diff options
| author | Mathieu Arnold <mat@FreeBSD.org> | 2015-12-21 16:02:55 +0000 |
|---|---|---|
| committer | Mathieu Arnold <mat@FreeBSD.org> | 2015-12-21 16:02:55 +0000 |
| commit | 970c34a2dce757cacb759755edd541172ab8c17b (patch) | |
| tree | 18677fbec3761361adbf6246a0a9cd509847570a /security/ossec-hids-server | |
| parent | d091c3f049294c4008bb55b1ec0fdab2c2ca7653 (diff) | |
| download | ports-970c34a2dce757cacb759755edd541172ab8c17b.tar.gz ports-970c34a2dce757cacb759755edd541172ab8c17b.zip | |
Notes
Diffstat (limited to 'security/ossec-hids-server')
| -rw-r--r-- | security/ossec-hids-server/Makefile | 5 | ||||
| -rw-r--r-- | security/ossec-hids-server/files/patch-src__InstallAgent.sh | 110 | ||||
| -rw-r--r-- | security/ossec-hids-server/files/patch-src__InstallServer.sh | 102 |
3 files changed, 160 insertions, 57 deletions
diff --git a/security/ossec-hids-server/Makefile b/security/ossec-hids-server/Makefile index e9aa5dfe4e71..1be5be9866ea 100644 --- a/security/ossec-hids-server/Makefile +++ b/security/ossec-hids-server/Makefile @@ -101,8 +101,6 @@ do-install: .else @cd ${WRKSRC}/src; ${MAKE} server .endif - -post-install: @${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/etc .for file in ${STRIP_FILES} ${STRIP_CMD} ${STAGEDIR}${PREFIX}/ossec-hids/bin/${file} @@ -116,9 +114,8 @@ post-install: ${CP} ${WRKSRC}/etc/ossec-server.conf ${STAGEDIR}${PREFIX}/${PORTNAME}/etc/ossec.conf.sample .endif -.if ${PORT_OPTIONS:MDOCS} +post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} -.endif .include <bsd.port.post.mk> diff --git a/security/ossec-hids-server/files/patch-src__InstallAgent.sh b/security/ossec-hids-server/files/patch-src__InstallAgent.sh index 93ce504f97fe..171900723779 100644 --- a/security/ossec-hids-server/files/patch-src__InstallAgent.sh +++ b/security/ossec-hids-server/files/patch-src__InstallAgent.sh @@ -1,6 +1,6 @@ ---- ./src/InstallAgent.sh.orig 2014-07-13 15:25:05.161395378 -0600 -+++ ./src/InstallAgent.sh 2014-07-13 15:25:35.972393742 -0600 -@@ -37,11 +37,11 @@ +--- src/InstallAgent.sh.orig 2015-06-10 15:38:32 UTC ++++ src/InstallAgent.sh +@@ -37,11 +37,11 @@ fi # Creating groups/users if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then @@ -17,3 +17,107 @@ elif [ "$UNAME" = "SunOS" ]; then grep "^${USER}" /etc/passwd > /dev/null 2>&1 +@@ -106,22 +106,17 @@ for i in ${subdirs}; do + done + + # Default for all directories +-chmod -R 550 ${DIR} +-chown -R root:${GROUP} ${DIR} ++chmod -R 750 ${DIR} + + # To the ossec queue (default for agentd to read) +-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec + chmod -R 770 ${DIR}/queue/ossec + + # For the logging user +-chown -R ${USER}:${GROUP} ${DIR}/logs + chmod -R 750 ${DIR}/logs + chmod -R 775 ${DIR}/queue/rids + touch ${DIR}/logs/ossec.log +-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log + chmod 664 ${DIR}/logs/ossec.log + +-chown -R ${USER}:${GROUP} ${DIR}/queue/diff + chmod -R 750 ${DIR}/queue/diff + chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 + +@@ -129,8 +124,7 @@ chmod 740 ${DIR}/queue/diff/* > /dev/nul + + + # For the etc dir +-chmod 550 ${DIR}/etc +-chown -R root:${GROUP} ${DIR}/etc ++chmod 750 ${DIR}/etc + + ls /etc/localtime > /dev/null 2>&1 + if [ $? = 0 ]; then +@@ -142,13 +136,11 @@ if [ "$UNAME" = "SunOS" ]; then + mkdir -p ${DIR}/usr/share/lib/zoneinfo/ + chmod -R 555 ${DIR}/usr/ + cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ +- chown -R root:${GROUP} ${DIR}/usr/ + fi + + ls /etc/TIMEZONE > /dev/null 2>&1 + if [ $? = 0 ]; then + cp -p /etc/TIMEZONE ${DIR}/etc/; +- chown root:${GROUP} ${DIR}/etc/TIMEZONE + chmod 555 ${DIR}/etc/TIMEZONE + fi + +@@ -168,25 +160,17 @@ cp -pr ../etc/local_internal_options.con + cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 + cp -pr agentlessd/scripts/* ${DIR}/agentless/ + +-chown root:${GROUP} ${DIR}/etc/internal_options.conf +-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1 +-chown root:${GROUP} ${DIR}/agentless/* +-chown ${USER}:${GROUP} ${DIR}/.ssh +-chown -R root:${GROUP} ${DIR}/etc/shared +- +-chmod 550 ${DIR}/etc ++chmod 750 ${DIR}/etc + chmod 440 ${DIR}/etc/internal_options.conf + chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1 + chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1 + chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it +-chmod 550 ${DIR}/agentless/* ++chmod 750 ${DIR}/agentless/* + chmod 700 ${DIR}/.ssh + + + # For the /var/run + chmod 770 ${DIR}/var/run +-chown root:${GROUP} ${DIR}/var/run + + + # Moving the binary files +@@ -200,7 +184,6 @@ cp -pr addagent/manage_agents ${DIR}/bin + cp -pr ../contrib/util.sh ${DIR}/bin/ + cp -pr external/lua/src/ossec-lua ${DIR}/bin/ + cp -pr external/lua/src/ossec-luac ${DIR}/bin/ +-chown root:${GROUP} ${DIR}/bin/util.sh + chmod +x ${DIR}/bin/util.sh + + # Copying active response modules +@@ -208,10 +191,8 @@ sh ./init/fw-check.sh execute > /dev/nul + cp -pr ../active-response/*.sh ${DIR}/active-response/bin/ + cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ + chmod 755 ${DIR}/active-response/bin/* +-chown root:${GROUP} ${DIR}/active-response/bin/* + +-chown root:${GROUP} ${DIR}/bin/* +-chmod 550 ${DIR}/bin/* ++chmod 750 ${DIR}/bin/* + + + # Moving the config file +@@ -227,7 +208,6 @@ if [ $? = 0 ]; then + else + cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf + fi +-chown root:${GROUP} ${DIR}/etc/ossec.conf + chmod 440 ${DIR}/etc/ossec.conf + + diff --git a/security/ossec-hids-server/files/patch-src__InstallServer.sh b/security/ossec-hids-server/files/patch-src__InstallServer.sh index 83ee92787b5d..860546201835 100644 --- a/security/ossec-hids-server/files/patch-src__InstallServer.sh +++ b/security/ossec-hids-server/files/patch-src__InstallServer.sh @@ -1,6 +1,6 @@ ---- ./src/InstallServer.sh.orig 2014-05-22 07:10:57.000000000 -0600 -+++ ./src/InstallServer.sh 2014-07-13 15:24:45.552390120 -0600 -@@ -44,13 +44,13 @@ +--- src/InstallServer.sh.orig 2015-06-10 15:38:32 UTC ++++ src/InstallServer.sh +@@ -44,13 +44,13 @@ fi # Creating groups/users if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then @@ -21,85 +21,73 @@ elif [ "$UNAME" = "SunOS" ]; then grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 -@@ -123,61 +123,61 @@ +@@ -121,63 +121,47 @@ for i in ${subdirs}; do + done + # Default for all directories - chmod 550 ${DIR} - chmod 550 ${DIR}/* +-chmod 550 ${DIR} +-chmod 550 ${DIR}/* -chown root:${GROUP} ${DIR} -chown root:${GROUP} ${DIR}/* -+#chown root:${GROUP} ${DIR} -+#chown root:${GROUP} ${DIR}/* ++chmod 750 ${DIR} ++chmod 750 ${DIR}/* # AnalysisD needs to write to alerts: log, mail and cmds -chown -R ${USER}:${GROUP} ${DIR}/queue/alerts -+#chown -R ${USER}:${GROUP} ${DIR}/queue/alerts chmod -R 770 ${DIR}/queue/alerts # To the ossec queue (default for analysisd to read) -chown -R ${USER}:${GROUP} ${DIR}/queue/ossec -+#chown -R ${USER}:${GROUP} ${DIR}/queue/ossec chmod -R 770 ${DIR}/queue/ossec # To the ossec fts queue -chown -R ${USER}:${GROUP} ${DIR}/queue/fts -+#chown -R ${USER}:${GROUP} ${DIR}/queue/fts chmod -R 750 ${DIR}/queue/fts chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1 # To the ossec syscheck/rootcheck queue -chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck -+#chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck chmod -R 750 ${DIR}/queue/syscheck chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 -chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck -+#chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck chmod -R 750 ${DIR}/queue/rootcheck chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 -chown ${USER}:${GROUP} ${DIR}/queue/diff -chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1 -+#chown ${USER}:${GROUP} ${DIR}/queue/diff -+#chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1 chmod 750 ${DIR}/queue/diff chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 -chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info -+#chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info chmod -R 750 ${DIR}/queue/agent-info chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1 -chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids -+#chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids chmod -R 750 ${DIR}/queue/rids chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1 -chown -R ${USER}:${GROUP} ${DIR}/queue/agentless -+#chown -R ${USER}:${GROUP} ${DIR}/queue/agentless chmod -R 750 ${DIR}/queue/agentless chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 # For the stats directory -chown -R ${USER}:${GROUP} ${DIR}/stats -+#chown -R ${USER}:${GROUP} ${DIR}/stats chmod -R 750 ${DIR}/stats # For the logging user -chown -R ${USER}:${GROUP} ${DIR}/logs -+#chown -R ${USER}:${GROUP} ${DIR}/logs chmod -R 750 ${DIR}/logs touch ${DIR}/logs/ossec.log -chown ${USER}:${GROUP} ${DIR}/logs/ossec.log -+#chown ${USER}:${GROUP} ${DIR}/logs/ossec.log chmod 660 ${DIR}/logs/ossec.log touch ${DIR}/logs/active-responses.log -chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log -+#chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log chmod 660 ${DIR}/logs/active-responses.log # For the rules directory -@@ -195,7 +195,7 @@ +@@ -195,7 +179,7 @@ if [ $? = 0 ]; then fi fi @@ -108,47 +96,57 @@ find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back -@@ -204,18 +204,18 @@ +@@ -204,37 +188,33 @@ if [ $? = 0 ]; then mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml fi -chown -R root:${GROUP} ${DIR}/rules -+#chown -R root:${GROUP} ${DIR}/rules - chmod -R 550 ${DIR}/rules +-chmod -R 550 ${DIR}/rules ++chmod -R 750 ${DIR}/rules # For the etc dir - chmod 550 ${DIR}/etc +-chmod 550 ${DIR}/etc -chown -R root:${GROUP} ${DIR}/etc -+#chown -R root:${GROUP} ${DIR}/etc ++chmod 750 ${DIR}/etc ls /etc/localtime > /dev/null 2>&1 if [ $? = 0 ]; then cp -pL /etc/localtime ${DIR}/etc/; chmod 440 ${DIR}/etc/localtime - chown root:${GROUP} ${DIR}/etc/localtime -+ #chown root:${GROUP} ${DIR}/etc/localtime fi # Solaris Needs some extra files -@@ -234,7 +234,7 @@ + if [ "$UNAME" = "SunOS" ]; then + mkdir -p ${DIR}/usr/share/lib/zoneinfo/ +- chmod -R 550 ${DIR}/usr/ ++ chmod -R 750 ${DIR}/usr/ + cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ + fi + + ls /etc/TIMEZONE > /dev/null 2>&1 + if [ $? = 0 ]; then + cp -p /etc/TIMEZONE ${DIR}/etc/; +- chmod 550 ${DIR}/etc/TIMEZONE ++ chmod 750 ${DIR}/etc/TIMEZONE + fi + # For the /var/run chmod 770 ${DIR}/var/run -chown root:${GROUP} ${DIR}/var/run -+#chown root:${GROUP} ${DIR}/var/run # Moving the binary files cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ -@@ -257,7 +257,7 @@ +@@ -257,7 +237,6 @@ cp -pr util/rootcheck_control ${DIR}/bin cp -pr external/lua/src/ossec-lua ${DIR}/bin/ cp -pr external/lua/src/ossec-luac ${DIR}/bin/ cp -pr ../contrib/util.sh ${DIR}/bin/ -chown root:${GROUP} ${DIR}/bin/util.sh -+#chown root:${GROUP} ${DIR}/bin/util.sh chmod +x ${DIR}/bin/util.sh # Local install chosen -@@ -287,14 +287,14 @@ +@@ -287,23 +266,15 @@ fi cp -pr ../etc/internal_options.conf ${DIR}/etc/ cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/ @@ -160,30 +158,35 @@ -chown root:${GROUP} ${DIR}/etc/shared/* -chown root:${GROUP} ${DIR}/agentless/* -chown ${USER}:${GROUP} ${DIR}/.ssh -+#chown root:${GROUP} ${DIR}/etc/decoder.xml -+#chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 -+#chown root:${GROUP} ${DIR}/etc/internal_options.conf -+#chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 -+#chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 -+#chown root:${GROUP} ${DIR}/etc/shared/* -+#chown root:${GROUP} ${DIR}/agentless/* -+#chown ${USER}:${GROUP} ${DIR}/.ssh chmod 440 ${DIR}/etc/decoder.xml chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 chmod 440 ${DIR}/etc/internal_options.conf -@@ -314,9 +314,9 @@ + chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 + chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 +-chmod 550 ${DIR}/etc ++chmod 750 ${DIR}/etc + chmod 770 ${DIR}/etc/shared + chmod 440 ${DIR}/etc/shared/* +-chmod 550 ${DIR}/agentless/* ++chmod 750 ${DIR}/agentless/* + rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 + chmod 700 ${DIR}/.ssh + +@@ -313,11 +284,9 @@ sh ./init/fw-check.sh execute > /dev/nul + cp -p ../active-response/*.sh ${DIR}/active-response/bin/ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ - chmod 550 ${DIR}/active-response/bin/* +-chmod 550 ${DIR}/active-response/bin/* -chown root:${GROUP} ${DIR}/active-response/bin/* -+#chown root:${GROUP} ${DIR}/active-response/bin/* ++chmod 750 ${DIR}/active-response/bin/* -chown root:${GROUP} ${DIR}/bin/* -+#chown root:${GROUP} ${DIR}/bin/* - chmod 550 ${DIR}/bin/* +-chmod 550 ${DIR}/bin/* ++chmod 750 ${DIR}/bin/* -@@ -328,12 +328,12 @@ + # Moving the config file +@@ -328,12 +297,11 @@ fi ls ../etc/ossec.mc > /dev/null 2>&1 if [ $? = 0 ]; then @@ -195,8 +198,7 @@ fi -chown root:${GROUP} ${DIR}/etc/ossec.conf -chmod 440 ${DIR}/etc/ossec.conf -+#chown root:${GROUP} ${DIR}/etc/ossec.conf.sample -+chmod 440 ${DIR}/etc/ossec.conf.sample ++chmod 640 ${DIR}/etc/ossec.conf.sample |