From f7e9cdf0812fe551e6b20ea1737733dbda32b1f2 Mon Sep 17 00:00:00 2001 From: John Marino Date: Sat, 16 Aug 2014 19:10:08 +0000 Subject: [PATCH] remove 3 ports: security/sguid-(client|sensor|server) These were combined to a single port at security/sguil which is also a newer version. --- MOVED | 4 + security/Makefile | 3 - security/sguil-client/Makefile | 83 ---- security/sguil-client/distinfo | 2 - security/sguil-client/files/patch-sguil.conf | 35 -- security/sguil-client/files/patch-sguil.tk | 28 -- security/sguil-client/files/pkg-message.in | 14 - security/sguil-client/pkg-descr | 16 - security/sguil-client/pkg-plist | 75 ---- security/sguil-sensor/Makefile | 114 ----- security/sguil-sensor/distinfo | 2 - security/sguil-sensor/files/example_agent.in | 34 -- security/sguil-sensor/files/pads_agent.in | 66 --- .../sguil-sensor/files/patch-ossec_agent.tcl | 30 -- .../sguil-sensor/files/patch-pads_agent.tcl | 39 -- .../files/patch-pcap_agent-sancp.tcl | 35 -- .../sguil-sensor/files/patch-pcap_agent.tcl | 35 -- .../sguil-sensor/files/patch-sancp_agent.tcl | 30 -- .../sguil-sensor/files/patch-snort_agent.tcl | 35 -- .../sguil-sensor/files/pcap_agent-sancp.in | 32 -- security/sguil-sensor/files/pcap_agent.in | 32 -- security/sguil-sensor/files/pkg-message.in | 31 -- security/sguil-sensor/files/sancp_agent.in | 32 -- security/sguil-sensor/files/snort_agent.in | 32 -- security/sguil-sensor/pkg-descr | 17 - security/sguil-sensor/pkg-plist | 41 -- security/sguil-server/Makefile | 89 ---- security/sguil-server/distinfo | 2 - .../files/patch-lib-SguildLoaderd.tcl | 29 -- .../files/patch-lib-SguildMysqlMerge.tcl | 11 - security/sguil-server/files/patch-sguild | 99 ----- .../sguil-server/files/patch-sguild.access | 12 - security/sguil-server/files/patch-sguild.conf | 28 -- .../patch-sql_scripts-create_sguildb.sql | 176 -------- .../files/patch-sql_scripts-sancp_cleanup.tcl | 11 - security/sguil-server/files/pkg-deinstall.in | 65 --- security/sguil-server/files/pkg-install.in | 410 ------------------ security/sguil-server/files/pkg-message.in | 35 -- security/sguil-server/files/sguild.in | 35 -- security/sguil-server/pkg-descr | 22 - security/sguil-server/pkg-plist | 66 --- 41 files changed, 4 insertions(+), 1983 deletions(-) delete mode 100644 security/sguil-client/Makefile delete mode 100644 security/sguil-client/distinfo delete mode 100644 security/sguil-client/files/patch-sguil.conf delete mode 100644 security/sguil-client/files/patch-sguil.tk delete mode 100644 security/sguil-client/files/pkg-message.in delete mode 100644 security/sguil-client/pkg-descr delete mode 100644 security/sguil-client/pkg-plist delete mode 100644 security/sguil-sensor/Makefile delete mode 100644 security/sguil-sensor/distinfo delete mode 100644 security/sguil-sensor/files/example_agent.in delete mode 100644 security/sguil-sensor/files/pads_agent.in delete mode 100644 security/sguil-sensor/files/patch-ossec_agent.tcl delete mode 100644 security/sguil-sensor/files/patch-pads_agent.tcl delete mode 100644 security/sguil-sensor/files/patch-pcap_agent-sancp.tcl delete mode 100644 security/sguil-sensor/files/patch-pcap_agent.tcl delete mode 100644 security/sguil-sensor/files/patch-sancp_agent.tcl delete mode 100644 security/sguil-sensor/files/patch-snort_agent.tcl delete mode 100644 security/sguil-sensor/files/pcap_agent-sancp.in delete mode 100644 security/sguil-sensor/files/pcap_agent.in delete mode 100644 security/sguil-sensor/files/pkg-message.in delete mode 100644 security/sguil-sensor/files/sancp_agent.in delete mode 100644 security/sguil-sensor/files/snort_agent.in delete mode 100644 security/sguil-sensor/pkg-descr delete mode 100644 security/sguil-sensor/pkg-plist delete mode 100644 security/sguil-server/Makefile delete mode 100644 security/sguil-server/distinfo delete mode 100644 security/sguil-server/files/patch-lib-SguildLoaderd.tcl delete mode 100644 security/sguil-server/files/patch-lib-SguildMysqlMerge.tcl delete mode 100644 security/sguil-server/files/patch-sguild delete mode 100644 security/sguil-server/files/patch-sguild.access delete mode 100644 security/sguil-server/files/patch-sguild.conf delete mode 100644 security/sguil-server/files/patch-sql_scripts-create_sguildb.sql delete mode 100644 security/sguil-server/files/patch-sql_scripts-sancp_cleanup.tcl delete mode 100644 security/sguil-server/files/pkg-deinstall.in delete mode 100644 security/sguil-server/files/pkg-install.in delete mode 100644 security/sguil-server/files/pkg-message.in delete mode 100644 security/sguil-server/files/sguild.in delete mode 100644 security/sguil-server/pkg-descr delete mode 100644 security/sguil-server/pkg-plist diff --git a/MOVED b/MOVED index 284e23a36e12..ddb0d5b1ee38 100644 --- a/MOVED +++ b/MOVED @@ -6420,3 +6420,7 @@ korean/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non russian/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non-default option mail/sendmail-sasl|mail/sendmail|2014-08-15|Removed: Use mail/sendmail instead print/cups-samba||2014-08-15|Removed: defunct for long, disappeared upstream +security/sguil-client|security/sguil|2014-08-16|Merged into new port security/sguil +security/sguil-sensor|security/sguil|2014-08-16|Merged into new port security/sguil +security/sguil-server|security/sguil|2014-08-16|Merged into new port security/sguil + diff --git a/security/Makefile b/security/Makefile index 9ad378c15042..ed98d18b5d85 100644 --- a/security/Makefile +++ b/security/Makefile @@ -910,9 +910,6 @@ SUBDIR += sectok SUBDIR += secure_delete SUBDIR += sguil - SUBDIR += sguil-client - SUBDIR += sguil-sensor - SUBDIR += sguil-server SUBDIR += sha SUBDIR += shibboleth2-sp SUBDIR += shimmer diff --git a/security/sguil-client/Makefile b/security/sguil-client/Makefile deleted file mode 100644 index 8a81db99fce6..000000000000 --- a/security/sguil-client/Makefile +++ /dev/null @@ -1,83 +0,0 @@ -# Created by: Paul Schmehl -# $FreeBSD$ - -PORTNAME= sguil-client -PORTVERSION= 0.8.0 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} - -MAINTAINER= pauls@utdallas.edu -COMMENT= Sguil is a network security monitoring program - -RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \ - dtplite:${PORTSDIR}/devel/tcllib \ - ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX \ - ${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \ - gpg2:${PORTSDIR}/security/gnupg - -LICENSE_NAME= QPLv1.0 COPYRIGHT -LICENSE_COMB= multi -LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL -LICENSE_PERMS= auto-accept -LICENSE_FILE= ${WRKSRC}/client/lib/tablelist4.1/COPYRIGHT.txt -LICENSE_PERMS= auto-accept - -OPTIONS_DEFINE= AUDIO SANCP WIRESHARK DOCS -AUDIO_DESC= Install Festival Speech Synthesis -SANCP_DESC= Use sancp -WIRESHARK_DESC= Install wireshark - -NO_BUILD= yes -USES= tk:wrapper -WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} -SUB_LIST= SGUILDIR=${SGUILDIR} -SUB_FILES= pkg-message -PLIST_SUB= SGUILDIR=${SGUILDIR} -SGUILDIR?= sguil-client - -PORTDOCS1= README -PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia - -LIBFILES= SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl sellib.tcl sancp.tcl \ - sound.tcl guilib.tcl qrybuild.tcl qrylib.tcl report.tcl stdquery.tcl whois.tcl - -.include - -.if $(PORT_OPTIONS:MAUDIO) -RUN_DEPENDS+= festival:${PORTSDIR}/audio/festival -.endif - -.if ${PORT_OPTIONS:MSANCP} -RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp -.endif - -.if $(PORT_OPTIONS:MWIRESHARK) -RUN_DEPENDS+= wireshark:${PORTSDIR}/net/wireshark -.endif - -do-install: - @${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR} - @${MKDIR} ${STAGEDIR}${DOCSDIR} - ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/client/sguil.tk \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/sguil.tk - ${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR} -.for f in sguil.conf - ${INSTALL_DATA} ${WRKSRC}/client/${f} \ - ${STAGEDIR}${PREFIX}/etc/${f}-sample -.endfor -.for f in ${LIBFILES} - @${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib - ${INSTALL_DATA} ${WRKSRC}/client/lib/${f} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/${f} -.endfor -.for f in sguil_logo_h.gif - @${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images - ${INSTALL_DATA} ${WRKSRC}/client/lib/images/${f} \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images/${f} -.endfor - - (cd ${WRKSRC}/client/lib/tablelist4.1 && ${COPYTREE_SHARE} \* \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/tablelist4.1/) - -.include diff --git a/security/sguil-client/distinfo b/security/sguil-client/distinfo deleted file mode 100644 index 1dafe06d9088..000000000000 --- a/security/sguil-client/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (sguil-client-0.8.0.tar.gz) = bbce49630fd6264591a1e890cba3bad11cf18e9327c9f9cc02cb6dc8a19746bd -SIZE (sguil-client-0.8.0.tar.gz) = 216433 diff --git a/security/sguil-client/files/patch-sguil.conf b/security/sguil-client/files/patch-sguil.conf deleted file mode 100644 index 3190d26ee0a2..000000000000 --- a/security/sguil-client/files/patch-sguil.conf +++ /dev/null @@ -1,35 +0,0 @@ ---- client/sguil.conf.orig 2012-11-15 22:46:24.000000000 +0000 -+++ client/sguil.conf 2012-11-15 22:48:28.000000000 +0000 -@@ -18,7 +18,7 @@ - set DEBUG 1 - - # PATH to tls lib if needed (tcl can usually find this by default) --#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so -+#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so - # win32 example - #set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll" - -@@ -46,12 +46,12 @@ - # If you have festival installed, then you can have alerts spoken to - # you. Set the path to the festival binary here. If you are using - # speechd from speechio.org, then leave this commented out. --set FESTIVAL_PATH /usr/bin/festival -+set FESTIVAL_PATH /usr/local/bin/festival - # win32 example - # set FESTIVAL_PATH "c:\festival\bin\festival.exe" - - # Path to wireshark (ethereal) --set WIRESHARK_PATH /usr/sbin/wireshark -+set WIRESHARK_PATH /usr/local/bin/wireshark - # win32 example - # set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe" - -@@ -62,7 +62,7 @@ - # set WIRESHARK_STORE_DIR "c:/tmp" - - # Favorite browser for looking at sig info on snort.org --set BROWSER_PATH /usr/bin/firefox -+set BROWSER_PATH /usr/local/bin/firefox - # win32 example (IE) - # set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe - diff --git a/security/sguil-client/files/patch-sguil.tk b/security/sguil-client/files/patch-sguil.tk deleted file mode 100644 index 474475f2a5a6..000000000000 --- a/security/sguil-client/files/patch-sguil.tk +++ /dev/null @@ -1,28 +0,0 @@ ---- client/sguil.tk.orig 2012-11-15 22:24:35.000000000 +0000 -+++ client/sguil.tk 2012-11-15 22:26:33.000000000 +0000 -@@ -88,7 +88,7 @@ - - # Load iwidgets and namespaces - if [catch {package require Iwidgets} iwidgetsVersion] { -- puts "ERROR: Cannot fine the Iwidgets extension." -+ puts "ERROR: Cannot find the Iwidgets extension." - puts "The iwidgets package is part of the incr tcl extension and is" - puts "available as a port/package most systems." - puts "See http://www.tcltk.com/iwidgets/ for more info." -@@ -2053,11 +2053,11 @@ - set CONF_FILE $env(HOME)/sguil.conf - } elseif { [file exists ./sguil.conf] } { - set CONF_FILE ./sguil.conf -- } elseif { [file exists /etc/sguil] &&\ -- [file isdirectory /etc/sguil] &&\ -- [file exists /etc/sguil/sguil.conf] &&\ -- [file readable /etc/sguil/sguil.conf] } { -- set CONF_FILE /etc/sguil/sguil.conf -+ } elseif { [file exists /usr/local/etc/sguil] &&\ -+ [file isdirectory /usr/local/etc/sguil] &&\ -+ [file exists /usr/local/etc/sguil/sguil.conf] &&\ -+ [file readable /usr/local/etc/sguil/sguil.conf] } { -+ set CONF_FILE /usr/local/etc/sguil/sguil.conf - } else { - puts "Couldn't determine where the sguil config file is" - puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf." diff --git a/security/sguil-client/files/pkg-message.in b/security/sguil-client/files/pkg-message.in deleted file mode 100644 index f17f20658986..000000000000 --- a/security/sguil-client/files/pkg-message.in +++ /dev/null @@ -1,14 +0,0 @@ -See the USAGE document in the %%DOCSDIR%% for instructions -on how to use the sguil client to connect to and maintain -the sguil network monitoring system. - -NOTE: This port installs a sguil.conf-sample file in -%%PREFIX%%/bin/%%SGUILDIR%%/. If you are installing this on a -multi-user system, each user might want to have a -sguil.conf file in their home directory. Sguil.tk sources -the home directory first for the sguil.conf file. - -There are several items in the conf file that may need -editing, including the path to your web browser, the name -of the sguil server you connect to and possibly the port -you connect to (if you're not using the default port.) diff --git a/security/sguil-client/pkg-descr b/security/sguil-client/pkg-descr deleted file mode 100644 index 525d1822801b..000000000000 --- a/security/sguil-client/pkg-descr +++ /dev/null @@ -1,16 +0,0 @@ -Sguil (pronounced "sgweel") is a graphical interface to snort -(www.snort.org), an open source intrusion detection system. -The actual interface and GUI server are written in tcl/tk -(www.tcl.tk). Sguil also relies on other open source software -in order to function properly. - -The client requires tls, gpg, iwidgets and other tcl packages and may -also use wireshark, sancp and festival depending on your selection -of options. Run "make config" in the port to see what options -are available. - -Sguil currently functions as an analysis interface and does not yet -have rule management capabilities. - -WWW: http://sguil.sourceforge.net/index.php -pauls@utdallas.edu diff --git a/security/sguil-client/pkg-plist b/security/sguil-client/pkg-plist deleted file mode 100644 index 0550128bc92b..000000000000 --- a/security/sguil-client/pkg-plist +++ /dev/null @@ -1,75 +0,0 @@ -bin/%%SGUILDIR%%/images/sguil_logo_h.gif -bin/%%SGUILDIR%%/lib/SguilUtil.tcl -bin/%%SGUILDIR%%/lib/dkffont.tcl -bin/%%SGUILDIR%%/lib/email17.tcl -bin/%%SGUILDIR%%/lib/extdata.tcl -bin/%%SGUILDIR%%/lib/guilib.tcl -bin/%%SGUILDIR%%/lib/qrybuild.tcl -bin/%%SGUILDIR%%/lib/qrylib.tcl -bin/%%SGUILDIR%%/lib/report.tcl -bin/%%SGUILDIR%%/lib/sancp.tcl -bin/%%SGUILDIR%%/lib/sellib.tcl -bin/%%SGUILDIR%%/lib/sound.tcl -bin/%%SGUILDIR%%/lib/stdquery.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/COPYRIGHT.txt -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x4.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x5.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown9x5.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp10x9.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp12x11.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x4.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x5.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x7.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp9x5.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/checked.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/images/unchecked.xbm -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/mwutil.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/repair.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistBind.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistConfig.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistEdit.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistMove.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistSort.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistThemes.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistUtil.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistWidget.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tclIndex -bin/%%SGUILDIR%%/lib/tablelist4.1/tablelist.tcl -bin/%%SGUILDIR%%/lib/tablelist4.1/tablelistPublic.tcl -bin/%%SGUILDIR%%/lib/whois.tcl -bin/%%SGUILDIR%%/sguil.tk -etc/sguil.conf-sample -%%PORTDOCS%%%%DOCSDIR%%/CHANGES -%%PORTDOCS%%%%DOCSDIR%%/FAQ -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd -%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/UPGRADE -%%PORTDOCS%%%%DOCSDIR%%/USAGE -%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia -@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/scripts -@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/images -@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1 -@dirrm bin/%%SGUILDIR%%/lib -@dirrm bin/%%SGUILDIR%%/images -@dirrm bin/%%SGUILDIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%% diff --git a/security/sguil-sensor/Makefile b/security/sguil-sensor/Makefile deleted file mode 100644 index 2e32965fb43f..000000000000 --- a/security/sguil-sensor/Makefile +++ /dev/null @@ -1,114 +0,0 @@ -# Created by: Paul Schmehl -# $FreeBSD$ - -PORTNAME= sguil-sensor -PORTVERSION= 0.8.0 -CATEGORIES= security -MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} - -MAINTAINER= pauls@utdallas.edu -COMMENT= Sguil is a network security monitoring program - -RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \ - barnyard2:${PORTSDIR}/security/barnyard2-sguil \ - ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX - -OPTIONS_DEFINE= PADS SANCP DOCS -PADS_DESC= Include pads sensor -SANCP_DESC= Include sancp sensor - -LICENSE_NAME= QPLv1.0 -LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL -LICENSE_PERMS= auto-accept - -NO_BUILD= yes -USE_RC_SUBR= pcap_agent snort_agent -TCL_VER= 8.5 -TCLSH= tclsh${TCL_VER} -WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} -PATCH_WRKSRC= ${WRKSRC}/sensor -SGUILDIR?= sguil-sensor -SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH} -SUB_FILES= pkg-message -PLIST_SUB= SGUILDIR=${SGUILDIR} -AGENTS= pcap_agent.tcl snort_agent.tcl -CONFS= pcap_agent.conf snort_agent.conf -LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh -WITH_PCRE= true - -PORTDOCS1= README -PORTDOCS2= README.daemonlogger -PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \ - TODO UPGRADE USAGE sguildb.dia - -.include - -.if ${PORT_OPTIONS:MSANCP} -AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl -CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf -RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp -USE_RC_SUBR+= sancp_agent pcap_agent-sancp -PLIST_SUB+= USESANCP="" -.else -PLIST_SUB+= USESANCP="@comment " -.endif - -.if ${PORT_OPTIONS:MPADS} -AGENTS+= pads_agent.tcl -CONFS+= pads_agent.conf -RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads -USE_RC_SUBR+= pads_agent -PLIST_SUB+= USEPADS="" -.else -PLIST_SUB+= USEPADS="@comment " -.endif - -post-patch: -.for f in ${AGENTS} - @${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \ - ${WRKSRC}/sensor/${f} -.endfor - -do-install: - @${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR} - @${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SGUILDIR} - @${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR} - @${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib - @${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init - @${MKDIR} ${STAGEDIR}${DOCSDIR} - (cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig") - (cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init) - ${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/sensor/|} ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${PORTDOCS3:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR} -.for f in ${AGENTS} - ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f} -.endfor -.for f in ${LOG_SCRIPTS} - ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f} -.endfor -.for f in ${CONFS} - ${INSTALL_DATA} ${WRKSRC}/sensor/${f} \ - ${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample -.endfor -.if ${PORT_OPTIONS:MSANCP} -.for f in log_packets-sancp.sh - ${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \ - ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f} -.endfor -.for f in sancp.conf - ${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \ - ${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample -.endfor -.endif -post-install: - -.if ${PORT_OPTIONS:MSANCP} -.for f in README.sancp_indexed_pcap - cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${STAGEDIR}${DOCSDIR} -.endfor -.endif - -.include diff --git a/security/sguil-sensor/distinfo b/security/sguil-sensor/distinfo deleted file mode 100644 index 88953e35d324..000000000000 --- a/security/sguil-sensor/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5 -SIZE (sguil-sensor-0.8.0.tar.gz) = 142829 diff --git a/security/sguil-sensor/files/example_agent.in b/security/sguil-sensor/files/example_agent.in deleted file mode 100644 index 79b449745ea3..000000000000 --- a/security/sguil-sensor/files/example_agent.in +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: example_agent -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable example_agent: -# example_agent_enable (bool): Set to YES to enable example_agent -# Default: NO -# example_agent_conf (str): Example_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf -# example_agent_flags (str): Default: -D -# - -. /etc/rc.subr - -load_rc_config example_agent - -#set defaults -example_agent_enable=${example_agent_enable:-"NO"} -example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"} -example_agent_flags=${example_agent_flags:-"-D"} - -name="example_agent" -rcvar=example_agent_enable -command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl" -command_args="-c ${example_agent_conf} ${example_agent_flags}" -procname="%%PREFIX%%/bin/tclsh8.4" -pidfile="/var/run/${name}.pid" -check_pidfile="${pidfile} ${procname} /bin/sh" - -run_rc_command "$1" diff --git a/security/sguil-sensor/files/pads_agent.in b/security/sguil-sensor/files/pads_agent.in deleted file mode 100644 index b1ef894abd5d..000000000000 --- a/security/sguil-sensor/files/pads_agent.in +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: pads_agent -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable pads_agent: -# pads_agent_enable (bool): Set to YES to enable pads_agent -# Default: NO -# pads_agent_conf (str): Pads_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf -# pads_agent_flags (str): Default: -D -# - -. /etc/rc.subr - -name="pads_agent" -rcvar=${name}_enable -load_rc_config ${name} - -#set defaults -: ${pads_agent_enable:="NO"} -: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"} -: ${pads_agent_flags:="-D -c ${pads_agent_conf}"} - -command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl" -procname="%%PREFIX%%/bin/%%TCLSH%%" -pidfile="/var/run/${name}.pid" - -start_precmd="pads_agent_ck4fifo" -stop_postcmd="pads_agent_rmfifo" - -pads_agent_ck4fifo() -{ - LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` - HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` - PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo - - if [ ! -p ${PADS_FIFO} ]; then - echo "${PADS_FIFO} does not exist. Creating now....." - /usr/bin/mkfifo ${PADS_FIFO} - fi - echo "Checking for ${PADS_FIFO}...." - if [ -p ${PADS_FIFO} ]; then - echo "Confirmed! ${PADS_FIFO} exists." - else - echo "I tried to create ${PADS_FIFO} and failed." - echo "You will need to create it manually before starting ${name}." - fi -} - -pads_agent_rmfifo() -{ - LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'` - HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'` - PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo - - if [ -p ${PADS_FIFO} ]; then - /bin/rm ${PADS_FIFO} - echo "Removing ${PADS_FIFO}...." - fi -} - -run_rc_command "$1" diff --git a/security/sguil-sensor/files/patch-ossec_agent.tcl b/security/sguil-sensor/files/patch-ossec_agent.tcl deleted file mode 100644 index 055eb96f5a79..000000000000 --- a/security/sguil-sensor/files/patch-ossec_agent.tcl +++ /dev/null @@ -1,30 +0,0 @@ ---- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000 -+++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code - # distributed with sguil. -@@ -593,9 +591,9 @@ - if { ![info exists CONF_FILE] } { - - # No conf file specified check the defaults -- if { [file exists /etc/ossec_agent.conf] } { -+ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } { - -- set CONF_FILE /etc/ossec_agent.conf -+ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf - - } elseif { [file exists ./ossec_agent.conf] } { - -@@ -604,7 +602,7 @@ - } else { - - puts "Couldn't determine where the ossec_agent.tcl config file is" -- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf." - DisplayUsage $argv0 - - } diff --git a/security/sguil-sensor/files/patch-pads_agent.tcl b/security/sguil-sensor/files/patch-pads_agent.tcl deleted file mode 100644 index ba35aadbcd14..000000000000 --- a/security/sguil-sensor/files/patch-pads_agent.tcl +++ /dev/null @@ -1,39 +0,0 @@ ---- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000 -+++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ # - -@@ -332,7 +330,7 @@ - id process group set - if {[fork]} {exit 0} - set PID [id process] -- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" } -+ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" } - set PID_DIR [file dirname $PID_FILE] - if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } { - puts "ERROR: Directory $PID_DIR does not exists or is not writable." -@@ -380,16 +378,16 @@ - } - } - # Parse the config file here --# Default location is /etc/pads_agent.conf or pwd -+# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd - if { ![info exists CONF_FILE] } { - # No conf file specified check the defaults -- if { [file exists /etc/pads_agent.conf] } { -- set CONF_FILE /etc/pads_agent.conf -+ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } { -+ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf - } elseif { [file exists ./pads_agent.conf] } { - set CONF_FILE ./pads_agent.conf - } else { - puts "Couldn't determine where the sensor_agent.tcl config file is" -- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf." - DisplayUsage $argv0 - } - } diff --git a/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl b/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl deleted file mode 100644 index 5299ef6ca03e..000000000000 --- a/security/sguil-sensor/files/patch-pcap_agent-sancp.tcl +++ /dev/null @@ -1,35 +0,0 @@ ---- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000 -+++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ # - -@@ -754,13 +752,13 @@ - } - - # Parse the config file here --# Default location is /etc/pcap_agent.conf or pwd -+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd - if { ![info exists CONF_FILE] } { - - # No conf file specified check the defaults -- if { [file exists /etc/pcap_agent.conf] } { -+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { - -- set CONF_FILE /etc/pcap_agent.conf -+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf - - } elseif { [file exists ./pcap_agent.conf] } { - -@@ -769,7 +767,7 @@ - } else { - - puts "Couldn't determine where the pcap_agent.tcl config file is" -- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." - DisplayUsage $argv0 - - } diff --git a/security/sguil-sensor/files/patch-pcap_agent.tcl b/security/sguil-sensor/files/patch-pcap_agent.tcl deleted file mode 100644 index be279eb7a309..000000000000 --- a/security/sguil-sensor/files/patch-pcap_agent.tcl +++ /dev/null @@ -1,35 +0,0 @@ ---- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000 -+++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ # - -@@ -771,13 +769,13 @@ - } - - # Parse the config file here --# Default location is /etc/pcap_agent.conf or pwd -+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd - if { ![info exists CONF_FILE] } { - - # No conf file specified check the defaults -- if { [file exists /etc/pcap_agent.conf] } { -+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } { - -- set CONF_FILE /etc/pcap_agent.conf -+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf - - } elseif { [file exists ./pcap_agent.conf] } { - -@@ -786,7 +784,7 @@ - } else { - - puts "Couldn't determine where the pcap_agent.tcl config file is" -- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf." - DisplayUsage $argv0 - - } diff --git a/security/sguil-sensor/files/patch-sancp_agent.tcl b/security/sguil-sensor/files/patch-sancp_agent.tcl deleted file mode 100644 index 7facc81230bd..000000000000 --- a/security/sguil-sensor/files/patch-sancp_agent.tcl +++ /dev/null @@ -1,30 +0,0 @@ ---- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000 -+++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ # - -@@ -582,16 +580,16 @@ - } - } - # Parse the config file here --# Default location is /etc/sancp_agent.conf or pwd -+# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd - if { ![info exists CONF_FILE] } { - # No conf file specified check the defaults -- if { [file exists /etc/sancp_agent.conf] } { -- set CONF_FILE /etc/sancp_agent.conf -+ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } { -+ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf - } elseif { [file exists ./sancp_agent.conf] } { - set CONF_FILE ./sancp_agent.conf - } else { - puts "Couldn't determine where the sancp_agent.tcl config file is" -- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf." - DisplayUsage $argv0 - } - } diff --git a/security/sguil-sensor/files/patch-snort_agent.tcl b/security/sguil-sensor/files/patch-snort_agent.tcl deleted file mode 100644 index a8cb13ce6853..000000000000 --- a/security/sguil-sensor/files/patch-snort_agent.tcl +++ /dev/null @@ -1,35 +0,0 @@ ---- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000 -+++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ # - -@@ -680,13 +678,13 @@ - } - - # Parse the config file here --# Default location is /etc/snort_agent.conf or pwd -+# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd - if { ![info exists CONF_FILE] } { - - # No conf file specified check the defaults -- if { [file exists /etc/snort_agent.conf] } { -+ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } { - -- set CONF_FILE /etc/snort_agent.conf -+ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf - - } elseif { [file exists ./snort_agent.conf] } { - -@@ -695,7 +693,7 @@ - } else { - - puts "Couldn't determine where the snort_agent.tcl config file is" -- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf." -+ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf." - DisplayUsage $argv0 - - } diff --git a/security/sguil-sensor/files/pcap_agent-sancp.in b/security/sguil-sensor/files/pcap_agent-sancp.in deleted file mode 100644 index 24b53584dfc0..000000000000 --- a/security/sguil-sensor/files/pcap_agent-sancp.in +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: pcap_agent-sancp -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable pcap_agent-sancp: -# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp -# Default: NO -# pcap_agent-sancp_conf (str): Pads_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf -# pcap_agent-sancp_flags (str): Default: -D -# - -. /etc/rc.subr - -name="pcap_agent-sancp" -rcvar=pcap_agent-sancp_enable -load_rc_config pcap_agent-sancp - -#set defaults -: ${pcap_agent-sancp_enable:="NO"} -: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"} -: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"} - -command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl" -procname="%%PREFIX%%/bin/%%TCLSH%%" -pidfile="/var/run/${name}.pid" - -run_rc_command "$1" diff --git a/security/sguil-sensor/files/pcap_agent.in b/security/sguil-sensor/files/pcap_agent.in deleted file mode 100644 index 1307a2a4748f..000000000000 --- a/security/sguil-sensor/files/pcap_agent.in +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: pcap_agent -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable pcap_agent: -# pcap_agent_enable (bool): Set to YES to enable pcap_agent -# Default: NO -# pcap_agent_conf (str): Pcap_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf -# pcap_agent_flags (str): Default: -D -# - -. /etc/rc.subr - -name="pcap_agent" -rcvar=pcap_agent_enable -load_rc_config pcap_agent - -#set defaults -: ${pcap_agent_enable:="NO"} -: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"} -: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"} - -command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl" -procname="%%PREFIX%%/bin/%%TCLSH%%" -pidfile="/var/run/${name}.pid" - -run_rc_command "$1" diff --git a/security/sguil-sensor/files/pkg-message.in b/security/sguil-sensor/files/pkg-message.in deleted file mode 100644 index c75df8704dca..000000000000 --- a/security/sguil-sensor/files/pkg-message.in +++ /dev/null @@ -1,31 +0,0 @@ - *********************************** - * !!!!!!!!!!! WARNING !!!!!!!!!!! * - *********************************** - -If you already had barnyard2 installed, this port will NOT deinstall -it and install the barnyard2-sguil port instead. You will need to -deinstall the barnyard2 port and install the barnyard2-sguil port yourself -instead. This port WILL NOT WORK without the barnyard2-sguil port!! - -See the %%DOCSDIR%%/INSTALL doc for details on the -configuration and for croning the script. - -WARNING!!! Sguil et al will fill up your /tmp directory very -quickly. You should probably configure sguil et al to log to -another partition/location (e.g. /nsm/tmp/). - -You must ALSO edit all of the sensor conf files (located in -%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before -starting the sensor_agents. - -A number of ancilliary things have been installed in -%%PREFIX%%/share/%%SGUILDIR%%. - -If you chose to run sancp, and you already had a sancp.conf file in -%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one. -The new sancp.conf-sample file contains the settings for squil. NOTE: -the conf file is for sancp 1.5.3. It may need additional edits to work -with the current ports version of sancp. If you still want to maintain -the customized sancp.conf file, then copy the new sancp.conf-sample -file to sguild-sancp.conf (for example) and add -sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf. diff --git a/security/sguil-sensor/files/sancp_agent.in b/security/sguil-sensor/files/sancp_agent.in deleted file mode 100644 index 2ecfb27d8e87..000000000000 --- a/security/sguil-sensor/files/sancp_agent.in +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: sancp_agent -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable sancp_agent: -# sancp_agent_enable (bool): Set to YES to enable sancp_agent -# Default: NO -# sancp_agent_conf (str): Sancp_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf -# sancp_agent_flags (str): Default: -D -# - -. /etc/rc.subr - -name="sancp_agent" -rcvar=sancp_agent_enable -load_rc_config sancp_agent - -#set defaults -: ${sancp_agent_enable:="NO"} -: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"} -: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"} - -command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl" -procname="%%PREFIX%%/bin/%%TCLSH%%" -pidfile="/var/run/${name}.pid" - -run_rc_command "$1" diff --git a/security/sguil-sensor/files/snort_agent.in b/security/sguil-sensor/files/snort_agent.in deleted file mode 100644 index 28df9adb2ee9..000000000000 --- a/security/sguil-sensor/files/snort_agent.in +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: snort_agent -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following line to /etc/rc.conf to enable snort_agent: -# snort_agent_enable (bool): Set to YES to enable snort_agent -# Default: NO -# snort_agent_conf (str): Snort_agent configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf -# snort_agent_flags (str): Default: -D -# - -. /etc/rc.subr - -name="snort_agent" -rcvar=snort_agent_enable -load_rc_config snort_agent - -#set defaults -: ${snort_agent_enable:="NO"} -: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"} -: ${snort_agent_flags:="-D -c ${snort_agent_conf}"} - -command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl" -procname="%%PREFIX%%/bin/%%TCLSH%%" -pidfile="/var/run/${name}.pid" - -run_rc_command "$1" diff --git a/security/sguil-sensor/pkg-descr b/security/sguil-sensor/pkg-descr deleted file mode 100644 index 8700cb449820..000000000000 --- a/security/sguil-sensor/pkg-descr +++ /dev/null @@ -1,17 +0,0 @@ -Sguil (pronounced "sgweel") is a graphical interface to snort -(www.snort.org), an open source intrusion detection system. -The actual interface and GUI server are written in tcl/tk -(www.tcl.tk). Sguil also relies on other open source software -in order to function properly. - -The sensor list includes security/barnyard2-sguil, security/snort, -security/sancp, net-mgmt/pads, tcpdump (a part of the OS) -and devel/tcltls as well as lang/tcl84 and lang/tclX. Care -has been taken to ensure that everything you need to build -a working sguil operation is in the FreeBSD ports system or -is part of the OS already. - -Sguil currently functions as an analysis interface and has -rule management capabilities. - -WWW: http://sguil.sourceforge.net/index.php diff --git a/security/sguil-sensor/pkg-plist b/security/sguil-sensor/pkg-plist deleted file mode 100644 index 135ceb35bf63..000000000000 --- a/security/sguil-sensor/pkg-plist +++ /dev/null @@ -1,41 +0,0 @@ -bin/%%SGUILDIR%%/log_packets-daemonlogger.sh -bin/%%SGUILDIR%%/log_packets.sh -bin/%%SGUILDIR%%/pcap_agent.tcl -bin/%%SGUILDIR%%/snort_agent.tcl -etc/%%SGUILDIR%%/pcap_agent.conf-sample -etc/%%SGUILDIR%%/snort_agent.conf-sample -share/%%SGUILDIR%%/contrib/ossec_agent/README -share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf -share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl -share/%%SGUILDIR%%/contrib/portscan_loader/Makefile -share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c -share/%%SGUILDIR%%/init/sensoragent -%%PORTDOCS%%%%DOCSDIR%%/CHANGES -%%PORTDOCS%%%%DOCSDIR%%/FAQ -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd -%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/UPGRADE -%%PORTDOCS%%%%DOCSDIR%%/USAGE -%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia -%%PORTDOCS%%%%DOCSDIR%%/README.daemonlogger -%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl -%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample -%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh -%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl -%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl -%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample -%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample -%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample -%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample -%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap -@dirrm share/%%SGUILDIR%%/init -@dirrm share/%%SGUILDIR%%/contrib/portscan_loader -@dirrm share/%%SGUILDIR%%/contrib/ossec_agent -@dirrm share/%%SGUILDIR%%/contrib -@dirrm share/%%SGUILDIR%% -@dirrmtry etc/%%SGUILDIR%% -@dirrm bin/%%SGUILDIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%% diff --git a/security/sguil-server/Makefile b/security/sguil-server/Makefile deleted file mode 100644 index e142c2148de0..000000000000 --- a/security/sguil-server/Makefile +++ /dev/null @@ -1,89 +0,0 @@ -# Created by: Paul Schmehl -# $FreeBSD$ - -PORTNAME= sguil-server -PORTVERSION= 0.8.0 -CATEGORIES= security -MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION} - -MAINTAINER= pauls@utdallas.edu -COMMENT= Sguil is a network security monitoring program - -RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \ - p0f:${PORTSDIR}/net-mgmt/p0f \ - tcpflow:${PORTSDIR}/net/tcpflow \ - dtplite:${PORTSDIR}/devel/tcllib \ - ${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX - -OPTIONS_DEFINE= MYSQL -MYSQL_DESC= Depend on databases/mysqltcl - -LICENSE_NAME= QPLv1.0 -LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL -LICENSE_PERMS= auto-accept - -IS_INTERACTIVE= yes -NO_BUILD= yes -USE_RC_SUBR= sguild -TCL_VER= 8.5 -TCLSH= tclsh${TCL_VER} -MYSQLTCL_CMDS= cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION -SGUILDIR?= sguild -WRKSRC= ${WRKDIR}/sguil-${PORTVERSION} -PATCH_WRKSRC= ${WRKSRC}/server -PLIST_SUB= SGUILDIR=${SGUILDIR} -SUB_FILES= pkg-message pkg-install pkg-deinstall -SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH} -CONFS= autocat.conf sguild.access sguild.email sguild.reports sguild.conf sguild.queries sguild.users - -PORTDOCS1= README -PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia - -NO_STAGE= yes -.include - -.if ${PORT_OPTIONS:MMYSQL} - @${ECHO_CMD} $$(${MYSQLTCL_CMDS}) - RUN_DEPENDS+= ${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl -.endif - -post-patch: - @${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \ - ${PATCH_WRKSRC}/sguild - -pre-install: -.if !defined(BATCH) && !defined(PACKAGE_BUILDING) - @${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \ - ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL -.endif - @${MKDIR} ${PREFIX}/etc/${SGUILDIR} - @${MKDIR} ${PREFIX}/lib/${SGUILDIR} - @${MKDIR} ${PREFIX}/share/${SGUILDIR} - @${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib - @${MKDIR} /var/run/${SGUILDIR} -do-install: - (cd ${WRKSRC}/server/lib && ${COPYTREE_BIN} \* ${PREFIX}/lib/${SGUILDIR}) - (cd ${WRKSRC}/server/sql_scripts && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}) - (cd ${WRKSRC}/server/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib) -.for f in sguild - ${INSTALL_SCRIPT} -m 555 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f} -.endfor -.for f in ${CONFS} - ${INSTALL_DATA} -m 441 ${PATCH_WRKSRC}/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample -.endfor - -post-install: -.if !defined(BATCH) && !defined(PACKAGE_BUILDING) - @${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \ - ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL -.endif - -.if ${PORT_OPTIONS:MDOCS} - @${MKDIR} ${DOCSDIR} - cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR} - cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR} -.endif - - @${CAT} ${PKGMESSAGE} - -.include diff --git a/security/sguil-server/distinfo b/security/sguil-server/distinfo deleted file mode 100644 index f2f7f07f5447..000000000000 --- a/security/sguil-server/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (sguil-server-0.8.0.tar.gz) = faa7152ddbdc0ba797c79d6419bf3ae50bfd6dbba4b2cd28ccb04a55ef788360 -SIZE (sguil-server-0.8.0.tar.gz) = 102236 diff --git a/security/sguil-server/files/patch-lib-SguildLoaderd.tcl b/security/sguil-server/files/patch-lib-SguildLoaderd.tcl deleted file mode 100644 index 8322224335d1..000000000000 --- a/security/sguil-server/files/patch-lib-SguildLoaderd.tcl +++ /dev/null @@ -1,29 +0,0 @@ ---- lib/SguildLoaderd.tcl.orig 2012-10-12 21:07:19.000000000 +0000 -+++ lib/SguildLoaderd.tcl 2012-10-12 21:15:06.000000000 +0000 -@@ -124,7 +124,7 @@ - INDEX dst_port (dst_port), \ - INDEX src_port (src_port), \ - INDEX start_time (start_time) \ -- ) \ -+ )ENGINE=MyISAM \ - " - - # Create the table -@@ -177,7 +177,7 @@ - INDEX dst_port (dst_port), \ - INDEX src_port (src_port), \ - INDEX start_time (start_time) \ -- ) TYPE=MERGE UNION=([join $tmpTables ,]) \ -+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \ - " - # Create our MERGE sancp table - mysqlexec $dbSocketID $createQuery -@@ -220,7 +220,7 @@ - } else { - # Make sure its a MERGE table and not the old monster - set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist] -- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } { -+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } { - - ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\ - sguil database schema that does not support the MERGE sancp\n\ diff --git a/security/sguil-server/files/patch-lib-SguildMysqlMerge.tcl b/security/sguil-server/files/patch-lib-SguildMysqlMerge.tcl deleted file mode 100644 index 1ff8443d25c2..000000000000 --- a/security/sguil-server/files/patch-lib-SguildMysqlMerge.tcl +++ /dev/null @@ -1,11 +0,0 @@ ---- lib/SguildMysqlMerge.tcl.orig 2012-10-12 21:18:22.000000000 +0000 -+++ lib/SguildMysqlMerge.tcl 2012-10-12 21:19:41.000000000 +0000 -@@ -9,7 +9,7 @@ - set tmpQry "SHOW TABLE STATUS LIKE '$tableName'" - set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist] - -- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } { -+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } { - - # Non MERGE table found. - set errorMsg "\n*************************************************************\n diff --git a/security/sguil-server/files/patch-sguild b/security/sguil-server/files/patch-sguild deleted file mode 100644 index 360faab85816..000000000000 --- a/security/sguil-server/files/patch-sguild +++ /dev/null @@ -1,99 +0,0 @@ ---- sguild.orig 2012-12-17 20:54:14.000000000 +0000 -+++ sguild 2012-12-17 20:56:47.000000000 +0000 -@@ -1,6 +1,4 @@ - #!/bin/sh --# Run tcl from users PATH \ --exec tclsh "$0" "$@" - - # $Id: sguild,v 1.193 2011/05/29 15:41:16 bamm Exp $ # - -@@ -218,7 +216,7 @@ - ################################## - - # Do all priv account actions here. --# Open log files/etc. Privs will be dropped after. -+# Open log files/usr/local/etc. Privs will be dropped after. - - if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild } - -@@ -318,7 +316,7 @@ - # Check for certs - if {![info exists CERTS_PATH]} { - -- set CERTS_PATH /etc/sguild/certs -+ set CERTS_PATH /usr/local/etc/sguild/certs - - } - -@@ -348,13 +346,13 @@ - - if { ![info exists CONF_FILE] } { - # No conf file specified check the defaults -- if { [file exists /etc/sguild/sguild.conf] } { -- set CONF_FILE /etc/sguild/sguild.conf -+ if { [file exists /usr/local/etc/sguild/sguild.conf] } { -+ set CONF_FILE /usr/local/etc/sguild/sguild.conf - } elseif { [file exists ./sguild.conf] } { - set CONF_FILE ./sguild.conf - } else { - puts "Couldn't determine where the sguil config file is" -- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf." -+ puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf." - DisplayUsage $argv0 - } - } -@@ -476,8 +474,8 @@ - # Load accessfile - if { ![info exists ACCESS_FILE] } { - # Check the defaults -- if { [file exists /etc/sguild/sguild.access] } { -- set ACCESS_FILE "/etc/sguild/sguild.access" -+ if { [file exists /usr/local/etc/sguild/sguild.access] } { -+ set ACCESS_FILE "/usr/local/etc/sguild/sguild.access" - } elseif { [file exists ./sguild.access] } { - set ACCESS_FILE "./sguild.access" - } else { -@@ -491,8 +489,8 @@ - } - # Load auto cat config - if { ![info exists AUTOCAT_FILE] } { -- if { [file exists /etc/sguild/autocat.conf] } { -- set AUTOCAT_FILE "/etc/sguild/autocat.conf" -+ if { [file exists /usr/local/etc/sguild/autocat.conf] } { -+ set AUTOCAT_FILE "/usr/local/etc/sguild/autocat.conf" - } else { - set AUTOCAT_FILE "./autocat.conf" - } -@@ -502,8 +500,8 @@ - } - # Load email config file - if { ![info exists EMAIL_FILE] } { -- if { [file exists /etc/sguild/sguild.email] } { -- set EMAIL_FILE "/etc/sguild/sguild.email" -+ if { [file exists /usr/local/etc/sguild/sguild.email] } { -+ set EMAIL_FILE "/usr/local/etc/sguild/sguild.email" - } else { - set EMAIL_FILE "./sguild.email" - } -@@ -515,8 +513,8 @@ - } - # Load global queries. - if { ![info exists GLOBAL_QRY_FILE] } { -- if { [file exists /etc/sguild/sguild.queries] } { -- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries" -+ if { [file exists /usr/local/etc/sguild/sguild.queries] } { -+ set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries" - } else { - set GLOBAL_QRY_FILE "./sguild.queries" - } -@@ -528,8 +526,8 @@ - } - # Load report queries. - if { ![info exists REPORT_QRY_FILE] } { -- if { [file exists /etc/sguild/sguild.reports] } { -- set REPORT_QRY_FILE "/etc/sguild/sguild.reports" -+ if { [file exists /usr/local/etc/sguild/sguild.reports] } { -+ set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports" - } else { - set REPORT_QRY_FILE "./sguild.reports" - } diff --git a/security/sguil-server/files/patch-sguild.access b/security/sguil-server/files/patch-sguild.access deleted file mode 100644 index 1805d67d53c3..000000000000 --- a/security/sguil-server/files/patch-sguild.access +++ /dev/null @@ -1,12 +0,0 @@ ---- sguild.access.orig 2008-04-03 17:55:46.000000000 -0500 -+++ sguild.access 2008-04-03 17:56:50.000000000 -0500 -@@ -4,7 +4,8 @@ - # This file is used by sguild for access control. It is read upon init # - # or when sguild receives a HUP signal. # - # # --# By default, sguild will look first for /etc/sguild/sguild.access, # -+# By default, sguild will look first for # -+# /usr/local/etc/sguild/sguild.access, # - # then ./sguild.access unless the -A /path/to/sguild.access switch # - # is used. # - # # diff --git a/security/sguil-server/files/patch-sguild.conf b/security/sguil-server/files/patch-sguild.conf deleted file mode 100644 index 6bbc237e1f78..000000000000 --- a/security/sguil-server/files/patch-sguild.conf +++ /dev/null @@ -1,28 +0,0 @@ ---- sguild.conf.orig 2008-04-03 17:47:18.000000000 -0500 -+++ sguild.conf 2008-04-03 17:53:11.000000000 -0500 -@@ -1,7 +1,7 @@ - # $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ # - - # Path the sguild libs --set SGUILD_LIB_PATH ./lib -+set SGUILD_LIB_PATH /usr/local/lib/sguild - - # DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty. - set DEBUG 2 -@@ -63,7 +63,7 @@ - - # You MUST have tcpflow installed to get xscripts - # http://www.circlemud.org/~jelson/software/tcpflow/ --set TCPFLOW "/usr/bin/tcpflow" -+set TCPFLOW "/usr/local/bin/tcpflow" - - # p0f - (C) Michal Zalewski , William Stearns - # If you have p0f (a passive OS fingerprinting system) installed, you can have -@@ -74,6 +74,6 @@ - - # Path the the p0f binary. Switches -q and -s are appended on exec, - # add any others you may need here. --set P0F_PATH "/usr/sbin/p0f" -+set P0F_PATH "/usr/local/bin/p0f" - - # Email config moved to sguild.email diff --git a/security/sguil-server/files/patch-sql_scripts-create_sguildb.sql b/security/sguil-server/files/patch-sql_scripts-create_sguildb.sql deleted file mode 100644 index 4d18ed1a91ac..000000000000 --- a/security/sguil-server/files/patch-sql_scripts-create_sguildb.sql +++ /dev/null @@ -1,176 +0,0 @@ ---- sql_scripts/create_sguildb.sql.orig 2012-10-12 21:39:20.000000000 +0000 -+++ sql_scripts/create_sguildb.sql 2012-10-12 21:53:42.000000000 +0000 -@@ -3,7 +3,7 @@ - -- CREATE DATABASE IF NOT EXISTS sguildb; - -- USE sguildb; - ---- Depreciated for MRG_MyISAM tables -+-- Deprecated for MRG_MyISAM tables - -- CREATE TABLE event - -- ( - -- sid INT UNSIGNED NOT NULL, -@@ -52,7 +52,7 @@ - -- INDEX status (status), - -- INDEX abuse_queue (abuse_queue), - -- INDEX abuse_sent (abuse_sent) ---- ); -+-- )ENGINE=MyISAM; - - -- CREATE TABLE tcphdr - -- ( -@@ -66,7 +66,8 @@ - -- tcp_win SMALLINT UNSIGNED, - -- tcp_csum SMALLINT UNSIGNED, - -- tcp_urp SMALLINT UNSIGNED, ---- PRIMARY KEY (sid,cid)); -+-- PRIMARY KEY (sid,cid) -+-- )ENGINE=MyISAM; - -- - -- CREATE TABLE udphdr - -- ( -@@ -74,7 +75,8 @@ - -- cid INT UNSIGNED NOT NULL, - -- udp_len SMALLINT UNSIGNED, - -- udp_csum SMALLINT UNSIGNED, ---- PRIMARY KEY (sid,cid)); -+-- PRIMARY KEY (sid,cid) -+-- )ENGINE=MyISAM; - -- - -- CREATE TABLE icmphdr - -- ( -@@ -83,14 +85,16 @@ - -- icmp_csum SMALLINT UNSIGNED, - -- icmp_id SMALLINT UNSIGNED, - -- icmp_seq SMALLINT UNSIGNED, ---- PRIMARY KEY (sid,cid)); -+-- PRIMARY KEY (sid,cid) -+-- )ENGINE=MyISAM; - -- - -- CREATE TABLE data - -- ( - -- sid INT UNSIGNED NOT NULL, - -- cid INT UNSIGNED NOT NULL, - -- data_payload TEXT, ---- PRIMARY KEY (sid,cid)); -+-- PRIMARY KEY (sid,cid) -+-- )ENGINE=MyISAM; - - CREATE TABLE sensor - ( -@@ -101,13 +105,13 @@ - interface VARCHAR(255), - description TEXT, - bpf_filter TEXT, -- updated TIMESTAMP(14) NOT NULL, -+ updated TIMESTAMP NOT NULL, - active ENUM('Y','N') DEFAULT 'Y', - ip VARCHAR(15) DEFAULT NULL, - public_key VARCHAR(255) DEFAULT NULL, - PRIMARY KEY (sid), - INDEX hostname_idx (hostname) --); -+)ENGINE=MyISAM; - - CREATE TABLE portscan - ( -@@ -119,9 +123,10 @@ - dst_port INT UNSIGNED, - data TEXT, - INDEX ps_src_ip (src_ip), -- INDEX ps_timestamp (timestamp)); -+ INDEX ps_timestamp (timestamp) -+)ENGINE=MyISAM; - ---- Depreciated -+-- Deprecated - -- CREATE TABLE sessions ( - -- sid INT UNSIGNED NOT NULL, - -- xid BIGINT UNSIGNED NOT NULL, -@@ -142,7 +147,8 @@ - -- INDEX server (src_ip), - -- INDEX client (dst_ip), - -- INDEX sport (src_port), ---- INDEX cport (dst_port)); -+-- INDEX cport (dst_port) -+-- )ENGINE=MyISAM; - - CREATE TABLE status - ( -@@ -150,7 +156,7 @@ - description VARCHAR(255) NOT NULL, - long_desc VARCHAR(255), - PRIMARY KEY (status_id) --); -+)ENGINE=MyISAM; - - CREATE TABLE history - ( -@@ -161,7 +167,7 @@ - status SMALLINT UNSIGNED NOT NULL, - comment VARCHAR(255), - INDEX log_time (timestamp) --); -+)ENGINE=MyISAM; - - CREATE TABLE user_info - ( -@@ -170,7 +176,7 @@ - last_login DATETIME, - password VARCHAR(42), - PRIMARY KEY (uid) --); -+)ENGINE=MyISAM; - - CREATE TABLE nessus_data - ( -@@ -179,7 +185,8 @@ - nessus_id INT UNSIGNED, - level VARCHAR(20), - description TEXT, -- INDEX rid (rid)); -+ INDEX rid (rid) -+)ENGINE=MyISAM; - - CREATE TABLE nessus - ( -@@ -189,7 +196,8 @@ - timestart DATETIME, - timeend DATETIME, - PRIMARY KEY (rid), -- INDEX ip (ip)); -+ INDEX ip (ip) -+)ENGINE=MyISAM; - - CREATE TABLE IF NOT EXISTS `pads` - ( -@@ -204,10 +212,10 @@ - application VARCHAR(255) NOT NULL, - hex_payload VARCHAR(255), - PRIMARY KEY (sid,asset_id) --); -+)ENGINE=MyISAM; - - -- ---- Depreciated for MERGE tables -+-- Deprecated for MERGE tables - -- CREATE TABLE sancp - -- ( - -- sid INT UNSIGNED NOT NULL, -@@ -232,7 +240,7 @@ - -- INDEX dst_port (dst_port), - -- INDEX src_port (src_port), - -- INDEX start_time (start_time) ---- ); -+-- )ENGINE=MyISAM; - -- - - INSERT INTO status (status_id, description, long_desc) VALUES (0, "New", "Real Time Event"); -@@ -251,7 +259,7 @@ - ( - version VARCHAR(32), - installed DATETIME --); -+)ENGINE=MyISAM; - - INSERT INTO version (version, installed) VALUES ("0.13", now()); - diff --git a/security/sguil-server/files/patch-sql_scripts-sancp_cleanup.tcl b/security/sguil-server/files/patch-sql_scripts-sancp_cleanup.tcl deleted file mode 100644 index ff82d972afc8..000000000000 --- a/security/sguil-server/files/patch-sql_scripts-sancp_cleanup.tcl +++ /dev/null @@ -1,11 +0,0 @@ ---- sql_scripts/sancp_cleanup.tcl.orig 2011-08-11 20:31:07.000000000 +0000 -+++ sql_scripts/sancp_cleanup.tcl 2011-08-11 20:31:26.000000000 +0000 -@@ -214,7 +214,7 @@ - INDEX dst_port (dst_port), \ - INDEX src_port (src_port), \ - INDEX start_time (start_time) \ -- ) TYPE=MERGE UNION=([join $tmpTables ,]) \ -+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \ - " - # Create our MERGE sancp table - mysqlexec $dbSocketID $createQuery diff --git a/security/sguil-server/files/pkg-deinstall.in b/security/sguil-server/files/pkg-deinstall.in deleted file mode 100644 index 2898079687aa..000000000000 --- a/security/sguil-server/files/pkg-deinstall.in +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -USER="sguil" - -# Make sure we're in the right stage of the process -if [ "$2" = "DEINSTALL" ]; then - echo "Stopping sguild......" - %%PREFIX%%/etc/rc.d/sguild onestop - %%PREFIX%%/etc/rc.d/sguild onepoll - if [ ! ${BATCH} ]; then - echo "Would you like to remove the sguild certs?" ; read ans - case "$ans" in - y*|Y*) - if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key ]; then - rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key - fi - if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem ]; then - rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem - fi - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - cd %%PREFIX%%/etc/%%SGUILDIR%% || exit 1 -# Remove the conf files *if* they have not been altered - for f in autocat.conf sguild.access sguild.conf sguild.email \ - sguild.queries sguild.reports sguild.users; do - cmp -s -z ${f} ${f}-sample && rm ${f} - done -# Remove the user and group if the installer chooses to - echo "Would you like to remove the sguil user and group?" ; read ans - case "$ans" in - y*|Y*) - if pw usershow "${USER}" 2>/dev/null 1>&2; then - pw userdel -n sguil - fi - if pw groupshow "${USER}" 2>/dev/null 1>&2; then - pw groupdel -n sguil - fi - ;; - n*|N*) - ;; - *) - ;; - esac - fi -fi -if [ "$2" = "POST-DEINSTALL" ]; then - # If the user exists, then display a message - if pw usershow "${USER}" 2>/dev/null 1>&2; then - echo "To delete the '${USER}' user permanently, use 'pw userdel ${USER}'" - fi - # If the group exists, then display a message - if pw groupshow "${USER}" 2>/dev/null 1>&2; then - echo "To delete the '${USER}' group permanently, use 'pw groupdel ${USER}'" - fi -fi - -exit 0 diff --git a/security/sguil-server/files/pkg-install.in b/security/sguil-server/files/pkg-install.in deleted file mode 100644 index 0428731bc0a4..000000000000 --- a/security/sguil-server/files/pkg-install.in +++ /dev/null @@ -1,410 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# This script and its implementation borrows heavily from the www/squid port, and I owe a debt to the -# maintainer for saving me a lot of time. The bold font trick that I use extensively was picked up -# at http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/lsst/ch08.html#q16 -# I also owe a debt to all those who have posted shell scripting tutorials to the web and to the FreeBSD -# developers from whose OS I stole a few tricks as well. - -# Set up some paths and variables for later use -PATH=/bin:/usr/bin:/usr/sbin:%%PREFIX%%/bin -pkgname=$1 -rootpwd='' -confdir="${PKG_PREFIX:-%%PREFIX%%}/etc" -portdir="${CURDIR:-%%CURDIR%%}" -scriptdir="${WRKSRC:-%%WRKSRC%%}/server/sql_scripts" -if [ -x /usr/sbin/nologin ]; then - nologin=/usr/sbin/nologin -else - nologin=/sbin/nologin -fi -# Source rc.conf for later -if [ -z "${source_rc_confs_defined}" ]; then - if [ -r /etc/defaults/rc.conf ]; then - . /etc/defaults/rc.conf - source_rc_confs - elif [ -r /etc/rc.conf ]; then - . /etc/rc.conf - fi -fi -sguil_user="sguil" -sguil_group="sguil" -case $2 in -PRE-INSTALL) -echo "This sguild install script creates a \"turnkey\" install " -echo "of sguild, including configuing the database and conf files" -echo "and user accounts so that sguild can be started immediately." -echo "" -echo "You may have already done all this (especially if this is an upgrade)" -echo "and may not be interested in iterating through cert creation and" -echo "everything else that the script does." -echo "" -echo "This portion of the script creates user and group accounts named \"sguil\"." -echo "Would you like to opt out of this portion of the install script " ; read ans -case "$ans" in - y*|Y*) - exit 0 - ;; - n*|N*) - ;; - *) - exit 64 - ;; -esac - echo "==> Pre-installation configuration of ${pkgname}" - if ! pw groupshow ${sguil_group} -q >/dev/null ; then - if ! pw groupadd ${sguil_group} -q; then - echo "Failed to create group \"${sguil_group}\"!" >&2 - echo "Please create it manually." >&2 - exit 1 - else - echo "Group '%{sguil-group}' created successfully." - pw groupshow ${sguil_group} - fi - fi - if ! pw usershow ${sguil_user} -q >/dev/null ; then - if ! pw useradd -q -n ${sguil_user} \ - -g ${sguil_group} -s "${nologin}" \ - -h - ; then - echo "Failed to create user '%{sguil_user}'!" >&2 - echo "Please create it manually." >&2 - exit 1 - else - echo "User '${sguil_user}' create successfully." - pw usershow ${sguil_user} - fi - fi - for dir in %%PREFIX%%/lib/%%SGUILDIR%% /var/run/%%SGUILDIR%% ; do - if [ ! -d ${dir} ]; then - echo "Creating ${dir} ...." - install -d -o ${sguil_user} -g ${sguil_group} \ - -m 0750 ${dir} - fi - done - ;; -POST-INSTALL) -echo "This sguild install script creates a \"turnkey\" install " -echo "of sguild, including configuing the database and conf files" -echo "and user accounts so that sguild can be started immediately." -echo "" -echo "You may have already done all this (especially if this is an upgrade)" -echo "and may not be interested in iterating through cert creation and" -echo "everything else that the script does." -echo "" -echo "Would you like to opt out of the entire install script " -echo "and configure sguild manually yourself?" ; read ans -case "$ans" in - y*|Y*) - exit 0 - ;; - n*|N*) - ;; - *) - exit 64 - ;; -esac - echo -e "\033[1mThere are a few things that need to be done to complete the install." - echo -e "\033[0mFirst, you need to create certs so that the ssl connections between server and " - echo "sensors will work, you need to create the database, the account to access it and " - echo "the tables for the database and you need to create the directories where all the " - echo "data will be stored. (You will also need to edit the conf files for your setup.)" - echo "" - echo "If you haven't already done this, I can do it for you now." - echo "Would you like to create certs now? (y for yes, n for no)"; read ans - case "$ans" in - y*|Y*) - for dir in %%SGUILDIR%%/certs ; do - if [ ! -d ${confdir}/${dir} ]; then - echo "Creating ${confdir}/${dir} ...." - install -d -o ${sguil_user} -g ${sguil_group} \ - -m 0750 ${confdir}/${dir} - fi - done - echo -e "\033[1mFirst we need to create a password-protected CA cert." - echo "" - echo -e "\033[0m(The Common Name should be the FQHN of your squil server.)" - openssl req -out CA.pem -new -x509 - echo "Now we need to create a server certificate/key pair." - openssl genrsa -out sguild.key 1024 - echo -e "\033[1mNow we need to create a certificate request to be signed by the CA." - echo "DO NOT password protect your server key. If you do, you will be required" - echo "to enter the password every time you start the server." - echo -e "\033[0m" - openssl req -key sguild.key -new -out sguild.req - echo "Now we need to create the actual certificate for your server." - echo 44 > file.sr1 - openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem - echo "Finally, we need to move the certs to the '${confdir}/%%SGUILDIR%%/certs}' directory " - echo "and clean up the port directory as well." - for files in sguild.key sguild.pem; do - mv ${portdir}/$files ${confdir}/%%SGUILDIR%%/certs/ - done - for files in CA.pem privkey.pem sguild.req file.sr1; do - rm ${portdir}/$files - done - ;; - n*|N*) - echo -e "\033[1mSSL is now required for all connections between server, sensors and clients." - echo "If you haven't already created certs, you will need to do that before sguil will work." - echo -e "\033[0m" - echo "" - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mIs the installation of mysql brand new and unaltered?" - echo -e "\033[0mBy default, when mysql is installed, it creates five accounts." - echo "None of those accounts are protected by passwords. That needs to be corrected." - echo "The five accounts are:" - echo " root@localhost" - echo " root@127.0.0.1" - echo " root@`hostname`" - echo " @localhost" - echo " @`hostname`" - echo "I can remove all of the accounts except root@localhost (highly recommended) " - echo "and I can set the password for the root@localhost account. (If you get an error " - echo "don't worry about it. The account may not have been created to begin with." - echo "Would you like me to do that now?" ; read ans - case "$ans" in - y*|Y*) - echo "Enabling mysql in /etc/rc.conf and starting the server....." - case ${mysql_enable} in - [Yy][Ee][Ss]) - echo -e "\033[1mIt appears that mysql is already enabled!" - echo -e "\033[0m" - ;; - *) - echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf - echo "mysql_enable=\"YES\"" >> /etc/rc.conf - ;; - esac - mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'` - echo "The mysql pid is ${mysql_pid}...." - if [ -z ${mysql_pid} ]; then - %%PREFIX%%/etc/rc.d/mysql-server start - fi - sleep 1 - mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'` - if [ -s ${mysql_pid} ]; then - echo "The mysql server did not start. Please fix the problem " - echo "and run this script again." - exit 64 - fi - echo "Deleting users from mysql......" - mysql -u root -e "USE mysql; DROP USER 'root'@'127.0.0.1';" - mysql -u root -e "USE mysql; DROP USER 'root'@'`hostname`';" - mysql -u root -e "USE mysql; DROP USER ''@'localhost';" - mysql -u root -e "USE mysql; DROP USER ''@'`hostname`';" - echo "All done deleting......." - echo "What would you like root@localhost's password to be?" ; read rootpwd - mysql -u root -e "USE mysql; SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpwd');" - mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES;" - ;; - n*|N*) - echo "Before you use the database, you should at least set passwords" - echo "for all the accounts. Otherwise anyone can login to your database." - echo "To remove an account, use \"drop user 'user'@'host'\"." - echo "To set a password for an account, use \"SET PASSWORD FOR 'user'@'host' = PASSWORD('passwd')\"." - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mWould you like to bind mysql to localhost so it only listens on that address?" - echo -e "\033[0m" ; read ans - case "$ans" in - y*|Y*) - if [ ! -f /etc/my.cnf ]; then - echo "[mysqld]" >> /etc/my.cnf - echo "bind-address=127.0.0.1" >> /etc/my.cnf - echo "socket=/tmp/mysql.sock" >> /etc/my.cnf - echo "ft_min_word_len=3" >> /etc/my.cnf - mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'` - echo "The mysql pid is ${mysql_pid}...." - if [ -z ${mysql_pid} ]; then - %%PREFIX%%/etc/rc.d/mysql-server start - else - %%PREFIX%%/etc/rc.d/mysql-server restart - fi - else - echo "/etc/my.cnf already exists!" - echo "add \"bind-address=127.0.0.1\" in the [mysqld] section " - echo "to force mysql to listen only on localhost." - echo "Then restart the server to accept the new settings." - fi - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mWould you like to create the database to store all nsm data?" - echo -e "\033[0m" ; read ans - echo "NOTE: If you're upgrading, you do NOT want to do this! You want to upgrade." - case "$ans" in - y*|Y*) - if [ -z ${rootpwd} ]; then - echo "What is the password for the mysql root user?"; read rootpwd - fi - mysql -u root -p${rootpwd} -e "create database sguildb" - mysql -u root -p${rootpwd} -D sguildb < ${scriptdir}/create_sguildb.sql - ;; - n*|N*) - echo -e "\033[1mPlease note: if you are upgrading from a previous version " - echo "of sguil, you need to run the upgrade_0.7.tcl script located in " - echo "'${scriptdir}'." - echo -e "\033[0mIf you've already cleaned the port directory, run " - echo "make extract to recover the files and access the script." - echo "" - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mWould you like to create a user \"sguild@localhost\" for database access?" - echo -e "\033[0m" ; read ans - case "$ans" in - y*|Y*) - if [ -z ${rootpwd} ]; then - echo "Please enter the password for the mysql root account." ; read rootpwd - fi - echo -e "\033[1mPlease enter the password that you want to use for the sguild account." - echo -e "\033[0m"; read sguildpwd - echo "Creating account for sguild with access to sguildb....." - mysql -u root -p${rootpwd} -e "GRANT ALTER,CREATE,DELETE,DROP,INDEX,INSERT,SELECT,UPDATE on sguildb.* \ - to 'sguild'@'localhost' IDENTIFIED BY '${sguildpwd}'" - mysql -u root -p${rootpwd} -e "GRANT FILE on *.* to 'sguild'@'localhost'" - mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES" - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mWould you like to create the data directory and all its subdirectories?" - echo -e "\033[0m"; read ans - case "$ans" in - y*|Y*) - echo "What do you want the name of the main directory to be?" - echo "(Be sure to include the full path to the directory - e.g. /var/nsm)" ; read maindir - echo "The main directory will be named '${maindir}'." - for dir in ${maindir} ${maindir}/archives ${maindir}/rules ${maindir}/load ; do - if [ ! -d ${dir} ]; then - echo "Creating ${dir} ...." - install -d -o ${sguil_user} -g ${sguil_group} \ - -m 0750 ${dir} - else - echo -e "\033[1mThe directory '${dir}' already exists!" - echo -e "\033[0m" - fi - done - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mWould you like to enable sguild in /etc/rc.conf?" - echo -e "\033[0m"; read ans - case "$ans" in - y*|Y*) - case ${sguild_enable} in - [Yy][Ee][Ss]) - echo -e "\033[1mIt appears that sguild is already enabled!" - echo -e "\033[0m" - ;; - *) - echo -e i"\033[1mWriting to /etc/rc.conf...." - echo -e "\033[0m" - echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf - echo "sguild_enable=\"YES\"" >> /etc/rc.conf - ;; - esac - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - echo -e "\033[1mIf the sguild.conf file does not exist, I will create and edit it now." - echo -e "\033[0m" - if [ -f ${confdir}/%%SGUILDIR%%/sguild.conf ]; then - echo "The sguild.conf file already exists!" - echo "Do you want me to edit it anyway?" ; read ans - case "$ans" in - y*|Y*) - echo -e "\033[1mPreparing to edit the sguild.conf file......" - if [ -z ${maindir} ]; then - echo "There's a couple of things I need to verify before continuing." - echo "What is the name of the main nsm directory that you are using?" - echo -e "\033[0m" ; read ans - maindir="$ans" - fi - if [ -z ${sguildpwd} ]; then - echo -e "\033[1mWhat is the password for the sguild database user?" - echo -e "\033[0m" ; read ans - sguildpwd="$ans" - fi - sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \ - -e 's|sguild_data|'"${maindir}"'|' \ - < ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf - ;; - n*|N*) - ;; - *) - exit 64 - ;; - esac - else - echo -e "\033[1mPreparing to edit the sguild.conf file......" - if [ -z ${maindir} ]; then - echo "There's a couple of things I need to verify before continuing." - echo "What is the name of the main nsm directory that you are using?" - echo -e "\033[0m" ; read ans - maindir="$ans" - fi - if [ -z ${sguildpwd} ]; then - echo -e "\033[1mWhat is the password for the sguild database user?" - echo -e "\033[0m" ; read ans - sguildpwd="$ans" - fi - sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \ - -e 's|sguild_data|'"${maindir}"'|' \ - < ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf - fi - if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.users ]; then - cp ${confdir}/%%SGUILDIR%%/sguild.users-sample ${confdir}/%%SGUILDIR%%/sguild.users - fi - if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.access ]; then - cp ${confdir}/%%SGUILDIR%%/sguild.access-sample ${confdir}/%%SGUILDIR%%/sguild.access - fi - echo -e "\033[1mYou still need to review all the conf files and configure sguil " - echo "per your desired setup before starting sguild. Refer to the port docs in " - echo "%%DOCSDIR%% before proceeding." - echo -e "\033[0m" - echo "Right now, all the conf files except sguild.conf are set to the defaults." - for files in archive_sguildb.tcl sguild incident_report.tcl ; do - if [ -f %%PREFIX%%/bin/${files} ]; then - chown ${sguil_user}:${sguil_group} %%PREFIX%%/bin/${files} - fi - done - chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/etc/%%SGUILDIR%% - chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/lib/%%SGUILDIR%% - if [ ! -f %%PREFIX%%/bin/sguild ]; then - echo "Sguild is missing! Please correct the problem before continuing!" - exit 1 - fi - ;; -*) - exit 64 - ;; -esac -exit 0 diff --git a/security/sguil-server/files/pkg-message.in b/security/sguil-server/files/pkg-message.in deleted file mode 100644 index 9e1378458ccc..000000000000 --- a/security/sguil-server/files/pkg-message.in +++ /dev/null @@ -1,35 +0,0 @@ - *********************************** - * !!!!!!!!!!! WARNING !!!!!!!!!!! * - *********************************** - -If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%% -they were not overwritten. If this is a first time install, you -must copy the sample files to the corresponding conf file and -edit the various config files for your site. See the INSTALL -doc in %%DOCSDIR%% for details. If this is an upgrade, replace -your existing conf file with the new one and edit accordingly. - -The sql scripts for creating database tables were placed in -the %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE -NOTE: LOG_DIR is not set by this install. You MUST create the -correct LOG_DIRS and put a copy of the snort rules you use in -LOG_DIR/rules. - -The sguild program was placed in %%PREFIX%%/bin/. - -Some contributed scripts were placed in -%%PREFIX%%/share/%%SGUILDIR%%/contrib - -A startup script, named sguild.sh was installed in -%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf -per the instructions in the script. - -NOTE: Sguild now runs under the sguil user account not root! - -For general questions, see the sguil faq: -http://www.vorant.com/nsmwiki/Sguil_FAQ or visit the nsm wiki: -http://www.vorant.com/nsmwiki/Main_Page - -For detailed install instructions see Richard Bejtlich's -excellent guide at his blog: -http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html diff --git a/security/sguil-server/files/sguild.in b/security/sguil-server/files/sguild.in deleted file mode 100644 index 73faef7a2e2c..000000000000 --- a/security/sguil-server/files/sguild.in +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -# $FreeBSD$ - -# PROVIDE: sguild -# REQUIRE: DAEMON -# KEYWORD: shutdown - -# Add the following lines to /etc/rc.conf to enable sguild: -# sguild_enable (bool): Set to YES to enable sguild -# Default: NO -# sguild_flags (str): Extra flags passed to sguild -# Default: -D -P ${pid} -# sguild_conf (str): Sguild configuration file -# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf -# sguild_user (str): Default: sguil -# Note: this value MUST be set in /etc/rc.conf if you do not accept the default -# user created by the pkg-install script - -. /etc/rc.subr - -name="sguild" -rcvar=sguild_enable -load_rc_config sguild -# set some defaults -: ${sguild_enable:="NO"} -: ${sguild_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"} -: ${pid:="/var/run/%%SGUILDIR%%/sguild.pid"} -: ${sguild_flags:="-D -P ${pid}"} -: ${sguild_user:="sguil"} - -command="%%PREFIX%%/bin/${name}" -procname="%%PREFIX%%/bin/%%TCLSH%%" - -run_rc_command "$1" diff --git a/security/sguil-server/pkg-descr b/security/sguil-server/pkg-descr deleted file mode 100644 index 5a17c0a57b8d..000000000000 --- a/security/sguil-server/pkg-descr +++ /dev/null @@ -1,22 +0,0 @@ -Sguil is an open source tool to implement Network -Security Monitoring (NSM). NSM is the collection, -analysis, and escalation of indications and warnings -to detect and respond to intrusions. NSM tools are -used more for network audit and specialized -applications than traditional alert-centric "intrusion -detection" systems. - -Want to learn more about Network Security Monitoring -(NSM)? Then check out Richard Bejtlich's recently -released book, The Tao of Network Security Monitoring: -Beyond Intrusion Detection. An excerpt reads: - -"Network security monitoring (NSM) equips security -staff to deal with the inevitable consequences of too -few resources and too many responsibilities. NSM collects -the data needed to generate better assessment, detection, -and response processes--resulting in decreased impact from -unauthorized activities." - -WWW: http://sguil.sourceforge.net/index.php -pauls@utdallas.edu diff --git a/security/sguil-server/pkg-plist b/security/sguil-server/pkg-plist deleted file mode 100644 index 212d16c82c28..000000000000 --- a/security/sguil-server/pkg-plist +++ /dev/null @@ -1,66 +0,0 @@ -bin/sguild -etc/%%SGUILDIR%%/autocat.conf-sample -etc/%%SGUILDIR%%/sguild.access-sample -etc/%%SGUILDIR%%/sguild.conf-sample -etc/%%SGUILDIR%%/sguild.email-sample -etc/%%SGUILDIR%%/sguild.queries-sample -etc/%%SGUILDIR%%/sguild.reports-sample -etc/%%SGUILDIR%%/sguild.users-sample -lib/%%SGUILDIR%%/SguildAccess.tcl -lib/%%SGUILDIR%%/SguildAutoCat.tcl -lib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl -lib/%%SGUILDIR%%/SguildConnect.tcl -lib/%%SGUILDIR%%/SguildCreateDB.tcl -lib/%%SGUILDIR%%/SguildEmailEvent.tcl -lib/%%SGUILDIR%%/SguildEvent.tcl -lib/%%SGUILDIR%%/SguildGenericDB.tcl -lib/%%SGUILDIR%%/SguildGenericEvent.tcl -lib/%%SGUILDIR%%/SguildHealthChecks.tcl -lib/%%SGUILDIR%%/SguildLoaderd.tcl -lib/%%SGUILDIR%%/SguildLoaderd.tcl.orig -lib/%%SGUILDIR%%/SguildMysqlMerge.tcl -lib/%%SGUILDIR%%/SguildMysqlMerge.tcl.orig -lib/%%SGUILDIR%%/SguildPadsLib.tcl -lib/%%SGUILDIR%%/SguildQueryd.tcl -lib/%%SGUILDIR%%/SguildReportBuilder.tcl -lib/%%SGUILDIR%%/SguildSendComms.tcl -lib/%%SGUILDIR%%/SguildSensorAgentComms.tcl -lib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl -lib/%%SGUILDIR%%/SguildTranscript.tcl -lib/%%SGUILDIR%%/SguildUtils.tcl -%%PORTDOCS%%%%DOCSDIR%%/CHANGES -%%PORTDOCS%%%%DOCSDIR%%/FAQ -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd -%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/TODO -%%PORTDOCS%%%%DOCSDIR%%/UPGRADE -%%PORTDOCS%%%%DOCSDIR%%/USAGE -%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia -share/%%SGUILDIR%%/contrib/incident_report.tcl -share/%%SGUILDIR%%/contrib/init/sguil -share/%%SGUILDIR%%/contrib/init/sguild -share/%%SGUILDIR%%/create_ruledb.sql -share/%%SGUILDIR%%/create_sguildb.sql -share/%%SGUILDIR%%/create_sguildb.sql.orig -share/%%SGUILDIR%%/migrate_event.tcl -share/%%SGUILDIR%%/migrate_sancp.tcl -share/%%SGUILDIR%%/sancp_cleanup.tcl -share/%%SGUILDIR%%/sancp_cleanup.tcl.orig -share/%%SGUILDIR%%/update_0.7.tcl -share/%%SGUILDIR%%/update_0.8.tcl -share/%%SGUILDIR%%/update_sguildb_v10-v11.sql -share/%%SGUILDIR%%/update_sguildb_v11-v12.sql -share/%%SGUILDIR%%/update_sguildb_v12-v13.sql -share/%%SGUILDIR%%/update_sguildb_v5-v6.sql -share/%%SGUILDIR%%/update_sguildb_v6-v7.sql -share/%%SGUILDIR%%/update_sguildb_v7-v8.sql -share/%%SGUILDIR%%/update_sguildb_v8-v9.sql -share/%%SGUILDIR%%/update_sguildb_v9-v10.sql -@dirrm share/%%SGUILDIR%%/contrib/init -@dirrm share/%%SGUILDIR%%/contrib -@dirrm share/%%SGUILDIR%% -@dirrm lib/%%SGUILDIR%% -@dirrm etc/%%SGUILDIR%% -%%PORTDOCS%%@dirrm %%DOCSDIR%%