- Update to 0.8.0

- Trim header - Convert to OPTIONSng PR: 174956 Submitted by: maintainer
svn path=/head/; revision=312466
2024-11-23 00:43:28 +00:00 · 2013-02-18 00:56:47 +00:00 · 2013-02-18 00:56:47 +00:00 · 8e694fbb17 · 2021-03-31 03:12:20 +00:00
commit 8e694fbb17
parent f43b991a6f
18 changed files with 401 additions and 197 deletions
--- a/security/sguil-sensor/Makefile
+++ b/security/sguil-sensor/Makefile
@ -1,13 +1,8 @@
-# New ports collection makefile for:	sguil-sensor
-# Date created:				23 Mar 2006
-# Whom:					Paul Schmehl <pauls@utdallas.edu>
-#
+# Created by: Paul Schmehl <pauls@utdallas.edu>
 # $FreeBSD$
-#

 PORTNAME=	sguil-sensor
-PORTVERSION=	0.7.0
-PORTREVISION=	3
+PORTVERSION=	0.8.0
 CATEGORIES=	security
 MASTER_SITES=	SF/sguil/sguil/sguil-${PORTVERSION}

@ -15,104 +10,108 @@ MAINTAINER=	pauls@utdallas.edu
 COMMENT=	Sguil is a network security monitoring program

 LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
-RUN_DEPENDS=	snort:${PORTSDIR}/security/snort \
-		barnyard2:${PORTSDIR}/security/barnyard2 \
+RUN_DEPENDS=	barnyard2:${PORTSDIR}/security/barnyard2-sguil \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX

-OPTIONS=	SANCP "Include sancp sensor" off \
-		PADS "Include pads sensor" off
+OPTIONS_DEFINE=	PADS SANCP
+PADS_DESC=	Include pads sensor
+SANCP_DESC=	Include sancp sensor
+
+LICENSE_NAME=	QPLv1.0
+LICENSE_FILE=	${WRKSRC}/doc/LICENSE.QPL
+LICENSE_PERMS=	auto-accept

 NO_BUILD=	yes
-USE_RC_SUBR=	example_agent pcap_agent snort_agent
-TCLSH_CMD?=	tclsh8.4
+USE_RC_SUBR=	pcap_agent snort_agent
+TCL_VER=	8.5
+TCLSH=		tclsh${TCL_VER}
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
-SUB_LIST=	SGUILDIR=${SGUILDIR}
+PATCH_WRKSRC=	${WRKSRC}/sensor
+SGUILDIR?=	sguil-sensor
+SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
 SUB_FILES=	pkg-message
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
-SGUILDIR?=	sguil-sensor
-AGENTS=		example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
-
-PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
-		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
-
-.include <bsd.port.pre.mk>
-
+AGENTS=		pcap_agent.tcl snort_agent.tcl
+CONFS=		pcap_agent.conf snort_agent.conf
+LOG_SCRIPTS=	log_packets-daemonlogger.sh log_packets.sh
 WITH_PCRE=	true

-.if defined(WITH_SANCP)
+PORTDOCS1=	README
+PORTDOCS2=	README.daemonlogger
+PORTDOCS3=	CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
+		TODO UPGRADE USAGE sguildb.dia
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MSANCP}
+AGENTS+=	sancp_agent.tcl pcap_agent-sancp.tcl
+CONFS+=		sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
 RUN_DEPENDS+=	sancp:${PORTSDIR}/security/sancp
-USE_RC_SUBR+=	sancp_agent
-PLIST_SUB+=	USESANCP=
+USE_RC_SUBR+=	sancp_agent pcap_agent-sancp
+PLIST_SUB+=	USESANCP=""
 .else
 PLIST_SUB+=	USESANCP="@comment "
 .endif

-.if defined(WITH_PADS)
+.if ${PORT_OPTIONS:MPADS}
+AGENTS+=	pads_agent.tcl
+CONFS+=		pads_agent.conf
 RUN_DEPENDS+=	pads:${PORTSDIR}/net-mgmt/pads
 USE_RC_SUBR+=	pads_agent
-PLIST_SUB+=	USEPADS=
+PLIST_SUB+=	USEPADS=""
 .else
 PLIST_SUB+=	USEPADS="@comment "
 .endif

 post-patch:
 .for f in ${AGENTS}
-	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
-		${WRKSRC}/sensor/${f}
-	@${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
+	@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
 		${WRKSRC}/sensor/${f}
 .endfor

 do-install:
 	@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
-.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
+	@${MKDIR} ${PREFIX}/share/${SGUILDIR}/init
+	(cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig")
+	(cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/init)
+.for f in ${AGENTS}
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in log_packets.sh
+.for f in ${LOG_SCRIPTS}
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in example_agent.conf pcap_agent.conf snort_agent.conf
+.for f in ${CONFS}
 	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
 		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
-.for f in log_packets.conf
-	${INSTALL_DATA} ${FILESDIR}/${f} \
-		${PREFIX}/etc/${SGUILDIR}/${f}-sample
-.endfor
-.if defined(WITH_SANCP)
-.for f in sancp_agent.conf
-	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.if ${PORT_OPTIONS:MSANCP}
+.for f in log_packets-sancp.sh
+	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
 .for f in sancp.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
-		${PREFIX}/etc/${f}-sample
-.endfor
-.for f in sancp_agent.tcl
-	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
-.endif
-.if defined(WITH_PADS)
-.for f in pads_agent.conf
-	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
 		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
-.for f in pads_agent.tcl
-	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/bin/${SGUILDIR}/${f}
-.endfor
 .endif
 post-install:

-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${DOCSDIR}
-	cd ${WRKSRC}/doc && ${INSTALL_DATA} \
-		${PORTDOCS} ${DOCSDIR}
+	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
+	cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
+	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS3} ${DOCSDIR}
+.if ${PORT_OPTIONS:MSANCP}
+.for f in README.sancp_indexed_pcap
+	cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${DOCSDIR}
+.endfor
+.endif
 .endif
 	@${CAT} ${PKGMESSAGE}

-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
--- a/security/sguil-sensor/distinfo
+++ b/security/sguil-sensor/distinfo
@ -1,2 +1,2 @@
-SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
-SIZE (sguil-sensor-0.7.0.tar.gz) = 68436
+SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
+SIZE (sguil-sensor-0.8.0.tar.gz) = 142829
--- a/security/sguil-sensor/files/log_packets.conf
+++ b/security/sguil-sensor/files/log_packets.conf
@ -1,35 +0,0 @@
-# Conf file for the log_packets script
-# Make sure you verify the location of
-# each of the binaries on your OS
-
-# Edit these for your setup
-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
-HOSTNAME="myhost"
-# Path to snort binary
-SNORT_PATH="/usr/local/bin/snort"
-# Directory to log pcap data to (date dirs will be created in here)
-# Note: The path $HOSTNAME/dailylogs, will be appended to this.
-LOG_DIR="/snort_data"
-# Percentage of disk to try and maintain
-MAX_DISK_USE=90
-# Interface to 'listen' to.
-INTERFACE="eth0"
-# Other options to use when starting snort
-#OPTIONS="-u sguil -g sguil -m 122"
-# Where to store the pid
-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
-# How do we run ps
-PS="ps awx"
-# Where is grep
-GREP="/usr/bin/grep"
-#Add BPFs here.
-#The below is an example of a filter for ignoring outbound HTTP from my network
-# to the world.
-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
-
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
--- a/security/sguil-sensor/files/pads_agent.in
+++ b/security/sguil-sensor/files/pads_agent.in
@ -16,19 +16,51 @@

 . /etc/rc.subr

-load_rc_config pads_agent
+name="pads_agent"
+rcvar=${name}_enable
+load_rc_config ${name}

 #set defaults
-pads_agent_enable=${pads_agent_enable:-"NO"}
-pads_agent_conf=${pads_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
-pads_agent_flags=${pads_agent_flags:-"-D"}
+: ${pads_agent_enable:="NO"}
+: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
+: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}

-name="pads_agent"
-rcvar=pads_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
-command_args="-c ${pads_agent_conf} ${pads_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
+
+start_precmd="pads_agent_ck4fifo"
+stop_postcmd="pads_agent_rmfifo"
+
+pads_agent_ck4fifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ ! -p ${PADS_FIFO} ]; then
+                echo "${PADS_FIFO} does not exist.  Creating now....."
+                /usr/bin/mkfifo ${PADS_FIFO}
+        fi
+        echo "Checking for ${PADS_FIFO}...."
+        if [ -p ${PADS_FIFO} ]; then
+                echo "Confirmed!  ${PADS_FIFO} exists."
+        else
+                echo "I tried to create ${PADS_FIFO} and failed."
+                echo "You will need to create it manually before starting ${name}."
+        fi
+}
+
+pads_agent_rmfifo()
+{
+        LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
+        HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
+        PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
+
+        if [ -p ${PADS_FIFO} ]; then
+                /bin/rm ${PADS_FIFO}
+                echo "Removing ${PADS_FIFO}...."
+        fi
+}

 run_rc_command "$1"
--- a/security/sguil-sensor/files/patch-log_packets.sh
+++ b/security/sguil-sensor/files/patch-log_packets.sh
@ -1,50 +0,0 @@
--- sensor/log_packets.sh.orig	2008-04-03 22:16:22.000000000 -0500
-+++ sensor/log_packets.sh	2008-04-03 22:22:20.000000000 -0500
-@@ -22,38 +22,16 @@
- #                                                            #
- ##############################################################
- 
-+# You shouldn't need to edit anything in this script
- 
-# Edit these for your setup
-
-# Sensors hostname.
-# Note: If running multiple snort instances, then this must be different
-#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
-HOSTNAME="myhost"
-# Path to snort binary
-SNORT_PATH="/usr/local/bin/snort"
-# Directory to log pcap data to (date dirs will be created in here)
-# Note: The path $HOSTNAME/dailylogs, will be appended to this.
-LOG_DIR="/snort_data"
-# Percentage of disk to try and maintain
-MAX_DISK_USE=90
-# Interface to 'listen' to.
-INTERFACE="eth0"
-# Other options to use when starting snort
-#OPTIONS="-u sguil -g sguil -m 122"
-# Where to store the pid
-PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
-# How do we run ps
-PS="ps awx"
-# Where is grep
-GREP="/usr/bin/grep"
-#Add BPFs here.
-#The below is an example of a filter for ignoring outbound HTTP from my network
-# to the world.
-#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
-
-#Some installs may need these
-#LD_LIBRARY_PATH=/usr/local/lib/mysql
-#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/sguil-sensor/log_packets.conf
-+if [ -r ${CONF} ]; then
-+  . ${CONF}
-+else
-+  echo "Your conf file is either missing or the path "
-+  echo "in the log_packets.sh script is incorrect."
-+  exit 1
-+fi
- 
- TZ=GMT
- export TZ
--- a/security/sguil-sensor/files/patch-ossec_agent.tcl
+++ b/security/sguil-sensor/files/patch-ossec_agent.tcl
@ -0,0 +1,30 @@
+--- contrib/ossec_agent/ossec_agent.tcl.orig	2012-12-17 22:47:18.000000000 +0000
+++ contrib/ossec_agent/ossec_agent.tcl	2012-12-17 22:48:45.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # OSSEC agent for Sguil 0.7.0.  Based on the "example_agent.tcl" code
+ # distributed with sguil.  
+@@ -593,9 +591,9 @@
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/ossec_agent.conf] } {
+    if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
+ 
+-        set CONF_FILE /etc/ossec_agent.conf
+        set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
+ 
+     } elseif { [file exists ./ossec_agent.conf] } {
+ 
+@@ -604,7 +602,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the ossec_agent.tcl config file is"
+-        puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
+        puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
--- a/security/sguil-sensor/files/patch-pads_agent.tcl
+++ b/security/sguil-sensor/files/patch-pads_agent.tcl
@ -0,0 +1,39 @@
+--- pads_agent.tcl.orig	2012-12-19 21:25:26.000000000 +0000
+++ pads_agent.tcl	2012-12-19 21:27:37.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -332,7 +330,7 @@
+   id process group set
+   if {[fork]} {exit 0}
+   set PID [id process]
+-  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
+  if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
+   set PID_DIR [file dirname $PID_FILE]
+   if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
+     puts "ERROR: Directory $PID_DIR does not exists or is not writable."
+@@ -380,16 +378,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/pads_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/pads_agent.conf] } {
+-    set CONF_FILE /etc/pads_agent.conf
+  if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
+    set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
+   } elseif { [file exists ./pads_agent.conf] } {
+     set CONF_FILE ./pads_agent.conf
+   } else {
+     puts "Couldn't determine where the sensor_agent.tcl config file is"
+-    puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
+    puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
+     DisplayUsage $argv0
+   }
+ }
--- a/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl
+++ b/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl
@ -0,0 +1,35 @@
+--- pcap_agent-sancp.tcl.orig	2012-12-17 22:36:43.000000000 +0000
+++ pcap_agent-sancp.tcl	2012-12-17 22:38:22.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
+ 
+@@ -754,13 +752,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
+    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
+        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -769,7 +767,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
--- a/security/sguil-sensor/files/patch-pcap_agent.tcl
+++ b/security/sguil-sensor/files/patch-pcap_agent.tcl
@ -0,0 +1,35 @@
+--- pcap_agent.tcl.orig	2012-12-17 22:31:44.000000000 +0000
+++ pcap_agent.tcl	2012-12-17 22:42:50.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -771,13 +769,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/pcap_agent.conf] } {
+    if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
+ 
+-        set CONF_FILE /etc/pcap_agent.conf
+        set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
+ 
+     } elseif { [file exists ./pcap_agent.conf] } {
+ 
+@@ -786,7 +784,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the pcap_agent.tcl config file is"
+-        puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+        puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
--- a/security/sguil-sensor/files/patch-sancp_agent.tcl
+++ b/security/sguil-sensor/files/patch-sancp_agent.tcl
@ -0,0 +1,30 @@
+--- sancp_agent.tcl.orig	2012-12-17 22:43:39.000000000 +0000
+++ sancp_agent.tcl	2012-12-17 22:44:56.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
+ 
+@@ -582,16 +580,16 @@
+   }
+ }
+ # Parse the config file here
+-# Default location is /etc/sancp_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+   # No conf file specified check the defaults
+-  if { [file exists /etc/sancp_agent.conf] } {
+-    set CONF_FILE /etc/sancp_agent.conf
+  if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
+    set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
+   } elseif { [file exists ./sancp_agent.conf] } {
+     set CONF_FILE ./sancp_agent.conf
+   } else {
+     puts "Couldn't determine where the sancp_agent.tcl config file is"
+-    puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
+    puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
+     DisplayUsage $argv0
+   }
+ }
--- a/security/sguil-sensor/files/patch-snort_agent.tcl
+++ b/security/sguil-sensor/files/patch-snort_agent.tcl
@ -0,0 +1,35 @@
+--- snort_agent.tcl.orig	2012-12-17 22:33:35.000000000 +0000
+++ snort_agent.tcl	2012-12-17 22:39:39.000000000 +0000
+@@ -1,6 +1,4 @@
+ #!/bin/sh
+-# Run tcl from users PATH \
+-exec tclsh "$0" "$@"
+ 
+ # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
+ 
+@@ -680,13 +678,13 @@
+ }
+ 
+ # Parse the config file here
+-# Default location is /etc/snort_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
+ if { ![info exists CONF_FILE] } {
+ 
+     # No conf file specified check the defaults
+-    if { [file exists /etc/snort_agent.conf] } {
+    if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
+ 
+-        set CONF_FILE /etc/snort_agent.conf
+        set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
+ 
+     } elseif { [file exists ./snort_agent.conf] } {
+ 
+@@ -695,7 +693,7 @@
+     } else {
+ 
+         puts "Couldn't determine where the snort_agent.tcl config file is"
+-        puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
+        puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
+         DisplayUsage $argv0
+ 
+     }
--- a/security/sguil-sensor/files/pcap_agent-sancp.in
+++ b/security/sguil-sensor/files/pcap_agent-sancp.in
@ -0,0 +1,32 @@
+#!/bin/sh
+
+# $FreeBSD$
+
+# PROVIDE: pcap_agent-sancp
+# REQUIRE: DAEMON
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
+# pcap_agent-sancp_enable (bool):	Set to YES to enable pcap_agent-sancp
+# 				Default: NO
+# pcap_agent-sancp_conf (str):	Pads_agent configuration file
+#				Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
+# pcap_agent-sancp_flags (str):	Default: -D
+#
+
+. /etc/rc.subr
+
+name="pcap_agent-sancp"
+rcvar=pcap_agent-sancp_enable
+load_rc_config pcap_agent-sancp
+
+#set defaults
+: ${pcap_agent-sancp_enable:="NO"}
+: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
+: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
+
+command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
+pidfile="/var/run/${name}.pid"
+
+run_rc_command "$1"
--- a/security/sguil-sensor/files/pcap_agent.in
+++ b/security/sguil-sensor/files/pcap_agent.in
@ -16,19 +16,17 @@

 . /etc/rc.subr

+name="pcap_agent"
+rcvar=pcap_agent_enable
 load_rc_config pcap_agent

 #set defaults
-pcap_agent_enable=${pcap_agent_enable:-"NO"}
-pcap_agent_conf=${pcap_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
-pcap_agent_flags=${pcap_agent_flags:-"-D"}
+: ${pcap_agent_enable:="NO"}
+: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
+: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}

-name="pcap_agent"
-rcvar=pcap_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
-command_args="-c ${pcap_agent_conf} ${pcap_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"

 run_rc_command "$1"
--- a/security/sguil-sensor/files/pkg-message.in
+++ b/security/sguil-sensor/files/pkg-message.in
@ -2,13 +2,11 @@
            * !!!!!!!!!!! WARNING !!!!!!!!!!! *
            ***********************************

-If you already had barnyard installed, this port will NOT deinstall
-it and install the barnyard-sguil6 port instead.  You will need to
-deinstall the barnyard port and install the barnyard-sguil6 port yourself
-instead.  This port WILL NOT WORK without the barnyard-sguil6 port!!
+If you already had barnyard2 installed, this port will NOT deinstall
+it and install the barnyard2-sguil port instead.  You will need to
+deinstall the barnyard2 port and install the barnyard2-sguil port yourself
+instead.  This port WILL NOT WORK without the barnyard2-sguil port!!

-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
-to fit your configuration before running the log_packets.sh script.
 See the %%DOCSDIR%%/INSTALL doc for details on the 
 configuration and for croning the script.  

@ -16,13 +14,18 @@ WARNING!!!  Sguil et al will fill up your /tmp directory very
 quickly.  You should probably configure sguil et al to log to
 another partition/location (e.g. /nsm/tmp/).

-You must ALSO edit all of the sensor conf fileis (located in 
+You must ALSO edit all of the sensor conf files (located in 
 %%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before 
 starting the sensor_agents.

+A number of ancilliary things have been installed in
+%%PREFIX%%/share/%%SGUILDIR%%.
+
 If you chose to run sancp, and you already had a sancp.conf file in
 %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
-The new sancp.conf-sample file contains the settings for squil.
-If you still want to maintain the customized sancp.conf file, then copy 
-the new sancp.conf-sample file to sguild-sancp.conf (for example) and 
-add sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
+The new sancp.conf-sample file contains the settings for squil. NOTE:
+the conf file is for sancp 1.5.3.  It may need additional edits to work
+with the current ports version of sancp. If you still want to maintain
+the customized sancp.conf file, then copy the new sancp.conf-sample
+file to sguild-sancp.conf (for example) and add 
+sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
--- a/security/sguil-sensor/files/sancp_agent.in
+++ b/security/sguil-sensor/files/sancp_agent.in
@ -16,19 +16,17 @@

 . /etc/rc.subr

+name="sancp_agent"
+rcvar=sancp_agent_enable
 load_rc_config sancp_agent

 #set defaults
-sancp_agent_enable=${sancp_agent_enable:-"NO"}
-sancp_agent_conf=${sancp_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
-sancp_agent_flags=${sancp_agent_flags:-"-D"}
+: ${sancp_agent_enable:="NO"}
+: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
+: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}

-name="sancp_agent"
-rcvar=sancp_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
-command_args="-c ${sancp_agent_conf} ${sancp_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"

 run_rc_command "$1"
--- a/security/sguil-sensor/files/snort_agent.in
+++ b/security/sguil-sensor/files/snort_agent.in
@ -16,19 +16,17 @@

 . /etc/rc.subr

+name="snort_agent"
+rcvar=snort_agent_enable
 load_rc_config snort_agent

 #set defaults
-snort_agent_enable=${snort_agent_enable:-"NO"}
-snort_agent_conf=${snort_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
-snort_agent_flags=${snort_agent_flags:-"-D"}
+: ${snort_agent_enable:="NO"}
+: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
+: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}

-name="snort_agent"
-rcvar=snort_agent_enable
 command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
-command_args="-c ${snort_agent_conf} ${snort_agent_flags}"
-procname="%%PREFIX%%/bin/tclsh8.4"
+procname="%%PREFIX%%/bin/%%TCLSH%%"
 pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"

 run_rc_command "$1"
--- a/security/sguil-sensor/pkg-descr
+++ b/security/sguil-sensor/pkg-descr
@ -4,7 +4,7 @@ The actual interface and GUI server are written in tcl/tk
 (www.tcl.tk). Sguil also relies on other open source software
 in order to function properly.

-The sensor list includes security/barnyard, security/snort, 
+The sensor list includes security/barnyard2-sguil, security/snort, 
 security/sancp, net-mgmt/pads, tcpdump (a part of the OS) 
 and devel/tcltls as well as lang/tcl84 and lang/tclX.  Care 
 has been taken to ensure that everything you need to build 
@ -15,4 +15,3 @@ Sguil currently functions as an analysis interface and has
 rule management capabilities.

 WWW: http://sguil.sourceforge.net/index.php
-pauls@utdallas.edu
--- a/security/sguil-sensor/pkg-plist
+++ b/security/sguil-sensor/pkg-plist
@ -1,15 +1,41 @@
+bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
 bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/example_agent.tcl
 bin/%%SGUILDIR%%/pcap_agent.tcl
 bin/%%SGUILDIR%%/snort_agent.tcl
-etc/%%SGUILDIR%%/example_agent.conf-sample
 etc/%%SGUILDIR%%/pcap_agent.conf-sample
 etc/%%SGUILDIR%%/snort_agent.conf-sample
-etc/%%SGUILDIR%%/log_packets.conf-sample
+share/%%SGUILDIR%%/contrib/ossec_agent/README
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
+share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
+share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
+share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
+share/%%SGUILDIR%%/init/sensoragent
+%%PORTDOCS%%%%DOCSDIR%%/CHANGES
+%%PORTDOCS%%%%DOCSDIR%%/FAQ
+%%PORTDOCS%%%%DOCSDIR%%/INSTALL
+%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
+%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/TODO
+%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
+%%PORTDOCS%%%%DOCSDIR%%/USAGE
+%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
+%%PORTDOCS%%%%DOCSDIR%%/README.daemonlogger
 %%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
 %%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
-%%USESANCP%%etc/sancp.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
+%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
 %%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
 %%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
-@dirrm bin/%%SGUILDIR%%
+%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
+%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
+%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
+@dirrm share/%%SGUILDIR%%/init
+@dirrm share/%%SGUILDIR%%/contrib/portscan_loader
+@dirrm share/%%SGUILDIR%%/contrib/ossec_agent
+@dirrm share/%%SGUILDIR%%/contrib
+@dirrm share/%%SGUILDIR%%
@dirrmtry etc/%%SGUILDIR%%
+@dirrm bin/%%SGUILDIR%%
+%%PORTDOCS%%@dirrm %%DOCSDIR%%