add ports for Samhain Intrusion Detection System

Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).

Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.

PR:		214623
Submitted by:	Nikola Kolev <koue@chaosophia.net>

13 files changed, 354 insertions, 2 deletions

diff --git a/GIDs b/GIDs
index c1c7ca5c18ca..12e6bd2b15e7 100644
--- a/GIDs
+++ b/GIDs
@@ -107,7 +107,7 @@ octoprint:*:162:
 _iked:*:163:
 lightdm:*:164:
 uwsgi:*:165:
-# free: 166
+yule:*:166:
 # free: 167
 # free: 168
 # free: 169
diff --git a/UIDs b/UIDs
index 03734fd842b1..55defc0fc613 100644
--- a/UIDs
+++ b/UIDs
@@ -112,7 +112,7 @@ octoprint:*:162:162::0:0:OctoPrint Daemon:/usr/local/octoprint:/usr/sbin/nologin
 _iked:*:163:163::0:0:IKEv2 Daemon:/var/empty:/usr/sbin/nologin
 lightdm:*:164:164::0:0:Light Display Manager:/var/lib/lightdm-data:/usr/sbin/nologin
 uwsgi:*:165:165::0:0:uwsgi Daemon:/nonexistent:/usr/sbin/nologin
-# free: 166
+yule:*:166:166::0:0:Samhain Daemon:/nonexistent:/usr/sbin/nologin
 # free: 167
 # free: 168
 # free: 169
diff --git a/security/Makefile b/security/Makefile
index 8ae7984a105b..fbd754adffa2 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1064,6 +1064,9 @@
     SUBDIR += s2n
     SUBDIR += safesh
     SUBDIR += samba-virusfilter
+    SUBDIR += samhain
+    SUBDIR += samhain-client
+    SUBDIR += samhain-server
     SUBDIR += sancp
     SUBDIR += sasp
     SUBDIR += scamp
diff --git a/security/samhain-client/Makefile b/security/samhain-client/Makefile
new file mode 100644
index 000000000000..e4e9841a1f78
--- /dev/null
+++ b/security/samhain-client/Makefile
@@ -0,0 +1,12 @@
+# Created by: Nikola Kolev <koue@chaosophia.net>
+# $FreeBSD$
+
+PKGNAMESUFFIX=	-client
+
+COMMENT=	Client daemon for the Samhain IDS
+
+WITH_CLIENT=	yes
+
+MASTERDIR=	${.CURDIR}/../samhain
+
+.include "${MASTERDIR}/Makefile"
diff --git a/security/samhain-server/Makefile b/security/samhain-server/Makefile
new file mode 100644
index 000000000000..46dde6d242d5
--- /dev/null
+++ b/security/samhain-server/Makefile
@@ -0,0 +1,20 @@
+# Created by: Nikola Kolev <koue@chaosophia.net>
+# $FreeBSD$
+
+# This port recognizes the following non-boolean tunables:
+#
+# WITH_RUNAS_USER:
+#       Whe building with "WITH_SERVER" defined, the username of the
+#       account Yule will run as. Defaults to "yule". If using
+#       WITH_GNUPG, ensure that this user exists and has a pgp
+#       keypair before installing.
+
+PKGNAMESUFFIX=	-server
+
+COMMENT=	Log server for the Samhain IDS
+
+WITH_SERVER=	yes
+
+MASTERDIR=	${.CURDIR}/../samhain
+
+.include "${MASTERDIR}/Makefile"
diff --git a/security/samhain/Makefile b/security/samhain/Makefile
new file mode 100644
index 000000000000..33cd4a143697
--- /dev/null
+++ b/security/samhain/Makefile
@@ -0,0 +1,220 @@
+# Created by: Nikola Kolev <koue@chaosophia.net>
+# $FreeBSD$
+
+PORTNAME=	samhain
+PORTVERSION=	4.2.0
+CATEGORIES=	security
+MASTER_SITES=	http://la-samhna.de/archive/
+DISTNAME=	samhain_signed-${PORTVERSION}
+
+MAINTAINER=	koue@chaosophia.net
+COMMENT=	Samhain Intrusion Detection System
+
+LICENSE=	GPLv2
+
+OPTIONS_DEFINE=	ASM DB_RELOAD DEBUG DNMALLOC ENCRYPT GNUPG IPV6 KCHECK LIBWRAP \
+		LOGFILE_MONITOR LOGIN_WATCH MAIL MOUNTS_CHECK MYSQL ODBC PGSQL \
+		PORT_CHECK PROCESS_CHECK POSIX_ACL PRELUDE PTRACE SRP STATIC \
+		SUIDCHECK UDP USERFILES XML_LOGS
+OPTIONS_DEFAULT=ASM DNMALLOC ENCRYPT IPV6 LIBWRAP MAIL SRP
+
+DB_RELOAD_DESC=	Enable database reload on SIGHUP
+DNMALLOC_DESC=	Enable dnmalloc
+ENCRYPT_DESC=	Enable client/server encryption
+KCHECK_DESC=	Enable rogue KLD detection
+LOGFILE_MONITOR_DESC=	Enable monitor logfiles
+LOGIN_WATCH_DESC=	Enable watch for login/logout
+MAIL_DESC=	Enable internal SMTP mailer
+MOUNTS_CHECK_DESC=	Enable check mount options on filesystems
+PORT_CHECK_DESC=	Enable check ports
+PROCESS_CHECK_DESC=	Enable check processes
+POSIX_ACL_DESC=	Enable check posix acls
+PRELUDE_DESC=	Enable Prelude Framework support
+PTRACE_DESC=	Enable use anti-debugger options
+SRP_DESC=	Enable SRP for authentication
+SUIDCHECK_DESC=	Enable check for suid/sgid files
+UDP_DESC=	Enable UDP server
+USERFILES_DESC=	Enable check for users config files
+XML_LOGS_DESC=	Enable XML-formatted logs
+
+OPTIONS_SUB=	yes
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir=/var \
+		--with-logserver=true \
+		--with-altlogserver=true \
+		--with-timeserver=true \
+		--with-alttimeserver=true
+
+USES=			shebangfix
+SHEBANG_FILES=		scripts/samhainadmin.pl.in
+
+ASM_CONFIGURE_ENABLE=		asm
+
+DB_RELOAD_CONFIGURE_ENABLE=	db-reload
+
+DEBUG_CONFIGURE_ENABLE=		debug
+
+DNMALLOC_CONFIGURE_ENABLE=	dnmalloc
+
+ENCRYPT_CONFIGURE_ENABLE=	encrypt
+
+GNUPG_CONFIGURE_WITH=		gpg=${PREFIX}/bin/gpg
+GNUPG_BUILD_DEPENDS=		gpg:${PORTSDIR}/security/gnupg
+
+IPV6_CONFIGURE_ENABLE=		ipv6
+
+KCHECK_CONFIGURE_WITH=		kcheck
+
+LIBWRAP_CONFIGURE_WITH=		libwrap
+
+LOGFILE_MONITOR_CONFIGURE_ENABLE=	logfile-monitor
+
+LOGIN_WATCH_CONFIGURE_ENABLE=	login-watch
+
+MAIL_CONFIGURE_ENABLE=		mail
+
+MOUNTS_CHECK_CONFIGURE_ENABLE=	mounts-check
+
+MYSQL_USES=			mysql
+MYSQL_CONFIGURE_ARGS=		--with-database=mysql
+
+ODBC_CONFIGURE_ARGS=		--with-database=odbc
+ODBC_LIB_DEPENDS=		libodbc.so:databases/unixODBC
+
+PGSQL_USES=			pgsql
+PGSQL_CONFIGURE_ARGS=		--with-database=postgresql
+
+PORT_CHECK_CONFIGURE_ENABLE=	port-check
+
+PROCESS_CHECK_CONFIGURE_ENABLE=	process-check
+
+POSIX_ACL_CONFIGURE_ENABLE=	posix-acl
+
+PRELUDE_LIB_DEPENDS=		prelude:${PORTSDIR}/security/libprelude
+PRELUDE_CONFIGURE_WITH=		prelude
+
+PTRACE_CONFIGURE_ENABLE=	ptrace
+
+SRP_CONFIGURE_ENABLE=		srp
+
+STATIC_CONFIGURE_ENABLE=	static
+
+SUIDCHECK_CONFIGURE_ENABLE=	suidcheck
+
+UDP_CONFIGURE_ENABLE=		udp
+
+USERFILES_CONFIGURE_ENABLE=	userfiles
+
+XML_LOGS_CONFIGURE_ENABLE=	xml-log
+
+.include <bsd.port.pre.mk>
+
+.if ${ARCH} == "amd64"
+CFLAGS+=	-fPIC
+.endif
+
+.if defined(WITH_RUNAS_USER)
+CONFIGURE_ARGS+=	--enable-identity=${WITH_RUNAS_USER}
+.else
+CONFIGURE_ARGS+=	--enable-identity=yule
+.endif
+
+.if defined(WITH_CLIENT)
+CONFIGURE_ARGS+=	--enable-network=client \
+			--with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
+			--with-config-file=REQ_FROM_SERVER
+PLIST_SUB+=		SAMHAIN="" SETPWD="" YULE="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixsamhainrc.patch
+MAN5+=			samhainrc.5
+MAN8+=			samhain.8
+.elif defined(WITH_SERVER)
+USERS=			yule
+GROUPS=			yule
+CONFIGURE_ARGS+=	--enable-network=server
+SUB_LIST+=		WITH_YULE="yes"
+PLIST_SUB+=		YULE="" SAMHAIN="@comment " SETPWD="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixyulerc.patch
+MAN5+=			yulerc.5
+MAN8+=			yule.8
+.else
+SUB_LIST+=		WITH_YULE=""
+PLIST_SUB+=		SAMHAIN="" YULE="@comment " SETPWD="@comment "
+EXTRA_PATCHES+=		${FILESDIR}/fixsamhainrc.patch
+MAN5+=			samhainrc.5
+MAN8+=			samhain.8
+.endif
+
+pre-everything::
+
+.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
+	@${ECHO_MSG}
+	@${ECHO_MSG} "Building Samhain in standalone mode."
+	@${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
+	@${ECHO_MSG} "now, and build samhain from the samhain-client and"
+	@${ECHO_MSG} "samhain-server ports."
+	@${ECHO_MSG}
+.endif
+
+.if defined(WITH_CLIENT) && defined(WITH_SERVER)
+IGNORE=		can't build client and server at once
+.endif
+
+.if ${PORT_OPTIONS:MKCHECK}
+	@${ECHO_MSG}
+	@${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
+	@${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit"
+	@${ECHO_MSG} "Control-C and restart the build as root."
+	@${ECHO_MSG}
+.endif
+
+.if ${PORT_OPTIONS:MMYSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE=		xml logging is required to log to MySQL
+.endif
+
+.if ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MXML_LOGS}
+IGNORE=		xml logging is required to log to Postgres
+.endif
+
+post-extract:
+	@${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
+	@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
+
+post-install:
+.if !defined(WITH_SERVER)
+	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/samhain.sh
+	@${CP} ${WRKSRC}/samhainrc ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+	@${CHGRP} wheel ${STAGEDIR}${PREFIX}/etc/samhainrc.sample
+.else
+	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/yule.sh
+	@${CP} ${WRKSRC}/yulerc ${STAGEDIR}${PREFIX}/etc/yulerc.sample
+.endif
+	${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_4.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/README ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${STAGEDIR}${DOCSDIR}
+
+post-stage:
+.if !defined(WITH_SERVER)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain
+.endif
+.if defined(WITH_CLIENT)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain_setpwd
+.endif
+.if defined(WITH_SERVER)
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yulectl
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule_setpwd
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/security/samhain/distinfo b/security/samhain/distinfo
new file mode 100644
index 000000000000..0581b70b19e7
--- /dev/null
+++ b/security/samhain/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1479294621
+SHA256 (samhain_signed-4.2.0.tar.gz) = 6b2db91fc92b3a9fc2edcc6ee16438156753c05f69c114856289e9f25ba0e50a
+SIZE (samhain_signed-4.2.0.tar.gz) = 2134438
diff --git a/security/samhain/files/fixsamhainrc.patch b/security/samhain/files/fixsamhainrc.patch
new file mode 100644
index 000000000000..eed29c37b062
--- /dev/null
+++ b/security/samhain/files/fixsamhainrc.patch
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in	Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in	Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+ 
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/samhainrc.sample
+ 
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
diff --git a/security/samhain/files/fixyulerc.patch b/security/samhain/files/fixyulerc.patch
new file mode 100644
index 000000000000..4686e725915e
--- /dev/null
+++ b/security/samhain/files/fixyulerc.patch
@@ -0,0 +1,11 @@
+--- samhain-install.sh.in	Wed Jan 15 16:51:57 2003
++++ samhain-install.sh.in	Wed Jan 15 16:52:10 2003
+@@ -13,7 +13,7 @@
+ mandir=@mandir@
+ 
+ sysconfdir=@sysconfdir@
+-configfile=@myconffile@
++configfile=/usr/local/etc/yulerc.sample
+ 
+ pid_file=@mylockfile@
+ pid_dir=@mylockdir@
diff --git a/security/samhain/files/patch-config.h.in b/security/samhain/files/patch-config.h.in
new file mode 100644
index 000000000000..74aec07c1649
--- /dev/null
+++ b/security/samhain/files/patch-config.h.in
@@ -0,0 +1,15 @@
+--- config.h.in.orig	2016-11-16 12:14:22 UTC
++++ config.h.in
+@@ -349,7 +349,11 @@
+ #undef HAVE_UINT64_T
+ 
+ /* Define if you have utmpx.h.                */
+-#undef HAVE_UTMPX_H
++#define HAVE_UTMPX_H
++
++#define UTMPX_FILE "/var/log/utx.active"
++
++#define WTMPX_FILE "/var/log/utx.log"
+ 
+ /* Define if your struct utmpx has ut_xtime.  */
+ #undef HAVE_UTXTIME
diff --git a/security/samhain/pkg-descr b/security/samhain/pkg-descr
new file mode 100644
index 000000000000..c2bde195e8f5
--- /dev/null
+++ b/security/samhain/pkg-descr
@@ -0,0 +1,12 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+Samhain can optionally be used as client/server system to provide
+centralized monitoring for multiple host. Logging to a (MySQL or
+PostgreSQL) database is supported.
+
+WWW: http://la-samhna.de/samhain/
diff --git a/security/samhain/pkg-message b/security/samhain/pkg-message
new file mode 100644
index 000000000000..75a2751de0f0
--- /dev/null
+++ b/security/samhain/pkg-message
@@ -0,0 +1,14 @@
+
+###############################################################
+
+To start the samhain daemon at system boot, add:
+
+samhain_enable="YES"
+
+and/or
+
+yule_enable="YES"
+
+to /etc/rc.conf.
+
+###############################################################
diff --git a/security/samhain/pkg-plist b/security/samhain/pkg-plist
new file mode 100644
index 000000000000..c8b90efd71a0
--- /dev/null
+++ b/security/samhain/pkg-plist
@@ -0,0 +1,31 @@
+%%PORTDOCS%%%%DOCSDIR%%/BUGS
+%%PORTDOCS%%%%DOCSDIR%%/FAQ.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html
+%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html
+%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_4.pdf
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE
+%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt
+%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt
+%%PORTDOCS%%@dir %%DOCSDIR%%
+%%SAMHAIN%%@dir /var/lib
+%%SAMHAIN%%@dir /var/lib/samhain
+%%SAMHAIN%%@sample etc/samhainrc.sample
+%%SAMHAIN%%etc/rc.d/samhain.sh
+%%SAMHAIN%%man/man5/samhainrc.5.gz
+%%SAMHAIN%%man/man8/samhain.8.gz
+%%SAMHAIN%%sbin/samhain
+%%SETPWD%%sbin/samhain_setpwd
+%%YULE%%@dir /var/lib/yule
+%%YULE%%@dir /var/log/yule
+%%YULE%%@sample etc/yulerc.sample
+%%YULE%%@unexec echo "To delete the yule user permanently, use 'pw userdel yule'"
+%%YULE%%etc/rc.d/yule.sh
+%%YULE%%man/man5/yulerc.5.gz
+%%YULE%%man/man8/yule.8.gz
+%%YULE%%sbin/yule
+%%YULE%%sbin/yule_setpwd
+%%YULE%%sbin/yuleadmin.pl
+%%YULE%%sbin/yulectl