7 files changed, 86 insertions, 37 deletions

diff --git a/security/sguil-sensor/Makefile b/security/sguil-sensor/Makefile
index 2ef7ebfb891d..a398688dfc52 100644
--- a/security/sguil-sensor/Makefile
+++ b/security/sguil-sensor/Makefile
@@ -6,30 +6,31 @@
 #
 
 PORTNAME=	sguil-sensor
-PORTVERSION=	0.6.1
-PORTREVISION=	1
+PORTVERSION=	0.7.0
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=	sguil
 
 MAINTAINER=	pauls@utdallas.edu
 COMMENT=	Sguil is a network security monitoring program
 
+LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
 RUN_DEPENDS=	snort:${PORTSDIR}/security/snort \
-		barnyard:${PORTSDIR}/security/barnyard-sguil6 \
+		barnyard:${PORTSDIR}/security/barnyard-sguil \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
 
-OPTIONS=	SANCP "Include sancp support" off \
-		TLS "Include openssl support" off
+OPTIONS=	SANCP "Include sancp sensor" off \
+		PADS "Include pads sensor" off
 
 NO_BUILD=	yes
-USE_RC_SUBR=	sensor_agent.sh
+USE_RC_SUBR=	example_agent.sh pcap_agent.sh snort_agent.sh
 TCLSH_CMD?=	tclsh8.4
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
 SUB_LIST=	SGUILDIR=${SGUILDIR}
-SUB_FILES=	pkg-message sensor_agent.sh
+SUB_FILES=	pkg-message example_agent.sh pcap_agent.sh snort_agent.sh
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
 SGUILDIR?=	sguil-sensor
+AGENTS=		example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
 
 PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
 		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
@@ -40,43 +41,75 @@ WITH_PCRE=	true
 
 .if defined(WITH_SANCP)
 RUN_DEPENDS+=	sancp:${PORTSDIR}/security/sancp
+USE_RC_SUBR+=	sancp_agent.sh
+SUB_FILES+=	sancp_agent.sh
 PLIST_SUB+=	USESANCP=
 .else
 PLIST_SUB+=	USESANCP="@comment "
 .endif
 
-.if defined(WITH_TLS)
-LIB_DEPENDS+=	tls:${PORTSDIR}/devel/tcltls
+.if defined(WITH_PADS)
+RUN_DEPENDS+=	pads:${PORTSDIR}/net-mgmt/pads
+USE_RC_SUBR+=	pads_agent.sh
+SUB_FILES+=	pads_agent.sh
+PLIST_SUB+=	USEPADS=
+.else
+PLIST_SUB+=	USEPADS="@comment "
 .endif
 
 post-patch:
-.for f in sensor_agent.tcl
+.for f in ${AGENTS}
 	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
 		${WRKSRC}/sensor/${f}
+	@${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
+		${WRKSRC}/sensor/${f}
 .endfor
 
 do-install:
 	@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
-	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl \
-		${PREFIX}/bin/${SGUILDIR}/sensor_agent.tcl
+	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
+.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
 .for f in log_packets.sh
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in sensor_agent.conf
+.for f in example_agent.conf pcap_agent.conf snort_agent.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/etc/${f}-sample
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
 .for f in log_packets.conf
 	${INSTALL_DATA} ${FILESDIR}/${f} \
-		${PREFIX}/etc/${f}-sample
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
 .if defined(WITH_SANCP)
+.for f in sancp_agent.conf
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
 .for f in sancp.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
 		${PREFIX}/etc/${f}-sample
 .endfor
+.for f in sancp_agent.tcl
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
+.endif
+.if defined(WITH_PADS)
+.for f in pads_agent.conf
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
+.for f in pads_agent.tcl
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
 .endif
+post-install:
+
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} \
diff --git a/security/sguil-sensor/distinfo b/security/sguil-sensor/distinfo
index efab94c51741..424f4b05673a 100644
--- a/security/sguil-sensor/distinfo
+++ b/security/sguil-sensor/distinfo
@@ -1,3 +1,3 @@
-MD5 (sguil-sensor-0.6.1.tar.gz) = 62be71b0aa41ccacb7872839dc4bf5ad
-SHA256 (sguil-sensor-0.6.1.tar.gz) = b1da0fffeaecd69b9d8eeeb27025fdc3493a2eabfec8ed4153f688f11ee226eb
-SIZE (sguil-sensor-0.6.1.tar.gz) = 103441
+MD5 (sguil-sensor-0.7.0.tar.gz) = 911b3571fdaa00b7ddde3ec818232b3f
+SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
+SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
diff --git a/security/sguil-sensor/files/log_packets.conf b/security/sguil-sensor/files/log_packets.conf
index 3ac53f68e54f..64198df51392 100644
--- a/security/sguil-sensor/files/log_packets.conf
+++ b/security/sguil-sensor/files/log_packets.conf
@@ -2,6 +2,11 @@
 # Make sure you verify the location of
 # each of the binaries on your OS
 
+# Edit these for your setup
+
+# Sensors hostname.
+# Note: If running multiple snort instances, then this must be different
+#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
 HOSTNAME="myhost"
 # Path to snort binary
 SNORT_PATH="/usr/local/bin/snort"
diff --git a/security/sguil-sensor/files/patch-log_packets.sh b/security/sguil-sensor/files/patch-log_packets.sh
index 9396936bf21e..25db8524772a 100644
--- a/security/sguil-sensor/files/patch-log_packets.sh
+++ b/security/sguil-sensor/files/patch-log_packets.sh
@@ -1,12 +1,13 @@
---- sensor/log_packets.sh.orig	Fri Mar 24 13:12:18 2006
-+++ sensor/log_packets.sh	Mon Mar 27 17:22:54 2006
-@@ -23,37 +23,16 @@
+--- sensor/log_packets.sh.orig	2008-04-03 22:16:22.000000000 -0500
++++ sensor/log_packets.sh	2008-04-03 22:22:20.000000000 -0500
+@@ -22,38 +22,16 @@
+ #                                                            #
  ##############################################################
  
- 
--# Edit these for your setup
 +# You shouldn't need to edit anything in this script
  
+-# Edit these for your setup
+-
 -# Sensors hostname.
 -# Note: If running multiple snort instances, then this must be different
 -#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
@@ -36,7 +37,7 @@
 -#Some installs may need these
 -#LD_LIBRARY_PATH=/usr/local/lib/mysql
 -#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/log_packets.conf
++CONF=/usr/local/etc/sguil-sensor/log_packets.conf
 +if [ -r ${CONF} ]; then
 +  . ${CONF}
 +else
diff --git a/security/sguil-sensor/files/pkg-message.in b/security/sguil-sensor/files/pkg-message.in
index 076dc620f6de..b328081cd744 100644
--- a/security/sguil-sensor/files/pkg-message.in
+++ b/security/sguil-sensor/files/pkg-message.in
@@ -7,7 +7,7 @@ it and install the barnyard-sguil6 port instead.  You will need to
 deinstall the barnyard port and install the barnyard-sguil6 port yourself
 instead.  This port WILL NOT WORK without the barnyard-sguil6 port!!
 
-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/)
+You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
 to fit your configuration before running the log_packets.sh script.
 See the %%DOCSDIR%%/INSTALL doc for details on the 
 configuration and for croning the script.  
@@ -16,9 +16,9 @@ WARNING!!!  Sguil et al will fill up your /tmp directory very
 quickly.  You should probably configure sguil et al to log to
 another partition/location (e.g. /nsm/tmp/).
 
-You must ALSO edit the sensor_agent.conf file (located in 
-%%PREFIX%%/etc/) to reflect your configuration before 
-starting the sensor_agent.
+You must ALSO edit all of the sensor conf fileis (located in 
+%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before 
+starting the sensor_agents.
 
 If you chose to run sancp, and you already had a sancp.conf file in
 %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
diff --git a/security/sguil-sensor/pkg-descr b/security/sguil-sensor/pkg-descr
index 3a75ee67e126..8158cec9a80a 100644
--- a/security/sguil-sensor/pkg-descr
+++ b/security/sguil-sensor/pkg-descr
@@ -5,13 +5,14 @@ The actual interface and GUI server are written in tcl/tk
 in order to function properly.
 
 The sensor list includes security/barnyard, security/snort, 
-security/sancp, tcpdump (a part of the OS) and devel/tcltls as 
-well as lang/tcl84 and lang/tclX.  Care has been taken to ensure 
-that everything you need to build a working sguil operation is 
-in the FreeBSD ports system or part of the OS already. 
+security/sancp, net-mgmt/pads, tcpdump (a part of the OS) 
+and devel/tcltls as well as lang/tcl84 and lang/tclX.  Care 
+has been taken to ensure that everything you need to build 
+a working sguil operation is in the FreeBSD ports system or 
+is part of the OS already. 
 
 Sguil currently functions as an analysis interface and has
-no snort sensor or rule management capabilities.
+rule management capabilities.
 
 WWW: http://sguil.sourceforge.net/index.php
 pauls@utdallas.edu
diff --git a/security/sguil-sensor/pkg-plist b/security/sguil-sensor/pkg-plist
index 4c9ddae4003d..223cd0b37e4c 100644
--- a/security/sguil-sensor/pkg-plist
+++ b/security/sguil-sensor/pkg-plist
@@ -1,6 +1,15 @@
 bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/sensor_agent.tcl
-etc/log_packets.conf-sample
+bin/%%SGUILDIR%%/example_agent.tcl
+bin/%%SGUILDIR%%/pcap_agent.tcl
+bin/%%SGUILDIR%%/snort_agent.tcl
+etc/%%SGUILDIR%%/example_agent.conf-sample
+etc/%%SGUILDIR%%/pcap_agent.conf-sample
+etc/%%SGUILDIR%%/snort_agent.conf-sample
+etc/%%SGUILDIR%%/log_packets.conf-sample
+%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
+%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
 %%USESANCP%%etc/sancp.conf-sample
-etc/sensor_agent.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
+%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
 @dirrm bin/%%SGUILDIR%%
+@dirrmtry etc/%%SGUILDIR%%