svn commit: r361282 - in head/security: ossec-hids-client ossec-hids-server/files
Brad Davis
brd at FreeBSD.org
Tue Jul 8 19:53:13 UTC 2014
Author: brd (doc committer)
Date: Tue Jul 8 19:53:12 2014
New Revision: 361282
URL: http://svnweb.freebsd.org/changeset/ports/361282
QAT: https://qat.redports.org/buildarchive/r361282/
Log:
- Fix the permissions so ossec-hids-client will actually start.
1: Based on a submission by Johan
PR: 190709 [1]
Submitted by: Johan Strom <johan at stromnet.se> [1]
Reviewed by: swills@
Modified:
head/security/ossec-hids-client/Makefile
head/security/ossec-hids-client/pkg-plist.client
head/security/ossec-hids-server/files/patch-src__InstallAgent.sh
Modified: head/security/ossec-hids-client/Makefile
==============================================================================
--- head/security/ossec-hids-client/Makefile Tue Jul 8 19:50:24 2014 (r361281)
+++ head/security/ossec-hids-client/Makefile Tue Jul 8 19:53:12 2014 (r361282)
@@ -1,6 +1,7 @@
# Created by: Valerio Daelli <valerio.daelli at gmail.com>
# $FreeBSD$
+PORTREVISION= 1
COMMENT= The client port of ossec-hids
CLIENT_ONLY= yes
Modified: head/security/ossec-hids-client/pkg-plist.client
==============================================================================
--- head/security/ossec-hids-client/pkg-plist.client Tue Jul 8 19:50:24 2014 (r361281)
+++ head/security/ossec-hids-client/pkg-plist.client Tue Jul 8 19:53:12 2014 (r361282)
@@ -1,3 +1,4 @@
+ at group ossec
%%PORTNAME%%/active-response/bin/disable-account.sh
%%PORTNAME%%/active-response/bin/firewall-drop.sh
%%PORTNAME%%/active-response/bin/host-deny.sh
@@ -27,7 +28,9 @@
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
@sample %%PORTNAME%%/etc/ossec.conf.sample
%%PORTNAME%%/etc/internal_options.conf
+ at owner ossec
%%PORTNAME%%/logs/ossec.log
+ at owner
%%PORTNAME%%/agentless/main.exp
%%PORTNAME%%/agentless/sshlogin.exp
%%PORTNAME%%/agentless/ssh_asa-fwsmconfig_diff
@@ -49,11 +52,15 @@
@dirrmtry %%PORTNAME%%/var
@dirrmtry %%PORTNAME%%/queue/syscheck
@dirrmtry %%PORTNAME%%/queue/rids
+ at owner ossec
@dirrmtry %%PORTNAME%%/queue/ossec
@dirrmtry %%PORTNAME%%/queue/diff
+ at owner
@dirrmtry %%PORTNAME%%/queue/alerts
@dirrmtry %%PORTNAME%%/queue
@dirrmtry %%PORTNAME%%/logs
@dirrmtry %%PORTNAME%%/bin
+ at owner ossec
@dirrmtry %%PORTNAME%%/.ssh
+ at owner
@dirrmtry %%PORTNAME%%
Modified: head/security/ossec-hids-server/files/patch-src__InstallAgent.sh
==============================================================================
--- head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Tue Jul 8 19:50:24 2014 (r361281)
+++ head/security/ossec-hids-server/files/patch-src__InstallAgent.sh Tue Jul 8 19:53:12 2014 (r361282)
@@ -1,5 +1,5 @@
---- ./src/InstallAgent.sh.orig 2013-10-29 12:13:44.000000000 -0600
-+++ ./src/InstallAgent.sh 2014-05-16 07:12:31.133178776 -0600
+--- src/InstallAgent.sh.orig 2013-10-29 12:13:44.000000000 -0600
++++ src/InstallAgent.sh 2014-06-20 10:30:22.531480743 -0600
@@ -37,11 +37,11 @@
# Creating groups/users
@@ -17,6 +17,91 @@
elif [ "$UNAME" = "SunOS" ]; then
grep "^${USER}" /etc/passwd > /dev/null 2>&1
+@@ -107,21 +107,21 @@
+
+ # Default for all directories
+ chmod -R 550 ${DIR}
+-chown -R root:${GROUP} ${DIR}
++#chown -R root:${GROUP} ${DIR}
+
+ # To the ossec queue (default for agentd to read)
+-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
++#chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+ chmod -R 770 ${DIR}/queue/ossec
+
+ # For the logging user
+-chown -R ${USER}:${GROUP} ${DIR}/logs
++#chown -R ${USER}:${GROUP} ${DIR}/logs
+ chmod -R 750 ${DIR}/logs
+ chmod -R 775 ${DIR}/queue/rids
+ touch ${DIR}/logs/ossec.log
+-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
++#chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+ chmod 664 ${DIR}/logs/ossec.log
+
+-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
++#chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+ chmod -R 750 ${DIR}/queue/diff
+ chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
+
+@@ -130,7 +130,7 @@
+
+ # For the etc dir
+ chmod 550 ${DIR}/etc
+-chown -R root:${GROUP} ${DIR}/etc
++#chown -R root:${GROUP} ${DIR}/etc
+
+ ls /etc/localtime > /dev/null 2>&1
+ if [ $? = 0 ]; then
+@@ -168,12 +168,12 @@
+ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
+ cp -pr agentlessd/scripts/* ${DIR}/agentless/
+
+-chown root:${GROUP} ${DIR}/etc/internal_options.conf
+-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/agentless/*
+-chown ${USER}:${GROUP} ${DIR}/.ssh
+-chown -R root:${GROUP} ${DIR}/etc/shared
++#chown root:${GROUP} ${DIR}/etc/internal_options.conf
++#chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
++#chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
++#chown root:${GROUP} ${DIR}/agentless/*
++#chown ${USER}:${GROUP} ${DIR}/.ssh
++#chown -R root:${GROUP} ${DIR}/etc/shared
+
+ chmod 550 ${DIR}/etc
+ chmod 440 ${DIR}/etc/internal_options.conf
+@@ -186,7 +186,7 @@
+
+ # For the /var/run
+ chmod 770 ${DIR}/var/run
+-chown root:${GROUP} ${DIR}/var/run
++#chown root:${GROUP} ${DIR}/var/run
+
+
+ # Moving the binary files
+@@ -198,7 +198,7 @@
+ cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
+ cp -pr addagent/manage_agents ${DIR}/bin/
+ cp -pr ../contrib/util.sh ${DIR}/bin/
+-chown root:${GROUP} ${DIR}/bin/util.sh
++#chown root:${GROUP} ${DIR}/bin/util.sh
+ chmod +x ${DIR}/bin/util.sh
+
+ # Copying active response modules
+@@ -206,9 +206,9 @@
+ cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
+ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
+ chmod 755 ${DIR}/active-response/bin/*
+-chown root:${GROUP} ${DIR}/active-response/bin/*
++#chown root:${GROUP} ${DIR}/active-response/bin/*
+
+-chown root:${GROUP} ${DIR}/bin/*
++#chown root:${GROUP} ${DIR}/bin/*
+ chmod 550 ${DIR}/bin/*
+
+
@@ -223,10 +223,10 @@
if [ $? = 0 ]; then
cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
@@ -26,7 +111,7 @@
fi
-chown root:${GROUP} ${DIR}/etc/ossec.conf
-chmod 440 ${DIR}/etc/ossec.conf
-+chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
++#chown root:${GROUP} ${DIR}/etc/ossec.conf.sample
+chmod 440 ${DIR}/etc/ossec.conf.sample
More information about the svn-ports-all
mailing list