Add new port security/sguil (version 0.9.0)

This port replaces security/sguil-client, security/sguild-server and
security/sguil-sensor which are at version 0.8.0.  They will be removed
shortly as a result.

PR:		191347
Submitted by:	Muhammad Rahman

Sguil (pronounced sgweel) is built by network security analysts for network
security analysts. Sguil's main component is an intuitive GUI that provides
access to realtime events, session data, and raw packet captures. Sguil
facilitates the practice of Network Security Monitoring and event driven
analysis. The Sguil client is written in tcl/tk and can be run on any operating
system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

security/Makefile

@@ -909,6 +909,7 @@
     SUBDIR += secpanel
     SUBDIR += sectok
     SUBDIR += secure_delete
+    SUBDIR += sguil
     SUBDIR += sguil-client
     SUBDIR += sguil-sensor
     SUBDIR += sguil-server

security/sguil/Makefile

@@ -0,0 +1,211 @@
+# Created by: Muhammad Moinur Rahman <5u623l20@gmail.com>
+# $FreeBSD$
+
+PORTNAME=	sguil
+PORTVERSION=	0.9.0
+CATEGORIES=	security
+
+MAINTAINER=	5u623l20@gmail.com
+COMMENT=	Sguil is a network security monitoring program
+
+LICENSE=	GPLv3
+
+RUN_DEPENDS=	tcltls>=0:${PORTSDIR}/devel/tcltls \
+		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	bammv
+GH_PROJECT=	${USERS}
+GH_TAGNAME=	${GH_COMMIT}
+GH_COMMIT=	0b16167
+
+OPTIONS_DEFINE=		DOCS
+OPTIONS_DEFAULT=	SERVER CLIENT SENSOR
+OPTIONS_MULTI=		INSTANCE
+OPTIONS_MULTI_INSTANCE=	SERVER CLIENT SENSOR
+OPTIONS_GROUP=		SERVER CLIENT SENSOR
+OPTIONS_GROUP_SERVER=	MYSQL
+OPTIONS_GROUP_CLIENT=	AUDIO SANCP WIRESHARK
+OPTIONS_GROUP_SENSOR=	PADS_SENSOR SANCP_SENSOR
+OPTIONS_SUB=		yes
+
+SERVER_DESC=		Install Sguil Server
+CLIENT_DESC=		Install Sguil Client
+SENSOR_DESC=		Install Sguil SENSOR
+MYSQL_DESC=		Depend on databases/mysqltcl
+AUDIO_DESC=		Install Festival Speech Synthesis
+SANCP_DESC=		Use sancp
+PADS_SENSOR_DESC=	Include pads sensor
+SANCP_SENSOR_DESC=	Include sancp sensor
+WIRESHARK_DESC=		Install wireshark
+
+CLIENT_USES=		tk:wrapper
+SERVER_RUN_DEPENDS=	p0f:${PORTSDIR}/net-mgmt/p0f \
+	                tcpflow:${PORTSDIR}/net/tcpflow \
+	                dtplite:${PORTSDIR}/devel/tcllib
+CLIENT_RUN_DEPENDS=	dtplite:${PORTSDIR}/devel/tcllib \
+			${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \
+			gpg2:${PORTSDIR}/security/gnupg
+SENSOR_RUN_DEPENDS=	barnyard2:${PORTSDIR}/security/barnyard2-sguil
+MYSQL_LIB_DEPENDS=	libmysqltcl3.052.so:${PORTSDIR}/databases/mysqltcl
+AUDIO_RUN_DEPENDS=	festival:${PORTSDIR}/audio/festival
+SANCP_RUN_DEPENDS=	sancp:${PORTSDIR}/security/sancp
+WIRESHARK_RUN_DEPENDS=	wireshark:${PORTSDIR}/net/wireshark
+PADS_SENSOR_RUN_DEPENDS=	pads:${PORTSDIR}/net-mgmt/pads
+SANCP_SENSOR_RUN_DEPENDS=	sancp:${PORTSDIR}/security/sancp
+
+NO_BUILD=	yes
+TCL_VER=	8.5
+TCLSH=		tclsh${TCL_VER}
+SERVER_SGUILDIR?=	sguild
+CLIENT_SGUILDIR?=	sguil-client
+SENSOR_SGUILDIR?=	sguil-sensor
+PLIST_SUB=	SERVER_SGUILDIR=${SERVER_SGUILDIR} \
+		CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
+		SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
+SUB_LIST=	SERVER_SGUILDIR=${SERVER_SGUILDIR} TCLSH=${TCLSH} \
+		CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
+		SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
+SERVER_CONFS=	autocat.conf sguild.access sguild.email	sguild.reports \
+		sguild.conf sguild.queries sguild.users
+CLIENT_LIBFILES=SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl \
+		sellib.tcl sancp.tcl sound.tcl guilib.tcl qrybuild.tcl \
+		qrylib.tcl report.tcl stdquery.tcl whois.tcl
+SENSOR_AGENTS=	pcap_agent.tcl snort_agent.tcl
+SENSOR_CONFS=	pcap_agent.conf snort_agent.conf
+LOG_SCRIPTS=	log_packets-daemonlogger.sh log_packets.sh
+USERS=		sguil
+GROUPS=		sguil
+
+PORTDOCS=	${COMMON_DOCS:S|^doc/||}
+COMMON_DOCS=	doc/CHANGES doc/FAQ doc/INSTALL doc/INSTALL.openbsd \
+	       	doc/OPENSSL.README doc/TODO doc/UPGRADE doc/USAGE \
+	       	doc/sguildb.dia
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MCLIENT}
+SUB_FILES=	pkg-message-client
+.endif
+
+.if ${PORT_OPTIONS:MSERVER}
+USE_RC_SUBR+=	sguild
+SUB_FILES=	pkg-message-server
+.endif
+
+.if ${PORT_OPTIONS:MSENSOR}
+USE_RC_SUBR+=	pcap_agent snort_agent
+SUB_FILES=	pkg-message-sensor
+WITH_PCRE=	true
+PORTDOCS+=	README.daemonlogger
+.  if ${PORT_OPTIONS:MSANCP_SENSOR}
+SENSOR_AGENTS+=	sancp_agent.tcl pcap_agent-sancp.tcl
+SENSOR_CONFS+=	sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
+USE_RC_SUBR+=	sancp_agent pcap_agent-sancp
+PORTDOCS+=	README.sancp_indexed_pcap
+.  endif
+.  if ${PORT_OPTIONS:MPADS_SENSOR}
+SENSOR_AGENTS+=	pads_agent.tcl
+SENSOR_CONFS+=	pads_agent.conf
+USE_RC_SUBR+=	pads_agent
+.  endif
+.endif
+
+post-patch:
+.if ${PORT_OPTIONS:MSERVER}
+	@${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \
+		${WRKSRC}/server/sguild
+	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib
+.endif
+.if ${PORT_OPTIONS:MCLIENT}
+	@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images
+.endif
+.if ${PORT_OPTIONS:MSENSOR}
+.  for f in ${SENSOR_AGENTS}
+	@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
+		${WRKSRC}/sensor/${f}
+.  endfor
+.endif
+
+do-install:
+.if ${PORT_OPTIONS:MSERVER}
+	(cd ${WRKSRC}/server/lib && \
+		${COPYTREE_BIN} \* ${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR})
+	(cd ${WRKSRC}/server/sql_scripts && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR})
+	(cd ${WRKSRC}/server/contrib && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib)
+	${INSTALL_SCRIPT} ${WRKSRC}/server/sguild ${STAGEDIR}${PREFIX}/bin
+.  for f in ${SERVER_CONFS}
+	${INSTALL_DATA} ${WRKSRC}/server/${f} \
+		${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR}/${f}-sample
+.  endfor
+.endif
+
+.if ${PORT_OPTIONS:MCLIENT}
+	${INSTALL_SCRIPT} ${WRKSRC}/client/sguil.tk \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/sguil.tk
+	${INSTALL_DATA} ${WRKSRC}/client/sguil.conf \
+		${STAGEDIR}${PREFIX}/etc/sguil.conf-sample
+	(cd ${WRKSRC}/client/lib && ${INSTALL_DATA} ${CLIENT_LIBFILES} \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib)
+	(cd ${WRKSRC}/client/lib/images && \
+		${INSTALL_DATA} sguil_logo_h.gif checked.gif unchecked.gif \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images)
+	(cd ${WRKSRC}/client/lib/tablelist5.11 && ${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib/tablelist5.11)
+.endif
+
+.if ${PORT_OPTIONS:MSENSOR}
+	@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR} \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init
+	(cd ${WRKSRC}/sensor/contrib && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
+		"! -name ossec_agent.tcl.orig")
+	(cd ${WRKSRC}/sensor/init && \
+		${COPYTREE_SHARE} \* \
+		${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init)
+	(cd ${WRKSRC}/sensor/ && \
+		${INSTALL_SCRIPT} ${SENSOR_AGENTS} \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
+	(cd ${WRKSRC}/sensor && \
+		${INSTALL_SCRIPT} ${LOG_SCRIPTS} \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
+.  for f in ${SENSOR_CONFS}
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/${f}-sample
+.  endfor
+
+.  if ${PORT_OPTIONS:MSANCP_SENSOR}
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/log_packets-sancp.sh \
+		${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/sancp.conf \
+		${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/sancp.conf-sample
+.  endif
+.endif
+
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${COMMON_DOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+.  if ${PORT_OPTIONS:MSENSOR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/README.daemonlogger \
+		${STAGEDIR}${DOCSDIR}
+.    if ${PORT_OPTIONS:MSANCP_SENSOR}
+	${INSTALL_DATA} ${WRKSRC}/sensor/README.sancp_indexed_pcap \
+		${STAGEDIR}${DOCSDIR}
+.    endif
+.  endif
+.endif
+
+.include <bsd.port.mk>

security/sguil/distinfo

@@ -0,0 +1,2 @@
+SHA256 (sguil-0.9.0.tar.gz) = e83f664673a6c44efec8b0a765a41b00a00830ba02a058d4c0663c915f95c8ee
+SIZE (sguil-0.9.0.tar.gz) = 464313

security/sguil/files/example_agent.in

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/example_agent.in 340872 2014-01-24 00:14:07Z mat $
+
+# PROVIDE: example_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable example_agent:
+# example_agent_enable (bool):	Set to YES to enable example_agent
+# 				Default: NO
+# example_agent_conf (str):	Example_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
+# example_agent_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+load_rc_config example_agent
+
+#set defaults
+example_agent_enable=${example_agent_enable:-"NO"}
+example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
+example_agent_flags=${example_agent_flags:-"-D"}
+
+name="example_agent"
+rcvar=example_agent_enable
+command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
+command_args="-c ${example_agent_conf} ${example_agent_flags}"
+procname="%%PREFIX%%/bin/tclsh8.4"
+pidfile="/var/run/${name}.pid"
+check_pidfile="${pidfile} ${procname} /bin/sh"
+
+run_rc_command "$1"

security/sguil/files/pads_agent.in

@@ -0,0 +1,66 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pads_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pads_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pads_agent:
+# pads_agent_enable (bool):	Set to YES to enable pads_agent
+# 				Default: NO
+# pads_agent_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
+# pads_agent_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pads_agent"
+rcvar=${name}_enable
+load_rc_config ${name}
+
+#set defaults
+: ${pads_agent_enable:="NO"}
+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+start_precmd="pads_agent_ck4fifo"
+stop_postcmd="pads_agent_rmfifo"
+
+pads_agent_ck4fifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ ! -p ${PADS_FIFO} ]; then
+                echo "${PADS_FIFO} does not exist.  Creating now....."
+                /usr/bin/mkfifo ${PADS_FIFO}
+        fi
+        echo "Checking for ${PADS_FIFO}...."
+        if [ -p ${PADS_FIFO} ]; then
+                echo "Confirmed!  ${PADS_FIFO} exists."
+        else
+                echo "I tried to create ${PADS_FIFO} and failed."
+                echo "You will need to create it manually before starting ${name}."
+        fi
+}
+
+pads_agent_rmfifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ -p ${PADS_FIFO} ]; then
+                /bin/rm ${PADS_FIFO}
+                echo "Removing ${PADS_FIFO}...."
+        fi
+}
+
+run_rc_command "$1"

security/sguil/files/patch-client__sguil.conf

@@ -0,0 +1,35 @@
+--- client/sguil.conf.orig	2012-11-15 22:46:24.000000000 +0000
++++ client/sguil.conf	2012-11-15 22:48:28.000000000 +0000
+@@ -18,7 +18,7 @@
+ set DEBUG 1
+ 
+ # PATH to tls lib if needed (tcl can usually find this by default)
+-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
++#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so
+ # win32 example
+ #set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
+ 
+@@ -46,12 +46,12 @@
+ # If you have festival installed, then you can have alerts spoken to
+ # you. Set the path to the festival binary here. If you are using
+ # speechd from speechio.org, then leave this commented out.
+-set FESTIVAL_PATH /usr/bin/festival
++set FESTIVAL_PATH /usr/local/bin/festival
+ # win32 example
+ # set FESTIVAL_PATH "c:\festival\bin\festival.exe"
+ 
+ # Path to wireshark (ethereal)
+-set WIRESHARK_PATH /usr/sbin/wireshark
++set WIRESHARK_PATH /usr/local/bin/wireshark
+ # win32 example
+ # set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
+ 
+@@ -62,7 +62,7 @@
+ # set WIRESHARK_STORE_DIR "c:/tmp"
+ 
+ # Favorite browser for looking at sig info on snort.org
+-set BROWSER_PATH /usr/bin/firefox
++set BROWSER_PATH /usr/local/bin/firefox
+ # win32 example (IE)
+ # set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe
+ 

security/sguil/files/patch-client__sguil.tk

@@ -0,0 +1,28 @@
+--- client/sguil.tk.orig	2012-11-15 22:24:35.000000000 +0000
++++ client/sguil.tk	2012-11-15 22:26:33.000000000 +0000
+@@ -88,7 +88,7 @@
+ 
+ # Load iwidgets and namespaces
+ if [catch {package require Iwidgets} iwidgetsVersion] {
+-    puts "ERROR: Cannot fine the Iwidgets extension."
++    puts "ERROR: Cannot find the Iwidgets extension."
+     puts "The iwidgets package is part of the incr tcl extension and is"
+     puts "available as a port/package most systems."
+     puts "See http://www.tcltk.com/iwidgets/ for more info."
+@@ -2053,11 +2053,11 @@
+     set CONF_FILE $env(HOME)/sguil.conf
+   } elseif { [file exists ./sguil.conf] } {
+     set CONF_FILE ./sguil.conf
+-  } elseif { [file exists /etc/sguil] &&\
+-             [file isdirectory /etc/sguil] &&\
+-             [file exists /etc/sguil/sguil.conf] &&\
+-             [file readable /etc/sguil/sguil.conf] } {
+-    set CONF_FILE /etc/sguil/sguil.conf
++  } elseif { [file exists /usr/local/etc/sguil] &&\
++             [file isdirectory /usr/local/etc/sguil] &&\
++             [file exists /usr/local/etc/sguil/sguil.conf] &&\
++             [file readable /usr/local/etc/sguil/sguil.conf] } {
++    set CONF_FILE /usr/local/etc/sguil/sguil.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+     puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."

security/sguil/files/patch-sensor__contrib__ossec_agent__ossec_agent.tcl

@@ -0,0 +1,30 @@
+--- sensor/contrib/ossec_agent/ossec_agent.tcl.orig	2012-12-17 22:47:18.000000000 +0000
++++ sensor/contrib/ossec_agent/ossec_agent.tcl	2012-12-17 22:48:45.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # OSSEC agent for Sguil 0.7.0.  Based on the "example_agent.tcl" code
+ # distributed with sguil.  
+@@ -593,9 +591,9 @@
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/ossec_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
+ 
+-        set CONF_FILE /etc/ossec_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
+ 
+     } elseif { [file exists ./ossec_agent.conf] } {
+ 
+@@ -604,7 +602,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the ossec_agent.tcl config file is"
+-        puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

security/sguil/files/patch-sensor__pads_agent.tcl

@@ -0,0 +1,39 @@
+--- sensor/pads_agent.tcl.orig	2012-12-19 21:25:26.000000000 +0000
++++ sensor/pads_agent.tcl	2012-12-19 21:27:37.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -332,7 +330,7 @@
+   id process group set
+   if {[fork]} {exit 0}
+   set PID [id process]
+-  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
++  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
+   set PID_DIR [file dirname $PID_FILE]
+   if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
+     puts "ERROR: Directory $PID_DIR does not exists or is not writable."
+@@ -380,16 +378,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/pads_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/pads_agent.conf] } {
+-    set CONF_FILE /etc/pads_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
+   } elseif { [file exists ./pads_agent.conf] } {
+     set CONF_FILE ./pads_agent.conf
+   } else {
+     puts "Couldn't determine where the sensor_agent.tcl config file is"
+-    puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
+     DisplayUsage $argv0
+   }
+ }

security/sguil/files/patch-sensor__pcap_agent-sancp.tcl

@@ -0,0 +1,35 @@
+--- sensor/pcap_agent-sancp.tcl.orig	2012-12-17 22:36:43.000000000 +0000
++++ sensor/pcap_agent-sancp.tcl	2012-12-17 22:38:22.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
+ 
+@@ -754,13 +752,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -769,7 +767,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

security/sguil/files/patch-sensor__pcap_agent.tcl

@@ -0,0 +1,35 @@
+--- sensor/pcap_agent.tcl.orig	2012-12-17 22:31:44.000000000 +0000
++++ sensor/pcap_agent.tcl	2012-12-17 22:42:50.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -771,13 +769,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -786,7 +784,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

security/sguil/files/patch-sensor__sancp_agent.tcl

@@ -0,0 +1,30 @@
+--- sensor/sancp_agent.tcl.orig	2012-12-17 22:43:39.000000000 +0000
++++ sensor/sancp_agent.tcl	2012-12-17 22:44:56.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -582,16 +580,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/sancp_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sancp_agent.conf] } {
+-    set CONF_FILE /etc/sancp_agent.conf
++  if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
+   } elseif { [file exists ./sancp_agent.conf] } {
+     set CONF_FILE ./sancp_agent.conf
+   } else {
+     puts "Couldn't determine where the sancp_agent.tcl config file is"
+-    puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
++    puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
+     DisplayUsage $argv0
+   }
+ }

security/sguil/files/patch-server__lib__SguildLoaderd.tcl

@@ -0,0 +1,11 @@
+--- server/lib/SguildLoaderd.tcl.orig	2012-10-12 21:07:19.000000000 +0000
++++ server/lib/SguildLoaderd.tcl	2012-10-12 21:15:06.000000000 +0000
+@@ -220,7 +220,7 @@
+     } else {
+         # Make sure its a MERGE table and not the old monster
+         set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist]
+-        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
++        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
+ 
+             ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\
+                           sguil database schema that does not support the MERGE sancp\n\

security/sguil/files/patch-server__lib__SguildMysqlMerge.tcl

@@ -0,0 +1,11 @@
+--- server/lib/SguildMysqlMerge.tcl.orig	2012-10-12 21:18:22.000000000 +0000
++++ server/lib/SguildMysqlMerge.tcl	2012-10-12 21:19:41.000000000 +0000
+@@ -9,7 +9,7 @@
+         set tmpQry "SHOW TABLE STATUS LIKE '$tableName'"
+         set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist]
+ 
+-        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
++        if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
+ 
+             # Non MERGE table found.
+             set errorMsg "\n*************************************************************\n

security/sguil/files/patch-server__sguild

@@ -0,0 +1,88 @@
+--- server/sguild.orig	2014-06-23 21:54:25.595758574 +0600
++++ server/sguild	2014-06-23 21:59:48.122743440 +0600
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sguild,v 1.194 2013/09/05 00:38:45 bamm Exp $ #
+ 
+@@ -221,7 +219,7 @@
+ ##################################
+ 
+ # Do all priv account actions here.
+-# Open log files/etc. Privs will be dropped after.
++# Open log files/usr/local/etc. Privs will be dropped after.
+ 
+ if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild }
+ 
+@@ -321,7 +319,7 @@
+ # Check for certs
+ if {![info exists CERTS_PATH]} {
+ 
+-    set CERTS_PATH /etc/sguild/certs
++    set CERTS_PATH /usr/local/etc/sguild/certs
+ 
+ }
+ 
+@@ -351,13 +349,13 @@
+ 
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sguild/sguild.conf] } {
+-    set CONF_FILE /etc/sguild/sguild.conf
++  if { [file exists /usr/local/etc/sguild/sguild.conf] } {
++    set CONF_FILE /usr/local/etc/sguild/sguild.conf
+   } elseif { [file exists ./sguild.conf] } {
+     set CONF_FILE ./sguild.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+-    puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
++    puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf."
+     DisplayUsage $argv0
+   }
+ }
+@@ -484,8 +482,8 @@
+ # Load accessfile
+ if { ![info exists ACCESS_FILE] } {
+   # Check the defaults
+-  if { [file exists /etc/sguild/sguild.access] } {
+-    set ACCESS_FILE "/etc/sguild/sguild.access"
++  if { [file exists /usr/local/etc/sguild/sguild.access] } {
++    set ACCESS_FILE "/usr/local/etc/sguild/sguild.access"
+   } elseif { [file exists ./sguild.access] } {
+     set ACCESS_FILE "./sguild.access"
+   } else {
+@@ -511,8 +509,8 @@
+ #}
+ # Load email config file
+ if { ![info exists EMAIL_FILE] } {
+-  if { [file exists /etc/sguild/sguild.email] } {
+-    set EMAIL_FILE "/etc/sguild/sguild.email"
++  if { [file exists /usr/local/etc/sguild/sguild.email] } {
++    set EMAIL_FILE "/usr/local/etc/sguild/sguild.email"
+   } else {
+     set EMAIL_FILE "./sguild.email"
+   }
+@@ -524,8 +522,8 @@
+ }
+ # Load global queries.
+ if { ![info exists GLOBAL_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.queries] } {
+-    set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
++  if { [file exists /usr/local/etc/sguild/sguild.queries] } {
++    set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries"
+   } else {
+     set GLOBAL_QRY_FILE "./sguild.queries"
+   }
+@@ -537,8 +535,8 @@
+ }
+ # Load report queries.
+ if { ![info exists REPORT_QRY_FILE] } {
+-  if { [file exists /etc/sguild/sguild.reports] } {
+-    set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
++  if { [file exists /usr/local/etc/sguild/sguild.reports] } {
++    set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports"
+   } else {
+     set REPORT_QRY_FILE "./sguild.reports"
+   }

security/sguil/files/patch-server__sguild.access

@@ -0,0 +1,12 @@
+--- server/sguild.access.orig	2008-04-03 17:55:46.000000000 -0500
++++ server/sguild.access	2008-04-03 17:56:50.000000000 -0500
+@@ -4,7 +4,8 @@
+ # This file is used by sguild for access control. It is read upon init  #
+ # or when sguild receives a HUP signal.                                 #
+ #                                                                       #
+-# By default, sguild will look first for /etc/sguild/sguild.access,     #
++# By default, sguild will look first for                                #
++# /usr/local/etc/sguild/sguild.access,                                  #       
+ # then ./sguild.access unless the -A /path/to/sguild.access switch      #
+ # is used.                                                              #
+ #                                                                       #

security/sguil/files/patch-server__sguild.conf

@@ -0,0 +1,28 @@
+--- server/sguild.conf.orig	2008-04-03 17:47:18.000000000 -0500
++++ server/sguild.conf	2008-04-03 17:53:11.000000000 -0500
+@@ -1,7 +1,7 @@
+ # $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
+ 
+ # Path the sguild libs
+-set SGUILD_LIB_PATH ./lib
++set SGUILD_LIB_PATH /usr/local/lib/sguild
+ 
+ # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
+ set DEBUG 2
+@@ -63,7 +63,7 @@
+ 
+ # You MUST have tcpflow installed to get xscripts
+ # http://www.circlemud.org/~jelson/software/tcpflow/
+-set TCPFLOW "/usr/bin/tcpflow"
++set TCPFLOW "/usr/local/bin/tcpflow"
+ 
+ # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
+ # If you have p0f (a passive OS fingerprinting system) installed, you can have
+@@ -74,6 +74,6 @@
+ 
+ # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
+ # add any others you may need here.
+-set P0F_PATH "/usr/sbin/p0f"
++set P0F_PATH "/usr/local/bin/p0f"
+ 
+ # Email config moved to sguild.email 

security/sguil/files/patch-server__snort_agent

@@ -0,0 +1,35 @@
+--- sensor/snort_agent.tcl.orig	2012-12-17 22:33:35.000000000 +0000
++++ sensor/snort_agent.tcl	2012-12-17 22:39:39.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -680,13 +678,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/snort_agent.conf or pwd
++# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/snort_agent.conf] } {
++    if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
+ 
+-        set CONF_FILE /etc/snort_agent.conf
++        set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
+ 
+     } elseif { [file exists ./snort_agent.conf] } {
+ 
+@@ -695,7 +693,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the snort_agent.tcl config file is"
+-        puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
++        puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
+         DisplayUsage $argv0
+ 
+     }

security/sguil/files/patch-server__sql_scripts__sancp_cleanup.tcl

@@ -0,0 +1,11 @@
+--- server/sql_scripts/sancp_cleanup.tcl.orig	2011-08-11 20:31:07.000000000 +0000
++++ server/sql_scripts/sancp_cleanup.tcl	2011-08-11 20:31:26.000000000 +0000
+@@ -214,7 +214,7 @@
+     INDEX dst_port (dst_port),                         \
+     INDEX src_port (src_port),                         \
+     INDEX start_time (start_time)                      \
+-    ) TYPE=MERGE UNION=([join $tmpTables ,])      \
++    ) ENGINE=MERGE UNION=([join $tmpTables ,])      \
+     "
+ # Create our MERGE sancp table
+ mysqlexec $dbSocketID $createQuery

security/sguil/files/pcap_agent-sancp.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool):	Set to YES to enable pcap_agent-sancp
+# 				Default: NO
+# pcap_agent-sancp_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+load_rc_config pcap_agent-sancp
+
+#set defaults
+: ${pcap_agent-sancp_enable:="NO"}
+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

security/sguil/files/pcap_agent.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/pcap_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: pcap_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent:
+# pcap_agent_enable (bool):     Set to YES to enable pcap_agent
+#                               Default: NO
+# pcap_agent_conf (str):        Pcap_agent configuration file
+#                               Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
+# pcap_agent_flags (str):       Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent"
+rcvar=pcap_agent_enable
+load_rc_config pcap_agent
+
+#set defaults
+: ${pcap_agent_enable:="NO"}
+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

security/sguil/files/pkg-message-client.in

@@ -0,0 +1,16 @@
+Sguil-client
+============
+See the USAGE document in the %%DOCSDIR%% for instructions
+on how to use the sguil client to connect to and maintain
+the sguil network monitoring system.
+
+NOTE: This port installs a sguil.conf-sample file in
+%%PREFIX%%/bin/%%CLIENT_SGUILDIR%%/.  If you are installing this on a
+multi-user system, each user might want to have a
+sguil.conf file in their home directory.  Sguil.tk sources
+the home directory first for the sguil.conf file.
+
+There are several items in the conf file that may need
+editing, including the path to your web browser, the name
+of the sguil server you connect to and possibly the port
+you connect to (if you're not using the default port.)

security/sguil/files/pkg-message-sensor.in

@@ -0,0 +1,31 @@
+            ***********************************
+            * !!!!!!!!!!! WARNING !!!!!!!!!!! *
+            ***********************************
+
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead.  You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead.  This port WILL NOT WORK without the barnyard2-sguil port!!
+
+See the %%DOCSDIR%%/INSTALL doc for details on the 
+configuration and for croning the script.  
+
+WARNING!!!  Sguil et al will fill up your /tmp directory very 
+quickly.  You should probably configure sguil et al to log to
+another partition/location (e.g. /nsm/tmp/).
+
+You must ALSO edit all of the sensor conf files (located in 
+%%PREFIX%%/%%SENSOR_SGUILDIR%%/etc/) to reflect your configuration before 
+starting the sensor_agents.
+
+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SENSOR_SGUILDIR%%.
+
+If you chose to run sancp, and you already had a sancp.conf file in
+%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3.  It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add 
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.

security/sguil/files/pkg-message-server.in

@@ -0,0 +1,44 @@
+Sguil-server
+============
+If you had existing config files in %%PREFIX%%/etc/%%SERVER_SGUILDIR%%
+they were not overwritten. If this is a first time install, you
+must copy the sample files to the corresponding conf file and
+edit the various config files for your site.  See the INSTALL
+doc in %%DOCSDIR%% for details.  If this is an upgrade, replace
+your existing conf file with the new one and edit accordingly
+
+The sql scripts for creating database tables were placed in
+the %%PREFIX%%/share/%%SERVER_SGUILDIR%%/ directory.  PLEASE
+note LOG_DIR is not set by this install.  You MUST create the
+correct LOG_DIRS and put a copy of the snort rules you use in
+LOG_DIR/rules.
+
+The sguild program was placed in %%PREFIX%%/bin/.
+
+Some contributed scripts were placed in
+%%PREFIX%%/share/%%SERVER_SGUILDIR%%/contrib
+
+A startup script, named sguild was installed in
+%%PREFIX%%/etc/rc.d/.  To enable it, edit /etc/rc.conf
+per the instructions in the script.
+
+NOTE. You MUST create a directory /var/run/%%SERVER_SGUILDIR%%, and set the ownership
+to user guil group sguil
+You MUST also create certs.  Here's how to do it;
+Create the directory %%SERVER_SGUILDIR%%/certs
+Set ownership to sguil user and group.
+Create a password-protected CA cert.
+openssl req -out CA.pem -new -x509
+Create a server certificate/key pair.
+openssl genrsa -out sguild.key 1024
+Create a certificate request to be signed by the CA.
+DO NOT password protect your server key.  If you do, you will be required
+to enter the password every time you start the server.
+openssl req -key sguild.key -new -out sguild.req
+If this is the first time you've created the cert,
+Create a serial file so your certs will have incremented serial numbers.
+openssl x509 -req -in sguild.req -CA CA.pem -CAAkey privkey.pem -CAcreateserial -out sguild.pem
+If you're updating the existing cert
+Update the actual certificate for your server.
+openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial CA.sr1 -out sguild.pem
+Put the certs to the %%SERVER_SGUILDIR%%/certs directory

security/sguil/files/sancp_agent.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/sancp_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: sancp_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable sancp_agent:
+# sancp_agent_enable (bool):     Set to YES to enable sancp_agent
+#                                Default: NO
+# sancp_agent_conf (str):        Sancp_agent configuration file
+#                                Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
+# sancp_agent_flags (str):       Default: -D
+#
+
+. /etc/rc.subr
+
+name="sancp_agent"
+rcvar=sancp_agent_enable
+load_rc_config sancp_agent
+
+#set defaults
+: ${sancp_agent_enable:="NO"}
+: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
+: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

security/sguil/files/sguild.in

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-server/files/sguild.in 312467 2013-02-18 01:01:11Z miwi $
+
+# PROVIDE: sguild
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable sguild:
+# sguild_enable (bool):		Set to YES to enable sguild
+# 				Default: NO
+# sguild_flags (str):		Extra flags passed to sguild
+#				Default: -D -P ${pid}
+# sguild_conf (str):		Sguild configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
+# sguild_user (str):		Default: sguil
+# Note: this value MUST be set in /etc/rc.conf if you do not accept the default
+# user created by the pkg-install script
+
+. /etc/rc.subr
+
+name="sguild"
+rcvar=sguild_enable
+load_rc_config sguild
+# set some defaults
+: ${sguild_enable:="NO"}
+: ${sguild_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"}
+: ${pid:="/var/run/%%SGUILDIR%%/sguild.pid"}
+: ${sguild_flags:="-D -P ${pid}"}
+: ${sguild_user:="sguil"}
+
+command="%%PREFIX%%/bin/${name}"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+
+run_rc_command "$1"

security/sguil/files/snort_agent.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD: head/security/sguil-sensor/files/snort_agent.in 312466 2013-02-18 00:56:47Z miwi $
+
+# PROVIDE: snort_agent
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable snort_agent:
+# snort_agent_enable (bool):     Set to YES to enable snort_agent
+#                                Default: NO
+# snort_agent_conf (str):        Snort_agent configuration file
+#                                Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf
+# snort_agent_flags (str):       Default: -D
+#
+
+. /etc/rc.subr
+
+name="snort_agent"
+rcvar=snort_agent_enable
+load_rc_config snort_agent
+
+#set defaults
+: ${snort_agent_enable:="NO"}
+: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
+: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"

security/sguil/pkg-descr

@@ -0,0 +1,8 @@
+Sguil (pronounced sgweel) is built by network security analysts for network
+security analysts. Sguil's main component is an intuitive GUI that provides
+access to realtime events, session data, and raw packet captures. Sguil
+facilitates the practice of Network Security Monitoring and event driven
+analysis. The Sguil client is written in tcl/tk and can be run on any operating
+system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
+
+WWW: https://bammv.github.io/sguil/

security/sguil/pkg-plist

@@ -0,0 +1,136 @@
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/checked.gif
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/sguil_logo_h.gif
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/unchecked.gif
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/SguilUtil.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/dkffont.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/email17.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/extdata.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/guilib.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/qrybuild.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/qrylib.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/report.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sancp.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sellib.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sound.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/stdquery.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/COPYRIGHT.txt
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/pkgIndex.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/mwutil.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/repair.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistBind.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistConfig.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistEdit.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistImages.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistMove.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistSort.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistThemes.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistUtil.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistWidget.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tclIndex
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelist.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelist_tile.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelistPublic.tcl
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/whois.tcl
+@mode 751
+%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/sguil.tk
+@mode
+%%CLIENT%%etc/sguil.conf-sample
+%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts
+%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11
+%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib
+%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/images
+%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%
+@mode 751
+%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets-daemonlogger.sh
+%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets.sh
+%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/pcap_agent.tcl
+%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/snort_agent.tcl
+@mode
+%%SENSOR%%etc/%%SENSOR_SGUILDIR%%/pcap_agent.conf-sample
+%%SENSOR%%etc/%%SENSOR_SGUILDIR%%/snort_agent.conf-sample
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/README
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader/Makefile
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
+%%SENSOR%%share/%%SENSOR_SGUILDIR%%/init/sensoragent
+@mode 751
+%%SENSOR%%%%PADS_SENSOR%%bin/%%SENSOR_SGUILDIR%%/pads_agent.tcl
+@mode
+%%SENSOR%%%%PADS_SENSOR%%etc/%%SENSOR_SGUILDIR%%/pads_agent.conf-sample
+@mode 751
+%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets-sancp.sh
+%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/pcap_agent-sancp.tcl
+%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/sancp_agent.tcl
+@mode
+%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp_agent.conf-sample
+%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp-indexed.conf-sample
+%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/pcap_agent-sancp.conf-sample
+%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp.conf-sample
+%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/init
+%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader
+%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent
+%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib
+%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%
+%%SENSOR%%@dirrmtry etc/%%SENSOR_SGUILDIR%%
+%%SENSOR%%@dirrm bin/%%SENSOR_SGUILDIR%%
+%%SERVER%%bin/sguild
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/autocat.conf-sample
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.access-sample
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.conf-sample
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.email-sample
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.queries-sample
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.reports-sample
+%%SERVER%%@owner sguil
+%%SERVER%%@group sguil
+%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.users-sample
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildAccess.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildAutoCat.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildClientCmdRcvd.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildConnect.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildCreateDB.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildEmailEvent.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildEvent.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildGenericDB.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildGenericEvent.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildHealthChecks.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildLoaderd.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildLoaderd.tcl.orig
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildMysqlMerge.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildMysqlMerge.tcl.orig
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildPadsLib.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildQueryd.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildReportBuilder.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSendComms.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSensorAgentComms.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSensorCmdRcvd.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildTranscript.tcl
+%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildUtils.tcl
+%%SERVER%%@owner root
+%%SERVER%%@group wheel
+%%SERVER%%share/%%SERVER_SGUILDIR%%/autocat2mysql.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/incident_report.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/init/sguil
+%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/init/sguild
+%%SERVER%%share/%%SERVER_SGUILDIR%%/create_ruledb.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/create_sguildb.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/migrate_event.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/migrate_sancp.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/sancp_cleanup.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/sancp_cleanup.tcl.orig
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_0.7.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_0.8.tcl
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v10-v11.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v11-v12.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v12-v13.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v13-v14.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v5-v6.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v6-v7.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v7-v8.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v8-v9.sql
+%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v9-v10.sql
+%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%/contrib/init
+%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%/contrib
+%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%
+%%SERVER%%@dirrm lib/%%SERVER_SGUILDIR%%
+%%SERVER%%@dirrm etc/%%SERVER_SGUILDIR%%