONLY= #
+.endif
+NO_BUILD= yes
+NO_ARCH= yes
+
+OPTIONS_SUB= yes
+
+OPTIONS_SINGLE= FIREWALL
+OPTIONS_SINGLE_FIREWALL= IPF IPFW PF
+
+OPTIONS_DEFAULT+= IPF
+
+FIREWALL_DESC= Active Response Firewall
+PF_DESC= Packet Filter
+IPFW_DESC= ipfirewall
+IPF_DESC= ipfilter
+
+TEMPL_ENABLED_HEADER= template-header-enabled.xml
+TEMPL_DISABLED_HEADER= template-header-disabled.xml
+TEMPL_SAMPLE_HEADER= template-header-sample.xml
+TEMPL_PUSHED_ENABLED_HEADER= ${TEMPL_ENABLED_HEADER}
+TEMPL_PUSHED_DISABLED_HEADER= ${TEMPL_DISABLED_HEADER}
+
+TEMPL_SAMPLE= template-sample-${OSSEC_TYPE}.xml
+TEMPL_SAMPLE_DB= template-sample-database.xml
+
+PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf
+IPFW_VARS= FW_DROP=ipfw.sh
+IPF_VARS= FW_DROP=ipfilter.sh
+
+.if defined(MAINTAINER_MODE)
+OSSEC_HOME= ${PREFIX}/${PORTNAME}
+.else
+OSSEC_HOME?= ${PREFIX}/${PORTNAME}
+.endif
+OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids
+TEMPL_TO_OSSEC= ${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME}
+TEMPL_TO_AGENT= ${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME}
+
+OSSEC_DIR= ${STAGEDIR}${OSSEC_HOME}
+BIN_DIR= ${OSSEC_DIR}/bin
+CONF_BIN_DIR= ${BIN_DIR}/config
+OSSEC_CONF_BIN= ${CONF_BIN_DIR}/ossec-conf
+AGENT_CONF_BIN= ${CONF_BIN_DIR}/agent-conf
+COMMAND_BIN_DIR= ${BIN_DIR}/command
+
+AR_BIN_DIR= ${OSSEC_DIR}/active-response/bin
+MERGE_CONFIG_BIN= ${AR_BIN_DIR}/merge-config.sh
+
+ETC_DIR= ${OSSEC_DIR}/etc
+OSSEC_CONF_DIR= ${ETC_DIR}/ossec.conf.d
+AGENT_CONF_DIR= ${ETC_DIR}/agent.conf.d
+OSSEC_LOCAL_CONF_DIR= ${OSSEC_CONF_DIR}/disabled
+AGENT_LOCAL_CONF_DIR= ${AGENT_CONF_DIR}/disabled
+OSSEC_SAMPLE_CONF= ${OSSEC_CONF_DIR}/900.local.conf.sample
+COMMAND_CONF_DIR= ${ETC_DIR}
+COMMAND_CONF= ${COMMAND_CONF_DIR}/command.conf.sample
+RULES_DIR= ${OSSEC_DIR}/rules
+
+.if empty(USER)
+USER=$$(${ID} -un)
+.endif
+.if empty(GROUP)
+GROUP=$$(${ID} -gn)
+.endif
+
+OSSEC_USER= ossec
+OSSEC_GROUP= ossec
+
+SUB_LIST+= PORTNAME=${PORTNAME} \
+ OSSEC_TYPE=${OSSEC_TYPE} \
+ OSSEC_HOME=${OSSEC_HOME} \
+ VERSION=${PORTVERSION} \
+ USER=${USER} \
+ OSSEC_USER=${OSSEC_USER} \
+ OSSEC_GROUP=${OSSEC_GROUP} \
+ OSSEC_RC=${OSSEC_RC} \
+ FW_DROP=${FW_DROP}
+SUB_FILES= pkg-install \
+ pkg-deinstall \
+ ${PKGMSG_FILES} \
+ ${TEMPL_ENABLED_HEADER} \
+ ${TEMPL_DISABLED_HEADER} \
+ ${TEMPL_SAMPLE_HEADER} \
+ ${TEMPL_PUSHED_ENABLED_HEADER} \
+ ${TEMPL_PUSHED_DISABLED_HEADER} \
+ ${TEMPL_SAMPLE} \
+ merge-config.sh \
+ ossec-conf \
+ command.conf
+.if ${OSSEC_TYPE} == server
+SUB_FILES+= agent-conf
+.endif
+
+.if defined(MAINTAINER_MODE)
+PLIST_SUB= OSSEC_HOME=${PORTNAME}
+.else
+PLIST_SUB= OSSEC_HOME=${OSSEC_HOME}
+.endif
+PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE}
+PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
+PKGMESSAGE= ${WRKDIR}/pkg-message
+PKGMSG_FILES= message-ossec-conf
+.if ${OSSEC_TYPE} == server
+PKGMSG_FILES+= message-agent-conf
+.endif
+
+CONF_GROUPS= RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS
+
+############################################################
+
+.for conf_group in ${CONF_GROUPS}
+. include "${MASTERDIR}/opt-${conf_group:tl}.mk"
+${conf_group}_INSTANCE_OPTIONS=
+${conf_group}_PUSHED_OPTIONS=
+. for option in ${${conf_group}_OPTIONS}
+. if ${${option}_DEFINE:M${OSSEC_TYPE}}
+${conf_group}_INSTANCE_OPTIONS+= ${option}
+${conf_group}_ALL_OPTIONS+= ${option}
+. endif
+. if ${${option}_DEFINE:Mpushed}
+. if ${OSSEC_TYPE} == server
+${conf_group}_PUSHED_OPTIONS+= ${option}
+. endif
+. if !${${conf_group}_ALL_OPTIONS:M${option}}
+${conf_group}_ALL_OPTIONS+= ${option}
+. endif
+. endif
+. endfor
+.endfor
+
+############################################################
+
+CONFIG_PROFILES=
+.for conf_group in ${CONF_GROUPS}
+. if !empty(${conf_group}_PROFILE)
+. if ${OSSEC_TYPE} == agent
+. if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}}
+CONFIG_PROFILES+= ${${conf_group}_PROFILE}
+. endif
+. endif
+SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE}
+. endif
+. for option in ${${conf_group}_ALL_OPTIONS}
+. if !empty(${option}_PROFILE)
+. if ${OSSEC_TYPE} == agent
+. if !${CONFIG_PROFILES:M${${option}_PROFILE}}
+CONFIG_PROFILES+= ${${option}_PROFILE}
+. endif
+. endif
+SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE}
+. endif
+. endfor
+.endfor
+
+.for profile in ${CONFIG_PROFILES}
+. if empty(CONFIG_PROFILE_VALUE)
+CONFIG_PROFILE_VALUE:= ${profile}
+. else
+CONFIG_PROFILE_VALUE:= ${CONFIG_PROFILE_VALUE}, ${profile}
+. endif
+.endfor
+SUB_LIST+= CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}"
+
+############################################################
+
+.for conf_group in ${CONF_GROUPS}
+. for option in ${${conf_group}_ALL_OPTIONS}
+. if !defined(${option}_TEMPLATE)
+${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml
+. endif
+. if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}}
+SUB_FILES+= ${${option}_TEMPLATE}
+. endif
+. endfor
+.endfor
+
+.for file_name in ${RULES_FILES}
+SUB_FILES+= rules-${file_name}.xml
+.endfor
+
+.for file_name in ${CMDOUT_SCRIPTS}
+SUB_FILES+= command-${file_name}.sh
+.endfor
+
+############################################################
+
+.for conf_group in ${CONF_GROUPS}
+. for option in ${${conf_group}_INSTANCE_OPTIONS}
+. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
+${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
+${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
+. elif !empty(${option}_OPTION)
+OPTIONS_GROUP_G_${conf_group}+= ${${option}_OPTION}
+${${option}_OPTION}_DESC= ${${option}_DESC}
+. if ${${option}_DEFAULT:M${OSSEC_TYPE}}
+OPTIONS_DEFAULT+= ${${option}_OPTION}
+. endif
+${${option}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
+${${option}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
+. endif
+. endfor
+. if !empty(OPTIONS_GROUP_G_${conf_group})
+OPTIONS_GROUP+= G_${conf_group}
+G_${conf_group}_DESC= ${${conf_group}_DESC}
+. endif
+.endfor
+
+############################################################
+
+.for conf_group in ${CONF_GROUPS}
+. for option in ${${conf_group}_PUSHED_OPTIONS}
+. if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}}
+${${${option}_DEPENDS}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
+${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
+. elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
+${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
+${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
+. elif !empty(${option}_OPTION)
+OPTIONS_GROUP_G_${conf_group}_P+= ${${option}_OPTION}_P
+${${option}_OPTION}_P_DESC= ${${option}_DESC}
+. if !empty(${option}_PROFILE)
+${${option}_OPTION}_P_DESC+= (profile: ${${option}_PROFILE})
+. endif
+. if ${${option}_DEFAULT:Mpushed}
+OPTIONS_DEFAULT+= ${${option}_OPTION}_P
+. endif
+${${option}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
+${${option}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
+. endif
+. endfor
+. if !empty(OPTIONS_GROUP_G_${conf_group}_P)
+OPTIONS_GROUP+= G_${conf_group}_P
+G_${conf_group}_P_DESC= Pushed ${${conf_group}_DESC}
+. if !empty(${conf_group}_PROFILE)
+G_${conf_group}_P_DESC+= (profile: ${${conf_group}_PROFILE})
+. endif
+. endif
+.endfor
+
+############################################################
+
+.include <bsd.port.pre.mk>
+
+show-opts:
+.for conf_group in ${CONF_GROUPS}
+ @${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}"
+. for option in ${${conf_group}_INSTANCE_OPTIONS}
+ @${ECHO_CMD} " ${option}: ${${option}_DESC}"
+. if empty(${option}_TEMPLATE)
+ @${ECHO_CMD} " Template: -"
+. else
+ @${ECHO_CMD} " Template: ${${option}_TEMPLATE}"
+. endif
+. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
+ @${ECHO_CMD} " Enabled: true"
+. endif
+. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
+ @${ECHO_CMD} " Enabled: false"
+. endif
+. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
+ @${ECHO_CMD} " Pushed: true"
+. endif
+. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
+ @${ECHO_CMD} " Pushed: false"
+. endif
+. endfor
+.endfor
+
+pre-install:
+ @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \
+ ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \
+ ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
+ @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \
+ ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \
+ ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
+
+ossec-dirs:
+ @${MKDIR} ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR}
+.if ${OSSEC_TYPE} != agent
+ @${MKDIR} ${RULES_DIR}
+.endif
+.if ${OSSEC_TYPE} == server
+ @${MKDIR} ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
+.endif
+
+ossec-scripts:
+ @${CP} ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN}
+.if ${OSSEC_TYPE} == server
+ @${CP} ${WRKDIR}/agent-conf ${AGENT_CONF_BIN}
+.endif
+.for file_name in ${CMDOUT_SCRIPTS}
+ @${CP} ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh
+.endfor
+ @${CP} ${WRKDIR}/command.conf ${COMMAND_CONF}
+ @${CP} ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN}
+
+ossec-rules:
+.if ${OSSEC_TYPE} != agent
+. for file_name in ${RULES_FILES}
+ @${SED} -e 's|<?xml.*?>||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml
+. endfor
+.endif
+
+ossec-conf-managed:
+.for conf_group in ${CONF_GROUPS}
+. if !empty(${conf_group}_INSTANCE_OPTIONS)
+ @${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+. if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED)
+. for option in ${${conf_group}_INSTANCE_OPTIONS}
+. if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
+. if !empty(${option}_TEMPLATE)
+ @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+ @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+ @${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+. endif
+. endif
+. endfor
+. endif
+. endif
+.endfor
+
+ossec-conf-local:
+.for conf_group in ${CONF_GROUPS}
+. if !empty(${conf_group}_INSTANCE_OPTIONS)
+ @${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+. if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED)
+. for option in ${${conf_group}_INSTANCE_OPTIONS}
+. if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
+. if !empty(${option}_TEMPLATE)
+ @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+ @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+ @${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+. endif
+. endif
+. endfor
+. endif
+. endif
+.endfor
+
+ossec-conf-sample:
+ @${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF}
+ @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
+ @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF}
+ @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
+ @-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \
+ ${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \
+ ${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
+
+agent-conf-managed:
+.for conf_group in ${CONF_GROUPS}
+. if !empty(${conf_group}_PUSHED_OPTIONS)
+ @${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+. if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED)
+. for option in ${${conf_group}_PUSHED_OPTIONS}
+. if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
+. if !empty(${option}_TEMPLATE)
+ @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+ @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+ @${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
+. endif
+. endif
+. endfor
+. endif
+. endif
+.endfor
+
+agent-conf-local:
+.for conf_group in ${CONF_GROUPS}
+. if !empty(${conf_group}_PUSHED_OPTIONS)
+ @${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+. if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED)
+. for option in ${${conf_group}_PUSHED_OPTIONS}
+. if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
+. if !empty(${option}_TEMPLATE)
+ @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+ @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+ @${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
+. endif
+. endif
+. endfor
+. endif
+. endif
+.endfor
+
+do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local
+
+ossec-permissions:
+ @${CHMOD} -R 550 ${OSSEC_DIR}
+ @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/*
+ @${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR}
+.if ${OSSEC_TYPE} != agent
+ @${CHMOD} 640 ${RULES_DIR}/*
+.endif
+.if ${OSSEC_TYPE} == server
+ @${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/*
+ @${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
+.endif
+.if defined(MAINTAINER_MODE)
+ @${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
+ @${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
+.endif
+
+post-install: ossec-permissions
+ @${ECHO_CMD} -n > ${PKGMESSAGE}
+.for file_name in ${PKGMSG_FILES}
+ @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
+ @${ECHO_CMD} >> ${PKGMESSAGE}
+.endfor
+
+.if defined(MAINTAINER_MODE)
+plist: makeplist
+ @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
+
+rules: extract
+ @${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
+.endif
+
+.include <bsd.port.post.mk>
Added: head/security/ossec-hids-local-config/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/distinfo Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1539459620
+SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
+SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469
Added: head/security/ossec-hids-local-config/files/agent-conf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/agent-conf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+
+agent_conf_dir="${ossec_home}/etc/agent.conf.d"
+agent_conf_files="${agent_conf_dir}/*.conf"
+
+select_elements() {
+ local element="$1"
+ sed -n "/<${element}.*>/,/<\/${element}>/p"
+}
+
+remove_comments() {
+ # Comments must be on separate lines i.e. not next to uncommented code
+ awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
+}
+
+remove_empty_lines() {
+ sed '/^\s*$/d'
+}
+
+agent_conf() {
+
+ echo "<!-- OSSEC HIDS %%VERSION%% -->"
+ echo
+ echo "<!-- DO NOT EDIT - file generated automatically - edit \"agent.conf.d/900.local.conf\" instead -->"
+ echo
+
+ cat $@ | remove_comments | select_elements "agent_config" | remove_empty_lines
+}
+
+agent_conf "${agent_conf_files}"
Added: head/security/ossec-hids-local-config/files/command-last-logins.sh.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/command-last-logins.sh.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+ossec_home="%%OSSEC_HOME%%"
+. "${ossec_home}/etc/command.conf"
+
+last -n ${last_logins}
Added: head/security/ossec-hids-local-config/files/command-open-ports.sh.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/command-open-ports.sh.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+family=$1
+protocol=$2
+ports=$3
+
+if [ -z "${ports}" ]; then
+ privileged_ports="1-$((`sysctl -n net.inet.ip.portrange.first` - 1))"
+
+ ossec_home="%%OSSEC_HOME%%"
+ . "${ossec_home}/etc/command.conf"
+
+ ports="privileged_${protocol}_ports"
+ eval ports=\$${ports}
+fi
+
+sockstat -l -${family} -P ${protocol} -p ${ports} | grep -Eo '[^[:space:]]+:[0-9]+' | sort -u
Added: head/security/ossec-hids-local-config/files/command.conf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/command.conf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+last_logins=5
+
+privileged_tcp_ports=${privileged_ports},10050-10051
+privileged_udp_ports=${privileged_ports}
Added: head/security/ossec-hids-local-config/files/merge-config.sh.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/merge-config.sh.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+ossec_rc="%%OSSEC_RC%%"
+
+ACTION=$1
+USER=$2
+IP=$3
+
+LOCAL=`dirname $0`;
+cd $LOCAL
+cd ../../tmp
+
+# Logging the call
+echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log"
+
+case ${ACTION} in
+ add)
+ "${ossec_rc}" merge_config
+ exit 0
+ ;;
+ delete)
+ exit 0
+ ;;
+ *)
+ echo "$0: invalid action: ${ACTION}"
+ exit 1
+ ;;
+esac
Added: head/security/ossec-hids-local-config/files/message-agent-conf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/message-agent-conf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,3 @@
+The "agent.conf" must no longer be used for configuration. It will be
+overwritten by merged "*.conf" files from the configuration directory:
+%%OSSEC_HOME%%/etc/agent.conf.d
Added: head/security/ossec-hids-local-config/files/message-ossec-conf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/message-ossec-conf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,3 @@
+The "ossec.conf" must no longer be used for configuration. It will be
+overwritten by merged "*.conf" files from the configuration directory:
+%%OSSEC_HOME%%/etc/ossec.conf.d
Added: head/security/ossec-hids-local-config/files/message-pf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/message-pf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,4 @@
+Add the ossec_fwtable to /etc/pf.conf if using "firewall-drop" active response:
+ table <ossec_fwtable> persist
+ block in quick from <ossec_fwtable> to any
+ block out quick from any to <ossec_fwtable>
Added: head/security/ossec-hids-local-config/files/ossec-conf.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/ossec-conf.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+
+ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
+ossec_conf_files="${ossec_conf_dir}/*.conf"
+
+select_elements_content() {
+ local element="$1"
+ sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }"
+}
+
+remove_elements() {
+ local element="$1"
+ sed -e "/<${element}>/,/<\/${element}>/d"
+}
+
+remove_comments() {
+ # Comments must be on separate lines i.e. not next to uncommented code
+ awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
+}
+
+remove_empty_lines() {
+ sed '/^\s*$/d'
+}
+
+ossec_conf() {
+ echo "<!-- OSSEC HIDS %%VERSION%% -->"
+ echo
+ echo "<!-- DO NOT EDIT - file generated automatically - edit \"ossec.conf.d/900.local.conf\" instead -->"
+ echo
+ echo "<ossec_config>"
+
+ if [ "${ossec_type}" != "agent" ]; then
+ if cat $@ | remove_comments | grep -q "<rules>"; then
+ echo " <rules>"
+ cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines
+ echo " </rules>"
+ fi
+ fi
+
+ if cat $@ | remove_comments | grep -q "<rootcheck>"; then
+ echo " <rootcheck>"
+ cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines
+ echo " </rootcheck>"
+ fi
+
+ if cat $@ | remove_comments | grep -q "<syscheck>"; then
+ echo " <syscheck>"
+ cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines
+ echo " </syscheck>"
+ fi
+
+ cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" | remove_elements "syscheck" | remove_empty_lines
+
+ echo "</ossec_config>"
+}
+
+ossec_conf "${ossec_conf_files}"
Added: head/security/ossec-hids-local-config/files/pkg-deinstall.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/pkg-deinstall.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+ossec_home="%%OSSEC_HOME%%"
+ossec_conf="${ossec_home}/etc/ossec.conf"
+agent_conf="${ossec_home}/etc/shared/agent.conf"
+
+if [ "$2" == "DEINSTALL" ]; then
+ rm -f "${ossec_conf}"
+ rm -f "${agent_conf}"
+fi
Added: head/security/ossec-hids-local-config/files/pkg-install.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/pkg-install.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+ossec_home="%%OSSEC_HOME%%"
+ar_bin_dir="${ossec_home}/active-response/bin"
+ossec_conf="${ossec_home}/etc/ossec.conf"
+ossec_conf_bak="${ossec_conf}.bak"
+agent_conf="${ossec_home}/etc/shared/agent.conf"
+agent_conf_bak="${ossec_home}/etc/agent.conf.bak"
+
+if [ "$2" == "POST-INSTALL" ]; then
+ ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh"
+
+ if [ -e "${ossec_conf}" ]; then
+ mv -f "${ossec_conf}" "${ossec_conf_bak}"
+ echo
+ echo "WARNING:"
+ echo " Existing \"${ossec_conf}\" has been saved to \"${ossec_conf_bak}\"."
+ echo
+ fi
+
+ case "$1" in
+ ossec-hids-server*)
+ if [ -e "${agent_conf}" ]; then
+ mv -f "${agent_conf}" "${agent_conf_bak}"
+ echo
+ echo "WARNING:"
+ echo " Existing \"${agent_conf}\" has been saved to \"${agent_conf_bak}\"."
+ echo
+ fi
+ ;;
+ esac
+fi
Added: head/security/ossec-hids-local-config/files/rules-cmdout.xml.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/rules-cmdout.xml.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<group name="ossec,">
+
+ <rule id="56041" level="1">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-last-logins'</match>
+ <check_diff />
+ <description>List of the last logged in users.</description>
+ </rule>
+
+ <rule id="56042" level="1">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-tcp4-all'</match>
+ <check_diff />
+ <description>Listening IPv4 TCP port opened or closed.</description>
+ </rule>
+
+ <rule id="56043" level="7">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-tcp4'</match>
+ <check_diff />
+ <description>Listening IPv4 TCP port opened or closed.</description>
+ </rule>
+
+ <rule id="56044" level="1">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-tcp6-all'</match>
+ <check_diff />
+ <description>Listening IPv6 TCP port opened or closed.</description>
+ </rule>
+
+ <rule id="56045" level="7">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-tcp6'</match>
+ <check_diff />
+ <description>Listening IPv6 TCP port opened or closed.</description>
+ </rule>
+
+ <rule id="56046" level="1">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-udp4-all'</match>
+ <check_diff />
+ <description>Listening IPv4 UDP port opened or closed.</description>
+ </rule>
+
+ <rule id="56047" level="7">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-udp4'</match>
+ <check_diff />
+ <description>Listening IPv4 UDP port opened or closed.</description>
+ </rule>
+
+ <rule id="56048" level="1">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-udp6-all'</match>
+ <check_diff />
+ <description>Listening IPv6 UDP port opened or closed.</description>
+ </rule>
+
+ <rule id="56049" level="7">
+ <if_sid>530</if_sid>
+ <match>ossec: output: 'freebsd-open-ports-udp6'</match>
+ <check_diff />
+ <description>Listening IPv6 UDP port opened or closed.</description>
+ </rule>
+
+</group>
Added: head/security/ossec-hids-local-config/files/rules-config.xml.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/rules-config.xml.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<group name="ossec,">
+
+ <rule id="56001" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>%%OSSEC_HOME%%/etc/ossec.conf.d</match>
+ <description>ossec.conf.d has been modified</description>
+ </rule>
+
+ <rule id="56002" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>%%OSSEC_HOME%%/etc/ossec.conf</match>
+ <description>ossec.conf has been modified</description>
+ </rule>
+
+ <rule id="56003" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>/var/ossec/etc/ossec.conf.d</match>
+ <description>ossec.conf.d has been modified</description>
+ </rule>
+
+ <rule id="56004" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>/var/ossec/etc/ossec.conf</match>
+ <description>ossec.conf has been modified</description>
+ </rule>
+
+ <rule id="56021" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>%%OSSEC_HOME%%/etc/agent.conf.d</match>
+ <description>agent.conf.d has been modified</description>
+ </rule>
+
+ <rule id="56022" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>%%OSSEC_HOME%%/etc/shared/agent.conf</match>
+ <description>agent.conf has been modified</description>
+ </rule>
+
+ <rule id="56023" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>/var/ossec/etc/agent.conf.d</match>
+ <description>agent.conf.d has been modified</description>
+ </rule>
+
+ <rule id="56024" level="10" ignore="10">
+ <if_group>syscheck</if_group>
+ <match>/var/ossec/etc/shared/agent.conf</match>
+ <description>agent.conf has been modified</description>
+ </rule>
+
+</group>
Added: head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+ <command>
+ <name>host-deny</name>
+ <executable>host-deny.sh</executable>
+ <expect>srcip</expect>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>firewall-drop</name>
+ <executable>firewall-drop.sh</executable>
+ <expect>srcip</expect>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>disable-account</name>
+ <executable>disable-account.sh</executable>
+ <expect>user</expect>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+ <command>
+ <name>restart-ossec</name>
+ <executable>restart-ossec.sh</executable>
+ <expect></expect>
+ </command>
+
+ <command>
+ <name>route-null</name>
+ <executable>route-null.sh</executable>
+ <expect>srcip</expect>
+ <timeout_allowed>yes</timeout_allowed>
+ </command>
+
+</template_config>
Added: head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in Fri Nov 9 18:52:21 2018 (r484537)
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+ <command>
+ <name>merge-config</name>
+ <executable>merge-config.sh</executable>
+ <expect></expect>
+ </command>
+
+</template_config>
Added: head/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list