diff options
author | Alejandro Pulver <alepulver@FreeBSD.org> | 2006-10-31 02:43:25 +0000 |
---|---|---|
committer | Alejandro Pulver <alepulver@FreeBSD.org> | 2006-10-31 02:43:25 +0000 |
commit | b529c1e197dbbb9ffa23013e6ee8b6a542152ee0 (patch) | |
tree | e250adc9cba58e808978cb21087beb2723e1679f /security | |
parent | 0feb54e2eb87a22a5730ff4c0c085c5e4c7ae170 (diff) | |
download | ports-b529c1e197dbbb9ffa23013e6ee8b6a542152ee0.tar.gz ports-b529c1e197dbbb9ffa23013e6ee8b6a542152ee0.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/Makefile | 1 | ||||
-rw-r--r-- | security/sguil-server/Makefile | 84 | ||||
-rw-r--r-- | security/sguil-server/distinfo | 3 | ||||
-rw-r--r-- | security/sguil-server/files/patch-sguild | 105 | ||||
-rw-r--r-- | security/sguil-server/files/patch-sguild.access | 12 | ||||
-rw-r--r-- | security/sguil-server/files/patch-sguild.conf | 41 | ||||
-rw-r--r-- | security/sguil-server/files/pkg-message.in | 30 | ||||
-rw-r--r-- | security/sguil-server/files/sguild.sh.in | 44 | ||||
-rw-r--r-- | security/sguil-server/pkg-descr | 22 | ||||
-rw-r--r-- | security/sguil-server/pkg-plist | 41 |
10 files changed, 383 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile index e1a1e7389e23..1c9896711bf6 100644 --- a/security/Makefile +++ b/security/Makefile @@ -624,6 +624,7 @@ SUBDIR += secure_delete SUBDIR += sfs SUBDIR += sguil-sensor + SUBDIR += sguil-server SUBDIR += sha SUBDIR += shishi SUBDIR += shttpscanner diff --git a/security/sguil-server/Makefile b/security/sguil-server/Makefile new file mode 100644 index 000000000000..8cabebf2708a --- /dev/null +++ b/security/sguil-server/Makefile @@ -0,0 +1,84 @@ +# New ports collection makefile for: sguil-server +# Date created: 9 Oct 2006 +# Whom: Paul Schmehl <pauls@utdallas.edu> +# +# $FreeBSD$ +# + +PORTNAME= sguil-server +PORTVERSION= 0.6.1 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= sguil + +MAINTAINER= pauls@utdallas.edu +COMMENT= Squil is a network security management program + +RUN_DEPENDS= p0f:${PORTSDIR}/net-mgmt/p0f \ + tcpflow:${PORTSDIR}/net/tcpflow \ + dtplite:${PORTSDIR}/devel/tcllib \ + barnyard:${PORTSDIR}/security/barnyard-sguil6 \ + ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX +LIB_DEPENDS= tls:${PORTSDIR}/devel/tcltls + +NO_BUILD= yes +USE_RC_SUBR= sguild.sh +TCLSH_CMD?= ${PREFIX}/bin/tclsh8.4 +SGUILDIR?= sguil-server +WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} +PATCH_WRKSRC= ${WRKSRC}/server +PLIST_SUB= SGUILDIR=${SGUILDIR} +SUB_FILES= pkg-message +SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD} +LIBRARIES= SguildAccess.tcl SguildEvent.tcl SguildReportBuilder.tcl \ + SguildAutoCat.tcl SguildGenericDB.tcl SguildSendComms.tcl \ + SguildClientCmdRcvd.tcl SguildHealthChecks.tcl SguildSensorAgentComms.tcl \ + SguildConnect.tcl SguildLoaderd.tcl SguildSensorCmdRcvd.tcl \ + SguildCreateDB.tcl SguildMysqlMerge.tcl SguildTranscript.tcl \ + SguildEmailEvent.tcl SguildQueryd.tcl SguildUtils.tcl +SCRIPTS= create_ruledb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \ + create_sguildb.sql update_sguildb_v5-v6.sql update_sguildb_v9-v10.sql \ + migrate_event.tcl update_sguildb_v6-v7.sql migrate_sancp.tcl update_sguildb_v7-v8.sql +CONFS= autocat.conf sguild.access sguild.conf sguild.email sguild.queries sguild.reports sguild.users + +PORTDOCS= CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \ + OPENSSL.README TODO USAGE sguildb.dia + +.include <bsd.port.pre.mk> + +MYSQLTCL_VER!= cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION + +RUN_DEPENDS+= ${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl + +post-patch: +.for f in archive_sguildb.tcl sguild contrib/incident_report.tcl + @${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f} +.endfor + +do-install: + @${MKDIR} ${PREFIX}/etc/${SGUILDIR} + @${MKDIR} ${PREFIX}/lib/${SGUILDIR} + @${MKDIR} ${PREFIX}/share/${SGUILDIR} +.for f in archive_sguildb.tcl sguild + ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f} +.endfor +.for f in incident_report.tcl + ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/contrib/${f} ${PREFIX}/bin/${f} +.endfor +.for f in ${CONFS} + ${INSTALL_DATA} ${WRKSRC}/server/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample +.endfor +.for f in ${LIBRARIES} + ${INSTALL_DATA} ${WRKSRC}/server/lib/${f} ${PREFIX}/lib/${SGUILDIR}/${f} +.endfor +.for f in ${SCRIPTS} + ${INSTALL_DATA} ${WRKSRC}/server/sql_scripts/${f} ${PREFIX}/share/${SGUILDIR}/${f} +.endfor +post-install: +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} + cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR} +.endif + @${CAT} ${PKGMESSAGE} + +.include <bsd.port.post.mk> diff --git a/security/sguil-server/distinfo b/security/sguil-server/distinfo new file mode 100644 index 000000000000..c551d6ad3998 --- /dev/null +++ b/security/sguil-server/distinfo @@ -0,0 +1,3 @@ +MD5 (sguil-server-0.6.1.tar.gz) = 27decbe3c6528bf2c86c74b35b8f7b3b +SHA256 (sguil-server-0.6.1.tar.gz) = 22aea8f76da0530ae7ee9a68efe1de7615bec47a7702c93f8fe338d57590ce57 +SIZE (sguil-server-0.6.1.tar.gz) = 92901 diff --git a/security/sguil-server/files/patch-sguild b/security/sguil-server/files/patch-sguild new file mode 100644 index 000000000000..e67292ba27f6 --- /dev/null +++ b/security/sguil-server/files/patch-sguild @@ -0,0 +1,105 @@ +--- sguild.orig Tue Mar 28 04:36:05 2006 ++++ sguild Tue Mar 28 04:37:10 2006 +@@ -229,7 +229,7 @@ + package require tls + # Check for certs + if {![info exists CERTS_PATH]} { +- set CERTS_PATH /etc/sguild/certs ++ set CERTS_PATH /usr/local/etc/sguil-server/certs + } + if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} { + puts "ERROR: $CERTS_PATH does not exist or is not a directory" +@@ -251,13 +251,13 @@ + + if { ![info exists CONF_FILE] } { + # No conf file specified check the defaults +- if { [file exists /etc/sguild/sguild.conf] } { +- set CONF_FILE /etc/sguild/sguild.conf ++ if { [file exists /usr/local/etc/sguil-server/sguild.conf] } { ++ set CONF_FILE /usr/local/etc/sguil-server/sguild.conf + } elseif { [file exists ./sguild.conf] } { + set CONF_FILE ./sguild.conf + } else { + puts "Couldn't determine where the sguil config file is" +- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf." ++ puts "Looked for ./sguild.conf and /usr/local/etc/sguil-server/sguild.conf." + DisplayUsage $argv0 + } + } +@@ -338,17 +338,17 @@ + # Check for a valid USERS file + if { ![info exists USERS_FILE] } { + # No users file was specified. Go with the defaults +- if { [file exists /etc/sguild/sguild.users] } { +- set USERS_FILE "/etc/sguild/sguild.users" ++ if { [file exists /usr/local/etc/sguil-server/sguild.users] } { ++ set USERS_FILE "/usr/local/etc/sguil-server/sguild.users" + } elseif { [file exists ./sguild.users] } { + set USERS_FILE "./sguild.users" + } else { + if { [info exists ADDUSER] && $ADDUSER } { +- CreateUsersFile "/etc/sguild/sguild.users" ++ CreateUsersFile "/usr/local/etc/sguil-server/sguild.users" + } else { + set DEBUG 2 + LogMessage "ERROR: Could not find a sguild.users file." +- LogMessage " Checked in ./ and /etc/sguild/" ++ LogMessage " Checked in ./ and /usr/local/etc/sguil-server/" + DisplayUsage $argv0 + } + } +@@ -376,8 +376,8 @@ + # Load accessfile + if { ![info exists ACCESS_FILE] } { + # Check the defaults +- if { [file exists /etc/sguild/sguild.access] } { +- set ACCESS_FILE "/etc/sguild/sguild.access" ++ if { [file exists /usr/local/etc/sguil-server/sguild.access] } { ++ set ACCESS_FILE "/usr/local/etc/sguil-server/sguild.access" + } elseif { [file exists ./sguild.access] } { + set ACCESS_FILE "./sguild.access" + } else { +@@ -391,8 +391,8 @@ + } + # Load auto cat config + if { ![info exists AUTOCAT_FILE] } { +- if { [file exists /etc/sguild/autocat.conf] } { +- set AUTOCAT_FILE "/etc/sguild/autocat.conf" ++ if { [file exists /usr/local/etc/sguil-server/autocat.conf] } { ++ set AUTOCAT_FILE "/usr/local/etc/sguil-server/autocat.conf" + } else { + set AUTOCAT_FILE "./autocat.conf" + } +@@ -402,8 +402,8 @@ + } + # Load email config file + if { ![info exists EMAIL_FILE] } { +- if { [file exists /etc/sguild/sguild.email] } { +- set EMAIL_FILE "/etc/sguild/sguild.email" ++ if { [file exists /usr/local/etc/sguil-server/sguild.email] } { ++ set EMAIL_FILE "/usr/local/etc/sguil-server/sguild.email" + } else { + set EMAIL_FILE "./sguild.email" + } +@@ -415,8 +415,8 @@ + } + # Load global queries. + if { ![info exists GLOBAL_QRY_FILE] } { +- if { [file exists /etc/sguild/sguild.queries] } { +- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries" ++ if { [file exists /usr/local/etc/sguil-server/sguild.queries] } { ++ set GLOBAL_QRY_FILE "/usr/local/etc/sguil-server/sguild.queries" + } else { + set GLOBAL_QRY_FILE "./sguild.queries" + } +@@ -428,8 +428,8 @@ + } + # Load report queries. + if { ![info exists REPORT_QRY_FILE] } { +- if { [file exists /etc/sguild/sguild.reports] } { +- set REPORT_QRY_FILE "/etc/sguild/sguild.reports" ++ if { [file exists /usr/local/etc/sguil-server/sguild.reports] } { ++ set REPORT_QRY_FILE "/usr/local/etc/sguil-server/sguild.reports" + } else { + set REPORT_QRY_FILE "./sguild.reports" + } diff --git a/security/sguil-server/files/patch-sguild.access b/security/sguil-server/files/patch-sguild.access new file mode 100644 index 000000000000..97d9becda0de --- /dev/null +++ b/security/sguil-server/files/patch-sguild.access @@ -0,0 +1,12 @@ +--- sguild.access.orig Tue Mar 28 03:36:31 2006 ++++ sguild.access Tue Mar 28 03:37:44 2006 +@@ -4,7 +4,8 @@ + # This file is used by sguild for access control. It is read upon init # + # or when sguild receives a HUP signal. # + # # +-# By default, sguild will look first for /etc/sguild/sguild.access, # ++# By default, sguild will look first for # ++# /usrlocal//etc/sguild/sguild.access, # + # then ./sguild.access unless the -A /path/to/sguild.access switch # + # is used. # + # # diff --git a/security/sguil-server/files/patch-sguild.conf b/security/sguil-server/files/patch-sguild.conf new file mode 100644 index 000000000000..6ee211408a0b --- /dev/null +++ b/security/sguil-server/files/patch-sguild.conf @@ -0,0 +1,41 @@ +*** sguild.conf.orig Tue Mar 28 02:38:13 2006 +--- sguild.conf Tue Mar 28 02:39:47 2006 +*************** +*** 2,6 **** + + # Path the sguild libs +! set SGUILD_LIB_PATH ./lib + + # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty. +--- 2,6 ---- + + # Path the sguild libs +! set SGUILD_LIB_PATH /usr/local/lib/sguil-server/ + + # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty. +*************** +*** 61,65 **** + # You MUST have tcpflow installed to get xscripts + # http://www.circlemud.org/~jelson/software/tcpflow/ +! set TCPFLOW "/usr/bin/tcpflow" + + # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com> +--- 61,65 ---- + # You MUST have tcpflow installed to get xscripts + # http://www.circlemud.org/~jelson/software/tcpflow/ +! set TCPFLOW "/usr/local/bin/tcpflow" + + # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com> +*************** +*** 72,76 **** + # Path the the p0f binary. Switches -q and -s <filename> are appended on exec, + # add any others you may need here. +! set P0F_PATH "/usr/sbin/p0f" + + # Email config moved to sguild.email +--- 72,76 ---- + # Path the the p0f binary. Switches -q and -s <filename> are appended on exec, + # add any others you may need here. +! set P0F_PATH "/usr/local/bin/p0f" + + # Email config moved to sguild.email diff --git a/security/sguil-server/files/pkg-message.in b/security/sguil-server/files/pkg-message.in new file mode 100644 index 000000000000..533087757019 --- /dev/null +++ b/security/sguil-server/files/pkg-message.in @@ -0,0 +1,30 @@ + *********************************** + * !!!!!!!!!!! WARNING !!!!!!!!!!! * + *********************************** + +If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%% +they were not overwritten. If this is a first time install, you +must copy the sample files to the corresponding conf file and +edit the various config files for your site. See the INSTALL +doc in %%DOCSDIR%% for details. + +The sql scripts for creating database tables were placed in +the %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE +NOTE: LOG_DIR is not set by this install. You MUST create the +correct LOG_DIRS and put a copy of the snort rules you use in +LOG_DIR/rules. + +The sguild, archive_sguildb.tcl and incident_report.tcl scripts +were placed in %%PREFIX%%/bin/. The incident_report.tcl +script is from the contrib section. There is no documentation +and the script's variables must be edited before it is used. + +A startup script, named sguild.sh was installed in +%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf +per the instructions in the script. + +For general questions, see the sguil faq: +http://sguil.sourceforge.net/index.php?page=faq +For detailed install instructions see Richard Bejtlich's +excellent guide at his blog: +http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html diff --git a/security/sguil-server/files/sguild.sh.in b/security/sguil-server/files/sguild.sh.in new file mode 100644 index 000000000000..5b8255ee2e7a --- /dev/null +++ b/security/sguil-server/files/sguild.sh.in @@ -0,0 +1,44 @@ +#!/bin/sh + +# PROVIDE: sguild +# REQUIRE: DAEMON +# KEYWORD: FreeBSD shutdown + +# Add the following lines to /etc/rc.conf to enable sguild: +# sguild_enable (bool): Set to YES to enable sguild +# Default: NO +# sguild_flags (str): Extra flags passed to sguild +# Default: -D +# sguild_conf (str): Sguild configuration file +# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf + +. %%RC_SUBR%% + +name="sguild" +rcvar=`set_rcvar` + +command="%%PREFIX%%/bin/${name}" +procname="%%TCLSH%%" +check_process="${command} /bin/sh" +stop_cmd="sguild_stop" + +sguild_enable=${sguild_enable-NO} +sguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf} +sguild_flags=${sguild_flags--D} +[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf" + +sguild_stop() { + if [ -z "${rc_pid}" ]; then + echo "${name} not running?" + else + echo "Stopping ${name}." + `/bin/kill -9 ${rc_pid}` + wait_for_pids "${rc_pid}" + if [ -f "/var/run/${name}.pid" ]; then + `rm -f /var/run/${name}.pid` + fi + fi +} + +load_rc_config ${name} +run_rc_command "$1" diff --git a/security/sguil-server/pkg-descr b/security/sguil-server/pkg-descr new file mode 100644 index 000000000000..5a17c0a57b8d --- /dev/null +++ b/security/sguil-server/pkg-descr @@ -0,0 +1,22 @@ +Sguil is an open source tool to implement Network +Security Monitoring (NSM). NSM is the collection, +analysis, and escalation of indications and warnings +to detect and respond to intrusions. NSM tools are +used more for network audit and specialized +applications than traditional alert-centric "intrusion +detection" systems. + +Want to learn more about Network Security Monitoring +(NSM)? Then check out Richard Bejtlich's recently +released book, The Tao of Network Security Monitoring: +Beyond Intrusion Detection. An excerpt reads: + +"Network security monitoring (NSM) equips security +staff to deal with the inevitable consequences of too +few resources and too many responsibilities. NSM collects +the data needed to generate better assessment, detection, +and response processes--resulting in decreased impact from +unauthorized activities." + +WWW: http://sguil.sourceforge.net/index.php +pauls@utdallas.edu diff --git a/security/sguil-server/pkg-plist b/security/sguil-server/pkg-plist new file mode 100644 index 000000000000..57c73c729ae5 --- /dev/null +++ b/security/sguil-server/pkg-plist @@ -0,0 +1,41 @@ +bin/archive_sguildb.tcl +bin/incident_report.tcl +bin/sguild +etc/%%SGUILDIR%%/autocat.conf-sample +etc/%%SGUILDIR%%/sguild.access-sample +etc/%%SGUILDIR%%/sguild.conf-sample +etc/%%SGUILDIR%%/sguild.email-sample +etc/%%SGUILDIR%%/sguild.queries-sample +etc/%%SGUILDIR%%/sguild.reports-sample +etc/%%SGUILDIR%%/sguild.users-sample +lib/%%SGUILDIR%%/SguildAccess.tcl +lib/%%SGUILDIR%%/SguildAutoCat.tcl +lib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl +lib/%%SGUILDIR%%/SguildConnect.tcl +lib/%%SGUILDIR%%/SguildCreateDB.tcl +lib/%%SGUILDIR%%/SguildEmailEvent.tcl +lib/%%SGUILDIR%%/SguildEvent.tcl +lib/%%SGUILDIR%%/SguildGenericDB.tcl +lib/%%SGUILDIR%%/SguildHealthChecks.tcl +lib/%%SGUILDIR%%/SguildLoaderd.tcl +lib/%%SGUILDIR%%/SguildMysqlMerge.tcl +lib/%%SGUILDIR%%/SguildQueryd.tcl +lib/%%SGUILDIR%%/SguildReportBuilder.tcl +lib/%%SGUILDIR%%/SguildSendComms.tcl +lib/%%SGUILDIR%%/SguildSensorAgentComms.tcl +lib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl +lib/%%SGUILDIR%%/SguildTranscript.tcl +lib/%%SGUILDIR%%/SguildUtils.tcl +share/%%SGUILDIR%%/create_ruledb.sql +share/%%SGUILDIR%%/create_sguildb.sql +share/%%SGUILDIR%%/migrate_event.tcl +share/%%SGUILDIR%%/migrate_sancp.tcl +share/%%SGUILDIR%%/update_sguildb_v5-v6.sql +share/%%SGUILDIR%%/update_sguildb_v6-v7.sql +share/%%SGUILDIR%%/update_sguildb_v7-v8.sql +share/%%SGUILDIR%%/update_sguildb_v8-v9.sql +share/%%SGUILDIR%%/update_sguildb_v9-v10.sql +share/%%SGUILDIR%%/update_sguildb_v10-v11.sql +@dirrm share/%%SGUILDIR%% +@unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguild.conf ] ; then rmdir %D/etc/%%SGUILDIR%%; fi +@dirrm lib/%%SGUILDIR%% |