From 14ae1c3418d6feec5dddaf2a853d9a1a790b72aa Mon Sep 17 00:00:00 2001 From: robert Date: Fri, 11 May 2012 09:24:23 +0000 Subject: [PATCH] import of samhain: Samhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron, if a file is modified you will get only one report, while subsequent checks of that file will ignore the modification as it is already reported (unless the file is modified again). ok jasper@ --- security/samhain/Makefile | 86 +++++++++++++++ security/samhain/distinfo | 5 + security/samhain/patches/patch-configure | 15 +++ .../samhain/patches/patch-samhainrc_freebsd | 101 ++++++++++++++++++ security/samhain/pkg/DESCR-client | 8 ++ security/samhain/pkg/DESCR-main | 10 ++ security/samhain/pkg/DESCR-server | 12 +++ security/samhain/pkg/PLIST-client | 9 ++ security/samhain/pkg/PLIST-main | 3 + security/samhain/pkg/PLIST-server | 21 ++++ security/samhain/pkg/samhain.rc | 9 ++ security/samhain/pkg/yule.rc | 9 ++ 12 files changed, 288 insertions(+) create mode 100644 security/samhain/Makefile create mode 100644 security/samhain/distinfo create mode 100644 security/samhain/patches/patch-configure create mode 100644 security/samhain/patches/patch-samhainrc_freebsd create mode 100644 security/samhain/pkg/DESCR-client create mode 100644 security/samhain/pkg/DESCR-main create mode 100644 security/samhain/pkg/DESCR-server create mode 100644 security/samhain/pkg/PLIST-client create mode 100644 security/samhain/pkg/PLIST-main create mode 100644 security/samhain/pkg/PLIST-server create mode 100755 security/samhain/pkg/samhain.rc create mode 100755 security/samhain/pkg/yule.rc diff --git a/security/samhain/Makefile b/security/samhain/Makefile new file mode 100644 index 00000000000..893e11fa561 --- /dev/null +++ b/security/samhain/Makefile @@ -0,0 +1,86 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ + +COMMENT-main= Samhain Intrusion Detection System +COMMENT-client= Samhain Intrusion Detection System - client +COMMENT-server= Samhain Intrusion Detection System - server + +VERSION= 3.0.4 +DISTNAME= samhain-${VERSION} +FULLPKGNAME-main= samhain-docs-${VERSION} +FULLPKGPATH-main= security/samhain,-main +FULLPKGNAME-client= samhain-${VERSION} +FULLPKGPATH-client= security/samhain,-client +PKGNAME-server= samhain-server-${VERSION} + +CATEGORIES= security + +HOMEPAGE= http://la-samhna.de/samhain/ +MASTER_SITES= http://blade2k.humppa.hu/ + +MAINTAINER= Robert Nagy + +# GPLv2 +PERMIT_PACKAGE_CDROM= Yes +PERMIT_PACKAGE_FTP= Yes +PERMIT_DISTFILES_CDROM= Yes +PERMIT_DISTFILES_FTP= Yes + +CONFIGURE_STYLE= gnu +CONFIGURE_ENV= CPPFLAGS="-DAI_ADDRCONFIG=0" +CONFIGURE_ARGS= --enable-login-watch \ + --localstatedir=/var \ + --with-state-dir=/var/samhain \ + --enable-suidcheck \ + --enable-identity=_yule \ + --enable-network=server + +NO_REGRESS= Yes + +MULTI_PACKAGES= -main +PSEUDO_FLAVORS= no_server +FLAVORS= mysql postgresql +FLAVOR?= no_server + +SUBST_VARS= FLAVOR + +#if non-backend-related flavors are added, add them to +#the following line as ":L:Nflavor1:Nflavor2" so that +#they don't trigger a "Conflicting flavors" error. +BACKEND= ${FLAVOR} +.if ${BACKEND} == "mysql" +MULTI_PACKAGES+= -server +LIB_DEPENDS-server+= databases/mysql,-main +WANTLIB-server+= c crypto m mysqlclient ssl z +CONFIGURE_ARGS+= --with-database=mysql \ + --enable-xml-log \ + --with-cflags=-I${LOCALBASE}/include/mysql \ + --with-libs=-L${LOCALBASE}/lib/mysql +.elif ${BACKEND} == "postgresql" +MULTI_PACKAGES+= -server +LIB_DEPENDS-server+= databases/postgresql,-main +WANTLIB-server+= c m pq +CONFIGURE_ARGS+= --with-database=postgresql \ + --enable-xml-log +.elif ${BACKEND} == "no_server" +MULTI_PACKAGES+= -client +WANTLIB-client+= c pthread z +CONFIGURE_ARGS+= --enable-network=client +.else +ERRORS+= "Fatal: Conflicting flavors: ${FLAVOR}"; +.endif + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/samhain + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/samhain/README +.if ${FLAVOR:L:Mno_server} + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/samhain + ${INSTALL_DATA} ${WRKSRC}/samhainrc ${PREFIX}/share/examples/samhain/ +.else + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/yule + ${INSTALL_DATA} ${WRKSRC}/yulerc.template \ + ${PREFIX}/share/examples/yule/yulerc + ${INSTALL_DATA} ${WRKSRC}/sql_init/samhain.${FLAVOR:S/postgresql/postgres/}.init \ + ${PREFIX}/share/examples/yule/samhain.${FLAVOR}.init +.endif + +.include diff --git a/security/samhain/distinfo b/security/samhain/distinfo new file mode 100644 index 00000000000..1105b7b9e4b --- /dev/null +++ b/security/samhain/distinfo @@ -0,0 +1,5 @@ +MD5 (samhain-3.0.4.tar.gz) = KR8MNui2zywktQ9XIoW2Rw== +RMD160 (samhain-3.0.4.tar.gz) = 7L0LeP5VeKOqOOULHCxzqwNURLc= +SHA1 (samhain-3.0.4.tar.gz) = QtcoOS3R6QQqKMadzD+f3lcPo7U= +SHA256 (samhain-3.0.4.tar.gz) = lNrSGE5Mz+i7Ur6/PTPcbWU9+tZ9wj1BmOPxpt64Rjs= +SIZE (samhain-3.0.4.tar.gz) = 2105848 diff --git a/security/samhain/patches/patch-configure b/security/samhain/patches/patch-configure new file mode 100644 index 00000000000..30b7c7efab1 --- /dev/null +++ b/security/samhain/patches/patch-configure @@ -0,0 +1,15 @@ +$OpenBSD: patch-configure,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ +--- configure.orig Thu May 3 09:25:02 2012 ++++ configure Thu May 3 09:25:11 2012 +@@ -896,11 +896,6 @@ do + ac_enable_check_opt=yes + fi + done +- if test x${ac_enable_check_opt} = xno +- then +- as_fn_error $? "unrecognized option: $ac_option +-Try \`$0 --help' for more information." +- fi + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) diff --git a/security/samhain/patches/patch-samhainrc_freebsd b/security/samhain/patches/patch-samhainrc_freebsd new file mode 100644 index 00000000000..db26fdd9439 --- /dev/null +++ b/security/samhain/patches/patch-samhainrc_freebsd @@ -0,0 +1,101 @@ +$OpenBSD: patch-samhainrc_freebsd,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ +--- samhainrc.freebsd.orig Thu May 3 10:26:48 2012 ++++ samhainrc.freebsd Thu May 3 10:26:51 2012 +@@ -1,6 +1,6 @@ + ##################################################################### + # +-# FreeBSD Configuration file for samhain. ++# OpenBSD Configuration file for samhain. + # + ##################################################################### + # +@@ -69,8 +69,6 @@ dir = 0/ + + [Attributes] + file = / +-file = /proc +-file = /entropy + file = /tmp + file = /var + +@@ -102,15 +100,7 @@ IgnoreMissing = /dev/(p|t)typ.* + ## + dir = 99/etc + +- + # +-# --------- /boot ----------- +-# +- +-[ReadOnly] +-dir = 99/boot +- +-# + # --------- /bin, /sbin ----------- + # + +@@ -119,27 +109,6 @@ dir = 99/bin + dir = 99/sbin + + # +-# --------- /lib ----------- +-# +- +-[ReadOnly] +-dir = 99/lib +- +-# +-# --------- /libexec ----------- +-# +- +-[ReadOnly] +-dir = 99/libexec +- +-# +-# --------- /rescue ----------- +-# +- +-[ReadOnly] +-dir = 99/rescue +- +-# + # --------- /root ----------- + # + +@@ -150,28 +119,12 @@ dir = 99/rescue + dir = 99/root + + # +-# --------- /stand ----------- +-# +- +-[ReadOnly] +-dir = 99/stand +- +-# + # --------- /usr ----------- + # + + [ReadOnly] + dir = 99/usr + +-[Attributes] +-dir = /usr/.snap +-dir = /usr/share/man/cat? +-file = /usr/compat/linux/etc +-file = /usr/compat/linux/etc/ld.so.cache +- +-[IgnoreAll] +-dir = -1/usr/home +- + # + # --------- /var ----------- + # +@@ -200,6 +153,7 @@ dir = 99/var/log + # rotated logs will change inode + # + file = /var/log/*.[0-9].bz2 ++file = /var/log/*.[0-9].gz + file = /var/log/*.[0-9].log + file = /var/log/*.[0-9] + file = /var/log/*.[0-9][0-9] diff --git a/security/samhain/pkg/DESCR-client b/security/samhain/pkg/DESCR-client new file mode 100644 index 00000000000..e806e781318 --- /dev/null +++ b/security/samhain/pkg/DESCR-client @@ -0,0 +1,8 @@ +Samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, +and and thus can remember file changes - contrary to a tool that runs +from cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +This package contains the client part. diff --git a/security/samhain/pkg/DESCR-main b/security/samhain/pkg/DESCR-main new file mode 100644 index 00000000000..823a5e986a0 --- /dev/null +++ b/security/samhain/pkg/DESCR-main @@ -0,0 +1,10 @@ +Samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, +and and thus can remember file changes - contrary to a tool that runs +from cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +Samhain can optionally be used as client/server system to provide +centralized monitoring for multiple host. Logging to a (MySQL or +PostgreSQL) database is supported. diff --git a/security/samhain/pkg/DESCR-server b/security/samhain/pkg/DESCR-server new file mode 100644 index 00000000000..f97f3ee0fc3 --- /dev/null +++ b/security/samhain/pkg/DESCR-server @@ -0,0 +1,12 @@ +Samhain is an open source file integrity and host-based intrusion +detection system for Linux and Unix. It can run as a daemon process, +and and thus can remember file changes - contrary to a tool that runs +from cron, if a file is modified you will get only one report, while +subsequent checks of that file will ignore the modification as it is +already reported (unless the file is modified again). + +This package contains the server parts. + +Available flavors: + mysql - build with support for MySQL + pgsql - build with support for PostgreSQL diff --git a/security/samhain/pkg/PLIST-client b/security/samhain/pkg/PLIST-client new file mode 100644 index 00000000000..21910ff74cc --- /dev/null +++ b/security/samhain/pkg/PLIST-client @@ -0,0 +1,9 @@ +@comment $OpenBSD: PLIST-client,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ +@man man/man5/samhainrc.5 +@man man/man8/samhain.8 +@bin sbin/samhain +share/examples/samhain/ +share/examples/samhain/samhainrc +@sample ${SYSCONFDIR}/samhainrc +@sample /var/samhain/ +@rcscript ${RCDIR}/samhain diff --git a/security/samhain/pkg/PLIST-main b/security/samhain/pkg/PLIST-main new file mode 100644 index 00000000000..8b2403717b7 --- /dev/null +++ b/security/samhain/pkg/PLIST-main @@ -0,0 +1,3 @@ +@comment $OpenBSD: PLIST-main,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ +share/doc/samhain/ +share/doc/samhain/README diff --git a/security/samhain/pkg/PLIST-server b/security/samhain/pkg/PLIST-server new file mode 100644 index 00000000000..bf41042b8c2 --- /dev/null +++ b/security/samhain/pkg/PLIST-server @@ -0,0 +1,21 @@ +@comment $OpenBSD: PLIST-server,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ +@newgroup _yule:698 +@newuser _yule:698:_yule:daemon:samhain user:/nonexistent:/sbin/nologin +@extraunexec rm -rf /var/log/yule/* +@mode 775 +@owner _yule +@group _yule +@sample /var/log/yule/ +@mode +@owner +@group +@man man/man5/yulerc.5 +@man man/man8/yule.8 +@bin sbin/yule +@bin sbin/yule_setpwd +@bin sbin/yulectl +share/examples/yule/ +share/examples/yule/samhain.${FLAVOR}.init +share/examples/yule/yulerc +@sample ${SYSCONFDIR}/yulerc +@rcscript ${RCDIR}/yule diff --git a/security/samhain/pkg/samhain.rc b/security/samhain/pkg/samhain.rc new file mode 100755 index 00000000000..a3272efb27a --- /dev/null +++ b/security/samhain/pkg/samhain.rc @@ -0,0 +1,9 @@ +#!/bin/sh +# +# $OpenBSD: samhain.rc,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ + +daemon="${TRUEPREFIX}/sbin/samhain" + +. /etc/rc.d/rc.subr + +rc_cmd $1 diff --git a/security/samhain/pkg/yule.rc b/security/samhain/pkg/yule.rc new file mode 100755 index 00000000000..a269520cd60 --- /dev/null +++ b/security/samhain/pkg/yule.rc @@ -0,0 +1,9 @@ +#!/bin/sh +# +# $OpenBSD: yule.rc,v 1.1.1.1 2012/05/11 09:24:23 robert Exp $ + +daemon="${TRUEPREFIX}/sbin/yule" + +. /etc/rc.d/rc.subr + +rc_cmd $1