1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-27 05:10:36 +00:00
freebsd-ports/security/samhain/Makefile
David Thiel 328de440ef Update to 2.5.4, a security bugfix release. This resolves a problem
where an unauthorized client could download configuration and database
files from the server.

Full changes since 2.5.2:

 - email logging has been rewritten for enhanced functionality. It's
   now possible to filter messages different for each recipient, and
   regular expressions can be used now for filtering

 - new option SetMailPort allows to set a custom SMTP port

 - in the configuration file, option values can now be set by evaluating
   shell commands: Key = $( command )

 - PortCheckInterface now allows a list as value

 - new option SetConnectionTimeout allows to configure the client/server
   connection timeout

 - new option SetThrottle allows to configure throughput throttling for
   the database download to the client
2009-03-04 22:47:27 +00:00

167 lines
4.8 KiB
Makefile

# New ports collection makefile for: samhain
# Date created: 9 January 2003
# Whom: lx
#
# $FreeBSD$
PORTNAME= samhain
PORTVERSION= 2.5.4
CATEGORIES= security
MASTER_SITES= http://la-samhna.de/archive/ \
http://redundancy.redundancy.org/mirror/
DISTNAME= samhain_signed-${PORTVERSION}
MAINTAINER= lx@FreeBSD.org
COMMENT= The Samhain Intrusion Detection System
OPTIONS= KCHECK "Enable rogue KLD detection" off \
GPG "Enable GnuPG support" off \
MYSQL "Enable MySQL logging" off \
POSTGRESQL "Enable PostgreSQL logging" off \
XML_LOGS "Enable XML-formatted logs" on \
LIBWRAP "Enable TCP wrapper support" on \
PRELUDE "Enable Prelude Framework support" off
SUB_FILES+= pkg-install
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
CONFLICTS= samhain-client-2*
.include <bsd.port.pre.mk>
.if ${ARCH} == "amd64"
CFLAGS+= -fPIC
.endif
.if defined(WITH_GPG)
BUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg
.endif
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \
--enable-suidcheck
.if !defined(WITHOUT_XML_LOGS)
CONFIGURE_ARGS+= --enable-xml-log
.endif
.if defined(WITH_RUNAS_USER)
CONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER}
.else
CONFIGURE_ARGS+= --enable-identity=yule
.endif
.if defined(WITH_KCHECK)
CONFIGURE_ARGS+= --with-kcheck
.endif
.if defined(WITH_GPG)
CONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg
.endif
.if defined(WITH_MYSQL)
CONFIGURE_ARGS+= --with-database=mysql \
--with-cflags=-I${LOCALBASE}/include/mysql \
--with-libs=-L${LOCALBASE}/lib/mysql
.endif
.if defined(WITH_POSTGRESQL)
CONFIGURE_ARGS+= --with-database=postgresql
.endif
.if !defined(WITHOUT_LIBWRAP)
CONFIGURE_ARGS+= --with-libwrap
.endif
.if defined(WITH_CLIENT)
CONFIGURE_ARGS+= --enable-network=client \
--with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
--with-config-file=REQ_FROM_SERVER
PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment "
EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
MAN5= samhainrc.5
MAN8= samhain.8
.elif defined(WITH_SERVER)
CONFIGURE_ARGS+= --enable-network=server
SUB_LIST+= WITH_YULE="yes"
PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment "
EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch
MAN5= yulerc.5
MAN8= yule.8
.else
SUB_LIST+= WITH_YULE=""
PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment "
EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
MAN5= samhainrc.5
MAN8= samhain.8
.endif
.if defined(WITH_LOG_SERVER)
CONFIGURE_ARGS+= --with-logserver=${WITH_LOG_SERVER}
.endif
.if defined(WITH_ALT_LOG_SERVER)
CONFIGURE_ARGS+= --with-altlogserver=${WITH_ALT_LOG_SERVER}
.endif
.if defined(WITH_PRELUDE)
LIB_DEPENDS+= prelude.19:${PORTSDIR}/security/libprelude
CONFIGURE_ARGS+= --with-prelude
.endif
pre-everything::
.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
@${ECHO_MSG}
@${ECHO_MSG} "Building Samhain in standalone mode."
@${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
@${ECHO_MSG} "now, and build samhain from the samhain-client and"
@${ECHO_MSG} "samhain-server ports."
@${ECHO_MSG}
.endif
.if defined(WITH_CLIENT) && defined(WITH_SERVER)
IGNORE= can't build client and server at once
.endif
.if defined(WITH_KCHECK)
@${ECHO_MSG}
@${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
@${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit"
@${ECHO_MSG} "Control-C and restart the build as root."
@${ECHO_MSG}
.endif
.if defined(WITH_MYSQL) && !defined(WITH_XML_LOGS)
IGNORE= XML logging is required to log to MySQL
.endif
.if defined(WITH_POSTGRESQL) && !defined(WITH_XML_LOGS)
IGNORE= XML logging is required to log to Postgres
.endif
post-extract:
@${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
pre-install:
@PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
post-install:
.if !defined(WITH_SERVER)
@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh
@${CP} ${WRKSRC}/samhainrc ${PREFIX}/etc/samhainrc.sample
@${CHGRP} wheel ${PREFIX}/etc/samhainrc.sample
.else
@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh
@${CP} ${WRKSRC}/yulerc ${PREFIX}/etc/yulerc.sample
.endif
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_3.pdf ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/README ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${DOCSDIR}
.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>