diff options
| author | Matthew Seaman <matthew@FreeBSD.org> | 2016-04-21 19:37:11 +0000 |
|---|---|---|
| committer | Matthew Seaman <matthew@FreeBSD.org> | 2016-04-21 19:37:11 +0000 |
| commit | 14bb261c9439a9a2f875b61ae63f55764561bff9 (patch) | |
| tree | a9b1bf886adb7439671d058e22b8c0aec28f45e7 /security/ossec-hids-server | |
| parent | 75ec9bb58768c4833a6bff63ccc73132cf0ffe80 (diff) | |
* Modernize OPTIONS handling somewhat: this fixes compilation when
either the MYSQL or PGSQL options are enabled
* Add OPTION-dependent targets to install the postgresql or mysql DB
schemas as portdocs when either of those two options are enabled.
* Add a patch for the DB schemas to allow for longer entries in the
system.information column (submitted upstream and committed as
https://github.com/ossec/ossec-hids/commit/7a4b0d32e2b67bbef5d68dd7aeeee4e70b9c1982
* Add a 'reload' command to the ossec-hids RC script
* Update to version 2.8.3
* Generally update patch files via 'make makepatch'
* Change expect scripts used by agentlessd to group ossec so they are
executable by the ossec user.
* Use shebangfix to set an explicit path to where expect is installed,
since it isn't on the default path inherited from the system init
scripts, so /usr/bin/env doesn't find the command interpreter.
* Change CONFLICTS to CONFLICTS_INSTALL between each of the the
ossec-hids-{client,local,server} ports.
DB changes compile tested with postgresql and mysql, but only
thoroughly run-time tested with postgresql.
PR: 208935
Submitted by: matthew
Approved by: brd (maintainer)
Notes
Notes:
svn path=/head/; revision=413754
Diffstat (limited to 'security/ossec-hids-server')
10 files changed, 106 insertions, 46 deletions
diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile index 1be5be9866ea..8af7a71fdb36 100644 --- a/security/ossec-hids-server/Makefile +++ b/security/ossec-hids-server/Makefile @@ -2,7 +2,8 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 2.8.2 +PORTVERSION= 2.8.3 +DISTVERSIONPREFIX= v PORTREVISION?= 0 CATEGORIES= security USE_GITHUB= yes @@ -28,41 +29,57 @@ GROUPS= ossec .if !defined(CLIENT_ONLY) OPTIONS_DEFINE= MYSQL PGSQL + +MYSQL_VARS= WITH_DB=yes +MYSQL_USE= MYSQL=client +MYSQL_PORTDOCS= mysql.schema + +PGSQL_VARS= WITH_DB=yes +PGSQL_USES= pgsql +PGSQL_PORTDOCS= postgresql.schema + +RUN_DEPENDS= expect:lang/expect + +USES+= shebangfix +SHEBANG_LANG= expect +expect_OLD_CMD= "/usr/bin/env expect" +expect_CMD= ${LOCALBASE}/bin/expect +SHEBANG_FILES= src/agentlessd/scripts/main.exp \ + src/agentlessd/scripts/ssh.exp \ + src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ + src/agentlessd/scripts/ssh_foundry_diff \ + src/agentlessd/scripts/ssh_generic_diff \ + src/agentlessd/scripts/ssh_integrity_check_bsd \ + src/agentlessd/scripts/ssh_integrity_check_linux \ + src/agentlessd/scripts/ssh_nopass.exp \ + src/agentlessd/scripts/ssh_pixconfig_diff \ + src/agentlessd/scripts/sshlogin.exp \ + src/agentlessd/scripts/su.exp .endif OPTIONS_DEFINE+= DOCS SUB_LIST= PORTNAME=${PORTNAME} SUB_FILES= pkg-message PLIST_SUB= PORTNAME=${PORTNAME} -PORTDOCS= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE +DOCSFILES= BUGS CONFIG CONTRIBUTORS INSTALL LICENSE +PORTDOCS= ${DOCSFILES} .include <bsd.port.pre.mk> -.if !defined(CLIENT_ONLY) -.if ${PORT_OPTIONS:MMYSQL} -WITH_DB= yes -USE_MYSQL= client -.endif - -.if ${PORT_OPTIONS:MPGSQL} -WITH_DB= yes -USES+= pgsql -.endif -.endif STRIP_FILES= ossec-luac agent_control ossec-lua ossec-dbd ossec-regex ossec-monitord ossec-makelists verify-agent-conf ossec-analysisd ossec-agentlessd syscheck_control ossec-execd manage_agents ossec-csyslogd ossec-syscheckd ossec-logtest ossec-authd ossec-logcollector list_agents ossec-maild clear_stats ossec-remoted ossec-reportd rootcheck_control syscheck_update .if defined(CLIENT_ONLY) SUB_LIST+= PRECMD=: PKGNAMESUFFIX= -client -CONFLICTS= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]* +CONFLICTS_INSTALL= ossec-hids-server-[0-9]* ossec-hids-local-[0-9]* STRIP_FILES= agent-auth manage_agents ossec-agentd ossec-execd ossec-logcollector ossec-lua ossec-luac ossec-syscheckd .elif defined(LOCAL_ONLY) SUB_LIST+= PRECMD=ossechids_start_precmd PKGNAMESUFFIX= -local -CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]* +CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-server-[0-9]* .else SUB_LIST+= PRECMD=ossechids_start_precmd -CONFLICTS= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]* +CONFLICTS_INSTALL= ossec-hids-client-[0-9]* ossec-hids-local-[0-9]* .endif post-patch: @@ -116,6 +133,14 @@ do-install: post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} - @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} + +post-install-MYSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/mysql.schema ${STAGEDIR}${DOCSDIR} + +post-install-PGSQL-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/postgresql.schema ${STAGEDIR}${DOCSDIR} .include <bsd.port.post.mk> diff --git a/security/ossec-hids-server/distinfo b/security/ossec-hids-server/distinfo index cd9547432fc7..381d17d3ece7 100644 --- a/security/ossec-hids-server/distinfo +++ b/security/ossec-hids-server/distinfo @@ -1,2 +1,2 @@ -SHA256 (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 61e0892175a79fe119c8bab886cd41fcc3be9b84526600b06c18fa178a59cb34 -SIZE (ossec-ossec-hids-2.8.2_GH0.tar.gz) = 1635142 +SHA256 (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd +SIZE (ossec-ossec-hids-v2.8.3_GH0.tar.gz) = 1642095 diff --git a/security/ossec-hids-server/files/ossec-hids.in b/security/ossec-hids-server/files/ossec-hids.in index bd6c7e96f360..0ef8d6cf2bf4 100644 --- a/security/ossec-hids-server/files/ossec-hids.in +++ b/security/ossec-hids-server/files/ossec-hids.in @@ -21,12 +21,16 @@ start_cmd="ossechids_command start" stop_cmd="ossechids_command stop" restart_cmd="ossechids_command restart" status_cmd="ossechids_command status" +reload_cmd="ossechids_command reload" command="%%PREFIX%%/%%PORTNAME%%/bin/ossec-control" required_files="%%PREFIX%%/%%PORTNAME%%/etc/ossec.conf" +extra_commands="reload" fts_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/fts-queue ig_queue=%%PREFIX%%/%%PORTNAME%%/queue/fts/ig-queue +ossec_log=%%PREFIX%%/%%PORTNAME%%/logs/ossec.log +active_responses_log=%%PREFIX%%/%%PORTNAME%%/logs/active-responses.log ossechids_start_precmd() { # These files are not created by the daemons with the correct @@ -43,6 +47,15 @@ ossechids_start_precmd() { chown ${ossechids_user}:${ossechids_group} ${ig_queue} chmod 640 ${ig_queue} fi + + # Ensure logfiles are created with the correct ownership and mode + for log in ${ossec_log} ${active_responses_log}; do + if [ ! -e ${log} ]; then + touch ${log} + chown ${ossechids_user}:${ossechids_group} ${log} + chmod 660 ${log} + fi + done } ossechids_command() { diff --git a/security/ossec-hids-server/files/patch-src__InstallAgent.sh b/security/ossec-hids-server/files/patch-src__InstallAgent.sh index 171900723779..86e4dfad9e9f 100644 --- a/security/ossec-hids-server/files/patch-src__InstallAgent.sh +++ b/security/ossec-hids-server/files/patch-src__InstallAgent.sh @@ -1,4 +1,4 @@ ---- src/InstallAgent.sh.orig 2015-06-10 15:38:32 UTC +--- src/InstallAgent.sh.orig 2015-10-12 21:21:06 UTC +++ src/InstallAgent.sh @@ -37,11 +37,11 @@ fi @@ -41,7 +41,7 @@ chmod -R 750 ${DIR}/queue/diff chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 -@@ -129,8 +124,7 @@ chmod 740 ${DIR}/queue/diff/* > /dev/nul +@@ -131,8 +126,7 @@ chmod 1550 ${DIR}/tmp # For the etc dir @@ -51,7 +51,7 @@ ls /etc/localtime > /dev/null 2>&1 if [ $? = 0 ]; then -@@ -142,13 +136,11 @@ if [ "$UNAME" = "SunOS" ]; then +@@ -144,13 +138,11 @@ if [ "$UNAME" = "SunOS" ]; then mkdir -p ${DIR}/usr/share/lib/zoneinfo/ chmod -R 555 ${DIR}/usr/ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ @@ -65,7 +65,7 @@ chmod 555 ${DIR}/etc/TIMEZONE fi -@@ -168,25 +160,17 @@ cp -pr ../etc/local_internal_options.con +@@ -170,25 +162,17 @@ cp -pr ../etc/local_internal_options.con cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 cp -pr agentlessd/scripts/* ${DIR}/agentless/ @@ -93,7 +93,7 @@ # Moving the binary files -@@ -200,7 +184,6 @@ cp -pr addagent/manage_agents ${DIR}/bin +@@ -202,7 +186,6 @@ cp -pr addagent/manage_agents ${DIR}/bin cp -pr ../contrib/util.sh ${DIR}/bin/ cp -pr external/lua/src/ossec-lua ${DIR}/bin/ cp -pr external/lua/src/ossec-luac ${DIR}/bin/ @@ -101,7 +101,7 @@ chmod +x ${DIR}/bin/util.sh # Copying active response modules -@@ -208,10 +191,8 @@ sh ./init/fw-check.sh execute > /dev/nul +@@ -210,10 +193,8 @@ sh ./init/fw-check.sh execute > /dev/nul cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ chmod 755 ${DIR}/active-response/bin/* @@ -113,7 +113,7 @@ # Moving the config file -@@ -227,7 +208,6 @@ if [ $? = 0 ]; then +@@ -229,7 +210,6 @@ if [ $? = 0 ]; then else cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf fi diff --git a/security/ossec-hids-server/files/patch-src__InstallServer.sh b/security/ossec-hids-server/files/patch-src__InstallServer.sh index 860546201835..608ab43c4851 100644 --- a/security/ossec-hids-server/files/patch-src__InstallServer.sh +++ b/security/ossec-hids-server/files/patch-src__InstallServer.sh @@ -1,4 +1,4 @@ ---- src/InstallServer.sh.orig 2015-06-10 15:38:32 UTC +--- src/InstallServer.sh.orig 2015-10-12 21:21:06 UTC +++ src/InstallServer.sh @@ -44,13 +44,13 @@ fi @@ -21,7 +21,7 @@ elif [ "$UNAME" = "SunOS" ]; then grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -@@ -121,63 +121,47 @@ for i in ${subdirs}; do +@@ -121,66 +121,49 @@ for i in ${subdirs}; do done # Default for all directories @@ -70,6 +70,10 @@ chmod -R 750 ${DIR}/queue/agentless chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 +-chown -R root:${GROUP} ${DIR}/tmp +-chmod 1550 ${DIR}/tmp ++chmod 1750 ${DIR}/tmp + # For the stats directory -chown -R ${USER}:${GROUP} ${DIR}/stats @@ -87,7 +91,7 @@ chmod 660 ${DIR}/logs/active-responses.log # For the rules directory -@@ -195,7 +179,7 @@ if [ $? = 0 ]; then +@@ -198,7 +181,7 @@ if [ $? = 0 ]; then fi fi @@ -96,7 +100,7 @@ find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back -@@ -204,37 +188,33 @@ if [ $? = 0 ]; then +@@ -207,37 +190,33 @@ if [ $? = 0 ]; then mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml fi @@ -138,7 +142,7 @@ # Moving the binary files cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ -@@ -257,7 +237,6 @@ cp -pr util/rootcheck_control ${DIR}/bin +@@ -260,7 +239,6 @@ cp -pr util/rootcheck_control ${DIR}/bin cp -pr external/lua/src/ossec-lua ${DIR}/bin/ cp -pr external/lua/src/ossec-luac ${DIR}/bin/ cp -pr ../contrib/util.sh ${DIR}/bin/ @@ -146,7 +150,7 @@ chmod +x ${DIR}/bin/util.sh # Local install chosen -@@ -287,23 +266,15 @@ fi +@@ -290,23 +268,15 @@ fi cp -pr ../etc/internal_options.conf ${DIR}/etc/ cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/ @@ -172,7 +176,7 @@ rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 chmod 700 ${DIR}/.ssh -@@ -313,11 +284,9 @@ sh ./init/fw-check.sh execute > /dev/nul +@@ -316,11 +286,9 @@ sh ./init/fw-check.sh execute > /dev/nul cp -p ../active-response/*.sh ${DIR}/active-response/bin/ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ @@ -186,7 +190,7 @@ # Moving the config file -@@ -328,12 +297,11 @@ fi +@@ -331,12 +299,11 @@ fi ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then diff --git a/security/ossec-hids-server/files/patch-src__LOCATION b/security/ossec-hids-server/files/patch-src__LOCATION index d63ccade4236..800443b1f7fa 100644 --- a/security/ossec-hids-server/files/patch-src__LOCATION +++ b/security/ossec-hids-server/files/patch-src__LOCATION @@ -1,5 +1,5 @@ ---- ./src/LOCATION.orig 2014-05-22 07:10:57.000000000 -0600 -+++ ./src/LOCATION 2014-07-13 15:24:45.561388082 -0600 +--- src/LOCATION.orig 2015-10-12 21:21:06 UTC ++++ src/LOCATION @@ -1 +1 @@ -DIR="/var/ossec" -+DIR="/usr/local/poudriere/ports/svn/security/ossec-hids-server/work/stage/usr/local/ossec-hids" ++DIR="/usr/ports/security/ossec-hids-server/work/stage/usr/local/ossec-hids" diff --git a/security/ossec-hids-server/files/patch-src__headers__defs.h b/security/ossec-hids-server/files/patch-src__headers__defs.h index 467593078b85..f05c6eaa601b 100644 --- a/security/ossec-hids-server/files/patch-src__headers__defs.h +++ b/security/ossec-hids-server/files/patch-src__headers__defs.h @@ -1,6 +1,6 @@ ---- ./src/headers/defs.h.orig 2014-05-22 07:10:57.000000000 -0600 -+++ ./src/headers/defs.h 2014-07-13 15:24:45.559389869 -0600 -@@ -98,7 +98,7 @@ +--- src/headers/defs.h.orig 2015-10-12 21:21:06 UTC ++++ src/headers/defs.h +@@ -98,7 +98,7 @@ http://www.ossec.net/main/license/\n" #endif #ifndef DEFAULTDIR diff --git a/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema b/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema new file mode 100644 index 000000000000..84bd1eacad49 --- /dev/null +++ b/security/ossec-hids-server/files/patch-src_os__dbd_mysql.schema @@ -0,0 +1,11 @@ +--- src/os_dbd/mysql.schema.orig 2015-10-12 21:21:06 UTC ++++ src/os_dbd/mysql.schema +@@ -45,7 +45,7 @@ CREATE TABLE server + last_contact INT UNSIGNED NOT NULL, + version VARCHAR(32) NOT NULL, + hostname VARCHAR(64) NOT NULL UNIQUE, +- information VARCHAR(128) NOT NULL, ++ information TEXT NOT NULL, + PRIMARY KEY (id) + ); + diff --git a/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema b/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema new file mode 100644 index 000000000000..ddff774c73ed --- /dev/null +++ b/security/ossec-hids-server/files/patch-src_os__dbd_postgresql.schema @@ -0,0 +1,11 @@ +--- src/os_dbd/postgresql.schema.orig 2015-10-12 21:21:06 UTC ++++ src/os_dbd/postgresql.schema +@@ -47,7 +47,7 @@ CREATE TABLE server + last_contact INT8 NOT NULL, + version VARCHAR(32) NOT NULL, + hostname VARCHAR(64) NOT NULL UNIQUE, +- information VARCHAR(128) NOT NULL, ++ information TEXT NOT NULL, + PRIMARY KEY (id) + ); + diff --git a/security/ossec-hids-server/pkg-plist b/security/ossec-hids-server/pkg-plist index 33f306448599..28555aeb1450 100644 --- a/security/ossec-hids-server/pkg-plist +++ b/security/ossec-hids-server/pkg-plist @@ -48,10 +48,6 @@ %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt -@owner ossec -@mode 660 -%%PORTNAME%%/logs/active-responses.log -%%PORTNAME%%/logs/ossec.log @owner @group @mode @@ -116,6 +112,8 @@ %%PORTNAME%%/rules/web_rules.xml %%PORTNAME%%/rules/wordpress_rules.xml %%PORTNAME%%/rules/zeus_rules.xml +@owner root +@group ossec %%PORTNAME%%/agentless/main.exp %%PORTNAME%%/agentless/register_host.sh %%PORTNAME%%/agentless/ssh.exp @@ -128,8 +126,6 @@ %%PORTNAME%%/agentless/ssh_pixconfig_diff %%PORTNAME%%/agentless/sshlogin.exp %%PORTNAME%%/agentless/su.exp -@owner root -@group ossec @mode 550 @dir %%PORTNAME%%/.ssh @dir %%PORTNAME%%/active-response/bin |