1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00

Add new port security/sguil (version 0.9.0)

This port replaces security/sguil-client, security/sguild-server and
security/sguil-sensor which are at version 0.8.0.  They will be removed
shortly as a result.

PR:		191347
Submitted by:	Muhammad Rahman

Sguil (pronounced sgweel) is built by network security analysts for network
security analysts. Sguil's main component is an intuitive GUI that provides
access to realtime events, session data, and raw packet captures. Sguil
facilitates the practice of Network Security Monitoring and event driven
analysis. The Sguil client is written in tcl/tk and can be run on any operating
system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
This commit is contained in:
John Marino 2014-08-16 18:38:25 +00:00
parent c80daa6b80
commit 389083ef74
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=365120
29 changed files with 1140 additions and 0 deletions

View File

@ -909,6 +909,7 @@
SUBDIR += secpanel
SUBDIR += sectok
SUBDIR += secure_delete
SUBDIR += sguil
SUBDIR += sguil-client
SUBDIR += sguil-sensor
SUBDIR += sguil-server

211
security/sguil/Makefile Normal file
View File

@ -0,0 +1,211 @@
# Created by: Muhammad Moinur Rahman <5u623l20@gmail.com>
# $FreeBSD$
PORTNAME= sguil
PORTVERSION= 0.9.0
CATEGORIES= security
MAINTAINER= 5u623l20@gmail.com
COMMENT= Sguil is a network security monitoring program
LICENSE= GPLv3
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
USE_GITHUB= yes
GH_ACCOUNT= bammv
GH_PROJECT= ${USERS}
GH_TAGNAME= ${GH_COMMIT}
GH_COMMIT= 0b16167
OPTIONS_DEFINE= DOCS
OPTIONS_DEFAULT= SERVER CLIENT SENSOR
OPTIONS_MULTI= INSTANCE
OPTIONS_MULTI_INSTANCE= SERVER CLIENT SENSOR
OPTIONS_GROUP= SERVER CLIENT SENSOR
OPTIONS_GROUP_SERVER= MYSQL
OPTIONS_GROUP_CLIENT= AUDIO SANCP WIRESHARK
OPTIONS_GROUP_SENSOR= PADS_SENSOR SANCP_SENSOR
OPTIONS_SUB= yes
SERVER_DESC= Install Sguil Server
CLIENT_DESC= Install Sguil Client
SENSOR_DESC= Install Sguil SENSOR
MYSQL_DESC= Depend on databases/mysqltcl
AUDIO_DESC= Install Festival Speech Synthesis
SANCP_DESC= Use sancp
PADS_SENSOR_DESC= Include pads sensor
SANCP_SENSOR_DESC= Include sancp sensor
WIRESHARK_DESC= Install wireshark
CLIENT_USES= tk:wrapper
SERVER_RUN_DEPENDS= p0f:${PORTSDIR}/net-mgmt/p0f \
tcpflow:${PORTSDIR}/net/tcpflow \
dtplite:${PORTSDIR}/devel/tcllib
CLIENT_RUN_DEPENDS= dtplite:${PORTSDIR}/devel/tcllib \
${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \
gpg2:${PORTSDIR}/security/gnupg
SENSOR_RUN_DEPENDS= barnyard2:${PORTSDIR}/security/barnyard2-sguil
MYSQL_LIB_DEPENDS= libmysqltcl3.052.so:${PORTSDIR}/databases/mysqltcl
AUDIO_RUN_DEPENDS= festival:${PORTSDIR}/audio/festival
SANCP_RUN_DEPENDS= sancp:${PORTSDIR}/security/sancp
WIRESHARK_RUN_DEPENDS= wireshark:${PORTSDIR}/net/wireshark
PADS_SENSOR_RUN_DEPENDS= pads:${PORTSDIR}/net-mgmt/pads
SANCP_SENSOR_RUN_DEPENDS= sancp:${PORTSDIR}/security/sancp
NO_BUILD= yes
TCL_VER= 8.5
TCLSH= tclsh${TCL_VER}
SERVER_SGUILDIR?= sguild
CLIENT_SGUILDIR?= sguil-client
SENSOR_SGUILDIR?= sguil-sensor
PLIST_SUB= SERVER_SGUILDIR=${SERVER_SGUILDIR} \
CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
SUB_LIST= SERVER_SGUILDIR=${SERVER_SGUILDIR} TCLSH=${TCLSH} \
CLIENT_SGUILDIR=${CLIENT_SGUILDIR} \
SENSOR_SGUILDIR=${SENSOR_SGUILDIR}
SERVER_CONFS= autocat.conf sguild.access sguild.email sguild.reports \
sguild.conf sguild.queries sguild.users
CLIENT_LIBFILES=SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl \
sellib.tcl sancp.tcl sound.tcl guilib.tcl qrybuild.tcl \
qrylib.tcl report.tcl stdquery.tcl whois.tcl
SENSOR_AGENTS= pcap_agent.tcl snort_agent.tcl
SENSOR_CONFS= pcap_agent.conf snort_agent.conf
LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh
USERS= sguil
GROUPS= sguil
PORTDOCS= ${COMMON_DOCS:S|^doc/||}
COMMON_DOCS= doc/CHANGES doc/FAQ doc/INSTALL doc/INSTALL.openbsd \
doc/OPENSSL.README doc/TODO doc/UPGRADE doc/USAGE \
doc/sguildb.dia
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MCLIENT}
SUB_FILES= pkg-message-client
.endif
.if ${PORT_OPTIONS:MSERVER}
USE_RC_SUBR+= sguild
SUB_FILES= pkg-message-server
.endif
.if ${PORT_OPTIONS:MSENSOR}
USE_RC_SUBR+= pcap_agent snort_agent
SUB_FILES= pkg-message-sensor
WITH_PCRE= true
PORTDOCS+= README.daemonlogger
. if ${PORT_OPTIONS:MSANCP_SENSOR}
SENSOR_AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl
SENSOR_CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
USE_RC_SUBR+= sancp_agent pcap_agent-sancp
PORTDOCS+= README.sancp_indexed_pcap
. endif
. if ${PORT_OPTIONS:MPADS_SENSOR}
SENSOR_AGENTS+= pads_agent.tcl
SENSOR_CONFS+= pads_agent.conf
USE_RC_SUBR+= pads_agent
. endif
.endif
post-patch:
.if ${PORT_OPTIONS:MSERVER}
@${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \
${WRKSRC}/server/sguild
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR} \
${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR} \
${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR} \
${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib
.endif
.if ${PORT_OPTIONS:MCLIENT}
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR} \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images
.endif
.if ${PORT_OPTIONS:MSENSOR}
. for f in ${SENSOR_AGENTS}
@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
${WRKSRC}/sensor/${f}
. endfor
.endif
do-install:
.if ${PORT_OPTIONS:MSERVER}
(cd ${WRKSRC}/server/lib && \
${COPYTREE_BIN} \* ${STAGEDIR}${PREFIX}/lib/${SERVER_SGUILDIR})
(cd ${WRKSRC}/server/sql_scripts && \
${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR})
(cd ${WRKSRC}/server/contrib && \
${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/share/${SERVER_SGUILDIR}/contrib)
${INSTALL_SCRIPT} ${WRKSRC}/server/sguild ${STAGEDIR}${PREFIX}/bin
. for f in ${SERVER_CONFS}
${INSTALL_DATA} ${WRKSRC}/server/${f} \
${STAGEDIR}${PREFIX}/etc/${SERVER_SGUILDIR}/${f}-sample
. endfor
.endif
.if ${PORT_OPTIONS:MCLIENT}
${INSTALL_SCRIPT} ${WRKSRC}/client/sguil.tk \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/sguil.tk
${INSTALL_DATA} ${WRKSRC}/client/sguil.conf \
${STAGEDIR}${PREFIX}/etc/sguil.conf-sample
(cd ${WRKSRC}/client/lib && ${INSTALL_DATA} ${CLIENT_LIBFILES} \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib)
(cd ${WRKSRC}/client/lib/images && \
${INSTALL_DATA} sguil_logo_h.gif checked.gif unchecked.gif \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/images)
(cd ${WRKSRC}/client/lib/tablelist5.11 && ${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/bin/${CLIENT_SGUILDIR}/lib/tablelist5.11)
.endif
.if ${PORT_OPTIONS:MSENSOR}
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR} \
${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR} \
${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR} \
${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init
(cd ${WRKSRC}/sensor/contrib && \
${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/contrib \
"! -name ossec_agent.tcl.orig")
(cd ${WRKSRC}/sensor/init && \
${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/share/${SENSOR_SGUILDIR}/init)
(cd ${WRKSRC}/sensor/ && \
${INSTALL_SCRIPT} ${SENSOR_AGENTS} \
${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
(cd ${WRKSRC}/sensor && \
${INSTALL_SCRIPT} ${LOG_SCRIPTS} \
${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR})
. for f in ${SENSOR_CONFS}
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/${f}-sample
. endfor
. if ${PORT_OPTIONS:MSANCP_SENSOR}
${INSTALL_SCRIPT} ${WRKSRC}/sensor/log_packets-sancp.sh \
${STAGEDIR}${PREFIX}/bin/${SENSOR_SGUILDIR}
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/sancp.conf \
${STAGEDIR}${PREFIX}/etc/${SENSOR_SGUILDIR}/sancp.conf-sample
. endif
.endif
.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${COMMON_DOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
. if ${PORT_OPTIONS:MSENSOR}
${INSTALL_DATA} ${WRKSRC}/sensor/README.daemonlogger \
${STAGEDIR}${DOCSDIR}
. if ${PORT_OPTIONS:MSANCP_SENSOR}
${INSTALL_DATA} ${WRKSRC}/sensor/README.sancp_indexed_pcap \
${STAGEDIR}${DOCSDIR}
. endif
. endif
.endif
.include <bsd.port.mk>

2
security/sguil/distinfo Normal file
View File

@ -0,0 +1,2 @@
SHA256 (sguil-0.9.0.tar.gz) = e83f664673a6c44efec8b0a765a41b00a00830ba02a058d4c0663c915f95c8ee
SIZE (sguil-0.9.0.tar.gz) = 464313

View File

@ -0,0 +1,34 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/example_agent.in 340872 2014-01-24 00:14:07Z mat $
# PROVIDE: example_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable example_agent:
# example_agent_enable (bool): Set to YES to enable example_agent
# Default: NO
# example_agent_conf (str): Example_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
# example_agent_flags (str): Default: -D
#
. /etc/rc.subr
load_rc_config example_agent
#set defaults
example_agent_enable=${example_agent_enable:-"NO"}
example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
example_agent_flags=${example_agent_flags:-"-D"}
name="example_agent"
rcvar=example_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
command_args="-c ${example_agent_conf} ${example_agent_flags}"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
run_rc_command "$1"

View File

@ -0,0 +1,66 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/pads_agent.in 312466 2013-02-18 00:56:47Z miwi $
# PROVIDE: pads_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pads_agent:
# pads_agent_enable (bool): Set to YES to enable pads_agent
# Default: NO
# pads_agent_conf (str): Pads_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
# pads_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="pads_agent"
rcvar=${name}_enable
load_rc_config ${name}
#set defaults
: ${pads_agent_enable:="NO"}
: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
start_precmd="pads_agent_ck4fifo"
stop_postcmd="pads_agent_rmfifo"
pads_agent_ck4fifo()
{
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
if [ ! -p ${PADS_FIFO} ]; then
echo "${PADS_FIFO} does not exist. Creating now....."
/usr/bin/mkfifo ${PADS_FIFO}
fi
echo "Checking for ${PADS_FIFO}...."
if [ -p ${PADS_FIFO} ]; then
echo "Confirmed! ${PADS_FIFO} exists."
else
echo "I tried to create ${PADS_FIFO} and failed."
echo "You will need to create it manually before starting ${name}."
fi
}
pads_agent_rmfifo()
{
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
if [ -p ${PADS_FIFO} ]; then
/bin/rm ${PADS_FIFO}
echo "Removing ${PADS_FIFO}...."
fi
}
run_rc_command "$1"

View File

@ -0,0 +1,35 @@
--- client/sguil.conf.orig 2012-11-15 22:46:24.000000000 +0000
+++ client/sguil.conf 2012-11-15 22:48:28.000000000 +0000
@@ -18,7 +18,7 @@
set DEBUG 1
# PATH to tls lib if needed (tcl can usually find this by default)
-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
+#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so
# win32 example
#set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
@@ -46,12 +46,12 @@
# If you have festival installed, then you can have alerts spoken to
# you. Set the path to the festival binary here. If you are using
# speechd from speechio.org, then leave this commented out.
-set FESTIVAL_PATH /usr/bin/festival
+set FESTIVAL_PATH /usr/local/bin/festival
# win32 example
# set FESTIVAL_PATH "c:\festival\bin\festival.exe"
# Path to wireshark (ethereal)
-set WIRESHARK_PATH /usr/sbin/wireshark
+set WIRESHARK_PATH /usr/local/bin/wireshark
# win32 example
# set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
@@ -62,7 +62,7 @@
# set WIRESHARK_STORE_DIR "c:/tmp"
# Favorite browser for looking at sig info on snort.org
-set BROWSER_PATH /usr/bin/firefox
+set BROWSER_PATH /usr/local/bin/firefox
# win32 example (IE)
# set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe

View File

@ -0,0 +1,28 @@
--- client/sguil.tk.orig 2012-11-15 22:24:35.000000000 +0000
+++ client/sguil.tk 2012-11-15 22:26:33.000000000 +0000
@@ -88,7 +88,7 @@
# Load iwidgets and namespaces
if [catch {package require Iwidgets} iwidgetsVersion] {
- puts "ERROR: Cannot fine the Iwidgets extension."
+ puts "ERROR: Cannot find the Iwidgets extension."
puts "The iwidgets package is part of the incr tcl extension and is"
puts "available as a port/package most systems."
puts "See http://www.tcltk.com/iwidgets/ for more info."
@@ -2053,11 +2053,11 @@
set CONF_FILE $env(HOME)/sguil.conf
} elseif { [file exists ./sguil.conf] } {
set CONF_FILE ./sguil.conf
- } elseif { [file exists /etc/sguil] &&\
- [file isdirectory /etc/sguil] &&\
- [file exists /etc/sguil/sguil.conf] &&\
- [file readable /etc/sguil/sguil.conf] } {
- set CONF_FILE /etc/sguil/sguil.conf
+ } elseif { [file exists /usr/local/etc/sguil] &&\
+ [file isdirectory /usr/local/etc/sguil] &&\
+ [file exists /usr/local/etc/sguil/sguil.conf] &&\
+ [file readable /usr/local/etc/sguil/sguil.conf] } {
+ set CONF_FILE /usr/local/etc/sguil/sguil.conf
} else {
puts "Couldn't determine where the sguil config file is"
puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."

View File

@ -0,0 +1,30 @@
--- sensor/contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000
+++ sensor/contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code
# distributed with sguil.
@@ -593,9 +591,9 @@
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/ossec_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
- set CONF_FILE /etc/ossec_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
} elseif { [file exists ./ossec_agent.conf] } {
@@ -604,7 +602,7 @@
} else {
puts "Couldn't determine where the ossec_agent.tcl config file is"
- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
DisplayUsage $argv0
}

View File

@ -0,0 +1,39 @@
--- sensor/pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000
+++ sensor/pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
@@ -332,7 +330,7 @@
id process group set
if {[fork]} {exit 0}
set PID [id process]
- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
+ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
set PID_DIR [file dirname $PID_FILE]
if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
puts "ERROR: Directory $PID_DIR does not exists or is not writable."
@@ -380,16 +378,16 @@
}
}
# Parse the config file here
-# Default location is /etc/pads_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pads_agent.conf] } {
- set CONF_FILE /etc/pads_agent.conf
+ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
+ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
} elseif { [file exists ./pads_agent.conf] } {
set CONF_FILE ./pads_agent.conf
} else {
puts "Couldn't determine where the sensor_agent.tcl config file is"
- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
DisplayUsage $argv0
}
}

View File

@ -0,0 +1,35 @@
--- sensor/pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000
+++ sensor/pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
@@ -754,13 +752,13 @@
}
# Parse the config file here
-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pcap_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
- set CONF_FILE /etc/pcap_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
} elseif { [file exists ./pcap_agent.conf] } {
@@ -769,7 +767,7 @@
} else {
puts "Couldn't determine where the pcap_agent.tcl config file is"
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
DisplayUsage $argv0
}

View File

@ -0,0 +1,35 @@
--- sensor/pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000
+++ sensor/pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
@@ -771,13 +769,13 @@
}
# Parse the config file here
-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pcap_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
- set CONF_FILE /etc/pcap_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
} elseif { [file exists ./pcap_agent.conf] } {
@@ -786,7 +784,7 @@
} else {
puts "Couldn't determine where the pcap_agent.tcl config file is"
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
DisplayUsage $argv0
}

View File

@ -0,0 +1,30 @@
--- sensor/sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000
+++ sensor/sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
@@ -582,16 +580,16 @@
}
}
# Parse the config file here
-# Default location is /etc/sancp_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/sancp_agent.conf] } {
- set CONF_FILE /etc/sancp_agent.conf
+ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
+ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
} elseif { [file exists ./sancp_agent.conf] } {
set CONF_FILE ./sancp_agent.conf
} else {
puts "Couldn't determine where the sancp_agent.tcl config file is"
- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
DisplayUsage $argv0
}
}

View File

@ -0,0 +1,11 @@
--- server/lib/SguildLoaderd.tcl.orig 2012-10-12 21:07:19.000000000 +0000
+++ server/lib/SguildLoaderd.tcl 2012-10-12 21:15:06.000000000 +0000
@@ -220,7 +220,7 @@
} else {
# Make sure its a MERGE table and not the old monster
set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist]
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\
sguil database schema that does not support the MERGE sancp\n\

View File

@ -0,0 +1,11 @@
--- server/lib/SguildMysqlMerge.tcl.orig 2012-10-12 21:18:22.000000000 +0000
+++ server/lib/SguildMysqlMerge.tcl 2012-10-12 21:19:41.000000000 +0000
@@ -9,7 +9,7 @@
set tmpQry "SHOW TABLE STATUS LIKE '$tableName'"
set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist]
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
# Non MERGE table found.
set errorMsg "\n*************************************************************\n

View File

@ -0,0 +1,88 @@
--- server/sguild.orig 2014-06-23 21:54:25.595758574 +0600
+++ server/sguild 2014-06-23 21:59:48.122743440 +0600
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: sguild,v 1.194 2013/09/05 00:38:45 bamm Exp $ #
@@ -221,7 +219,7 @@
##################################
# Do all priv account actions here.
-# Open log files/etc. Privs will be dropped after.
+# Open log files/usr/local/etc. Privs will be dropped after.
if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild }
@@ -321,7 +319,7 @@
# Check for certs
if {![info exists CERTS_PATH]} {
- set CERTS_PATH /etc/sguild/certs
+ set CERTS_PATH /usr/local/etc/sguild/certs
}
@@ -351,13 +349,13 @@
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/sguild/sguild.conf] } {
- set CONF_FILE /etc/sguild/sguild.conf
+ if { [file exists /usr/local/etc/sguild/sguild.conf] } {
+ set CONF_FILE /usr/local/etc/sguild/sguild.conf
} elseif { [file exists ./sguild.conf] } {
set CONF_FILE ./sguild.conf
} else {
puts "Couldn't determine where the sguil config file is"
- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
+ puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf."
DisplayUsage $argv0
}
}
@@ -484,8 +482,8 @@
# Load accessfile
if { ![info exists ACCESS_FILE] } {
# Check the defaults
- if { [file exists /etc/sguild/sguild.access] } {
- set ACCESS_FILE "/etc/sguild/sguild.access"
+ if { [file exists /usr/local/etc/sguild/sguild.access] } {
+ set ACCESS_FILE "/usr/local/etc/sguild/sguild.access"
} elseif { [file exists ./sguild.access] } {
set ACCESS_FILE "./sguild.access"
} else {
@@ -511,8 +509,8 @@
#}
# Load email config file
if { ![info exists EMAIL_FILE] } {
- if { [file exists /etc/sguild/sguild.email] } {
- set EMAIL_FILE "/etc/sguild/sguild.email"
+ if { [file exists /usr/local/etc/sguild/sguild.email] } {
+ set EMAIL_FILE "/usr/local/etc/sguild/sguild.email"
} else {
set EMAIL_FILE "./sguild.email"
}
@@ -524,8 +522,8 @@
}
# Load global queries.
if { ![info exists GLOBAL_QRY_FILE] } {
- if { [file exists /etc/sguild/sguild.queries] } {
- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
+ if { [file exists /usr/local/etc/sguild/sguild.queries] } {
+ set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries"
} else {
set GLOBAL_QRY_FILE "./sguild.queries"
}
@@ -537,8 +535,8 @@
}
# Load report queries.
if { ![info exists REPORT_QRY_FILE] } {
- if { [file exists /etc/sguild/sguild.reports] } {
- set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
+ if { [file exists /usr/local/etc/sguild/sguild.reports] } {
+ set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports"
} else {
set REPORT_QRY_FILE "./sguild.reports"
}

View File

@ -0,0 +1,12 @@
--- server/sguild.access.orig 2008-04-03 17:55:46.000000000 -0500
+++ server/sguild.access 2008-04-03 17:56:50.000000000 -0500
@@ -4,7 +4,8 @@
# This file is used by sguild for access control. It is read upon init #
# or when sguild receives a HUP signal. #
# #
-# By default, sguild will look first for /etc/sguild/sguild.access, #
+# By default, sguild will look first for #
+# /usr/local/etc/sguild/sguild.access, #
# then ./sguild.access unless the -A /path/to/sguild.access switch #
# is used. #
# #

View File

@ -0,0 +1,28 @@
--- server/sguild.conf.orig 2008-04-03 17:47:18.000000000 -0500
+++ server/sguild.conf 2008-04-03 17:53:11.000000000 -0500
@@ -1,7 +1,7 @@
# $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
# Path the sguild libs
-set SGUILD_LIB_PATH ./lib
+set SGUILD_LIB_PATH /usr/local/lib/sguild
# DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty.
set DEBUG 2
@@ -63,7 +63,7 @@
# You MUST have tcpflow installed to get xscripts
# http://www.circlemud.org/~jelson/software/tcpflow/
-set TCPFLOW "/usr/bin/tcpflow"
+set TCPFLOW "/usr/local/bin/tcpflow"
# p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
# If you have p0f (a passive OS fingerprinting system) installed, you can have
@@ -74,6 +74,6 @@
# Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
# add any others you may need here.
-set P0F_PATH "/usr/sbin/p0f"
+set P0F_PATH "/usr/local/bin/p0f"
# Email config moved to sguild.email

View File

@ -0,0 +1,35 @@
--- sensor/snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000
+++ sensor/snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
@@ -680,13 +678,13 @@
}
# Parse the config file here
-# Default location is /etc/snort_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/snort_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
- set CONF_FILE /etc/snort_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
} elseif { [file exists ./snort_agent.conf] } {
@@ -695,7 +693,7 @@
} else {
puts "Couldn't determine where the snort_agent.tcl config file is"
- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
DisplayUsage $argv0
}

View File

@ -0,0 +1,11 @@
--- server/sql_scripts/sancp_cleanup.tcl.orig 2011-08-11 20:31:07.000000000 +0000
+++ server/sql_scripts/sancp_cleanup.tcl 2011-08-11 20:31:26.000000000 +0000
@@ -214,7 +214,7 @@
INDEX dst_port (dst_port), \
INDEX src_port (src_port), \
INDEX start_time (start_time) \
- ) TYPE=MERGE UNION=([join $tmpTables ,]) \
+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \
"
# Create our MERGE sancp table
mysqlexec $dbSocketID $createQuery

View File

@ -0,0 +1,32 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/pcap_agent-sancp.in 312466 2013-02-18 00:56:47Z miwi $
# PROVIDE: pcap_agent-sancp
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp
# Default: NO
# pcap_agent-sancp_conf (str): Pads_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
# pcap_agent-sancp_flags (str): Default: -D
#
. /etc/rc.subr
name="pcap_agent-sancp"
rcvar=pcap_agent-sancp_enable
load_rc_config pcap_agent-sancp
#set defaults
: ${pcap_agent-sancp_enable:="NO"}
: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

View File

@ -0,0 +1,32 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/pcap_agent.in 312466 2013-02-18 00:56:47Z miwi $
# PROVIDE: pcap_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pcap_agent:
# pcap_agent_enable (bool): Set to YES to enable pcap_agent
# Default: NO
# pcap_agent_conf (str): Pcap_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
# pcap_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="pcap_agent"
rcvar=pcap_agent_enable
load_rc_config pcap_agent
#set defaults
: ${pcap_agent_enable:="NO"}
: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

View File

@ -0,0 +1,16 @@
Sguil-client
============
See the USAGE document in the %%DOCSDIR%% for instructions
on how to use the sguil client to connect to and maintain
the sguil network monitoring system.
NOTE: This port installs a sguil.conf-sample file in
%%PREFIX%%/bin/%%CLIENT_SGUILDIR%%/. If you are installing this on a
multi-user system, each user might want to have a
sguil.conf file in their home directory. Sguil.tk sources
the home directory first for the sguil.conf file.
There are several items in the conf file that may need
editing, including the path to your web browser, the name
of the sguil server you connect to and possibly the port
you connect to (if you're not using the default port.)

View File

@ -0,0 +1,31 @@
***********************************
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
If you already had barnyard2 installed, this port will NOT deinstall
it and install the barnyard2-sguil port instead. You will need to
deinstall the barnyard2 port and install the barnyard2-sguil port yourself
instead. This port WILL NOT WORK without the barnyard2-sguil port!!
See the %%DOCSDIR%%/INSTALL doc for details on the
configuration and for croning the script.
WARNING!!! Sguil et al will fill up your /tmp directory very
quickly. You should probably configure sguil et al to log to
another partition/location (e.g. /nsm/tmp/).
You must ALSO edit all of the sensor conf files (located in
%%PREFIX%%/%%SENSOR_SGUILDIR%%/etc/) to reflect your configuration before
starting the sensor_agents.
A number of ancilliary things have been installed in
%%PREFIX%%/share/%%SENSOR_SGUILDIR%%.
If you chose to run sancp, and you already had a sancp.conf file in
%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
The new sancp.conf-sample file contains the settings for squil. NOTE:
the conf file is for sancp 1.5.3. It may need additional edits to work
with the current ports version of sancp. If you still want to maintain
the customized sancp.conf file, then copy the new sancp.conf-sample
file to sguild-sancp.conf (for example) and add
sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.

View File

@ -0,0 +1,44 @@
Sguil-server
============
If you had existing config files in %%PREFIX%%/etc/%%SERVER_SGUILDIR%%
they were not overwritten. If this is a first time install, you
must copy the sample files to the corresponding conf file and
edit the various config files for your site. See the INSTALL
doc in %%DOCSDIR%% for details. If this is an upgrade, replace
your existing conf file with the new one and edit accordingly
The sql scripts for creating database tables were placed in
the %%PREFIX%%/share/%%SERVER_SGUILDIR%%/ directory. PLEASE
note LOG_DIR is not set by this install. You MUST create the
correct LOG_DIRS and put a copy of the snort rules you use in
LOG_DIR/rules.
The sguild program was placed in %%PREFIX%%/bin/.
Some contributed scripts were placed in
%%PREFIX%%/share/%%SERVER_SGUILDIR%%/contrib
A startup script, named sguild was installed in
%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf
per the instructions in the script.
NOTE. You MUST create a directory /var/run/%%SERVER_SGUILDIR%%, and set the ownership
to user guil group sguil
You MUST also create certs. Here's how to do it;
Create the directory %%SERVER_SGUILDIR%%/certs
Set ownership to sguil user and group.
Create a password-protected CA cert.
openssl req -out CA.pem -new -x509
Create a server certificate/key pair.
openssl genrsa -out sguild.key 1024
Create a certificate request to be signed by the CA.
DO NOT password protect your server key. If you do, you will be required
to enter the password every time you start the server.
openssl req -key sguild.key -new -out sguild.req
If this is the first time you've created the cert,
Create a serial file so your certs will have incremented serial numbers.
openssl x509 -req -in sguild.req -CA CA.pem -CAAkey privkey.pem -CAcreateserial -out sguild.pem
If you're updating the existing cert
Update the actual certificate for your server.
openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial CA.sr1 -out sguild.pem
Put the certs to the %%SERVER_SGUILDIR%%/certs directory

View File

@ -0,0 +1,32 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/sancp_agent.in 312466 2013-02-18 00:56:47Z miwi $
# PROVIDE: sancp_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable sancp_agent:
# sancp_agent_enable (bool): Set to YES to enable sancp_agent
# Default: NO
# sancp_agent_conf (str): Sancp_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
# sancp_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="sancp_agent"
rcvar=sancp_agent_enable
load_rc_config sancp_agent
#set defaults
: ${sancp_agent_enable:="NO"}
: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

View File

@ -0,0 +1,35 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-server/files/sguild.in 312467 2013-02-18 01:01:11Z miwi $
# PROVIDE: sguild
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable sguild:
# sguild_enable (bool): Set to YES to enable sguild
# Default: NO
# sguild_flags (str): Extra flags passed to sguild
# Default: -D -P ${pid}
# sguild_conf (str): Sguild configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
# sguild_user (str): Default: sguil
# Note: this value MUST be set in /etc/rc.conf if you do not accept the default
# user created by the pkg-install script
. /etc/rc.subr
name="sguild"
rcvar=sguild_enable
load_rc_config sguild
# set some defaults
: ${sguild_enable:="NO"}
: ${sguild_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"}
: ${pid:="/var/run/%%SGUILDIR%%/sguild.pid"}
: ${sguild_flags:="-D -P ${pid}"}
: ${sguild_user:="sguil"}
command="%%PREFIX%%/bin/${name}"
procname="%%PREFIX%%/bin/%%TCLSH%%"
run_rc_command "$1"

View File

@ -0,0 +1,32 @@
#!/bin/sh
# $FreeBSD: head/security/sguil-sensor/files/snort_agent.in 312466 2013-02-18 00:56:47Z miwi $
# PROVIDE: snort_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable snort_agent:
# snort_agent_enable (bool): Set to YES to enable snort_agent
# Default: NO
# snort_agent_conf (str): Snort_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf
# snort_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="snort_agent"
rcvar=snort_agent_enable
load_rc_config snort_agent
#set defaults
: ${snort_agent_enable:="NO"}
: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

8
security/sguil/pkg-descr Normal file
View File

@ -0,0 +1,8 @@
Sguil (pronounced sgweel) is built by network security analysts for network
security analysts. Sguil's main component is an intuitive GUI that provides
access to realtime events, session data, and raw packet captures. Sguil
facilitates the practice of Network Security Monitoring and event driven
analysis. The Sguil client is written in tcl/tk and can be run on any operating
system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
WWW: https://bammv.github.io/sguil/

136
security/sguil/pkg-plist Normal file
View File

@ -0,0 +1,136 @@
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/checked.gif
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/sguil_logo_h.gif
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/images/unchecked.gif
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/SguilUtil.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/dkffont.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/email17.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/extdata.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/guilib.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/qrybuild.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/qrylib.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/report.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sancp.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sellib.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/sound.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/stdquery.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/COPYRIGHT.txt
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/pkgIndex.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/mwutil.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/repair.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistBind.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistConfig.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistEdit.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistImages.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistMove.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistSort.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistThemes.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistUtil.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tablelistWidget.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts/tclIndex
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelist.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelist_tile.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/tablelistPublic.tcl
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/lib/whois.tcl
@mode 751
%%CLIENT%%bin/%%CLIENT_SGUILDIR%%/sguil.tk
@mode
%%CLIENT%%etc/sguil.conf-sample
%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11/scripts
%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib/tablelist5.11
%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/lib
%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%/images
%%CLIENT%%@dirrm bin/%%CLIENT_SGUILDIR%%
@mode 751
%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets-daemonlogger.sh
%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets.sh
%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/pcap_agent.tcl
%%SENSOR%%bin/%%SENSOR_SGUILDIR%%/snort_agent.tcl
@mode
%%SENSOR%%etc/%%SENSOR_SGUILDIR%%/pcap_agent.conf-sample
%%SENSOR%%etc/%%SENSOR_SGUILDIR%%/snort_agent.conf-sample
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/README
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader/Makefile
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
%%SENSOR%%share/%%SENSOR_SGUILDIR%%/init/sensoragent
@mode 751
%%SENSOR%%%%PADS_SENSOR%%bin/%%SENSOR_SGUILDIR%%/pads_agent.tcl
@mode
%%SENSOR%%%%PADS_SENSOR%%etc/%%SENSOR_SGUILDIR%%/pads_agent.conf-sample
@mode 751
%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/log_packets-sancp.sh
%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/pcap_agent-sancp.tcl
%%SENSOR%%%%SANCP_SENSOR%%bin/%%SENSOR_SGUILDIR%%/sancp_agent.tcl
@mode
%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp_agent.conf-sample
%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp-indexed.conf-sample
%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/pcap_agent-sancp.conf-sample
%%SENSOR%%%%SANCP_SENSOR%%etc/%%SENSOR_SGUILDIR%%/sancp.conf-sample
%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/init
%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib/portscan_loader
%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib/ossec_agent
%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%/contrib
%%SENSOR%%@dirrm share/%%SENSOR_SGUILDIR%%
%%SENSOR%%@dirrmtry etc/%%SENSOR_SGUILDIR%%
%%SENSOR%%@dirrm bin/%%SENSOR_SGUILDIR%%
%%SERVER%%bin/sguild
%%SERVER%%etc/%%SERVER_SGUILDIR%%/autocat.conf-sample
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.access-sample
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.conf-sample
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.email-sample
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.queries-sample
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.reports-sample
%%SERVER%%@owner sguil
%%SERVER%%@group sguil
%%SERVER%%etc/%%SERVER_SGUILDIR%%/sguild.users-sample
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildAccess.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildAutoCat.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildClientCmdRcvd.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildConnect.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildCreateDB.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildEmailEvent.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildEvent.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildGenericDB.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildGenericEvent.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildHealthChecks.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildLoaderd.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildLoaderd.tcl.orig
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildMysqlMerge.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildMysqlMerge.tcl.orig
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildPadsLib.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildQueryd.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildReportBuilder.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSendComms.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSensorAgentComms.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildSensorCmdRcvd.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildTranscript.tcl
%%SERVER%%lib/%%SERVER_SGUILDIR%%/SguildUtils.tcl
%%SERVER%%@owner root
%%SERVER%%@group wheel
%%SERVER%%share/%%SERVER_SGUILDIR%%/autocat2mysql.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/incident_report.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/init/sguil
%%SERVER%%share/%%SERVER_SGUILDIR%%/contrib/init/sguild
%%SERVER%%share/%%SERVER_SGUILDIR%%/create_ruledb.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/create_sguildb.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/migrate_event.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/migrate_sancp.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/sancp_cleanup.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/sancp_cleanup.tcl.orig
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_0.7.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_0.8.tcl
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v10-v11.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v11-v12.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v12-v13.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v13-v14.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v5-v6.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v6-v7.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v7-v8.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v8-v9.sql
%%SERVER%%share/%%SERVER_SGUILDIR%%/update_sguildb_v9-v10.sql
%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%/contrib/init
%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%/contrib
%%SERVER%%@dirrm share/%%SERVER_SGUILDIR%%
%%SERVER%%@dirrm lib/%%SERVER_SGUILDIR%%
%%SERVER%%@dirrm etc/%%SERVER_SGUILDIR%%