Import security/ossec-hids.

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
System (HIDS). It has a powerful correlation and analysis engine, integrating
log analysis, file integrity checking, Windows registry monitoring, centralized
policy enforcement, rootkit detection, real-time alerting and active response.

Help from and OK sthen@, thanks!

security/ossec-hids/Makefile

@@ -0,0 +1,52 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2018/12/21 22:01:56 pirofti Exp $
+
+COMMENT =	host-based intrusion detection system
+
+GH_ACCOUNT =	ossec
+GH_PROJECT =	ossec-hids
+GH_TAGNAME =	3.0.0
+
+CATEGORIES =	security
+
+HOMEPAGE =	https://www.ossec.net/
+
+MAINTAINER =	Paul Irofti <pirofti@openbsd.org>
+
+# GPLv2
+PERMIT_PACKAGE_CDROM =		Yes
+
+WANTLIB += c crypto lib/inotify/inotify m magic pthread ssl
+
+LIB_DEPENDS =	devel/libinotify \
+		devel/libmagic
+
+USE_GMAKE =	Yes
+NO_BUILD =	Yes
+
+INSTALL_FLAGS = CFLAGS="${CFLAGS}" \
+		USER_NO_STOP=y \
+		USER_LANGUAGE=en \
+		USER_INSTALL_TYPE=server \
+		USER_HYBID=go \
+		USER_DIR=${PREFIX}/ossec-hids \
+		USER_DELETE_DIR=n \
+		USER_ENABLE_EMAIL=y \
+		USER_EMAIL_ADDRESS="root@localhost" \
+		USER_EMAIL_SMTP="127.0.0.1" \
+		USER_ENABLE_SYSCHECK=y \
+		USER_ENABLE_ROOTCHECK=y \
+		USER_ENABLE_ACTIVE_RESPONSE=y \
+		USER_ENABLE_FIREWALL_RESPONSE=y \
+		USER_ENABLE_SYSLOG=y \
+		USER_AGENT_SERVER_IP="127.0.0.1" \
+		USE_INOTIFY=y \
+		LOCALBASE=${LOCALBASE} \
+		V=1
+
+do-configure:
+	${SUBST_CMD} ${WRKSRC}/src/headers/defs.h
+
+do-install:
+	cd ${WRKBUILD} && ${INSTALL_FLAGS} /bin/sh install.sh
+
+.include <bsd.port.mk>

security/ossec-hids/distinfo

@@ -0,0 +1,2 @@
+SHA256 (ossec-hids-3.0.0.tar.gz) = onHWZe1QKz30/wVaF3FZ38C8imndROqx98V/6P/0Kpg=
+SIZE (ossec-hids-3.0.0.tar.gz) = 1817324

security/ossec-hids/patches/patch-install_sh

@@ -0,0 +1,131 @@
+$OpenBSD: patch-install_sh,v 1.1.1.1 2018/12/21 22:01:56 pirofti Exp $
+
+Index: install.sh
+--- install.sh.orig
++++ install.sh
+@@ -102,7 +102,7 @@ Install()
+     if [ "X${USER_BINARYINSTALL}" = "X" ]; then
+         # Add DATABASE=pgsql or DATABASE=mysql to add support for database
+         # alert entry
+-        ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} build
++        ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} TRUEPREFIX=${TRUEPREFIX} LOCALBASE=${LOCALBASE} build
+         if [ $? != 0 ]; then
+             cd ../
+             catError "0x5-build"
+@@ -114,22 +114,23 @@ Install()
+         UpdateStopOSSEC
+     fi
+ 
+-    ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} install
++    ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} TRUEPREFIX=${TRUEPREFIX} LOCALBASE=${LOCALBASE} install
+ 
+     cd ../
+ 
+ 
+     # Generate the /etc/ossec-init.conf
++    OSSEC_INIT=${INSTALLDIR}/etc/ossec-init.conf
+     VERSION_FILE="./src/VERSION"
+     VERSION=`cat ${VERSION_FILE}`
+     chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
+-    echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
++    echo "DIRECTORY=\"${TRUEINSTALLDIR}\"" > ${OSSEC_INIT}
+     echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
+     echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
+     echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
+     chmod 600 ${OSSEC_INIT}
+-    cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
+-    chmod 640 ${INSTALLDIR}${OSSEC_INIT}
++    #cp -pr ${OSSEC_INIT} ${INSTALLDIR}/share/ossec/examples/${OSSEC_INIT}
++    chmod 640 ${OSSEC_INIT}
+ 
+ 
+     # If update_rules is set, we need to tweak
+@@ -144,12 +145,12 @@ Install()
+     fi
+ 
+     # Calling the init script  to start ossec hids during boot
+-    if [ "X${update_only}" = "X" ]; then
+-        runInit
+-        if [ $? = 1 ]; then
+-            notmodified="yes"
+-        fi
+-    fi
++    #if [ "X${update_only}" = "X" ]; then
++    #    runInit
++    #    if [ $? = 1 ]; then
++    #        notmodified="yes"
++    #    fi
++    #fi
+ 
+ }
+ 
+@@ -222,12 +223,8 @@ UseRootcheck()
+     if [ "X$ROOTCHECK" = "Xyes" ]; then
+         echo "" >> $NEWCONFIG
+         echo "  <rootcheck>" >> $NEWCONFIG
+-        echo "    <rootkit_files>$INSTALLDIR/etc/shared/rootkit_files.txt</rootkit_files>" >> $NEWCONFIG
+-        echo "    <rootkit_trojans>$INSTALLDIR/etc/shared/rootkit_trojans.txt</rootkit_trojans>" >> $NEWCONFIG
+-        echo "    <system_audit>$INSTALLDIR/etc/shared/system_audit_rcl.txt</system_audit>" >> $NEWCONFIG
+-        echo "    <system_audit>$INSTALLDIR/etc/shared/cis_debian_linux_rcl.txt</system_audit>" >> $NEWCONFIG
+-        echo "    <system_audit>$INSTALLDIR/etc/shared/cis_rhel_linux_rcl.txt</system_audit>" >> $NEWCONFIG
+-        echo "    <system_audit>$INSTALLDIR/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>" >> $NEWCONFIG
++        echo "    <rootkit_files>$TRUEINSTALLDIR/etc/shared/rootkit_files.txt</rootkit_files>" >> $NEWCONFIG
++        echo "    <rootkit_trojans>$TRUEINSTALLDIR/etc/shared/rootkit_trojans.txt</rootkit_trojans>" >> $NEWCONFIG
+         echo "  </rootcheck>" >> $NEWCONFIG
+ 	# Patch for systems that use s-nail instead of GNU Mailutils (such as Arch Linux).
+ 	if strings /usr/bin/mail | grep "x-shsh bash" 1> /dev/null; then
+@@ -547,7 +544,7 @@ ConfigureServer()
+         echo "    <email_notification>yes</email_notification>" >> $NEWCONFIG
+         echo "    <email_to>$EMAIL</email_to>" >> $NEWCONFIG
+         echo "    <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
+-        echo "    <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
++        echo "    <email_from>ossecm@localhost</email_from>" >> $NEWCONFIG
+     else
+         echo "    <email_notification>no</email_notification>" >> $NEWCONFIG
+     fi
+@@ -625,7 +622,7 @@ ConfigureServer()
+                 echo "    <white_list>${ip}</white_list>" >>$NEWCONFIG
+             fi
+             done
+-            AddWhite
++            #AddWhite
+ 
+             # If Openbsd or Freebsd with pf enable, ask about
+             # automatically setting it up.
+@@ -761,6 +758,7 @@ setEnv()
+         done
+     else
+         INSTALLDIR=${USER_DIR}
++	TRUEINSTALLDIR=${TRUEPREFIX}/ossec-hids
+     fi
+ 
+ 
+@@ -961,11 +959,6 @@ main()
+         catError "0x1-location";
+     fi
+ 
+-    # Must be root
+-    if [ ! "X$ME" = "Xroot" ]; then
+-        catError "0x2-beroot";
+-    fi
+-
+     # Checking dependencies
+     checkDependencies
+ 
+@@ -1123,6 +1116,7 @@ main()
+ 
+     else
+         INSTYPE=${USER_INSTALL_TYPE}
++        HYBID=${USER_HYBID}
+     fi
+ 
+ 
+@@ -1250,6 +1244,8 @@ if [ "x$HYBID" = "xgo" ]; then
+     echo 'USER_UPDATE_RULES="n"' >> ./etc/preloaded-vars.conf
+     echo "" >> ./etc/preloaded-vars.conf
+     echo 'USER_CLEANINSTALL="y"' >> ./etc/preloaded-vars.conf
++    echo "" >> ./etc/preloaded-vars.conf
++    echo 'USER_HYBID=""' >> ./etc/preloaded-vars.conf
+     echo "" >> ./etc/preloaded-vars.conf
+ 
+    cd src && ${MAKEBIN} clean && cd ..

security/ossec-hids/patches/patch-src_Makefile

@@ -0,0 +1,239 @@
+$OpenBSD: patch-src_Makefile,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/Makefile
+--- src/Makefile.orig
++++ src/Makefile
+@@ -15,15 +15,15 @@ PREFIX?=/var/ossec
+ PG_CONFIG?=pg_config
+ MY_CONFIG?=mysql_config
+ PRELUDE_CONFIG?=libprelude-config
+-OSSEC_GROUP?=ossec
+-OSSEC_USER?=ossec
+-OSSEC_USER_MAIL?=ossecm
+-OSSEC_USER_REM?=ossecr
++OSSEC_GROUP?=_ossec
++OSSEC_USER?=_ossec
++OSSEC_USER_MAIL?=_ossecm
++OSSEC_USER_REM?=_ossecr
+ 
+ USE_PRELUDE?=no
+ USE_ZEROMQ?=no
+ USE_GEOIP?=no
+-USE_INOTIFY=no
++USE_INOTIFY=yes
+ 
+ ifneq (${TARGET},winagent)
+ 	USE_OPENSSL?=auto
+@@ -38,7 +38,7 @@ export MYLDFLAGS= "${LDFLAGS}"
+ export MYCFLAGS= "${CFLAGS}"
+ 
+ DEFINES=-DMAX_AGENTS=${MAXAGENTS} -DOSSECHIDS
+-DEFINES+=-DDEFAULTDIR=\"${PREFIX}\"
++DEFINES+=-DDEFAULTDIR=\"${TRUEPREFIX}/ossec-hids\"
+ DEFINES+=-DUSER=\"${OSSEC_USER}\"
+ DEFINES+=-DREMUSER=\"${OSSEC_USER_REM}\"
+ DEFINES+=-DGROUPGLOBAL=\"${OSSEC_GROUP}\"
+@@ -90,9 +90,11 @@ else
+ ifeq (${uname_S},OpenBSD)
+ #		DEFINES+=-DOpenBSD
+ 		DEFINES+=-pthread
++		DEFINES+=-DUSE_MAGIC
+ 		LUA_PLAT=posix
+-		CFLAGS+=-I/usr/local/include
+-		OSSEC_LDFLAGS+=-L/usr/local/lib
++		CFLAGS+=-I${LOCALBASE}/include
++		OSSEC_LDFLAGS+=-L${LOCALBASE}/lib
++		OSSEC_LDFLAGS+=-lmagic
+ else
+ ifeq (${uname_S},HP-UX)
+ 		DEFINES+=-DHPUX
+@@ -121,7 +123,7 @@ OSSEC_CFLAGS=${CFLAGS}
+ ifdef DEBUG
+ 	OSSEC_CFLAGS+=-g
+ else
+-	OSSEC_CFLAGS+=-O2
++	#OSSEC_CFLAGS+=-O2
+ endif #DEBUG
+ 
+ ifneq (,$(filter ${CLEANFULL},yes y Y 1))
+@@ -189,6 +191,10 @@ ifneq (,$(filter ${USE_INOTIFY},auto yes y Y 1))
+ 		OSSEC_LDFLAGS+=-linotify -L/usr/local/lib -I/usr/local/include
+ 		OSSEC_CFLAGS+=-I/usr/local/include
+ 	endif
++	ifeq (${uname_S},OpenBSD)
++		OSSEC_LDFLAGS+=-Wl,-rpath=${LOCALBASE}/lib/inotify -linotify -L${LOCALBASE}/lib/inotify -I${LOCALBASE}/include/inotify
++		OSSEC_CFLAGS+=-I${LOCALBASE}/include/inotify
++	endif
+ endif
+ 
+ ifneq (,$(filter ${USE_PRELUDE},auto yes y Y 1))
+@@ -360,7 +366,7 @@ install-agent: install-common
+ 	install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin
+ 	install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin
+ 
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
++	install -d -m 0750 ${PREFIX}/queue/rids
+ 
+ install-local: install-server-generic
+ 
+@@ -369,12 +375,11 @@ install-hybrid: install-server-generic
+ install-server: install-server-generic
+ 
+ install-common: build
+-	./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs
+-	install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log
++	install -d -m 0750 ${PREFIX}/
++	install -d -m 0750 ${PREFIX}/logs
++	install -m 0660 /dev/null ${PREFIX}/logs/ossec.log
+ 
+-	install -d -m 0550 -o root -g 0 ${PREFIX}/bin
++	install -d -m 0750 -o root -g 0 ${PREFIX}/bin
+ 	install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin
+ 	install -m 0550 -o root -g 0 ossec-syscheckd ${PREFIX}/bin
+ 	install -m 0550 -o root -g 0 ossec-execd ${PREFIX}/bin
+@@ -383,72 +388,73 @@ install-common: build
+ 	install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
+ 
+ ifeq (${LUA_ENABLE},yes)
+-	install -d -m 0550 -o root -g 0 ${PREFIX}/lua
++	install -d -m 0750 -o root -g 0 ${PREFIX}/lua
+ 	install -d -m 0550 -o root -g 0 ${PREFIX}/lua/native
+ 	install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled
+ 	install -m 0550 -o root -g 0 external/lua/src/ossec-lua ${PREFIX}/bin/
+ 	install -m 0550 -o root -g 0 external/lua/src/ossec-luac ${PREFIX}/bin/
+ endif
+ 
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue
+-	install -d -m 0770 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/alerts
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff
++	install -d -m 0750 ${PREFIX}/queue
++	install -d -m 0770 ${PREFIX}/queue/alerts
++	install -d -m 0750 ${PREFIX}/queue/ossec
++	install -d -m 0750 ${PREFIX}/queue/syscheck
++	install -d -m 0750 ${PREFIX}/queue/diff
+ 
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc
+-	install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc
++	install -d -m 0750 ${PREFIX}/etc
++	install -m 0440 /etc/localtime ${PREFIX}/etc
+ 
+-	install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp
++	install -d -m 1550 ${PREFIX}/tmp
+ 
+ ifneq (,$(wildcard /etc/TIMEZONE))
+-	install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/
++	install -m 440 /etc/TIMEZONE ${PREFIX}/etc/
+ endif
+ # Solaris Needs some extra files
+ ifeq (${uname_S},SunOS)
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/
++	install -d -m 0550 ${PREFIX}/usr/share/lib/zoneinfo/
+ 	cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
+ endif
+-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/
++	install -m 0640 -b ../etc/internal_options.conf ${PREFIX}/etc/
+ ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
+-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
++	install -m 0640 ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
+ endif
+ ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
+-	install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys
++	install -m 0640 /dev/null ${PREFIX}/etc/client.keys
+ endif
+ ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
+ ifneq (,$(wildcard ../etc/ossec.mc))
+-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
++	install -m 0640 ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
+ else
+-	install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
++	install -m 0640 ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
+ endif
+ endif
+ 
+-	install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared
+-	install -m 0640 -o ossec -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/
++	install -d -m 0770 ${PREFIX}/etc/shared
++	install -m 0640 rootcheck/db/*.txt ${PREFIX}/etc/shared/
+ 
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless
+-	install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/
++	install -d -m 0750 ${PREFIX}/active-response
++	install -d -m 0750 ${PREFIX}/active-response/bin
++	install -d -m 0750 ${PREFIX}/agentless
++	install -m 0550 agentlessd/scripts/* ${PREFIX}/agentless/
+ 
+-	install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh
++	install -d -m 0700 ${PREFIX}/.ssh
+ 
+-	install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/
+-	install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
++	install -m 0550 ../active-response/*.sh ${PREFIX}/active-response/bin/
++	install -m 0550 ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
+ 
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var
+-	install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run
++	install -d -m 0750 ${PREFIX}/var
++	install -d -m 0770 ${PREFIX}/var/run
++	install -d -m 0770 ${PREFIX}/var/start-script-lock
+ 
+ 	./init/fw-check.sh execute
+ 
+ 
+ 
+ install-server-generic: install-common
+-	install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/active-responses.log
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall
++	install -m 0660 /dev/null ${PREFIX}/logs/active-responses.log
++	install -d -m 0750 ${PREFIX}/logs/archives
++	install -d -m 0750 ${PREFIX}/logs/alerts
++	install -d -m 0750 ${PREFIX}/logs/firewall
+ 
+ 	install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin
+ 	install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin
+@@ -470,27 +476,27 @@ install-server-generic: install-common
+ 	install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/
+ 	install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/
+ 
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats
+-	install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules
++	install -d -m 0750 ${PREFIX}/stats
++	install -d -m 0750 ${PREFIX}/rules
+ ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
+ 	cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
+-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
+-	install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
++	install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules
++	install -m 0640 ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
+ 	rm ${PREFIX}/rules/local_rules.xml.installbackup
+ else
+-	install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
++	install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules
+ endif
+ 
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts
++	install -d -m 0750 ${PREFIX}/queue/fts
+ 
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck
++	install -d -m 0750 ${PREFIX}/queue/rootcheck
+ 
+-	install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info
+-	install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless
++	install -d -m 0750 ${PREFIX}/queue/agent-info
++	install -d -m 0750 ${PREFIX}/queue/agentless
+ 
+-	install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
++	install -d -m 0750 ${PREFIX}/queue/rids
+ 
+-	install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/
++	install -m 0640 ../etc/decoder.xml ${PREFIX}/etc/
+ 
+ 	rm -f ${PREFIX}/etc/shared/merged.mg
+ 

security/ossec-hids/patches/patch-src_external_lua-5_2_3_src_Makefile

@@ -0,0 +1,14 @@
+$OpenBSD: patch-src_external_lua-5_2_3_src_Makefile,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/external/lua-5.2.3/src/Makefile
+--- src/external/lua-5.2.3/src/Makefile.orig
++++ src/external/lua-5.2.3/src/Makefile
+@@ -9,7 +9,7 @@ PLAT= none
+ PREFIX?=/var/ossec
+ 
+ #CC= gcc
+-CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL -DPREFIX=\"$(PREFIX)\" $(SYSCFLAGS) $(MYCFLAGS)
++CFLAGS+= -Wall -DLUA_COMPAT_ALL -DPREFIX=\"$(PREFIX)\" $(SYSCFLAGS) $(MYCFLAGS)
+ LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)
+ LIBS= -lm $(SYSLIBS) $(MYLIBS)
+ 

security/ossec-hids/patches/patch-src_external_zlib-1_2_11_Makefile_in

@@ -0,0 +1,24 @@
+$OpenBSD: patch-src_external_zlib-1_2_11_Makefile_in,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/external/zlib-1.2.11/Makefile.in
+--- src/external/zlib-1.2.11/Makefile.in.orig
++++ src/external/zlib-1.2.11/Makefile.in
+@@ -16,15 +16,15 @@
+ # To install in $HOME instead of /usr/local, use:
+ #    make install prefix=$HOME
+ 
+-CC=cc
++#CC=cc
+ 
+-CFLAGS=-O
++#CFLAGS=-O
+ #CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
+ #CFLAGS=-g -DZLIB_DEBUG
+ #CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
+ #           -Wstrict-prototypes -Wmissing-prototypes
+ 
+-SFLAGS=-O
++#SFLAGS=-O
+ LDFLAGS=
+ TEST_LDFLAGS=-L. libz.a
+ LDSHARED=$(CC)

security/ossec-hids/patches/patch-src_headers_defs_h

@@ -0,0 +1,34 @@
+$OpenBSD: patch-src_headers_defs_h,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/headers/defs.h
+--- src/headers/defs.h.orig
++++ src/headers/defs.h
+@@ -71,23 +71,23 @@ http://www.ossec.net/main/license/\n"
+ 
+ /* User Configuration */
+ #ifndef MAILUSER
+-#define MAILUSER        "ossecm"
++#define MAILUSER        "_ossecm"
+ #endif
+ 
+ #ifndef USER
+-#define USER            "ossec"
++#define USER            "_ossec"
+ #endif
+ 
+ #ifndef REMUSER
+-#define REMUSER         "ossecr"
++#define REMUSER         "_ossecr"
+ #endif
+ 
+ #ifndef GROUPGLOBAL
+-#define GROUPGLOBAL     "ossec"
++#define GROUPGLOBAL     "_ossec"
+ #endif
+ 
+ #ifndef DEFAULTDIR
+-#define DEFAULTDIR      "/var/ossec"
++#define DEFAULTDIR      "${TRUEPREFIX}/ossec-hids"
+ #endif
+ 
+ /* Default queue */

security/ossec-hids/patches/patch-src_headers_shared_h

@@ -0,0 +1,15 @@
+$OpenBSD: patch-src_headers_shared_h,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/headers/shared.h
+--- src/headers/shared.h.orig
++++ src/headers/shared.h
+@@ -39,6 +39,9 @@
+ #include <sys/stat.h>
+ #include <sys/time.h>
+ #include <sys/param.h>
++#ifdef __OpenBSD__
++#include <sys/mount.h>
++#endif
+ 
+ #ifndef WIN32
+ #include <sys/wait.h>

security/ossec-hids/patches/patch-src_shared_fs_op_c

@@ -0,0 +1,46 @@
+$OpenBSD: patch-src_shared_fs_op_c,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+Index: src/shared/fs_op.c
+--- src/shared/fs_op.c.orig
++++ src/shared/fs_op.c
+@@ -35,7 +35,7 @@ const struct file_system_type skip_file_systems[] = {
+ 
+ short IsNFS(const char *dir_name)
+ {
+-#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD))
++#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD) || defined(OpenBSD))
+     struct statfs stfs;
+ 
+     /* ignore NFS (0x6969) or CIFS (0xFF534D42) mounts */
+@@ -43,7 +43,11 @@ short IsNFS(const char *dir_name)
+     {
+         int i;
+         for ( i=0; network_file_systems[i].name != NULL; i++ ) {
++#if __OpenBSD__
++            if(strcasecmp(network_file_systems[i].name, stfs.f_fstypename) == 0 ) {
++#else
+             if(network_file_systems[i].f_type == stfs.f_type ) {
++#endif
+                 return network_file_systems[i].flag;
+             }
+         }
+@@ -69,14 +73,18 @@ short IsNFS(const char *dir_name)
+ 
+ short skipFS(const char *dir_name)
+ {
+-#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD))
++#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD) || defined(OpenBSD))
+     struct statfs stfs;
+ 
+     if ( ! statfs(dir_name, &stfs) )
+     {
+         int i;
+         for ( i=0; skip_file_systems[i].name != NULL; i++ ) {
++#if __OpenBSD__
++            if(strcasecmp(skip_file_systems[i].name, stfs.f_fstypename) == 0 ) {
++#else
+             if(skip_file_systems[i].f_type == stfs.f_type ) {
++#endif
+                 debug1("%s: Skipping dir (FS %s): %s ", ARGV0, skip_file_systems[i].name, dir_name);
+                 return skip_file_systems[i].flag;
+             }

security/ossec-hids/pkg/DESCR

@@ -0,0 +1,4 @@
+OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
+System (HIDS). It has a powerful correlation and analysis engine, integrating
+log analysis, file integrity checking, Windows registry monitoring, centralized
+policy enforcement, rootkit detection, real-time alerting and active response.

security/ossec-hids/pkg/MESSAGE

@@ -0,0 +1,6 @@
+For hybrid setups (server and agent on the same machine),
+remember to first execute
+
+${TRUEPREFIX}/ossec-hids/bin/manage_agents
+
+to add a local agent and then start the daemons through rcctl(1).

security/ossec-hids/pkg/PLIST

@@ -0,0 +1,291 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+@newgroup _ossec:827
+@newuser _ossec:827:_ossec:daemon:OSSEC Account:/nonexistent:/sbin/nologin
+@newuser _ossecm:828:_ossec:daemon:OSSEC Mail Account:/nonexistent:/sbin/nologin
+@newuser _ossecr:829:_ossec:daemon:OSSEC Rem Account:/nonexistent:/sbin/nologin
+ossec-hids/bin/
+@bin ossec-hids/bin/agent_control
+@bin ossec-hids/bin/clear_stats
+@bin ossec-hids/bin/list_agents
+@bin ossec-hids/bin/manage_agents
+@bin ossec-hids/bin/ossec-agentlessd
+@bin ossec-hids/bin/ossec-analysisd
+@bin ossec-hids/bin/ossec-authd
+ossec-hids/ossec-agent/bin/
+@bin ossec-hids/ossec-agent/bin/agent-auth
+@bin ossec-hids/ossec-agent/bin/manage_agents
+@bin ossec-hids/ossec-agent/bin/ossec-agentd
+@bin ossec-hids/ossec-agent/bin/ossec-execd
+ossec-hids/lua/
+ossec-hids/lua/compiled/
+ossec-hids/lua/native/
+ossec-hids/ossec-agent/lua/
+ossec-hids/ossec-agent/lua/compiled/
+ossec-hids/ossec-agent/lua/native/
+ossec-hids/ossec-agent/
+ossec-hids/tmp/
+ossec-hids/ossec-agent/tmp/
+@group _ossec
+ossec-hids/queue/
+ossec-hids/ossec-agent/queue/
+ossec-hids/etc/
+ossec-hids/etc/client.keys
+ossec-hids/etc/decoder.xml
+ossec-hids/etc/internal_options.conf
+ossec-hids/etc/local_internal_options.conf
+ossec-hids/etc/localtime
+ossec-hids/etc/ossec.conf
+@mode 770
+ossec-hids/etc/shared/
+ossec-hids/ossec-agent/etc/shared/
+@mode
+ossec-hids/etc/shared/cis_apache2224_rcl.txt
+ossec-hids/etc/shared/cis_debian_linux_rcl.txt
+ossec-hids/etc/shared/cis_mysql5-6_community_rcl.txt
+ossec-hids/etc/shared/cis_mysql5-6_enterprise_rcl.txt
+ossec-hids/etc/shared/cis_rhel5_linux_rcl.txt
+ossec-hids/etc/shared/cis_rhel6_linux_rcl.txt
+ossec-hids/etc/shared/cis_rhel7_linux_rcl.txt
+ossec-hids/etc/shared/cis_rhel_linux_rcl.txt
+ossec-hids/etc/shared/cis_sles11_linux_rcl.txt
+ossec-hids/etc/shared/cis_sles12_linux_rcl.txt
+ossec-hids/etc/shared/cis_win2012r2_domainL1_rcl.txt
+ossec-hids/etc/shared/cis_win2012r2_domainL2_rcl.txt
+ossec-hids/etc/shared/cis_win2012r2_memberL1_rcl.txt
+ossec-hids/etc/shared/cis_win2012r2_memberL2_rcl.txt
+ossec-hids/etc/shared/rootkit_files.txt
+ossec-hids/etc/shared/rootkit_trojans.txt
+ossec-hids/etc/shared/system_audit_rcl.txt
+ossec-hids/etc/shared/system_audit_ssh.txt
+ossec-hids/etc/shared/win_applications_rcl.txt
+ossec-hids/etc/shared/win_audit_rcl.txt
+ossec-hids/etc/shared/win_malware_rcl.txt
+ossec-hids/ossec-agent/etc/
+ossec-hids/ossec-agent/etc/client.keys
+ossec-hids/ossec-agent/etc/internal_options.conf
+ossec-hids/ossec-agent/etc/local_internal_options.conf
+ossec-hids/ossec-agent/etc/localtime
+ossec-hids/ossec-agent/etc/ossec-init.conf
+ossec-hids/ossec-agent/etc/ossec.conf
+ossec-hids/ossec-agent/etc/shared/cis_apache2224_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_debian_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_mysql5-6_community_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_mysql5-6_enterprise_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_rhel5_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_rhel6_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_rhel7_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_rhel_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_sles11_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_sles12_linux_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_win2012r2_domainL1_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_win2012r2_domainL2_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_win2012r2_memberL1_rcl.txt
+ossec-hids/ossec-agent/etc/shared/cis_win2012r2_memberL2_rcl.txt
+ossec-hids/ossec-agent/etc/shared/rootkit_files.txt
+ossec-hids/ossec-agent/etc/shared/rootkit_trojans.txt
+ossec-hids/ossec-agent/etc/shared/system_audit_rcl.txt
+ossec-hids/ossec-agent/etc/shared/system_audit_ssh.txt
+ossec-hids/ossec-agent/etc/shared/win_applications_rcl.txt
+ossec-hids/ossec-agent/etc/shared/win_audit_rcl.txt
+ossec-hids/ossec-agent/etc/shared/win_malware_rcl.txt
+ossec-hids/bin/ossec-control
+ossec-hids/ossec-agent/bin/ossec-control
+ossec-hids/.ssh/
+ossec-hids/ossec-agent/.ssh/
+ossec-hids/active-response/
+ossec-hids/active-response/bin/
+ossec-hids/active-response/bin/disable-account.sh
+ossec-hids/active-response/bin/firewall-drop.sh
+ossec-hids/active-response/bin/firewalld-drop.sh
+ossec-hids/active-response/bin/host-deny.sh
+ossec-hids/active-response/bin/ip-customblock.sh
+ossec-hids/active-response/bin/ipfw.sh
+ossec-hids/active-response/bin/ipfw_mac.sh
+ossec-hids/active-response/bin/npf.sh
+ossec-hids/active-response/bin/ossec-pagerduty.sh
+ossec-hids/active-response/bin/ossec-slack.sh
+ossec-hids/active-response/bin/ossec-tweeter.sh
+ossec-hids/active-response/bin/pf.sh
+ossec-hids/active-response/bin/restart-ossec.sh
+ossec-hids/active-response/bin/route-null.sh
+ossec-hids/ossec-agent/active-response/
+ossec-hids/ossec-agent/active-response/bin/
+ossec-hids/ossec-agent/active-response/bin/disable-account.sh
+ossec-hids/ossec-agent/active-response/bin/firewall-drop.sh
+ossec-hids/ossec-agent/active-response/bin/firewalld-drop.sh
+ossec-hids/ossec-agent/active-response/bin/host-deny.sh
+ossec-hids/ossec-agent/active-response/bin/ip-customblock.sh
+ossec-hids/ossec-agent/active-response/bin/ipfw.sh
+ossec-hids/ossec-agent/active-response/bin/ipfw_mac.sh
+ossec-hids/ossec-agent/active-response/bin/npf.sh
+ossec-hids/ossec-agent/active-response/bin/ossec-pagerduty.sh
+ossec-hids/ossec-agent/active-response/bin/ossec-slack.sh
+ossec-hids/ossec-agent/active-response/bin/ossec-tweeter.sh
+ossec-hids/ossec-agent/active-response/bin/pf.sh
+ossec-hids/ossec-agent/active-response/bin/restart-ossec.sh
+ossec-hids/ossec-agent/active-response/bin/route-null.sh
+ossec-hids/agentless/
+ossec-hids/agentless/main.exp
+ossec-hids/agentless/register_host.sh
+ossec-hids/agentless/ssh.exp
+ossec-hids/agentless/ssh_asa-fwsmconfig_diff
+ossec-hids/agentless/ssh_foundry_diff
+ossec-hids/agentless/ssh_generic_diff
+ossec-hids/agentless/ssh_integrity_check_bsd
+ossec-hids/agentless/ssh_integrity_check_linux
+ossec-hids/agentless/ssh_nopass.exp
+ossec-hids/agentless/ssh_pixconfig_diff
+ossec-hids/agentless/sshlogin.exp
+ossec-hids/agentless/su.exp
+ossec-hids/ossec-agent/agentless/
+ossec-hids/ossec-agent/agentless/main.exp
+ossec-hids/ossec-agent/agentless/register_host.sh
+ossec-hids/ossec-agent/agentless/ssh.exp
+ossec-hids/ossec-agent/agentless/ssh_asa-fwsmconfig_diff
+ossec-hids/ossec-agent/agentless/ssh_foundry_diff
+ossec-hids/ossec-agent/agentless/ssh_generic_diff
+ossec-hids/ossec-agent/agentless/ssh_integrity_check_bsd
+ossec-hids/ossec-agent/agentless/ssh_integrity_check_linux
+ossec-hids/ossec-agent/agentless/ssh_nopass.exp
+ossec-hids/ossec-agent/agentless/ssh_pixconfig_diff
+ossec-hids/ossec-agent/agentless/sshlogin.exp
+ossec-hids/ossec-agent/agentless/su.exp
+ossec-hids/rules/apache_rules.xml
+ossec-hids/rules/apparmor_rules.xml
+ossec-hids/rules/arpwatch_rules.xml
+ossec-hids/rules/asterisk_rules.xml
+ossec-hids/rules/attack_rules.xml
+ossec-hids/rules/cimserver_rules.xml
+ossec-hids/rules/cisco-ios_rules.xml
+ossec-hids/rules/clam_av_rules.xml
+ossec-hids/rules/courier_rules.xml
+ossec-hids/rules/dovecot_rules.xml
+ossec-hids/rules/dropbear_rules.xml
+ossec-hids/rules/exim_rules.xml
+ossec-hids/rules/firewall_rules.xml
+ossec-hids/rules/firewalld_rules.xml
+ossec-hids/rules/ftpd_rules.xml
+ossec-hids/rules/hordeimp_rules.xml
+ossec-hids/rules/ids_rules.xml
+ossec-hids/rules/imapd_rules.xml
+ossec-hids/rules/local_rules.xml
+ossec-hids/rules/mailscanner_rules.xml
+ossec-hids/rules/mcafee_av_rules.xml
+ossec-hids/rules/ms-exchange_rules.xml
+ossec-hids/rules/ms-se_rules.xml
+ossec-hids/rules/ms_dhcp_rules.xml
+ossec-hids/rules/ms_ftpd_rules.xml
+ossec-hids/rules/msauth_rules.xml
+ossec-hids/rules/mysql_rules.xml
+ossec-hids/rules/named_rules.xml
+ossec-hids/rules/netscreenfw_rules.xml
+ossec-hids/rules/nginx_rules.xml
+ossec-hids/rules/nsd_rules.xml
+ossec-hids/rules/openbsd-dhcpd_rules.xml
+ossec-hids/rules/openbsd_rules.xml
+ossec-hids/rules/opensmtpd_rules.xml
+ossec-hids/rules/ossec_rules.xml
+ossec-hids/rules/owncloud_rules.xml
+ossec-hids/rules/pam_rules.xml
+ossec-hids/rules/php_rules.xml
+ossec-hids/rules/pix_rules.xml
+ossec-hids/rules/policy_rules.xml
+ossec-hids/rules/postfix_rules.xml
+ossec-hids/rules/postgresql_rules.xml
+ossec-hids/rules/proftpd_rules.xml
+ossec-hids/rules/proxmox-ve_rules.xml
+ossec-hids/rules/psad_rules.xml
+ossec-hids/rules/pure-ftpd_rules.xml
+ossec-hids/rules/racoon_rules.xml
+ossec-hids/rules/roundcube_rules.xml
+ossec-hids/rules/rules_config.xml
+ossec-hids/rules/sendmail_rules.xml
+ossec-hids/rules/smbd_rules.xml
+ossec-hids/rules/solaris_bsm_rules.xml
+ossec-hids/rules/sonicwall_rules.xml
+ossec-hids/rules/spamd_rules.xml
+ossec-hids/rules/squid_rules.xml
+ossec-hids/rules/sshd_rules.xml
+ossec-hids/rules/symantec-av_rules.xml
+ossec-hids/rules/symantec-ws_rules.xml
+ossec-hids/rules/syslog_rules.xml
+ossec-hids/rules/sysmon_rules.xml
+ossec-hids/rules/systemd_rules.xml
+ossec-hids/rules/telnetd_rules.xml
+ossec-hids/rules/trend-osce_rules.xml
+ossec-hids/rules/unbound_rules.xml
+ossec-hids/rules/vmpop3d_rules.xml
+ossec-hids/rules/vmware_rules.xml
+ossec-hids/rules/vpn_concentrator_rules.xml
+ossec-hids/rules/vpopmail_rules.xml
+ossec-hids/rules/vsftpd_rules.xml
+ossec-hids/rules/web_appsec_rules.xml
+ossec-hids/rules/web_rules.xml
+ossec-hids/rules/wordpress_rules.xml
+ossec-hids/rules/zeus_rules.xml
+@owner _ossec
+@group _ossec
+@bin ossec-hids/bin/ossec-csyslogd
+@bin ossec-hids/bin/ossec-dbd
+@bin ossec-hids/bin/ossec-execd
+@bin ossec-hids/bin/ossec-logcollector
+@bin ossec-hids/bin/ossec-logtest
+@bin ossec-hids/bin/ossec-lua
+@bin ossec-hids/bin/ossec-luac
+@bin ossec-hids/bin/ossec-maild
+@bin ossec-hids/bin/ossec-makelists
+@bin ossec-hids/bin/ossec-monitord
+@bin ossec-hids/bin/ossec-regex
+@bin ossec-hids/bin/ossec-remoted
+@bin ossec-hids/bin/ossec-reportd
+@bin ossec-hids/bin/ossec-syscheckd
+@bin ossec-hids/bin/rootcheck_control
+@bin ossec-hids/bin/syscheck_control
+@bin ossec-hids/bin/syscheck_update
+@bin ossec-hids/bin/util.sh
+@bin ossec-hids/bin/verify-agent-conf
+ossec-hids/stats/
+ossec-hids/queue/agentless/
+@mode 770
+ossec-hids/queue/alerts/
+ossec-hids/ossec-agent/queue/alerts/
+@mode
+ossec-hids/queue/diff/
+ossec-hids/queue/fts/
+ossec-hids/queue/ossec/
+ossec-hids/queue/rootcheck/
+ossec-hids/queue/syscheck/
+ossec-hids/ossec-agent/queue/diff/
+ossec-hids/ossec-agent/queue/ossec/
+ossec-hids/ossec-agent/queue/syscheck/
+ossec-hids/logs/
+ossec-hids/logs/alerts/
+ossec-hids/logs/archives/
+ossec-hids/logs/firewall/
+@mode 660
+ossec-hids/logs/active-responses.log
+ossec-hids/logs/ossec.log
+ossec-hids/ossec-agent/logs/ossec.log
+@mode
+ossec-hids/ossec-agent/logs/
+ossec-hids/var/
+@mode 770
+ossec-hids/var/run/
+ossec-hids/var/start-script-lock/
+ossec-hids/ossec-agent/var/run/
+ossec-hids/ossec-agent/var/start-script-lock/
+@mode
+ossec-hids/ossec-agent/var/
+@bin ossec-hids/ossec-agent/bin/ossec-lua
+@bin ossec-hids/ossec-agent/bin/ossec-luac
+@bin ossec-hids/ossec-agent/bin/ossec-syscheckd
+ossec-hids/ossec-agent/bin/util.sh
+@owner _ossecr
+@group _ossec
+ossec-hids/queue/agent-info/
+ossec-hids/queue/rids/
+ossec-hids/ossec-agent/queue/rids/
+@owner
+@group
+@mode
+@rcscript ${RCDIR}/ossec_hids

security/ossec-hids/pkg/ossec_hids.rc

@@ -0,0 +1,25 @@
+#!/bin/ksh
+#
+# $OpenBSD: ossec_hids.rc,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
+
+daemon="${TRUEPREFIX}/ossec-hids/bin/ossec-control"
+
+. /etc/rc.d/rc.subr
+
+rc_start() {
+	${rcexec} "${daemon} ${daemon_flags} start"
+}
+
+rc_check() {
+	${rcexec} "${daemon} ${daemon_flags} status"
+}
+
+rc_reload() {
+	${rcexec} "${daemon} ${daemon_flags} reload"
+}
+
+rc_stop() {
+	${rcexec} "${daemon} ${daemon_flags} stop"
+}
+
+rc_cmd $1