mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-21 00:25:50 +00:00
Code Issues Releases Activity

remove 3 ports: security/sguid-(client|sensor|server)

Browse Source 
These were combined to a single port at security/sguil which is also
a newer version.
This commit is contained in:
John Marino 2014-08-16 19:10:08 +00:00
parent c561c45384
commit f7e9cdf081
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=365122
41 changed files with 4 additions and 1983 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
MOVED
View File

@ -6420,3 +6420,7 @@ korean/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non
russian/unzip|archivers/unzip|2014-08-15|Merged with archivers/unzip as a new non-default option
mail/sendmail-sasl|mail/sendmail|2014-08-15|Removed: Use mail/sendmail instead
print/cups-samba||2014-08-15|Removed: defunct for long, disappeared upstream
security/sguil-client|security/sguil|2014-08-16|Merged into new port security/sguil
security/sguil-sensor|security/sguil|2014-08-16|Merged into new port security/sguil
security/sguil-server|security/sguil|2014-08-16|Merged into new port security/sguil

3
security/Makefile
View File

@ -910,9 +910,6 @@
SUBDIR += sectok
SUBDIR += secure_delete
SUBDIR += sguil
SUBDIR += sguil-client
SUBDIR += sguil-sensor
SUBDIR += sguil-server
SUBDIR += sha
SUBDIR += shibboleth2-sp
SUBDIR += shimmer

83
security/sguil-client/Makefile
View File

@ -1,83 +0,0 @@
# Created by: Paul Schmehl <pauls@utdallas.edu>
# $FreeBSD$
PORTNAME= sguil-client
PORTVERSION= 0.8.0
PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
MAINTAINER= pauls@utdallas.edu
COMMENT= Sguil is a network security monitoring program
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
dtplite:${PORTSDIR}/devel/tcllib \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX \
${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets \
gpg2:${PORTSDIR}/security/gnupg
LICENSE_NAME= QPLv1.0 COPYRIGHT
LICENSE_COMB= multi
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
LICENSE_PERMS= auto-accept
LICENSE_FILE= ${WRKSRC}/client/lib/tablelist4.1/COPYRIGHT.txt
LICENSE_PERMS= auto-accept
OPTIONS_DEFINE= AUDIO SANCP WIRESHARK DOCS
AUDIO_DESC= Install Festival Speech Synthesis
SANCP_DESC= Use sancp
WIRESHARK_DESC= Install wireshark
NO_BUILD= yes
USES= tk:wrapper
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
SUB_LIST= SGUILDIR=${SGUILDIR}
SUB_FILES= pkg-message
PLIST_SUB= SGUILDIR=${SGUILDIR}
SGUILDIR?= sguil-client
PORTDOCS1= README
PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia
LIBFILES= SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl sellib.tcl sancp.tcl \
sound.tcl guilib.tcl qrybuild.tcl qrylib.tcl report.tcl stdquery.tcl whois.tcl
.include <bsd.port.options.mk>
.if $(PORT_OPTIONS:MAUDIO)
RUN_DEPENDS+= festival:${PORTSDIR}/audio/festival
.endif
.if ${PORT_OPTIONS:MSANCP}
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
.endif
.if $(PORT_OPTIONS:MWIRESHARK)
RUN_DEPENDS+= wireshark:${PORTSDIR}/net/wireshark
.endif
do-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}
@${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/client/sguil.tk \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/sguil.tk
${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
.for f in sguil.conf
${INSTALL_DATA} ${WRKSRC}/client/${f} \
${STAGEDIR}${PREFIX}/etc/${f}-sample
.endfor
.for f in ${LIBFILES}
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib
${INSTALL_DATA} ${WRKSRC}/client/lib/${f} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/${f}
.endfor
.for f in sguil_logo_h.gif
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images
${INSTALL_DATA} ${WRKSRC}/client/lib/images/${f} \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/images/${f}
.endfor
(cd ${WRKSRC}/client/lib/tablelist4.1 && ${COPYTREE_SHARE} \* \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/lib/tablelist4.1/)
.include <bsd.port.mk>

2
security/sguil-client/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (sguil-client-0.8.0.tar.gz) = bbce49630fd6264591a1e890cba3bad11cf18e9327c9f9cc02cb6dc8a19746bd
SIZE (sguil-client-0.8.0.tar.gz) = 216433

35
security/sguil-client/files/patch-sguil.conf
View File

@ -1,35 +0,0 @@
--- client/sguil.conf.orig 2012-11-15 22:46:24.000000000 +0000
+++ client/sguil.conf 2012-11-15 22:48:28.000000000 +0000
@@ -18,7 +18,7 @@
set DEBUG 1
# PATH to tls lib if needed (tcl can usually find this by default)
-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
+#set TLS_PATH /usr/local/lib/tls1.6/libtls1.6.so
# win32 example
#set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
@@ -46,12 +46,12 @@
# If you have festival installed, then you can have alerts spoken to
# you. Set the path to the festival binary here. If you are using
# speechd from speechio.org, then leave this commented out.
-set FESTIVAL_PATH /usr/bin/festival
+set FESTIVAL_PATH /usr/local/bin/festival
# win32 example
# set FESTIVAL_PATH "c:\festival\bin\festival.exe"
# Path to wireshark (ethereal)
-set WIRESHARK_PATH /usr/sbin/wireshark
+set WIRESHARK_PATH /usr/local/bin/wireshark
# win32 example
# set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
@@ -62,7 +62,7 @@
# set WIRESHARK_STORE_DIR "c:/tmp"
# Favorite browser for looking at sig info on snort.org
-set BROWSER_PATH /usr/bin/firefox
+set BROWSER_PATH /usr/local/bin/firefox
# win32 example (IE)
# set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe

28
security/sguil-client/files/patch-sguil.tk
View File

@ -1,28 +0,0 @@
--- client/sguil.tk.orig 2012-11-15 22:24:35.000000000 +0000
+++ client/sguil.tk 2012-11-15 22:26:33.000000000 +0000
@@ -88,7 +88,7 @@
# Load iwidgets and namespaces
if [catch {package require Iwidgets} iwidgetsVersion] {
- puts "ERROR: Cannot fine the Iwidgets extension."
+ puts "ERROR: Cannot find the Iwidgets extension."
puts "The iwidgets package is part of the incr tcl extension and is"
puts "available as a port/package most systems."
puts "See http://www.tcltk.com/iwidgets/ for more info."
@@ -2053,11 +2053,11 @@
set CONF_FILE $env(HOME)/sguil.conf
} elseif { [file exists ./sguil.conf] } {
set CONF_FILE ./sguil.conf
- } elseif { [file exists /etc/sguil] &&\
- [file isdirectory /etc/sguil] &&\
- [file exists /etc/sguil/sguil.conf] &&\
- [file readable /etc/sguil/sguil.conf] } {
- set CONF_FILE /etc/sguil/sguil.conf
+ } elseif { [file exists /usr/local/etc/sguil] &&\
+ [file isdirectory /usr/local/etc/sguil] &&\
+ [file exists /usr/local/etc/sguil/sguil.conf] &&\
+ [file readable /usr/local/etc/sguil/sguil.conf] } {
+ set CONF_FILE /usr/local/etc/sguil/sguil.conf
} else {
puts "Couldn't determine where the sguil config file is"
puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."

14
security/sguil-client/files/pkg-message.in
View File

@ -1,14 +0,0 @@
See the USAGE document in the %%DOCSDIR%% for instructions
on how to use the sguil client to connect to and maintain
the sguil network monitoring system.
NOTE: This port installs a sguil.conf-sample file in
%%PREFIX%%/bin/%%SGUILDIR%%/. If you are installing this on a
multi-user system, each user might want to have a
sguil.conf file in their home directory. Sguil.tk sources
the home directory first for the sguil.conf file.
There are several items in the conf file that may need
editing, including the path to your web browser, the name
of the sguil server you connect to and possibly the port
you connect to (if you're not using the default port.)

16
security/sguil-client/pkg-descr
View File

@ -1,16 +0,0 @@
Sguil (pronounced "sgweel") is a graphical interface to snort
(www.snort.org), an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
The client requires tls, gpg, iwidgets and other tcl packages and may
also use wireshark, sancp and festival depending on your selection
of options. Run "make config" in the port to see what options
are available.
Sguil currently functions as an analysis interface and does not yet
have rule management capabilities.
WWW: http://sguil.sourceforge.net/index.php
pauls@utdallas.edu

75
security/sguil-client/pkg-plist
View File

@ -1,75 +0,0 @@
bin/%%SGUILDIR%%/images/sguil_logo_h.gif
bin/%%SGUILDIR%%/lib/SguilUtil.tcl
bin/%%SGUILDIR%%/lib/dkffont.tcl
bin/%%SGUILDIR%%/lib/email17.tcl
bin/%%SGUILDIR%%/lib/extdata.tcl
bin/%%SGUILDIR%%/lib/guilib.tcl
bin/%%SGUILDIR%%/lib/qrybuild.tcl
bin/%%SGUILDIR%%/lib/qrylib.tcl
bin/%%SGUILDIR%%/lib/report.tcl
bin/%%SGUILDIR%%/lib/sancp.tcl
bin/%%SGUILDIR%%/lib/sellib.tcl
bin/%%SGUILDIR%%/lib/sound.tcl
bin/%%SGUILDIR%%/lib/stdquery.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/COPYRIGHT.txt
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineDown8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/DarkLineUp8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineDown8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/LightLineUp8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x4.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown7x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x5.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleDown9x5.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp10x9.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp12x11.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x4.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp7x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x5.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp8x7.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/TriangleUp9x5.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/checked.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/images/unchecked.xbm
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/mwutil.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/repair.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistBind.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistConfig.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistEdit.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistMove.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistSort.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistThemes.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistUtil.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tablelistWidget.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/scripts/tclIndex
bin/%%SGUILDIR%%/lib/tablelist4.1/tablelist.tcl
bin/%%SGUILDIR%%/lib/tablelist4.1/tablelistPublic.tcl
bin/%%SGUILDIR%%/lib/whois.tcl
bin/%%SGUILDIR%%/sguil.tk
etc/sguil.conf-sample
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
%%PORTDOCS%%%%DOCSDIR%%/FAQ
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
%%PORTDOCS%%%%DOCSDIR%%/USAGE
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/scripts
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1/images
@dirrm bin/%%SGUILDIR%%/lib/tablelist4.1
@dirrm bin/%%SGUILDIR%%/lib
@dirrm bin/%%SGUILDIR%%/images
@dirrm bin/%%SGUILDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%

114
security/sguil-sensor/Makefile
View File

@ -1,114 +0,0 @@
# Created by: Paul Schmehl <pauls@utdallas.edu>
# $FreeBSD$
PORTNAME= sguil-sensor
PORTVERSION= 0.8.0
CATEGORIES= security
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
MAINTAINER= pauls@utdallas.edu
COMMENT= Sguil is a network security monitoring program
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
barnyard2:${PORTSDIR}/security/barnyard2-sguil \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
OPTIONS_DEFINE= PADS SANCP DOCS
PADS_DESC= Include pads sensor
SANCP_DESC= Include sancp sensor
LICENSE_NAME= QPLv1.0
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
LICENSE_PERMS= auto-accept
NO_BUILD= yes
USE_RC_SUBR= pcap_agent snort_agent
TCL_VER= 8.5
TCLSH= tclsh${TCL_VER}
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
PATCH_WRKSRC= ${WRKSRC}/sensor
SGUILDIR?= sguil-sensor
SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
SUB_FILES= pkg-message
PLIST_SUB= SGUILDIR=${SGUILDIR}
AGENTS= pcap_agent.tcl snort_agent.tcl
CONFS= pcap_agent.conf snort_agent.conf
LOG_SCRIPTS= log_packets-daemonlogger.sh log_packets.sh
WITH_PCRE= true
PORTDOCS1= README
PORTDOCS2= README.daemonlogger
PORTDOCS3= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README \
TODO UPGRADE USAGE sguildb.dia
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MSANCP}
AGENTS+= sancp_agent.tcl pcap_agent-sancp.tcl
CONFS+= sancp_agent.conf sancp-indexed.conf pcap_agent-sancp.conf
RUN_DEPENDS+= sancp:${PORTSDIR}/security/sancp
USE_RC_SUBR+= sancp_agent pcap_agent-sancp
PLIST_SUB+= USESANCP=""
.else
PLIST_SUB+= USESANCP="@comment "
.endif
.if ${PORT_OPTIONS:MPADS}
AGENTS+= pads_agent.tcl
CONFS+= pads_agent.conf
RUN_DEPENDS+= pads:${PORTSDIR}/net-mgmt/pads
USE_RC_SUBR+= pads_agent
PLIST_SUB+= USEPADS=""
.else
PLIST_SUB+= USEPADS="@comment "
.endif
post-patch:
.for f in ${AGENTS}
@${REINPLACE_CMD} 's|/bin/sh|${PREFIX}/bin/${TCLSH}|' \
${WRKSRC}/sensor/${f}
.endfor
do-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/bin/${SGUILDIR}
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/${SGUILDIR}
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib
@${MKDIR} ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init
@${MKDIR} ${STAGEDIR}${DOCSDIR}
(cd ${WRKSRC}/sensor/contrib && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/contrib "! -name ossec_agent.tcl.orig")
(cd ${WRKSRC}/sensor/init && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/share/${SGUILDIR}/init)
${INSTALL_DATA} ${PORTDOCS1:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${PORTDOCS2:S|^|${WRKSRC}/sensor/|} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${PORTDOCS3:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
.for f in ${AGENTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
.for f in ${LOG_SCRIPTS}
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
.for f in ${CONFS}
${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
.if ${PORT_OPTIONS:MSANCP}
.for f in log_packets-sancp.sh
${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
${STAGEDIR}${PREFIX}/bin/${SGUILDIR}/${f}
.endfor
.for f in sancp.conf
${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
${STAGEDIR}${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
.endif
post-install:
.if ${PORT_OPTIONS:MSANCP}
.for f in README.sancp_indexed_pcap
cd ${WRKSRC}/sensor && ${INSTALL_DATA} ${f} ${STAGEDIR}${DOCSDIR}
.endfor
.endif
.include <bsd.port.mk>

2
security/sguil-sensor/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (sguil-sensor-0.8.0.tar.gz) = aa4617c4f9cf1d598c6d728afed50cd6f90dc5d1516a6eda8126401b7bba4be5
SIZE (sguil-sensor-0.8.0.tar.gz) = 142829

34
security/sguil-sensor/files/example_agent.in
View File

@ -1,34 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: example_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable example_agent:
# example_agent_enable (bool): Set to YES to enable example_agent
# Default: NO
# example_agent_conf (str): Example_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf
# example_agent_flags (str): Default: -D
#
. /etc/rc.subr
load_rc_config example_agent
#set defaults
example_agent_enable=${example_agent_enable:-"NO"}
example_agent_conf=${example_agent_conf:-"%%PREFIX%%/etc/%%SGUILDIR%%/example_agent.conf"}
example_agent_flags=${example_agent_flags:-"-D"}
name="example_agent"
rcvar=example_agent_enable
command="%%PREFIX%%/bin/%%SGUILDIR%%/example_agent.tcl"
command_args="-c ${example_agent_conf} ${example_agent_flags}"
procname="%%PREFIX%%/bin/tclsh8.4"
pidfile="/var/run/${name}.pid"
check_pidfile="${pidfile} ${procname} /bin/sh"
run_rc_command "$1"

66
security/sguil-sensor/files/pads_agent.in
View File

@ -1,66 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: pads_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pads_agent:
# pads_agent_enable (bool): Set to YES to enable pads_agent
# Default: NO
# pads_agent_conf (str): Pads_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf
# pads_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="pads_agent"
rcvar=${name}_enable
load_rc_config ${name}
#set defaults
: ${pads_agent_enable:="NO"}
: ${pads_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pads_agent.conf"}
: ${pads_agent_flags:="-D -c ${pads_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pads_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
start_precmd="pads_agent_ck4fifo"
stop_postcmd="pads_agent_rmfifo"
pads_agent_ck4fifo()
{
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
if [ ! -p ${PADS_FIFO} ]; then
echo "${PADS_FIFO} does not exist. Creating now....."
/usr/bin/mkfifo ${PADS_FIFO}
fi
echo "Checking for ${PADS_FIFO}...."
if [ -p ${PADS_FIFO} ]; then
echo "Confirmed! ${PADS_FIFO} exists."
else
echo "I tried to create ${PADS_FIFO} and failed."
echo "You will need to create it manually before starting ${name}."
fi
}
pads_agent_rmfifo()
{
LOG_DIR=`grep "LOG_DIR " ${pads_agent_conf} | awk '{print $3}'`
HOSTNAME=`grep "HOSTNAME " ${pads_agent_conf} | awk '{print $3}'`
PADS_FIFO=${LOG_DIR}/${HOSTNAME}/pads.fifo
if [ -p ${PADS_FIFO} ]; then
/bin/rm ${PADS_FIFO}
echo "Removing ${PADS_FIFO}...."
fi
}
run_rc_command "$1"

30
security/sguil-sensor/files/patch-ossec_agent.tcl
View File

@ -1,30 +0,0 @@
--- contrib/ossec_agent/ossec_agent.tcl.orig 2012-12-17 22:47:18.000000000 +0000
+++ contrib/ossec_agent/ossec_agent.tcl 2012-12-17 22:48:45.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# OSSEC agent for Sguil 0.7.0. Based on the "example_agent.tcl" code
# distributed with sguil.
@@ -593,9 +591,9 @@
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/ossec_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/ossec_agent.conf] } {
- set CONF_FILE /etc/ossec_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/ossec_agent.conf
} elseif { [file exists ./ossec_agent.conf] } {
@@ -604,7 +602,7 @@
} else {
puts "Couldn't determine where the ossec_agent.tcl config file is"
- puts "Looked for /etc/ossec_agent.conf and ./ossec_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/ossec_agent.conf and ./ossec_agent.conf."
DisplayUsage $argv0
}

39
security/sguil-sensor/files/patch-pads_agent.tcl
View File

@ -1,39 +0,0 @@
--- pads_agent.tcl.orig 2012-12-19 21:25:26.000000000 +0000
+++ pads_agent.tcl 2012-12-19 21:27:37.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pads_agent.tcl,v 1.13 2011/02/17 02:55:48 bamm Exp $ #
@@ -332,7 +330,7 @@
id process group set
if {[fork]} {exit 0}
set PID [id process]
- if { ![info exists PID_FILE] } { set PID_FILE "/var/run/sensor_agent.pid" }
+ if { ![info exists PID_FILE] } { set PID_FILE "/var/run/pads_agent.pid" }
set PID_DIR [file dirname $PID_FILE]
if { ![file exists $PID_DIR] || ![file isdirectory $PID_DIR] || ![file writable $PID_DIR] } {
puts "ERROR: Directory $PID_DIR does not exists or is not writable."
@@ -380,16 +378,16 @@
}
}
# Parse the config file here
-# Default location is /etc/pads_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pads_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pads_agent.conf] } {
- set CONF_FILE /etc/pads_agent.conf
+ if { [file exists /usr/local/etc/sguil-sensor/pads_agent.conf] } {
+ set CONF_FILE /usr/local/etc/sguil-sensor/pads_agent.conf
} elseif { [file exists ./pads_agent.conf] } {
set CONF_FILE ./pads_agent.conf
} else {
puts "Couldn't determine where the sensor_agent.tcl config file is"
- puts "Looked for /etc/pads_agent.conf and ./pads_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pads_agent.conf and ./pads_agent.conf."
DisplayUsage $argv0
}
}

35
security/sguil-sensor/files/patch-pcap_agent-sancp.tcl
View File

@ -1,35 +0,0 @@
--- pcap_agent-sancp.tcl.orig 2012-12-17 22:36:43.000000000 +0000
+++ pcap_agent-sancp.tcl 2012-12-17 22:38:22.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pcap_agent-sancp.tcl,v 1.2 2008/05/29 19:25:50 hanashi Exp $ #
@@ -754,13 +752,13 @@
}
# Parse the config file here
-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pcap_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
- set CONF_FILE /etc/pcap_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
} elseif { [file exists ./pcap_agent.conf] } {
@@ -769,7 +767,7 @@
} else {
puts "Couldn't determine where the pcap_agent.tcl config file is"
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
DisplayUsage $argv0
}

35
security/sguil-sensor/files/patch-pcap_agent.tcl
View File

@ -1,35 +0,0 @@
--- pcap_agent.tcl.orig 2012-12-17 22:31:44.000000000 +0000
+++ pcap_agent.tcl 2012-12-17 22:42:50.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: pcap_agent.tcl,v 1.13 2011/03/10 22:03:33 bamm Exp $ #
@@ -771,13 +769,13 @@
}
# Parse the config file here
-# Default location is /etc/pcap_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/pcap_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/pcap_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/pcap_agent.conf] } {
- set CONF_FILE /etc/pcap_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/pcap_agent.conf
} elseif { [file exists ./pcap_agent.conf] } {
@@ -786,7 +784,7 @@
} else {
puts "Couldn't determine where the pcap_agent.tcl config file is"
- puts "Looked for /etc/pcap_agent.conf and ./pcap_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/pcap_agent.conf and ./pcap_agent.conf."
DisplayUsage $argv0
}

30
security/sguil-sensor/files/patch-sancp_agent.tcl
View File

@ -1,30 +0,0 @@
--- sancp_agent.tcl.orig 2012-12-17 22:43:39.000000000 +0000
+++ sancp_agent.tcl 2012-12-17 22:44:56.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: sancp_agent.tcl,v 1.15 2011/03/10 22:03:33 bamm Exp $ #
@@ -582,16 +580,16 @@
}
}
# Parse the config file here
-# Default location is /etc/sancp_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/sancp_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/sancp_agent.conf] } {
- set CONF_FILE /etc/sancp_agent.conf
+ if { [file exists /usr/local/etc/sguil-sensor/sancp_agent.conf] } {
+ set CONF_FILE /usr/local/etc/sguil-sensor/sancp_agent.conf
} elseif { [file exists ./sancp_agent.conf] } {
set CONF_FILE ./sancp_agent.conf
} else {
puts "Couldn't determine where the sancp_agent.tcl config file is"
- puts "Looked for /etc/sancp_agent.conf and ./sancp_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/sancp_agent.conf and ./sancp_agent.conf."
DisplayUsage $argv0
}
}

35
security/sguil-sensor/files/patch-snort_agent.tcl
View File

@ -1,35 +0,0 @@
--- snort_agent.tcl.orig 2012-12-17 22:33:35.000000000 +0000
+++ snort_agent.tcl 2012-12-17 22:39:39.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: snort_agent.tcl,v 1.9 2011/02/17 02:55:48 bamm Exp $ #
@@ -680,13 +678,13 @@
}
# Parse the config file here
-# Default location is /etc/snort_agent.conf or pwd
+# Default location is /usr/local/etc/sguil-sensor/snort_agent.conf or pwd
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/snort_agent.conf] } {
+ if { [file exists /usr/local/etc/sguil-sensor/snort_agent.conf] } {
- set CONF_FILE /etc/snort_agent.conf
+ set CONF_FILE /usr/local/etc/sguil-sensor/snort_agent.conf
} elseif { [file exists ./snort_agent.conf] } {
@@ -695,7 +693,7 @@
} else {
puts "Couldn't determine where the snort_agent.tcl config file is"
- puts "Looked for /etc/snort_agent.conf and ./snort_agent.conf."
+ puts "Looked for /usr/local/etc/sguil-sensor/snort_agent.conf and ./snort_agent.conf."
DisplayUsage $argv0
}

32
security/sguil-sensor/files/pcap_agent-sancp.in
View File

@ -1,32 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: pcap_agent-sancp
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pcap_agent-sancp:
# pcap_agent-sancp_enable (bool): Set to YES to enable pcap_agent-sancp
# Default: NO
# pcap_agent-sancp_conf (str): Pads_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf
# pcap_agent-sancp_flags (str): Default: -D
#
. /etc/rc.subr
name="pcap_agent-sancp"
rcvar=pcap_agent-sancp_enable
load_rc_config pcap_agent-sancp
#set defaults
: ${pcap_agent-sancp_enable:="NO"}
: ${pcap_agent-sancp_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent-sancp.conf"}
: ${pcap_agent-sancp_flags:="-D -c ${pcap_agent-sancp_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent-sancp.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

32
security/sguil-sensor/files/pcap_agent.in
View File

@ -1,32 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: pcap_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable pcap_agent:
# pcap_agent_enable (bool): Set to YES to enable pcap_agent
# Default: NO
# pcap_agent_conf (str): Pcap_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf
# pcap_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="pcap_agent"
rcvar=pcap_agent_enable
load_rc_config pcap_agent
#set defaults
: ${pcap_agent_enable:="NO"}
: ${pcap_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/pcap_agent.conf"}
: ${pcap_agent_flags:="-D -c ${pcap_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/pcap_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

31
security/sguil-sensor/files/pkg-message.in
View File

@ -1,31 +0,0 @@
***********************************
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
If you already had barnyard2 installed, this port will NOT deinstall
it and install the barnyard2-sguil port instead. You will need to
deinstall the barnyard2 port and install the barnyard2-sguil port yourself
instead. This port WILL NOT WORK without the barnyard2-sguil port!!
See the %%DOCSDIR%%/INSTALL doc for details on the
configuration and for croning the script.
WARNING!!! Sguil et al will fill up your /tmp directory very
quickly. You should probably configure sguil et al to log to
another partition/location (e.g. /nsm/tmp/).
You must ALSO edit all of the sensor conf files (located in
%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before
starting the sensor_agents.
A number of ancilliary things have been installed in
%%PREFIX%%/share/%%SGUILDIR%%.
If you chose to run sancp, and you already had a sancp.conf file in
%%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.
The new sancp.conf-sample file contains the settings for squil. NOTE:
the conf file is for sancp 1.5.3. It may need additional edits to work
with the current ports version of sancp. If you still want to maintain
the customized sancp.conf file, then copy the new sancp.conf-sample
file to sguild-sancp.conf (for example) and add
sancp_conf=%%PREFIX%%/etc/sguild-sancp.conf to /etc/rc.conf.

32
security/sguil-sensor/files/sancp_agent.in
View File

@ -1,32 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: sancp_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable sancp_agent:
# sancp_agent_enable (bool): Set to YES to enable sancp_agent
# Default: NO
# sancp_agent_conf (str): Sancp_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf
# sancp_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="sancp_agent"
rcvar=sancp_agent_enable
load_rc_config sancp_agent
#set defaults
: ${sancp_agent_enable:="NO"}
: ${sancp_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sancp_agent.conf"}
: ${sancp_agent_flags:="-D -c ${sancp_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/sancp_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

32
security/sguil-sensor/files/snort_agent.in
View File

@ -1,32 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: snort_agent
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following line to /etc/rc.conf to enable snort_agent:
# snort_agent_enable (bool): Set to YES to enable snort_agent
# Default: NO
# snort_agent_conf (str): Snort_agent configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf
# snort_agent_flags (str): Default: -D
#
. /etc/rc.subr
name="snort_agent"
rcvar=snort_agent_enable
load_rc_config snort_agent
#set defaults
: ${snort_agent_enable:="NO"}
: ${snort_agent_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/snort_agent.conf"}
: ${snort_agent_flags:="-D -c ${snort_agent_conf}"}
command="%%PREFIX%%/bin/%%SGUILDIR%%/snort_agent.tcl"
procname="%%PREFIX%%/bin/%%TCLSH%%"
pidfile="/var/run/${name}.pid"
run_rc_command "$1"

17
security/sguil-sensor/pkg-descr
View File

@ -1,17 +0,0 @@
Sguil (pronounced "sgweel") is a graphical interface to snort
(www.snort.org), an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk
(www.tcl.tk). Sguil also relies on other open source software
in order to function properly.
The sensor list includes security/barnyard2-sguil, security/snort,
security/sancp, net-mgmt/pads, tcpdump (a part of the OS)
and devel/tcltls as well as lang/tcl84 and lang/tclX. Care
has been taken to ensure that everything you need to build
a working sguil operation is in the FreeBSD ports system or
is part of the OS already.
Sguil currently functions as an analysis interface and has
rule management capabilities.
WWW: http://sguil.sourceforge.net/index.php

41
security/sguil-sensor/pkg-plist
View File

@ -1,41 +0,0 @@
bin/%%SGUILDIR%%/log_packets-daemonlogger.sh
bin/%%SGUILDIR%%/log_packets.sh
bin/%%SGUILDIR%%/pcap_agent.tcl
bin/%%SGUILDIR%%/snort_agent.tcl
etc/%%SGUILDIR%%/pcap_agent.conf-sample
etc/%%SGUILDIR%%/snort_agent.conf-sample
share/%%SGUILDIR%%/contrib/ossec_agent/README
share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.conf
share/%%SGUILDIR%%/contrib/ossec_agent/ossec_agent.tcl
share/%%SGUILDIR%%/contrib/portscan_loader/Makefile
share/%%SGUILDIR%%/contrib/portscan_loader/portscan_loader.c
share/%%SGUILDIR%%/init/sensoragent
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
%%PORTDOCS%%%%DOCSDIR%%/FAQ
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
%%PORTDOCS%%%%DOCSDIR%%/USAGE
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
%%PORTDOCS%%%%DOCSDIR%%/README.daemonlogger
%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
%%USESANCP%%bin/%%SGUILDIR%%/log_packets-sancp.sh
%%USESANCP%%bin/%%SGUILDIR%%/pcap_agent-sancp.tcl
%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
%%USESANCP%%etc/%%SGUILDIR%%/sancp-indexed.conf-sample
%%USESANCP%%etc/%%SGUILDIR%%/pcap_agent-sancp.conf-sample
%%USESANCP%%etc/%%SGUILDIR%%/sancp.conf-sample
%%USESANCP%%%%DOCSDIR%%/README.sancp_indexed_pcap
@dirrm share/%%SGUILDIR%%/init
@dirrm share/%%SGUILDIR%%/contrib/portscan_loader
@dirrm share/%%SGUILDIR%%/contrib/ossec_agent
@dirrm share/%%SGUILDIR%%/contrib
@dirrm share/%%SGUILDIR%%
@dirrmtry etc/%%SGUILDIR%%
@dirrm bin/%%SGUILDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%

89
security/sguil-server/Makefile
View File

@ -1,89 +0,0 @@
# Created by: Paul Schmehl <pauls@utdallas.edu>
# $FreeBSD$
PORTNAME= sguil-server
PORTVERSION= 0.8.0
CATEGORIES= security
MASTER_SITES= SF/sguil/sguil/sguil-${PORTVERSION}
MAINTAINER= pauls@utdallas.edu
COMMENT= Sguil is a network security monitoring program
RUN_DEPENDS= tcltls>=0:${PORTSDIR}/devel/tcltls \
p0f:${PORTSDIR}/net-mgmt/p0f \
tcpflow:${PORTSDIR}/net/tcpflow \
dtplite:${PORTSDIR}/devel/tcllib \
${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
OPTIONS_DEFINE= MYSQL
MYSQL_DESC= Depend on databases/mysqltcl
LICENSE_NAME= QPLv1.0
LICENSE_FILE= ${WRKSRC}/doc/LICENSE.QPL
LICENSE_PERMS= auto-accept
IS_INTERACTIVE= yes
NO_BUILD= yes
USE_RC_SUBR= sguild
TCL_VER= 8.5
TCLSH= tclsh${TCL_VER}
MYSQLTCL_CMDS= cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION
SGUILDIR?= sguild
WRKSRC= ${WRKDIR}/sguil-${PORTVERSION}
PATCH_WRKSRC= ${WRKSRC}/server
PLIST_SUB= SGUILDIR=${SGUILDIR}
SUB_FILES= pkg-message pkg-install pkg-deinstall
SUB_LIST= SGUILDIR=${SGUILDIR} TCLSH=${TCLSH}
CONFS= autocat.conf sguild.access sguild.email sguild.reports sguild.conf sguild.queries sguild.users
PORTDOCS1= README
PORTDOCS2= CHANGES FAQ INSTALL INSTALL.openbsd OPENSSL.README TODO UPGRADE USAGE sguildb.dia
NO_STAGE= yes
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MMYSQL}
@${ECHO_CMD} $$(${MYSQLTCL_CMDS})
RUN_DEPENDS+= ${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl
.endif
post-patch:
@${REINPLACE_CMD} 's|/bin/sh|/usr/local/bin/${TCLSH}|' \
${PATCH_WRKSRC}/sguild
pre-install:
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
.endif
@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
@${MKDIR} ${PREFIX}/lib/${SGUILDIR}
@${MKDIR} ${PREFIX}/share/${SGUILDIR}
@${MKDIR} ${PREFIX}/share/${SGUILDIR}/contrib
@${MKDIR} /var/run/${SGUILDIR}
do-install:
(cd ${WRKSRC}/server/lib && ${COPYTREE_BIN} \* ${PREFIX}/lib/${SGUILDIR})
(cd ${WRKSRC}/server/sql_scripts && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR})
(cd ${WRKSRC}/server/contrib && ${COPYTREE_SHARE} \* ${PREFIX}/share/${SGUILDIR}/contrib)
.for f in sguild
${INSTALL_SCRIPT} -m 555 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f}
.endfor
.for f in ${CONFS}
${INSTALL_DATA} -m 441 ${PATCH_WRKSRC}/${f} ${PREFIX}/etc/${SGUILDIR}/${f}-sample
.endfor
post-install:
.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
.endif
.if ${PORT_OPTIONS:MDOCS}
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS1} ${DOCSDIR}
cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS2} ${DOCSDIR}
.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.mk>

2
security/sguil-server/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (sguil-server-0.8.0.tar.gz) = faa7152ddbdc0ba797c79d6419bf3ae50bfd6dbba4b2cd28ccb04a55ef788360
SIZE (sguil-server-0.8.0.tar.gz) = 102236

29
security/sguil-server/files/patch-lib-SguildLoaderd.tcl
View File

@ -1,29 +0,0 @@
--- lib/SguildLoaderd.tcl.orig 2012-10-12 21:07:19.000000000 +0000
+++ lib/SguildLoaderd.tcl 2012-10-12 21:15:06.000000000 +0000
@@ -124,7 +124,7 @@
INDEX dst_port (dst_port), \
INDEX src_port (src_port), \
INDEX start_time (start_time) \
- ) \
+ )ENGINE=MyISAM \
"
# Create the table
@@ -177,7 +177,7 @@
INDEX dst_port (dst_port), \
INDEX src_port (src_port), \
INDEX start_time (start_time) \
- ) TYPE=MERGE UNION=([join $tmpTables ,]) \
+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \
"
# Create our MERGE sancp table
mysqlexec $dbSocketID $createQuery
@@ -220,7 +220,7 @@
} else {
# Make sure its a MERGE table and not the old monster
set tableStatus [mysqlsel $LOADERD_DB_ID {SHOW TABLE STATUS LIKE 'sancp'} -flatlist]
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
ErrorMessage "ERROR: loaderd: You appear to be using an old version of the\n\
sguil database schema that does not support the MERGE sancp\n\

11
security/sguil-server/files/patch-lib-SguildMysqlMerge.tcl
View File

@ -1,11 +0,0 @@
--- lib/SguildMysqlMerge.tcl.orig 2012-10-12 21:18:22.000000000 +0000
+++ lib/SguildMysqlMerge.tcl 2012-10-12 21:19:41.000000000 +0000
@@ -9,7 +9,7 @@
set tmpQry "SHOW TABLE STATUS LIKE '$tableName'"
set tableStatus [mysqlsel $MAIN_DB_SOCKETID $tmpQry -flatlist]
- if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MyISAM" ] } {
+ if { $tableStatus != "" && ![ string equal -nocase [lindex $tableStatus 1] "MRG_MYISAM" ] } {
# Non MERGE table found.
set errorMsg "\n*************************************************************\n

99
security/sguil-server/files/patch-sguild
View File

@ -1,99 +0,0 @@
--- sguild.orig 2012-12-17 20:54:14.000000000 +0000
+++ sguild 2012-12-17 20:56:47.000000000 +0000
@@ -1,6 +1,4 @@
#!/bin/sh
-# Run tcl from users PATH \
-exec tclsh "$0" "$@"
# $Id: sguild,v 1.193 2011/05/29 15:41:16 bamm Exp $ #
@@ -218,7 +216,7 @@
##################################
# Do all priv account actions here.
-# Open log files/etc. Privs will be dropped after.
+# Open log files/usr/local/etc. Privs will be dropped after.
if { ![info exists LOG_PATH] } { set LOG_PATH /var/log/sguild }
@@ -318,7 +316,7 @@
# Check for certs
if {![info exists CERTS_PATH]} {
- set CERTS_PATH /etc/sguild/certs
+ set CERTS_PATH /usr/local/etc/sguild/certs
}
@@ -348,13 +346,13 @@
if { ![info exists CONF_FILE] } {
# No conf file specified check the defaults
- if { [file exists /etc/sguild/sguild.conf] } {
- set CONF_FILE /etc/sguild/sguild.conf
+ if { [file exists /usr/local/etc/sguild/sguild.conf] } {
+ set CONF_FILE /usr/local/etc/sguild/sguild.conf
} elseif { [file exists ./sguild.conf] } {
set CONF_FILE ./sguild.conf
} else {
puts "Couldn't determine where the sguil config file is"
- puts "Looked for ./sguild.conf and /etc/sguild/sguild.conf."
+ puts "Looked for ./sguild.conf and /usr/local/etc/sguild/sguild.conf."
DisplayUsage $argv0
}
}
@@ -476,8 +474,8 @@
# Load accessfile
if { ![info exists ACCESS_FILE] } {
# Check the defaults
- if { [file exists /etc/sguild/sguild.access] } {
- set ACCESS_FILE "/etc/sguild/sguild.access"
+ if { [file exists /usr/local/etc/sguild/sguild.access] } {
+ set ACCESS_FILE "/usr/local/etc/sguild/sguild.access"
} elseif { [file exists ./sguild.access] } {
set ACCESS_FILE "./sguild.access"
} else {
@@ -491,8 +489,8 @@
}
# Load auto cat config
if { ![info exists AUTOCAT_FILE] } {
- if { [file exists /etc/sguild/autocat.conf] } {
- set AUTOCAT_FILE "/etc/sguild/autocat.conf"
+ if { [file exists /usr/local/etc/sguild/autocat.conf] } {
+ set AUTOCAT_FILE "/usr/local/etc/sguild/autocat.conf"
} else {
set AUTOCAT_FILE "./autocat.conf"
}
@@ -502,8 +500,8 @@
}
# Load email config file
if { ![info exists EMAIL_FILE] } {
- if { [file exists /etc/sguild/sguild.email] } {
- set EMAIL_FILE "/etc/sguild/sguild.email"
+ if { [file exists /usr/local/etc/sguild/sguild.email] } {
+ set EMAIL_FILE "/usr/local/etc/sguild/sguild.email"
} else {
set EMAIL_FILE "./sguild.email"
}
@@ -515,8 +513,8 @@
}
# Load global queries.
if { ![info exists GLOBAL_QRY_FILE] } {
- if { [file exists /etc/sguild/sguild.queries] } {
- set GLOBAL_QRY_FILE "/etc/sguild/sguild.queries"
+ if { [file exists /usr/local/etc/sguild/sguild.queries] } {
+ set GLOBAL_QRY_FILE "/usr/local/etc/sguild/sguild.queries"
} else {
set GLOBAL_QRY_FILE "./sguild.queries"
}
@@ -528,8 +526,8 @@
}
# Load report queries.
if { ![info exists REPORT_QRY_FILE] } {
- if { [file exists /etc/sguild/sguild.reports] } {
- set REPORT_QRY_FILE "/etc/sguild/sguild.reports"
+ if { [file exists /usr/local/etc/sguild/sguild.reports] } {
+ set REPORT_QRY_FILE "/usr/local/etc/sguild/sguild.reports"
} else {
set REPORT_QRY_FILE "./sguild.reports"
}

12
security/sguil-server/files/patch-sguild.access
View File

@ -1,12 +0,0 @@
--- sguild.access.orig 2008-04-03 17:55:46.000000000 -0500
+++ sguild.access 2008-04-03 17:56:50.000000000 -0500
@@ -4,7 +4,8 @@
# This file is used by sguild for access control. It is read upon init #
# or when sguild receives a HUP signal. #
# #
-# By default, sguild will look first for /etc/sguild/sguild.access, #
+# By default, sguild will look first for #
+# /usr/local/etc/sguild/sguild.access, #
# then ./sguild.access unless the -A /path/to/sguild.access switch #
# is used. #
# #

28
security/sguil-server/files/patch-sguild.conf
View File

@ -1,28 +0,0 @@
--- sguild.conf.orig 2008-04-03 17:47:18.000000000 -0500
+++ sguild.conf 2008-04-03 17:53:11.000000000 -0500
@@ -1,7 +1,7 @@
# $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
# Path the sguild libs
-set SGUILD_LIB_PATH ./lib
+set SGUILD_LIB_PATH /usr/local/lib/sguild
# DEBUG 0=off 1=important stuff 2=everything. Option 2 is VERY chatty.
set DEBUG 2
@@ -63,7 +63,7 @@
# You MUST have tcpflow installed to get xscripts
# http://www.circlemud.org/~jelson/software/tcpflow/
-set TCPFLOW "/usr/bin/tcpflow"
+set TCPFLOW "/usr/local/bin/tcpflow"
# p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
# If you have p0f (a passive OS fingerprinting system) installed, you can have
@@ -74,6 +74,6 @@
# Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
# add any others you may need here.
-set P0F_PATH "/usr/sbin/p0f"
+set P0F_PATH "/usr/local/bin/p0f"
# Email config moved to sguild.email

176
security/sguil-server/files/patch-sql_scripts-create_sguildb.sql
View File

@ -1,176 +0,0 @@
--- sql_scripts/create_sguildb.sql.orig 2012-10-12 21:39:20.000000000 +0000
+++ sql_scripts/create_sguildb.sql 2012-10-12 21:53:42.000000000 +0000
@@ -3,7 +3,7 @@
-- CREATE DATABASE IF NOT EXISTS sguildb;
-- USE sguildb;
--- Depreciated for MRG_MyISAM tables
+-- Deprecated for MRG_MyISAM tables
-- CREATE TABLE event
-- (
-- sid INT UNSIGNED NOT NULL,
@@ -52,7 +52,7 @@
-- INDEX status (status),
-- INDEX abuse_queue (abuse_queue),
-- INDEX abuse_sent (abuse_sent)
--- );
+-- )ENGINE=MyISAM;
-- CREATE TABLE tcphdr
-- (
@@ -66,7 +66,8 @@
-- tcp_win SMALLINT UNSIGNED,
-- tcp_csum SMALLINT UNSIGNED,
-- tcp_urp SMALLINT UNSIGNED,
--- PRIMARY KEY (sid,cid));
+-- PRIMARY KEY (sid,cid)
+-- )ENGINE=MyISAM;
--
-- CREATE TABLE udphdr
-- (
@@ -74,7 +75,8 @@
-- cid INT UNSIGNED NOT NULL,
-- udp_len SMALLINT UNSIGNED,
-- udp_csum SMALLINT UNSIGNED,
--- PRIMARY KEY (sid,cid));
+-- PRIMARY KEY (sid,cid)
+-- )ENGINE=MyISAM;
--
-- CREATE TABLE icmphdr
-- (
@@ -83,14 +85,16 @@
-- icmp_csum SMALLINT UNSIGNED,
-- icmp_id SMALLINT UNSIGNED,
-- icmp_seq SMALLINT UNSIGNED,
--- PRIMARY KEY (sid,cid));
+-- PRIMARY KEY (sid,cid)
+-- )ENGINE=MyISAM;
--
-- CREATE TABLE data
-- (
-- sid INT UNSIGNED NOT NULL,
-- cid INT UNSIGNED NOT NULL,
-- data_payload TEXT,
--- PRIMARY KEY (sid,cid));
+-- PRIMARY KEY (sid,cid)
+-- )ENGINE=MyISAM;
CREATE TABLE sensor
(
@@ -101,13 +105,13 @@
interface VARCHAR(255),
description TEXT,
bpf_filter TEXT,
- updated TIMESTAMP(14) NOT NULL,
+ updated TIMESTAMP NOT NULL,
active ENUM('Y','N') DEFAULT 'Y',
ip VARCHAR(15) DEFAULT NULL,
public_key VARCHAR(255) DEFAULT NULL,
PRIMARY KEY (sid),
INDEX hostname_idx (hostname)
-);
+)ENGINE=MyISAM;
CREATE TABLE portscan
(
@@ -119,9 +123,10 @@
dst_port INT UNSIGNED,
data TEXT,
INDEX ps_src_ip (src_ip),
- INDEX ps_timestamp (timestamp));
+ INDEX ps_timestamp (timestamp)
+)ENGINE=MyISAM;
--- Depreciated
+-- Deprecated
-- CREATE TABLE sessions (
-- sid INT UNSIGNED NOT NULL,
-- xid BIGINT UNSIGNED NOT NULL,
@@ -142,7 +147,8 @@
-- INDEX server (src_ip),
-- INDEX client (dst_ip),
-- INDEX sport (src_port),
--- INDEX cport (dst_port));
+-- INDEX cport (dst_port)
+-- )ENGINE=MyISAM;
CREATE TABLE status
(
@@ -150,7 +156,7 @@
description VARCHAR(255) NOT NULL,
long_desc VARCHAR(255),
PRIMARY KEY (status_id)
-);
+)ENGINE=MyISAM;
CREATE TABLE history
(
@@ -161,7 +167,7 @@
status SMALLINT UNSIGNED NOT NULL,
comment VARCHAR(255),
INDEX log_time (timestamp)
-);
+)ENGINE=MyISAM;
CREATE TABLE user_info
(
@@ -170,7 +176,7 @@
last_login DATETIME,
password VARCHAR(42),
PRIMARY KEY (uid)
-);
+)ENGINE=MyISAM;
CREATE TABLE nessus_data
(
@@ -179,7 +185,8 @@
nessus_id INT UNSIGNED,
level VARCHAR(20),
description TEXT,
- INDEX rid (rid));
+ INDEX rid (rid)
+)ENGINE=MyISAM;
CREATE TABLE nessus
(
@@ -189,7 +196,8 @@
timestart DATETIME,
timeend DATETIME,
PRIMARY KEY (rid),
- INDEX ip (ip));
+ INDEX ip (ip)
+)ENGINE=MyISAM;
CREATE TABLE IF NOT EXISTS `pads`
(
@@ -204,10 +212,10 @@
application VARCHAR(255) NOT NULL,
hex_payload VARCHAR(255),
PRIMARY KEY (sid,asset_id)
-);
+)ENGINE=MyISAM;
--
--- Depreciated for MERGE tables
+-- Deprecated for MERGE tables
-- CREATE TABLE sancp
-- (
-- sid INT UNSIGNED NOT NULL,
@@ -232,7 +240,7 @@
-- INDEX dst_port (dst_port),
-- INDEX src_port (src_port),
-- INDEX start_time (start_time)
--- );
+-- )ENGINE=MyISAM;
--
INSERT INTO status (status_id, description, long_desc) VALUES (0, "New", "Real Time Event");
@@ -251,7 +259,7 @@
(
version VARCHAR(32),
installed DATETIME
-);
+)ENGINE=MyISAM;
INSERT INTO version (version, installed) VALUES ("0.13", now());

11
security/sguil-server/files/patch-sql_scripts-sancp_cleanup.tcl
View File

@ -1,11 +0,0 @@
--- sql_scripts/sancp_cleanup.tcl.orig 2011-08-11 20:31:07.000000000 +0000
+++ sql_scripts/sancp_cleanup.tcl 2011-08-11 20:31:26.000000000 +0000
@@ -214,7 +214,7 @@
INDEX dst_port (dst_port), \
INDEX src_port (src_port), \
INDEX start_time (start_time) \
- ) TYPE=MERGE UNION=([join $tmpTables ,]) \
+ ) ENGINE=MERGE UNION=([join $tmpTables ,]) \
"
# Create our MERGE sancp table
mysqlexec $dbSocketID $createQuery

65
security/sguil-server/files/pkg-deinstall.in
View File

@ -1,65 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
USER="sguil"
# Make sure we're in the right stage of the process
if [ "$2" = "DEINSTALL" ]; then
echo "Stopping sguild......"
%%PREFIX%%/etc/rc.d/sguild onestop
%%PREFIX%%/etc/rc.d/sguild onepoll
if [ ! ${BATCH} ]; then
echo "Would you like to remove the sguild certs?" ; read ans
case "$ans" in
y*|Y*)
if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key ]; then
rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key
fi
if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem ]; then
rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem
fi
;;
n*|N*)
;;
*)
exit 64
;;
esac
cd %%PREFIX%%/etc/%%SGUILDIR%% || exit 1
# Remove the conf files *if* they have not been altered
for f in autocat.conf sguild.access sguild.conf sguild.email \
sguild.queries sguild.reports sguild.users; do
cmp -s -z ${f} ${f}-sample && rm ${f}
done
# Remove the user and group if the installer chooses to
echo "Would you like to remove the sguil user and group?" ; read ans
case "$ans" in
y*|Y*)
if pw usershow "${USER}" 2>/dev/null 1>&2; then
pw userdel -n sguil
fi
if pw groupshow "${USER}" 2>/dev/null 1>&2; then
pw groupdel -n sguil
fi
;;
n*|N*)
;;
*)
;;
esac
fi
fi
if [ "$2" = "POST-DEINSTALL" ]; then
# If the user exists, then display a message
if pw usershow "${USER}" 2>/dev/null 1>&2; then
echo "To delete the '${USER}' user permanently, use 'pw userdel ${USER}'"
fi
# If the group exists, then display a message
if pw groupshow "${USER}" 2>/dev/null 1>&2; then
echo "To delete the '${USER}' group permanently, use 'pw groupdel ${USER}'"
fi
fi
exit 0

410
security/sguil-server/files/pkg-install.in
View File

@ -1,410 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
# This script and its implementation borrows heavily from the www/squid port, and I owe a debt to the
# maintainer for saving me a lot of time. The bold font trick that I use extensively was picked up
# at http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/lsst/ch08.html#q16
# I also owe a debt to all those who have posted shell scripting tutorials to the web and to the FreeBSD
# developers from whose OS I stole a few tricks as well.
# Set up some paths and variables for later use
PATH=/bin:/usr/bin:/usr/sbin:%%PREFIX%%/bin
pkgname=$1
rootpwd=''
confdir="${PKG_PREFIX:-%%PREFIX%%}/etc"
portdir="${CURDIR:-%%CURDIR%%}"
scriptdir="${WRKSRC:-%%WRKSRC%%}/server/sql_scripts"
if [ -x /usr/sbin/nologin ]; then
nologin=/usr/sbin/nologin
else
nologin=/sbin/nologin
fi
# Source rc.conf for later
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
sguil_user="sguil"
sguil_group="sguil"
case $2 in
PRE-INSTALL)
echo "This sguild install script creates a \"turnkey\" install "
echo "of sguild, including configuing the database and conf files"
echo "and user accounts so that sguild can be started immediately."
echo ""
echo "You may have already done all this (especially if this is an upgrade)"
echo "and may not be interested in iterating through cert creation and"
echo "everything else that the script does."
echo ""
echo "This portion of the script creates user and group accounts named \"sguil\"."
echo "Would you like to opt out of this portion of the install script " ; read ans
case "$ans" in
y*|Y*)
exit 0
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo "==> Pre-installation configuration of ${pkgname}"
if ! pw groupshow ${sguil_group} -q >/dev/null ; then
if ! pw groupadd ${sguil_group} -q; then
echo "Failed to create group \"${sguil_group}\"!" >&2
echo "Please create it manually." >&2
exit 1
else
echo "Group '%{sguil-group}' created successfully."
pw groupshow ${sguil_group}
fi
fi
if ! pw usershow ${sguil_user} -q >/dev/null ; then
if ! pw useradd -q -n ${sguil_user} \
-g ${sguil_group} -s "${nologin}" \
-h - ; then
echo "Failed to create user '%{sguil_user}'!" >&2
echo "Please create it manually." >&2
exit 1
else
echo "User '${sguil_user}' create successfully."
pw usershow ${sguil_user}
fi
fi
for dir in %%PREFIX%%/lib/%%SGUILDIR%% /var/run/%%SGUILDIR%% ; do
if [ ! -d ${dir} ]; then
echo "Creating ${dir} ...."
install -d -o ${sguil_user} -g ${sguil_group} \
-m 0750 ${dir}
fi
done
;;
POST-INSTALL)
echo "This sguild install script creates a \"turnkey\" install "
echo "of sguild, including configuing the database and conf files"
echo "and user accounts so that sguild can be started immediately."
echo ""
echo "You may have already done all this (especially if this is an upgrade)"
echo "and may not be interested in iterating through cert creation and"
echo "everything else that the script does."
echo ""
echo "Would you like to opt out of the entire install script "
echo "and configure sguild manually yourself?" ; read ans
case "$ans" in
y*|Y*)
exit 0
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo -e "\033[1mThere are a few things that need to be done to complete the install."
echo -e "\033[0mFirst, you need to create certs so that the ssl connections between server and "
echo "sensors will work, you need to create the database, the account to access it and "
echo "the tables for the database and you need to create the directories where all the "
echo "data will be stored. (You will also need to edit the conf files for your setup.)"
echo ""
echo "If you haven't already done this, I can do it for you now."
echo "Would you like to create certs now? (y for yes, n for no)"; read ans
case "$ans" in
y*|Y*)
for dir in %%SGUILDIR%%/certs ; do
if [ ! -d ${confdir}/${dir} ]; then
echo "Creating ${confdir}/${dir} ...."
install -d -o ${sguil_user} -g ${sguil_group} \
-m 0750 ${confdir}/${dir}
fi
done
echo -e "\033[1mFirst we need to create a password-protected CA cert."
echo ""
echo -e "\033[0m(The Common Name should be the FQHN of your squil server.)"
openssl req -out CA.pem -new -x509
echo "Now we need to create a server certificate/key pair."
openssl genrsa -out sguild.key 1024
echo -e "\033[1mNow we need to create a certificate request to be signed by the CA."
echo "DO NOT password protect your server key. If you do, you will be required"
echo "to enter the password every time you start the server."
echo -e "\033[0m"
openssl req -key sguild.key -new -out sguild.req
echo "Now we need to create the actual certificate for your server."
echo 44 > file.sr1
openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem
echo "Finally, we need to move the certs to the '${confdir}/%%SGUILDIR%%/certs}' directory "
echo "and clean up the port directory as well."
for files in sguild.key sguild.pem; do
mv ${portdir}/$files ${confdir}/%%SGUILDIR%%/certs/
done
for files in CA.pem privkey.pem sguild.req file.sr1; do
rm ${portdir}/$files
done
;;
n*|N*)
echo -e "\033[1mSSL is now required for all connections between server, sensors and clients."
echo "If you haven't already created certs, you will need to do that before sguil will work."
echo -e "\033[0m"
echo ""
;;
*)
exit 64
;;
esac
echo -e "\033[1mIs the installation of mysql brand new and unaltered?"
echo -e "\033[0mBy default, when mysql is installed, it creates five accounts."
echo "None of those accounts are protected by passwords. That needs to be corrected."
echo "The five accounts are:"
echo " root@localhost"
echo " root@127.0.0.1"
echo " root@`hostname`"
echo " @localhost"
echo " @`hostname`"
echo "I can remove all of the accounts except root@localhost (highly recommended) "
echo "and I can set the password for the root@localhost account. (If you get an error "
echo "don't worry about it. The account may not have been created to begin with."
echo "Would you like me to do that now?" ; read ans
case "$ans" in
y*|Y*)
echo "Enabling mysql in /etc/rc.conf and starting the server....."
case ${mysql_enable} in
[Yy][Ee][Ss])
echo -e "\033[1mIt appears that mysql is already enabled!"
echo -e "\033[0m"
;;
*)
echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
echo "mysql_enable=\"YES\"" >> /etc/rc.conf
;;
esac
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
echo "The mysql pid is ${mysql_pid}...."
if [ -z ${mysql_pid} ]; then
%%PREFIX%%/etc/rc.d/mysql-server start
fi
sleep 1
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
if [ -s ${mysql_pid} ]; then
echo "The mysql server did not start. Please fix the problem "
echo "and run this script again."
exit 64
fi
echo "Deleting users from mysql......"
mysql -u root -e "USE mysql; DROP USER 'root'@'127.0.0.1';"
mysql -u root -e "USE mysql; DROP USER 'root'@'`hostname`';"
mysql -u root -e "USE mysql; DROP USER ''@'localhost';"
mysql -u root -e "USE mysql; DROP USER ''@'`hostname`';"
echo "All done deleting......."
echo "What would you like root@localhost's password to be?" ; read rootpwd
mysql -u root -e "USE mysql; SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpwd');"
mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES;"
;;
n*|N*)
echo "Before you use the database, you should at least set passwords"
echo "for all the accounts. Otherwise anyone can login to your database."
echo "To remove an account, use \"drop user 'user'@'host'\"."
echo "To set a password for an account, use \"SET PASSWORD FOR 'user'@'host' = PASSWORD('passwd')\"."
;;
*)
exit 64
;;
esac
echo -e "\033[1mWould you like to bind mysql to localhost so it only listens on that address?"
echo -e "\033[0m" ; read ans
case "$ans" in
y*|Y*)
if [ ! -f /etc/my.cnf ]; then
echo "[mysqld]" >> /etc/my.cnf
echo "bind-address=127.0.0.1" >> /etc/my.cnf
echo "socket=/tmp/mysql.sock" >> /etc/my.cnf
echo "ft_min_word_len=3" >> /etc/my.cnf
mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
echo "The mysql pid is ${mysql_pid}...."
if [ -z ${mysql_pid} ]; then
%%PREFIX%%/etc/rc.d/mysql-server start
else
%%PREFIX%%/etc/rc.d/mysql-server restart
fi
else
echo "/etc/my.cnf already exists!"
echo "add \"bind-address=127.0.0.1\" in the [mysqld] section "
echo "to force mysql to listen only on localhost."
echo "Then restart the server to accept the new settings."
fi
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo -e "\033[1mWould you like to create the database to store all nsm data?"
echo -e "\033[0m" ; read ans
echo "NOTE: If you're upgrading, you do NOT want to do this! You want to upgrade."
case "$ans" in
y*|Y*)
if [ -z ${rootpwd} ]; then
echo "What is the password for the mysql root user?"; read rootpwd
fi
mysql -u root -p${rootpwd} -e "create database sguildb"
mysql -u root -p${rootpwd} -D sguildb < ${scriptdir}/create_sguildb.sql
;;
n*|N*)
echo -e "\033[1mPlease note: if you are upgrading from a previous version "
echo "of sguil, you need to run the upgrade_0.7.tcl script located in "
echo "'${scriptdir}'."
echo -e "\033[0mIf you've already cleaned the port directory, run "
echo "make extract to recover the files and access the script."
echo ""
;;
*)
exit 64
;;
esac
echo -e "\033[1mWould you like to create a user \"sguild@localhost\" for database access?"
echo -e "\033[0m" ; read ans
case "$ans" in
y*|Y*)
if [ -z ${rootpwd} ]; then
echo "Please enter the password for the mysql root account." ; read rootpwd
fi
echo -e "\033[1mPlease enter the password that you want to use for the sguild account."
echo -e "\033[0m"; read sguildpwd
echo "Creating account for sguild with access to sguildb....."
mysql -u root -p${rootpwd} -e "GRANT ALTER,CREATE,DELETE,DROP,INDEX,INSERT,SELECT,UPDATE on sguildb.* \
to 'sguild'@'localhost' IDENTIFIED BY '${sguildpwd}'"
mysql -u root -p${rootpwd} -e "GRANT FILE on *.* to 'sguild'@'localhost'"
mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES"
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo -e "\033[1mWould you like to create the data directory and all its subdirectories?"
echo -e "\033[0m"; read ans
case "$ans" in
y*|Y*)
echo "What do you want the name of the main directory to be?"
echo "(Be sure to include the full path to the directory - e.g. /var/nsm)" ; read maindir
echo "The main directory will be named '${maindir}'."
for dir in ${maindir} ${maindir}/archives ${maindir}/rules ${maindir}/load ; do
if [ ! -d ${dir} ]; then
echo "Creating ${dir} ...."
install -d -o ${sguil_user} -g ${sguil_group} \
-m 0750 ${dir}
else
echo -e "\033[1mThe directory '${dir}' already exists!"
echo -e "\033[0m"
fi
done
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo -e "\033[1mWould you like to enable sguild in /etc/rc.conf?"
echo -e "\033[0m"; read ans
case "$ans" in
y*|Y*)
case ${sguild_enable} in
[Yy][Ee][Ss])
echo -e "\033[1mIt appears that sguild is already enabled!"
echo -e "\033[0m"
;;
*)
echo -e i"\033[1mWriting to /etc/rc.conf...."
echo -e "\033[0m"
echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
echo "sguild_enable=\"YES\"" >> /etc/rc.conf
;;
esac
;;
n*|N*)
;;
*)
exit 64
;;
esac
echo -e "\033[1mIf the sguild.conf file does not exist, I will create and edit it now."
echo -e "\033[0m"
if [ -f ${confdir}/%%SGUILDIR%%/sguild.conf ]; then
echo "The sguild.conf file already exists!"
echo "Do you want me to edit it anyway?" ; read ans
case "$ans" in
y*|Y*)
echo -e "\033[1mPreparing to edit the sguild.conf file......"
if [ -z ${maindir} ]; then
echo "There's a couple of things I need to verify before continuing."
echo "What is the name of the main nsm directory that you are using?"
echo -e "\033[0m" ; read ans
maindir="$ans"
fi
if [ -z ${sguildpwd} ]; then
echo -e "\033[1mWhat is the password for the sguild database user?"
echo -e "\033[0m" ; read ans
sguildpwd="$ans"
fi
sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
-e 's|sguild_data|'"${maindir}"'|' \
< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
;;
n*|N*)
;;
*)
exit 64
;;
esac
else
echo -e "\033[1mPreparing to edit the sguild.conf file......"
if [ -z ${maindir} ]; then
echo "There's a couple of things I need to verify before continuing."
echo "What is the name of the main nsm directory that you are using?"
echo -e "\033[0m" ; read ans
maindir="$ans"
fi
if [ -z ${sguildpwd} ]; then
echo -e "\033[1mWhat is the password for the sguild database user?"
echo -e "\033[0m" ; read ans
sguildpwd="$ans"
fi
sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
-e 's|sguild_data|'"${maindir}"'|' \
< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
fi
if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.users ]; then
cp ${confdir}/%%SGUILDIR%%/sguild.users-sample ${confdir}/%%SGUILDIR%%/sguild.users
fi
if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.access ]; then
cp ${confdir}/%%SGUILDIR%%/sguild.access-sample ${confdir}/%%SGUILDIR%%/sguild.access
fi
echo -e "\033[1mYou still need to review all the conf files and configure sguil "
echo "per your desired setup before starting sguild. Refer to the port docs in "
echo "%%DOCSDIR%% before proceeding."
echo -e "\033[0m"
echo "Right now, all the conf files except sguild.conf are set to the defaults."
for files in archive_sguildb.tcl sguild incident_report.tcl ; do
if [ -f %%PREFIX%%/bin/${files} ]; then
chown ${sguil_user}:${sguil_group} %%PREFIX%%/bin/${files}
fi
done
chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/etc/%%SGUILDIR%%
chown -R ${sguil_user}:${sguil_group} %%PREFIX%%/lib/%%SGUILDIR%%
if [ ! -f %%PREFIX%%/bin/sguild ]; then
echo "Sguild is missing! Please correct the problem before continuing!"
exit 1
fi
;;
*)
exit 64
;;
esac
exit 0

35
security/sguil-server/files/pkg-message.in
View File

@ -1,35 +0,0 @@
***********************************
* !!!!!!!!!!! WARNING !!!!!!!!!!! *
***********************************
If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
they were not overwritten. If this is a first time install, you
must copy the sample files to the corresponding conf file and
edit the various config files for your site. See the INSTALL
doc in %%DOCSDIR%% for details. If this is an upgrade, replace
your existing conf file with the new one and edit accordingly.
The sql scripts for creating database tables were placed in
the %%PREFIX%%/share/%%SGUILDIR%%/ directory. PLEASE
NOTE: LOG_DIR is not set by this install. You MUST create the
correct LOG_DIRS and put a copy of the snort rules you use in
LOG_DIR/rules.
The sguild program was placed in %%PREFIX%%/bin/.
Some contributed scripts were placed in
%%PREFIX%%/share/%%SGUILDIR%%/contrib
A startup script, named sguild.sh was installed in
%%PREFIX%%/etc/rc.d/. To enable it, edit /etc/rc.conf
per the instructions in the script.
NOTE: Sguild now runs under the sguil user account not root!
For general questions, see the sguil faq:
http://www.vorant.com/nsmwiki/Sguil_FAQ or visit the nsm wiki:
http://www.vorant.com/nsmwiki/Main_Page
For detailed install instructions see Richard Bejtlich's
excellent guide at his blog:
http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html

35
security/sguil-server/files/sguild.in
View File

@ -1,35 +0,0 @@
#!/bin/sh
# $FreeBSD$
# PROVIDE: sguild
# REQUIRE: DAEMON
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable sguild:
# sguild_enable (bool): Set to YES to enable sguild
# Default: NO
# sguild_flags (str): Extra flags passed to sguild
# Default: -D -P ${pid}
# sguild_conf (str): Sguild configuration file
# Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
# sguild_user (str): Default: sguil
# Note: this value MUST be set in /etc/rc.conf if you do not accept the default
# user created by the pkg-install script
. /etc/rc.subr
name="sguild"
rcvar=sguild_enable
load_rc_config sguild
# set some defaults
: ${sguild_enable:="NO"}
: ${sguild_conf:="%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"}
: ${pid:="/var/run/%%SGUILDIR%%/sguild.pid"}
: ${sguild_flags:="-D -P ${pid}"}
: ${sguild_user:="sguil"}
command="%%PREFIX%%/bin/${name}"
procname="%%PREFIX%%/bin/%%TCLSH%%"
run_rc_command "$1"

22
security/sguil-server/pkg-descr
View File

@ -1,22 +0,0 @@
Sguil is an open source tool to implement Network
Security Monitoring (NSM). NSM is the collection,
analysis, and escalation of indications and warnings
to detect and respond to intrusions. NSM tools are
used more for network audit and specialized
applications than traditional alert-centric "intrusion
detection" systems.
Want to learn more about Network Security Monitoring
(NSM)? Then check out Richard Bejtlich's recently
released book, The Tao of Network Security Monitoring:
Beyond Intrusion Detection. An excerpt reads:
"Network security monitoring (NSM) equips security
staff to deal with the inevitable consequences of too
few resources and too many responsibilities. NSM collects
the data needed to generate better assessment, detection,
and response processes--resulting in decreased impact from
unauthorized activities."
WWW: http://sguil.sourceforge.net/index.php
pauls@utdallas.edu

66
security/sguil-server/pkg-plist
View File

@ -1,66 +0,0 @@
bin/sguild
etc/%%SGUILDIR%%/autocat.conf-sample
etc/%%SGUILDIR%%/sguild.access-sample
etc/%%SGUILDIR%%/sguild.conf-sample
etc/%%SGUILDIR%%/sguild.email-sample
etc/%%SGUILDIR%%/sguild.queries-sample
etc/%%SGUILDIR%%/sguild.reports-sample
etc/%%SGUILDIR%%/sguild.users-sample
lib/%%SGUILDIR%%/SguildAccess.tcl
lib/%%SGUILDIR%%/SguildAutoCat.tcl
lib/%%SGUILDIR%%/SguildClientCmdRcvd.tcl
lib/%%SGUILDIR%%/SguildConnect.tcl
lib/%%SGUILDIR%%/SguildCreateDB.tcl
lib/%%SGUILDIR%%/SguildEmailEvent.tcl
lib/%%SGUILDIR%%/SguildEvent.tcl
lib/%%SGUILDIR%%/SguildGenericDB.tcl
lib/%%SGUILDIR%%/SguildGenericEvent.tcl
lib/%%SGUILDIR%%/SguildHealthChecks.tcl
lib/%%SGUILDIR%%/SguildLoaderd.tcl
lib/%%SGUILDIR%%/SguildLoaderd.tcl.orig
lib/%%SGUILDIR%%/SguildMysqlMerge.tcl
lib/%%SGUILDIR%%/SguildMysqlMerge.tcl.orig
lib/%%SGUILDIR%%/SguildPadsLib.tcl
lib/%%SGUILDIR%%/SguildQueryd.tcl
lib/%%SGUILDIR%%/SguildReportBuilder.tcl
lib/%%SGUILDIR%%/SguildSendComms.tcl
lib/%%SGUILDIR%%/SguildSensorAgentComms.tcl
lib/%%SGUILDIR%%/SguildSensorCmdRcvd.tcl
lib/%%SGUILDIR%%/SguildTranscript.tcl
lib/%%SGUILDIR%%/SguildUtils.tcl
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
%%PORTDOCS%%%%DOCSDIR%%/FAQ
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.openbsd
%%PORTDOCS%%%%DOCSDIR%%/OPENSSL.README
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/TODO
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
%%PORTDOCS%%%%DOCSDIR%%/USAGE
%%PORTDOCS%%%%DOCSDIR%%/sguildb.dia
share/%%SGUILDIR%%/contrib/incident_report.tcl
share/%%SGUILDIR%%/contrib/init/sguil
share/%%SGUILDIR%%/contrib/init/sguild
share/%%SGUILDIR%%/create_ruledb.sql
share/%%SGUILDIR%%/create_sguildb.sql
share/%%SGUILDIR%%/create_sguildb.sql.orig
share/%%SGUILDIR%%/migrate_event.tcl
share/%%SGUILDIR%%/migrate_sancp.tcl
share/%%SGUILDIR%%/sancp_cleanup.tcl
share/%%SGUILDIR%%/sancp_cleanup.tcl.orig
share/%%SGUILDIR%%/update_0.7.tcl
share/%%SGUILDIR%%/update_0.8.tcl
share/%%SGUILDIR%%/update_sguildb_v10-v11.sql
share/%%SGUILDIR%%/update_sguildb_v11-v12.sql
share/%%SGUILDIR%%/update_sguildb_v12-v13.sql
share/%%SGUILDIR%%/update_sguildb_v5-v6.sql
share/%%SGUILDIR%%/update_sguildb_v6-v7.sql
share/%%SGUILDIR%%/update_sguildb_v7-v8.sql
share/%%SGUILDIR%%/update_sguildb_v8-v9.sql
share/%%SGUILDIR%%/update_sguildb_v9-v10.sql
@dirrm share/%%SGUILDIR%%/contrib/init
@dirrm share/%%SGUILDIR%%/contrib
@dirrm share/%%SGUILDIR%%
@dirrm lib/%%SGUILDIR%%
@dirrm etc/%%SGUILDIR%%
%%PORTDOCS%%@dirrm %%DOCSDIR%%