Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ports/46982: The Samhain Intrusion Detection System

0 views
Skip to first unread message

David Thiel

unread,
Jan 11, 2003, 6:10:24 PM1/11/03
to

>Number: 46982
>Category: ports
>Synopsis: The Samhain Intrusion Detection System
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 11 15:10:03 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: David Thiel <l...@redundancy.redundancy.org>
>Release: FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 4.7-STABLE FreeBSD 4.7-STABLE #35: Thu Jan 2 17:44:25 PST 2003 l...@redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386



>Description:
Samhain is a host-based Intrusion Detection System and integrity
checker with advanced features such as centralized logging,
MySQL/PostgreSQL support, and rootkit detection.
>How-To-Repeat:

>Fix:

--- samhain.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# samhain
# samhain/Makefile
# samhain/pkg-comment
# samhain/pkg-descr
# samhain/distinfo
# samhain/pkg-plist
# samhain/files
# samhain/files/patch-aa
# samhain/files/patch-ab
#
echo c - samhain
mkdir -p samhain > /dev/null 2>&1
echo x - samhain/Makefile
sed 's/^X//' >samhain/Makefile << 'END-of-samhain/Makefile'
X# New ports collection makefile for: samhain
X# Date created: 9 January 2003
X# Whom: lx
X#
X# $FreeBSD$
X#
X
XPORTNAME= samhain
XPORTVERSION= 1.7.1a
XCATEGORIES= security
XMASTER_SITES= http://la-samhna.de/samhain/
XDISTFILES= samhain_signed-${PORTVERSION}.tar.gz
X
XMAINTAINER= l...@redundancy.redundancy.org
X
XGNU_CONFIGURE= yes
XCONFIGURE_ARGS= --enable-login-watch --localstatedir=/var --mandir=${PREFIX}/man
X
X.if defined(TRUSTED_USER)
XCONFIGURE_ARGS+= --enable-identity=${TRUSTED_USER}
X.endif
X.if defined(WITH_GPG)
XCONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg
XRUN_DEPENDS= gnupg:${PORTSDIR}/security/gnupg
X.endif
X.if defined(WITH_MYSQL)
XCONFIGURE_ARGS+= --with-database=mysql
X.endif
X.if defined(WITH_POSTGRES)
XCONFIGURE_ARGS+= --with-database=postgresql
X.endif
X.if defined(CLIENT)
XCONFIGURE_ARGS+= --enable-network=client
XPLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment "
XMAN5= samhainrc.5
XMAN8= samhain.8
X.elif defined(SERVER)
XCONFIGURE_ARGS+= --enable-network=server
XPLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment "
XMAN5= yulerc.5
XMAN8= yule.8
X.else
XPLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment "
XMAN5= samhainrc.5
XMAN8= samhain.8
X.endif
X
Xpre-everything::
X
X.if !defined(CLIENT) && !defined(SERVER)
X @${ECHO_MSG} "Building in standalone mode."
X @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
X @${ECHO_MSG} "now and make with SERVER=yes or CLIENT=yes."
X.endif
X
Xpost-extract:
X @${TAR} -C ${WRKDIR} -xzf ${WRKSRC}.tar.gz
X @${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
X
Xpost-install:
X.if !defined(SERVER)
X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh
X.else
X @${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh
X.endif
X.if !defined(NOPORTDOCS)
X ${MKDIR} ${PREFIX}/share/doc/samhain
X ${INSTALL_MAN} ${WRKSRC}/MANUAL-1_7.ps.gz ${PREFIX}/share/doc/samhain
X.endif
X
Xinstall-user:
X @(cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} install-user)
X
X.include <bsd.port.mk>
END-of-samhain/Makefile
echo x - samhain/pkg-comment
sed 's/^X//' >samhain/pkg-comment << 'END-of-samhain/pkg-comment'
XThe Samhain Intrusion Detection System
END-of-samhain/pkg-comment
echo x - samhain/pkg-descr
sed 's/^X//' >samhain/pkg-descr << 'END-of-samhain/pkg-descr'
XSamhain is an open source file integrity and host-based intrusion
Xdetection system for Linux and Unix. It can run as a daemon process,
Xand and thus can remember file changes - contrary to a tool that runs
Xfrom cron, if a file is modified you will get only one report, while
Xsubsequent checks of that file will ignore the modification as it is
Xalready reported (unless the file is modified again).
X
XSamhain can optionally be used as client/server system to provide
Xcentralized monitoring for multiple host. Logging to a (MySQL or
XPostgreSQL) database is supported.
END-of-samhain/pkg-descr
echo x - samhain/distinfo
sed 's/^X//' >samhain/distinfo << 'END-of-samhain/distinfo'
XMD5 (samhain_signed-1.7.1a.tar.gz) = f30db157a4c28c3cba6965197d332034
END-of-samhain/distinfo
echo x - samhain/pkg-plist
sed 's/^X//' >samhain/pkg-plist << 'END-of-samhain/pkg-plist'
X%%YULE%%etc/yulerc.sample
X%%YULE%%sbin/yule_setpwd
X%%YULE%%sbin/yule
X%%YULE%%etc/rc.d/yule.sh
X%%YULE%%@unexec rmdir /var/lib/yule 2>/dev/null || true
X%%SAMHAIN%%etc/samhainrc.sample
X%%SAMHAIN%%sbin/samhain
X%%SAMHAIN%%etc/rc.d/samhain.sh
X%%SAMHAIN%%@unexec rmdir /var/lib/samhain 2>/dev/null || true
X%%SETPWD%%sbin/samhain_setpwd
X%%PORTDOCS%%share/doc/samhain/MANUAL-1_7.ps.gz
X%%PORTDOCS%%@dirrm share/doc/samhain
END-of-samhain/pkg-plist
echo c - samhain/files
mkdir -p samhain/files > /dev/null 2>&1
echo x - samhain/files/patch-aa
sed 's/^X//' >samhain/files/patch-aa << 'END-of-samhain/files/patch-aa'
X--- configure Wed Jan 8 09:50:51 2003
X+++ configure Fri Jan 10 17:25:04 2003
X@@ -10451,7 +10451,7 @@
X
X else
X
X- myconffile="${sysconfdir}/${install_name}rc"
X+ myconffile="${sysconfdir}/${install_name}rc.sample"
X
X
X fi;
END-of-samhain/files/patch-aa
echo x - samhain/files/patch-ab
sed 's/^X//' >samhain/files/patch-ab << 'END-of-samhain/files/patch-ab'
X--- Makefile.in Sat Jan 4 07:05:28 2003
X+++ Makefile.in Fri Jan 10 10:54:57 2003
X@@ -265,14 +265,6 @@
X #----------------------------------------------------------
X
X install: install-lkm install-program install-man install-data
X- @echo; \
X- echo " You can use 'samhain-install.sh uninstall' for uninstalling"; \
X- echo " i.e. you might consider saving that script for future use";\
X- echo; \
X- echo " Use 'make install-boot' if you want @install_name@ to start"; \
X- echo " on system boot."; \
X- echo
X-
X
X purge: uninstall-lkm uninstall-program uninstall-man
X @echo "./samhain-install.sh --destdir=$(DESTDIR) --force --verbose uninstall-data"; \
X@@ -423,7 +415,7 @@
X echo " -----------------------------------------------------";\
X echo " The server will run as user @myident@ if started with";\
X echo " root privileges, otherwise as the user of the parent ";\
X- echo " process (use --enable-identity=USER to change).";\
X+ echo " process (use TRUSTED_USER=USER to change).";\
X echo;\
X echo " You may want to use: make install-user";\
X echo;\
END-of-samhain/files/patch-ab
exit
--- samhain.shar ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

0 new messages