diff options
author | Nikolai Lifanov <lifanov@FreeBSD.org> | 2017-03-12 17:07:23 +0000 |
---|---|---|
committer | Nikolai Lifanov <lifanov@FreeBSD.org> | 2017-03-12 17:07:23 +0000 |
commit | be652c10974628da2c85e2945a766e8ae65125b2 (patch) | |
tree | f6735672a3440e2bbdb7e795cacade0cb6daa5eb | |
parent | 99d7fc48aab6577deee79a3ee3fce94578002529 (diff) | |
download | ports-be652c10974628da2c85e2945a766e8ae65125b2.tar.gz ports-be652c10974628da2c85e2945a766e8ae65125b2.zip |
add ports for Samhain Intrusion Detection System
Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).
Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.
PR: 214623
Submitted by: Nikola Kolev <koue@chaosophia.net>
Notes
Notes:
svn path=/head/; revision=435996
-rw-r--r-- | GIDs | 2 | ||||
-rw-r--r-- | UIDs | 2 | ||||
-rw-r--r-- | security/Makefile | 3 | ||||
-rw-r--r-- | security/samhain-client/Makefile | 12 | ||||
-rw-r--r-- | security/samhain-server/Makefile | 20 | ||||
-rw-r--r-- | security/samhain/Makefile | 220 | ||||
-rw-r--r-- | security/samhain/distinfo | 3 | ||||
-rw-r--r-- | security/samhain/files/fixsamhainrc.patch | 11 | ||||
-rw-r--r-- | security/samhain/files/fixyulerc.patch | 11 | ||||
-rw-r--r-- | security/samhain/files/patch-config.h.in | 15 | ||||
-rw-r--r-- | security/samhain/pkg-descr | 12 | ||||
-rw-r--r-- | security/samhain/pkg-message | 14 | ||||
-rw-r--r-- | security/samhain/pkg-plist | 31 |
13 files changed, 354 insertions, 2 deletions
@@ -107,7 +107,7 @@ octoprint:*:162: _iked:*:163: lightdm:*:164: uwsgi:*:165: -# free: 166 +yule:*:166: # free: 167 # free: 168 # free: 169 @@ -112,7 +112,7 @@ octoprint:*:162:162::0:0:OctoPrint Daemon:/usr/local/octoprint:/usr/sbin/nologin _iked:*:163:163::0:0:IKEv2 Daemon:/var/empty:/usr/sbin/nologin lightdm:*:164:164::0:0:Light Display Manager:/var/lib/lightdm-data:/usr/sbin/nologin uwsgi:*:165:165::0:0:uwsgi Daemon:/nonexistent:/usr/sbin/nologin -# free: 166 +yule:*:166:166::0:0:Samhain Daemon:/nonexistent:/usr/sbin/nologin # free: 167 # free: 168 # free: 169 diff --git a/security/Makefile b/security/Makefile index 8ae7984a105b..fbd754adffa2 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1064,6 +1064,9 @@ SUBDIR += s2n SUBDIR += safesh SUBDIR += samba-virusfilter + SUBDIR += samhain + SUBDIR += samhain-client + SUBDIR += samhain-server SUBDIR += sancp SUBDIR += sasp SUBDIR += scamp diff --git a/security/samhain-client/Makefile b/security/samhain-client/Makefile new file mode 100644 index 000000000000..e4e9841a1f78 --- /dev/null +++ b/security/samhain-client/Makefile @@ -0,0 +1,12 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +PKGNAMESUFFIX= -client + +COMMENT= Client daemon for the Samhain IDS + +WITH_CLIENT= yes + +MASTERDIR= ${.CURDIR}/../samhain + +.include "${MASTERDIR}/Makefile" diff --git a/security/samhain-server/Makefile b/security/samhain-server/Makefile new file mode 100644 index 000000000000..46dde6d242d5 --- /dev/null +++ b/security/samhain-server/Makefile @@ -0,0 +1,20 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +# This port recognizes the following non-boolean tunables: +# +# WITH_RUNAS_USER: +# Whe building with "WITH_SERVER" defined, the username of the +# account Yule will run as. Defaults to "yule". If using +# WITH_GNUPG, ensure that this user exists and has a pgp +# keypair before installing. + +PKGNAMESUFFIX= -server + +COMMENT= Log server for the Samhain IDS + +WITH_SERVER= yes + +MASTERDIR= ${.CURDIR}/../samhain + +.include "${MASTERDIR}/Makefile" diff --git a/security/samhain/Makefile b/security/samhain/Makefile new file mode 100644 index 000000000000..33cd4a143697 --- /dev/null +++ b/security/samhain/Makefile @@ -0,0 +1,220 @@ +# Created by: Nikola Kolev <koue@chaosophia.net> +# $FreeBSD$ + +PORTNAME= samhain +PORTVERSION= 4.2.0 +CATEGORIES= security +MASTER_SITES= http://la-samhna.de/archive/ +DISTNAME= samhain_signed-${PORTVERSION} + +MAINTAINER= koue@chaosophia.net +COMMENT= Samhain Intrusion Detection System + +LICENSE= GPLv2 + +OPTIONS_DEFINE= ASM DB_RELOAD DEBUG DNMALLOC ENCRYPT GNUPG IPV6 KCHECK LIBWRAP \ + LOGFILE_MONITOR LOGIN_WATCH MAIL MOUNTS_CHECK MYSQL ODBC PGSQL \ + PORT_CHECK PROCESS_CHECK POSIX_ACL PRELUDE PTRACE SRP STATIC \ + SUIDCHECK UDP USERFILES XML_LOGS +OPTIONS_DEFAULT=ASM DNMALLOC ENCRYPT IPV6 LIBWRAP MAIL SRP + +DB_RELOAD_DESC= Enable database reload on SIGHUP +DNMALLOC_DESC= Enable dnmalloc +ENCRYPT_DESC= Enable client/server encryption +KCHECK_DESC= Enable rogue KLD detection +LOGFILE_MONITOR_DESC= Enable monitor logfiles +LOGIN_WATCH_DESC= Enable watch for login/logout +MAIL_DESC= Enable internal SMTP mailer +MOUNTS_CHECK_DESC= Enable check mount options on filesystems +PORT_CHECK_DESC= Enable check ports +PROCESS_CHECK_DESC= Enable check processes +POSIX_ACL_DESC= Enable check posix acls +PRELUDE_DESC= Enable Prelude Framework support +PTRACE_DESC= Enable use anti-debugger options +SRP_DESC= Enable SRP for authentication +SUIDCHECK_DESC= Enable check for suid/sgid files +UDP_DESC= Enable UDP server +USERFILES_DESC= Enable check for users config files +XML_LOGS_DESC= Enable XML-formatted logs + +OPTIONS_SUB= yes + +WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var \ + --with-logserver=true \ + --with-altlogserver=true \ + --with-timeserver=true \ + --with-alttimeserver=true + +USES= shebangfix +SHEBANG_FILES= scripts/samhainadmin.pl.in + +ASM_CONFIGURE_ENABLE= asm + +DB_RELOAD_CONFIGURE_ENABLE= db-reload + +DEBUG_CONFIGURE_ENABLE= debug + +DNMALLOC_CONFIGURE_ENABLE= dnmalloc + +ENCRYPT_CONFIGURE_ENABLE= encrypt + +GNUPG_CONFIGURE_WITH= gpg=${PREFIX}/bin/gpg +GNUPG_BUILD_DEPENDS= gpg:${PORTSDIR}/security/gnupg + +IPV6_CONFIGURE_ENABLE= ipv6 + +KCHECK_CONFIGURE_WITH= kcheck + +LIBWRAP_CONFIGURE_WITH= libwrap + +LOGFILE_MONITOR_CONFIGURE_ENABLE= logfile-monitor + +LOGIN_WATCH_CONFIGURE_ENABLE= login-watch + +MAIL_CONFIGURE_ENABLE= mail + +MOUNTS_CHECK_CONFIGURE_ENABLE= mounts-check + +MYSQL_USES= mysql +MYSQL_CONFIGURE_ARGS= --with-database=mysql + +ODBC_CONFIGURE_ARGS= --with-database=odbc +ODBC_LIB_DEPENDS= libodbc.so:databases/unixODBC + +PGSQL_USES= pgsql +PGSQL_CONFIGURE_ARGS= --with-database=postgresql + +PORT_CHECK_CONFIGURE_ENABLE= port-check + +PROCESS_CHECK_CONFIGURE_ENABLE= process-check + +POSIX_ACL_CONFIGURE_ENABLE= posix-acl + +PRELUDE_LIB_DEPENDS= prelude:${PORTSDIR}/security/libprelude +PRELUDE_CONFIGURE_WITH= prelude + +PTRACE_CONFIGURE_ENABLE= ptrace + +SRP_CONFIGURE_ENABLE= srp + +STATIC_CONFIGURE_ENABLE= static + +SUIDCHECK_CONFIGURE_ENABLE= suidcheck + +UDP_CONFIGURE_ENABLE= udp + +USERFILES_CONFIGURE_ENABLE= userfiles + +XML_LOGS_CONFIGURE_ENABLE= xml-log + +.include <bsd.port.pre.mk> + +.if ${ARCH} == "amd64" +CFLAGS+= -fPIC +.endif + +.if defined(WITH_RUNAS_USER) +CONFIGURE_ARGS+= --enable-identity=${WITH_RUNAS_USER} +.else +CONFIGURE_ARGS+= --enable-identity=yule +.endif + +.if defined(WITH_CLIENT) +CONFIGURE_ARGS+= --enable-network=client \ + --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ + --with-config-file=REQ_FROM_SERVER +PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch +MAN5+= samhainrc.5 +MAN8+= samhain.8 +.elif defined(WITH_SERVER) +USERS= yule +GROUPS= yule +CONFIGURE_ARGS+= --enable-network=server +SUB_LIST+= WITH_YULE="yes" +PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch +MAN5+= yulerc.5 +MAN8+= yule.8 +.else +SUB_LIST+= WITH_YULE="" +PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch +MAN5+= samhainrc.5 +MAN8+= samhain.8 +.endif + +pre-everything:: + +.if !defined(WITH_CLIENT) && !defined(WITH_SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Building Samhain in standalone mode." + @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" + @${ECHO_MSG} "now, and build samhain from the samhain-client and" + @${ECHO_MSG} "samhain-server ports." + @${ECHO_MSG} +.endif + +.if defined(WITH_CLIENT) && defined(WITH_SERVER) +IGNORE= can't build client and server at once +.endif + +.if ${PORT_OPTIONS:MKCHECK} + @${ECHO_MSG} + @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem" + @${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit" + @${ECHO_MSG} "Control-C and restart the build as root." + @${ECHO_MSG} +.endif + +.if ${PORT_OPTIONS:MMYSQL} && ! ${PORT_OPTIONS:MXML_LOGS} +IGNORE= xml logging is required to log to MySQL +.endif + +.if ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MXML_LOGS} +IGNORE= xml logging is required to log to Postgres +.endif + +post-extract: + @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz + @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc + +post-install: +.if !defined(WITH_SERVER) + @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/samhain.sh + @${CP} ${WRKSRC}/samhainrc ${STAGEDIR}${PREFIX}/etc/samhainrc.sample + @${CHGRP} wheel ${STAGEDIR}${PREFIX}/etc/samhainrc.sample +.else + @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${STAGEDIR}${PREFIX}/etc/rc.d/yule.sh + @${CP} ${WRKSRC}/yulerc ${STAGEDIR}${PREFIX}/etc/yulerc.sample +.endif + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/MANUAL-2_4.pdf ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-client+server-troubleshooting.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-samhain+GnuPG.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/HOWTO-write-modules.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/FAQ.html ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/README.UPGRADE ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/README ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/BUGS ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/sh_mounts.txt ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${WRKSRC}/docs/sh_userfiles.txt ${STAGEDIR}${DOCSDIR} + +post-stage: +.if !defined(WITH_SERVER) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain +.endif +.if defined(WITH_CLIENT) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/samhain_setpwd +.endif +.if defined(WITH_SERVER) + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yulectl + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/yule_setpwd +.endif + +.include <bsd.port.post.mk> diff --git a/security/samhain/distinfo b/security/samhain/distinfo new file mode 100644 index 000000000000..0581b70b19e7 --- /dev/null +++ b/security/samhain/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1479294621 +SHA256 (samhain_signed-4.2.0.tar.gz) = 6b2db91fc92b3a9fc2edcc6ee16438156753c05f69c114856289e9f25ba0e50a +SIZE (samhain_signed-4.2.0.tar.gz) = 2134438 diff --git a/security/samhain/files/fixsamhainrc.patch b/security/samhain/files/fixsamhainrc.patch new file mode 100644 index 000000000000..eed29c37b062 --- /dev/null +++ b/security/samhain/files/fixsamhainrc.patch @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/samhainrc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ diff --git a/security/samhain/files/fixyulerc.patch b/security/samhain/files/fixyulerc.patch new file mode 100644 index 000000000000..4686e725915e --- /dev/null +++ b/security/samhain/files/fixyulerc.patch @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/yulerc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ diff --git a/security/samhain/files/patch-config.h.in b/security/samhain/files/patch-config.h.in new file mode 100644 index 000000000000..74aec07c1649 --- /dev/null +++ b/security/samhain/files/patch-config.h.in @@ -0,0 +1,15 @@ +--- config.h.in.orig 2016-11-16 12:14:22 UTC ++++ config.h.in +@@ -349,7 +349,11 @@ + #undef HAVE_UINT64_T + + /* Define if you have utmpx.h. */ +-#undef HAVE_UTMPX_H ++#define HAVE_UTMPX_H ++ ++#define UTMPX_FILE "/var/log/utx.active" ++ ++#define WTMPX_FILE "/var/log/utx.log" + + /* Define if your struct utmpx has ut_xtime. */ + #undef HAVE_UTXTIME diff --git a/security/samhain/pkg-descr b/security/samhain/pkg-descr new file mode 100644 index 000000000000..c2bde195e8f5 --- /dev/null +++ b/security/samhain/pkg-descr @@ -0,0 +1,12 @@ +Samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, +and and thus can remember file changes - contrary to a tool that runs +from cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +Samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. + +WWW: http://la-samhna.de/samhain/ diff --git a/security/samhain/pkg-message b/security/samhain/pkg-message new file mode 100644 index 000000000000..75a2751de0f0 --- /dev/null +++ b/security/samhain/pkg-message @@ -0,0 +1,14 @@ + +############################################################### + +To start the samhain daemon at system boot, add: + +samhain_enable="YES" + +and/or + +yule_enable="YES" + +to /etc/rc.conf. + +############################################################### diff --git a/security/samhain/pkg-plist b/security/samhain/pkg-plist new file mode 100644 index 000000000000..c8b90efd71a0 --- /dev/null +++ b/security/samhain/pkg-plist @@ -0,0 +1,31 @@ +%%PORTDOCS%%%%DOCSDIR%%/BUGS +%%PORTDOCS%%%%DOCSDIR%%/FAQ.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server-troubleshooting.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-client+server.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-samhain+GnuPG.html +%%PORTDOCS%%%%DOCSDIR%%/HOWTO-write-modules.html +%%PORTDOCS%%%%DOCSDIR%%/MANUAL-2_4.pdf +%%PORTDOCS%%%%DOCSDIR%%/README +%%PORTDOCS%%%%DOCSDIR%%/README.UPGRADE +%%PORTDOCS%%%%DOCSDIR%%/sh_mounts.txt +%%PORTDOCS%%%%DOCSDIR%%/sh_userfiles.txt +%%PORTDOCS%%@dir %%DOCSDIR%% +%%SAMHAIN%%@dir /var/lib +%%SAMHAIN%%@dir /var/lib/samhain +%%SAMHAIN%%@sample etc/samhainrc.sample +%%SAMHAIN%%etc/rc.d/samhain.sh +%%SAMHAIN%%man/man5/samhainrc.5.gz +%%SAMHAIN%%man/man8/samhain.8.gz +%%SAMHAIN%%sbin/samhain +%%SETPWD%%sbin/samhain_setpwd +%%YULE%%@dir /var/lib/yule +%%YULE%%@dir /var/log/yule +%%YULE%%@sample etc/yulerc.sample +%%YULE%%@unexec echo "To delete the yule user permanently, use 'pw userdel yule'" +%%YULE%%etc/rc.d/yule.sh +%%YULE%%man/man5/yulerc.5.gz +%%YULE%%man/man8/yule.8.gz +%%YULE%%sbin/yule +%%YULE%%sbin/yule_setpwd +%%YULE%%sbin/yuleadmin.pl +%%YULE%%sbin/yulectl |