svn commit: r550881 - in head/security/honeytrap: . files files/etc
Steve Wills
swills at FreeBSD.org
Thu Oct 1 23:50:38 UTC 2020
Author: swills
Date: Thu Oct 1 23:50:34 2020
New Revision: 550881
URL: https://svnweb.freebsd.org/changeset/ports/550881
Log:
security/honeytrap: multiple changes
* Improve rc script
* Clean up
* Pass maintainership to submitter
* Fix build with newer Go
PR: 247140
PR: 248948
Submitted by: ezri.mudde at dutchsec.com
Approved by: remco.verhoef at dutchsec.com (maintainer)
Added:
head/security/honeytrap/files/honeytrap.toml
- copied, changed from r550880, head/security/honeytrap/files/etc/honeytrap.toml
head/security/honeytrap/files/patch-cmd_constants.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go (contents, props changed)
head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go (contents, props changed)
Deleted:
head/security/honeytrap/files/etc/
Modified:
head/security/honeytrap/Makefile (contents, props changed)
head/security/honeytrap/distinfo (contents, props changed)
head/security/honeytrap/files/honeytrap.in
Modified: head/security/honeytrap/Makefile
==============================================================================
--- head/security/honeytrap/Makefile Thu Oct 1 23:30:32 2020 (r550880)
+++ head/security/honeytrap/Makefile Thu Oct 1 23:50:34 2020 (r550881)
@@ -1,21 +1,19 @@
# $FreeBSD$
PORTNAME= honeytrap
-DISTVERSION= g20200415
+DISTVERSION= g20200625
CATEGORIES= security
-MAINTAINER= remco.verhoef at dutchsec.com
-COMMENT= HoneyTrap Freebsd port
+MAINTAINER= ezri.mudde at dutchsec.com
+COMMENT= Framework for running, monitoring and managing honeypots
LICENSE= ART20
-BROKEN= fails to build
-
USES= go:modules
+GO_BUILDFLAGS= -ldflags '-X github.com/honeytrap/honeytrap/cmd.Version=2020-07-22T08:34:55 -X github.com/honeytrap/honeytrap/cmd.ReleaseTag=DEVELOPMENT.2020-07-22T08-34-55Z -X github.com/honeytrap/honeytrap/cmd.CommitID=33bbb2db3a3140b0ce4fbda14747bc954e0bcadd -X github.com/honeytrap/honeytrap/cmd.ShortCommitID=33bbb2db3a31 -extldflags "static"'
USE_GITHUB= yes
-GH_TAGNAME= d8d94c8f
-GH_TUPLE= \
- AndreasBriese:bbloom:28f7e881ca57:andreasbriese_bbloom/vendor/github.com/AndreasBriese/bbloom \
+GH_TAGNAME= 33bbb2d
+GH_TUPLE= AndreasBriese:bbloom:28f7e881ca57:andreasbriese_bbloom/vendor/github.com/AndreasBriese/bbloom \
BurntSushi:toml:v0.3.0:burntsushi_toml/vendor/github.com/BurntSushi/toml \
Logicalis:asn1:c9c836c1a3cd:logicalis_asn1/vendor/github.com/Logicalis/asn1 \
Shopify:sarama:v1.16.0:shopify_sarama/vendor/github.com/Shopify/sarama \
@@ -72,22 +70,24 @@ GH_TUPLE= \
yuin:gopher-lua:8bfc7677f583:yuin_gopher_lua/vendor/github.com/yuin/gopher-lua \
google:gvisor:3eb302470365:google_gvisor/vendor/gvisor.dev/gvisor
-USERS= honeytrap
-GROUPS= honeytrap
+HONEYTRAP_USER?= honeytrap
+HONEYTRAP_GROUP?= honeytrap
+HONEYTRAP_DBDIR?= /var/db/${PORTNAME}
+
+USERS= ${HONEYTRAP_USER}
+GROUPS= ${HONEYTRAP_GROUP}
USE_RC_SUBR= honeytrap
-PLIST_FILES= bin/honeytrap \
- etc/honeytrap.toml \
- "@dir(honeytrap,honeytrap,4744) /var/log/honeytrap" \
- "@dir(honeytrap,honeytrap,4744) libdata/honeytrap"
+PLIST_FILES= "@sample(honeytrap,honeytrap,0600) ${ETCDIR}/honeytrap.toml.sample" \
+ bin/honeytrap
+SUB_LIST= GROUP=${HONEYTRAP_GROUP} \
+ HONEYTRAP_DBDIR=${HONEYTRAP_DBDIR} \
+ USER=${HONEYTRAP_USER}
+
do-install:
${MKDIR} ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKDIR}/bin/honeytrap ${STAGEDIR}${PREFIX}/bin/honeytrap
- ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d
- ${INSTALL_DATA} ${FILESDIR}/etc/honeytrap.toml ${STAGEDIR}${PREFIX}/etc
-
-post-install:
- ${MKDIR} ${STAGEDIR}${PREFIX}/libdata/honeytrap
- ${MKDIR} ${STAGEDIR}/var/log/honeytrap
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d ${STAGEDIR}${ETCDIR}
+ ${INSTALL_DATA} ${FILESDIR}/honeytrap.toml ${STAGEDIR}${ETCDIR}/honeytrap.toml.sample
.include <bsd.port.mk>
Modified: head/security/honeytrap/distinfo
==============================================================================
--- head/security/honeytrap/distinfo Thu Oct 1 23:30:32 2020 (r550880)
+++ head/security/honeytrap/distinfo Thu Oct 1 23:50:34 2020 (r550881)
@@ -1,6 +1,6 @@
-TIMESTAMP = 1587390791
-SHA256 (honeytrap-honeytrap-g20200415-d8d94c8f_GH0.tar.gz) = f565e52e8f4bbebc3765bd2ead68b7ab141da4ef00073749ae55268290f5d13a
-SIZE (honeytrap-honeytrap-g20200415-d8d94c8f_GH0.tar.gz) = 379014
+TIMESTAMP = 1595352531
+SHA256 (honeytrap-honeytrap-g20200625-33bbb2d_GH0.tar.gz) = a6390179c0ba3282d7523f3633d4a15852f39081fd666f4ac3a4c37f95fef4c4
+SIZE (honeytrap-honeytrap-g20200625-33bbb2d_GH0.tar.gz) = 379053
SHA256 (AndreasBriese-bbloom-28f7e881ca57_GH0.tar.gz) = c87bf25d12aa9ef597c6a465dd2959d6d7e06d8341030d6d75c8a81ccc388ccd
SIZE (AndreasBriese-bbloom-28f7e881ca57_GH0.tar.gz) = 7141
SHA256 (BurntSushi-toml-v0.3.0_GH0.tar.gz) = 2c49390424cfb043f803977bce80b1504495bada54f9e845ff8b30a05fab9a36
Modified: head/security/honeytrap/files/honeytrap.in
==============================================================================
--- head/security/honeytrap/files/honeytrap.in Thu Oct 1 23:30:32 2020 (r550880)
+++ head/security/honeytrap/files/honeytrap.in Thu Oct 1 23:50:34 2020 (r550881)
@@ -3,18 +3,34 @@
# $FreeBSD$
#
# PROVIDE: honeytrap
-# REQUIRE: LOGIN
+# REQUIRE: NETWORKING SERVERS DAEMON
# KEYWORD: shutdown
+
+# Add honeytrap_enable="YES" to /etc/rc.conf to enable Honeytrap
+
+# Additional variables you can define are:
+
+# honeytrap_config (path): Config file path.
+# Set to %%ETCDIR%%/honeytrap.toml by default.
+# honeytrap_datadir (dir): Set dir to store honeytrap data in.
+# Default is "%%HONEYTRAP_DBDIR%%"
+# honeytrap_logdir (dir): Set dir to store honeytrap logs in.
+# Default is "/var/log/honeytrap"
+# honeytrap_user (string): Set user to run honeytrap.
+# Default is "%%USER%%".
+# honeytrap_group (string): Set group to run honeytrap.
+# Default is "%%GROUP%%".
+# honeytrap_pidfile (string): Set full path to pid file
+# Default is "/var/run/honeytrap.pid"
+# honeytrap_syslog_output_enable (bool): Set to YES to enable syslog output
+# Default is "NO". See daemon(8).
+# honeytrap_syslog_output_tag (str): Set syslog tag if syslog enabled.
+# Default is "honeytrap". See daemon(8).
+# honeytrap_syslog_output_priority (str): Set syslog priority if syslog enabled.
+# Default is "info". See daemon(8).
+# honeytrap_syslog_output_facility (str): Set syslog facility if syslog enabled.
+# Default is "daemon". See daemon(8).
#
-# Add these lines to /etc/rc.conf.local or /etc/rc.conf
-# to enable this service:
-#
-# honeytrap_enable (bool): Set to NO by default.
-# Set it to YES to enable honeytrap.
-# honeytrap_datadir (path): Set to %%PREFIX%%/libdata/honeytrap
-# by default.
-# honeytrap_config (path): Set to %%PREFIX%%/etc/honeytrap.toml
-# by default.
. /etc/rc.subr
@@ -24,18 +40,49 @@ rcvar=honeytrap_enable
load_rc_config $name
: ${honeytrap_enable:="NO"}
-: ${honeytrap_datadir="%%PREFIX%%/libdata/honeytrap"}
-: ${honeytrap_config="%%PREFIX%%/etc/honeytrap.toml"}
+: ${honeytrap_config="%%ETCDIR%%/honeytrap.toml"}
+: ${honeytrap_datadir:="%%HONEYTRAP_DBDIR%%"}
+: ${honeytrap_logdir:="/var/log/honeytrap"}
+: ${honeytrap_user:="%%USER%%"}
+: ${honeytrap_group:="%%GROUP%%"}
+: ${honeytrap_pidfile:="/var/run/${name}.pid"}
+: ${honeytrap_syslog_output_enable:="NO"}
-start_cmd="${name}_start"
+pidfile=${honeytrap_pidfile}
+procname="%%PREFIX%%/bin/honeytrap"
+command="/usr/sbin/daemon"
-honeytrap_program="%%PREFIX%%/bin/honeytrap"
-honeytrap_flags="--data $honeytrap_datadir --config $honeytrap_config"
-pidfile=/var/run/${name}.pid
+start_precmd="honeytrap_start_precmd"
-honeytrap_start()
+if checkyesno honeytrap_syslog_output_enable; then
+ if [ -n "${honeytrap_syslog_output_tag}" ]; then
+ honeytrap_syslog_output_flags="-T ${honeytrap_syslog_output_tag}"
+ else
+ honeytrap_syslog_output_flags="-T ${name}"
+ fi
+ if [ -n "${honeytrap_syslog_output_priority}" ]; then
+ honeytrap_syslog_output_flags="${honeytrap_syslog_output_flags} -s ${honeytrap_syslog_output_priority}"
+ fi
+
+ if [ -n "${honeytrap_syslog_output_facility}" ]; then
+ honeytrap_syslog_output_flags="${honeytrap_syslog_output_flags} -l ${honeytrap_syslog_output_facility}"
+ fi
+fi
+
+command_args="-f -t ${name} ${honeytrap_syslog_output_flags} -p ${pidfile} /usr/bin/env ${honeytrap_env} ${procname} --data ${honeytrap_datadir} --config ${honeytrap_config} ${honeytrap_flags}"
+
+honeytrap_start_precmd()
{
- daemon -o /var/log/honeytrap/service.log -p $pidfile -u $name $honeytrap_program $honeytrap_flags
-}
+ if [ ! -e ${pidfile} ]; then
+ install -o ${honeytrap_user} -g ${honeytrap_group} /dev/null ${pidfile}
+ fi
+ if [ ! -d ${honeytrap_datadir} ]; then
+ install -d -m 0750 -o ${honeytrap_user} -g ${honeytrap_group} ${honeytrap_datadir}
+ fi
+ if [ ! -d ${honeytrap_logdir} ]; then
+ install -d -m 0750 -o ${honeytrap_user} -g ${honeytrap_group} ${honeytrap_logdir}
+ fi
+}
+
run_rc_command "$@"
Copied and modified: head/security/honeytrap/files/honeytrap.toml (from r550880, head/security/honeytrap/files/etc/honeytrap.toml)
==============================================================================
Added: head/security/honeytrap/files/patch-cmd_constants.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-cmd_constants.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,21 @@
+--- cmd/constants.go.orig 2020-08-11 10:18:40 UTC
++++ cmd/constants.go
+@@ -19,15 +19,12 @@ var (
+ // GOPATH - GOPATH value at the time of build.
+ GOPATH = ""
+
+- // Go get development tag.
+- goGetTag = "DEVELOPMENT.GOGET"
+-
+ // Version - version time.RFC3339.
+- Version = goGetTag
++ Version = ""
+ // ReleaseTag - release tag in TAG.%Y-%m-%dT%H-%M-%SZ.
+- ReleaseTag = goGetTag
++ ReleaseTag = ""
+ // CommitID - latest commit id.
+- CommitID = goGetTag
++ CommitID = ""
+ // ShortCommitID - first 12 characters from CommitID.
+ ShortCommitID = CommitID[:12]
+ )
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/bluepill_unsafe.go.orig 2020-08-27 10:13:09 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/bluepill_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/machine_unsafe.go.orig 2020-08-27 10:11:57 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/machine_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/ptrace/subprocess_unsafe.go.orig 2020-08-27 10:10:47 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/ptrace/subprocess_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sentry/vfs/mount_unsafe.go.orig 2020-08-27 10:09:46 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sentry/vfs/mount_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go.orig 2020-08-27 10:03:23 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.11
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sync/downgradable_rwmutex_unsafe.go.orig 2020-08-27 10:03:50 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sync/downgradable_rwmutex_unsafe.go
+@@ -4,7 +4,7 @@
+ // license that can be found in the LICENSE file.
+
+ // +build go1.13
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sync/memmove_unsafe.go.orig 2020-08-27 10:04:54 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sync/memmove_unsafe.go
+@@ -4,7 +4,7 @@
+ // license that can be found in the LICENSE file.
+
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/sync/tmutex_unsafe.go.orig 2020-08-27 10:06:40 UTC
++++ vendor/gvisor.dev/gvisor/pkg/sync/tmutex_unsafe.go
+@@ -4,7 +4,7 @@
+ // license that can be found in the LICENSE file.
+
+ // +build go1.13
+-// +build !go1.15
++// +build !go1.16
+
+ // When updating the build constraint (above), check that syncMutex matches the
+ // standard library sync.Mutex definition.
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go.orig 2020-08-27 10:08:00 UTC
++++ vendor/gvisor.dev/gvisor/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go
+@@ -14,7 +14,7 @@
+
+ // +build linux,amd64 linux,arm64
+ // +build go1.12
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go Thu Oct 1 23:50:34 2020 (r550881)
@@ -0,0 +1,11 @@
+--- vendor/gvisor.dev/gvisor/pkg/tcpip/time_unsafe.go.orig 2020-08-27 10:08:55 UTC
++++ vendor/gvisor.dev/gvisor/pkg/tcpip/time_unsafe.go
+@@ -13,7 +13,7 @@
+ // limitations under the License.
+
+ // +build go1.9
+-// +build !go1.15
++// +build !go1.16
+
+ // Check go:linkname function signatures when updating Go version.
+
More information about the svn-ports-all
mailing list