diff options
| author | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2019-03-27 18:44:07 +0100 |
|---|---|---|
| committer | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2019-03-27 18:44:07 +0100 |
| commit | 2bb33cf8e7a25294536df30f4dd8dcb25e2e9b8e (patch) | |
| tree | 2ea1c5f6583bfa702a7bd4cbcbc892aa3c9699ad | |
| parent | Do not remove "firewall-drop.sh", because it is handled by "ossec-hids-*-conf... (diff) | |
| download | ossec-2bb33cf8e7a25294536df30f4dd8dcb25e2e9b8e.tar.xz | |
Upgrade to 3.2.0. Added LUA and NOFW options. Improved plist.sh scripts.
| -rw-r--r-- | security/ossec-hids-local-config/Makefile | 10 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/distinfo | 6 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/files/pkg-deinstall.in | 9 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/files/pkg-install.in | 6 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in | 1 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/files/template-rules-default.xml.in | 4 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/scripts/plist.sh | 75 | ||||
| -rw-r--r-- | security/ossec-hids-local/Makefile | 11 | ||||
| -rw-r--r-- | security/ossec-hids-local/distinfo | 6 | ||||
| -rw-r--r-- | security/ossec-hids-local/files/patch-src_Makefile | 231 | ||||
| -rw-r--r-- | security/ossec-hids-local/pkg-plist-agent | 6 | ||||
| -rw-r--r-- | security/ossec-hids-local/pkg-plist-local | 10 | ||||
| -rw-r--r-- | security/ossec-hids-local/pkg-plist-server | 10 | ||||
| -rw-r--r-- | security/ossec-hids-local/scripts/plist.sh | 101 | ||||
| -rw-r--r-- | security/ossec-hids/Makefile | 2 |
15 files changed, 142 insertions, 346 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile index 44edf99..7b8390d 100644 --- a/security/ossec-hids-local-config/Makefile +++ b/security/ossec-hids-local-config/Makefile @@ -1,8 +1,8 @@ # $FreeBSD: head/security/ossec-hids-local-config/Makefile 485977 2018-11-27 01:58:02Z swills $ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 -PORTREVISION= 1 +PORTVERSION= 3.2.0 +PORTREVISION= CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE}-config @@ -47,14 +47,15 @@ NO_ARCH= yes OPTIONS_SUB= yes OPTIONS_SINGLE= FIREWALL -OPTIONS_SINGLE_FIREWALL= IPF IPFW PF +OPTIONS_SINGLE_FIREWALL= NOFW IPF IPFW PF -OPTIONS_DEFAULT+= IPF +OPTIONS_DEFAULT+= NOFW FIREWALL_DESC= Active Response Firewall PF_DESC= Packet Filter IPFW_DESC= ipfirewall IPF_DESC= ipfilter +NOFW_DESC= Custom or no firewall TEMPL_ENABLED_HEADER= template-header-enabled.xml TEMPL_DISABLED_HEADER= template-header-disabled.xml @@ -68,6 +69,7 @@ TEMPL_SAMPLE_DB= template-sample-database.xml PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf IPFW_VARS= FW_DROP=ipfw.sh IPF_VARS= FW_DROP=ipfilter.sh +NOFW_VARS= FW_DROP= .if defined(MAINTAINER_MODE) OSSEC_HOME= ${PREFIX}/${PORTNAME} diff --git a/security/ossec-hids-local-config/distinfo b/security/ossec-hids-local-config/distinfo index 38a6c3c..78bdadd 100644 --- a/security/ossec-hids-local-config/distinfo +++ b/security/ossec-hids-local-config/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1539459620 -SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 -SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 +TIMESTAMP = 1553010491 +SHA256 (ossec-ossec-hids-3.2.0_GH0.tar.gz) = b36cc4db73c265f5fd65f2b5450d69e332316612b5602a3e310ae8907e9d2548 +SIZE (ossec-ossec-hids-3.2.0_GH0.tar.gz) = 1896977 diff --git a/security/ossec-hids-local-config/files/pkg-deinstall.in b/security/ossec-hids-local-config/files/pkg-deinstall.in index 0de19bf..f9f3e7e 100644 --- a/security/ossec-hids-local-config/files/pkg-deinstall.in +++ b/security/ossec-hids-local-config/files/pkg-deinstall.in @@ -1,10 +1,19 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + +ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" agent_conf="${ossec_home}/etc/shared/agent.conf" if [ "$2" == "DEINSTALL" ]; then rm -f "${ossec_conf}" rm -f "${agent_conf}" + + if [ -n "${fw_drop}" ]; then + if [ "${ar_bin_dir}/${fw_drop}" -ef "${ar_bin_dir}/firewall-drop.sh" ]; then + rm -f "${ar_bin_dir}/firewall-drop.sh" + fi + fi fi diff --git a/security/ossec-hids-local-config/files/pkg-install.in b/security/ossec-hids-local-config/files/pkg-install.in index f164b9c..b8af2c8 100644 --- a/security/ossec-hids-local-config/files/pkg-install.in +++ b/security/ossec-hids-local-config/files/pkg-install.in @@ -1,6 +1,8 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_bak="${ossec_conf}.bak" @@ -8,7 +10,9 @@ agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_bak="${ossec_home}/etc/agent.conf.bak" if [ "$2" == "POST-INSTALL" ]; then - ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + if [ -n "${fw_drop}" ]; then + ln -f "${ar_bin_dir}/${fw_drop}" "${ar_bin_dir}/firewall-drop.sh" + fi if [ -e "${ossec_conf}" ]; then mv -f "${ossec_conf}" "${ossec_conf_bak}" diff --git a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in index 37c2166..6591f57 100644 --- a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in +++ b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in @@ -15,6 +15,7 @@ <rootcheck> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans> + <system_audit>/var/ossec/etc/shared/system_audit_pw.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit> </rootcheck> diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in index 5f34a6a..511d551 100644 --- a/security/ossec-hids-local-config/files/template-rules-default.xml.in +++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in @@ -51,6 +51,7 @@ <include>ms_ipsec_rules.xml</include> <include>vmware_rules.xml</include> <include>ids_rules.xml</include> + <include>ms_powershell_rules.xml</include> <include>apache_rules.xml</include> <include>web_rules.xml</include> <include>zeus_rules.xml</include> @@ -78,6 +79,9 @@ <include>ms_firewall_rules.xml</include> <include>psad_rules.xml</include> <include>unbound_rules.xml</include> + <include>kesl_rules.xml</include> + <include>mhn_dionaea_rules.xml</include> + <include>mhn_cowrie_rules.xml</include> <include>local_rules.xml</include> <!-- Files not included by default --> diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh index 6d61787..a58b25a 100644 --- a/security/ossec-hids-local-config/scripts/plist.sh +++ b/security/ossec-hids-local-config/scripts/plist.sh @@ -11,11 +11,17 @@ PLIST=$3 WORKDIR=$4 STAGEDIR=$5 -staged_plist="${WORKDIR}/.staged-plist" fixed_lines="" skip_lines="" skip_paths="" -sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample" + +sample_paths=" +/etc/command.conf.sample +/etc/ossec.conf.d/900.local.conf.sample +/etc/agent.conf.d/900.local.conf.sample" + +NL=$'\n' +IFS=${NL} print_path() { local path="$1" @@ -28,15 +34,28 @@ print_path() { fi fi local user=`stat -f "%Su" "${full_path}"` - if [ "${user}" == "${USER}" ]; then + if [ "${user}" = "${USER}" ]; then user="" fi local group=`stat -f "%Sg" "${full_path}"` - if [ "${group}" == "${GROUP}" ]; then + if [ "${group}" = "${GROUP}" ]; then group="" fi local mode=`stat -f "%p" "${full_path}" | tail -c 5` - echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" + echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" +} + +contains() { + local list="$1" + local word="$2" + + for e in ${list}; do + if [ "${e}" = "${word}" ]; then + return 0 + fi + done + + return 1 } echo -n > "${PLIST}" @@ -45,16 +64,9 @@ print_path done_paths="" while read line; do - skip_line="" - for e in ${skip_lines}; do - if [ "${e}" == "${line}" ]; then - skip_line="${e}" - break - fi - done - if [ -z "${skip_line}" ]; then + if ! contains "${skip_lines}" "${line}"; then path="" - case $line in + case ${line} in "@dir %%OSSEC_HOME%%"*) path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` ;; @@ -62,7 +74,7 @@ while read line; do path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` ;; "%%"*) - unchanged_lines="${unchanged_lines} ${line}" + unchanged_lines="${unchanged_lines}${NL}${line}" ;; esac if [ -n "${path}" ]; then @@ -70,33 +82,12 @@ while read line; do path="" for segment in ${segments}; do path="${path}/${segment}" - skip_path="" - for e in ${skip_paths}; do - if [ "${e}" == "${path}" ]; then - skip_path="${e}" - break - fi - done - if [ -n "${skip_path}" ]; then + if contains "${skip_paths}" "${path}"; then break fi - done_path="" - for e in ${done_paths}; do - if [ "${e}" == "${path}" ]; then - done_path="${e}" - break - fi - done - if [ -z "${done_path}" ]; then - done_paths="${done_paths} ${path}" - sample_path="" - for e in ${sample_paths}; do - if [ "${e}" == "${path}" ]; then - sample_path="${e}" - break - fi - done - if [ -n "${sample_path}" ]; then + if ! contains "${done_paths}" "${path}"; then + done_paths="${done_paths}${NL}${path}" + if contains "${sample_paths}" "${path}"; then print_path "${path}" @sample else print_path "${path}" @@ -105,9 +96,9 @@ while read line; do done fi fi -done < "${staged_plist}" +done < "${WORKDIR}/.staged-plist" -unchanged_lines="${unchanged_lines} ${fixed_lines}" +unchanged_lines="${unchanged_lines}${NL}${fixed_lines}" for line in ${unchanged_lines}; do echo "${line}" >> "${PLIST}" done diff --git a/security/ossec-hids-local/Makefile b/security/ossec-hids-local/Makefile index 20e281e..5f43134 100644 --- a/security/ossec-hids-local/Makefile +++ b/security/ossec-hids-local/Makefile @@ -1,8 +1,8 @@ # $FreeBSD: head/security/ossec-hids-local/Makefile 490211 2019-01-13 20:58:36Z adamw $ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 -PORTREVISION= 3 +PORTVERSION= 3.2.0 +PORTREVISION= CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE} @@ -64,7 +64,7 @@ SHEBANG_FILES= src/agentlessd/scripts/main.exp \ .endif OPTIONS_SUB= yes -OPTIONS_DEFINE= DOCS INOTIFY +OPTIONS_DEFINE= DOCS INOTIFY LUA .if ${OSSEC_TYPE} != agent OPTIONS_DEFINE+= PRELUDE ZEROMQ @@ -81,6 +81,7 @@ ZEROMQ_DESC= ZeroMQ support (experimental) DATABASE_DESC= Database output INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes +LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema @@ -92,8 +93,6 @@ STRIP_FILES= agent-auth \ ossec-agentd \ ossec-execd \ ossec-logcollector \ - ossec-lua \ - ossec-luac \ ossec-syscheckd .else STRIP_FILES= agent_control \ @@ -108,8 +107,6 @@ STRIP_FILES= agent_control \ ossec-execd \ ossec-logcollector \ ossec-logtest \ - ossec-lua \ - ossec-luac \ ossec-maild \ ossec-makelists \ ossec-monitord \ diff --git a/security/ossec-hids-local/distinfo b/security/ossec-hids-local/distinfo index 1e8a6c3..f129b2e 100644 --- a/security/ossec-hids-local/distinfo +++ b/security/ossec-hids-local/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1539457911 -SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 -SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 +TIMESTAMP = 1553010288 +SHA256 (ossec-ossec-hids-3.2.0_GH0.tar.gz) = b36cc4db73c265f5fd65f2b5450d69e332316612b5602a3e310ae8907e9d2548 +SIZE (ossec-ossec-hids-3.2.0_GH0.tar.gz) = 1896977 diff --git a/security/ossec-hids-local/files/patch-src_Makefile b/security/ossec-hids-local/files/patch-src_Makefile deleted file mode 100644 index 03afeb1..0000000 --- a/security/ossec-hids-local/files/patch-src_Makefile +++ /dev/null @@ -1,231 +0,0 @@ ---- src/Makefile.orig 2018-10-11 22:25:16 UTC -+++ src/Makefile -@@ -20,6 +20,9 @@ OSSEC_USER?=ossec - OSSEC_USER_MAIL?=ossecm - OSSEC_USER_REM?=ossecr - -+INSTALL_CMD?=install -m $(1) -o $(2) -g $(3) -+INSTALL_LOCALTIME?=yes -+ - USE_PRELUDE?=no - USE_ZEROMQ?=no - USE_GEOIP?=no -@@ -366,10 +369,10 @@ endif - install: install-${TARGET} - - install-agent: install-common -- install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin -- install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin - -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids - - install-local: install-server-generic - -@@ -379,127 +382,129 @@ install-server: install-server-generic - - install-common: build - ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX} -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/ -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs -- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/ -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs -+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log - -- install -d -m 0550 -o root -g 0 ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-syscheckd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-execd ${PREFIX}/bin -- install -m 0550 -o root -g 0 manage_agents ${PREFIX}/bin -- install -m 0550 -o root -g 0 ../contrib/util.sh ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control -+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control - - ifeq (${LUA_ENABLE},yes) -- install -d -m 0550 -o root -g 0 ${PREFIX}/lua -- install -d -m 0550 -o root -g 0 ${PREFIX}/lua/native -- install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled -- install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua -+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native -+ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled -+ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/ - endif - -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue -- install -d -m 0770 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/alerts -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue -+ $(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff - -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc -- install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc -+ifeq (${INSTALL_LOCALTIME},yes) -+ $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc -+endif - -- install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp -+ $(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp - - ifneq (,$(wildcard /etc/TIMEZONE)) -- install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/ -+ $(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/ - endif - # Solaris Needs some extra files - ifeq (${uname_S},SunOS) -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/ -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/ - cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/ - endif -- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/ -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/ - ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf)) -- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf - endif - ifeq (,$(wildcard ${PREFIX}/etc/client.keys)) -- install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys - endif - ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf)) - ifneq (,$(wildcard ../etc/ossec.mc)) -- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf - else -- install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf - endif - endif - -- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared -- install -m 0640 -o ${OSSEC_USER} -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/ -+ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared -+ $(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/ - -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless -- install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/ -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/ - -- install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh -+ $(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh - -- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/ -- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/ -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/ -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/ - -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var -- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var -+ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run - - ./init/fw-check.sh execute - - - - install-server-generic: install-common -- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/active-responses.log -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall -+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall - -- install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-monitord ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-reportd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-maild ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-remoted ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-logtest ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-csyslogd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-authd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-dbd ${PREFIX}/bin -- install -m 0550 -o root -g 0 ossec-makelists ${PREFIX}/bin -- install -m 0550 -o root -g 0 verify-agent-conf ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 clear_stats ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 list_agents ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 ossec-regex ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 syscheck_update ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 agent_control ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/ -- install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin -+ $(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/ -+ $(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/ - -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats -- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats -+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules - ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml)) - cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup -- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules -- install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml - rm ${PREFIX}/rules/local_rules.xml.installbackup - else -- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules - endif - -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts - -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck - -- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info -- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless -+ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info -+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless - -- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids -+ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids - -- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/ -+ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/ - - rm -f ${PREFIX}/etc/shared/merged.mg - diff --git a/security/ossec-hids-local/pkg-plist-agent b/security/ossec-hids-local/pkg-plist-agent index 6db6de1..8b8bd2a 100644 --- a/security/ossec-hids-local/pkg-plist-agent +++ b/security/ossec-hids-local/pkg-plist-agent @@ -22,8 +22,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/util.sh @dir(,ossec,0550) %%OSSEC_HOME%%/etc @@ -43,6 +41,7 @@ @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -55,6 +54,7 @@ @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -77,3 +77,5 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac diff --git a/security/ossec-hids-local/pkg-plist-local b/security/ossec-hids-local/pkg-plist-local index 4b33e07..cd799e9 100644 --- a/security/ossec-hids-local/pkg-plist-local +++ b/security/ossec-hids-local/pkg-plist-local @@ -42,8 +42,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @@ -74,6 +72,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -86,6 +85,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -112,10 +112,13 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @@ -123,6 +126,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @@ -196,5 +200,7 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema diff --git a/security/ossec-hids-local/pkg-plist-server b/security/ossec-hids-local/pkg-plist-server index 4b33e07..cd799e9 100644 --- a/security/ossec-hids-local/pkg-plist-server +++ b/security/ossec-hids-local/pkg-plist-server @@ -42,8 +42,6 @@ @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @@ -74,6 +72,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @@ -86,6 +85,7 @@ @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @@ -112,10 +112,13 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @@ -123,6 +126,7 @@ @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @@ -196,5 +200,7 @@ %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema diff --git a/security/ossec-hids-local/scripts/plist.sh b/security/ossec-hids-local/scripts/plist.sh index c08c5e1..e5ef2c1 100644 --- a/security/ossec-hids-local/scripts/plist.sh +++ b/security/ossec-hids-local/scripts/plist.sh @@ -11,18 +11,38 @@ PLIST=$3 WORKDIR=$4 STAGEDIR=$5 -staged_plist="${WORKDIR}/.staged-plist" -fixed_lines="" +fixed_lines=" +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +%%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac" if [ "${OSSEC_TYPE}" != "agent" ]; then - fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema" + fixed_lines="${fixed_lines} +%%MYSQL%%%%DOCSDIR%%/mysql.schema +%%PGSQL%%%%DOCSDIR%%/postgresql.schema" fi -skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" -skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua" -sample_paths="/etc/local_internal_options.conf.sample" -if [ "${OSSEC_TYPE}" == "agent" ]; then - skip_paths="${skip_paths} /rules /agentless /.ssh" + +skip_lines=" +%%PORTDOCS%%%%DOCSDIR%%/mysql.schema +%%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" + +skip_paths=" +/etc/ossec.conf +/etc/client.keys +/logs/active-responses.log +/logs/ossec.log +/lua" +if [ "${OSSEC_TYPE}" = "agent" ]; then + skip_paths="${skip_paths} +/rules +/agentless +/.ssh" fi +sample_paths=" +/etc/local_internal_options.conf.sample" + +NL=$'\n' +IFS=${NL} + print_path() { local path="$1" local command="$2" @@ -34,15 +54,28 @@ print_path() { fi fi local user=`stat -f "%Su" "${full_path}"` - if [ "${user}" == "${USER}" ]; then + if [ "${user}" = "${USER}" ]; then user="" fi local group=`stat -f "%Sg" "${full_path}"` - if [ "${group}" == "${GROUP}" ]; then + if [ "${group}" = "${GROUP}" ]; then group="" fi local mode=`stat -f "%p" "${full_path}" | tail -c 5` - echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" + echo "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" +} + +contains() { + local list="$1" + local word="$2" + + for e in ${list}; do + if [ "${e}" = "${word}" ]; then + return 0 + fi + done + + return 1 } echo -n > "${PLIST}" @@ -51,16 +84,9 @@ print_path done_paths="" while read line; do - skip_line="" - for e in ${skip_lines}; do - if [ "${e}" == "${line}" ]; then - skip_line="${e}" - break - fi - done - if [ -z "${skip_line}" ]; then + if ! contains "${skip_lines}" "${line}"; then path="" - case $line in + case ${line} in "@dir %%OSSEC_HOME%%"*) path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` ;; @@ -68,7 +94,7 @@ while read line; do path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` ;; "%%"*) - unchanged_lines="${unchanged_lines} ${line}" + unchanged_lines="${unchanged_lines}${NL}${line}" ;; esac if [ -n "${path}" ]; then @@ -76,33 +102,12 @@ while read line; do path="" for segment in ${segments}; do path="${path}/${segment}" - skip_path="" - for e in ${skip_paths}; do - if [ "${e}" == "${path}" ]; then - skip_path="${e}" - break - fi - done - if [ -n "${skip_path}" ]; then + if contains "${skip_paths}" "${path}"; then break fi - done_path="" - for e in ${done_paths}; do - if [ "${e}" == "${path}" ]; then - done_path="${e}" - break - fi - done - if [ -z "${done_path}" ]; then - done_paths="${done_paths} ${path}" - sample_path="" - for e in ${sample_paths}; do - if [ "${e}" == "${path}" ]; then - sample_path="${e}" - break - fi - done - if [ -n "${sample_path}" ]; then + if ! contains "${done_paths}" "${path}"; then + done_paths="${done_paths}${NL}${path}" + if contains "${sample_paths}" "${path}"; then print_path "${path}" @sample else print_path "${path}" @@ -111,9 +116,9 @@ while read line; do done fi fi -done < "${staged_plist}" +done < "${WORKDIR}/.staged-plist" -unchanged_lines="${unchanged_lines} ${fixed_lines}" +unchanged_lines="${unchanged_lines}${NL}${fixed_lines}" for line in ${unchanged_lines}; do echo "${line}" >> "${PLIST}" done diff --git a/security/ossec-hids/Makefile b/security/ossec-hids/Makefile index 656fea6..50d7429 100644 --- a/security/ossec-hids/Makefile +++ b/security/ossec-hids/Makefile @@ -1,7 +1,7 @@ # $FreeBSD: head/security/ossec-hids/Makefile 484537 2018-11-09 18:52:21Z swills $ PORTNAME= ossec-hids -PORTVERSION= 3.1.0 +PORTVERSION= 3.2.0 PORTREVISION= CATEGORIES= security |