- Updated to 2.7 (ChangeLog: http://www.ossec.net/?p=577)

- Trimmed Makefile headers
- Removed patches incorporated into upstream
- Added conditional patch for compilation on 7.x, early 8.x systems
- Fixed QAT-reported plist problems
- Added new users and group for use with daemons

Requested by:	various users (via private email)

GIDs

@@ -246,5 +246,6 @@ zookeeper:*:962:
 fluentd:*:963:
 git_daemon:*:964:
 elasticsearch:*:965:
+ossec:*:966:
 nogroup:*:65533:
 nobody:*:65534:

UIDs

@@ -250,4 +250,7 @@ zookeeper:*:962:962::0:0:zookeeper user:/nonexistent:/usr/sbin/nologin
 fluentd:*:963:963::0:0:fluentd user:/nonexistent:/usr/sbin/nologin
 git_daemon:*:964:964::0:0:git daemon:/nonexistent:/usr/sbin/nologin
 elasticsearch:*:965:965::0:0:elasticsearch user:/nonexistent:/usr/sbin/nologin
+ossec:*:966:966::0:0:OSSEC user:/usr/local/ossec-hids:/usr/sbin/nologin
+ossecm:*:967:966::0:0:OSSEC mail user:/usr/local/ossec-hids:/usr/sbin/nologin
+ossecr:*:968:966::0:0:OSSEC rem user:/usr/local/ossec-hids:/usr/sbin/nologin
 nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin

security/ossec-hids-client/Makefile

@@ -1,9 +1,5 @@
-# New ports collection makefile for:	ossec-hids-client
-# Date created:		23 July 2006
-# Whom:			Valerio Daelli <valerio.daelli@gmail.com>
-#
+# Created by: Valerio Daelli <valerio.daelli@gmail.com>
 # $FreeBSD$
-#
 
 COMMENT=	The client port of ossec-hids
 

security/ossec-hids-client/pkg-plist.client

@@ -14,6 +14,7 @@
 %%PORTNAME%%/bin/ossec-execd
 %%PORTNAME%%/bin/ossec-logcollector
 %%PORTNAME%%/bin/ossec-syscheckd
+%%PORTNAME%%/bin/util.sh
 %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
 %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
 %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
@@ -26,7 +27,7 @@
 @unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
 %%PORTNAME%%/etc/ossec.conf.sample
 %%PORTNAME%%/etc/internal_options.conf
-%%PORTNAME%%/logs/ossec.log
+@unexec if test ! -s %D/%%PORTNAME%%/logs/ossec.log; then rm -f %D/%%PORTNAME%%/logs/ossec.log; fi
 %%PORTNAME%%/agentless/main.exp
 %%PORTNAME%%/agentless/sshlogin.exp
 %%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff

security/ossec-hids-local/Makefile

@@ -1,9 +1,5 @@
-# New ports collection makefile for:	ossec-hids-client
-# Date created:		23 July 2006
-# Whom:			Valerio Daelli <valerio.daelli@gmail.com>
-#
+# Created by: Valerio Daelli <valerio.daelli@gmail.com>
 # $FreeBSD$
-#
 
 COMMENT=	The client and server (local) port of ossec-hids
 

security/ossec-hids-server/Makefile

@@ -1,13 +1,9 @@
-# New ports collection makefile for:	ossec-hids-server
-# Date created:		23 July 2006
-# Whom:			Valerio Daelli <valerio.daelli@gmail.com>
-#
+# Created by: Valerio Daelli <valerio.daelli@gmail.com>
 # $FreeBSD$
-#
 
 PORTNAME=	ossec-hids
-PORTVERSION=	2.6
-PORTREVISION=	2
+PORTVERSION=	2.7
+PORTREVISION?=	0
 CATEGORIES=	security
 MASTER_SITES=	http://www.ossec.net/files/ \
 		http://www.ossec.net/files/old/
@@ -18,10 +14,17 @@ COMMENT?=	A security tool to monitor and check logs and intrusions
 
 USE_RC_SUBR=	ossec-hids
 
-.if !defined(CLIENT_ONLY)
-OPTIONS=	MYSQL "Enable MySQL support" off \
-		PGSQL "Enable PostgreSQL support" off
+.if defined(MAINTAINER_MODE)
+UID_FILES+=	../../UIDs
+GID_FILES+=	../../GIDs
 .endif
+USERS=		ossec ossecm ossecr
+GROUPS=		ossec
+
+.if !defined(CLIENT_ONLY)
+OPTIONS_DEFINE=	MYSQL PGSQL
+.endif
+OPTIONS_DEFINE+=	DOCS
 
 SUB_LIST=	PORTNAME=${PORTNAME}
 SUB_FILES=	pkg-message
@@ -29,14 +32,18 @@ PLIST_SUB=	PORTNAME=${PORTNAME}
 PORTDOCS=	BUGS CONFIG CONTRIBUTORS INSTALL LICENSE README
 
 .include <bsd.port.pre.mk>
-
-.if !defined(CLIENT_ONLY)
-.if defined(WITH_MYSQL)
-WITH_DB=	yes
-USE_MYSQL=	yes
+.if ${OSVERSION} < 800067
+# Add string function that didn't exist until 8.x
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-src__os_csyslogd__csyslogd.c
 .endif
 
-.if defined(WITH_PGSQL)
+.if !defined(CLIENT_ONLY)
+.if ${PORT_OPTIONS:MMYSQL}
+WITH_DB=	yes
+USE_MYSQL=	client
+.endif
+
+.if ${PORT_OPTIONS:MPGSQL}
 WITH_DB=	yes
 USE_PGSQL=	yes
 .endif
@@ -63,31 +70,37 @@ do-build:
 .if defined(WITH_DB)
 .if defined(CLIENT_ONLY)
 	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
+.elif defined(LOCAL_ONLY)
+	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build
 .else
 	@cd ${WRKSRC}/src;${MAKE} setdb;${MAKE} all;${MAKE} build
 .endif
 .else
 .if defined(CLIENT_ONLY)
-	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build
+	@cd ${WRKSRC}/src;${MAKE} setagent;${MAKE} all;${MAKE} build; \
+		${MAKE} unsetdb
+.elif defined(LOCAL_ONLY)
+	@cd ${WRKSRC}/src;${MAKE} setlocal;${MAKE} all;${MAKE} build; \
+		${MAKE} unsetdb
 .else
-	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build
+	@cd ${WRKSRC}/src;${MAKE} all;${MAKE} build;${MAKE} unsetdb
 .endif
 .endif
 
-.if defined(CLIENT_ONLY)
 do-install:
+.if defined(CLIENT_ONLY)
 	@cd ${WRKSRC}/src; ${MAKE} agent
 .elif defined(LOCAL_ONLY)
-do-install:
 	@cd ${WRKSRC}/src; ${MAKE} local
 .else
-do-install:
 	@cd ${WRKSRC}/src; ${MAKE} server
 .endif
 
 post-install:
+	@${MKDIR} ${PREFIX}/${PORTNAME}/etc
+
 .if defined(CLIENT_ONLY)
-	${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
+	@${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf.sample
 	@if [ ! -f ${PREFIX}/${PORTNAME}/etc/ossec.conf ]; then \
 	${CP} ${WRKSRC}/etc/ossec-agent.conf ${PREFIX}/${PORTNAME}/etc/ossec.conf; \
 	fi
@@ -102,7 +115,7 @@ post-install:
 	fi
 .endif
 
-.if !defined(NOPORTDOCS)
+.if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${DOCSDIR}
 	@cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif

security/ossec-hids-server/distinfo

@@ -1,2 +1,2 @@
-SHA256 (ossec-hids-2.6.tar.gz) = 37a6b14a0c41252852b51fd06cc186a8b66bd9e01821efd70305a6dd782a2b4c
-SIZE (ossec-hids-2.6.tar.gz) = 758125
+SHA256 (ossec-hids-2.7.tar.gz) = f8ac4a7d74068a8ca4f14e3c906bfa3a68a87fd026b463422bea79fe9d747249
+SIZE (ossec-hids-2.7.tar.gz) = 818656

security/ossec-hids-server/files/extra-patch-src__os_csyslogd__csyslogd.c

@@ -0,0 +1,19 @@
+--- ./src/os_csyslogd/csyslogd.c.orig	2013-01-15 16:31:13.000000000 -0500
++++ ./src/os_csyslogd/csyslogd.c	2013-01-15 16:32:23.000000000 -0500
+@@ -23,7 +23,16 @@
+ #include "csyslogd.h"
+ #include "os_net/os_net.h"
+ 
++#ifndef HAVE_STRNLEN
++size_t strnlen(char *s, size_t maxlen)
++{
++    size_t i;
+ 
++    for (i= 0; i < maxlen && *s != '\0'; i++, s++)
++        ;
++    return i;
++}
++#endif
+ 
+ /* OS_SyslogD: Monitor the alerts and sends them via syslog.
+  * Only return in case of error.

security/ossec-hids-server/files/patch-src__InstallServer.sh

@@ -1,15 +1,15 @@
---- ./src/InstallServer.sh.orig	2011-07-11 15:36:58.000000000 -0400
-+++ ./src/InstallServer.sh	2011-10-18 15:26:57.000000000 -0400
-@@ -188,7 +188,7 @@
+--- ./src/InstallServer.sh.orig	2012-11-08 21:24:55.000000000 -0500
++++ ./src/InstallServer.sh	2013-01-14 10:44:36.000000000 -0500
+@@ -195,7 +195,7 @@
      fi    
  fi
      
 -cp -pr ../etc/rules/* ${DIR}/rules/
 +cp -pr ../etc/rules/*.xml ${DIR}/rules/
+ find ${DIR}/rules/ -type f -exec chmod 440 {} \;
  
  # If the local_rules is saved, moved it back
- ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
-@@ -307,12 +307,12 @@
+@@ -318,12 +318,12 @@
  
  ls ../etc/ossec.mc > /dev/null 2>&1
  if [ $? = 0 ]; then

security/ossec-hids-server/files/patch-src__init__ossec-local.sh

@@ -1,11 +0,0 @@
---- ./src/init/ossec-local.sh.orig	2011-11-23 15:37:30.000000000 -0500
-+++ ./src/init/ossec-local.sh	2011-11-23 15:37:39.000000000 -0500
-@@ -207,7 +207,7 @@
-     SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-syscheckd ossec-monitord"
-     
-     echo "Starting $NAME $VERSION (by $AUTHOR)..."
--    echo | ${DIR}/ossec-logtest > /dev/null 2>&1;
-+    echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
-     if [ ! $? = 0 ]; then
-         echo "ossec-analysisd: Configuration error. Exiting."
-     fi    

security/ossec-hids-server/files/patch-src__init__ossec-server.sh

@@ -1,11 +0,0 @@
---- ./src/init/ossec-server.sh.orig	2011-07-11 15:36:58.000000000 -0400
-+++ ./src/init/ossec-server.sh	2011-10-18 15:26:57.000000000 -0400
-@@ -206,7 +206,7 @@
-     SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
-     
-     echo "Starting $NAME $VERSION (by $AUTHOR)..."
--    echo | ${DIR}/ossec-logtest > /dev/null 2>&1;
-+    echo | ${DIR}/bin/ossec-logtest > /dev/null 2>&1;
-     if [ ! $? = 0 ]; then
-         echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
-     fi    

security/ossec-hids-server/pkg-plist

@@ -31,6 +31,7 @@
 %%PORTNAME%%/bin/rootcheck_control
 %%PORTNAME%%/bin/syscheck_control
 %%PORTNAME%%/bin/syscheck_update
+%%PORTNAME%%/bin/util.sh
 %%PORTNAME%%/bin/verify-agent-conf
 %%PORTNAME%%/etc/decoder.xml
 %%PORTNAME%%/etc/internal_options.conf
@@ -45,7 +46,8 @@
 %%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
 %%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
 %%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
-%%PORTNAME%%/logs/ossec.log
+@unexec if test ! -s %D/%%PORTNAME%%/logs/ossec.log; then rm -f %D/%%PORTNAME%%/logs/ossec.log; fi
+@unexec if test ! -s %D/%%PORTNAME%%/logs/active-responses.log; then rm -f %D/%%PORTNAME%%/logs/active-responses.log; fi
 %%PORTNAME%%/rules/apache_rules.xml
 %%PORTNAME%%/rules/arpwatch_rules.xml
 %%PORTNAME%%/rules/asterisk_rules.xml
@@ -104,6 +106,7 @@
 %%PORTNAME%%/rules/vpn_concentrator_rules.xml
 %%PORTNAME%%/rules/vpopmail_rules.xml
 %%PORTNAME%%/rules/vsftpd_rules.xml
+%%PORTNAME%%/rules/web_appsec_rules.xml
 %%PORTNAME%%/rules/web_rules.xml
 %%PORTNAME%%/rules/wordpress_rules.xml
 %%PORTNAME%%/rules/zeus_rules.xml