svn commit: r511915 - in head/security: . wazuh-agent wazuh-agent/files

Baptiste Daroussin bapt at FreeBSD.org
Mon Oct 7 15:32:05 UTC 2019 

On Fri, Sep 13, 2019 at 07:45:37AM +0000, Bernhard Froehlich wrote:
> Author: decke
> Date: Fri Sep 13 07:45:37 2019
> New Revision: 511915
> URL: https://svnweb.freebsd.org/changeset/ports/511915
> 
> Log:
>   The Wazuh agent runs on the hosts that you want to monitor.
>   It is multi-platform and provides the following capabilities:
>   
>   - Log and data collection
>   - File integrity monitoring
>   - Rootkit and malware detection
>   - Security policy monitoring.
>   - Configuration assessments
>   - Software inventory
>   
>   In addition, it communicates with the Wazuh manager, sending data in near
>   real-time through an encrypted and authenticated channel.
>   
>   WWW: https://github.com/wazuh/wazuh
>   
>   PR:		237900
>   Submitted by:	Michael Muenz <m.muenz at gmail.com>
> 
> Added:
>   head/security/wazuh-agent/
>   head/security/wazuh-agent/Makefile   (contents, props changed)
>   head/security/wazuh-agent/distinfo   (contents, props changed)
>   head/security/wazuh-agent/files/
>   head/security/wazuh-agent/files/patch-src_external_openssl_Makefile   (contents, props changed)
>   head/security/wazuh-agent/pkg-descr   (contents, props changed)
>   head/security/wazuh-agent/pkg-plist   (contents, props changed)
> Modified:
>   head/security/Makefile
> 
> Modified: head/security/Makefile
> ==============================================================================
> --- head/security/Makefile	Fri Sep 13 07:21:51 2019	(r511914)
> +++ head/security/Makefile	Fri Sep 13 07:45:37 2019	(r511915)
> @@ -1307,6 +1307,7 @@
>      SUBDIR += vxquery
>      SUBDIR += w3af
>      SUBDIR += wapiti
> +    SUBDIR += wazuh-agent
>      SUBDIR += webfwlog
>      SUBDIR += webscarab
>      SUBDIR += whatweb
> 
> Added: head/security/wazuh-agent/Makefile
> ==============================================================================
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/wazuh-agent/Makefile	Fri Sep 13 07:45:37 2019	(r511915)
> @@ -0,0 +1,104 @@
> +# $FreeBSD$
> +
> +PORTNAME=	wazuh
> +DISTVERSIONPREFIX=	v
> +DISTVERSION=	3.9.5
> +CATEGORIES=	security
> +MASTER_SITES=	https://packages.wazuh.com/deps/3.9/
> +PKGNAMESUFFIX=	-agent
> +DISTFILES=	cJSON.tar.gz src_cpython.tar.gz curl.tar.gz libdb.tar.gz libffi.tar.gz \
> +		libyaml.tar.gz openssl.tar.gz procps.tar.gz sqlite.tar.gz  zlib.tar.gz \
> +		audit-userspace.tar.gz msgpack.tar.gz
> +DIST_SUBDIR=	${PORTNAME}-${DISTVERSION}
> +EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
> +
> +MAINTAINER=	m.muenz at gmail.com
> +COMMENT=	Security tool to monitor and check logs and intrusions
> +
> +LICENSE=	GPLv2
> +LICENSE_FILE=	${WRKSRC}/LICENSE
> +
> +BUILD_DEPENDS=	curl:ftp/curl
> +RUN_DEPENDS=	curl:ftp/curl
> +
> +USES=		gmake perl5 readline shebangfix uidfix
> +
> +USE_GITHUB=	yes
> +
> +CONFLICTS_INSTALL=	ossec-*
> +
> +SHEBANG_FILES=	${WRKSRC}/contrib/util.sh \
> +		${WRKSRC}/src/external/openssl/Configurations/unix-checker.pm \
> +		${WRKSRC}/src/init/ossec-client.sh \
> +		${WRKSRC}/wodles/oscap/oscap.py \
> +		${WRKSRC}/active-response/*.sh
> +
> +USERS=		ossec ossecm ossecr
> +GROUPS=		ossec
> +
> +OSSEC_GROUP=	ossec
> +OSSEC_USER=	ossec
> +
> +WAZUHPREFIX=	/var/ossec
> +
> +WAZUHMOD750=	/ /logs/ossec /bin /lib /queue /queue/diff /ruleset /ruleset/sca /wodles \
> +		/active-response /active-response/bin /agentless /var /backup /queue/rids \
> +		/wodles/oscap /wodles/oscap/content
> +
> +WAZUHMOD770=	/logs /queue/alerts /queue/ossec /etc /etc/shared /.ssh /var/run /var/upgrade \
> +		/var/wodles /var/incoming
> +
> +# extract all extra distfiles in src/external
> +post-extract:
> +	@for file in ${DISTFILES}; do \
> +		if ! (cd ${WRKSRC}/src/external && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/$$file ${EXTRACT_AFTER_ARGS}); \
> +		then \
> +			exit 1; \
> +		fi; \
> +	done
> +
> +post-patch:
> +	@${REINPLACE_CMD} -e 's|/usr/bin/perl|${PERL}|g' \
> +		${WRKSRC}/src/external/openssl/Makefile \
> +		${WRKSRC}/src/external/openssl/configdata.pm
> +
> +do-build:
> +	@cd ${WRKSRC}/src && ${GMAKE} TARGET=agent
> +
> +do-install:
> +	@for mod750 in ${WAZUHMOD750}; do \
> +		${MKDIR} -m 0750 ${STAGEDIR}${WAZUHPREFIX}$$mod750; \
> +	done
> +
> +	@for mod770 in ${WAZUHMOD770}; do \
> +		${MKDIR} -m 0770 ${STAGEDIR}${WAZUHPREFIX}$$mod770; \
> +	done
> +
> +	${MKDIR} -m 1770 ${STAGEDIR}${WAZUHPREFIX}/tmp
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-logcollector ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-syscheckd ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-execd ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/manage_agents ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/wazuh-modulesd ${STAGEDIR}${WAZUHPREFIX}/bin/
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/ossec-agentd ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/libwazuhext.so ${STAGEDIR}${WAZUHPREFIX}/lib
> +	${INSTALL_PROGRAM} ${WRKSRC}/src/agent-auth ${STAGEDIR}${WAZUHPREFIX}/bin
> +	${CP} ${WRKSRC}/active-response/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
> +	${CP} ${WRKSRC}/active-response/firewalls/*.sh ${STAGEDIR}${WAZUHPREFIX}/active-response/bin/
> +	${CP} ${WRKSRC}/etc/internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/
> +	${CP} ${WRKSRC}/etc/local_internal_options.conf ${STAGEDIR}${WAZUHPREFIX}/etc/local_internal_options.conf
> +	${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf
> +	${CP} ${WRKSRC}/etc/ossec-agent.conf ${STAGEDIR}${WAZUHPREFIX}/etc/ossec.conf.sample
> +	${CP} /dev/null ${STAGEDIR}${WAZUHPREFIX}/etc/client.keys
> +	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.log
> +	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/ossec.json
> +	${INSTALL_SCRIPT} /dev/null ${STAGEDIR}${WAZUHPREFIX}/logs/active-responses.log
> +	${INSTALL_SCRIPT} ${WRKSRC}/contrib/util.sh ${STAGEDIR}${WAZUHPREFIX}/bin/
> +	${INSTALL_SCRIPT} ${WRKSRC}/src/init/ossec-client.sh ${STAGEDIR}${WAZUHPREFIX}/bin/ossec-control
> +	${INSTALL_SCRIPT} ${WRKSRC}/src/agentlessd/scripts/* ${STAGEDIR}${WAZUHPREFIX}/agentless/
> +	${INSTALL_SCRIPT} ${WRKSRC}/src/rootcheck/db/*.txt ${STAGEDIR}${WAZUHPREFIX}/etc/shared/
> +	${INSTALL_SCRIPT} ${WRKSRC}/etc/wpk_root.pem ${STAGEDIR}${WAZUHPREFIX}/etc/
> +	${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/oscap.py ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
> +	${INSTALL_SCRIPT} ${WRKSRC}/wodles/oscap/template_*.xsl ${STAGEDIR}${WAZUHPREFIX}/wodles/oscap
> +
> +.include <bsd.port.mk>
> 
> Added: head/security/wazuh-agent/distinfo
> ==============================================================================
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/wazuh-agent/distinfo	Fri Sep 13 07:45:37 2019	(r511915)
> @@ -0,0 +1,27 @@
> +TIMESTAMP = 1568194130
> +SHA256 (wazuh-3.9.5/cJSON.tar.gz) = 8c517c658209cb96c2dcdfdd6bf7bb434adfb2fff3484b3464d2750cafd74e76
> +SIZE (wazuh-3.9.5/cJSON.tar.gz) = 20001
> +SHA256 (wazuh-3.9.5/src_cpython.tar.gz) = 7df9bf6560b77de0ab0279cb0b9e1f51dd28d0d20c26f640feab976208daf2d7
> +SIZE (wazuh-3.9.5/src_cpython.tar.gz) = 78209203
> +SHA256 (wazuh-3.9.5/curl.tar.gz) = 78ad4a75fec89dd83c75cf35203c1c757c21cb2a6ff574647b13bf86c8798d66
> +SIZE (wazuh-3.9.5/curl.tar.gz) = 3692998
> +SHA256 (wazuh-3.9.5/libdb.tar.gz) = 885f01aebcca995bcef48d8dc47acb8c4bd5eab06ec188e76cb5863e4f9b2d9b
> +SIZE (wazuh-3.9.5/libdb.tar.gz) = 4283467
> +SHA256 (wazuh-3.9.5/libffi.tar.gz) = 0e971f64bacc22094e89f034bba075b40ecc2c2c2900eecd7ae85815fd6c9f69
> +SIZE (wazuh-3.9.5/libffi.tar.gz) = 964576
> +SHA256 (wazuh-3.9.5/libyaml.tar.gz) = 35daad608b372d5ce099f738c0f21bfcc03d6920d92f448386c584e664f1376a
> +SIZE (wazuh-3.9.5/libyaml.tar.gz) = 424656
> +SHA256 (wazuh-3.9.5/openssl.tar.gz) = ed55973f4b604b9c27bb660fcdf85f69335b80b07c3bf4c63528ed8fcd74a678
> +SIZE (wazuh-3.9.5/openssl.tar.gz) = 5603935
> +SHA256 (wazuh-3.9.5/procps.tar.gz) = 87336a7860f5116ac5c5222b6b0d5c892e202ce136947e4776037bb7670ce6e2
> +SIZE (wazuh-3.9.5/procps.tar.gz) = 55692
> +SHA256 (wazuh-3.9.5/sqlite.tar.gz) = 23e109ee91ed16b4a95b2d361ecfd82820842fc337a80aa8032590b96eebddd2
> +SIZE (wazuh-3.9.5/sqlite.tar.gz) = 1980218
> +SHA256 (wazuh-3.9.5/zlib.tar.gz) = ddbeac924cc7fc3274ad0d5cfcf2a72792f0500e9607c65d02e8753f3a510a01
> +SIZE (wazuh-3.9.5/zlib.tar.gz) = 643568
> +SHA256 (wazuh-3.9.5/audit-userspace.tar.gz) = e82a32e5edf93b055160e14bc97f41dead39287925851dc80a7638e2d4d30434
> +SIZE (wazuh-3.9.5/audit-userspace.tar.gz) = 1682820
> +SHA256 (wazuh-3.9.5/msgpack.tar.gz) = 06d63bcf32896cd0af5480c401134b1ad1c166fd84ebe5b486e792101ee854e2
> +SIZE (wazuh-3.9.5/msgpack.tar.gz) = 591294
> +SHA256 (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 3761377e6e0f639c9b4542a72a5519f36323a251f04eddaf802205ebded42334
> +SIZE (wazuh-3.9.5/wazuh-wazuh-v3.9.5_GH0.tar.gz) = 14789176
> 
It sounds like a long list of bundle stuff which is not exactly fitting with our
policy... which includes some scary stuff like openssl, libyaml, zlib, libcurl.
probably we will benefit in the maintenance to unbundle all of this.

Best regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20191007/cd28053d/attachment-0001.sig>

More information about the svn-ports-head mailing list