From pauls@utdallas.edu  Mon Feb 14 00:57:11 2005
Return-Path: <pauls@utdallas.edu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 11FE816A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 14 Feb 2005 00:57:11 +0000 (GMT)
Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 850DE43D45
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 14 Feb 2005 00:57:10 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from buttercup2 (buttercup2.utdallas.edu [10.110.3.83])
	by smtp1.utdallas.edu (Postfix) with ESMTP id F334B388D50
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 13 Feb 2005 18:57:09 -0600 (CST)
Received: by buttercup2 (Postfix, from userid 1000)
	id A1DFA3C812D; Sun, 13 Feb 2005 18:54:20 -0600 (CST)
Message-Id: <20050214005420.A1DFA3C812D@buttercup2>
Date: Sun, 13 Feb 2005 18:54:20 -0600 (CST)
From: Paul Schmehl <pauls@utdallas.edu>
Reply-To: Paul Schmehl <pauls@utdallas.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: New port submission - security/sguil-sensor
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         77473
>Category:       ports
>Synopsis:       New port submission - security/sguil-sensor
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 14 01:00:38 GMT 2005
>Closed-Date:    Fri Jul 22 18:00:15 GMT 2005
>Last-Modified:  Fri Jul 22 18:00:15 GMT 2005
>Originator:     Paul Schmehl
>Release:        FreeBSD 4.9-SECURITY i386
>Organization:
University of Texas at Dallas
>Environment:
System: FreeBSD unknown.utdallas.edu 4.9-SECURITY FreeBSD 4.9-SECURITY #0: Mon Jun 7 18:02:41 GMT 2004 root@builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	Sguil is a network security management system that provides log and IDS aggregation
        as well as in-depth packet inspection.  Sguil-sensor is the sensor portion of the 
        system and is designed to incorporate snort and other network analysis tools into
        an integrated framework.
>How-To-Repeat:
	
>Fix:

	

--- sguil-sensor.port begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	/usr/ports/security/sguil-sensor
#	/usr/ports/security/sguil-sensor/Makefile
#	/usr/ports/security/sguil-sensor/pkg-descr
#	/usr/ports/security/sguil-sensor/distinfo
#	/usr/ports/security/sguil-sensor/pkg-message
#	/usr/ports/security/sguil-sensor/files
#	/usr/ports/security/sguil-sensor/files/sensoragent.sh
#	/usr/ports/security/sguil-sensor/pkg-install
#	/usr/ports/security/sguil-sensor/pkg-plist
#
echo c - /usr/ports/security/sguil-sensor
mkdir -p /usr/ports/security/sguil-sensor > /dev/null 2>&1
echo x - /usr/ports/security/sguil-sensor/Makefile
sed 's/^X//' >/usr/ports/security/sguil-sensor/Makefile << 'END-of-/usr/ports/security/sguil-sensor/Makefile'
X# New ports collection makefile for:	sguil-sensor
X# Date created:				9 Feb 2005
X# Whom:					Paul Schmehl <pauls@utdallas.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME=	sguil-sensor
XPORTVERSION=	0.5.3
XCATEGORIES=	security
XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE}sguil/
X
XMAINTAINER=	pauls@utdallas.edu
XCOMMENT=	Squil is a network security management program
X
X#LIB_DEPENDS+=	tcl84:${PORTSDIR}/lang/tcl84
XRUN_DEPENDS+=	${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort \
X		${LOCALBASE}/bin/barnyard:${PORTSDIR}/security/barnyard
X
XOPTIONS=	MYSQL "Enable MySQL support" off \
X		POSTGRESQL "Enable PostgreSQL support" off \
X		SANCP "Enable SANCP support" off
X
XWITHOUT_X11=	yes
XNO_BUILD=	yes
XWRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
XUSE_REINPLACE=	yes
XUSE_RC_SUBR=	yes
XRC_SCRIPTS_SUB=	PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
X
XPORTDOCS=	CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
X		OPENSSL.README TODO USAGE sguildb.dia
X
XWITH_PCRE=		true
X
XINSTALL_WRKSRC=	${WRKSRC}/ \
X		${WRKSRC}/docs \
X		${WRKSRC}/sensor \
X		${WRKSRC}/sensor/contrib \
X		${WRKSRC}/sensor/init \
X		${WRKSRC}/sensor/sancp \
X		${WRKSRC}/sensor/snort_mods \
X		${WRKSRC}/sensor/snort_mods/1_9 \
X		${WRKSRC}/sensor/snort_mods/2_0 \
X		${WRKSRC}/sensor/snort_mods/2_1 \
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITHOUT_X11)
XLIB_DEPENDS+=	tclx83:${PORTSDIR}/lang/tclX
XDEPENDS_ARGS+=	WITHOUT_X11=yes
X.endif
X
X.if defined(WITH_MYSQL)
XUSE_MYSQL=		yes
X.endif
X
X.if defined(WITH_POSTGRESQL)
XUSE_PGSQL=		yes
X.endif
X
X.if defined(WITH_SANCP)
XRUN_DEPENDS+=	${LOCALBASE}/bin/sancp:${PORTSDIR}/security/sancp
X.endif
X
Xdo-install:
X	@${MKDIR} ${PREFIX}/bin/sguil-sensor
X
Xpost-install:
X	${SH} ${PKGINSTALL}
X	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl ${PREFIX}/bin/sguil-sensor/sensor_agent.tcl
X	${INSTALL_SCRIPT} -m 751 ${FILESDIR}/sensoragent.sh ${PREFIX}/etc/rc.d/sensoragent.sh-sample
X.for f in log_packets.sh
X	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample
X	[ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \
X	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}
X.endfor
X.for f in sensor_agent.conf
X	${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}-sample
X	[ -f ${PREFIX}/bin/sguil-sensor/${f} ] || \
X	${INSTALL_DATA} ${WRKSRC}/sensor/${f} ${PREFIX}/bin/sguil-sensor/${f}
X.endfor
X.if defined(WITH_SANCP)
X.for f in sancp.conf
X	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}-sample
X	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} ${PREFIX}/etc/${f}
X.endfor
X.endif
X.if !defined(NOPORTDOCS)
X	@${MKDIR} ${DOCSDIR}
X	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
X.endif
X	@${SED} 's|%%PREFIX%%|${PREFIX}|' ${PKGMESSAGE}
X
X.include <bsd.port.post.mk>
END-of-/usr/ports/security/sguil-sensor/Makefile
echo x - /usr/ports/security/sguil-sensor/pkg-descr
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-descr << 'END-of-/usr/ports/security/sguil-sensor/pkg-descr'
XSguil is a network security management system.
X
XSguil (pronounced sgweel) is built by network 
Xsecurity analysts for network security analysts. 
XSguil's main component is an intuitive GUI that 
Xprovides realtime events from snort/barnyard. It 
Xalso includes other components which facilitate 
Xthe practice of Network Security Monitoring and 
Xevent driven analysis of IDS alerts. The sguil 
Xclient is written in tcl/tk and can be run on any 
Xoperating system that supports tcl/tk (including 
XLinux, *BSD, Solaris, MacOS, and Win32).
X
XWant to learn more about Network Security Monitoring 
X(NSM)? Then check out Richard Bejtlich's recently 
Xreleased book, The Tao of Network Security Monitoring: 
XBeyond Intrusion Detection. An excerpt reads:
X
X"Network security monitoring (NSM) equips security 
Xstaff to deal with the inevitable consequences of too 
Xfew resources and too many responsibilities. NSM collects 
Xthe data needed to generate better assessment, detection, 
Xand response processes--resulting in decreased impact from 
Xunauthorized activities."
END-of-/usr/ports/security/sguil-sensor/pkg-descr
echo x - /usr/ports/security/sguil-sensor/distinfo
sed 's/^X//' >/usr/ports/security/sguil-sensor/distinfo << 'END-of-/usr/ports/security/sguil-sensor/distinfo'
XMD5 (sguil-sensor-0.5.3.tar.gz) = 681fa7e99aa674c0e2be4788ef503d69
XSIZE (sguil-sensor-0.5.3.tar.gz) = 89816
END-of-/usr/ports/security/sguil-sensor/distinfo
echo x - /usr/ports/security/sguil-sensor/pkg-message
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-message << 'END-of-/usr/ports/security/sguil-sensor/pkg-message'
X         ***********************************
X         * !!!!!!!!!!! WARNING !!!!!!!!!!! *
X         ***********************************
X
XYou MUST edit the log_packets.sh script (the script is located in 
X%%PREFIX%%/bin/sguil-sensor) to fit your configuration before running 
Xthe sguil-sensor.  See the %%PREFIX%%/${DOCSDIR}/INSTALL doc for details on the 
Xconfiguration and for croning the script.
X
XYou must ALSO edit the sensor_agent.conf file (located in %%PREFIX%%/bin/sguil-sensor)
Xto reflect your configuration before starting the agent.
X
XA startup script, named sensoragent.sh-sample was installed in
X%%PREFIX%%/etc/rc.d/.  Create a copy named sensoragent.sh in the
Xsame directory and enable the script in /etc/rc.conf using
Xthe usual rc.subr syntax.  See rc.conf(5) or go to
Xhttp://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-rcng.html
X
XIf you chose to run sancp, and you already had a sancp.conf file in
X%%PREFIX%%/etc, it is copied to sancp.conf-orig during the install. 
XThen the new sancp.conf-sample file contains the settings for squil.
XIf you still want to maintain the customized sancp.conf file, then copy 
Xthe new sancp.conf-sample file to sguild-sancp.conf (for example) and edit
Xthe %%PREFIX%%/etc/rc.d/sancp.sh to reflect the new conf file name. Then
Xcopy the sancp.conf-orig file to sancp.conf to restore your original file.
XNote that this will require two custom sancp.sh scripts, so proceed accordingly.
END-of-/usr/ports/security/sguil-sensor/pkg-message
echo c - /usr/ports/security/sguil-sensor/files
mkdir -p /usr/ports/security/sguil-sensor/files > /dev/null 2>&1
echo x - /usr/ports/security/sguil-sensor/files/sensoragent.sh
sed 's/^X//' >/usr/ports/security/sguil-sensor/files/sensoragent.sh << 'END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh'
X#!/bin/sh
X# 
X
X# PROVIDE: sensoragent
X# REQUIRE: DAEMON
X# BEFORE: LOGIN
X# KEYWORD: FreeBSD shutdown
X
X# Add the following lines to /etc/rc.conf to enable sensoragent:
X# sensoragent_enable (bool):	Set to YES to enable sensoragent
X# 				Default: NO
X# sensoragent_conf (str):	Sguil-sensor configuration file
X#				Default: ${PREFIX}/etc/sensoragent.conf
X#
X
X. /usr/local/etc/rc.subr
X
Xname="sensoragent"
Xrcvar=`set_rcvar`
X
Xcommand="/usr/local/bin/sguil-sensor/sensor_agent.tcl"
X
Xload_rc_config $name
X
X[ -z "$sensoragent_enable" ]    && sensoragent_enable="NO"
X[ -z "$sensoragent_conf" ]      && sensoragent_conf="/usr/local/bin/sguil-sensor/sensor_agent.conf"
X
X[ -n "$sensoragent_conf" ]      && sensoragent_flags="$sensoragent_flags -c $sensoragent_conf"
X
Xrun_rc_command "$1"
END-of-/usr/ports/security/sguil-sensor/files/sensoragent.sh
echo x - /usr/ports/security/sguil-sensor/pkg-install
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-install << 'END-of-/usr/ports/security/sguil-sensor/pkg-install'
X#!/bin/sh
X
XPATH=/bin:/usr/sbin
X
XUSER=sguil
XGROUP=${USER}
XPREFIX=/usr/local
XHOMEDIR="${PREFIX}/bin/sguil-sensor"
X
Xif [ -f ${PREFIX}/etc/sancp.conf ]; then
X	cp ${PREFIX}/etc/sancp.conf ${PREFIX}/etc/sancp.conf-orig
Xfi
X
Xif pw group show "${GROUP}" 2>/dev/null; then
X	echo "You already have a group \"${GROUP}\", so I will use it."
Xelse
X	if pw groupadd ${GROUP}; then
X		echo "Added group \"${GROUP}\"."
X	else
X		echo "Adding group \"${GROUP}\" failed..."
X		exit 1
X	fi
Xfi
X
Xif pw user show "${USER}" 2>/dev/null; then
X	echo "You already have a user \"${USER}\", so I will use it."
X	if pw usermod ${USER} -d ${HOMEDIR}
X	then
X		echo "Changed home directory of \"${USER}\" to \"${HOMEDIR}\""
X	else
X		echo "Changing home directory of \"${USER}\" to \"${HOMEDIR}\" failed..."
X		exit 1
X	fi
Xelse
X	if pw useradd ${USER} -g ${GROUP} -h - \
X		-d ${HOMEDIR} -s /sbin/nologin -c "Sguil Sensor"
X	then
X		echo "Added user \"${USER}\"."
X	else
X		echo "Adding user \"${USER}\" failed..."
X		exit 1
X	fi
Xfi
X
Xchown -R ${USER}:${GROUP} ${HOMEDIR}
Xchmod 750 ${HOMEDIR}
END-of-/usr/ports/security/sguil-sensor/pkg-install
echo x - /usr/ports/security/sguil-sensor/pkg-plist
sed 's/^X//' >/usr/ports/security/sguil-sensor/pkg-plist << 'END-of-/usr/ports/security/sguil-sensor/pkg-plist'
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] && cmp -s %D/etc/rc.d/sensoragent.sh %D/etc/rc.d/sensoragent.sh-sample; then rm -f %D/etc/rc.d/sensoragent.sh; fi
Xetc/rc.d/sensoragent.sh-sample
X@unexec if [ -f %D/etc/sancp.conf ] && cmp -s %D/etc/sancp.conf %D/etc/sancp.conf-sample; then rm -f %D/etc/sancp.conf; fi
Xetc/sancp.conf-sample
X@unexec rm -fr %D/bin/sguil-sensor
X@unexec rm -fr %%DOCSDIR%%
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "* WARNING!!!!   WARNING!!!!   WARNING!!!! *"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ] || [ -f %D/etc/sancp.conf ]; then echo "*******************************************"; fi
X@unexec if [ -f %D/etc/rc.d/sensoragent.sh ]; then echo ""; echo "The %D/etc/rc.d/sensoragent.sh file was not removed!"; fi
X@unexec if [ -f %D/etc/sancp.conf ]; then echo ""; echo "The %D/etc/sancp.conf file was not removed!"; fi
END-of-/usr/ports/security/sguil-sensor/pkg-plist
exit
--- sguil-sensor.port ends here ---


>Release-Note:
>Audit-Trail:

From: Paul Schmehl <pauls@utdallas.edu>
To: freebsd-gnats-submit@FreeBSD.org, pauls@utdallas.edu
Cc:  
Subject: Re: ports/77473: New port submission - security/sguil-sensor
Date: Thu, 17 Feb 2005 09:49:17 -0600

 --==========1A5E7CBB8CD55E2C3B5E==========
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Changes to the Makefile - I discovered (from the developer) that postgresql 
 support won't be available for a while, so I removed the options to select 
 either mysql or postgresql.
 
 Paul Schmehl (pauls@utdallas.edu)
 Adjunct Information Security Officer
 The University of Texas at Dallas
 AVIEN Founding Member
 http://www.utdallas.edu
 --==========1A5E7CBB8CD55E2C3B5E==========
 Content-Type: application/octet-stream; name=patch-Makefile
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename=patch-Makefile; size=727
 
 LS0tIE1ha2VmaWxlCVRodSBGZWIgMTcgMDk6MzI6NDAgMjAwNQorKysgTWFrZWZpbGUub3JpZwlU
 aHUgRmViIDE3IDA5OjMxOjU2IDIwMDUKQEAgLTEzLDEwICsxMywxMyBAQAogTUFJTlRBSU5FUj0J
 cGF1bHNAdXRkYWxsYXMuZWR1CiBDT01NRU5UPQlTcXVpbCBpcyBhIG5ldHdvcmsgc2VjdXJpdHkg
 bWFuYWdlbWVudCBwcm9ncmFtCiAKKyNMSUJfREVQRU5EUys9CXRjbDg0OiR7UE9SVFNESVJ9L2xh
 bmcvdGNsODQKIFJVTl9ERVBFTkRTKz0JJHtMT0NBTEJBU0V9L2Jpbi9zbm9ydDoke1BPUlRTRElS
 fS9zZWN1cml0eS9zbm9ydCBcCiAJCSR7TE9DQUxCQVNFfS9iaW4vYmFybnlhcmQ6JHtQT1JUU0RJ
 Un0vc2VjdXJpdHkvYmFybnlhcmQKIAotT1BUSU9OUz0JU0FOQ1AgIkVuYWJsZSBTQU5DUCBzdXBw
 b3J0IiBvZmYKK09QVElPTlM9CU1ZU1FMICJFbmFibGUgTXlTUUwgc3VwcG9ydCIgb2ZmIFwKKwkJ
 UE9TVEdSRVNRTCAiRW5hYmxlIFBvc3RncmVTUUwgc3VwcG9ydCIgb2ZmIFwKKwkJU0FOQ1AgIkVu
 YWJsZSBTQU5DUCBzdXBwb3J0IiBvZmYKIAogV0lUSE9VVF9YMTE9CXllcwogTk9fQlVJTEQ9CXll
 cwpAQCAtNTAsNiArNTMsMTAgQEAKIAogLmlmIGRlZmluZWQoV0lUSF9NWVNRTCkKIFVTRV9NWVNR
 TD0JCXllcworLmVuZGlmCisKKy5pZiBkZWZpbmVkKFdJVEhfUE9TVEdSRVNRTCkKK1VTRV9QR1NR
 TD0JCXllcwogLmVuZGlmCiAKIC5pZiBkZWZpbmVkKFdJVEhfU0FOQ1ApCg==
 
 --==========1A5E7CBB8CD55E2C3B5E==========--
 
State-Changed-From-To: open->closed 
State-Changed-By: sem 
State-Changed-When: Fri Apr 15 15:48:44 GMT 2005 
State-Changed-Why:  
Sepreseded by ports/77690 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77473 
State-Changed-From-To: closed->open 
State-Changed-By: sem 
State-Changed-When: Thu Jul 14 05:17:25 GMT 2005 
State-Changed-Why:  
reopened. was closed by accident: sensor != server. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77473 
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Fri Jul 22 17:59:56 GMT 2005 
State-Changed-Why:  
Superceeded by ports/83812. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=77473 
>Unformatted:
