diff options
Diffstat (limited to 'security/samhain/Makefile')
| -rw-r--r-- | security/samhain/Makefile | 83 |
1 files changed, 74 insertions, 9 deletions
diff --git a/security/samhain/Makefile b/security/samhain/Makefile index c268d311a75b..f7dd13c99a0f 100644 --- a/security/samhain/Makefile +++ b/security/samhain/Makefile @@ -4,12 +4,41 @@ # # $FreeBSD$ # +# +# This port recognizes the following tunables: +# +# RUNAS_USER: +# The username of the account Samhain/Yule will run as. +# Usually just "samhain" or "yule". +# +# WITH_GPG: +# Instructs the port to sign configuration files using the +# GNU Privacy Guard. +# +# WITH_KCHECK: +# Enable support for rogue kernel module detection. +# +# WITH_MYSQL: +# Enable support for logging to a MySQL database. Due to there +# being multiple current versions of MySQL, dependency for this +# is NOT checked. +# +# WITH_POSTGRESQL: +# Enable support for logging to a Postgres database. Untested. +# +# SERVER: +# Builds as Yule, Samhain's central logging server. Mutually exclusive +# with CLIENT. +# +# CLIENT: +# Builds as a client to Yule. Fetches configuration files +# and signature database from LOG_SERVER, and optionally, ALT_LOG_SERVER. +# PORTNAME= samhain -PORTVERSION= 1.7.5 +PORTVERSION= 1.7.8 CATEGORIES= security -MASTER_SITES= http://la-samhna.de/samhain/ \ - http://samhain.securecirt.org/ +MASTER_SITES= http://samhain.securecirt.org/ DISTFILES= samhain_signed-${PORTVERSION}.tar.gz MAINTAINER= lx@redundancy.redundancy.org @@ -20,10 +49,11 @@ BUILD_DEPENDS= gpg:${PORTSDIR}/security/gnupg .endif GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var --mandir=${PREFIX}/man +CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \ + --mandir=${PREFIX}/man --enable-suidcheck -.if defined(TRUSTED_USER) -CONFIGURE_ARGS+= --enable-identity=${TRUSTED_USER} +.if defined(RUNAS_USER) +CONFIGURE_ARGS+= --enable-identity=${RUNAS_USER} .endif .if defined(WITH_KCHECK) CONFIGURE_ARGS+= --with-kcheck @@ -32,33 +62,68 @@ CONFIGURE_ARGS+= --with-kcheck CONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg .endif .if defined(WITH_MYSQL) -CONFIGURE_ARGS+= --with-database=mysql +CONFIGURE_ARGS+= --with-database=mysql \ + --with-cflags=-I${LOCALBASE}/include/mysql \ + --with-libs=-L${LOCALBASE}/lib/mysql --enable-xml-log .endif .if defined(WITH_POSTGRES) -CONFIGURE_ARGS+= --with-database=postgresql +CONFIGURE_ARGS+= --with-database=postgresql --enable-xml-log .endif .if defined(CLIENT) -CONFIGURE_ARGS+= --enable-network=client +CONFIGURE_ARGS+= --enable-network=client \ + --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ + --with-config-file=REQ_FROM_SERVER --with-logserver=${LOG_SERVER} PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .elif defined(SERVER) CONFIGURE_ARGS+= --enable-network=server PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch MAN5= yulerc.5 MAN8= yule.8 .else PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .endif +.if defined(ALT_LOG_SERVER) +CONFIGURE_ARGS+= --with-altlogserver=${ALT_LOG_SERVER} +.endif pre-everything:: .if !defined(CLIENT) && !defined(SERVER) + @${ECHO_MSG} @${ECHO_MSG} "Building in standalone mode." @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" @${ECHO_MSG} "now and make with SERVER=yes or CLIENT=yes." + @${ECHO_MSG} +.endif + +.if defined(CLIENT) && defined(SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Can't build client and server at once!" + @${ECHO_MSG} +.error "Can't build client and server at once!" +.endif + +.if defined(CLIENT) && !defined(LOG_SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Please define LOG_SERVER (and ALT_LOG_SERVER, if " + @${ECHO_MSG} "applicable), the machine(s) this client will log to." + @${ECHO_MSG} +.error "Please define LOG_SERVER." +.endif + +.if defined(WITH_KCHECK) + @${ECHO_MSG} + @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem." + @${ECHO_MSG} "If you're not building as root, please hit Control-C and" + @${ECHO_MSG} "restart the build as root." + @${ECHO_MSG} .endif post-extract: |