ports/90305: Update: security/samhain 2.0.10 -> 2.1.0
David Thiel
lx at redundancy.redundancy.org
Mon Dec 12 20:10:03 UTC 2005
>Number: 90305
>Category: ports
>Synopsis: Update: security/samhain 2.0.10 -> 2.1.0
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 12 20:10:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: David Thiel
>Release: FreeBSD 6.0-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 6.0-STABLE FreeBSD 6.0-STABLE #0: Sat Nov 26 15:38:42 PST 2005 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386
>Description:
Updating the Samhain integrity checking system to 2.1.0, a bugfix
release.
It's been requested by several people to break Samhain out into separate
client and server ports. This PR does that, with a samhain-client and
samhain-server port, as slave ports off of samhain. I'm not sure the
best way to submit a PR to do this kind of action, but here is a shar
of all three ports. If another format is desired, please let me know.
I'm also interested in feedback on the approach used for splitting
these out.
>How-To-Repeat:
>Fix:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# samhain
# samhain/Makefile
# samhain/distinfo
# samhain/pkg-descr
# samhain/pkg-plist
# samhain/files
# samhain/files/fixsamhainrc.patch
# samhain/files/fixyulerc.patch
# samhain-client
# samhain-client/Makefile
# samhain-server
# samhain-server/Makefile
#
echo c - samhain
mkdir -p samhain > /dev/null 2>&1
echo x - samhain/Makefile
sed 's/^X//' >samhain/Makefile << 'END-of-samhain/Makefile'
X# New ports collection makefile for: samhain
X# Date created: 9 January 2003
X# Whom: lx
X#
X# $FreeBSD: ports/security/samhain/Makefile,v 1.30 2005/09/22 07:15:29 vsevolod Exp $
X
XPORTNAME= samhain
XPORTVERSION= 2.1.0
XCATEGORIES= security
XMASTER_SITES= http://la-samhna.de/archive/ \
X http://cold.darkambient.net/
XDISTNAME= samhain_signed-${PORTVERSION}
X
XMAINTAINER= lx at redundancy.redundancy.org
XCOMMENT= The Samhain Intrusion Detection System
X
XOPTIONS= KCHECK "Enable rogue KLD detection" off \
X GPG "Enable GnuPG support" off \
X MYSQL "Enable MySQL logging" off \
X POSTGRESQL "Enable PostgreSQL logging" off \
X XML_LOGS "Enable XML-formatted logs" on \
X LIBWRAP "Enable TCP wrapper support" on
X
XWRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
X
XCONFLICTS= samhain-client-2*
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_GPG)
XBUILD_DEPENDS+= gpg:${PORTSDIR}/security/gnupg
X.endif
X
XGNU_CONFIGURE= yes
XCONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \
X --mandir=${PREFIX}/man --enable-suidcheck
X
X.if !defined(WITHOUT_XML_LOGS)
XCONFIGURE_ARGS+= --enable-xml-log
X.endif
X.if defined(WITH_RUNAS_USER)
XCONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER}
X.else
XCONFIGURE_ARGS+= --enable-identity=yule
X.endif
X.if defined(WITH_KCHECK)
XCONFIGURE_ARGS+= --with-kcheck
X.endif
X.if defined(WITH_GPG)
XCONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg
X.endif
X.if defined(WITH_MYSQL)
XCONFIGURE_ARGS+= --with-database=mysql \
X --with-cflags=-I${LOCALBASE}/include/mysql \
X --with-libs=-L${LOCALBASE}/lib/mysql
X.endif
X.if defined(WITH_POSTGRESQL)
XCONFIGURE_ARGS+= --with-database=postgresql
X.endif
X.if !defined(WITHOUT_LIBWRAP)
XCONFIGURE_ARGS+= --with-libwrap
X.endif
X.if defined(WITH_CLIENT)
XCONFIGURE_ARGS+= --enable-network=client \
X --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
X --with-config-file=REQ_FROM_SERVER
XPLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment "
XEXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
XMAN5= samhainrc.5
XMAN8= samhain.8
X.elif defined(WITH_SERVER)
XCONFIGURE_ARGS+= --enable-network=server
XPLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment "
XEXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch
XMAN5= yulerc.5
XMAN8= yule.8
X.else
XPLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment "
XEXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch
XMAN5= samhainrc.5
XMAN8= samhain.8
X.endif
X.if defined(WITH_LOG_SERVER)
XCONFIGURE_ARGS+= --with-logserver=${WITH_LOG_SERVER}
X.endif
X.if defined(WITH_ALT_LOG_SERVER)
XCONFIGURE_ARGS+= --with-altlogserver=${WITH_ALT_LOG_SERVER}
X.endif
X
Xpre-everything::
X
X.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
X @${ECHO_MSG}
X @${ECHO_MSG} "Building Samhain in standalone mode."
X @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
X @${ECHO_MSG} "now, and build samhain from the samhain-client and"
X @${ECHO_MSG} "samhain-server ports."
X @${ECHO_MSG}
X.endif
X
X.if defined(WITH_CLIENT) && defined(WITH_SERVER)
XIGNORE= Can't build client and server at once
X.endif
X
X.if defined(WITH_KCHECK)
X @${ECHO_MSG}
X @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
X @${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit"
X @${ECHO_MSG} "Control-C and restart the build as root."
X @${ECHO_MSG}
X.endif
X
X.if defined(WITH_MYSQL) && !defined(WITH_XML_LOGS)
XIGNORE= XML logging is required to log to MySQL
X.endif
X
X.if defined(WITH_POSTGRESQL) && !defined(WITH_XML_LOGS)
XIGNORE= XML logging is required to log to Postgres
X.endif
X
Xpost-extract:
X @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
X @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
X
Xpost-install:
X.if !defined(WITH_SERVER)
X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh.sample
X @${CP} ${WRKSRC}/samhainrc ${PREFIX}/etc/samhainrc.sample
X @${CHGRP} wheel ${PREFIX}/etc/samhainrc.sample
X.else
X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh.sample
X @${CP} ${WRKSRC}/yulerc ${PREFIX}/etc/yulerc.sample
X.endif
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_0.ps ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_0.html.tar ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/README ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${DOCSDIR}
X ${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${DOCSDIR}
X.endif
X
Xinstall-user:
X @(cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} install-user)
X
X.include <bsd.port.post.mk>
END-of-samhain/Makefile
echo x - samhain/distinfo
sed 's/^X//' >samhain/distinfo << 'END-of-samhain/distinfo'
XMD5 (samhain_signed-2.1.0.tar.gz) = 295eae6715c9c3e6af3dcafad52f761e
XSIZE (samhain_signed-2.1.0.tar.gz) = 1312114
END-of-samhain/distinfo
echo x - samhain/pkg-descr
sed 's/^X//' >samhain/pkg-descr << 'END-of-samhain/pkg-descr'
XSamhain is an open source file integrity and host-based intrusion
Xdetection system for Linux and Unix. It can run as a daemon process,
Xand and thus can remember file changes - contrary to a tool that runs
Xfrom cron, if a file is modified you will get only one report, while
Xsubsequent checks of that file will ignore the modification as it is
Xalready reported (unless the file is modified again).
X
XSamhain can optionally be used as client/server system to provide
Xcentralized monitoring for multiple host. Logging to a (MySQL or
XPostgreSQL) database is supported.
X
XWWW: http://la-samhna.de/samhain/
END-of-samhain/pkg-descr
echo x - samhain/pkg-plist
sed 's/^X//' >samhain/pkg-plist << 'END-of-samhain/pkg-plist'
X at comment $FreeBSD: ports/security/samhain/pkg-plist,v 1.4 2004/11/02 18:12:13 pav Exp $
X%%YULE%%etc/yulerc.sample
X%%YULE%%sbin/yule_setpwd
X%%YULE%%sbin/yule
X%%YULE%%etc/rc.d/yule.sh.sample
X%%YULE%%@unexec rmdir /var/lib/yule 2>/dev/null || true
X%%SAMHAIN%%sbin/samhain
X%%SAMHAIN%%etc/rc.d/samhain.sh.sample
X%%SAMHAIN%%etc/samhainrc.sample
X%%SAMHAIN%%@unexec rmdir /var/lib/samhain 2>/dev/null || true
X%%SETPWD%%sbin/samhain_setpwd
X%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_0.ps
X%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_0.html.tar
X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html
X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html
X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html
X%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html
X%%PORTDOCS%%%%DOCSDIR%%/FAQ.html
X%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE
X%%PORTDOCS%%%%DOCSDIR%%/README
X%%PORTDOCS%%%%DOCSDIR%%/BUGS
X%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt
X%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt
X%%PORTDOCS%%@dirrm %%DOCSDIR%%
END-of-samhain/pkg-plist
echo c - samhain/files
mkdir -p samhain/files > /dev/null 2>&1
echo x - samhain/files/fixsamhainrc.patch
sed 's/^X//' >samhain/files/fixsamhainrc.patch << 'END-of-samhain/files/fixsamhainrc.patch'
X--- samhain-install.sh.in Wed Jan 15 16:51:57 2003
X+++ samhain-install.sh.in Wed Jan 15 16:52:10 2003
X@@ -13,7 +13,7 @@
X mandir=@mandir@
X
X sysconfdir=@sysconfdir@
X-configfile=@myconffile@
X+configfile=/usr/local/etc/samhainrc.sample
X
X pid_file=@mylockfile@
X pid_dir=@mylockdir@
END-of-samhain/files/fixsamhainrc.patch
echo x - samhain/files/fixyulerc.patch
sed 's/^X//' >samhain/files/fixyulerc.patch << 'END-of-samhain/files/fixyulerc.patch'
X--- samhain-install.sh.in Wed Jan 15 16:51:57 2003
X+++ samhain-install.sh.in Wed Jan 15 16:52:10 2003
X@@ -13,7 +13,7 @@
X mandir=@mandir@
X
X sysconfdir=@sysconfdir@
X-configfile=@myconffile@
X+configfile=/usr/local/etc/yulerc.sample
X
X pid_file=@mylockfile@
X pid_dir=@mylockdir@
END-of-samhain/files/fixyulerc.patch
echo c - samhain-client
mkdir -p samhain-client > /dev/null 2>&1
echo x - samhain-client/Makefile
sed 's/^X//' >samhain-client/Makefile << 'END-of-samhain-client/Makefile'
X# New ports collection makefile for: samhain-client
X# Date created: 2005-10-31
X# Whom: David Thiel
X#
X# $FreeBSD$
X#
X#
X# This port recognizes the following non-boolean tunables:
X#
X# WITH_LOG_SERVER, WITH_ALT_LOG_SERVER. When "WITH_CLIENT" is defined,
X# these specify what server the client will fetch configuration
X# and database files from. This can also be defined at runtime.
X#
X
XPKGNAMESUFFIX= -client
X
XCOMMENT= Client daemon for the Samhain IDS
X
XWITH_CLIENT= yes
XNOPORTDOCS= yes
X
XMASTERDIR= ${.CURDIR}/../samhain
X
XCONFLICTS= samhain-2*
X
X.include "${MASTERDIR}/Makefile"
END-of-samhain-client/Makefile
echo c - samhain-server
mkdir -p samhain-server > /dev/null 2>&1
echo x - samhain-server/Makefile
sed 's/^X//' >samhain-server/Makefile << 'END-of-samhain-server/Makefile'
X# New ports collection makefile for: samhain-server
X# Date created: 2005-10-31
X# Whom: David Thiel
X#
X# $FreeBSD$
X#
X
X# This port recognizes the following non-boolean tunables:
X#
X# WITH_RUNAS_USER:
X# Whe building with "WITH_SERVER" defined, the username of the
X# account Yule will run as. Defaults to "yule". If using
X# WITH_GPG, ensure that this user exists and has a pgp
X# keypair before installing.
X
X
XPKGNAMESUFFIX= -server
X
XCOMMENT= Log server for the Samhain IDS
X
XWITH_SERVER= yes
X
XMASTERDIR= ${.CURDIR}/../samhain
X
X.include "${MASTERDIR}/Makefile"
END-of-samhain-server/Makefile
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list