import of samhain:

Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).

ok jasper@

security/samhain/Makefile

@@ -0,0 +1,86 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+
+COMMENT-main=		Samhain Intrusion Detection System
+COMMENT-client=		Samhain Intrusion Detection System - client
+COMMENT-server=		Samhain Intrusion Detection System - server
+
+VERSION=		3.0.4
+DISTNAME=		samhain-${VERSION}
+FULLPKGNAME-main=	samhain-docs-${VERSION}
+FULLPKGPATH-main=	security/samhain,-main
+FULLPKGNAME-client=	samhain-${VERSION}
+FULLPKGPATH-client=	security/samhain,-client
+PKGNAME-server=		samhain-server-${VERSION}
+
+CATEGORIES=		security
+
+HOMEPAGE=		http://la-samhna.de/samhain/
+MASTER_SITES=		http://blade2k.humppa.hu/
+
+MAINTAINER=		Robert Nagy <robert@openbsd.org>
+
+# GPLv2
+PERMIT_PACKAGE_CDROM=	Yes
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	Yes
+PERMIT_DISTFILES_FTP=	Yes
+
+CONFIGURE_STYLE=	gnu
+CONFIGURE_ENV=		CPPFLAGS="-DAI_ADDRCONFIG=0"
+CONFIGURE_ARGS=		--enable-login-watch \
+			--localstatedir=/var \
+			--with-state-dir=/var/samhain \
+			--enable-suidcheck \
+			--enable-identity=_yule \
+			--enable-network=server
+
+NO_REGRESS=		Yes
+
+MULTI_PACKAGES=		-main
+PSEUDO_FLAVORS=		no_server
+FLAVORS=		mysql postgresql
+FLAVOR?=		no_server
+
+SUBST_VARS=		FLAVOR
+
+#if non-backend-related flavors are added, add them to
+#the following line as ":L:Nflavor1:Nflavor2" so that
+#they don't trigger a "Conflicting flavors" error.
+BACKEND=		${FLAVOR}
+.if ${BACKEND} == "mysql"
+MULTI_PACKAGES+=	-server
+LIB_DEPENDS-server+=	databases/mysql,-main
+WANTLIB-server+=	c crypto m mysqlclient ssl z
+CONFIGURE_ARGS+=	--with-database=mysql \
+			--enable-xml-log \
+			--with-cflags=-I${LOCALBASE}/include/mysql \
+			--with-libs=-L${LOCALBASE}/lib/mysql
+.elif ${BACKEND} == "postgresql"
+MULTI_PACKAGES+=	-server
+LIB_DEPENDS-server+=	databases/postgresql,-main
+WANTLIB-server+=	c m pq
+CONFIGURE_ARGS+=	--with-database=postgresql \
+			--enable-xml-log
+.elif ${BACKEND} == "no_server"
+MULTI_PACKAGES+=	-client
+WANTLIB-client+=	c pthread z
+CONFIGURE_ARGS+=	--enable-network=client
+.else
+ERRORS+=		"Fatal: Conflicting flavors: ${FLAVOR}";
+.endif
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/samhain
+	${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/samhain/README
+.if ${FLAVOR:L:Mno_server}
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/samhain
+	${INSTALL_DATA} ${WRKSRC}/samhainrc ${PREFIX}/share/examples/samhain/
+.else
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/yule
+	${INSTALL_DATA} ${WRKSRC}/yulerc.template \
+		${PREFIX}/share/examples/yule/yulerc
+	${INSTALL_DATA} ${WRKSRC}/sql_init/samhain.${FLAVOR:S/postgresql/postgres/}.init \
+		${PREFIX}/share/examples/yule/samhain.${FLAVOR}.init
+.endif
+
+.include <bsd.port.mk>

security/samhain/distinfo

@@ -0,0 +1,5 @@
+MD5 (samhain-3.0.4.tar.gz) = KR8MNui2zywktQ9XIoW2Rw==
+RMD160 (samhain-3.0.4.tar.gz) = 7L0LeP5VeKOqOOULHCxzqwNURLc=
+SHA1 (samhain-3.0.4.tar.gz) = QtcoOS3R6QQqKMadzD+f3lcPo7U=
+SHA256 (samhain-3.0.4.tar.gz) = lNrSGE5Mz+i7Ur6/PTPcbWU9+tZ9wj1BmOPxpt64Rjs=
+SIZE (samhain-3.0.4.tar.gz) = 2105848

security/samhain/patches/patch-configure

@@ -0,0 +1,15 @@
+$OpenBSD: patch-configure,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+--- configure.orig	Thu May  3 09:25:02 2012
++++ configure	Thu May  3 09:25:11 2012
+@@ -896,11 +896,6 @@ do
+ 		ac_enable_check_opt=yes
+ 	fi
+     done
+-    if test x${ac_enable_check_opt} = xno
+-    then
+-	as_fn_error $? "unrecognized option: $ac_option
+-Try \`$0 --help' for more information."
+-    fi
+     eval "enable_$ac_feature=no" ;;
+ 
+   -enable-* | --enable-*)

security/samhain/patches/patch-samhainrc_freebsd

@@ -0,0 +1,101 @@
+$OpenBSD: patch-samhainrc_freebsd,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+--- samhainrc.freebsd.orig	Thu May  3 10:26:48 2012
++++ samhainrc.freebsd	Thu May  3 10:26:51 2012
+@@ -1,6 +1,6 @@
+ #####################################################################
+ #
+-# FreeBSD Configuration file  for samhain.
++# OpenBSD Configuration file for samhain.
+ #
+ #####################################################################
+ # 
+@@ -69,8 +69,6 @@ dir = 0/
+ 
+ [Attributes]
+ file = /
+-file = /proc
+-file = /entropy
+ file = /tmp
+ file = /var
+ 
+@@ -102,15 +100,7 @@ IgnoreMissing = /dev/(p|t)typ.*
+ ##
+ dir = 99/etc
+ 
+-
+ #
+-# --------- /boot -----------
+-#
+-
+-[ReadOnly]
+-dir = 99/boot
+-
+-#
+ # --------- /bin, /sbin -----------
+ #
+ 
+@@ -119,27 +109,6 @@ dir = 99/bin
+ dir = 99/sbin
+ 
+ #
+-# --------- /lib -----------
+-#
+-
+-[ReadOnly]
+-dir = 99/lib
+-
+-#
+-# --------- /libexec -----------
+-#
+-
+-[ReadOnly]
+-dir = 99/libexec
+-
+-#
+-# --------- /rescue -----------
+-#
+-
+-[ReadOnly]
+-dir = 99/rescue
+-
+-#
+ # --------- /root -----------
+ #
+ 
+@@ -150,28 +119,12 @@ dir = 99/rescue
+ dir = 99/root
+ 
+ #
+-# --------- /stand -----------
+-#
+-
+-[ReadOnly]
+-dir = 99/stand
+-
+-#
+ # --------- /usr -----------
+ #
+ 
+ [ReadOnly]
+ dir = 99/usr
+ 
+-[Attributes]
+-dir = /usr/.snap
+-dir = /usr/share/man/cat?
+-file = /usr/compat/linux/etc
+-file = /usr/compat/linux/etc/ld.so.cache
+-
+-[IgnoreAll]
+-dir = -1/usr/home
+-
+ #
+ # --------- /var -----------
+ #
+@@ -200,6 +153,7 @@ dir = 99/var/log
+ # rotated logs will change inode
+ #
+ file = /var/log/*.[0-9].bz2
++file = /var/log/*.[0-9].gz
+ file = /var/log/*.[0-9].log
+ file = /var/log/*.[0-9]
+ file = /var/log/*.[0-9][0-9]

security/samhain/pkg/DESCR-client

@@ -0,0 +1,8 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+This package contains the client part.

security/samhain/pkg/DESCR-main

@@ -0,0 +1,10 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+Samhain can optionally be used as client/server system to provide
+centralized monitoring for multiple host. Logging to a (MySQL or
+PostgreSQL) database is supported.

security/samhain/pkg/DESCR-server

@@ -0,0 +1,12 @@
+Samhain is an open source file integrity and host-based intrusion
+detection system for Linux and Unix. It can run as a daemon process,
+and and thus can remember file changes - contrary to a tool that runs
+from cron, if a file is modified you will get only one report, while
+subsequent checks of that file will ignore the modification as it is
+already reported (unless the file is modified again).
+
+This package contains the server parts.
+
+Available flavors:
+	mysql - build with support for MySQL
+	pgsql - build with support for PostgreSQL

security/samhain/pkg/PLIST-client

@@ -0,0 +1,9 @@
+@comment $OpenBSD: PLIST-client,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+@man man/man5/samhainrc.5
+@man man/man8/samhain.8
+@bin sbin/samhain
+share/examples/samhain/
+share/examples/samhain/samhainrc
+@sample ${SYSCONFDIR}/samhainrc
+@sample /var/samhain/
+@rcscript ${RCDIR}/samhain

security/samhain/pkg/PLIST-main

@@ -0,0 +1,3 @@
+@comment $OpenBSD: PLIST-main,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+share/doc/samhain/
+share/doc/samhain/README

security/samhain/pkg/PLIST-server

@@ -0,0 +1,21 @@
+@comment $OpenBSD: PLIST-server,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+@newgroup _yule:698
+@newuser _yule:698:_yule:daemon:samhain user:/nonexistent:/sbin/nologin
+@extraunexec rm -rf /var/log/yule/*
+@mode 775
+@owner _yule
+@group _yule
+@sample /var/log/yule/
+@mode
+@owner
+@group
+@man man/man5/yulerc.5
+@man man/man8/yule.8
+@bin sbin/yule
+@bin sbin/yule_setpwd
+@bin sbin/yulectl
+share/examples/yule/
+share/examples/yule/samhain.${FLAVOR}.init
+share/examples/yule/yulerc
+@sample ${SYSCONFDIR}/yulerc
+@rcscript ${RCDIR}/yule

security/samhain/pkg/samhain.rc

@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# $OpenBSD: samhain.rc,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+
+daemon="${TRUEPREFIX}/sbin/samhain"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1

security/samhain/pkg/yule.rc

@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# $OpenBSD: yule.rc,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $
+
+daemon="${TRUEPREFIX}/sbin/yule"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1