pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/prelude-lml Prelude is a hybrid IDS consistin...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7d58c6b7fd15
branches: trunk
changeset: 507224:7d58c6b7fd15
user: shannonjr <shannonjr%pkgsrc.org@localhost>
date: Sun Jan 29 15:56:42 2006 +0000
description:
Prelude is a hybrid IDS consisting of multiple
sensors, managers, and a display console.
Prelude-lml is the log file analyzer. It scans
system log files and generates IDMEF alerts to
the prelude-manager based on signature rulesets.
This is one of sever new Prelude packages.
diffstat:
security/prelude-lml/DESCR | 5 +
security/prelude-lml/Makefile | 53 +++++++++
security/prelude-lml/PLIST | 9 +
security/prelude-lml/distinfo | 7 +
security/prelude-lml/files/preludelml.sh | 18 +++
security/prelude-lml/files/run-prelude-lml.c | 151 +++++++++++++++++++++++++++
security/prelude-lml/patches/patch-aa | 13 ++
security/prelude-lml/patches/patch-ab | 51 +++++++++
8 files changed, 307 insertions(+), 0 deletions(-)
diffs (truncated from 339 to 300 lines):
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/DESCR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/DESCR Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,5 @@
+Prelude is a hybrid IDS consisting of multiple
+sensors, managers, and a display console.
+Prelude-lml is the log file analyzer. It scans
+system log files and generates IDMEF alerts to
+the prelude-manager based on signature rulesets.
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/Makefile Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,53 @@
+# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+#
+
+DISTNAME= prelude-lml-0.9.1
+CATEGORIES= security
+MASTER_SITES= http://www.prelude-ids.org/download/releases/
+
+MAINTAINER= shannonjr%NetBSD.org@localhost
+HOMEPAGE= http://www.prelude-ids.org/download/releases/
+COMMENT= Log analyzer monitoring your logfile and received syslog messages
+
+.include "../../mk/bsd.prefs.mk"
+
+PRELUDE_USER?= _prelude
+PRELUDE_GROUP?= _prelude
+
+USE_PKGLOCALEDIR= yes
+USE_LIBTOOL= yes
+GNU_CONFIGURE= yes
+USE_GNU_TOOLS+= make
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+= --with-html-dir=${PREFIX}/share/doc
+CONFIGURE_ARGS+= --disable-fam
+CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
+RCD_SCRIPTS= preludelml
+PRELUDE_USER?= _prelude
+PRELUDE_GROUP?= _prelude
+PRELUDE_HOME= ${VARBASE:Q}/prelude-lml
+PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN}
+PKG_GROUPS= ${PRELUDE_GROUP}
+FILES_SUBST+= PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q}
+FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q}
+
+SUBST_CLASSES+= code
+SUBST_STAGE.code= post-patch
+SUBST_FILES.code= run-prelude-lml.c
+SUBST_SED.code= -e 's,@PREFIX@,${PREFIX},g'
+SUBST_SED.code+= -e 's,@PRELUDE_USER@,${PRELUDE_USER},g'
+
+pre-patch:
+ ${CP} ${FILESDIR}/run-prelude-lml.c ${WRKSRC}
+
+post-build:
+ cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${CC} ${CFLAGS} -o run-prelude-lml run-prelude-lml.c
+
+post-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/run-prelude-lml ${PREFIX}/sbin/run-prelude-lml
+ ${CHMOD} 755 ${PKG_SYSCONFDIR}/prelude-lml
+ ${CHOWN} -R ${PRELUDE_USER}:${PRELUDE_GROUP} ${PRELUDE_HOME}
+
+.include "../../security/libprelude/buildlink3.mk"
+.include "../../devel/pcre/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/PLIST
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/PLIST Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,9 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+bin/prelude-lml
+include/prelude-lml/prelude-lml.h
+lib/prelude-lml/debug.la
+lib/prelude-lml/pcre.la
+sbin/run-prelude-lml
+share/examples/rc.d/preludelml
+@dirrm lib/prelude-lml
+@dirrm include/prelude-lml
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/distinfo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/distinfo Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,7 @@
+$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+
+SHA1 (prelude-lml-0.9.1.tar.gz) = 2d3cb99256c84813e4fe4f17c5f5b6e8609d4bcd
+RMD160 (prelude-lml-0.9.1.tar.gz) = a48e849a3cfbaa32cd7e238e0b17a3dc5d6c9114
+Size (prelude-lml-0.9.1.tar.gz) = 515291 bytes
+SHA1 (patch-aa) = 6ed3c426d1b18ff748a3777527fbf0046caaf97f
+SHA1 (patch-ab) = df8bb7777d1938a167e4d27bf5a140e6d55e536b
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/files/preludelml.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/files/preludelml.sh Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $NetBSD: preludelml.sh,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+#
+
+# PROVIDE: preludelml
+# REQUIRE: LOGIN
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="preludelml"
+rcvar=${name}
+required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf"
+start_cmd="@PREFIX@/sbin/run-prelude-lml -d"
+pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid"
+
+load_rc_config $name
+run_rc_command "$1"
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/files/run-prelude-lml.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/files/run-prelude-lml.c Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,151 @@
+#define PRELUDE_LML_USER "@PRELUDE_USER@"
+#define PRELUDE_LML_PATH "@PREFIX@/bin/prelude-lml"
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+
+#define MAX_ARGS 40
+#ifndef TRUE
+#define TRUE 1
+#endif /* TRUE */
+
+#ifndef FALSE
+#define FALSE 0
+#endif /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+ /* Output error message to syslog */
+ char msg[1024];
+ snprintf(msg, sizeof(msg), "run-prelude-lml : %s : %s", str, strerror(errno));
+ syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+ /* Obtain UID and GID from passwd entry identified by name */
+ struct passwd *pw_entry;
+ char msg[100];
+
+ if ((pw_entry = getpwnam(name)) == NULL)
+ {
+ snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+ error_sys(msg);
+ return FALSE;
+ }
+ else
+ {
+ *pw_uid = pw_entry->pw_uid;
+ *pw_gid = pw_entry->pw_gid;
+ return TRUE;
+
+ }
+}
+
+
+int main (int argc, char **argv )
+
+{
+
+ pid_t pid;
+ uid_t UID;
+ gid_t GID;
+ pid_t pidwait;
+ int waitstat;
+
+ /* Sanity check */
+ if (argc > MAX_ARGS)
+ {
+ error_sys("arg buffer too small");
+ exit(-1);
+ }
+/*
+ if (getpid() != 0)
+ {
+ error_sys("must be called by root");
+ exit(-1);
+ }
+*/
+
+ /* fork child that will become prelude-lml */
+ if ((pid = fork()) < 0)
+
+ error_sys("fork error");
+
+ else
+
+ {
+
+ if (pid == 0)
+
+ {
+
+ /* We're the child */
+ char *args[MAX_ARGS];
+ unsigned int i;
+
+ /* Become session leader */
+ setsid();
+
+ /* Clear out file creation mask */
+ umask(0);
+
+ if (!obtainUIDandGID(PRELUDE_LML_USER, &UID, &GID))
+ exit(-1);
+
+ /* Drop privileges immediately */
+ if (setgid(GID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setgid fails
+ */
+ error_sys ("setgid failed");
+ exit (-1);
+ }
+
+ if (setuid(UID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setuid fails
+ */
+ error_sys ("setuid failed");
+ exit (-1);
+ }
+
+ /* Build calling argv */
+ args[0] = PRELUDE_LML_PATH;
+ for (i=1;i<argc;i++)
+ {
+ args[i] = argv[i];
+ }
+ args[i++] = NULL;
+
+ /* Finally transform self into prelude-lml */
+ if (execvp(PRELUDE_LML_PATH, args) < 0)
+ error_sys("execve error");
+ else
+ ; /* avoid if-then ambiguity */
+ }
+
+ else
+
+ {
+ /* We're the parent
+ Terminate
+ */
+ exit(0);
+ }
+
+ }
+
+}
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/patches/patch-aa
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/patches/patch-aa Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-aa,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+
+--- configure.orig 2005-11-24 04:46:20.000000000 -0700
++++ configure
+@@ -30610,7 +30610,7 @@ _ACEOF
+ configdir=$sysconfdir/prelude-lml
+ prelude_lml_conf=$configdir/prelude-lml.conf
+ regex_conf=$configdir/plugins.rules
+-metadata_dir=$localstatedir/lib/prelude-lml
++metadata_dir=$localstatedir/prelude-lml
+ plugindir=$libdir/prelude-lml
+ log_plugin_dir=$plugindir
+
diff -r 7f30ce0e6253 -r 7d58c6b7fd15 security/prelude-lml/patches/patch-ab
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-lml/patches/patch-ab Sun Jan 29 15:56:42 2006 +0000
@@ -0,0 +1,51 @@
+$NetBSD: patch-ab,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+
+--- Makefile.in.orig 2005-11-24 04:46:25.000000000 -0700
++++ Makefile.in
+@@ -600,33 +600,33 @@ uninstall-info: uninstall-info-recursive
+
+
+ install-data-local:
+- $(INSTALL) -m 700 -d $(DESTDIR)$(metadata_dir)
+- @if test -f $(DESTDIR)$(configdir)/prelude-lml.conf; then \
++ $(INSTALL) -m 700 -d $(metadata_dir)
++ @if test -f $(configdir)/prelude-lml.conf; then \
Home |
Main Index |
Thread Index |
Old Index