Index: head/security/ossec-hids/Makefile =================================================================== --- head/security/ossec-hids/Makefile (revision 518342) +++ head/security/ossec-hids/Makefile (revision 518343) @@ -1,35 +1,27 @@ # $FreeBSD$ -PORTNAME= ossec-hids -PORTVERSION= 3.3.0 -PORTREVISION= 0 -CATEGORIES= security - -MAINTAINER= dominik.lisiak@bemsoft.pl -COMMENT= Security tool to monitor and check logs and intrusions - -LICENSE= GPLv2 +.include "${.CURDIR}/version.mk" RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE} USES= metaport OPTIONS_DEFINE= CONFIG OPTIONS_SINGLE= G_TYPE OPTIONS_SINGLE_G_TYPE= LOCAL AGENT SERVER OPTIONS_DEFAULT= CONFIG LOCAL CONFIG_DESC= Install configuration manager and samples G_TYPE_DESC= Installation type LOCAL_DESC= Analizes local data only (standalone) AGENT_DESC= Sends local data to the server for analysis SERVER_DESC= Analizes local data and data received from multiple agents CONFIG_VARS= RUN_DEPENDS+=ossec-hids-${OSSEC_TYPE}-config>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}-config LOCAL_VARS= OSSEC_TYPE=local AGENT_VARS= OSSEC_TYPE=agent SERVER_VARS= OSSEC_TYPE=server .include Index: head/security/ossec-hids/version.mk =================================================================== --- head/security/ossec-hids/version.mk (nonexistent) +++ head/security/ossec-hids/version.mk (revision 518343) @@ -0,0 +1,9 @@ +PORTNAME= ossec-hids +PORTVERSION= 3.5.0 +PORTREVISION?= 0 +CATEGORIES= security + +MAINTAINER= dominik.lisiak@bemsoft.pl +COMMENT?= Security tool to monitor and check logs and intrusions + +LICENSE= GPLv2 Property changes on: head/security/ossec-hids/version.mk ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/ossec-hids-agent/Makefile =================================================================== --- head/security/ossec-hids-agent/Makefile (revision 518342) +++ head/security/ossec-hids-agent/Makefile (revision 518343) @@ -1,7 +1,8 @@ # $FreeBSD$ +COMMENT= Security tool to monitor and check logs and intrusions - agent installation OSSEC_TYPE= agent MASTERDIR= ${.CURDIR}/../ossec-hids-local .include "${MASTERDIR}/Makefile" Index: head/security/ossec-hids-local/Makefile =================================================================== --- head/security/ossec-hids-local/Makefile (revision 518342) +++ head/security/ossec-hids-local/Makefile (revision 518343) @@ -1,259 +1,263 @@ # $FreeBSD$ -PORTNAME= ossec-hids -PORTVERSION= 3.3.0 -PORTREVISION= 0 -CATEGORIES= security -PKGNAMESUFFIX= -${OSSEC_TYPE} +PKGNAMESUFFIX?= -${OSSEC_TYPE} +COMMENT?= Security tool to monitor and check logs and intrusions - local (standalone) installation +OSSEC_TYPE?= local -MAINTAINER= dominik.lisiak@bemsoft.pl -COMMENT= Security tool to monitor and check logs and intrusions +.include "${.CURDIR}/../ossec-hids/version.mk" -LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE USES= compiler gmake ssl -OSSEC_TYPE?= local - .if ${OSSEC_TYPE} == local CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == agent CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-local-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == server CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-local-* .endif -LIB_DEPENDS= libpcre2-8.so:devel/pcre2 +LIB_DEPENDS= libpcre2-8.so:devel/pcre2 libevent.so:devel/libevent .if ${OSSEC_TYPE} != agent RUN_DEPENDS= expect:lang/expect .endif INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq INOTIFY_USES= pkgconfig LUA_USES= readline -MYSQL_USES= mysql +MYSQL_USE= mysql PGSQL_USES= pgsql USE_GITHUB= yes GH_ACCOUNT= ossec USE_RC_SUBR= ossec-hids USES+= shebangfix SHEBANG_FILES= active-response/ossec-pagerduty.sh .if ${OSSEC_TYPE} != agent SHEBANG_LANG= expect expect_OLD_CMD= "/usr/bin/env expect" expect_CMD= ${LOCALBASE}/bin/expect SHEBANG_FILES+= src/agentlessd/scripts/main.exp \ src/agentlessd/scripts/ssh.exp \ src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ src/agentlessd/scripts/ssh_foundry_diff \ src/agentlessd/scripts/ssh_generic_diff \ src/agentlessd/scripts/ssh_integrity_check_bsd \ src/agentlessd/scripts/ssh_integrity_check_linux \ src/agentlessd/scripts/ssh_nopass.exp \ src/agentlessd/scripts/ssh_pixconfig_diff \ src/agentlessd/scripts/sshlogin.exp \ src/agentlessd/scripts/su.exp .endif OPTIONS_SUB= yes OPTIONS_DEFINE= DOCS INOTIFY LUA .if ${OSSEC_TYPE} != agent OPTIONS_DEFINE+= PRELUDE ZEROMQ OPTIONS_RADIO= DATABASE OPTIONS_RADIO_DATABASE= MYSQL PGSQL .endif OPTIONS_DEFAULT= INOTIFY INOTIFY_DESC= Kevent based real time monitoring PRELUDE_DESC= Sensor support from Prelude SIEM ZEROMQ_DESC= ZeroMQ support (experimental) DATABASE_DESC= Database output INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema .if ${OSSEC_TYPE} == agent STRIP_FILES= agent-auth \ manage_agents \ ossec-agentd \ ossec-execd \ ossec-logcollector \ ossec-syscheckd .else STRIP_FILES= agent_control \ clear_stats \ list_agents \ manage_agents \ ossec-agentlessd \ ossec-analysisd \ ossec-authd \ ossec-csyslogd \ ossec-dbd \ ossec-execd \ ossec-logcollector \ ossec-logtest \ ossec-maild \ ossec-makelists \ ossec-monitord \ ossec-regex \ ossec-remoted \ ossec-reportd \ ossec-syscheckd \ rootcheck_control \ syscheck_control \ syscheck_update \ verify-agent-conf .endif .if defined(MAINTAINER_MODE) OSSEC_HOME= ${PREFIX}/${PORTNAME} .else OSSEC_HOME?= ${PREFIX}/${PORTNAME} .endif OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh SHARED_DIR= ${OSSEC_HOME}/etc/shared -INTERNAL_OPTS_CONF= ${OSSEC_HOME}/etc/local_internal_options.conf +SAMPLE_FILES= ${OSSEC_HOME}/etc/local_internal_options.conf \ + ${OSSEC_HOME}/active-response/bin/cloudflare-ban.sh \ + ${OSSEC_HOME}/active-response/bin/ossec-pagerduty.sh \ + ${OSSEC_HOME}/active-response/bin/ossec-slack.sh \ + ${OSSEC_HOME}/active-response/bin/ossec-tweeter.sh + .if empty(USER) USER=$$(${ID} -un) .endif .if empty(GROUP) GROUP=$$(${ID} -gn) .endif .if !defined(MAINTAINER_MODE) USER_ARGS+= OSSEC_GROUP=${GROUP} \ OSSEC_USER=${USER} \ OSSEC_USER_MAIL=${USER} \ OSSEC_USER_REM=${USER} .endif OSSEC_USER= ossec OSSEC_GROUP= ossec USERS= ${OSSEC_USER} ossecm ossecr GROUPS= ${OSSEC_GROUP} SUB_LIST+= PORTNAME=${PORTNAME} \ CATEGORY=${CATEGORIES:[1]} \ OSSEC_TYPE=${OSSEC_TYPE} \ OSSEC_HOME=${OSSEC_HOME} \ VERSION=${PORTVERSION} \ DB_TYPE=${DB_TYPE} \ DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \ OSSEC_USER=${OSSEC_USER} \ OSSEC_GROUP=${OSSEC_GROUP} \ OSSEC_RC=${OSSEC_RC} SUB_FILES= pkg-install \ pkg-deinstall \ ${PKGMSG_FILES} \ restart-ossec.sh .if defined(MAINTAINER_MODE) PLIST_SUB= OSSEC_HOME=${PORTNAME} .else PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} .endif PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} DOCSFILES= BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} PKGMESSAGE= ${WRKDIR}/pkg-message PKGMSG_FILES= message-header PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//} CFLAGS+= -I${LOCALBASE}/include INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify) INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify) OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no +.if defined(OSSEC_MAX_AGENTS) +OSSEC_ARGS+= MAXAGENTS=${OSSEC_MAX_AGENTS} +.endif .if !defined(MAINTAINER_MODE) OSSEC_ARGS+= INSTALL_CMD=install .endif BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME} INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME} .include PKGMSG_FILES+= message-firewall message-config post-patch: @${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \ -e 's|-lreadline|& ${LDFLAGS}|' \ ${WRKSRC}/src/external/lua/src/Makefile .if ${CHOSEN_COMPILER_TYPE} == gcc @${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile .endif do-build: @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build do-install: @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install post-install: - @${MV} -f ${STAGEDIR}${INTERNAL_OPTS_CONF} ${STAGEDIR}${INTERNAL_OPTS_CONF}.sample +.for file_path in ${SAMPLE_FILES} + @${MV} -f ${STAGEDIR}${file_path} ${STAGEDIR}${file_path}.sample +.endfor @${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN} @${CP} ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN} @${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN} .if defined(MAINTAINER_MODE) @${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN} .else @${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR} .endif .if ${OSSEC_TYPE} == agent . if defined(MAINTAINER_MODE) @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done . else @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done . endif .endif @${ECHO_CMD} -n > ${PKGMESSAGE} .for file_name in ${PKGMSG_FILES} @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} @${ECHO_CMD} >> ${PKGMESSAGE} .endfor .for file_name in ${STRIP_FILES} @${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name} .endfor .if defined(MAINTAINER_MODE) plist: makeplist @${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} .endif post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample post-install-MYSQL-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} post-install-PGSQL-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} .include Index: head/security/ossec-hids-local/distinfo =================================================================== --- head/security/ossec-hids-local/distinfo (revision 518342) +++ head/security/ossec-hids-local/distinfo (revision 518343) @@ -1,3 +1,3 @@ -TIMESTAMP = 1555773447 -SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197 -SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070 +TIMESTAMP = 1574094213 +SHA256 (ossec-ossec-hids-3.5.0_GH0.tar.gz) = 720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad +SIZE (ossec-ossec-hids-3.5.0_GH0.tar.gz) = 1920232 Index: head/security/ossec-hids-local/files/ossec-hids.in =================================================================== --- head/security/ossec-hids-local/files/ossec-hids.in (revision 518342) +++ head/security/ossec-hids-local/files/ossec-hids.in (revision 518343) @@ -1,548 +1,548 @@ #!/bin/sh # # PROVIDE: ossec_hids # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. # Default: NO # ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. # Default: NO # ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. # Default: NO # ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start. # Used only by agent installation. -# Default: 30 +# Default: 40 # ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration. # Used only by agent installation. # Default: 10 . /etc/rc.subr name="ossec_hids" rcvar=ossec_hids_enable load_rc_config $name : ${ossec_hids_enable="NO"} : ${ossec_hids_clear_log="NO"} : ${ossec_hids_clear_ar_log="NO"} -: ${ossec_hids_fetch_connect_time=30} +: ${ossec_hids_fetch_connect_time=40} : ${ossec_hids_fetch_read_time=10} ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" if [ -z "${ossec_hids_user}" ]; then ossec_hids_user=$(stat -f '%Su' "${ossec_home}") fi ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" ossec_conf_bin="${ossec_home}/bin/config/ossec-conf" agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_dir="${ossec_home}/etc/agent.conf.d" agent_conf_bin="${ossec_home}/bin/config/agent-conf" ossec_client_keys="${ossec_home}/etc/client.keys" ossec_ar_tmp="${ossec_home}/active-response" ossec_log="${ossec_home}/logs/ossec.log" ossec_ar_log="${ossec_home}/logs/active-responses.log" ossec_merged="${ossec_home}/etc/shared/merged.mg" ossec_local_time="/etc/localtime" ossec_resolv_conf="/etc/resolv.conf" extra_commands="help status reload ossec_conf" case ${ossec_type} in server) extra_commands="${extra_commands} agent_conf manage_agent reset_counter" ;; agent) extra_commands="${extra_commands} agent_conf manage_agent reset_counter config_profile fetch_config" ;; esac if [ -x "${ossec_conf_bin}" ]; then extra_commands="${extra_commands} merge_config" fi ossec_rc_command=$1 shift 1 help_cmd="ossec_hids_help $@" start_cmd="ossec_hids_command start $@" stop_cmd="ossec_hids_command stop $@" restart_cmd="ossec_hids_command restart $@" status_cmd="ossec_hids_command status $@" reload_cmd="ossec_hids_command reload $@" manage_agent_cmd="ossec_hids_manage_agent $@" reset_counter_cmd="ossec_hids_reset_counter $@" config_profile_cmd="ossec_hids_config_profile $@" fetch_config_cmd="ossec_hids_fetch_config $@" merge_config_cmd="ossec_hids_create_config force $@" ossec_conf_cmd="ossec_hids_ossec_conf $@" agent_conf_cmd="ossec_hids_agent_conf $@" start_precmd="ossec_hids_create_env && ossec_hids_create_config && ossec_hids_clean && ossec_hids_check" restart_precmd="${start_precmd}" reload_precmd="ossec_hids_create_env && ossec_hids_create_config" config_profile_precmd="ossec_hids_check" fetch_config_precmd="${start_precmd}" agent_ids_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'" agent_names_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*Name:[[:space:]]*([^,]+).*|\1|p'" ossec_hids_help() { local indent=" " echo "Additional commands:" echo for command in ${extra_commands}; do case ${command} in ossec_conf) echo "${command}" if [ -x "${ossec_conf_bin}" ]; then echo "${indent}Displays the \"ossec.conf\" as it would have been produced" echo "${indent}by merging files from \"ossec.conf.d\" directory." echo "${indent}Does not overwrite the actual \"ossec.conf\"." else echo "${indent}Displays the current \"ossec.conf\"." fi echo ;; agent_conf) echo "${command}" if [ -x "${agent_conf_bin}" ]; then echo "${indent}Displays the \"agent.conf\" as it would have been produced" echo "${indent}by merging files from \"agent.conf.d\" directory." echo "${indent}Does not overwrite the actual \"agent.conf\"." else echo "${indent}Displays the current \"agent.conf\"." fi echo ;; manage_agent) echo "${command} [...]" echo "${indent}Executes OSSEC Agent Manager." echo "${indent}Any additional arguments will be passed along (-h for help)." echo "${indent}Use this command to export and import agent keys." echo ;; reset_counter) case ${ossec_type} in server) echo "${command} " echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter(s)." echo "${indent}Only the counter for the given is reset." echo "${indent}If the is \"-\", then counters for all agents are reset." ;; agent) echo "${command}" echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter." ;; esac echo "${indent}Use this command on both the server and the agent to bring back connectivity." echo "${indent}The typical scenario for desynchronization of counters is one of the OSSEC" echo "${indent}instances has been restored from backup." echo "${indent}Use the following procedure:" echo "${indent}1. Reset counter on the agent." echo "${indent}2. Reset counter on the server for that specific agent." echo "${indent}3. Start the server." echo "${indent}4. Start the agent." echo ;; config_profile) echo "${command}" echo "${indent}Displays a list (i.e. union of sets) of applicable (to this agent) configuration" echo "${indent}profiles sent by the server (current \"agent.conf\") merged with configuration" echo "${indent}profiles enabled on this agent (current \"ossec.conf\"). Each entry on the list" echo "${indent}is marked with one of the following markers:" echo "${indent}(+) - The profile is sent by the server and is enabled on this agent." echo "${indent}(-) - The profile is sent by the server and is applicable for this agent, but is" echo "${indent} not enabled in the \"ossec.conf\"." echo "${indent}(?) - The profile is enabled on this agent, but is not sent by the server or is" echo "${indent} not applicable to this agent." echo ;; fetch_config) echo "${command}" echo "${indent}(Re)starts the agent with a fresh copy of server shared configuration (including" echo "${indent}\"agent.conf\"). Command can also be used to ensure server connectivity." echo ;; merge_config) echo "${command}" echo "${indent}Creates \"ossec.conf\" by merging files from \"ossec.conf.d\" directory." case ${ossec_type} in server) echo "${indent}Creates \"agent.conf\" by merging files from \"agent.conf.d\" directory." ;; esac echo "${indent}Usually you do not need to run this command, because configuration files will" echo "${indent}be merged before OSSEC startup if any of them has been modified/created/deleted" echo "${indent}since the last merging. This command, however, does merging unconditionally." echo ;; esac done echo "To avoid problems with this script and the port in general, keep your XML-like" echo "configuration pretty printed. Place element tags in single and separate lines." echo "Comments can span on multiple but still separate lines." echo "Do NOT use the following formatting:" echo echo "${indent}" echo "${indent}${indent}" echo "${indent}${indent}${indent}Some content" echo "${indent}${indent}" echo "${indent}${indent}${indent}Another content" echo "${indent}" echo echo "Use instead:" echo echo "${indent}" echo "${indent}${indent}" echo "${indent}${indent}Some content" echo "${indent}${indent}Another content" echo "${indent}" echo } ossec_hids_create_file() { local path=$1 local owner=$2 local mode=$3 if [ ! -e "${path}" ]; then touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}" fi } ossec_hids_check() { case ${ossec_type} in server) if [ ! -s "${ossec_client_keys}" ]; then echo "WARNING: There are no client keys created - remote connections will be disabled." echo fi ;; agent) if [ ! -s "${ossec_client_keys}" ]; then echo "WARNING: There are is no client key imported - connection to server not possible." echo else if [ $(eval ${agent_ids_cmd} | wc -l) -gt 1 ]; then echo "ERROR: There are multiple client keys imported - only one is allowed." echo return 1 fi fi ;; esac return 0 } ossec_hids_inline_content() { local element="$1" sed -En "s|.*<${element}>(.*).*|\1|p" } ossec_hids_remove_comments() { # Comments must be on separate lines i.e. not next to uncommented code awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' } ossec_hids_config_profile() { if [ ! -f "${ossec_conf}" ]; then echo -n "ERROR: The \"${ossec_conf}\" is missing." if [ -x "${ossec_conf_bin}" ]; then echo " Run:" echo "$(realpath $0) merge_config" else echo fi echo return 1 fi if [ ! -f "${agent_conf}" ]; then echo "ERROR: The \"${agent_conf}\" is missing. Run:" echo "$(realpath $0) fetch_config" echo return 1 fi local os="FreeBSD" local name=$(eval ${agent_names_cmd}) local server_profiles=`ossec_hids_remove_comments < "${agent_conf}" | sed -En \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ -e "s|.*.*|\1|p" \ | sort -u` local agent_profiles=$(ossec_hids_remove_comments < "${ossec_conf}" | ossec_hids_inline_content "config-profile" | sed -E 's|[[:space:]]*,[[:space:]]*| |g') local output="" for server_profile in ${server_profiles}; do local matching_profile="" for agent_profile in ${agent_profiles}; do if [ "${agent_profile}" == "${server_profile}" ]; then matching_profile="${agent_profile}" break fi done if [ -n "${matching_profile}" ]; then output="${output}(+) ${server_profile} " else output="${output}(-) ${server_profile} " fi done for agent_profile in ${agent_profiles}; do local matching_profile="" for server_profile in ${server_profiles}; do if [ "${server_profile}" == "${agent_profile}" ]; then matching_profile="${server_profile}" break fi done if [ -z "${matching_profile}" ]; then output="${output}(?) ${agent_profile} " fi done echo -n "${output}" | sort -k 2 } ossec_hids_config_is_outdated() { local dst_file="$1" local src_dir="$2" if [ ! -e "${dst_file}" ]; then return 0 fi if [ "${src_dir}" -nt "${dst_file}" ]; then return 0 fi for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do if [ "${src_file}" -nt "${dst_file}" ]; then return 0 fi done return 1 } ossec_hids_create_config() { case ${ossec_type} in server) if [ -x "${agent_conf_bin}" ]; then # Merge agent.conf.d files into agent.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then ossec_hids_create_file "${agent_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640 "${agent_conf_bin}" > "${agent_conf}" fi fi ;; esac if [ -x "${ossec_conf_bin}" ]; then # Merge ossec.conf.d files into ossec.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then ossec_hids_create_file "${ossec_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640 "${ossec_conf_bin}" > "${ossec_conf}" fi fi return 0 } ossec_hids_create_env() { # Copy required files from outside of home directory if [ ! -e "${ossec_local_time}" ]; then echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"." echo return 1 fi if [ ! -e "${ossec_resolv_conf}" ]; then echo "ERROR: Missing \"${ossec_resolv_conf}\"." echo return 1 fi install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_resolv_conf}" "${ossec_home}${ossec_resolv_conf}" return 0 } ossec_hids_clean() { if [ "${ossec_type}" == "server" ]; then rm -f "${ossec_merged}" fi if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then echo -n > "${ossec_log}" fi if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then echo -n > "${ossec_ar_log}" fi return 0 } ossec_hids_reset_counter() { local agent_name="$1" ossec_hids_command stop sleep 1 echo case ${ossec_type} in server) if [ -z "${agent_name}" ]; then echo "ERROR: Specify agent name to reset counter for this agent or \"-\" to reset counters for all agents." echo return 1 fi local agent_counter=0 if [ "${agent_name}" == "-" ]; then for agent_id in $(eval ${agent_ids_cmd}); do if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) fi done else local agent_id=`${ossec_home}/bin/manage_agents -l | sed -En -e "s|.*ID:[[:space:]]*([[:digit:]]+),[[:space:]]*Name:[[:space:]]${agent_name},.*|\1|p"` if [ -n "${agent_id}" ]; then if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) fi fi fi echo "Removed ${agent_counter} counter(s)." echo ;; agent) local agent_counter=0 for agent_id in $(eval ${agent_ids_cmd}); do # Should be executed only once if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) fi done echo "Removed ${agent_counter} counter(s)." echo ;; esac return 0 } ossec_hids_fetch_config() { ossec_hids_command stop sleep 1 echo rm -f "${ossec_merged}" ossec_hids_command start || return 1 echo echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start." sleep ${ossec_hids_fetch_connect_time} if [ ! -s "${ossec_merged}" ]; then echo "ERROR: Failed to download shared configuration from the OSSEC server." echo local ossec_log_tail=$(tail "${ossec_log}") echo "Portion of the \"${ossec_log}\":" echo "${ossec_log_tail}" echo if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then echo "Check if your configuration contains the correct server address in \"server-ip\" option." echo else local ossec_rc_path="$(realpath $0)" echo "Is the imported agent key correct? To import it run:" echo "${ossec_rc_path} manage_agent" echo echo "If you are certain the imported agent key is correct, then run:" echo "${ossec_rc_path} reset_counter" echo "${ossec_rc_path} fetch_config" echo echo "If this does't help, you need to reset counter on the server." echo "If the server runs FreeBSD port of OSSEC, run:" echo "On the agent:" echo "${ossec_rc_path} reset_counter" echo "On the server:" echo "${ossec_rc_path} reset_counter $(eval ${agent_names_cmd})" echo "${ossec_rc_path} start" echo "On the agent:" echo "${ossec_rc_path} fetch_config" echo fi ossec_hids_command stop return 1 else # The download has started while true; do local current_time=$(date +%s) local modification_time=$(stat -f %m "${ossec_merged}") if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then echo "Download finished." echo ossec_hids_command restart || return 1 break; else echo "Download in progress..." sleep ${ossec_hids_fetch_read_time} fi done fi return 0 } ossec_hids_ossec_conf() { if [ -x "${ossec_conf_bin}" ]; then "${ossec_conf_bin}" elif [ -f "${ossec_conf}" ]; then cat "${ossec_conf}" fi } ossec_hids_agent_conf() { if [ -x "${agent_conf_bin}" ]; then "${agent_conf_bin}" elif [ -f "${agent_conf}" ]; then cat "${agent_conf}" fi } ossec_hids_manage_agent() { "${ossec_home}/bin/manage_agents" $@ return $? } ossec_hids_command() { "${ossec_home}/bin/ossec-control" $1 return $? } run_rc_command "${ossec_rc_command}" Index: head/security/ossec-hids-local/pkg-plist-agent =================================================================== --- head/security/ossec-hids-local/pkg-plist-agent (revision 518342) +++ head/security/ossec-hids-local/pkg-plist-agent (revision 518343) @@ -1,81 +1,82 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent-auth @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/util.sh @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac Index: head/security/ossec-hids-local/pkg-plist-local =================================================================== --- head/security/ossec-hids-local/pkg-plist-local (revision 518342) +++ head/security/ossec-hids-local/pkg-plist-local (revision 518343) @@ -1,208 +1,209 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,ossec,0550) %%OSSEC_HOME%%/agentless @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent_control @(,,0550) %%OSSEC_HOME%%/bin/clear_stats @(,,0550) %%OSSEC_HOME%%/bin/list_agents @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update @(,,0550) %%OSSEC_HOME%%/bin/util.sh @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/rules @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema Index: head/security/ossec-hids-local/pkg-plist-server =================================================================== --- head/security/ossec-hids-local/pkg-plist-server (revision 518342) +++ head/security/ossec-hids-local/pkg-plist-server (revision 518343) @@ -1,208 +1,209 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample +@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,ossec,0550) %%OSSEC_HOME%%/agentless @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent_control @(,,0550) %%OSSEC_HOME%%/bin/clear_stats @(,,0550) %%OSSEC_HOME%%/bin/list_agents @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update @(,,0550) %%OSSEC_HOME%%/bin/util.sh @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/rules @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema Index: head/security/ossec-hids-local/scripts/plist.conf =================================================================== --- head/security/ossec-hids-local/scripts/plist.conf (revision 518342) +++ head/security/ossec-hids-local/scripts/plist.conf (revision 518343) @@ -1,30 +1,34 @@ #!/bin/sh fixed_lines=" %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac" if [ "${OSSEC_TYPE}" != "agent" ]; then fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema" fi skip_lines=" %%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" skip_paths=" /etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua" if [ "${OSSEC_TYPE}" = "agent" ]; then skip_paths="${skip_paths} /rules /agentless /.ssh" fi sample_paths=" -/etc/local_internal_options.conf.sample" +/etc/local_internal_options.conf.sample +/active-response/bin/cloudflare-ban.sh.sample +/active-response/bin/ossec-pagerduty.sh.sample +/active-response/bin/ossec-slack.sh.sample +/active-response/bin/ossec-tweeter.sh.sample" Index: head/security/ossec-hids-local-config/distinfo =================================================================== --- head/security/ossec-hids-local-config/distinfo (revision 518342) +++ head/security/ossec-hids-local-config/distinfo (nonexistent) @@ -1,3 +0,0 @@ -TIMESTAMP = 1555773476 -SHA256 (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 34fac7664548ddfeea96cb0567df4eda7515cc107625eb25315a5c3522954197 -SIZE (ossec-ossec-hids-3.3.0_GH0.tar.gz) = 1900070 Property changes on: head/security/ossec-hids-local-config/distinfo ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/ossec-hids-local-config/Makefile =================================================================== --- head/security/ossec-hids-local-config/Makefile (revision 518342) +++ head/security/ossec-hids-local-config/Makefile (revision 518343) @@ -1,462 +1,456 @@ # $FreeBSD$ -PORTNAME= ossec-hids -PORTVERSION= 3.3.0 -PORTREVISION= 0 -CATEGORIES= security -PKGNAMESUFFIX= -${OSSEC_TYPE}-config - -MAINTAINER= dominik.lisiak@bemsoft.pl -COMMENT= Configuration manager for ossec-hids - -LICENSE= GPLv2 - +PKGNAMESUFFIX?= -${OSSEC_TYPE}-config +COMMENT?= Configuration manager for ossec-hids-${OSSEC_TYPE} OSSEC_TYPE?= local +.include "${.CURDIR}/../ossec-hids/version.mk" + MASTERDIR?= ${.CURDIR} +DISTINFO_FILE?= ${MASTERDIR}/../ossec-hids-local/distinfo .if ${OSSEC_TYPE} == local CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == agent CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-local-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == server CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-local-* .endif .if !defined(MAINTAINER_MODE) RUN_DEPENDS= ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE} .endif .if defined(MAINTAINER_MODE) USE_GITHUB= yes GH_ACCOUNT= ossec .else MASTER_SITES= # DISTFILES= # EXTRACT_ONLY= # .endif NO_BUILD= yes NO_ARCH= yes OPTIONS_SUB= yes OPTIONS_SINGLE= FIREWALL OPTIONS_SINGLE_FIREWALL= NOFW IPF IPFW PF OPTIONS_DEFAULT+= NOFW FIREWALL_DESC= Active Response Firewall PF_DESC= Packet Filter IPFW_DESC= ipfirewall IPF_DESC= ipfilter NOFW_DESC= Custom or no firewall TEMPL_ENABLED_HEADER= template-header-enabled.xml TEMPL_DISABLED_HEADER= template-header-disabled.xml TEMPL_SAMPLE_HEADER= template-header-sample.xml TEMPL_PUSHED_ENABLED_HEADER= ${TEMPL_ENABLED_HEADER} TEMPL_PUSHED_DISABLED_HEADER= ${TEMPL_DISABLED_HEADER} TEMPL_SAMPLE= template-sample-${OSSEC_TYPE}.xml TEMPL_SAMPLE_DB= template-sample-database.xml PF_VARS= FW_DROP=pf.sh PKGMSG_FILES+=message-pf IPFW_VARS= FW_DROP=ipfw.sh IPF_VARS= FW_DROP=ipfilter.sh NOFW_VARS= FW_DROP= .if defined(MAINTAINER_MODE) OSSEC_HOME= ${PREFIX}/${PORTNAME} .else OSSEC_HOME?= ${PREFIX}/${PORTNAME} .endif OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids TEMPL_TO_OSSEC= ${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME} TEMPL_TO_AGENT= ${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME} OSSEC_DIR= ${STAGEDIR}${OSSEC_HOME} BIN_DIR= ${OSSEC_DIR}/bin CONF_BIN_DIR= ${BIN_DIR}/config OSSEC_CONF_BIN= ${CONF_BIN_DIR}/ossec-conf AGENT_CONF_BIN= ${CONF_BIN_DIR}/agent-conf COMMAND_BIN_DIR= ${BIN_DIR}/command AR_BIN_DIR= ${OSSEC_DIR}/active-response/bin MERGE_CONFIG_BIN= ${AR_BIN_DIR}/merge-config.sh ETC_DIR= ${OSSEC_DIR}/etc OSSEC_CONF_DIR= ${ETC_DIR}/ossec.conf.d AGENT_CONF_DIR= ${ETC_DIR}/agent.conf.d OSSEC_LOCAL_CONF_DIR= ${OSSEC_CONF_DIR}/disabled AGENT_LOCAL_CONF_DIR= ${AGENT_CONF_DIR}/disabled OSSEC_SAMPLE_CONF= ${OSSEC_CONF_DIR}/900.local.conf.sample COMMAND_CONF_DIR= ${ETC_DIR} COMMAND_CONF= ${COMMAND_CONF_DIR}/command.conf.sample RULES_DIR= ${OSSEC_DIR}/rules .if empty(USER) USER=$$(${ID} -un) .endif .if empty(GROUP) GROUP=$$(${ID} -gn) .endif OSSEC_USER= ossec OSSEC_GROUP= ossec SUB_LIST+= PORTNAME=${PORTNAME} \ OSSEC_TYPE=${OSSEC_TYPE} \ OSSEC_HOME=${OSSEC_HOME} \ VERSION=${PORTVERSION} \ USER=${USER} \ OSSEC_USER=${OSSEC_USER} \ OSSEC_GROUP=${OSSEC_GROUP} \ OSSEC_RC=${OSSEC_RC} \ FW_DROP=${FW_DROP} SUB_FILES= pkg-install \ pkg-deinstall \ ${PKGMSG_FILES} \ ${TEMPL_ENABLED_HEADER} \ ${TEMPL_DISABLED_HEADER} \ ${TEMPL_SAMPLE_HEADER} \ ${TEMPL_PUSHED_ENABLED_HEADER} \ ${TEMPL_PUSHED_DISABLED_HEADER} \ ${TEMPL_SAMPLE} \ merge-config.sh \ ossec-conf \ command.conf .if ${OSSEC_TYPE} == server SUB_FILES+= agent-conf .endif .if defined(MAINTAINER_MODE) PLIST_SUB= OSSEC_HOME=${PORTNAME} .else PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} .endif PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} PKGMESSAGE= ${WRKDIR}/pkg-message PKGMSG_FILES= message-ossec-conf .if ${OSSEC_TYPE} == server PKGMSG_FILES+= message-agent-conf .endif CONF_GROUPS= RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS ############################################################ .for conf_group in ${CONF_GROUPS} . include "${MASTERDIR}/opt-${conf_group:tl}.mk" ${conf_group}_INSTANCE_OPTIONS= ${conf_group}_PUSHED_OPTIONS= . for option in ${${conf_group}_OPTIONS} . if ${${option}_DEFINE:M${OSSEC_TYPE}} ${conf_group}_INSTANCE_OPTIONS+= ${option} ${conf_group}_ALL_OPTIONS+= ${option} . endif . if ${${option}_DEFINE:Mpushed} . if ${OSSEC_TYPE} == server ${conf_group}_PUSHED_OPTIONS+= ${option} . endif . if !${${conf_group}_ALL_OPTIONS:M${option}} ${conf_group}_ALL_OPTIONS+= ${option} . endif . endif . endfor .endfor ############################################################ CONFIG_PROFILES= .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_PROFILE) . if ${OSSEC_TYPE} == agent . if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}} CONFIG_PROFILES+= ${${conf_group}_PROFILE} . endif . endif SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE} . endif . for option in ${${conf_group}_ALL_OPTIONS} . if !empty(${option}_PROFILE) . if ${OSSEC_TYPE} == agent . if !${CONFIG_PROFILES:M${${option}_PROFILE}} CONFIG_PROFILES+= ${${option}_PROFILE} . endif . endif SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE} . endif . endfor .endfor .for profile in ${CONFIG_PROFILES} . if empty(CONFIG_PROFILE_VALUE) CONFIG_PROFILE_VALUE:= ${profile} . else CONFIG_PROFILE_VALUE:= ${CONFIG_PROFILE_VALUE}, ${profile} . endif .endfor SUB_LIST+= CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}" ############################################################ .for conf_group in ${CONF_GROUPS} . for option in ${${conf_group}_ALL_OPTIONS} . if !defined(${option}_TEMPLATE) ${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml . endif . if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}} SUB_FILES+= ${${option}_TEMPLATE} . endif . endfor .endfor .for file_name in ${RULES_FILES} SUB_FILES+= rules-${file_name}.xml .endfor .for file_name in ${CMDOUT_SCRIPTS} SUB_FILES+= command-${file_name}.sh .endfor ############################################################ .for conf_group in ${CONF_GROUPS} . for option in ${${conf_group}_INSTANCE_OPTIONS} . if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} ${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} ${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} . elif !empty(${option}_OPTION) OPTIONS_GROUP_G_${conf_group}+= ${${option}_OPTION} ${${option}_OPTION}_DESC= ${${option}_DESC} . if ${${option}_DEFAULT:M${OSSEC_TYPE}} OPTIONS_DEFAULT+= ${${option}_OPTION} . endif ${${option}_OPTION}_VARS+= ${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option} ${${option}_OPTION}_VARS_OFF+= ${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option} . endif . endfor . if !empty(OPTIONS_GROUP_G_${conf_group}) OPTIONS_GROUP+= G_${conf_group} G_${conf_group}_DESC= ${${conf_group}_DESC} . endif .endfor ############################################################ .for conf_group in ${CONF_GROUPS} . for option in ${${conf_group}_PUSHED_OPTIONS} . if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}} ${${${option}_DEPENDS}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} ${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} . elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}} ${${${option}_DEPENDS}_OPTION}_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} ${${${option}_DEPENDS}_OPTION}_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} . elif !empty(${option}_OPTION) OPTIONS_GROUP_G_${conf_group}_P+= ${${option}_OPTION}_P ${${option}_OPTION}_P_DESC= ${${option}_DESC} . if !empty(${option}_PROFILE) ${${option}_OPTION}_P_DESC+= (profile: ${${option}_PROFILE}) . endif . if ${${option}_DEFAULT:Mpushed} OPTIONS_DEFAULT+= ${${option}_OPTION}_P . endif ${${option}_OPTION}_P_VARS+= ${conf_group}_PUSHED_OPTIONS_ENABLED+=${option} ${${option}_OPTION}_P_VARS_OFF+= ${conf_group}_PUSHED_OPTIONS_DISABLED+=${option} . endif . endfor . if !empty(OPTIONS_GROUP_G_${conf_group}_P) OPTIONS_GROUP+= G_${conf_group}_P G_${conf_group}_P_DESC= Pushed ${${conf_group}_DESC} . if !empty(${conf_group}_PROFILE) G_${conf_group}_P_DESC+= (profile: ${${conf_group}_PROFILE}) . endif . endif .endfor ############################################################ .include show-opts: .for conf_group in ${CONF_GROUPS} @${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}" . for option in ${${conf_group}_INSTANCE_OPTIONS} @${ECHO_CMD} " ${option}: ${${option}_DESC}" . if empty(${option}_TEMPLATE) @${ECHO_CMD} " Template: -" . else @${ECHO_CMD} " Template: ${${option}_TEMPLATE}" . endif . if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} @${ECHO_CMD} " Enabled: true" . endif . if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} @${ECHO_CMD} " Enabled: false" . endif . if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} @${ECHO_CMD} " Pushed: true" . endif . if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} @${ECHO_CMD} " Pushed: false" . endif . endfor .endfor pre-install: @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \ ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \ ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} @-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \ ${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \ ${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB} ossec-dirs: @${MKDIR} ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR} .if ${OSSEC_TYPE} != agent @${MKDIR} ${RULES_DIR} .endif .if ${OSSEC_TYPE} == server @${MKDIR} ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} .endif ossec-scripts: @${CP} ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN} .if ${OSSEC_TYPE} == server @${CP} ${WRKDIR}/agent-conf ${AGENT_CONF_BIN} .endif .for file_name in ${CMDOUT_SCRIPTS} @${CP} ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh .endfor @${CP} ${WRKDIR}/command.conf ${COMMAND_CONF} @${CP} ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN} ossec-rules: .if ${OSSEC_TYPE} != agent . for file_name in ${RULES_FILES} @${SED} -e 's|||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml . endfor .endif ossec-conf-managed: .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_INSTANCE_OPTIONS) @${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} . if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) . for option in ${${conf_group}_INSTANCE_OPTIONS} . if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} . if !empty(${option}_TEMPLATE) @${ECHO_CMD} "" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} . endif . endif . endfor . endif . endif .endfor ossec-conf-local: .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_INSTANCE_OPTIONS) @${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) . for option in ${${conf_group}_INSTANCE_OPTIONS} . if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} . if !empty(${option}_TEMPLATE) @${ECHO_CMD} "" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . endif . endif . endfor . endif . endif .endfor ossec-conf-sample: @${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF} @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} @${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF} @${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} @-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \ ${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \ ${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF} agent-conf-managed: .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_PUSHED_OPTIONS) @${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} . if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) . for option in ${${conf_group}_PUSHED_OPTIONS} . if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} . if !empty(${option}_TEMPLATE) @${ECHO_CMD} "" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} . endif . endif . endfor . endif . endif .endfor agent-conf-local: .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_PUSHED_OPTIONS) @${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) . for option in ${${conf_group}_PUSHED_OPTIONS} . if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} . if !empty(${option}_TEMPLATE) @${ECHO_CMD} "" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . endif . endif . endfor . endif . endif .endfor do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local ossec-permissions: .if defined(MAINTAINER_MODE) @${CHMOD} -R 550 ${OSSEC_DIR} @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_LOCAL_CONF_DIR}/* ${OSSEC_CONF_DIR}/* @${CHMOD} 550 ${OSSEC_LOCAL_CONF_DIR} ${OSSEC_CONF_DIR} . if ${OSSEC_TYPE} != agent @${CHMOD} 640 ${RULES_DIR}/* . endif . if ${OSSEC_TYPE} == server @${CHMOD} 640 ${AGENT_LOCAL_CONF_DIR}/* ${AGENT_CONF_DIR}/* @${CHMOD} 550 ${AGENT_LOCAL_CONF_DIR} ${AGENT_CONF_DIR} . endif @${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR} @${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR} .endif post-install: ossec-permissions @${ECHO_CMD} -n > ${PKGMESSAGE} .for file_name in ${PKGMSG_FILES} @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} @${ECHO_CMD} >> ${PKGMESSAGE} .endfor .if defined(MAINTAINER_MODE) plist: makeplist @${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} rules: extract @${SH} ${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC} .endif .include Index: head/security/ossec-hids-server/Makefile =================================================================== --- head/security/ossec-hids-server/Makefile (revision 518342) +++ head/security/ossec-hids-server/Makefile (revision 518343) @@ -1,7 +1,8 @@ # $FreeBSD$ +COMMENT= Security tool to monitor and check logs and intrusions - server installation OSSEC_TYPE= server MASTERDIR= ${.CURDIR}/../ossec-hids-local .include "${MASTERDIR}/Makefile"