ports/148057: [patch] upgrade of security/ossec-hids-server and security/ossec-hids-client to last release (2.4.1)
Marco Re
laza_bsd at laza.it
Tue Jun 22 08:20:03 UTC 2010
>Number: 148057
>Category: ports
>Synopsis: [patch] upgrade of security/ossec-hids-server and security/ossec-hids-client to last release (2.4.1)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 22 08:20:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Marco Re
>Release: FreeBSD 8.0-RELEASE amd64
>Organization:
>Environment:
FreeBSD contactlab.lan 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
there is a new release on the official web site
>How-To-Repeat:
>Fix:
apply the following patches.
Patch attached with submission follows:
diff -ruN ossec-hids-client.bak/pkg-plist.client ossec-hids-client/pkg-plist.client
--- ossec-hids-client.bak/pkg-plist.client 2009-03-24 01:37:24.000000000 +0100
+++ ossec-hids-client/pkg-plist.client 2010-06-21 13:44:46.000000000 +0200
@@ -3,7 +3,9 @@
%%PORTNAME%%/active-response/bin/host-deny.sh
%%PORTNAME%%/active-response/bin/ipfw.sh
%%PORTNAME%%/active-response/bin/ipfw_mac.sh
+%%PORTNAME%%/active-response/bin/ossec-tweeter.sh
%%PORTNAME%%/active-response/bin/pf.sh
+%%PORTNAME%%/active-response/bin/restart-ossec.sh
%%PORTNAME%%/active-response/bin/route-null.sh
%%PORTNAME%%/bin/manage_agents
%%PORTNAME%%/bin/ossec-agentd
@@ -11,7 +13,6 @@
%%PORTNAME%%/bin/ossec-execd
%%PORTNAME%%/bin/ossec-logcollector
%%PORTNAME%%/bin/ossec-syscheckd
-%%PORTNAME%%/etc/internal_options.conf
%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
@@ -23,9 +24,13 @@
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
%%PORTNAME%%/etc/ossec.conf.sample
+%%PORTNAME%%/etc/localtime
+%%PORTNAME%%/etc/internal_options.conf
%%PORTNAME%%/logs/ossec.log
%%PORTNAME%%/agentless/main.exp
%%PORTNAME%%/agentless/sshlogin.exp
+%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
+%%PORTNAME%%/agentless/ssh_foundry_diff
%%PORTNAME%%/agentless/ssh_pixconfig_diff
%%PORTNAME%%/agentless/ssh_nopass.exp
%%PORTNAME%%/agentless/ssh_integrity_check_linux
@@ -35,7 +40,6 @@
%%PORTNAME%%/agentless/register_host.sh
%%PORTNAME%%/agentless/su.exp
@dirrmtry %%PORTNAME%%/agentless
- at dirrmtry %%PORTNAME%%/active-response/bin/firewalls
@dirrmtry %%PORTNAME%%/active-response/bin
@dirrmtry %%PORTNAME%%/active-response
@dirrmtry %%PORTNAME%%/etc/shared
diff -ruN ossec-hids-server.bak/Makefile ossec-hids-server/Makefile
--- ossec-hids-server.bak/Makefile 2009-03-24 01:37:24.000000000 +0100
+++ ossec-hids-server/Makefile 2010-06-16 13:39:29.000000000 +0200
@@ -6,7 +6,7 @@
#
PORTNAME= ossec-hids
-PORTVERSION= 2.0
+PORTVERSION= 2.4.1
PORTREVISION?= 0
CATEGORIES= security
MASTER_SITES= http://www.ossec.net/files/ \
diff -ruN ossec-hids-server.bak/distinfo ossec-hids-server/distinfo
--- ossec-hids-server.bak/distinfo 2009-03-24 01:37:24.000000000 +0100
+++ ossec-hids-server/distinfo 2010-06-21 10:29:22.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (ossec-hids-2.0.tar.gz) = 113d3df5f556f7f0e3df2d203d2ef73d
-SHA256 (ossec-hids-2.0.tar.gz) = 4640384c20d2b7a80c266180fd6b1a73703f8fda1794ced4c82d4ab4abbcb250
-SIZE (ossec-hids-2.0.tar.gz) = 687694
+MD5 (ossec-hids-2.4.1.tar.gz) = 6796daf0feeae4223f3c1c455ee9350e
+SHA256 (ossec-hids-2.4.1.tar.gz) = 5bb1e48699a38f1c553e31349c20dda06c9fcfc15f5862e16c7fd90456960455
+SIZE (ossec-hids-2.4.1.tar.gz) = 727599
diff -ruN ossec-hids-server.bak/files/patch-attack_rules.xml ossec-hids-server/files/patch-attack_rules.xml
--- ossec-hids-server.bak/files/patch-attack_rules.xml 2008-09-29 16:00:04.000000000 +0200
+++ ossec-hids-server/files/patch-attack_rules.xml 1970-01-01 01:00:00.000000000 +0100
@@ -1,16 +0,0 @@
---- etc/rules/attack_rules.xml 2008-08-29 17:15:08.000000000 +0000
-+++ attack_rules.xml 2008-09-28 21:39:52.000000000 +0000
-@@ -85,11 +85,13 @@
- <description>by a success.</description>
- </rule>
-
-+<!--
- <rule id="40113" level="12" frequency="6" timeframe="360">
- <if_matched_group>virus</if_matched_group>
- <description>Multiple viruses detected - Possible outbreak.</description>
- <group>virus,</group>
- </rule>
-+-->
-
- </group> <!-- SYSLOG, ATTACKS, -->
-
diff -ruN ossec-hids-server.bak/files/patch-mcafee_av_rules.xml ossec-hids-server/files/patch-mcafee_av_rules.xml
--- ossec-hids-server.bak/files/patch-mcafee_av_rules.xml 2008-09-29 16:00:04.000000000 +0200
+++ ossec-hids-server/files/patch-mcafee_av_rules.xml 1970-01-01 01:00:00.000000000 +0100
@@ -1,18 +0,0 @@
---- etc/rules/mcafee_av_rules.xml 2008-08-28 15:56:00.000000000 +0000
-+++ mcafee_av_rules.xml 2008-09-28 21:39:52.000000000 +0000
-@@ -42,6 +42,7 @@
- <description>McAfee Windows AV error event.</description>
- </rule>
-
-+<!--
- <rule id="7504" level="12">
- <if_sid>7500</if_sid>
- <regex>$MCAFEE_VIRUS</regex>
-@@ -62,6 +63,7 @@
- <group>virus</group>
- <description>McAfee Windows AV - Virus detected and file will be deleted.</description>
- </rule>
-+-->
-
- <rule id="7507" level="3">
- <if_sid>7500</if_sid>
diff -ruN ossec-hids-server.bak/files/patch-symantec-av_rules.xml ossec-hids-server/files/patch-symantec-av_rules.xml
--- ossec-hids-server.bak/files/patch-symantec-av_rules.xml 2008-09-29 16:00:04.000000000 +0200
+++ ossec-hids-server/files/patch-symantec-av_rules.xml 1970-01-01 01:00:00.000000000 +0100
@@ -1,17 +0,0 @@
---- etc/rules/symantec-av_rules.xml 2008-06-17 17:03:56.000000000 +0000
-+++ symantec-av_rules.xml 2008-09-28 21:39:52.000000000 +0000
-@@ -31,12 +31,14 @@
- <description>Grouping of Symantec AV rules from eventlog.</description>
- </rule>
-
-+<!--
- <rule id="7310" level="9">
- <if_sid>7300, 7301</if_sid>
- <id>^5$|^17$</id>
- <group>virus</group>
- <description>Virus detected.</description>
- </rule>
-+-->
-
- <rule id="7320" level="3">
- <if_sid>7300, 7301</if_sid>
diff -ruN ossec-hids-server.bak/pkg-plist ossec-hids-server/pkg-plist
--- ossec-hids-server.bak/pkg-plist 2009-03-24 01:37:24.000000000 +0100
+++ ossec-hids-server/pkg-plist 2010-06-21 13:32:09.000000000 +0200
@@ -3,28 +3,32 @@
%%PORTNAME%%/active-response/bin/host-deny.sh
%%PORTNAME%%/active-response/bin/ipfw_mac.sh
%%PORTNAME%%/active-response/bin/ipfw.sh
+%%PORTNAME%%/active-response/bin/ossec-tweeter.sh
%%PORTNAME%%/active-response/bin/pf.sh
+%%PORTNAME%%/active-response/bin/restart-ossec.sh
%%PORTNAME%%/active-response/bin/route-null.sh
+%%PORTNAME%%/bin/agent_control
%%PORTNAME%%/bin/clear_stats
%%PORTNAME%%/bin/list_agents
%%PORTNAME%%/bin/manage_agents
%%PORTNAME%%/bin/ossec-agentd
+%%PORTNAME%%/bin/ossec-agentlessd
%%PORTNAME%%/bin/ossec-analysisd
-%%PORTNAME%%/bin/ossec-dbd
%%PORTNAME%%/bin/ossec-control
+%%PORTNAME%%/bin/ossec-csyslogd
+%%PORTNAME%%/bin/ossec-dbd
%%PORTNAME%%/bin/ossec-execd
%%PORTNAME%%/bin/ossec-logcollector
+%%PORTNAME%%/bin/ossec-logtest
%%PORTNAME%%/bin/ossec-maild
%%PORTNAME%%/bin/ossec-monitord
%%PORTNAME%%/bin/ossec-remoted
+%%PORTNAME%%/bin/ossec-reportd
%%PORTNAME%%/bin/ossec-syscheckd
-%%PORTNAME%%/bin/syscheck_update
-%%PORTNAME%%/bin/ossec-csyslogd
-%%PORTNAME%%/bin/agent_control
-%%PORTNAME%%/bin/syscheck_control
%%PORTNAME%%/bin/rootcheck_control
-%%PORTNAME%%/bin/ossec-reportd
-%%PORTNAME%%/bin/ossec-agentlessd
+%%PORTNAME%%/bin/syscheck_control
+%%PORTNAME%%/bin/syscheck_update
+%%PORTNAME%%/bin/verify-agent-conf
%%PORTNAME%%/etc/decoder.xml
%%PORTNAME%%/etc/internal_options.conf
@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
@@ -41,9 +45,12 @@
%%PORTNAME%%/logs/ossec.log
%%PORTNAME%%/rules/apache_rules.xml
%%PORTNAME%%/rules/arpwatch_rules.xml
+%%PORTNAME%%/rules/asterisk_rules.xml
%%PORTNAME%%/rules/attack_rules.xml
+%%PORTNAME%%/rules/cimserver_rules.xml
%%PORTNAME%%/rules/cisco-ios_rules.xml
%%PORTNAME%%/rules/courier_rules.xml
+%%PORTNAME%%/rules/dovecot_rules.xml
%%PORTNAME%%/rules/firewall_rules.xml
%%PORTNAME%%/rules/ftpd_rules.xml
%%PORTNAME%%/rules/hordeimp_rules.xml
@@ -51,14 +58,19 @@
%%PORTNAME%%/rules/imapd_rules.xml
%%PORTNAME%%/rules/local_rules.xml
%%PORTNAME%%/rules/mailscanner_rules.xml
+%%PORTNAME%%/rules/mcafee_av_rules.xml
%%PORTNAME%%/rules/ms-exchange_rules.xml
+%%PORTNAME%%/rules/ms-se_rules.xml
+%%PORTNAME%%/rules/ms_dhcp_rules.xml
%%PORTNAME%%/rules/ms_ftpd_rules.xml
%%PORTNAME%%/rules/msauth_rules.xml
%%PORTNAME%%/rules/mysql_rules.xml
%%PORTNAME%%/rules/named_rules.xml
%%PORTNAME%%/rules/netscreenfw_rules.xml
+%%PORTNAME%%/rules/nginx_rules.xml
%%PORTNAME%%/rules/ossec_rules.xml
%%PORTNAME%%/rules/pam_rules.xml
+%%PORTNAME%%/rules/php_rules.xml
%%PORTNAME%%/rules/pix_rules.xml
%%PORTNAME%%/rules/policy_rules.xml
%%PORTNAME%%/rules/postfix_rules.xml
@@ -66,9 +78,11 @@
%%PORTNAME%%/rules/proftpd_rules.xml
%%PORTNAME%%/rules/pure-ftpd_rules.xml
%%PORTNAME%%/rules/racoon_rules.xml
+%%PORTNAME%%/rules/roundcube_rules.xml
%%PORTNAME%%/rules/rules_config.xml
%%PORTNAME%%/rules/sendmail_rules.xml
%%PORTNAME%%/rules/smbd_rules.xml
+%%PORTNAME%%/rules/solaris_bsm_rules.xml
%%PORTNAME%%/rules/sonicwall_rules.xml
%%PORTNAME%%/rules/spamd_rules.xml
%%PORTNAME%%/rules/squid_rules.xml
@@ -77,50 +91,54 @@
%%PORTNAME%%/rules/symantec-ws_rules.xml
%%PORTNAME%%/rules/syslog_rules.xml
%%PORTNAME%%/rules/telnetd_rules.xml
+%%PORTNAME%%/rules/trend-osce_rules.xml
+%%PORTNAME%%/rules/vmpop3d_rules.xml
+%%PORTNAME%%/rules/vmware_rules.xml
%%PORTNAME%%/rules/vpn_concentrator_rules.xml
%%PORTNAME%%/rules/vpopmail_rules.xml
%%PORTNAME%%/rules/vsftpd_rules.xml
%%PORTNAME%%/rules/web_rules.xml
+%%PORTNAME%%/rules/wordpress_rules.xml
%%PORTNAME%%/rules/zeus_rules.xml
-%%PORTNAME%%/rules/vmware_rules.xml
-%%PORTNAME%%/rules/vmpop3d_rules.xml
-%%PORTNAME%%/rules/solaris_bsm_rules.xml
-%%PORTNAME%%/rules/mcafee_av_rules.xml
-%%PORTNAME%%/rules/asterisk_rules.xml
%%PORTNAME%%/agentless/main.exp
-%%PORTNAME%%/agentless/sshlogin.exp
-%%PORTNAME%%/agentless/ssh_pixconfig_diff
-%%PORTNAME%%/agentless/ssh_nopass.exp
-%%PORTNAME%%/agentless/ssh_integrity_check_linux
-%%PORTNAME%%/agentless/ssh_integrity_check_bsd
-%%PORTNAME%%/agentless/ssh_generic_diff
-%%PORTNAME%%/agentless/ssh.exp
%%PORTNAME%%/agentless/register_host.sh
+%%PORTNAME%%/agentless/ssh.exp
+%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
+%%PORTNAME%%/agentless/ssh_foundry_diff
+%%PORTNAME%%/agentless/ssh_generic_diff
+%%PORTNAME%%/agentless/ssh_integrity_check_bsd
+%%PORTNAME%%/agentless/ssh_integrity_check_linux
+%%PORTNAME%%/agentless/ssh_nopass.exp
+%%PORTNAME%%/agentless/ssh_pixconfig_diff
+%%PORTNAME%%/agentless/sshlogin.exp
%%PORTNAME%%/agentless/su.exp
- at dirrmtry %%PORTNAME%%/agentless
@dirrmtry %%PORTNAME%%/.ssh
- at dirrmtry %%PORTNAME%%/var/run
- at dirrmtry %%PORTNAME%%/var
- at dirrmtry %%PORTNAME%%/tmp
- at dirrmtry %%PORTNAME%%/stats
- at dirrmtry %%PORTNAME%%/rules
- at dirrmtry %%PORTNAME%%/queue/syscheck
- at dirrmtry %%PORTNAME%%/queue/rootcheck
- at dirrmtry %%PORTNAME%%/queue/rids
- at dirrmtry %%PORTNAME%%/queue/ossec
- at dirrmtry %%PORTNAME%%/queue/fts
- at dirrmtry %%PORTNAME%%/queue/alerts
+ at dirrmtry %%PORTNAME%%/active-response/bin
+ at dirrmtry %%PORTNAME%%/active-response
+ at dirrmtry %%PORTNAME%%/agentless
+ at dirrmtry %%PORTNAME%%/bin
+ at dirrmtry %%PORTNAME%%/etc/shared
+ at dirrmtry %%PORTNAME%%/etc
+ at dirrmtry %%PORTNAME%%/logs/alerts
+ at dirrmtry %%PORTNAME%%/logs/archives
+ at dirrmtry %%PORTNAME%%/logs/firewall
+ at dirrmtry %%PORTNAME%%/logs
@dirrmtry %%PORTNAME%%/queue/agent-info
- at dirrmtry %%PORTNAME%%/queue/diff
@dirrmtry %%PORTNAME%%/queue/agentless
+ at dirrmtry %%PORTNAME%%/queue/alerts
+ at dirrmtry %%PORTNAME%%/queue/diff
+ at dirrmtry %%PORTNAME%%/queue/fts
+ at dirrmtry %%PORTNAME%%/queue/ossec
+ at dirrmtry %%PORTNAME%%/queue/rids
+ at dirrmtry %%PORTNAME%%/queue/rootcheck
+ at dirrmtry %%PORTNAME%%/queue/syscheck
@dirrmtry %%PORTNAME%%/queue
- at dirrmtry %%PORTNAME%%/logs/firewall
- at dirrmtry %%PORTNAME%%/logs/archives
- at dirrmtry %%PORTNAME%%/logs/alerts
- at dirrmtry %%PORTNAME%%/logs
- at dirrmtry %%PORTNAME%%/etc/shared
- at dirrmtry %%PORTNAME%%/etc
- at dirrmtry %%PORTNAME%%/bin
- at dirrmtry %%PORTNAME%%/active-response/bin
- at dirrmtry %%PORTNAME%%/active-response
+ at dirrmtry %%PORTNAME%%/rules
+ at dirrmtry %%PORTNAME%%/stats/hourly-average
+ at dirrmtry %%PORTNAME%%/stats/totals
+ at dirrmtry %%PORTNAME%%/stats/weekly-average
+ at dirrmtry %%PORTNAME%%/stats
+ at dirrmtry %%PORTNAME%%/tmp
+ at dirrmtry %%PORTNAME%%/var/run
+ at dirrmtry %%PORTNAME%%/var
@dirrmtry %%PORTNAME%%
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list