8 files changed, 317 insertions, 0 deletions

diff --git a/security/samhain/Makefile b/security/samhain/Makefile
new file mode 100644
index 000000000000..33cd4a143697
--- /dev/null
+++ b/security/samhain/Makefile
@@ -0,0 +1,220 @@
+# Created by: Nikola Kolev <koue@chaosophia.net>
+# $FreeBSD$
+
+PORTNAME=	samhain
+PORTVERSION=	4.2.0
+CATEGORIES=	security
+MASTER_SITES=	http://la-samhna.de/archive/
+DISTNAME=	samhain_signed-${PORTVERSION}
+
+MAINTAINER=	koue@chaosophia.net
+COMMENT=	Samhain Intrusion Detection System
+
+LICENSE=	GPLv2
+
+OPTIONS_DEFINE=	ASM DB_RELOAD DEBUG DNMALLOC ENCRYPT GNUPG IPV6 KCHECK LIBWRAP \
+		LOGFILE_MONITOR LOGIN_WATCH MAIL MOUNTS_CHECK MYSQL ODBC PGSQL \
+		PORT_CHECK PROCESS_CHECK POSIX_ACL PRELUDE PTRACE SRP STATIC \
+		SUIDCHECK UDP USERFILES XML_LOGS
+OPTIONS_DEFAULT=ASM DNMALLOC ENCRYPT IPV6 LIBWRAP MAIL SRP
+
+DB_RELOAD_DESC=	Enable database reload on SIGHUP
+DNMALLOC_DESC=	Enable dnmalloc
+ENCRYPT_DESC=	Enable client/server encryption
+KCHECK_DESC=	Enable rogue KLD detection
+LOGFILE_MONITOR_DESC=	Enable monitor logfiles
+LOGIN_WATCH_DESC=	Enable watch for login/logout
+MAIL_DESC=	Enable internal SMTP mailer
+MOUNTS_CHECK_DESC=	Enable check mount options on filesystems
+PORT_CHECK_DESC=	Enable check ports
+PROCESS_CHECK_DESC=	Enable check processes
+POSIX_ACL_DESC=	Enable check posix acls
+PRELUDE_DESC=	Enable Prelude Framework support
+PTRACE_DESC=	Enable use anti-debugger options
+SRP_DESC=	Enable SRP for authentication
+SUIDCHECK_DESC=	Enable check for suid/sgid files
+UDP_DESC=	Enable UDP server
+USERFILES_DESC=	Enable check for users config files
+XML_LOGS_DESC=	Enable XML-formatted logs
+
+OPTIONS_SUB=	yes
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir=/var \
+		--with-logserver=true \
+		--with-altlogserver=true \
+		--with-timeserver=true \
+		--with-alttimeserver=true
+
+USES=			shebangfix
+SHEBANG_FILES=		scripts/samhainadmin.pl.in
+
+ASM_CONFIGURE_ENABLE=		asm
+
+DB_RELOAD_CONFIGURE_ENABLE=	db-reload
+
+DEBUG_CONFIGURE_ENABLE=		debug
+
+DNMALLOC_CONFIGURE_ENABLE=	dnmalloc
+
+ENCRYPT_CONFIGURE_ENABLE=	encrypt
+
+GNUPG_CONFIGURE_WITH=		gpg=${PREFIX}/bin/gpg
+GNUPG_BUILD_DEPENDS=		gpg:${PORTSDIR}/security/gnupg
+
+IPV6_CONFIGURE_ENABLE=		ipv6
+
+KCHECK_CONFIGURE_WITH=		kcheck
+
+LIBWRAP_CONFIGURE_WITH=		libwrap
+
+LOGFILE_MONITOR_CONFIGURE_ENABLE=	logfile-monitor
+
+LOGIN_WATCH_CONFIGURE_ENABLE=	login-watch
+
+MAIL_CONFIGURE_ENABLE=		mail
+
+MOUNTS_CHECK_CONFIGURE_ENABLE=	mounts-check
+
+MYSQL_USES=			mysql
+MYSQL_CONFIGURE_ARGS=		--with-database=mysql
+
+ODBC_CONFIGURE_ARGS=		--with-database=odbc
+ODBC_LIB_DEPENDS=		libodbc.so:databases/unixODBC
+
+PGSQL_USES=			pgsql
+PGSQL_CONFIGURE_ARGS=		--with-database=postgresql
+
+PORT_CHECK_CONFIGURE_ENABLE=	port-check
+
+PROCESS_CHECK_CONFIGURE_ENABLE=	process-check
+
+POSIX_ACL_CONFIGURE_ENABLE=	posix-acl
+
+PRELUDE_LIB_DEPENDS=		prelude:${PORTSDIR}/security/libprelude
+PRELUDE_CONFIGURE_WITH=		prelude
+
+PTRACE_CONFIGURE_ENABLE=	ptrace
+
+SRP_CONFIGURE_ENABLE=		srp
+
+STATIC_CONFIGURE_ENABLE=	static
+
+SUIDCHECK_CONFIGURE_ENABLE=	suidcheck
+
+UDP_CONFIGURE_ENABLE=		udp
+
+USERFILES_CONFIGURE_ENABLE=	userfiles
+
+XML_LOGS_CONFIGURE_ENABLE=	xml-log
+
+.include <bsd.port.pre.mk>
+
+.if ${ARCH} == "amd64"
+CFLAGS+=	-fPIC
+.endif
+
+.if defined(WITH_RUNAS_USER)
+CONFIGURE_ARGS+=	--enable-identity=${WITH_RUNAS_USER}
+.else
+CONFIGURE_ARGS+=	--enable-identity=yule
+.endif
+
+.if defined(WITH_CLIENT)
+CONFIGURE_ARGS+=	--enable-network=client \
+			--with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
+			--with-config-file=REQ_FROM_SERVER
+PLIST_SUB+=		SAMHAIN="" SETPWD="" YULE="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixsamhainrc.patch
+MAN5+=			samhainrc.5
+MAN8+=			samhain.8
+.elif defined(WITH_SERVER)
+USERS=			yule
+GROUPS=			yule
+CONFIGURE_ARGS+=	--enable-network=server
+SUB_LIST+=		WITH_YULE="yes"
+PLIST_SUB+=		YULE="" SAMHAIN="@comment " SETPWD="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixyulerc.patch
+MAN5+=			yulerc.5
+MAN8+=			yule.8
+.else
+SUB_LIST+=		WITH_YULE=""
+PLIST_SUB+=		SAMHAIN="" YULE="@comment " SETPWD="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixsamhainrc.patch
+MAN5+=			samhainrc.5
+MAN8+=			samhain.8
+.endif
+
+pre-everything::
+
+.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
+	@${ECHO_MSG}
+	@${ECHO_MSG} "Building Samhain in standalone mode."
+	@${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
+	@${ECHO_MSG} "now, and build samhain from the samhain-client and"
+	@${ECHO_MSG} "samhain-server ports."
+	@${ECHO_MSG}
+.endif
+
+.if defined(WITH_CLIENT) && defined(WITH_SERVER)
+IGNORE=		can't build client and server at once
+.endif
+
+.if ${PORT_OPTIONS:MKCHECK}
+	@${ECHO_MSG}
+	@${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
+	@${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit"
+	@${ECHO_MSG} "Control-C and restart the build as root."
+	@${ECHO_MSG}
+.endif
+
+.if ${PORT_OPTIONS:MMYSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE=		xml logging is required to log to MySQL
+.endif
+
+.if ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE=		xml logging is required to log to Postgres
+.endif
+
+post-extract:
+	@${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
+	@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
+
+post-install:
+.if !defined(WITH_SERVER)
+	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/samhain.sh
+	@${CP} ${WRKSRC}/samhainrc ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+	@${CHGRP} wheel ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+.else
+	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/yule.sh
+	@${CP} ${WRKSRC}/yulerc ${STAGEDIR}${PREFIX}/etc/yulerc.sample
+.endif
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_4.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/README ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${STAGEDIR}${DOCSDIR}
+
+post-stage:
+.if !defined(WITH_SERVER)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain
+.endif
+.if defined(WITH_CLIENT)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain_setpwd
+.endif
+.if defined(WITH_SERVER)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yulectl
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule_setpwd
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/samhain/distinfo b/security/samhain/distinfo
new file mode 100644
index 000000000000..0581b70b19e7
--- /dev/null
+++ b/security/samhain/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1479294621
+SHA256 (samhain_signed-4.2.0.tar.gz) = 6b2db91fc92b3a9fc2edcc6ee16438156753c05f69c114856289e9f25ba0e50a
+SIZE (samhain_signed-4.2.0.tar.gz) = 2134438
diff --git a/security/samhain/files/fixsamhainrc.patch b/security/samhain/files/fixsamhainrc.patch
new file mode 100644
index 000000000000..eed29c37b062
--- /dev/null
+++ b/security/samhain/files/fixsamhainrc.patch
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in	Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in	Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+ 
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/samhainrc.sample
+ 
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
diff --git a/security/samhain/files/fixyulerc.patch b/security/samhain/files/fixyulerc.patch
new file mode 100644
index 000000000000..4686e725915e
--- /dev/null
+++ b/security/samhain/files/fixyulerc.patch
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in	Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in	Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+ 
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/yulerc.sample
+ 
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
diff --git a/security/samhain/files/patch-config.h.in b/security/samhain/files/patch-config.h.in
new file mode 100644
index 000000000000..74aec07c1649
--- /dev/null
+++ b/security/samhain/files/patch-config.h.in
@@ -0,0 +1,15 @@
+--- config.h.in.orig	2016-11-16 12:14:22 UTC
++++ config.h.in
+@@ -349,7 +349,11 @@
+ #undef HAVE_UINT64_T
+ 
+ /* Define if you have utmpx.h.                */
+-#undef HAVE_UTMPX_H
++#define HAVE_UTMPX_H
++
++#define UTMPX_FILE "/var/log/utx.active"
++
++#define WTMPX_FILE "/var/log/utx.log"
+ 
+ /* Define if your struct utmpx has ut_xtime.  */
+ #undef HAVE_UTXTIME
diff --git a/security/samhain/pkg-descr b/security/samhain/pkg-descr
new file mode 100644
index 000000000000..c2bde195e8f5
--- /dev/null
+++ b/security/samhain/pkg-descr
@@ -0,0 +1,12 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+Samhain can optionally be used as client/server system to provide
+centralized monitoring for multiple host. Logging to a (MySQL or
+PostgreSQL) database is supported.
+
+WWW: http://la-samhna.de/samhain/
diff --git a/security/samhain/pkg-message b/security/samhain/pkg-message
new file mode 100644
index 000000000000..75a2751de0f0
--- /dev/null
+++ b/security/samhain/pkg-message
@@ -0,0 +1,14 @@
+
+###############################################################
+
+To start the samhain daemon at system boot, add:
+
+samhain_enable="YES"
+
+and/or
+
+yule_enable="YES"
+
+to /etc/rc.conf.
+
+###############################################################
diff --git a/security/samhain/pkg-plist b/security/samhain/pkg-plist
new file mode 100644
index 000000000000..c8b90efd71a0
--- /dev/null
+++ b/security/samhain/pkg-plist
@@ -0,0 +1,31 @@
+%%PORTDOCS%%%%DOCSDIR%%/BUGS
+%%PORTDOCS%%%%DOCSDIR%%/FAQ.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html
+%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_4.pdf
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE
+%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt
+%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt
+%%PORTDOCS%%@dir %%DOCSDIR%%
+%%SAMHAIN%%@dir /var/lib
+%%SAMHAIN%%@dir /var/lib/samhain
+%%SAMHAIN%%@sample etc/samhainrc.sample
+%%SAMHAIN%%etc/rc.d/samhain.sh
+%%SAMHAIN%%man/man5/samhainrc.5.gz
+%%SAMHAIN%%man/man8/samhain.8.gz
+%%SAMHAIN%%sbin/samhain
+%%SETPWD%%sbin/samhain_setpwd
+%%YULE%%@dir /var/lib/yule
+%%YULE%%@dir /var/log/yule
+%%YULE%%@sample etc/yulerc.sample
+%%YULE%%@unexec echo "To delete the yule user permanently, use 'pw userdel yule'"
+%%YULE%%etc/rc.d/yule.sh
+%%YULE%%man/man5/yulerc.5.gz
+%%YULE%%man/man8/yule.8.gz
+%%YULE%%sbin/yule
+%%YULE%%sbin/yule_setpwd
+%%YULE%%sbin/yuleadmin.pl
+%%YULE%%sbin/yulectl