mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-02-01 10:59:55 +00:00
Code Issues Releases Activity

security/ossec-hids: upgrade 3.1.0 -> 3.3.0

Browse Source 
security/ossec-hids-local: upgrade 3.1.0 -> 3.3.0
security/ossec-hids-local-config: upgrade 3.1.0 -> 3.3.0

- Added LUA option. Bundled Lua support is no longer compiled in by default

PR:		237632
Submitted by:	Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer)
Relnotes:	https://github.com/ossec/ossec-hids/releases/tag/3.3.0
		https://github.com/ossec/ossec-hids/releases/tag/3.2.0
This commit is contained in:
Kurt Jaeger 2019-06-01 19:39:09 +00:00
parent 282b17a9e8
commit b747f9fc07
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=503254
21 changed files with 217 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/ossec-hids-local-config/Makefile
View File

@ -1,8 +1,8 @@
# $FreeBSD$
PORTNAME= ossec-hids
PORTVERSION= 3.1.0
PORTREVISION= 1
PORTVERSION= 3.3.0
PORTREVISION= 0
CATEGORIES= security
PKGNAMESUFFIX= -${OSSEC_TYPE}-config
@ -47,14 +47,15 @@ NO_ARCH= yes
OPTIONS_SUB= yes
OPTIONS_SINGLE= FIREWALL
OPTIONS_SINGLE_FIREWALL= IPF IPFW PF
OPTIONS_SINGLE_FIREWALL= NOFW IPF IPFW PF
OPTIONS_DEFAULT+= IPF
OPTIONS_DEFAULT+= NOFW
FIREWALL_DESC= Active Response Firewall
PF_DESC= Packet Filter
IPFW_DESC= ipfirewall
IPF_DESC= ipfilter
NOFW_DESC= Custom or no firewall
TEMPL_ENABLED_HEADER= template-header-enabled.xml
TEMPL_DISABLED_HEADER= template-header-disabled.xml
@ -68,6 +69,7 @@ TEMPL_SAMPLE_DB= template-sample-database.xml
PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf
IPFW_VARS= FW_DROP=ipfw.sh
IPF_VARS= FW_DROP=ipfilter.sh
NOFW_VARS= FW_DROP=
.if defined(MAINTAINER_MODE)
OSSEC_HOME= ${PREFIX}/${PORTNAME}

6
security/ossec-hids-local-config/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1539459620
SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469
TIMESTAMP = 1555773476
SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197
SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070

9
security/ossec-hids-local-config/files/pkg-deinstall.in
View File

@ -1,10 +1,19 @@
#!/bin/sh
ossec_home="%%OSSEC_HOME%%"
fw_drop="%%FW_DROP%%"
ar_bin_dir="${ossec_home}/active-response/bin"
ossec_conf="${ossec_home}/etc/ossec.conf"
agent_conf="${ossec_home}/etc/shared/agent.conf"
if [ "$2" == "DEINSTALL" ]; then
rm -f "${ossec_conf}"
rm -f "${agent_conf}"
if [ -n "${fw_drop}" ]; then
if [ "${ar_bin_dir}/${fw_drop}" -ef "${ar_bin_dir}/firewall-drop.sh" ]; then
rm -f "${ar_bin_dir}/firewall-drop.sh"
fi
fi
fi

6
security/ossec-hids-local-config/files/pkg-install.in
View File

@ -1,6 +1,8 @@
#!/bin/sh
ossec_home="%%OSSEC_HOME%%"
fw_drop="%%FW_DROP%%"
ar_bin_dir="${ossec_home}/active-response/bin"
ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_bak="${ossec_conf}.bak"
@ -8,7 +10,9 @@ agent_conf="${ossec_home}/etc/shared/agent.conf"
agent_conf_bak="${ossec_home}/etc/agent.conf.bak"
if [ "$2" == "POST-INSTALL" ]; then
ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh"
if [ -n "${fw_drop}" ]; then
ln -f "${ar_bin_dir}/${fw_drop}" "${ar_bin_dir}/firewall-drop.sh"
fi
if [ -e "${ossec_conf}" ]; then
mv -f "${ossec_conf}" "${ossec_conf_bak}"

1
security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
View File

@ -15,6 +15,7 @@
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_pw.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
</rootcheck>

6
security/ossec-hids-local-config/files/template-rules-default.xml.in
View File

@ -51,8 +51,11 @@
<include>ms_ipsec_rules.xml</include>
<include>vmware_rules.xml</include>
<include>ids_rules.xml</include>
<include>ms_powershell_rules.xml</include>
<include>last_rootlogin_rules.xml</include>
<include>apache_rules.xml</include>
<include>web_rules.xml</include>
<include>topleveldomain_rules.xml</include>
<include>zeus_rules.xml</include>
<include>nginx_rules.xml</include>
<include>php_rules.xml</include>
@ -78,6 +81,9 @@
<include>ms_firewall_rules.xml</include>
<include>psad_rules.xml</include>
<include>unbound_rules.xml</include>
<include>kesl_rules.xml</include>
<include>mhn_dionaea_rules.xml</include>
<include>mhn_cowrie_rules.xml</include>
<include>local_rules.xml</include>
<!-- Files not included by default -->

10
security/ossec-hids-local-config/scripts/plist.conf Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
fixed_lines=""
skip_lines=""
skip_paths=""
sample_paths="
/etc/command.conf.sample
/etc/ossec.conf.d/900.local.conf.sample
/etc/agent.conf.d/900.local.conf.sample"

74
security/ossec-hids-local-config/scripts/plist.sh
View File

@ -11,11 +11,10 @@ PLIST=$3
WORKDIR=$4
STAGEDIR=$5
staged_plist="${WORKDIR}/.staged-plist"
fixed_lines=""
skip_lines=""
skip_paths=""
sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample"
. $(dirname "$0")/plist.conf
NL=$'\n'
IFS=${NL}
print_path() {
local path="$1"
@ -28,15 +27,28 @@ print_path() {
fi
fi
local user=`stat -f "%Su" "${full_path}"`
if [ "${user}" == "${USER}" ]; then
if [ "${user}" = "${USER}" ]; then
user=""
fi
local group=`stat -f "%Sg" "${full_path}"`
if [ "${group}" == "${GROUP}" ]; then
if [ "${group}" = "${GROUP}" ]; then
group=""
fi
local mode=`stat -f "%p" "${full_path}" | tail -c 5`
echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
}
contains() {
local list="$1"
local word="$2"
for e in ${list}; do
if [ "${e}" = "${word}" ]; then
return 0
fi
done
return 1
}
echo -n > "${PLIST}"
@ -45,16 +57,9 @@ print_path
done_paths=""
while read line; do
skip_line=""
for e in ${skip_lines}; do
if [ "${e}" == "${line}" ]; then
skip_line="${e}"
break
fi
done
if [ -z "${skip_line}" ]; then
if ! contains "${skip_lines}" "${line}"; then
path=""
case $line in
case ${line} in
"@dir %%OSSEC_HOME%%"*)
path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"`
;;
@ -62,7 +67,7 @@ while read line; do
path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"`
;;
"%%"*)
unchanged_lines="${unchanged_lines} ${line}"
unchanged_lines="${unchanged_lines}${NL}${line}"
;;
esac
if [ -n "${path}" ]; then
@ -70,33 +75,12 @@ while read line; do
path=""
for segment in ${segments}; do
path="${path}/${segment}"
skip_path=""
for e in ${skip_paths}; do
if [ "${e}" == "${path}" ]; then
skip_path="${e}"
break
fi
done
if [ -n "${skip_path}" ]; then
if contains "${skip_paths}" "${path}"; then
break
fi
done_path=""
for e in ${done_paths}; do
if [ "${e}" == "${path}" ]; then
done_path="${e}"
break
fi
done
if [ -z "${done_path}" ]; then
done_paths="${done_paths} ${path}"
sample_path=""
for e in ${sample_paths}; do
if [ "${e}" == "${path}" ]; then
sample_path="${e}"
break
fi
done
if [ -n "${sample_path}" ]; then
if ! contains "${done_paths}" "${path}"; then
done_paths="${done_paths}${NL}${path}"
if contains "${sample_paths}" "${path}"; then
print_path "${path}" @sample
else
print_path "${path}"
@ -105,9 +89,9 @@ while read line; do
done
fi
fi
done < "${staged_plist}"
done < "${WORKDIR}/.staged-plist"
unchanged_lines="${unchanged_lines} ${fixed_lines}"
unchanged_lines="${unchanged_lines}${NL}${fixed_lines}"
for line in ${unchanged_lines}; do
echo "${line}" >> "${PLIST}"
done

37
security/ossec-hids-local/Makefile
View File

@ -1,8 +1,8 @@
# $FreeBSD$
PORTNAME= ossec-hids
PORTVERSION= 3.1.0
PORTREVISION= 3
PORTVERSION= 3.3.0
PORTREVISION= 0
CATEGORIES= security
PKGNAMESUFFIX= -${OSSEC_TYPE}
@ -12,7 +12,7 @@ COMMENT= Security tool to monitor and check logs and intrusions
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/LICENSE
USES= gmake readline ssl
USES= gmake ssl
OSSEC_TYPE?= local
@ -30,6 +30,7 @@ CONFLICTS_INSTALL= ossec-hids-client-* \
ossec-hids-local-*
.endif
LIB_DEPENDS= libpcre2-8.so:devel/pcre2
.if ${OSSEC_TYPE} != agent
RUN_DEPENDS= expect:lang/expect
.endif
@ -38,19 +39,24 @@ INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify
PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude
ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq
INOTIFY_USES= pkgconfig
LUA_USES= readline
MYSQL_USE= mysql
PGSQL_USES= pgsql
USE_GITHUB= yes
GH_ACCOUNT= ossec
USE_RC_SUBR= ossec-hids
.if ${OSSEC_TYPE} != agent
USES+= shebangfix
SHEBANG_FILES= active-response/ossec-pagerduty.sh
.if ${OSSEC_TYPE} != agent
SHEBANG_LANG= expect
expect_OLD_CMD= "/usr/bin/env expect"
expect_CMD= ${LOCALBASE}/bin/expect
SHEBANG_FILES= src/agentlessd/scripts/main.exp \
SHEBANG_FILES+= src/agentlessd/scripts/main.exp \
src/agentlessd/scripts/ssh.exp \
src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
src/agentlessd/scripts/ssh_foundry_diff \
@ -64,7 +70,7 @@ SHEBANG_FILES= src/agentlessd/scripts/main.exp \
.endif
OPTIONS_SUB= yes
OPTIONS_DEFINE= DOCS INOTIFY
OPTIONS_DEFINE= DOCS INOTIFY LUA
.if ${OSSEC_TYPE} != agent
OPTIONS_DEFINE+= PRELUDE ZEROMQ
@ -81,6 +87,7 @@ ZEROMQ_DESC= ZeroMQ support (experimental)
DATABASE_DESC= Database output
INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes
LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac
PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes
ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes
MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
@ -92,8 +99,6 @@ STRIP_FILES= agent-auth \
ossec-agentd \
ossec-execd \
ossec-logcollector \
ossec-lua \
ossec-luac \
ossec-syscheckd
.else
STRIP_FILES= agent_control \
@ -108,8 +113,6 @@ STRIP_FILES= agent_control \
ossec-execd \
ossec-logcollector \
ossec-logtest \
ossec-lua \
ossec-luac \
ossec-maild \
ossec-makelists \
ossec-monitord \
@ -159,7 +162,6 @@ SUB_LIST+= PORTNAME=${PORTNAME} \
VERSION=${PORTVERSION} \
DB_TYPE=${DB_TYPE} \
DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
USER=${USER} \
OSSEC_USER=${OSSEC_USER} \
OSSEC_GROUP=${OSSEC_GROUP} \
OSSEC_RC=${OSSEC_RC}
@ -179,9 +181,12 @@ PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
PKGMESSAGE= ${WRKDIR}/pkg-message
PKGMSG_FILES= message-header
PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//}
CFLAGS+= -I${LOCALBASE}/include
INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify)
INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify)
OSSEC_ARGS+= TARGET=${OSSEC_TYPE} INSTALL_LOCALTIME=no
OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no
.if !defined(MAINTAINER_MODE)
OSSEC_ARGS+= INSTALL_CMD=install
.endif
@ -213,14 +218,16 @@ post-install:
@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
.if defined(MAINTAINER_MODE)
@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
.else
@${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR}
.endif
.if ${OSSEC_TYPE} == agent
.if defined(MAINTAINER_MODE)
. if defined(MAINTAINER_MODE)
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
.else
. else
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
.endif
. endif
.endif
@${ECHO_CMD} -n > ${PKGMESSAGE}
.for file_name in ${PKGMSG_FILES}

6
security/ossec-hids-local/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1539457911
SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469
TIMESTAMP = 1555773447
SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197
SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070

17
security/ossec-hids-local/files/ossec-hids.in
View File

@ -34,6 +34,10 @@ load_rc_config $name
ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
if [ -z "${ossec_hids_user}" ]; then
ossec_hids_user=$(stat -f '%Su' "${ossec_home}")
fi
ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"
@ -49,6 +53,7 @@ ossec_ar_log="${ossec_home}/logs/active-responses.log"
ossec_merged="${ossec_home}/etc/shared/merged.mg"
ossec_local_time="/etc/localtime"
ossec_resolv_conf="/etc/resolv.conf"
extra_commands="help status reload ossec_conf"
case ${ossec_type} in
@ -353,7 +358,7 @@ ossec_hids_create_config() {
if [ -x "${agent_conf_bin}" ]; then
# Merge agent.conf.d files into agent.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
ossec_hids_create_file "${agent_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640
"${agent_conf_bin}" > "${agent_conf}"
fi
fi
@ -363,7 +368,7 @@ ossec_hids_create_config() {
if [ -x "${ossec_conf_bin}" ]; then
# Merge ossec.conf.d files into ossec.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
ossec_hids_create_file "${ossec_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640
"${ossec_conf_bin}" > "${ossec_conf}"
fi
fi
@ -378,7 +383,13 @@ ossec_hids_create_env() {
echo
return 1
fi
install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
if [ ! -e "${ossec_resolv_conf}" ]; then
echo "ERROR: Missing \"${ossec_resolv_conf}\"."
echo
return 1
fi
install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_resolv_conf}" "${ossec_home}${ossec_resolv_conf}"
return 0
}

231
security/ossec-hids-local/files/patch-src_Makefile
View File

@ -1,231 +0,0 @@
--- src/Makefile.orig 2018-10-11 22:25:16 UTC
+++ src/Makefile
@@ -20,6 +20,9 @@ OSSEC_USER?=ossec
OSSEC_USER_MAIL?=ossecm
OSSEC_USER_REM?=ossecr
+INSTALL_CMD?=install -m $(1) -o $(2) -g $(3)
+INSTALL_LOCALTIME?=yes
+
USE_PRELUDE?=no
USE_ZEROMQ?=no
USE_GEOIP?=no
@@ -366,10 +369,10 @@ endif
install: install-${TARGET}
install-agent: install-common
- install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin
- install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
install-local: install-server-generic
@@ -379,127 +382,129 @@ install-server: install-server-generic
install-common: build
./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs
- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
- install -d -m 0550 -o root -g 0 ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-syscheckd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-execd ${PREFIX}/bin
- install -m 0550 -o root -g 0 manage_agents ${PREFIX}/bin
- install -m 0550 -o root -g 0 ../contrib/util.sh ${PREFIX}/bin/
- install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
ifeq (${LUA_ENABLE},yes)
- install -d -m 0550 -o root -g 0 ${PREFIX}/lua
- install -d -m 0550 -o root -g 0 ${PREFIX}/lua/native
- install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled
- install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
- install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua
+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native
+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled
+ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/
endif
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue
- install -d -m 0770 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/alerts
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue
+ $(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc
- install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc
+ifeq (${INSTALL_LOCALTIME},yes)
+ $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc
+endif
- install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp
+ $(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp
ifneq (,$(wildcard /etc/TIMEZONE))
- install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/
+ $(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/
endif
# Solaris Needs some extra files
ifeq (${uname_S},SunOS)
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/
cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
endif
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/
ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
endif
ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
- install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys
endif
ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
ifneq (,$(wildcard ../etc/ossec.mc))
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
else
- install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
endif
endif
- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared
- install -m 0640 -o ${OSSEC_USER} -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/
+ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared
+ $(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless
- install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/
- install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh
+ $(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh
- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/
- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var
- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var
+ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run
./init/fw-check.sh execute
install-server-generic: install-common
- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/active-responses.log
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall
+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall
- install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-monitord ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-reportd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-maild ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-remoted ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-logtest ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-csyslogd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-authd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-dbd ${PREFIX}/bin
- install -m 0550 -o root -g 0 ossec-makelists ${PREFIX}/bin
- install -m 0550 -o root -g 0 verify-agent-conf ${PREFIX}/bin/
- install -m 0550 -o root -g 0 clear_stats ${PREFIX}/bin/
- install -m 0550 -o root -g 0 list_agents ${PREFIX}/bin/
- install -m 0550 -o root -g 0 ossec-regex ${PREFIX}/bin/
- install -m 0550 -o root -g 0 syscheck_update ${PREFIX}/bin/
- install -m 0550 -o root -g 0 agent_control ${PREFIX}/bin/
- install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/
- install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin
+ $(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/
+ $(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules
ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
- install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
rm ${PREFIX}/rules/local_rules.xml.installbackup
else
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules
endif
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck
- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless
+ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless
- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
+ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/
+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/
rm -f ${PREFIX}/etc/shared/merged.mg

7
security/ossec-hids-local/files/pkg-deinstall.in
View File

@ -4,15 +4,12 @@ ossec_home="%%OSSEC_HOME%%"
ar_conf="${ossec_home}/etc/shared/ar.conf"
merged_mg="${ossec_home}/etc/shared/merged.mg"
client_keys="${ossec_home}/etc/client.keys"
firewall_drop="${ossec_home}/active-response/bin/firewall-drop.sh"
local_time="${ossec_home}/etc/localtime"
resolv_conf="${ossec_home}/etc/resolv.conf"
if [ "$2" == "DEINSTALL" ]; then
rm -f "${ar_conf}"
rm -f "${merged_mg}"
if [ ! -s "${client_keys}" ]; then
rm -f "${client_keys}"
fi
rm -f "${firewall_drop}"
rm -f "${local_time}"
rm -f "${ar_conf}" "${merged_mg}" "${local_time}" "${resolv_conf}"
fi

8
security/ossec-hids-local/files/pkg-install.in
View File

@ -14,10 +14,14 @@ create_file() {
}
if [ "$2" == "POST-INSTALL" ]; then
if [ -z "${USER}" ]; then
USER=$(id -un)
fi
pw usermod %%OSSEC_USER%% -d "${ossec_home}"
pw usermod ossecm -d "${ossec_home}"
pw usermod ossecr -d "${ossec_home}"
chown %%USER%%:%%OSSEC_GROUP%% "${ossec_home}"
chown ${USER}:%%OSSEC_GROUP%% "${ossec_home}"
create_file "${client_keys}" root:ossec 0640
create_file "${client_keys}" ${USER}:%%OSSEC_GROUP%% 0640
fi

6
security/ossec-hids-local/pkg-plist-agent
View File

@ -22,8 +22,6 @@
@(,,0550) %%OSSEC_HOME%%/bin/ossec-control
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
@(,,0550) %%OSSEC_HOME%%/bin/util.sh
@dir(,ossec,0550) %%OSSEC_HOME%%/etc
@ -43,6 +41,7 @@
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@ -55,6 +54,7 @@
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@ -77,3 +77,5 @@
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac

12
security/ossec-hids-local/pkg-plist-local
View File

@ -42,8 +42,6 @@
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
@ -74,6 +72,7 @@
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@ -86,6 +85,7 @@
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@ -112,10 +112,14 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
@ -123,6 +127,7 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
@ -160,6 +165,7 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
@ -196,5 +202,7 @@
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
%%MYSQL%%%%DOCSDIR%%/mysql.schema
%%PGSQL%%%%DOCSDIR%%/postgresql.schema

12
security/ossec-hids-local/pkg-plist-server
View File

@ -42,8 +42,6 @@
@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
@ -74,6 +72,7 @@
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
@ -86,6 +85,7 @@
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
@ -112,10 +112,14 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
@ -123,6 +127,7 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
@ -160,6 +165,7 @@
@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
@ -196,5 +202,7 @@
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
%%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
%%MYSQL%%%%DOCSDIR%%/mysql.schema
%%PGSQL%%%%DOCSDIR%%/postgresql.schema

30
security/ossec-hids-local/scripts/plist.conf Normal file
View File

@ -0,0 +1,30 @@
#!/bin/sh
fixed_lines="
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac"
if [ "${OSSEC_TYPE}" != "agent" ]; then
fixed_lines="${fixed_lines}
%%MYSQL%%%%DOCSDIR%%/mysql.schema
%%PGSQL%%%%DOCSDIR%%/postgresql.schema"
fi
skip_lines="
%%PORTDOCS%%%%DOCSDIR%%/mysql.schema
%%PORTDOCS%%%%DOCSDIR%%/postgresql.schema"
skip_paths="
/etc/ossec.conf
/etc/client.keys
/logs/active-responses.log
/logs/ossec.log
/lua"
if [ "${OSSEC_TYPE}" = "agent" ]; then
skip_paths="${skip_paths}
/rules
/agentless
/.ssh"
fi
sample_paths="
/etc/local_internal_options.conf.sample"

80
security/ossec-hids-local/scripts/plist.sh
View File

@ -11,17 +11,10 @@ PLIST=$3
WORKDIR=$4
STAGEDIR=$5
staged_plist="${WORKDIR}/.staged-plist"
fixed_lines=""
if [ "${OSSEC_TYPE}" != "agent" ]; then
fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema"
fi
skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema"
skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua"
sample_paths="/etc/local_internal_options.conf.sample"
if [ "${OSSEC_TYPE}" == "agent" ]; then
skip_paths="${skip_paths} /rules /agentless /.ssh"
fi
. $(dirname "$0")/plist.conf
NL=$'\n'
IFS=${NL}
print_path() {
local path="$1"
@ -34,15 +27,28 @@ print_path() {
fi
fi
local user=`stat -f "%Su" "${full_path}"`
if [ "${user}" == "${USER}" ]; then
if [ "${user}" = "${USER}" ]; then
user=""
fi
local group=`stat -f "%Sg" "${full_path}"`
if [ "${group}" == "${GROUP}" ]; then
if [ "${group}" = "${GROUP}" ]; then
group=""
fi
local mode=`stat -f "%p" "${full_path}" | tail -c 5`
echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
}
contains() {
local list="$1"
local word="$2"
for e in ${list}; do
if [ "${e}" = "${word}" ]; then
return 0
fi
done
return 1
}
echo -n > "${PLIST}"
@ -51,16 +57,9 @@ print_path
done_paths=""
while read line; do
skip_line=""
for e in ${skip_lines}; do
if [ "${e}" == "${line}" ]; then
skip_line="${e}"
break
fi
done
if [ -z "${skip_line}" ]; then
if ! contains "${skip_lines}" "${line}"; then
path=""
case $line in
case ${line} in
"@dir %%OSSEC_HOME%%"*)
path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"`
;;
@ -68,7 +67,7 @@ while read line; do
path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"`
;;
"%%"*)
unchanged_lines="${unchanged_lines} ${line}"
unchanged_lines="${unchanged_lines}${NL}${line}"
;;
esac
if [ -n "${path}" ]; then
@ -76,33 +75,12 @@ while read line; do
path=""
for segment in ${segments}; do
path="${path}/${segment}"
skip_path=""
for e in ${skip_paths}; do
if [ "${e}" == "${path}" ]; then
skip_path="${e}"
break
fi
done
if [ -n "${skip_path}" ]; then
if contains "${skip_paths}" "${path}"; then
break
fi
done_path=""
for e in ${done_paths}; do
if [ "${e}" == "${path}" ]; then
done_path="${e}"
break
fi
done
if [ -z "${done_path}" ]; then
done_paths="${done_paths} ${path}"
sample_path=""
for e in ${sample_paths}; do
if [ "${e}" == "${path}" ]; then
sample_path="${e}"
break
fi
done
if [ -n "${sample_path}" ]; then
if ! contains "${done_paths}" "${path}"; then
done_paths="${done_paths}${NL}${path}"
if contains "${sample_paths}" "${path}"; then
print_path "${path}" @sample
else
print_path "${path}"
@ -111,9 +89,9 @@ while read line; do
done
fi
fi
done < "${staged_plist}"
done < "${WORKDIR}/.staged-plist"
unchanged_lines="${unchanged_lines} ${fixed_lines}"
unchanged_lines="${unchanged_lines}${NL}${fixed_lines}"
for line in ${unchanged_lines}; do
echo "${line}" >> "${PLIST}"
done

16
security/ossec-hids-local/scripts/sanitize-stage.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
# Script removes paths from stage to make stage-qa happy about "orphaned" files
OSSEC_TYPE=$1
OSSEC_HOME=$2
STAGEDIR=$3
. $(dirname "$0")/plist.conf
NL=$'\n'
IFS=${NL}
for path in ${skip_paths}; do
rm -rf "${STAGEDIR}${OSSEC_HOME}${path}"
done

4
security/ossec-hids/Makefile
View File

@ -1,8 +1,8 @@
# $FreeBSD$
PORTNAME= ossec-hids
PORTVERSION= 3.1.0
PORTREVISION=
PORTVERSION= 3.3.0
PORTREVISION= 0
CATEGORIES= security
MAINTAINER= dominik.lisiak@bemsoft.pl