diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2020-04-22 14:20:41 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2020-04-22 14:20:41 +0000 |
| commit | dcb93871af521fbf67ce1ffad38a1f7f041e5ec1 (patch) | |
| tree | 4de978a5aab0be019d3072d65d6d8f9b8d1c9b7d /security/bsmtrace3 | |
| parent | d41882f376635478eae947ac14a71302a3810de4 (diff) | |
| download | ports-dcb93871af521fbf67ce1ffad38a1f7f041e5ec1.tar.gz ports-dcb93871af521fbf67ce1ffad38a1f7f041e5ec1.zip | |
[NEW] security/bsmtrace3: BSM based intrusion detection system
bsmtrace is a BSM based intrusion detection system, utilizing audit trails
and real-time audit event analysis through auditpipe(4). This host based
IDS operates using a finite state machine principles with a flexible
sequence driven signature system.
WWW: https://www.github.com/openbsm/bsmtrace
This is a repocopy of security/bsmtrace, updated to recently-released 3.x.
There are breaking changes between 1.x and 3.x, so it was decided to create
a new port to give consumers some time to update their configs. The old
security/bsmtrace should be deprecated in fairly short order, after
bsmtrace3 has received a little bit of soak time in ports.
bsmtrace 3.x, compared to the previous port, offers following new features:
- Set arrays will now resize on the fly, so the size limits should be no
more
- Logging channels have been removed, there's now one `logfile` directive
that can be applied at the global level to switch the logfile, assuming
the -l logdir option is in use
- Other config files can now be included with the 'include' directive; globs
are not currently supported, paths are relative to the primary config
file
- Sequences can now be configured to match on the jail name with the
per-sequence `zone` directive; valid values are: any, none, or a glob
string that matches the jail name.
Any = any jail, not the host. None = Only the host, no jails.
Other points:
- The Makefile patch is no longer needed as PCRE is now a mandatory
dependency.
- The dprintf(3) conflict is no more, so the rest of the patches also
disappear.
- This port now installs manpages to ${PREFIX}/share/man as per recent
guidelines to reflect base hierarchy.
- MAINTAINER remains csjp with the OpenBSM/TrustedBSD project.
Approved by: koobs (mentor)
Differential Revision: https://reviews.freebsd.org/D24437
Notes
Notes:
svn path=/head/; revision=532477
Diffstat (limited to 'security/bsmtrace3')
| -rw-r--r-- | security/bsmtrace3/Makefile | 44 | ||||
| -rw-r--r-- | security/bsmtrace3/distinfo | 3 | ||||
| -rw-r--r-- | security/bsmtrace3/files/pkg-message.in | 10 | ||||
| -rw-r--r-- | security/bsmtrace3/pkg-descr | 6 | ||||
| -rw-r--r-- | security/bsmtrace3/pkg-plist | 4 |
5 files changed, 67 insertions, 0 deletions
diff --git a/security/bsmtrace3/Makefile b/security/bsmtrace3/Makefile new file mode 100644 index 000000000000..7d08d088607a --- /dev/null +++ b/security/bsmtrace3/Makefile @@ -0,0 +1,44 @@ +# $FreeBSD$ + +PORTNAME= bsmtrace +PORTVERSION= 3.0 +DISTVERSIONPREFIX= v +CATEGORIES= security +PKGNAMESUFFIX= 3 + +MAINTAINER= csjp@FreeBSD.org +COMMENT= BSM based intrusion detection system + +LICENSE= BSD2CLAUSE + +LIB_DEPENDS= libpcre.so:devel/pcre + +CONFLICTS_INSTALL= bsmtrace-[0-9]* + +USE_GITHUB= yes +GH_ACCOUNT= openbsm + +SUB_FILES= pkg-message + +MAKE_JOBS_UNSAFE= yes + +OPTIONS_DEFINE= EXAMPLES + +pre-build: + ${REINPLACE_CMD} -e \ + 's,/etc/bsmtrace.conf,${PREFIX}/etc/bsmtrace.conf,' \ + ${WRKSRC}/config.h + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin + + ${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.1 \ + ${STAGEDIR}${MAN1PREFIX}/share/man/man1 + ${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.conf.5 \ + ${STAGEDIR}${MAN5PREFIX}/share/man/man5 + +do-install-EXAMPLES-on: + @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} + ${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf ${STAGEDIR}${EXAMPLESDIR} + +.include <bsd.port.mk> diff --git a/security/bsmtrace3/distinfo b/security/bsmtrace3/distinfo new file mode 100644 index 000000000000..8298441ebc65 --- /dev/null +++ b/security/bsmtrace3/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1586997209 +SHA256 (openbsm-bsmtrace-v3.0_GH0.tar.gz) = 7b3575cbd2ecb4368221bd8e732f194825e75db44b61cb13c959e1dde3d3c831 +SIZE (openbsm-bsmtrace-v3.0_GH0.tar.gz) = 32679 diff --git a/security/bsmtrace3/files/pkg-message.in b/security/bsmtrace3/files/pkg-message.in new file mode 100644 index 000000000000..711f3e0a2e44 --- /dev/null +++ b/security/bsmtrace3/files/pkg-message.in @@ -0,0 +1,10 @@ +[ +{ type: install + message: <<EOM +Please note a sample configuration file for bsmtrace has been installed +in %%EXAMPLESDIR%%. This file will not be +suitable for your own system, but can be used as a reference to get +started. +EOM +} +] diff --git a/security/bsmtrace3/pkg-descr b/security/bsmtrace3/pkg-descr new file mode 100644 index 000000000000..2efe1b55c30f --- /dev/null +++ b/security/bsmtrace3/pkg-descr @@ -0,0 +1,6 @@ +bsmtrace is a BSM based intrusion detection system, utilizing audit trails +and real-time audit event analysis through auditpipe(4). This host based +IDS operates using a finite state machine principles with a flexible +sequence driven signature system. + +WWW: https://www.github.com/openbsm/bsmtrace diff --git a/security/bsmtrace3/pkg-plist b/security/bsmtrace3/pkg-plist new file mode 100644 index 000000000000..e08d6a3b1e55 --- /dev/null +++ b/security/bsmtrace3/pkg-plist @@ -0,0 +1,4 @@ +sbin/bsmtrace +share/man/man1/bsmtrace.1.gz +share/man/man5/bsmtrace.conf.5.gz +%%EXAMPLESDIR%%/bsmtrace.conf |