mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-24 00:45:52 +00:00
remove 3 ports: security/sguid-(client|sensor|server)
These were combined to a single port at security/sguil which is also a newer version.
This commit is contained in:
parent
c561c45384
commit
f7e9cdf081
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=365122
4
MOVED
4
MOVED
@ -6420,3 +6420,7 @@ korean/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non
|
||||
russian/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non-default option
|
||||
mail/sendmail-sasl|mail/sendmail|2014-08-15|Removed: Use mail/sendmail instead
|
||||
print/cups-samba||2014-08-15|Removed: defunct for long, disappeared upstream
|
||||
security/sguil-client|security/sguil|2014-08-16|Merged into new port security/sguil
|
||||
security/sguil-sensor|security/sguil|2014-08-16|Merged into new port security/sguil
|
||||
security/sguil-server|security/sguil|2014-08-16|Merged into new port security/sguil
|
||||
|
||||
|
@ -910,9 +910,6 @@
|
||||
SUBDIR += sectok
|
||||
SUBDIR += secure_delete
|
||||
SUBDIR += sguil
|
||||
SUBDIR += sguil-client
|
||||
SUBDIR += sguil-sensor
|
||||
SUBDIR += sguil-server
|
||||
SUBDIR += sha
|
||||
SUBDIR += shibboleth2-sp
|
||||
SUBDIR += shimmer
|
||||
|
@ -1,83 +0,0 @@
|
||||
# Created by: Paul Schmehl <pauls@utdallas.edu>
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= sguil-client
|
||||
PORTVERSION= 0.8.0
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
|
||||
|
||||
MAINTAINER= pauls@utdallas.edu
|
||||
COMMENT= Sguil is a network security monitoring program
|
||||
|
||||
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
|
||||
dtplite:${PORTSDIR}/devel/tcllib \
|
||||
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX \
|
||||
${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \
|
||||
gpg2:${PORTSDIR}/security/gnupg
|
||||
|
||||
LICENSE_NAME= QPLv1.0 COPYRIGHT
|
||||
LICENSE_COMB= multi
|
||||
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
|
||||
LICENSE_PERMS= auto-accept
|
||||
LICENSE_FILE= ${WRKSRC}/client/lib/tablelist4.1/COPYRIGHT.txt
|
||||
LICENSE_PERMS= auto-accept
|
||||
|
||||
OPTIONS_DEFINE= AUDIO SANCP WIRESHARK DOCS
|
||||
AUDIO_DESC= Install Festival Speech Synthesis
|
||||
SANCP_DESC= Use sancp
|
||||
WIRESHARK_DESC= Install wireshark
|
||||
|
||||
NO_BUILD= yes
|
||||
USES= tk:wrapper
|
||||
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
|
||||
SUB_LIST= SGUILDIR=${SGUILDIR}
|
||||
SUB_FILES= pkg-message
|
||||
PLIST_SUB= SGUILDIR=${SGUILDIR}
|
||||
SGUILDIR?= sguil-client
|
||||
|
||||
PORTDOCS1= README
|
||||
PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia
|
||||
|
||||
LIBFILES= SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl sellib.tcl sancp.tcl \
|
||||
sound.tcl guilib.tcl qrybuild.tcl qrylib.tcl report.tcl stdquery.tcl whois.tcl
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if $(PORT_OPTIONS:MAUDIO)
|
||||
RUN_DEPENDS+= festival:${PORTSDIR}/audio/festival
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MSANCP}
|
||||
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
|
||||
.endif
|
||||
|
||||
.if $(PORT_OPTIONS:MWIRESHARK)
|
||||
RUN_DEPENDS+= wireshark:${PORTSDIR}/net/wireshark
|
||||
.endif
|
||||
|
||||
do-install:
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}
|
||||
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
||||
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/client/sguil.tk \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/sguil.tk
|
||||
${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
|
||||
${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
|
||||
.for f in sguil.conf
|
||||
${INSTALL_DATA} ${WRKSRC}/client/${f} \
|
||||
${STAGEDIR}${PREFIX}/etc/${f}-sample
|
||||
.endfor
|
||||
.for f in ${LIBFILES}
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib
|
||||
${INSTALL_DATA} ${WRKSRC}/client/lib/${f} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/${f}
|
||||
.endfor
|
||||
.for f in sguil_logo_h.gif
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images
|
||||
${INSTALL_DATA} ${WRKSRC}/client/lib/images/${f} \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images/${f}
|
||||
.endfor
|
||||
|
||||
(cd ${WRKSRC}/client/lib/tablelist4.1 && ${COPYTREE_SHARE} \* \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/tablelist4.1/)
|
||||
|
||||
.include <bsd.port.mk>
|
@ -1,2 +0,0 @@
|
||||
SHA256 (sguil-client-0.8.0.tar.gz) = bbce49630fd6264591a1e890cba3bad11cf18e9327c9f9cc02cb6dc8a19746bd
|
||||
SIZE (sguil-client-0.8.0.tar.gz) = 216433
|
@ -1,35 +0,0 @@
|
||||
--- client/sguil.conf.orig 2012-11-15 22:46:24.000000000 +0000
|
||||
+++ client/sguil.conf 2012-11-15 22:48:28.000000000 +0000
|
||||
@@ -18,7 +18,7 @@
|
||||
set DEBUG 1
|
||||
|
||||
# PATH to tls lib if needed (tcl can usually find this by default)
|
||||
-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
|
||||
+#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so
|
||||
# win32 example
|
||||
#set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
|
||||
|
||||
@@ -46,12 +46,12 @@
|
||||
# If you have festival installed, then you can have alerts spoken to
|
||||
# you. Set the path to the festival binary here. If you are using
|
||||
# speechd from speechio.org, then leave this commented out.
|
||||
-set FESTIVAL_PATH /usr/bin/festival
|
||||
+set FESTIVAL_PATH /usr/local/bin/festival
|
||||
# win32 example
|
||||
# set FESTIVAL_PATH "c:\festival\bin\festival.exe"
|
||||
|
||||
# Path to wireshark (ethereal)
|
||||
-set WIRESHARK_PATH /usr/sbin/wireshark
|
||||
+set WIRESHARK_PATH /usr/local/bin/wireshark
|
||||
# win32 example
|
||||
# set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
|
||||
|
||||
@@ -62,7 +62,7 @@
|
||||
# set WIRESHARK_STORE_DIR "c:/tmp"
|
||||
|
||||
# Favorite browser for looking at sig info on snort.org
|
||||
-set BROWSER_PATH /usr/bin/firefox
|
||||
+set BROWSER_PATH /usr/local/bin/firefox
|
||||
# win32 example (IE)
|
||||
# set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe
|
||||
|
@ -1,28 +0,0 @@
|
||||
--- client/sguil.tk.orig 2012-11-15 22:24:35.000000000 +0000
|
||||
+++ client/sguil.tk 2012-11-15 22:26:33.000000000 +0000
|
||||
@@ -88,7 +88,7 @@
|
||||
|
||||
# Load iwidgets and namespaces
|
||||
if [catch {package require Iwidgets} iwidgetsVersion] {
|
||||
- puts "ERROR: Cannot fine the Iwidgets extension."
|
||||
+ puts "ERROR: Cannot find the Iwidgets extension."
|
||||
puts "The iwidgets package is part of the incr tcl extension and is"
|
||||
puts "available as a port/package most systems."
|
||||
puts "See http://www.tcltk.com/iwidgets/ for more info."
|
||||
@@ -2053,11 +2053,11 @@
|
||||
set CONF_FILE $env(HOME)/sguil.conf
|
||||
} elseif { [file exists ./sguil.conf] } {
|
||||
set CONF_FILE ./sguil.conf
|
||||
- } elseif { [file exists /etc/sguil] &&\
|
||||
- [file isdirectory /etc/sguil] &&\
|
||||
- [file exists /etc/sguil/sguil.conf] &&\
|
||||
- [file readable /etc/sguil/sguil.conf] } {
|
||||
- set CONF_FILE /etc/sguil/sguil.conf
|
||||
+ } elseif { [file exists /usr/local/etc/sguil] &&\
|
||||
+ [file isdirectory /usr/local/etc/sguil] &&\
|
||||
+ [file exists /usr/local/etc/sguil/sguil.conf] &&\
|
||||
+ [file readable /usr/local/etc/sguil/sguil.conf] } {
|
||||
+ set CONF_FILE /usr/local/etc/sguil/sguil.conf
|
||||
} else {
|
||||
puts "Couldn't determine where the sguil config file is"
|
||||
puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."
|
@ -1,14 +0,0 @@
|
||||
See the USAGE document in the %%DOCSDIR%% for instructions
|
||||
on how to use the sguil client to connect to and maintain
|
||||
the sguil network monitoring system.
|
||||
|
||||
NOTE: This port installs a sguil.conf-sample file in
|
||||
%%PREFIX%%/bin/%%SGUILDIR%%/. If you are installing this on a
|
||||
multi-user system, each user might want to have a
|
||||
sguil.conf file in their home directory. Sguil.tk sources
|
||||
the home directory first for the sguil.conf file.
|
||||
|
||||
There are several items in the conf file that may need
|
||||
editing, including the path to your web browser, the name
|
||||
of the sguil server you connect to and possibly the port
|
||||
you connect to (if you're not using the default port.)
|
@ -1,16 +0,0 @@
|
||||
Sguil (pronounced "sgweel") is a graphical interface to snort
|
||||
(www.snort.org), an open source intrusion detection system.
|
||||
The actual interface and GUI server are written in tcl/tk
|
||||
(www.tcl.tk). Sguil also relies on other open source software
|
||||
in order to function properly.
|
||||
|
||||
The client requires tls, gpg, iwidgets and other tcl packages and may
|
||||
also use wireshark, sancp and festival depending on your selection
|
||||
of options. Run "make config" in the port to see what options
|
||||
are available.
|
||||
|
||||
Sguil currently functions as an analysis interface and does not yet
|
||||
have rule management capabilities.
|
||||
|
||||
WWW: http://sguil.sourceforge.net/index.php
|
||||
pauls@utdallas.edu
|
@ -1,75 +0,0 @@
|
||||
bin/%%SGUILDIR%%/images/sguil_logo_h.gif
|
||||
bin/%%SGUILDIR%%/lib/SguilUtil.tcl
|
||||
bin/%%SGUILDIR%%/lib/dkffont.tcl
|
||||
bin/%%SGUILDIR%%/lib/email17.tcl
|
||||
bin/%%SGUILDIR%%/lib/extdata.tcl
|
||||
bin/%%SGUILDIR%%/lib/guilib.tcl
|
||||
bin/%%SGUILDIR%%/lib/qrybuild.tcl
|
||||
bin/%%SGUILDIR%%/lib/qrylib.tcl
|
||||
bin/%%SGUILDIR%%/lib/report.tcl
|
||||
bin/%%SGUILDIR%%/lib/sancp.tcl
|
||||
bin/%%SGUILDIR%%/lib/sellib.tcl
|
||||
bin/%%SGUILDIR%%/lib/sound.tcl
|
||||
bin/%%SGUILDIR%%/lib/stdquery.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/COPYRIGHT.txt
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x4.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x5.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown9x5.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp10x9.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp12x11.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x4.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x5.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x7.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp9x5.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/checked.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/images/unchecked.xbm
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/mwutil.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/repair.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistBind.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistConfig.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistEdit.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistMove.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistSort.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistThemes.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistUtil.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistWidget.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tclIndex
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/tablelist.tcl
|
||||
bin/%%SGUILDIR%%/lib/tablelist4.1/tablelistPublic.tcl
|
||||
bin/%%SGUILDIR%%/lib/whois.tcl
|
||||
bin/%%SGUILDIR%%/sguil.tk
|
||||
etc/sguil.conf-sample
|
||||
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
|
||||
%%PORTDOCS%%%%DOCSDIR%%/FAQ
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
|
||||
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/TODO
|
||||
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/USAGE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
|
||||
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/scripts
|
||||
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/images
|
||||
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1
|
||||
@dirrm bin/%%SGUILDIR%%/lib
|
||||
@dirrm bin/%%SGUILDIR%%/images
|
||||
@dirrm bin/%%SGUILDIR%%
|
||||
%%PORTDOCS%%@dirrm %%DOCSDIR%%
|
@ -1,114 +0,0 @@
|
||||
# Created by: Paul Schmehl <pauls@utdallas.edu>
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= sguil-sensor
|
||||
PORTVERSION= 0.8.0
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
|
||||
|
||||
MAINTAINER= pauls@utdallas.edu
|
||||
COMMENT= Sguil is a network security monitoring program
|
||||
|
||||
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
|
||||
barnyard2:${PORTSDIR}/security/barnyard2-sguil \
|
||||
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
|
||||
|
||||
OPTIONS_DEFINE= PADS SANCP DOCS
|
||||
PADS_DESC= Include pads sensor
|
||||
SANCP_DESC= Include sancp sensor
|
||||
|
||||
LICENSE_NAME= QPLv1.0
|
||||
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
|
||||
LICENSE_PERMS= auto-accept
|
||||
|
||||
NO_BUILD= yes
|
||||
USE_RC_SUBR= pcap_agent snort_agent
|
||||
TCL_VER= 8.5
|
||||
TCLSH= tclsh${TCL_VER}
|
||||
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
|
||||
PATCH_WRKSRC= ${WRKSRC}/sensor
|
||||
SGUILDIR?= sguil-sensor
|
||||
SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
|
||||
SUB_FILES= pkg-message
|
||||
PLIST_SUB= SGUILDIR=${SGUILDIR}
|
||||
AGENTS= pcap_agent.tcl snort_agent.tcl
|
||||
CONFS= pcap_agent.conf snort_agent.conf
|
||||
LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh
|
||||
WITH_PCRE= true
|
||||
|
||||
PORTDOCS1= README
|
||||
PORTDOCS2= README.daemonlogger
|
||||
PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
|
||||
TODO UPGRADE USAGE sguildb.dia
|
||||
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${PORT_OPTIONS:MSANCP}
|
||||
AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl
|
||||
CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
|
||||
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
|
||||
USE_RC_SUBR+= sancp_agent pcap_agent-sancp
|
||||
PLIST_SUB+= USESANCP=""
|
||||
.else
|
||||
PLIST_SUB+= USESANCP="@comment "
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MPADS}
|
||||
AGENTS+= pads_agent.tcl
|
||||
CONFS+= pads_agent.conf
|
||||
RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads
|
||||
USE_RC_SUBR+= pads_agent
|
||||
PLIST_SUB+= USEPADS=""
|
||||
.else
|
||||
PLIST_SUB+= USEPADS="@comment "
|
||||
.endif
|
||||
|
||||
post-patch:
|
||||
.for f in ${AGENTS}
|
||||
@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
|
||||
${WRKSRC}/sensor/${f}
|
||||
.endfor
|
||||
|
||||
do-install:
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SGUILDIR}
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib
|
||||
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init
|
||||
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
||||
(cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig")
|
||||
(cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init)
|
||||
${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
|
||||
${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/sensor/|} ${STAGEDIR}${DOCSDIR}
|
||||
${INSTALL_DATA} ${PORTDOCS3:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
|
||||
.for f in ${AGENTS}
|
||||
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
|
||||
.endfor
|
||||
.for f in ${LOG_SCRIPTS}
|
||||
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
|
||||
.endfor
|
||||
.for f in ${CONFS}
|
||||
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
|
||||
${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample
|
||||
.endfor
|
||||
.if ${PORT_OPTIONS:MSANCP}
|
||||
.for f in log_packets-sancp.sh
|
||||
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
|
||||
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
|
||||
.endfor
|
||||
.for f in sancp.conf
|
||||
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
|
||||
${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample
|
||||
.endfor
|
||||
.endif
|
||||
post-install:
|
||||
|
||||
.if ${PORT_OPTIONS:MSANCP}
|
||||
.for f in README.sancp_indexed_pcap
|
||||
cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${STAGEDIR}${DOCSDIR}
|
||||
.endfor
|
||||
.endif
|
||||
|
||||
.include <bsd.port.mk>
|
@ -1,2 +0,0 @@
|
||||
SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
|
||||
SIZE (sguil-sensor-0.8.0.tar.gz) = 142829
|
@ -1,34 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: example_agent
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable example_agent:
|
||||
# example_agent_enable (bool): Set to YES to enable example_agent
|
||||
# Default: NO
|
||||
# example_agent_conf (str): Example_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
|
||||
# example_agent_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
load_rc_config example_agent
|
||||
|
||||
#set defaults
|
||||
example_agent_enable=${example_agent_enable:-"NO"}
|
||||
example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
|
||||
example_agent_flags=${example_agent_flags:-"-D"}
|
||||
|
||||
name="example_agent"
|
||||
rcvar=example_agent_enable
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
|
||||
command_args="-c ${example_agent_conf} ${example_agent_flags}"
|
||||
procname="%%PREFIX%%/bin/tclsh8.4"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
check_pidfile="${pidfile} ${procname} /bin/sh"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,66 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: pads_agent
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable pads_agent:
|
||||
# pads_agent_enable (bool): Set to YES to enable pads_agent
|
||||
# Default: NO
|
||||
# pads_agent_conf (str): Pads_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
|
||||
# pads_agent_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="pads_agent"
|
||||
rcvar=${name}_enable
|
||||
load_rc_config ${name}
|
||||
|
||||
#set defaults
|
||||
: ${pads_agent_enable:="NO"}
|
||||
: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
|
||||
: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
|
||||
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
|
||||
start_precmd="pads_agent_ck4fifo"
|
||||
stop_postcmd="pads_agent_rmfifo"
|
||||
|
||||
pads_agent_ck4fifo()
|
||||
{
|
||||
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
|
||||
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
|
||||
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
|
||||
|
||||
if [ ! -p ${PADS_FIFO} ]; then
|
||||
echo "${PADS_FIFO} does not exist. Creating now....."
|
||||
/usr/bin/mkfifo ${PADS_FIFO}
|
||||
fi
|
||||
echo "Checking for ${PADS_FIFO}...."
|
||||
if [ -p ${PADS_FIFO} ]; then
|
||||
echo "Confirmed! ${PADS_FIFO} exists."
|
||||
else
|
||||
echo "I tried to create ${PADS_FIFO} and failed."
|
||||
echo "You will need to create it manually before starting ${name}."
|
||||
fi
|
||||
}
|
||||
|
||||
pads_agent_rmfifo()
|
||||
{
|
||||
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
|
||||
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
|
||||
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
|
||||
|
||||
if [ -p ${PADS_FIFO} ]; then
|
||||
/bin/rm ${PADS_FIFO}
|
||||
echo "Removing ${PADS_FIFO}...."
|
||||
fi
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
@ -1,30 +0,0 @@
|
||||
--- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000
|
||||
+++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code
|
||||
# distributed with sguil.
|
||||
@@ -593,9 +591,9 @@
|
||||
if { ![info exists CONF_FILE] } {
|
||||
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/ossec_agent.conf] } {
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
|
||||
|
||||
- set CONF_FILE /etc/ossec_agent.conf
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
|
||||
|
||||
} elseif { [file exists ./ossec_agent.conf] } {
|
||||
|
||||
@@ -604,7 +602,7 @@
|
||||
} else {
|
||||
|
||||
puts "Couldn't determine where the ossec_agent.tcl config file is"
|
||||
- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
|
||||
}
|
@ -1,39 +0,0 @@
|
||||
--- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000
|
||||
+++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
|
||||
|
||||
@@ -332,7 +330,7 @@
|
||||
id process group set
|
||||
if {[fork]} {exit 0}
|
||||
set PID [id process]
|
||||
- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
|
||||
+ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
|
||||
set PID_DIR [file dirname $PID_FILE]
|
||||
if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
|
||||
puts "ERROR: Directory $PID_DIR does not exists or is not writable."
|
||||
@@ -380,16 +378,16 @@
|
||||
}
|
||||
}
|
||||
# Parse the config file here
|
||||
-# Default location is /etc/pads_agent.conf or pwd
|
||||
+# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
|
||||
if { ![info exists CONF_FILE] } {
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/pads_agent.conf] } {
|
||||
- set CONF_FILE /etc/pads_agent.conf
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
|
||||
} elseif { [file exists ./pads_agent.conf] } {
|
||||
set CONF_FILE ./pads_agent.conf
|
||||
} else {
|
||||
puts "Couldn't determine where the sensor_agent.tcl config file is"
|
||||
- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
}
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
--- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000
|
||||
+++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
|
||||
|
||||
@@ -754,13 +752,13 @@
|
||||
}
|
||||
|
||||
# Parse the config file here
|
||||
-# Default location is /etc/pcap_agent.conf or pwd
|
||||
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
|
||||
if { ![info exists CONF_FILE] } {
|
||||
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/pcap_agent.conf] } {
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
|
||||
|
||||
- set CONF_FILE /etc/pcap_agent.conf
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
|
||||
|
||||
} elseif { [file exists ./pcap_agent.conf] } {
|
||||
|
||||
@@ -769,7 +767,7 @@
|
||||
} else {
|
||||
|
||||
puts "Couldn't determine where the pcap_agent.tcl config file is"
|
||||
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
--- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000
|
||||
+++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
|
||||
|
||||
@@ -771,13 +769,13 @@
|
||||
}
|
||||
|
||||
# Parse the config file here
|
||||
-# Default location is /etc/pcap_agent.conf or pwd
|
||||
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
|
||||
if { ![info exists CONF_FILE] } {
|
||||
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/pcap_agent.conf] } {
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
|
||||
|
||||
- set CONF_FILE /etc/pcap_agent.conf
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
|
||||
|
||||
} elseif { [file exists ./pcap_agent.conf] } {
|
||||
|
||||
@@ -786,7 +784,7 @@
|
||||
} else {
|
||||
|
||||
puts "Couldn't determine where the pcap_agent.tcl config file is"
|
||||
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
--- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000
|
||||
+++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
|
||||
|
||||
@@ -582,16 +580,16 @@
|
||||
}
|
||||
}
|
||||
# Parse the config file here
|
||||
-# Default location is /etc/sancp_agent.conf or pwd
|
||||
+# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
|
||||
if { ![info exists CONF_FILE] } {
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/sancp_agent.conf] } {
|
||||
- set CONF_FILE /etc/sancp_agent.conf
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
|
||||
} elseif { [file exists ./sancp_agent.conf] } {
|
||||
set CONF_FILE ./sancp_agent.conf
|
||||
} else {
|
||||
puts "Couldn't determine where the sancp_agent.tcl config file is"
|
||||
- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
}
|
||||
}
|
@ -1,35 +0,0 @@
|
||||
--- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000
|
||||
+++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
|
||||
|
||||
@@ -680,13 +678,13 @@
|
||||
}
|
||||
|
||||
# Parse the config file here
|
||||
-# Default location is /etc/snort_agent.conf or pwd
|
||||
+# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
|
||||
if { ![info exists CONF_FILE] } {
|
||||
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/snort_agent.conf] } {
|
||||
+ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
|
||||
|
||||
- set CONF_FILE /etc/snort_agent.conf
|
||||
+ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
|
||||
|
||||
} elseif { [file exists ./snort_agent.conf] } {
|
||||
|
||||
@@ -695,7 +693,7 @@
|
||||
} else {
|
||||
|
||||
puts "Couldn't determine where the snort_agent.tcl config file is"
|
||||
- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
|
||||
+ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
|
||||
DisplayUsage $argv0
|
||||
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: pcap_agent-sancp
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
|
||||
# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp
|
||||
# Default: NO
|
||||
# pcap_agent-sancp_conf (str): Pads_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
|
||||
# pcap_agent-sancp_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="pcap_agent-sancp"
|
||||
rcvar=pcap_agent-sancp_enable
|
||||
load_rc_config pcap_agent-sancp
|
||||
|
||||
#set defaults
|
||||
: ${pcap_agent-sancp_enable:="NO"}
|
||||
: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
|
||||
: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
|
||||
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,32 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: pcap_agent
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable pcap_agent:
|
||||
# pcap_agent_enable (bool): Set to YES to enable pcap_agent
|
||||
# Default: NO
|
||||
# pcap_agent_conf (str): Pcap_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
|
||||
# pcap_agent_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="pcap_agent"
|
||||
rcvar=pcap_agent_enable
|
||||
load_rc_config pcap_agent
|
||||
|
||||
#set defaults
|
||||
: ${pcap_agent_enable:="NO"}
|
||||
: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
|
||||
: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
|
||||
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,31 +0,0 @@
|
||||
***********************************
|
||||
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
|
||||
***********************************
|
||||
|
||||
If you already had barnyard2 installed, this port will NOT deinstall
|
||||
it and install the barnyard2-sguil port instead. You will need to
|
||||
deinstall the barnyard2 port and install the barnyard2-sguil port yourself
|
||||
instead. This port WILL NOT WORK without the barnyard2-sguil port!!
|
||||
|
||||
See the %%DOCSDIR%%/INSTALL doc for details on the
|
||||
configuration and for croning the script.
|
||||
|
||||
WARNING!!! Sguil et al will fill up your /tmp directory very
|
||||
quickly. You should probably configure sguil et al to log to
|
||||
another partition/location (e.g. /nsm/tmp/).
|
||||
|
||||
You must ALSO edit all of the sensor conf files (located in
|
||||
%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before
|
||||
starting the sensor_agents.
|
||||
|
||||
A number of ancilliary things have been installed in
|
||||
%%PREFIX%%/share/%%SGUILDIR%%.
|
||||
|
||||
If you chose to run sancp, and you already had a sancp.conf file in
|
||||
%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
|
||||
The new sancp.conf-sample file contains the settings for squil. NOTE:
|
||||
the conf file is for sancp 1.5.3. It may need additional edits to work
|
||||
with the current ports version of sancp. If you still want to maintain
|
||||
the customized sancp.conf file, then copy the new sancp.conf-sample
|
||||
file to sguild-sancp.conf (for example) and add
|
||||
sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.
|
@ -1,32 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: sancp_agent
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable sancp_agent:
|
||||
# sancp_agent_enable (bool): Set to YES to enable sancp_agent
|
||||
# Default: NO
|
||||
# sancp_agent_conf (str): Sancp_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
|
||||
# sancp_agent_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="sancp_agent"
|
||||
rcvar=sancp_agent_enable
|
||||
load_rc_config sancp_agent
|
||||
|
||||
#set defaults
|
||||
: ${sancp_agent_enable:="NO"}
|
||||
: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
|
||||
: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
|
||||
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,32 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: snort_agent
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following line to /etc/rc.conf to enable snort_agent:
|
||||
# snort_agent_enable (bool): Set to YES to enable snort_agent
|
||||
# Default: NO
|
||||
# snort_agent_conf (str): Snort_agent configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf
|
||||
# snort_agent_flags (str): Default: -D
|
||||
#
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="snort_agent"
|
||||
rcvar=snort_agent_enable
|
||||
load_rc_config snort_agent
|
||||
|
||||
#set defaults
|
||||
: ${snort_agent_enable:="NO"}
|
||||
: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
|
||||
: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
|
||||
|
||||
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
pidfile="/var/run/${name}.pid"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,17 +0,0 @@
|
||||
Sguil (pronounced "sgweel") is a graphical interface to snort
|
||||
(www.snort.org), an open source intrusion detection system.
|
||||
The actual interface and GUI server are written in tcl/tk
|
||||
(www.tcl.tk). Sguil also relies on other open source software
|
||||
in order to function properly.
|
||||
|
||||
The sensor list includes security/barnyard2-sguil, security/snort,
|
||||
security/sancp, net-mgmt/pads, tcpdump (a part of the OS)
|
||||
and devel/tcltls as well as lang/tcl84 and lang/tclX. Care
|
||||
has been taken to ensure that everything you need to build
|
||||
a working sguil operation is in the FreeBSD ports system or
|
||||
is part of the OS already.
|
||||
|
||||
Sguil currently functions as an analysis interface and has
|
||||
rule management capabilities.
|
||||
|
||||
WWW: http://sguil.sourceforge.net/index.php
|
@ -1,41 +0,0 @@
|
||||
bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
|
||||
bin/%%SGUILDIR%%/log_packets.sh
|
||||
bin/%%SGUILDIR%%/pcap_agent.tcl
|
||||
bin/%%SGUILDIR%%/snort_agent.tcl
|
||||
etc/%%SGUILDIR%%/pcap_agent.conf-sample
|
||||
etc/%%SGUILDIR%%/snort_agent.conf-sample
|
||||
share/%%SGUILDIR%%/contrib/ossec_agent/README
|
||||
share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
|
||||
share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
|
||||
share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
|
||||
share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
|
||||
share/%%SGUILDIR%%/init/sensoragent
|
||||
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
|
||||
%%PORTDOCS%%%%DOCSDIR%%/FAQ
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
|
||||
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/TODO
|
||||
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/USAGE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README.daemonlogger
|
||||
%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
|
||||
%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
|
||||
%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
|
||||
%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
|
||||
%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
|
||||
%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
|
||||
%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
|
||||
%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
|
||||
%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
|
||||
%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
|
||||
@dirrm share/%%SGUILDIR%%/init
|
||||
@dirrm share/%%SGUILDIR%%/contrib/portscan_loader
|
||||
@dirrm share/%%SGUILDIR%%/contrib/ossec_agent
|
||||
@dirrm share/%%SGUILDIR%%/contrib
|
||||
@dirrm share/%%SGUILDIR%%
|
||||
@dirrmtry etc/%%SGUILDIR%%
|
||||
@dirrm bin/%%SGUILDIR%%
|
||||
%%PORTDOCS%%@dirrm %%DOCSDIR%%
|
@ -1,89 +0,0 @@
|
||||
# Created by: Paul Schmehl <pauls@utdallas.edu>
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= sguil-server
|
||||
PORTVERSION= 0.8.0
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
|
||||
|
||||
MAINTAINER= pauls@utdallas.edu
|
||||
COMMENT= Sguil is a network security monitoring program
|
||||
|
||||
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
|
||||
p0f:${PORTSDIR}/net-mgmt/p0f \
|
||||
tcpflow:${PORTSDIR}/net/tcpflow \
|
||||
dtplite:${PORTSDIR}/devel/tcllib \
|
||||
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
|
||||
|
||||
OPTIONS_DEFINE= MYSQL
|
||||
MYSQL_DESC= Depend on databases/mysqltcl
|
||||
|
||||
LICENSE_NAME= QPLv1.0
|
||||
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
|
||||
LICENSE_PERMS= auto-accept
|
||||
|
||||
IS_INTERACTIVE= yes
|
||||
NO_BUILD= yes
|
||||
USE_RC_SUBR= sguild
|
||||
TCL_VER= 8.5
|
||||
TCLSH= tclsh${TCL_VER}
|
||||
MYSQLTCL_CMDS= cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION
|
||||
SGUILDIR?= sguild
|
||||
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
|
||||
PATCH_WRKSRC= ${WRKSRC}/server
|
||||
PLIST_SUB= SGUILDIR=${SGUILDIR}
|
||||
SUB_FILES= pkg-message pkg-install pkg-deinstall
|
||||
SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
|
||||
CONFS= autocat.conf sguild.access sguild.email sguild.reports sguild.conf sguild.queries sguild.users
|
||||
|
||||
PORTDOCS1= README
|
||||
PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia
|
||||
|
||||
NO_STAGE= yes
|
||||
.include <bsd.port.options.mk>
|
||||
|
||||
.if ${PORT_OPTIONS:MMYSQL}
|
||||
@${ECHO_CMD} $$(${MYSQLTCL_CMDS})
|
||||
RUN_DEPENDS+= ${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl
|
||||
.endif
|
||||
|
||||
post-patch:
|
||||
@${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \
|
||||
${PATCH_WRKSRC}/sguild
|
||||
|
||||
pre-install:
|
||||
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
|
||||
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
|
||||
${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
|
||||
.endif
|
||||
@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
|
||||
@${MKDIR} ${PREFIX}/lib/${SGUILDIR}
|
||||
@${MKDIR} ${PREFIX}/share/${SGUILDIR}
|
||||
@${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
|
||||
@${MKDIR} /var/run/${SGUILDIR}
|
||||
do-install:
|
||||
(cd ${WRKSRC}/server/lib && ${COPYTREE_BIN} \* ${PREFIX}/lib/${SGUILDIR})
|
||||
(cd ${WRKSRC}/server/sql_scripts && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR})
|
||||
(cd ${WRKSRC}/server/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib)
|
||||
.for f in sguild
|
||||
${INSTALL_SCRIPT} -m 555 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f}
|
||||
.endfor
|
||||
.for f in ${CONFS}
|
||||
${INSTALL_DATA} -m 441 ${PATCH_WRKSRC}/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample
|
||||
.endfor
|
||||
|
||||
post-install:
|
||||
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
|
||||
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
|
||||
${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
|
||||
.endif
|
||||
|
||||
.if ${PORT_OPTIONS:MDOCS}
|
||||
@${MKDIR} ${DOCSDIR}
|
||||
cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
|
||||
cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
|
||||
.endif
|
||||
|
||||
@${CAT} ${PKGMESSAGE}
|
||||
|
||||
.include <bsd.port.mk>
|
@ -1,2 +0,0 @@
|
||||
SHA256 (sguil-server-0.8.0.tar.gz) = faa7152ddbdc0ba797c79d6419bf3ae50bfd6dbba4b2cd28ccb04a55ef788360
|
||||
SIZE (sguil-server-0.8.0.tar.gz) = 102236
|
@ -1,29 +0,0 @@
|
||||
--- lib/SguildLoaderd.tcl.orig 2012-10-12 21:07:19.000000000 +0000
|
||||
+++ lib/SguildLoaderd.tcl 2012-10-12 21:15:06.000000000 +0000
|
||||
@@ -124,7 +124,7 @@
|
||||
INDEX dst_port (dst_port), \
|
||||
INDEX src_port (src_port), \
|
||||
INDEX start_time (start_time) \
|
||||
- ) \
|
||||
+ )ENGINE=MyISAM \
|
||||
"
|
||||
|
||||
# Create the table
|
||||
@@ -177,7 +177,7 @@
|
||||
INDEX dst_port (dst_port), \
|
||||
INDEX src_port (src_port), \
|
||||
INDEX start_time (start_time) \
|
||||
- ) TYPE=MERGE UNION=([join $tmpTables ,]) \
|
||||
+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \
|
||||
"
|
||||
# Create our MERGE sancp table
|
||||
mysqlexec $dbSocketID $createQuery
|
||||
@@ -220,7 +220,7 @@
|
||||
} else {
|
||||
# Make sure its a MERGE table and not the old monster
|
||||
set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist]
|
||||
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
|
||||
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
|
||||
|
||||
ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\
|
||||
sguil database schema that does not support the MERGE sancp\n\
|
@ -1,11 +0,0 @@
|
||||
--- lib/SguildMysqlMerge.tcl.orig 2012-10-12 21:18:22.000000000 +0000
|
||||
+++ lib/SguildMysqlMerge.tcl 2012-10-12 21:19:41.000000000 +0000
|
||||
@@ -9,7 +9,7 @@
|
||||
set tmpQry "SHOW TABLE STATUS LIKE '$tableName'"
|
||||
set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist]
|
||||
|
||||
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
|
||||
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
|
||||
|
||||
# Non MERGE table found.
|
||||
set errorMsg "\n*************************************************************\n
|
@ -1,99 +0,0 @@
|
||||
--- sguild.orig 2012-12-17 20:54:14.000000000 +0000
|
||||
+++ sguild 2012-12-17 20:56:47.000000000 +0000
|
||||
@@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
-# Run tcl from users PATH \
|
||||
-exec tclsh "$0" "$@"
|
||||
|
||||
# $Id: sguild,v 1.193 2011/05/29 15:41:16 bamm Exp $ #
|
||||
|
||||
@@ -218,7 +216,7 @@
|
||||
##################################
|
||||
|
||||
# Do all priv account actions here.
|
||||
-# Open log files/etc. Privs will be dropped after.
|
||||
+# Open log files/usr/local/etc. Privs will be dropped after.
|
||||
|
||||
if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild }
|
||||
|
||||
@@ -318,7 +316,7 @@
|
||||
# Check for certs
|
||||
if {![info exists CERTS_PATH]} {
|
||||
|
||||
- set CERTS_PATH /etc/sguild/certs
|
||||
+ set CERTS_PATH /usr/local/etc/sguild/certs
|
||||
|
||||
}
|
||||
|
||||
@@ -348,13 +346,13 @@
|
||||
|
||||
if { ![info exists CONF_FILE] } {
|
||||
# No conf file specified check the defaults
|
||||
- if { [file exists /etc/sguild/sguild.conf] } {
|
||||
- set CONF_FILE /etc/sguild/sguild.conf
|
||||
+ if { [file exists /usr/local/etc/sguild/sguild.conf] } {
|
||||
+ set CONF_FILE /usr/local/etc/sguild/sguild.conf
|
||||
} elseif { [file exists ./sguild.conf] } {
|
||||
set CONF_FILE ./sguild.conf
|
||||
} else {
|
||||
puts "Couldn't determine where the sguil config file is"
|
||||
- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
|
||||
+ puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf."
|
||||
DisplayUsage $argv0
|
||||
}
|
||||
}
|
||||
@@ -476,8 +474,8 @@
|
||||
# Load accessfile
|
||||
if { ![info exists ACCESS_FILE] } {
|
||||
# Check the defaults
|
||||
- if { [file exists /etc/sguild/sguild.access] } {
|
||||
- set ACCESS_FILE "/etc/sguild/sguild.access"
|
||||
+ if { [file exists /usr/local/etc/sguild/sguild.access] } {
|
||||
+ set ACCESS_FILE "/usr/local/etc/sguild/sguild.access"
|
||||
} elseif { [file exists ./sguild.access] } {
|
||||
set ACCESS_FILE "./sguild.access"
|
||||
} else {
|
||||
@@ -491,8 +489,8 @@
|
||||
}
|
||||
# Load auto cat config
|
||||
if { ![info exists AUTOCAT_FILE] } {
|
||||
- if { [file exists /etc/sguild/autocat.conf] } {
|
||||
- set AUTOCAT_FILE "/etc/sguild/autocat.conf"
|
||||
+ if { [file exists /usr/local/etc/sguild/autocat.conf] } {
|
||||
+ set AUTOCAT_FILE "/usr/local/etc/sguild/autocat.conf"
|
||||
} else {
|
||||
set AUTOCAT_FILE "./autocat.conf"
|
||||
}
|
||||
@@ -502,8 +500,8 @@
|
||||
}
|
||||
# Load email config file
|
||||
if { ![info exists EMAIL_FILE] } {
|
||||
- if { [file exists /etc/sguild/sguild.email] } {
|
||||
- set EMAIL_FILE "/etc/sguild/sguild.email"
|
||||
+ if { [file exists /usr/local/etc/sguild/sguild.email] } {
|
||||
+ set EMAIL_FILE "/usr/local/etc/sguild/sguild.email"
|
||||
} else {
|
||||
set EMAIL_FILE "./sguild.email"
|
||||
}
|
||||
@@ -515,8 +513,8 @@
|
||||
}
|
||||
# Load global queries.
|
||||
if { ![info exists GLOBAL_QRY_FILE] } {
|
||||
- if { [file exists /etc/sguild/sguild.queries] } {
|
||||
- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
|
||||
+ if { [file exists /usr/local/etc/sguild/sguild.queries] } {
|
||||
+ set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries"
|
||||
} else {
|
||||
set GLOBAL_QRY_FILE "./sguild.queries"
|
||||
}
|
||||
@@ -528,8 +526,8 @@
|
||||
}
|
||||
# Load report queries.
|
||||
if { ![info exists REPORT_QRY_FILE] } {
|
||||
- if { [file exists /etc/sguild/sguild.reports] } {
|
||||
- set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
|
||||
+ if { [file exists /usr/local/etc/sguild/sguild.reports] } {
|
||||
+ set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports"
|
||||
} else {
|
||||
set REPORT_QRY_FILE "./sguild.reports"
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
--- sguild.access.orig 2008-04-03 17:55:46.000000000 -0500
|
||||
+++ sguild.access 2008-04-03 17:56:50.000000000 -0500
|
||||
@@ -4,7 +4,8 @@
|
||||
# This file is used by sguild for access control. It is read upon init #
|
||||
# or when sguild receives a HUP signal. #
|
||||
# #
|
||||
-# By default, sguild will look first for /etc/sguild/sguild.access, #
|
||||
+# By default, sguild will look first for #
|
||||
+# /usr/local/etc/sguild/sguild.access, #
|
||||
# then ./sguild.access unless the -A /path/to/sguild.access switch #
|
||||
# is used. #
|
||||
# #
|
@ -1,28 +0,0 @@
|
||||
--- sguild.conf.orig 2008-04-03 17:47:18.000000000 -0500
|
||||
+++ sguild.conf 2008-04-03 17:53:11.000000000 -0500
|
||||
@@ -1,7 +1,7 @@
|
||||
# $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
|
||||
|
||||
# Path the sguild libs
|
||||
-set SGUILD_LIB_PATH ./lib
|
||||
+set SGUILD_LIB_PATH /usr/local/lib/sguild
|
||||
|
||||
# DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty.
|
||||
set DEBUG 2
|
||||
@@ -63,7 +63,7 @@
|
||||
|
||||
# You MUST have tcpflow installed to get xscripts
|
||||
# http://www.circlemud.org/~jelson/software/tcpflow/
|
||||
-set TCPFLOW "/usr/bin/tcpflow"
|
||||
+set TCPFLOW "/usr/local/bin/tcpflow"
|
||||
|
||||
# p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
|
||||
# If you have p0f (a passive OS fingerprinting system) installed, you can have
|
||||
@@ -74,6 +74,6 @@
|
||||
|
||||
# Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
|
||||
# add any others you may need here.
|
||||
-set P0F_PATH "/usr/sbin/p0f"
|
||||
+set P0F_PATH "/usr/local/bin/p0f"
|
||||
|
||||
# Email config moved to sguild.email
|
@ -1,176 +0,0 @@
|
||||
--- sql_scripts/create_sguildb.sql.orig 2012-10-12 21:39:20.000000000 +0000
|
||||
+++ sql_scripts/create_sguildb.sql 2012-10-12 21:53:42.000000000 +0000
|
||||
@@ -3,7 +3,7 @@
|
||||
-- CREATE DATABASE IF NOT EXISTS sguildb;
|
||||
-- USE sguildb;
|
||||
|
||||
--- Depreciated for MRG_MyISAM tables
|
||||
+-- Deprecated for MRG_MyISAM tables
|
||||
-- CREATE TABLE event
|
||||
-- (
|
||||
-- sid INT UNSIGNED NOT NULL,
|
||||
@@ -52,7 +52,7 @@
|
||||
-- INDEX status (status),
|
||||
-- INDEX abuse_queue (abuse_queue),
|
||||
-- INDEX abuse_sent (abuse_sent)
|
||||
--- );
|
||||
+-- )ENGINE=MyISAM;
|
||||
|
||||
-- CREATE TABLE tcphdr
|
||||
-- (
|
||||
@@ -66,7 +66,8 @@
|
||||
-- tcp_win SMALLINT UNSIGNED,
|
||||
-- tcp_csum SMALLINT UNSIGNED,
|
||||
-- tcp_urp SMALLINT UNSIGNED,
|
||||
--- PRIMARY KEY (sid,cid));
|
||||
+-- PRIMARY KEY (sid,cid)
|
||||
+-- )ENGINE=MyISAM;
|
||||
--
|
||||
-- CREATE TABLE udphdr
|
||||
-- (
|
||||
@@ -74,7 +75,8 @@
|
||||
-- cid INT UNSIGNED NOT NULL,
|
||||
-- udp_len SMALLINT UNSIGNED,
|
||||
-- udp_csum SMALLINT UNSIGNED,
|
||||
--- PRIMARY KEY (sid,cid));
|
||||
+-- PRIMARY KEY (sid,cid)
|
||||
+-- )ENGINE=MyISAM;
|
||||
--
|
||||
-- CREATE TABLE icmphdr
|
||||
-- (
|
||||
@@ -83,14 +85,16 @@
|
||||
-- icmp_csum SMALLINT UNSIGNED,
|
||||
-- icmp_id SMALLINT UNSIGNED,
|
||||
-- icmp_seq SMALLINT UNSIGNED,
|
||||
--- PRIMARY KEY (sid,cid));
|
||||
+-- PRIMARY KEY (sid,cid)
|
||||
+-- )ENGINE=MyISAM;
|
||||
--
|
||||
-- CREATE TABLE data
|
||||
-- (
|
||||
-- sid INT UNSIGNED NOT NULL,
|
||||
-- cid INT UNSIGNED NOT NULL,
|
||||
-- data_payload TEXT,
|
||||
--- PRIMARY KEY (sid,cid));
|
||||
+-- PRIMARY KEY (sid,cid)
|
||||
+-- )ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE sensor
|
||||
(
|
||||
@@ -101,13 +105,13 @@
|
||||
interface VARCHAR(255),
|
||||
description TEXT,
|
||||
bpf_filter TEXT,
|
||||
- updated TIMESTAMP(14) NOT NULL,
|
||||
+ updated TIMESTAMP NOT NULL,
|
||||
active ENUM('Y','N') DEFAULT 'Y',
|
||||
ip VARCHAR(15) DEFAULT NULL,
|
||||
public_key VARCHAR(255) DEFAULT NULL,
|
||||
PRIMARY KEY (sid),
|
||||
INDEX hostname_idx (hostname)
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE portscan
|
||||
(
|
||||
@@ -119,9 +123,10 @@
|
||||
dst_port INT UNSIGNED,
|
||||
data TEXT,
|
||||
INDEX ps_src_ip (src_ip),
|
||||
- INDEX ps_timestamp (timestamp));
|
||||
+ INDEX ps_timestamp (timestamp)
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
--- Depreciated
|
||||
+-- Deprecated
|
||||
-- CREATE TABLE sessions (
|
||||
-- sid INT UNSIGNED NOT NULL,
|
||||
-- xid BIGINT UNSIGNED NOT NULL,
|
||||
@@ -142,7 +147,8 @@
|
||||
-- INDEX server (src_ip),
|
||||
-- INDEX client (dst_ip),
|
||||
-- INDEX sport (src_port),
|
||||
--- INDEX cport (dst_port));
|
||||
+-- INDEX cport (dst_port)
|
||||
+-- )ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE status
|
||||
(
|
||||
@@ -150,7 +156,7 @@
|
||||
description VARCHAR(255) NOT NULL,
|
||||
long_desc VARCHAR(255),
|
||||
PRIMARY KEY (status_id)
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE history
|
||||
(
|
||||
@@ -161,7 +167,7 @@
|
||||
status SMALLINT UNSIGNED NOT NULL,
|
||||
comment VARCHAR(255),
|
||||
INDEX log_time (timestamp)
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE user_info
|
||||
(
|
||||
@@ -170,7 +176,7 @@
|
||||
last_login DATETIME,
|
||||
password VARCHAR(42),
|
||||
PRIMARY KEY (uid)
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE nessus_data
|
||||
(
|
||||
@@ -179,7 +185,8 @@
|
||||
nessus_id INT UNSIGNED,
|
||||
level VARCHAR(20),
|
||||
description TEXT,
|
||||
- INDEX rid (rid));
|
||||
+ INDEX rid (rid)
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE nessus
|
||||
(
|
||||
@@ -189,7 +196,8 @@
|
||||
timestart DATETIME,
|
||||
timeend DATETIME,
|
||||
PRIMARY KEY (rid),
|
||||
- INDEX ip (ip));
|
||||
+ INDEX ip (ip)
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `pads`
|
||||
(
|
||||
@@ -204,10 +212,10 @@
|
||||
application VARCHAR(255) NOT NULL,
|
||||
hex_payload VARCHAR(255),
|
||||
PRIMARY KEY (sid,asset_id)
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
--
|
||||
--- Depreciated for MERGE tables
|
||||
+-- Deprecated for MERGE tables
|
||||
-- CREATE TABLE sancp
|
||||
-- (
|
||||
-- sid INT UNSIGNED NOT NULL,
|
||||
@@ -232,7 +240,7 @@
|
||||
-- INDEX dst_port (dst_port),
|
||||
-- INDEX src_port (src_port),
|
||||
-- INDEX start_time (start_time)
|
||||
--- );
|
||||
+-- )ENGINE=MyISAM;
|
||||
--
|
||||
|
||||
INSERT INTO status (status_id, description, long_desc) VALUES (0, "New", "Real Time Event");
|
||||
@@ -251,7 +259,7 @@
|
||||
(
|
||||
version VARCHAR(32),
|
||||
installed DATETIME
|
||||
-);
|
||||
+)ENGINE=MyISAM;
|
||||
|
||||
INSERT INTO version (version, installed) VALUES ("0.13", now());
|
||||
|
@ -1,11 +0,0 @@
|
||||
--- sql_scripts/sancp_cleanup.tcl.orig 2011-08-11 20:31:07.000000000 +0000
|
||||
+++ sql_scripts/sancp_cleanup.tcl 2011-08-11 20:31:26.000000000 +0000
|
||||
@@ -214,7 +214,7 @@
|
||||
INDEX dst_port (dst_port), \
|
||||
INDEX src_port (src_port), \
|
||||
INDEX start_time (start_time) \
|
||||
- ) TYPE=MERGE UNION=([join $tmpTables ,]) \
|
||||
+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \
|
||||
"
|
||||
# Create our MERGE sancp table
|
||||
mysqlexec $dbSocketID $createQuery
|
@ -1,65 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
USER="sguil"
|
||||
|
||||
# Make sure we're in the right stage of the process
|
||||
if [ "$2" = "DEINSTALL" ]; then
|
||||
echo "Stopping sguild......"
|
||||
%%PREFIX%%/etc/rc.d/sguild onestop
|
||||
%%PREFIX%%/etc/rc.d/sguild onepoll
|
||||
if [ ! ${BATCH} ]; then
|
||||
echo "Would you like to remove the sguild certs?" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key ]; then
|
||||
rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key
|
||||
fi
|
||||
if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem ]; then
|
||||
rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem
|
||||
fi
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
cd %%PREFIX%%/etc/%%SGUILDIR%% || exit 1
|
||||
# Remove the conf files *if* they have not been altered
|
||||
for f in autocat.conf sguild.access sguild.conf sguild.email \
|
||||
sguild.queries sguild.reports sguild.users; do
|
||||
cmp -s -z ${f} ${f}-sample && rm ${f}
|
||||
done
|
||||
# Remove the user and group if the installer chooses to
|
||||
echo "Would you like to remove the sguil user and group?" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
if pw usershow "${USER}" 2>/dev/null 1>&2; then
|
||||
pw userdel -n sguil
|
||||
fi
|
||||
if pw groupshow "${USER}" 2>/dev/null 1>&2; then
|
||||
pw groupdel -n sguil
|
||||
fi
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
fi
|
||||
if [ "$2" = "POST-DEINSTALL" ]; then
|
||||
# If the user exists, then display a message
|
||||
if pw usershow "${USER}" 2>/dev/null 1>&2; then
|
||||
echo "To delete the '${USER}' user permanently, use 'pw userdel ${USER}'"
|
||||
fi
|
||||
# If the group exists, then display a message
|
||||
if pw groupshow "${USER}" 2>/dev/null 1>&2; then
|
||||
echo "To delete the '${USER}' group permanently, use 'pw groupdel ${USER}'"
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,410 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# This script and its implementation borrows heavily from the www/squid port, and I owe a debt to the
|
||||
# maintainer for saving me a lot of time. The bold font trick that I use extensively was picked up
|
||||
# at http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/lsst/ch08.html#q16
|
||||
# I also owe a debt to all those who have posted shell scripting tutorials to the web and to the FreeBSD
|
||||
# developers from whose OS I stole a few tricks as well.
|
||||
|
||||
# Set up some paths and variables for later use
|
||||
PATH=/bin:/usr/bin:/usr/sbin:%%PREFIX%%/bin
|
||||
pkgname=$1
|
||||
rootpwd=''
|
||||
confdir="${PKG_PREFIX:-%%PREFIX%%}/etc"
|
||||
portdir="${CURDIR:-%%CURDIR%%}"
|
||||
scriptdir="${WRKSRC:-%%WRKSRC%%}/server/sql_scripts"
|
||||
if [ -x /usr/sbin/nologin ]; then
|
||||
nologin=/usr/sbin/nologin
|
||||
else
|
||||
nologin=/sbin/nologin
|
||||
fi
|
||||
# Source rc.conf for later
|
||||
if [ -z "${source_rc_confs_defined}" ]; then
|
||||
if [ -r /etc/defaults/rc.conf ]; then
|
||||
. /etc/defaults/rc.conf
|
||||
source_rc_confs
|
||||
elif [ -r /etc/rc.conf ]; then
|
||||
. /etc/rc.conf
|
||||
fi
|
||||
fi
|
||||
sguil_user="sguil"
|
||||
sguil_group="sguil"
|
||||
case $2 in
|
||||
PRE-INSTALL)
|
||||
echo "This sguild install script creates a \"turnkey\" install "
|
||||
echo "of sguild, including configuing the database and conf files"
|
||||
echo "and user accounts so that sguild can be started immediately."
|
||||
echo ""
|
||||
echo "You may have already done all this (especially if this is an upgrade)"
|
||||
echo "and may not be interested in iterating through cert creation and"
|
||||
echo "everything else that the script does."
|
||||
echo ""
|
||||
echo "This portion of the script creates user and group accounts named \"sguil\"."
|
||||
echo "Would you like to opt out of this portion of the install script " ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
exit 0
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo "==> Pre-installation configuration of ${pkgname}"
|
||||
if ! pw groupshow ${sguil_group} -q >/dev/null ; then
|
||||
if ! pw groupadd ${sguil_group} -q; then
|
||||
echo "Failed to create group \"${sguil_group}\"!" >&2
|
||||
echo "Please create it manually." >&2
|
||||
exit 1
|
||||
else
|
||||
echo "Group '%{sguil-group}' created successfully."
|
||||
pw groupshow ${sguil_group}
|
||||
fi
|
||||
fi
|
||||
if ! pw usershow ${sguil_user} -q >/dev/null ; then
|
||||
if ! pw useradd -q -n ${sguil_user} \
|
||||
-g ${sguil_group} -s "${nologin}" \
|
||||
-h - ; then
|
||||
echo "Failed to create user '%{sguil_user}'!" >&2
|
||||
echo "Please create it manually." >&2
|
||||
exit 1
|
||||
else
|
||||
echo "User '${sguil_user}' create successfully."
|
||||
pw usershow ${sguil_user}
|
||||
fi
|
||||
fi
|
||||
for dir in %%PREFIX%%/lib/%%SGUILDIR%% /var/run/%%SGUILDIR%% ; do
|
||||
if [ ! -d ${dir} ]; then
|
||||
echo "Creating ${dir} ...."
|
||||
install -d -o ${sguil_user} -g ${sguil_group} \
|
||||
-m 0750 ${dir}
|
||||
fi
|
||||
done
|
||||
;;
|
||||
POST-INSTALL)
|
||||
echo "This sguild install script creates a \"turnkey\" install "
|
||||
echo "of sguild, including configuing the database and conf files"
|
||||
echo "and user accounts so that sguild can be started immediately."
|
||||
echo ""
|
||||
echo "You may have already done all this (especially if this is an upgrade)"
|
||||
echo "and may not be interested in iterating through cert creation and"
|
||||
echo "everything else that the script does."
|
||||
echo ""
|
||||
echo "Would you like to opt out of the entire install script "
|
||||
echo "and configure sguild manually yourself?" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
exit 0
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mThere are a few things that need to be done to complete the install."
|
||||
echo -e "\033[0mFirst, you need to create certs so that the ssl connections between server and "
|
||||
echo "sensors will work, you need to create the database, the account to access it and "
|
||||
echo "the tables for the database and you need to create the directories where all the "
|
||||
echo "data will be stored. (You will also need to edit the conf files for your setup.)"
|
||||
echo ""
|
||||
echo "If you haven't already done this, I can do it for you now."
|
||||
echo "Would you like to create certs now? (y for yes, n for no)"; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
for dir in %%SGUILDIR%%/certs ; do
|
||||
if [ ! -d ${confdir}/${dir} ]; then
|
||||
echo "Creating ${confdir}/${dir} ...."
|
||||
install -d -o ${sguil_user} -g ${sguil_group} \
|
||||
-m 0750 ${confdir}/${dir}
|
||||
fi
|
||||
done
|
||||
echo -e "\033[1mFirst we need to create a password-protected CA cert."
|
||||
echo ""
|
||||
echo -e "\033[0m(The Common Name should be the FQHN of your squil server.)"
|
||||
openssl req -out CA.pem -new -x509
|
||||
echo "Now we need to create a server certificate/key pair."
|
||||
openssl genrsa -out sguild.key 1024
|
||||
echo -e "\033[1mNow we need to create a certificate request to be signed by the CA."
|
||||
echo "DO NOT password protect your server key. If you do, you will be required"
|
||||
echo "to enter the password every time you start the server."
|
||||
echo -e "\033[0m"
|
||||
openssl req -key sguild.key -new -out sguild.req
|
||||
echo "Now we need to create the actual certificate for your server."
|
||||
echo 44 > file.sr1
|
||||
openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem
|
||||
echo "Finally, we need to move the certs to the '${confdir}/%%SGUILDIR%%/certs}' directory "
|
||||
echo "and clean up the port directory as well."
|
||||
for files in sguild.key sguild.pem; do
|
||||
mv ${portdir}/$files ${confdir}/%%SGUILDIR%%/certs/
|
||||
done
|
||||
for files in CA.pem privkey.pem sguild.req file.sr1; do
|
||||
rm ${portdir}/$files
|
||||
done
|
||||
;;
|
||||
n*|N*)
|
||||
echo -e "\033[1mSSL is now required for all connections between server, sensors and clients."
|
||||
echo "If you haven't already created certs, you will need to do that before sguil will work."
|
||||
echo -e "\033[0m"
|
||||
echo ""
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mIs the installation of mysql brand new and unaltered?"
|
||||
echo -e "\033[0mBy default, when mysql is installed, it creates five accounts."
|
||||
echo "None of those accounts are protected by passwords. That needs to be corrected."
|
||||
echo "The five accounts are:"
|
||||
echo " root@localhost"
|
||||
echo " root@127.0.0.1"
|
||||
echo " root@`hostname`"
|
||||
echo " @localhost"
|
||||
echo " @`hostname`"
|
||||
echo "I can remove all of the accounts except root@localhost (highly recommended) "
|
||||
echo "and I can set the password for the root@localhost account. (If you get an error "
|
||||
echo "don't worry about it. The account may not have been created to begin with."
|
||||
echo "Would you like me to do that now?" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
echo "Enabling mysql in /etc/rc.conf and starting the server....."
|
||||
case ${mysql_enable} in
|
||||
[Yy][Ee][Ss])
|
||||
echo -e "\033[1mIt appears that mysql is already enabled!"
|
||||
echo -e "\033[0m"
|
||||
;;
|
||||
*)
|
||||
echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
|
||||
echo "mysql_enable=\"YES\"" >> /etc/rc.conf
|
||||
;;
|
||||
esac
|
||||
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
|
||||
echo "The mysql pid is ${mysql_pid}...."
|
||||
if [ -z ${mysql_pid} ]; then
|
||||
%%PREFIX%%/etc/rc.d/mysql-server start
|
||||
fi
|
||||
sleep 1
|
||||
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
|
||||
if [ -s ${mysql_pid} ]; then
|
||||
echo "The mysql server did not start. Please fix the problem "
|
||||
echo "and run this script again."
|
||||
exit 64
|
||||
fi
|
||||
echo "Deleting users from mysql......"
|
||||
mysql -u root -e "USE mysql; DROP USER 'root'@'127.0.0.1';"
|
||||
mysql -u root -e "USE mysql; DROP USER 'root'@'`hostname`';"
|
||||
mysql -u root -e "USE mysql; DROP USER ''@'localhost';"
|
||||
mysql -u root -e "USE mysql; DROP USER ''@'`hostname`';"
|
||||
echo "All done deleting......."
|
||||
echo "What would you like root@localhost's password to be?" ; read rootpwd
|
||||
mysql -u root -e "USE mysql; SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpwd');"
|
||||
mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES;"
|
||||
;;
|
||||
n*|N*)
|
||||
echo "Before you use the database, you should at least set passwords"
|
||||
echo "for all the accounts. Otherwise anyone can login to your database."
|
||||
echo "To remove an account, use \"drop user 'user'@'host'\"."
|
||||
echo "To set a password for an account, use \"SET PASSWORD FOR 'user'@'host' = PASSWORD('passwd')\"."
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mWould you like to bind mysql to localhost so it only listens on that address?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
if [ ! -f /etc/my.cnf ]; then
|
||||
echo "[mysqld]" >> /etc/my.cnf
|
||||
echo "bind-address=127.0.0.1" >> /etc/my.cnf
|
||||
echo "socket=/tmp/mysql.sock" >> /etc/my.cnf
|
||||
echo "ft_min_word_len=3" >> /etc/my.cnf
|
||||
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
|
||||
echo "The mysql pid is ${mysql_pid}...."
|
||||
if [ -z ${mysql_pid} ]; then
|
||||
%%PREFIX%%/etc/rc.d/mysql-server start
|
||||
else
|
||||
%%PREFIX%%/etc/rc.d/mysql-server restart
|
||||
fi
|
||||
else
|
||||
echo "/etc/my.cnf already exists!"
|
||||
echo "add \"bind-address=127.0.0.1\" in the [mysqld] section "
|
||||
echo "to force mysql to listen only on localhost."
|
||||
echo "Then restart the server to accept the new settings."
|
||||
fi
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mWould you like to create the database to store all nsm data?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
echo "NOTE: If you're upgrading, you do NOT want to do this! You want to upgrade."
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
if [ -z ${rootpwd} ]; then
|
||||
echo "What is the password for the mysql root user?"; read rootpwd
|
||||
fi
|
||||
mysql -u root -p${rootpwd} -e "create database sguildb"
|
||||
mysql -u root -p${rootpwd} -D sguildb < ${scriptdir}/create_sguildb.sql
|
||||
;;
|
||||
n*|N*)
|
||||
echo -e "\033[1mPlease note: if you are upgrading from a previous version "
|
||||
echo "of sguil, you need to run the upgrade_0.7.tcl script located in "
|
||||
echo "'${scriptdir}'."
|
||||
echo -e "\033[0mIf you've already cleaned the port directory, run "
|
||||
echo "make extract to recover the files and access the script."
|
||||
echo ""
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mWould you like to create a user \"sguild@localhost\" for database access?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
if [ -z ${rootpwd} ]; then
|
||||
echo "Please enter the password for the mysql root account." ; read rootpwd
|
||||
fi
|
||||
echo -e "\033[1mPlease enter the password that you want to use for the sguild account."
|
||||
echo -e "\033[0m"; read sguildpwd
|
||||
echo "Creating account for sguild with access to sguildb....."
|
||||
mysql -u root -p${rootpwd} -e "GRANT ALTER,CREATE,DELETE,DROP,INDEX,INSERT,SELECT,UPDATE on sguildb.* \
|
||||
to 'sguild'@'localhost' IDENTIFIED BY '${sguildpwd}'"
|
||||
mysql -u root -p${rootpwd} -e "GRANT FILE on *.* to 'sguild'@'localhost'"
|
||||
mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES"
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mWould you like to create the data directory and all its subdirectories?"
|
||||
echo -e "\033[0m"; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
echo "What do you want the name of the main directory to be?"
|
||||
echo "(Be sure to include the full path to the directory - e.g. /var/nsm)" ; read maindir
|
||||
echo "The main directory will be named '${maindir}'."
|
||||
for dir in ${maindir} ${maindir}/archives ${maindir}/rules ${maindir}/load ; do
|
||||
if [ ! -d ${dir} ]; then
|
||||
echo "Creating ${dir} ...."
|
||||
install -d -o ${sguil_user} -g ${sguil_group} \
|
||||
-m 0750 ${dir}
|
||||
else
|
||||
echo -e "\033[1mThe directory '${dir}' already exists!"
|
||||
echo -e "\033[0m"
|
||||
fi
|
||||
done
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mWould you like to enable sguild in /etc/rc.conf?"
|
||||
echo -e "\033[0m"; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
case ${sguild_enable} in
|
||||
[Yy][Ee][Ss])
|
||||
echo -e "\033[1mIt appears that sguild is already enabled!"
|
||||
echo -e "\033[0m"
|
||||
;;
|
||||
*)
|
||||
echo -e i"\033[1mWriting to /etc/rc.conf...."
|
||||
echo -e "\033[0m"
|
||||
echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
|
||||
echo "sguild_enable=\"YES\"" >> /etc/rc.conf
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[1mIf the sguild.conf file does not exist, I will create and edit it now."
|
||||
echo -e "\033[0m"
|
||||
if [ -f ${confdir}/%%SGUILDIR%%/sguild.conf ]; then
|
||||
echo "The sguild.conf file already exists!"
|
||||
echo "Do you want me to edit it anyway?" ; read ans
|
||||
case "$ans" in
|
||||
y*|Y*)
|
||||
echo -e "\033[1mPreparing to edit the sguild.conf file......"
|
||||
if [ -z ${maindir} ]; then
|
||||
echo "There's a couple of things I need to verify before continuing."
|
||||
echo "What is the name of the main nsm directory that you are using?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
maindir="$ans"
|
||||
fi
|
||||
if [ -z ${sguildpwd} ]; then
|
||||
echo -e "\033[1mWhat is the password for the sguild database user?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
sguildpwd="$ans"
|
||||
fi
|
||||
sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
|
||||
-e 's|sguild_data|'"${maindir}"'|' \
|
||||
< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
|
||||
;;
|
||||
n*|N*)
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
else
|
||||
echo -e "\033[1mPreparing to edit the sguild.conf file......"
|
||||
if [ -z ${maindir} ]; then
|
||||
echo "There's a couple of things I need to verify before continuing."
|
||||
echo "What is the name of the main nsm directory that you are using?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
maindir="$ans"
|
||||
fi
|
||||
if [ -z ${sguildpwd} ]; then
|
||||
echo -e "\033[1mWhat is the password for the sguild database user?"
|
||||
echo -e "\033[0m" ; read ans
|
||||
sguildpwd="$ans"
|
||||
fi
|
||||
sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
|
||||
-e 's|sguild_data|'"${maindir}"'|' \
|
||||
< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
|
||||
fi
|
||||
if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.users ]; then
|
||||
cp ${confdir}/%%SGUILDIR%%/sguild.users-sample ${confdir}/%%SGUILDIR%%/sguild.users
|
||||
fi
|
||||
if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.access ]; then
|
||||
cp ${confdir}/%%SGUILDIR%%/sguild.access-sample ${confdir}/%%SGUILDIR%%/sguild.access
|
||||
fi
|
||||
echo -e "\033[1mYou still need to review all the conf files and configure sguil "
|
||||
echo "per your desired setup before starting sguild. Refer to the port docs in "
|
||||
echo "%%DOCSDIR%% before proceeding."
|
||||
echo -e "\033[0m"
|
||||
echo "Right now, all the conf files except sguild.conf are set to the defaults."
|
||||
for files in archive_sguildb.tcl sguild incident_report.tcl ; do
|
||||
if [ -f %%PREFIX%%/bin/${files} ]; then
|
||||
chown ${sguil_user}:${sguil_group} %%PREFIX%%/bin/${files}
|
||||
fi
|
||||
done
|
||||
chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/etc/%%SGUILDIR%%
|
||||
chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/lib/%%SGUILDIR%%
|
||||
if [ ! -f %%PREFIX%%/bin/sguild ]; then
|
||||
echo "Sguild is missing! Please correct the problem before continuing!"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
exit 0
|
@ -1,35 +0,0 @@
|
||||
***********************************
|
||||
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
|
||||
***********************************
|
||||
|
||||
If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
|
||||
they were not overwritten. If this is a first time install, you
|
||||
must copy the sample files to the corresponding conf file and
|
||||
edit the various config files for your site. See the INSTALL
|
||||
doc in %%DOCSDIR%% for details. If this is an upgrade, replace
|
||||
your existing conf file with the new one and edit accordingly.
|
||||
|
||||
The sql scripts for creating database tables were placed in
|
||||
the %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE
|
||||
NOTE: LOG_DIR is not set by this install. You MUST create the
|
||||
correct LOG_DIRS and put a copy of the snort rules you use in
|
||||
LOG_DIR/rules.
|
||||
|
||||
The sguild program was placed in %%PREFIX%%/bin/.
|
||||
|
||||
Some contributed scripts were placed in
|
||||
%%PREFIX%%/share/%%SGUILDIR%%/contrib
|
||||
|
||||
A startup script, named sguild.sh was installed in
|
||||
%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf
|
||||
per the instructions in the script.
|
||||
|
||||
NOTE: Sguild now runs under the sguil user account not root!
|
||||
|
||||
For general questions, see the sguil faq:
|
||||
http://www.vorant.com/nsmwiki/Sguil_FAQ or visit the nsm wiki:
|
||||
http://www.vorant.com/nsmwiki/Main_Page
|
||||
|
||||
For detailed install instructions see Richard Bejtlich's
|
||||
excellent guide at his blog:
|
||||
http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html
|
@ -1,35 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
# PROVIDE: sguild
|
||||
# REQUIRE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
# Add the following lines to /etc/rc.conf to enable sguild:
|
||||
# sguild_enable (bool): Set to YES to enable sguild
|
||||
# Default: NO
|
||||
# sguild_flags (str): Extra flags passed to sguild
|
||||
# Default: -D -P ${pid}
|
||||
# sguild_conf (str): Sguild configuration file
|
||||
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
|
||||
# sguild_user (str): Default: sguil
|
||||
# Note: this value MUST be set in /etc/rc.conf if you do not accept the default
|
||||
# user created by the pkg-install script
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="sguild"
|
||||
rcvar=sguild_enable
|
||||
load_rc_config sguild
|
||||
# set some defaults
|
||||
: ${sguild_enable:="NO"}
|
||||
: ${sguild_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"}
|
||||
: ${pid:="/var/run/%%SGUILDIR%%/sguild.pid"}
|
||||
: ${sguild_flags:="-D -P ${pid}"}
|
||||
: ${sguild_user:="sguil"}
|
||||
|
||||
command="%%PREFIX%%/bin/${name}"
|
||||
procname="%%PREFIX%%/bin/%%TCLSH%%"
|
||||
|
||||
run_rc_command "$1"
|
@ -1,22 +0,0 @@
|
||||
Sguil is an open source tool to implement Network
|
||||
Security Monitoring (NSM). NSM is the collection,
|
||||
analysis, and escalation of indications and warnings
|
||||
to detect and respond to intrusions. NSM tools are
|
||||
used more for network audit and specialized
|
||||
applications than traditional alert-centric "intrusion
|
||||
detection" systems.
|
||||
|
||||
Want to learn more about Network Security Monitoring
|
||||
(NSM)? Then check out Richard Bejtlich's recently
|
||||
released book, The Tao of Network Security Monitoring:
|
||||
Beyond Intrusion Detection. An excerpt reads:
|
||||
|
||||
"Network security monitoring (NSM) equips security
|
||||
staff to deal with the inevitable consequences of too
|
||||
few resources and too many responsibilities. NSM collects
|
||||
the data needed to generate better assessment, detection,
|
||||
and response processes--resulting in decreased impact from
|
||||
unauthorized activities."
|
||||
|
||||
WWW: http://sguil.sourceforge.net/index.php
|
||||
pauls@utdallas.edu
|
@ -1,66 +0,0 @@
|
||||
bin/sguild
|
||||
etc/%%SGUILDIR%%/autocat.conf-sample
|
||||
etc/%%SGUILDIR%%/sguild.access-sample
|
||||
etc/%%SGUILDIR%%/sguild.conf-sample
|
||||
etc/%%SGUILDIR%%/sguild.email-sample
|
||||
etc/%%SGUILDIR%%/sguild.queries-sample
|
||||
etc/%%SGUILDIR%%/sguild.reports-sample
|
||||
etc/%%SGUILDIR%%/sguild.users-sample
|
||||
lib/%%SGUILDIR%%/SguildAccess.tcl
|
||||
lib/%%SGUILDIR%%/SguildAutoCat.tcl
|
||||
lib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl
|
||||
lib/%%SGUILDIR%%/SguildConnect.tcl
|
||||
lib/%%SGUILDIR%%/SguildCreateDB.tcl
|
||||
lib/%%SGUILDIR%%/SguildEmailEvent.tcl
|
||||
lib/%%SGUILDIR%%/SguildEvent.tcl
|
||||
lib/%%SGUILDIR%%/SguildGenericDB.tcl
|
||||
lib/%%SGUILDIR%%/SguildGenericEvent.tcl
|
||||
lib/%%SGUILDIR%%/SguildHealthChecks.tcl
|
||||
lib/%%SGUILDIR%%/SguildLoaderd.tcl
|
||||
lib/%%SGUILDIR%%/SguildLoaderd.tcl.orig
|
||||
lib/%%SGUILDIR%%/SguildMysqlMerge.tcl
|
||||
lib/%%SGUILDIR%%/SguildMysqlMerge.tcl.orig
|
||||
lib/%%SGUILDIR%%/SguildPadsLib.tcl
|
||||
lib/%%SGUILDIR%%/SguildQueryd.tcl
|
||||
lib/%%SGUILDIR%%/SguildReportBuilder.tcl
|
||||
lib/%%SGUILDIR%%/SguildSendComms.tcl
|
||||
lib/%%SGUILDIR%%/SguildSensorAgentComms.tcl
|
||||
lib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl
|
||||
lib/%%SGUILDIR%%/SguildTranscript.tcl
|
||||
lib/%%SGUILDIR%%/SguildUtils.tcl
|
||||
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
|
||||
%%PORTDOCS%%%%DOCSDIR%%/FAQ
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
|
||||
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
|
||||
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/README
|
||||
%%PORTDOCS%%%%DOCSDIR%%/TODO
|
||||
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/USAGE
|
||||
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
|
||||
share/%%SGUILDIR%%/contrib/incident_report.tcl
|
||||
share/%%SGUILDIR%%/contrib/init/sguil
|
||||
share/%%SGUILDIR%%/contrib/init/sguild
|
||||
share/%%SGUILDIR%%/create_ruledb.sql
|
||||
share/%%SGUILDIR%%/create_sguildb.sql
|
||||
share/%%SGUILDIR%%/create_sguildb.sql.orig
|
||||
share/%%SGUILDIR%%/migrate_event.tcl
|
||||
share/%%SGUILDIR%%/migrate_sancp.tcl
|
||||
share/%%SGUILDIR%%/sancp_cleanup.tcl
|
||||
share/%%SGUILDIR%%/sancp_cleanup.tcl.orig
|
||||
share/%%SGUILDIR%%/update_0.7.tcl
|
||||
share/%%SGUILDIR%%/update_0.8.tcl
|
||||
share/%%SGUILDIR%%/update_sguildb_v10-v11.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v11-v12.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v12-v13.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v5-v6.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v6-v7.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v7-v8.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v8-v9.sql
|
||||
share/%%SGUILDIR%%/update_sguildb_v9-v10.sql
|
||||
@dirrm share/%%SGUILDIR%%/contrib/init
|
||||
@dirrm share/%%SGUILDIR%%/contrib
|
||||
@dirrm share/%%SGUILDIR%%
|
||||
@dirrm lib/%%SGUILDIR%%
|
||||
@dirrm etc/%%SGUILDIR%%
|
||||
%%PORTDOCS%%@dirrm %%DOCSDIR%%
|
Loading…
Reference in New Issue
Block a user