summaryrefslogtreecommitdiff
path: root/security/prelude-manager
diff options
context:
space:
mode:
authorshannonjr <shannonjr>2006-01-31 17:54:10 +0000
committershannonjr <shannonjr>2006-01-31 17:54:10 +0000
commitb836e729d1d613146f212f497024a3091056d3db (patch)
tree5244796e389161522dda88f40df28fc06ad810c8 /security/prelude-manager
parent5e59df060b0c966d07d0882fcab07b09b6b33b86 (diff)
downloadpkgsrc-b836e729d1d613146f212f497024a3091056d3db.tar.gz
Update to 0.9.2. Changes:
- prelude-manager has been updated to check the loaded revocation list, if available. This was needed since the recent prelude-adduser addition allowing to create analyzer revocation list. - Remove line size limitation on specified IDMEF-criteria. - Remove all ancillary groups as well as setgid-ing. - Fix idmef-criteria-filter option conflict. - Fix a possible crash if no listen address is specified, but a reverse relay is used. - Much better error reporting. Prelude-Manager is a high availability server that accepts secured connections from distributed sensors or other managers and saves received events to a media specified by the user (database, logfile, mail, etc).
Diffstat (limited to 'security/prelude-manager')
-rw-r--r--security/prelude-manager/Makefile6
-rw-r--r--security/prelude-manager/PLIST3
-rw-r--r--security/prelude-manager/distinfo8
-rw-r--r--security/prelude-manager/files/preludemanager.sh7
-rw-r--r--security/prelude-manager/files/run-prelude-manager.c51
5 files changed, 13 insertions, 62 deletions
diff --git a/security/prelude-manager/Makefile b/security/prelude-manager/Makefile
index 02aa07eacf9..584ad995343 100644
--- a/security/prelude-manager/Makefile
+++ b/security/prelude-manager/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
#
-DISTNAME= prelude-manager-0.9.1
+DISTNAME= prelude-manager-0.9.2
CATEGORIES= security
MASTER_SITES= http://www.prelude-ids.org/download/releases/
@@ -17,6 +17,7 @@ GNU_CONFIGURE= yes
USE_GNU_TOOLS+= make
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
+CONFIGURE_ARGS+= --with-libpreludedb-prefix=${BUILDLINK_PREFIX.libpreludedb}
RCD_SCRIPTS= preludemanager
PRELUDE_MANAGER_PID_DIR= ${VARBASE}/run/prelude-manager
PRELUDE_USER?= _prelude
@@ -26,6 +27,7 @@ PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS\ manager:${PRELUD
PKG_GROUPS= ${PRELUDE_GROUP}
FILES_SUBST+= PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q}
FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_USER:Q}
SUBST_CLASSES+= code
SUBST_STAGE.code= post-patch
diff --git a/security/prelude-manager/PLIST b/security/prelude-manager/PLIST
index c273ad8d408..ae8cac90122 100644
--- a/security/prelude-manager/PLIST
+++ b/security/prelude-manager/PLIST
@@ -1,8 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+@comment $NetBSD: PLIST,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
bin/prelude-manager
include/prelude-manager/prelude-manager.h
lib/prelude-manager/filters/idmef-criteria.la
-lib/prelude-manager/reports/db.la
lib/prelude-manager/reports/debug.la
lib/prelude-manager/reports/relaying.la
lib/prelude-manager/reports/textmod.la
diff --git a/security/prelude-manager/distinfo b/security/prelude-manager/distinfo
index 63593895e62..5e4059ef61c 100644
--- a/security/prelude-manager/distinfo
+++ b/security/prelude-manager/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
-SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde
-RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6
-Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes
+SHA1 (prelude-manager-0.9.2.tar.gz) = ba29d4ded5059a8dc239c3a4c75486b38ae7bd48
+RMD160 (prelude-manager-0.9.2.tar.gz) = 56a95286accd9519b0719aac617f36308d63c4e7
+Size (prelude-manager-0.9.2.tar.gz) = 567365 bytes
diff --git a/security/prelude-manager/files/preludemanager.sh b/security/prelude-manager/files/preludemanager.sh
index 90257c45142..523ad132f46 100644
--- a/security/prelude-manager/files/preludemanager.sh
+++ b/security/prelude-manager/files/preludemanager.sh
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: preludemanager.sh,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
#
# PROVIDE: preludemanager
@@ -9,16 +9,17 @@
$_rc_subr_loaded . /etc/rc.subr
name="preludemanager"
+procname="@PREFIX@/bin/prelude-manager"
rcvar=${name}
required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf"
start_precmd="preludemanager_precommand"
-start_cmd="@PREFIX@/sbin/run-prelude-manager -d"
+start_cmd="@PREFIX@/sbin/run-prelude-manager -d --pidfile @PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
preludemanager_precommand()
{
/bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@
- /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@
+ /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_MANAGER_PID_DIR@
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
if [ -S /tmp/mysql.sock ]; then
break
diff --git a/security/prelude-manager/files/run-prelude-manager.c b/security/prelude-manager/files/run-prelude-manager.c
index 7c624041cb7..1c28d5470ae 100644
--- a/security/prelude-manager/files/run-prelude-manager.c
+++ b/security/prelude-manager/files/run-prelude-manager.c
@@ -1,4 +1,3 @@
-#define PRELUDE_MANAGER_USER "@PRELUDE_USER@"
#define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager"
#define MAXMAXFD 256
@@ -33,27 +32,6 @@ void error_sys(char *str)
}
-int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
-{
- /* Obtain UID and GID from passwd entry identified by name */
- struct passwd *pw_entry;
- char msg[100];
-
- if ((pw_entry = getpwnam(name)) == NULL)
- {
- snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
- error_sys(msg);
- return FALSE;
- }
- else
- {
- *pw_uid = pw_entry->pw_uid;
- *pw_gid = pw_entry->pw_gid;
- return TRUE;
-
- }
-}
-
static int
fdlim_get(int hard)
{
@@ -99,13 +77,6 @@ int main (int argc, char **argv )
error_sys("arg buffer too small");
exit(-1);
}
- /*
- if (getpid() != 0)
- {
- error_sys("must be called by root");
- exit(-1);
- }
- */
/* fork child that will become prelude-manager */
if ((pid = fork()) < 0)
@@ -130,28 +101,6 @@ int main (int argc, char **argv )
/* Clear out file creation mask */
umask(0);
- if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID))
- exit(-1);
-
- /* Drop privileges immediately */
- if (setgid(GID) < 0)
- {
- /* It is VERY important to check return
- value and not continue if setgid fails
- */
- error_sys ("setgid failed");
- exit (-1);
- }
-
- if (setuid(UID) < 0)
- {
- /* It is VERY important to check return
- value and not continue if setuid fails
- */
- error_sys ("setuid failed");
- exit (-1);
- }
-
/* Increase limit on number of open file descriptors if necessary */
maxfd = fdlim_get(1);
if (maxfd < 0)