5 files changed, 232 insertions, 0 deletions

diff --git a/security/sguil-server/files/patch-sguild b/security/sguil-server/files/patch-sguild
new file mode 100644
index 000000000000..e67292ba27f6
--- /dev/null
+++ b/security/sguil-server/files/patch-sguild
@@ -0,0 +1,105 @@
+--- sguild.orig	Tue Mar 28 04:36:05 2006
++++ sguild	Tue Mar 28 04:37:10 2006
+@@ -229,7 +229,7 @@
+   package require tls
+   # Check for certs
+   if {![info exists CERTS_PATH]} {
+-    set CERTS_PATH /etc/sguild/certs
++    set CERTS_PATH /usr/local/etc/sguil-server/certs
+   }
+   if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} {
+     puts "ERROR: $CERTS_PATH does not exist or is not a directory"
+@@ -251,13 +251,13 @@
+ 
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sguild/sguild.conf] } {
+-    set CONF_FILE /etc/sguild/sguild.conf
++  if { [file exists /usr/local/etc/sguil-server/sguild.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-server/sguild.conf
+   } elseif { [file exists ./sguild.conf] } {
+     set CONF_FILE ./sguild.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+-    puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
++    puts "Looked for ./sguild.conf and /usr/local/etc/sguil-server/sguild.conf."
+     DisplayUsage $argv0
+   }
+ }
+@@ -338,17 +338,17 @@
+ # Check for a valid USERS file
+ if { ![info exists USERS_FILE] } {
+   # No users file was specified. Go with the defaults
+-  if { [file exists /etc/sguild/sguild.users] } {
+-    set USERS_FILE "/etc/sguild/sguild.users"
++  if { [file exists /usr/local/etc/sguil-server/sguild.users] } {
++    set USERS_FILE "/usr/local/etc/sguil-server/sguild.users"
+   } elseif { [file exists ./sguild.users] } {
+     set USERS_FILE "./sguild.users"
+   } else {
+     if { [info exists ADDUSER] && $ADDUSER } {
+-      CreateUsersFile "/etc/sguild/sguild.users"
++      CreateUsersFile "/usr/local/etc/sguil-server/sguild.users"
+     } else {
+       set DEBUG 2
+       LogMessage "ERROR: Could not find a sguild.users file."
+-      LogMessage "       Checked in ./ and /etc/sguild/"
++      LogMessage "       Checked in ./ and /usr/local/etc/sguil-server/"
+       DisplayUsage $argv0
+     }
+   }
+@@ -376,8 +376,8 @@
+ # Load accessfile
+ if { ![info exists ACCESS_FILE] } {
+   # Check the defaults
+-  if { [file exists /etc/sguild/sguild.access] } {
+-    set ACCESS_FILE "/etc/sguild/sguild.access"
++  if { [file exists /usr/local/etc/sguil-server/sguild.access] } {
++    set ACCESS_FILE "/usr/local/etc/sguil-server/sguild.access"
+   } elseif { [file exists ./sguild.access] } {
+     set ACCESS_FILE "./sguild.access"
+   } else {
+@@ -391,8 +391,8 @@
+ }
+ # Load auto cat config
+ if { ![info exists AUTOCAT_FILE] } {
+-   if { [file exists /etc/sguild/autocat.conf] } {
+-     set AUTOCAT_FILE "/etc/sguild/autocat.conf"
++   if { [file exists /usr/local/etc/sguil-server/autocat.conf] } {
++     set AUTOCAT_FILE "/usr/local/etc/sguil-server/autocat.conf"
+    } else {
+      set AUTOCAT_FILE "./autocat.conf"
+    }
+@@ -402,8 +402,8 @@
+ }
+ # Load email config file
+ if { ![info exists EMAIL_FILE] } {
+-  if { [file exists /etc/sguild/sguild.email] } {
+-    set EMAIL_FILE "/etc/sguild/sguild.email"
++  if { [file exists /usr/local/etc/sguil-server/sguild.email] } {
++    set EMAIL_FILE "/usr/local/etc/sguil-server/sguild.email"
+   } else {
+     set EMAIL_FILE "./sguild.email"
+   }
+@@ -415,8 +415,8 @@
+ }
+ # Load global queries.
+ if { ![info exists GLOBAL_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.queries] } {
+-    set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
++  if { [file exists /usr/local/etc/sguil-server/sguild.queries] } {
++    set GLOBAL_QRY_FILE "/usr/local/etc/sguil-server/sguild.queries"
+   } else {
+     set GLOBAL_QRY_FILE "./sguild.queries"
+   }
+@@ -428,8 +428,8 @@
+ }
+ # Load report queries.
+ if { ![info exists REPORT_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.reports] } {
+-    set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
++  if { [file exists /usr/local/etc/sguil-server/sguild.reports] } {
++    set REPORT_QRY_FILE "/usr/local/etc/sguil-server/sguild.reports"
+   } else {
+     set REPORT_QRY_FILE "./sguild.reports"
+   }
diff --git a/security/sguil-server/files/patch-sguild.access b/security/sguil-server/files/patch-sguild.access
new file mode 100644
index 000000000000..97d9becda0de
--- /dev/null
+++ b/security/sguil-server/files/patch-sguild.access
@@ -0,0 +1,12 @@
+--- sguild.access.orig	Tue Mar 28 03:36:31 2006
++++ sguild.access	Tue Mar 28 03:37:44 2006
+@@ -4,7 +4,8 @@
+ # This file is used by sguild for access control. It is read upon init  #
+ # or when sguild receives a HUP signal.                                 #
+ #                                                                       #
+-# By default, sguild will look first for /etc/sguild/sguild.access,     #
++# By default, sguild will look first for                                #
++# /usrlocal//etc/sguild/sguild.access,                                  #
+ # then ./sguild.access unless the -A /path/to/sguild.access switch      #
+ # is used.                                                              #
+ #                                                                       #
diff --git a/security/sguil-server/files/patch-sguild.conf b/security/sguil-server/files/patch-sguild.conf
new file mode 100644
index 000000000000..6ee211408a0b
--- /dev/null
+++ b/security/sguil-server/files/patch-sguild.conf
@@ -0,0 +1,41 @@
+*** sguild.conf.orig	Tue Mar 28 02:38:13 2006
+--- sguild.conf	Tue Mar 28 02:39:47 2006
+***************
+*** 2,6 ****
+  
+  # Path the sguild libs
+! set SGUILD_LIB_PATH ./lib
+  
+  # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
+--- 2,6 ----
+  
+  # Path the sguild libs
+! set SGUILD_LIB_PATH /usr/local/lib/sguil-server/
+  
+  # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
+***************
+*** 61,65 ****
+  # You MUST have tcpflow installed to get xscripts
+  # http://www.circlemud.org/~jelson/software/tcpflow/
+! set TCPFLOW "/usr/bin/tcpflow"
+  
+  # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
+--- 61,65 ----
+  # You MUST have tcpflow installed to get xscripts
+  # http://www.circlemud.org/~jelson/software/tcpflow/
+! set TCPFLOW "/usr/local/bin/tcpflow"
+  
+  # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
+***************
+*** 72,76 ****
+  # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
+  # add any others you may need here.
+! set P0F_PATH "/usr/sbin/p0f"
+  
+  # Email config moved to sguild.email 
+--- 72,76 ----
+  # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
+  # add any others you may need here.
+! set P0F_PATH "/usr/local/bin/p0f"
+  
+  # Email config moved to sguild.email 
diff --git a/security/sguil-server/files/pkg-message.in b/security/sguil-server/files/pkg-message.in
new file mode 100644
index 000000000000..533087757019
--- /dev/null
+++ b/security/sguil-server/files/pkg-message.in
@@ -0,0 +1,30 @@
+         ***********************************
+         * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+         ***********************************
+
+If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
+they were not overwritten.  If this is a first time install, you
+must copy the sample files to the corresponding conf file and 
+edit the various config files for your site.  See the INSTALL
+doc in %%DOCSDIR%% for details.
+
+The sql scripts for creating database tables were placed in
+the %%PREFIX%%/share/%%SGUILDIR%%/ directory.  PLEASE 
+NOTE: LOG_DIR is not set by this install.  You MUST create the 
+correct LOG_DIRS and put a copy of the snort rules you use in 
+LOG_DIR/rules.
+
+The sguild, archive_sguildb.tcl and incident_report.tcl scripts
+were placed in %%PREFIX%%/bin/.  The incident_report.tcl
+script is from the contrib section.  There is no documentation
+and the script's variables must be edited before it is used.
+
+A startup script, named sguild.sh was installed in
+%%PREFIX%%/etc/rc.d/.  To enable it, edit /etc/rc.conf
+per the instructions in the script.
+
+For general questions, see the sguil faq: 
+http://sguil.sourceforge.net/index.php?page=faq
+For detailed install instructions see Richard Bejtlich's
+excellent guide at his blog: 
+http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html
diff --git a/security/sguil-server/files/sguild.sh.in b/security/sguil-server/files/sguild.sh.in
new file mode 100644
index 000000000000..5b8255ee2e7a
--- /dev/null
+++ b/security/sguil-server/files/sguild.sh.in
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# PROVIDE: sguild
+# REQUIRE: DAEMON
+# KEYWORD: FreeBSD shutdown
+
+# Add the following lines to /etc/rc.conf to enable sguild:
+# sguild_enable (bool):		Set to YES to enable sguild
+# 				Default: NO
+# sguild_flags (str):		Extra flags passed to sguild
+#				Default: -D
+# sguild_conf (str):		Sguild configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
+
+. %%RC_SUBR%%
+
+name="sguild"
+rcvar=`set_rcvar`
+
+command="%%PREFIX%%/bin/${name}"
+procname="%%TCLSH%%"
+check_process="${command} /bin/sh"
+stop_cmd="sguild_stop"
+
+sguild_enable=${sguild_enable-NO}
+sguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
+sguild_flags=${sguild_flags--D}
+[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
+
+sguild_stop() {
+  if [ -z "${rc_pid}" ]; then
+    echo "${name} not running?"
+  else
+    echo "Stopping ${name}."
+    `/bin/kill -9 ${rc_pid}`
+    wait_for_pids "${rc_pid}"
+    if [ -f "/var/run/${name}.pid" ]; then
+      `rm -f /var/run/${name}.pid`
+    fi    
+  fi
+}
+
+load_rc_config ${name}
+run_rc_command "$1"