From 40fe374ce79a2a0df1ae63093ba689225cae6705 Mon Sep 17 00:00:00 2001
From: Dominik Lisiak <dominik.lisiak@bemsoft.pl>
Date: Sun, 14 Oct 2018 22:15:18 +0200
Subject: Upgrade to 3.1.0.

---
 security/ossec-hids-local-config/Makefile          |  2 +-
 security/ossec-hids-local-config/distinfo          |  6 +-
 .../files/template-rules-default.xml.in            |  7 +-
 .../files/template-sample-server.xml.in            |  4 +-
 security/ossec-hids-local-config/pkg-plist-agent   | 46 ++++++-------
 security/ossec-hids-local-config/pkg-plist-local   | 60 ++++++++---------
 security/ossec-hids-local-config/pkg-plist-server  | 78 +++++++++++-----------
 security/ossec-hids-local-config/scripts/plist.sh  |  2 +-
 8 files changed, 105 insertions(+), 100 deletions(-)

(limited to 'security/ossec-hids-local-config')

diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile
index 15f3ffc..9ca25d4 100644
--- a/security/ossec-hids-local-config/Makefile
+++ b/security/ossec-hids-local-config/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	ossec-hids
-PORTVERSION=	3.0.0
+PORTVERSION=	3.1.0
 PORTREVISION=
 CATEGORIES=	security
 PKGNAMESUFFIX=	-${OSSEC_TYPE}-config
diff --git a/security/ossec-hids-local-config/distinfo b/security/ossec-hids-local-config/distinfo
index 22bce30..38a6c3c 100644
--- a/security/ossec-hids-local-config/distinfo
+++ b/security/ossec-hids-local-config/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1535297705
-SHA256 (ossec-ossec-hids-3.0.0_GH0.tar.gz) = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98
-SIZE (ossec-ossec-hids-3.0.0_GH0.tar.gz) = 1817324
+TIMESTAMP = 1539459620
+SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
+SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469
diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in
index e7c18be..5f34a6a 100644
--- a/security/ossec-hids-local-config/files/template-rules-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in
@@ -47,6 +47,8 @@
     <include>msauth_rules.xml</include>
     <include>mcafee_av_rules.xml</include>
     <include>ms-se_rules.xml</include>
+    <include>sysmon_rules.xml</include>
+    <include>ms_ipsec_rules.xml</include>
     <include>vmware_rules.xml</include>
     <include>ids_rules.xml</include>
     <include>apache_rules.xml</include>
@@ -70,8 +72,11 @@
     <include>owncloud_rules.xml</include>
     <include>proxmox-ve_rules.xml</include>
     <include>opensmtpd_rules.xml</include>
+    <include>dnsmasq_rules.xml</include>
+    <include>linux_usbdetect_rules.xml</include>
+    <include>ms1016_usbdetect_rules.xml</include>
+    <include>ms_firewall_rules.xml</include>
     <include>psad_rules.xml</include>
-    <include>sysmon_rules.xml</include>
     <include>unbound_rules.xml</include>
     <include>local_rules.xml</include>
 
diff --git a/security/ossec-hids-local-config/files/template-sample-server.xml.in b/security/ossec-hids-local-config/files/template-sample-server.xml.in
index d4efd19..901e26a 100644
--- a/security/ossec-hids-local-config/files/template-sample-server.xml.in
+++ b/security/ossec-hids-local-config/files/template-sample-server.xml.in
@@ -3,8 +3,8 @@
 
   <remote>
     <connection>secure</connection>
-    <!-- Because of a bug, setting the address is mandatory for IPv4. -->
-    <local_ip>1.2.3.4</local_ip>
+    <!-- OSSEC server listens on all interfacees by default. -->
+    <!-- <local_ip>1.2.3.4</local_ip> -->
   </remote>
 
   <global>
diff --git a/security/ossec-hids-local-config/pkg-plist-agent b/security/ossec-hids-local-config/pkg-plist-agent
index b999785..bb8bf58 100644
--- a/security/ossec-hids-local-config/pkg-plist-agent
+++ b/security/ossec-hids-local-config/pkg-plist-agent
@@ -1,23 +1,23 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
diff --git a/security/ossec-hids-local-config/pkg-plist-local b/security/ossec-hids-local-config/pkg-plist-local
index cf90641..24b4175 100644
--- a/security/ossec-hids-local-config/pkg-plist-local
+++ b/security/ossec-hids-local-config/pkg-plist-local
@@ -1,30 +1,30 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/rules
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/rules
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
diff --git a/security/ossec-hids-local-config/pkg-plist-server b/security/ossec-hids-local-config/pkg-plist-server
index a398f4f..bc26aef 100644
--- a/security/ossec-hids-local-config/pkg-plist-server
+++ b/security/ossec-hids-local-config/pkg-plist-server
@@ -1,39 +1,39 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/agent-conf
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/rules
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/rules
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh
index 8c7df63..6d61787 100755
--- a/security/ossec-hids-local-config/scripts/plist.sh
+++ b/security/ossec-hids-local-config/scripts/plist.sh
@@ -35,7 +35,7 @@ print_path() {
     if [ "${group}" == "${GROUP}" ]; then
         group=""
     fi
-    local mode=`stat -f "%p" "${full_path}" | tail -c 4`
+    local mode=`stat -f "%p" "${full_path}" | tail -c 5`
     echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
 }
 
-- 
cgit v1.2.3