freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to 1.6

Browse Source 
PR:		ports/127708
Submitted by:	valerio.daelli _AT_ gmail _DOT_ com (maintainer)
This commit is contained in:
Philippe Audeoud
2008-09-29 14:00:04 +00:00
parent 5a300e8d14
commit d233f7b2a2
8 changed files with 81 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/ossec-hids-server/Makefile
View File

@@ -6,7 +6,7 @@
#
PORTNAME= ossec-hids
PORTVERSION= 1.4
PORTVERSION= 1.6
PORTREVISION?= 0
CATEGORIES= security
MASTER_SITES= http://www.ossec.net/files/ \

6
security/ossec-hids-server/distinfo
View File

@@ -1,3 +1,3 @@
MD5 (ossec-hids-1.4.tar.gz) = f877f7afc225ba835bf697c026c77aa9
SHA256 (ossec-hids-1.4.tar.gz) = 0dd7650a4c74ae2b9beec47660fd7c573eb35005e5cab6e62c640ba44930ff7f
SIZE (ossec-hids-1.4.tar.gz) = 598579
MD5 (ossec-hids-1.6.tar.gz) = 2ed9ef649d44ad416047a4c28eaad13c
SHA256 (ossec-hids-1.6.tar.gz) = 07dc21b1d1b581c29c16ba0bdca525fabac775aa7f2be139708c5427261e0687
SIZE (ossec-hids-1.6.tar.gz) = 666622

16
security/ossec-hids-server/files/patch-InstallServer.sh
View File

@@ -1,7 +1,15 @@
diff -ruN src/InstallServer.sh.orig src/InstallServer.sh
--- src/InstallServer.sh.orig Sun Jan 7 23:38:16 2007
+++ src/InstallServer.sh Thu Apr 5 15:58:08 2007
@@ -255,12 +255,12 @@
--- src/InstallServer.sh 2008-08-22 20:42:09.000000000 +0000
+++ src/InstallServer.sh 2008-09-28 22:10:45.000000000 +0000
@@ -174,7 +174,7 @@
fi
fi
-cp -pr ../etc/rules/* ${DIR}/rules/
+cp -pr ../etc/rules/*.xml ${DIR}/rules/
# If the local_rules is saved, moved it back
ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
@@ -284,12 +284,12 @@
ls ../etc/ossec.mc > /dev/null 2>&1
if [ $? = 0 ]; then

16
security/ossec-hids-server/files/patch-attack_rules.xml Normal file
View File

@@ -0,0 +1,16 @@
--- etc/rules/attack_rules.xml 2008-08-29 17:15:08.000000000 +0000
+++ attack_rules.xml 2008-09-28 21:39:52.000000000 +0000
@@ -85,11 +85,13 @@
<description>by a success.</description>
</rule>
+<!--
<rule id="40113" level="12" frequency="6" timeframe="360">
<if_matched_group>virus</if_matched_group>
<description>Multiple viruses detected - Possible outbreak.</description>
<group>virus,</group>
</rule>
+-->
</group> <!-- SYSLOG, ATTACKS, -->

18
security/ossec-hids-server/files/patch-mcafee_av_rules.xml Normal file
View File

@@ -0,0 +1,18 @@
--- etc/rules/mcafee_av_rules.xml 2008-08-28 15:56:00.000000000 +0000
+++ mcafee_av_rules.xml 2008-09-28 21:39:52.000000000 +0000
@@ -42,6 +42,7 @@
<description>McAfee Windows AV error event.</description>
</rule>
+<!--
<rule id="7504" level="12">
<if_sid>7500</if_sid>
<regex>$MCAFEE_VIRUS</regex>
@@ -62,6 +63,7 @@
<group>virus</group>
<description>McAfee Windows AV - Virus detected and file will be deleted.</description>
</rule>
+-->
<rule id="7507" level="3">
<if_sid>7500</if_sid>

17
security/ossec-hids-server/files/patch-symantec-av_rules.xml Normal file
View File

@@ -0,0 +1,17 @@
--- etc/rules/symantec-av_rules.xml 2008-06-17 17:03:56.000000000 +0000
+++ symantec-av_rules.xml 2008-09-28 21:39:52.000000000 +0000
@@ -31,12 +31,14 @@
<description>Grouping of Symantec AV rules from eventlog.</description>
</rule>
+<!--
<rule id="7310" level="9">
<if_sid>7300, 7301</if_sid>
<id>^5$|^17$</id>
<group>virus</group>
<description>Virus detected.</description>
</rule>
+-->
<rule id="7320" level="3">
<if_sid>7300, 7301</if_sid>

2
security/ossec-hids-server/files/pkg-message.in
View File

@@ -16,3 +16,5 @@ http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput
When you deinstall this port after starting the daemons once, many directories that are
created by the daemons will remain. To fully remove the port you need to delete those
directories manually.
To further enhance the security on your system, you may also enable some checks
in PAM for a fast reaction against intrusions.

12
security/ossec-hids-server/pkg-plist
View File

@@ -19,6 +19,10 @@
%%PORTNAME%%/bin/ossec-remoted
%%PORTNAME%%/bin/ossec-syscheckd
%%PORTNAME%%/bin/syscheck_update
%%PORTNAME%%/bin/ossec-csyslogd
%%PORTNAME%%/bin/agent_control
%%PORTNAME%%/bin/syscheck_control
%%PORTNAME%%/bin/rootcheck_control
%%PORTNAME%%/etc/decoder.xml
%%PORTNAME%%/etc/internal_options.conf
@unexec if cmp -s %D/%%PORTNAME%%/etc/ossec.conf %D/%%PORTNAME%%/etc/ossec.conf.sample; then rm -f %D/%%PORTNAME%%/etc/ossec.conf; fi
@@ -29,6 +33,9 @@
%%PORTNAME%%/etc/shared/win_applications_rcl.txt
%%PORTNAME%%/etc/shared/win_audit_rcl.txt
%%PORTNAME%%/etc/shared/win_malware_rcl.txt
%%PORTNAME%%/etc/shared/cis_debian_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel_linux_rcl.txt
%%PORTNAME%%/etc/shared/cis_rhel5_linux_rcl.txt
%%PORTNAME%%/logs/ossec.log
%%PORTNAME%%/rules/apache_rules.xml
%%PORTNAME%%/rules/arpwatch_rules.xml
@@ -73,6 +80,11 @@
%%PORTNAME%%/rules/vsftpd_rules.xml
%%PORTNAME%%/rules/web_rules.xml
%%PORTNAME%%/rules/zeus_rules.xml
%%PORTNAME%%/rules/vmware_rules.xml
%%PORTNAME%%/rules/vmpop3d_rules.xml
%%PORTNAME%%/rules/solaris_bsm_rules.xml
%%PORTNAME%%/rules/mcafee_av_rules.xml
%%PORTNAME%%/rules/asterisk_rules.xml
@dirrmtry %%PORTNAME%%/var/run
@dirrmtry %%PORTNAME%%/var
@dirrmtry %%PORTNAME%%/tmp