mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-18 19:49:40 +00:00
a00547aa72
as a stand-in for "are we running on gcc". In some cases we only need to specifically test for "are we on the ancient base gcc", e.g, the usage of 'pragma'. While here, in some cases turn off SSE functions more specifically based on ARCH, and turn off -mtune=generic everywhere. These are part of a larger work in progress; these commits are for ports that would have been touched by the the powerpc-on-clang test regardless. Approved by: portmgr (tier-2 blanket)
260 lines
7.2 KiB
Makefile
260 lines
7.2 KiB
Makefile
# $FreeBSD$
|
|
|
|
PORTNAME= ossec-hids
|
|
PORTVERSION= 3.3.0
|
|
PORTREVISION= 0
|
|
CATEGORIES= security
|
|
PKGNAMESUFFIX= -${OSSEC_TYPE}
|
|
|
|
MAINTAINER= dominik.lisiak@bemsoft.pl
|
|
COMMENT= Security tool to monitor and check logs and intrusions
|
|
|
|
LICENSE= GPLv2
|
|
LICENSE_FILE= ${WRKSRC}/LICENSE
|
|
|
|
USES= compiler gmake ssl
|
|
|
|
OSSEC_TYPE?= local
|
|
|
|
.if ${OSSEC_TYPE} == local
|
|
CONFLICTS_INSTALL= ossec-hids-client-* \
|
|
ossec-hids-agent-* \
|
|
ossec-hids-server-*
|
|
.elif ${OSSEC_TYPE} == agent
|
|
CONFLICTS_INSTALL= ossec-hids-client-* \
|
|
ossec-hids-local-* \
|
|
ossec-hids-server-*
|
|
.elif ${OSSEC_TYPE} == server
|
|
CONFLICTS_INSTALL= ossec-hids-client-* \
|
|
ossec-hids-agent-* \
|
|
ossec-hids-local-*
|
|
.endif
|
|
|
|
LIB_DEPENDS= libpcre2-8.so:devel/pcre2
|
|
.if ${OSSEC_TYPE} != agent
|
|
RUN_DEPENDS= expect:lang/expect
|
|
.endif
|
|
|
|
INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify
|
|
PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude
|
|
ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq
|
|
|
|
INOTIFY_USES= pkgconfig
|
|
LUA_USES= readline
|
|
MYSQL_USE= mysql
|
|
PGSQL_USES= pgsql
|
|
|
|
USE_GITHUB= yes
|
|
GH_ACCOUNT= ossec
|
|
|
|
USE_RC_SUBR= ossec-hids
|
|
|
|
USES+= shebangfix
|
|
SHEBANG_FILES= active-response/ossec-pagerduty.sh
|
|
|
|
.if ${OSSEC_TYPE} != agent
|
|
SHEBANG_LANG= expect
|
|
expect_OLD_CMD= "/usr/bin/env expect"
|
|
expect_CMD= ${LOCALBASE}/bin/expect
|
|
SHEBANG_FILES+= src/agentlessd/scripts/main.exp \
|
|
src/agentlessd/scripts/ssh.exp \
|
|
src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
|
|
src/agentlessd/scripts/ssh_foundry_diff \
|
|
src/agentlessd/scripts/ssh_generic_diff \
|
|
src/agentlessd/scripts/ssh_integrity_check_bsd \
|
|
src/agentlessd/scripts/ssh_integrity_check_linux \
|
|
src/agentlessd/scripts/ssh_nopass.exp \
|
|
src/agentlessd/scripts/ssh_pixconfig_diff \
|
|
src/agentlessd/scripts/sshlogin.exp \
|
|
src/agentlessd/scripts/su.exp
|
|
.endif
|
|
|
|
OPTIONS_SUB= yes
|
|
OPTIONS_DEFINE= DOCS INOTIFY LUA
|
|
|
|
.if ${OSSEC_TYPE} != agent
|
|
OPTIONS_DEFINE+= PRELUDE ZEROMQ
|
|
|
|
OPTIONS_RADIO= DATABASE
|
|
OPTIONS_RADIO_DATABASE= MYSQL PGSQL
|
|
.endif
|
|
|
|
OPTIONS_DEFAULT= INOTIFY
|
|
|
|
INOTIFY_DESC= Kevent based real time monitoring
|
|
PRELUDE_DESC= Sensor support from Prelude SIEM
|
|
ZEROMQ_DESC= ZeroMQ support (experimental)
|
|
DATABASE_DESC= Database output
|
|
|
|
INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes
|
|
LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac
|
|
PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes
|
|
ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes
|
|
MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
|
|
PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema
|
|
|
|
.if ${OSSEC_TYPE} == agent
|
|
STRIP_FILES= agent-auth \
|
|
manage_agents \
|
|
ossec-agentd \
|
|
ossec-execd \
|
|
ossec-logcollector \
|
|
ossec-syscheckd
|
|
.else
|
|
STRIP_FILES= agent_control \
|
|
clear_stats \
|
|
list_agents \
|
|
manage_agents \
|
|
ossec-agentlessd \
|
|
ossec-analysisd \
|
|
ossec-authd \
|
|
ossec-csyslogd \
|
|
ossec-dbd \
|
|
ossec-execd \
|
|
ossec-logcollector \
|
|
ossec-logtest \
|
|
ossec-maild \
|
|
ossec-makelists \
|
|
ossec-monitord \
|
|
ossec-regex \
|
|
ossec-remoted \
|
|
ossec-reportd \
|
|
ossec-syscheckd \
|
|
rootcheck_control \
|
|
syscheck_control \
|
|
syscheck_update \
|
|
verify-agent-conf
|
|
.endif
|
|
.if defined(MAINTAINER_MODE)
|
|
OSSEC_HOME= ${PREFIX}/${PORTNAME}
|
|
.else
|
|
OSSEC_HOME?= ${PREFIX}/${PORTNAME}
|
|
.endif
|
|
OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids
|
|
FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh
|
|
IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh
|
|
RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh
|
|
SHARED_DIR= ${OSSEC_HOME}/etc/shared
|
|
INTERNAL_OPTS_CONF= ${OSSEC_HOME}/etc/local_internal_options.conf
|
|
|
|
.if empty(USER)
|
|
USER=$$(${ID} -un)
|
|
.endif
|
|
.if empty(GROUP)
|
|
GROUP=$$(${ID} -gn)
|
|
.endif
|
|
|
|
.if !defined(MAINTAINER_MODE)
|
|
USER_ARGS+= OSSEC_GROUP=${GROUP} \
|
|
OSSEC_USER=${USER} \
|
|
OSSEC_USER_MAIL=${USER} \
|
|
OSSEC_USER_REM=${USER}
|
|
.endif
|
|
OSSEC_USER= ossec
|
|
OSSEC_GROUP= ossec
|
|
USERS= ${OSSEC_USER} ossecm ossecr
|
|
GROUPS= ${OSSEC_GROUP}
|
|
|
|
SUB_LIST+= PORTNAME=${PORTNAME} \
|
|
CATEGORY=${CATEGORIES:[1]} \
|
|
OSSEC_TYPE=${OSSEC_TYPE} \
|
|
OSSEC_HOME=${OSSEC_HOME} \
|
|
VERSION=${PORTVERSION} \
|
|
DB_TYPE=${DB_TYPE} \
|
|
DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
|
|
OSSEC_USER=${OSSEC_USER} \
|
|
OSSEC_GROUP=${OSSEC_GROUP} \
|
|
OSSEC_RC=${OSSEC_RC}
|
|
SUB_FILES= pkg-install \
|
|
pkg-deinstall \
|
|
${PKGMSG_FILES} \
|
|
restart-ossec.sh
|
|
|
|
.if defined(MAINTAINER_MODE)
|
|
PLIST_SUB= OSSEC_HOME=${PORTNAME}
|
|
.else
|
|
PLIST_SUB= OSSEC_HOME=${OSSEC_HOME}
|
|
.endif
|
|
PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE}
|
|
DOCSFILES= BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md
|
|
PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
|
|
PKGMESSAGE= ${WRKDIR}/pkg-message
|
|
PKGMSG_FILES= message-header
|
|
|
|
PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//}
|
|
CFLAGS+= -I${LOCALBASE}/include
|
|
INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify)
|
|
INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify)
|
|
|
|
OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no
|
|
.if !defined(MAINTAINER_MODE)
|
|
OSSEC_ARGS+= INSTALL_CMD=install
|
|
.endif
|
|
BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
|
|
INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}
|
|
|
|
.include <bsd.port.pre.mk>
|
|
|
|
PKGMSG_FILES+= message-firewall message-config
|
|
|
|
post-patch:
|
|
@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
|
|
-e 's|-lreadline|& ${LDFLAGS}|' \
|
|
${WRKSRC}/src/external/lua/src/Makefile
|
|
.if ${CHOSEN_COMPILER_TYPE} == gcc
|
|
@${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile
|
|
.endif
|
|
|
|
do-build:
|
|
@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build
|
|
|
|
do-install:
|
|
@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install
|
|
|
|
post-install:
|
|
@${MV} -f ${STAGEDIR}${INTERNAL_OPTS_CONF} ${STAGEDIR}${INTERNAL_OPTS_CONF}.sample
|
|
@${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN}
|
|
@${CP} ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN}
|
|
@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
|
|
.if defined(MAINTAINER_MODE)
|
|
@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
|
|
.else
|
|
@${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR}
|
|
.endif
|
|
|
|
.if ${OSSEC_TYPE} == agent
|
|
. if defined(MAINTAINER_MODE)
|
|
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
|
|
. else
|
|
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
|
|
. endif
|
|
.endif
|
|
@${ECHO_CMD} -n > ${PKGMESSAGE}
|
|
.for file_name in ${PKGMSG_FILES}
|
|
@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
|
|
@${ECHO_CMD} >> ${PKGMESSAGE}
|
|
.endfor
|
|
.for file_name in ${STRIP_FILES}
|
|
@${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name}
|
|
.endfor
|
|
|
|
.if defined(MAINTAINER_MODE)
|
|
plist: makeplist
|
|
@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
|
|
.endif
|
|
|
|
post-install-DOCS-on:
|
|
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
|
@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
|
|
@cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample
|
|
|
|
post-install-MYSQL-on:
|
|
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
|
@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
|
|
|
|
post-install-PGSQL-on:
|
|
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
|
@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
|
|
|
|
.include <bsd.port.post.mk>
|