summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/prelude-manager/DESCR7
-rw-r--r--security/prelude-manager/Makefile49
-rw-r--r--security/prelude-manager/PLIST14
-rw-r--r--security/prelude-manager/distinfo5
-rw-r--r--security/prelude-manager/files/preludemanager.sh33
-rw-r--r--security/prelude-manager/files/run-prelude-manager.c191
6 files changed, 299 insertions, 0 deletions
diff --git a/security/prelude-manager/DESCR b/security/prelude-manager/DESCR
new file mode 100644
index 00000000000..3a4f5b67848
--- /dev/null
+++ b/security/prelude-manager/DESCR
@@ -0,0 +1,7 @@
+Prelude is a hybrid IDS consisting of multiple
+sensors, managers, and a display console. This
+is the manager. The Manager (there can be several
+in an IDS network) accepts secured connections
+from sensors and saves the alerts that Sensors
+emit. This package installs the manager so that
+mySql is used for alert storage.
diff --git a/security/prelude-manager/Makefile b/security/prelude-manager/Makefile
new file mode 100644
index 00000000000..02aa07eacf9
--- /dev/null
+++ b/security/prelude-manager/Makefile
@@ -0,0 +1,49 @@
+# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+#
+
+DISTNAME= prelude-manager-0.9.1
+CATEGORIES= security
+MASTER_SITES= http://www.prelude-ids.org/download/releases/
+
+MAINTAINER= shannonjr@NetBSD.org
+HOMEPAGE= http://www.prelude-ids.org/download/releases/
+COMMENT= Prelude IDS manager
+
+.include "../../mk/bsd.prefs.mk"
+
+USE_PKGLOCALEDIR= yes
+USE_LIBTOOL= yes
+GNU_CONFIGURE= yes
+USE_GNU_TOOLS+= make
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
+RCD_SCRIPTS= preludemanager
+PRELUDE_MANAGER_PID_DIR= ${VARBASE}/run/prelude-manager
+PRELUDE_USER?= _prelude
+PRELUDE_GROUP?= _prelude
+PRELUDE_HOME?= /var/spool/prelude-manager
+PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS\ manager:${PRELUDE_HOME}:${NOLOGIN}
+PKG_GROUPS= ${PRELUDE_GROUP}
+FILES_SUBST+= PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q}
+FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q}
+
+SUBST_CLASSES+= code
+SUBST_STAGE.code= post-patch
+SUBST_FILES.code= run-prelude-manager.c
+SUBST_SED.code= -e 's,@PREFIX@,${PREFIX},g'
+SUBST_SED.code+= -e 's,@PRELUDE_USER@,${PRELUDE_USER},g'
+
+pre-patch:
+ ${CP} ${FILESDIR}/run-prelude-manager.c ${WRKSRC}
+
+post-build:
+ cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${CC} ${CFLAGS} -o run-prelude-manager run-prelude-manager.c
+
+post-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/run-prelude-manager ${PREFIX}/sbin/run-prelude-manager
+ ${CHMOD} 755 ${PKG_SYSCONFDIR}/prelude-manager
+ ${CHOWN} -R ${PRELUDE_USER}:${PRELUDE_GROUP} ${PRELUDE_HOME}
+
+.include "../../security/libprelude/buildlink3.mk"
+.include "../../security/libpreludedb/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/prelude-manager/PLIST b/security/prelude-manager/PLIST
new file mode 100644
index 00000000000..c273ad8d408
--- /dev/null
+++ b/security/prelude-manager/PLIST
@@ -0,0 +1,14 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+bin/prelude-manager
+include/prelude-manager/prelude-manager.h
+lib/prelude-manager/filters/idmef-criteria.la
+lib/prelude-manager/reports/db.la
+lib/prelude-manager/reports/debug.la
+lib/prelude-manager/reports/relaying.la
+lib/prelude-manager/reports/textmod.la
+sbin/run-prelude-manager
+share/examples/rc.d/preludemanager
+@dirrm lib/prelude-manager/reports
+@dirrm lib/prelude-manager/filters
+@dirrm lib/prelude-manager
+@dirrm include/prelude-manager
diff --git a/security/prelude-manager/distinfo b/security/prelude-manager/distinfo
new file mode 100644
index 00000000000..63593895e62
--- /dev/null
+++ b/security/prelude-manager/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+
+SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde
+RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6
+Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes
diff --git a/security/prelude-manager/files/preludemanager.sh b/security/prelude-manager/files/preludemanager.sh
new file mode 100644
index 00000000000..90257c45142
--- /dev/null
+++ b/security/prelude-manager/files/preludemanager.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+#
+
+# PROVIDE: preludemanager
+# REQUIRE: mysqld LOGIN
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="preludemanager"
+rcvar=${name}
+required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf"
+start_precmd="preludemanager_precommand"
+start_cmd="@PREFIX@/sbin/run-prelude-manager -d"
+pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
+
+preludemanager_precommand()
+{
+ /bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@
+ /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@
+ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
+ if [ -S /tmp/mysql.sock ]; then
+ break
+ else
+ sleep 1
+ echo -n '.'
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/security/prelude-manager/files/run-prelude-manager.c b/security/prelude-manager/files/run-prelude-manager.c
new file mode 100644
index 00000000000..7c624041cb7
--- /dev/null
+++ b/security/prelude-manager/files/run-prelude-manager.c
@@ -0,0 +1,191 @@
+#define PRELUDE_MANAGER_USER "@PRELUDE_USER@"
+#define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager"
+#define MAXMAXFD 256
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <sys/resource.h>
+
+#define MAX_ARGS 40
+#ifndef TRUE
+#define TRUE 1
+#endif /* TRUE */
+
+#ifndef FALSE
+#define FALSE 0
+#endif /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+ /* Output error message to syslog */
+ char msg[1024];
+ snprintf(msg, sizeof(msg), "run-prelude-manager : %s : %s", str, strerror(errno));
+ syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+ /* Obtain UID and GID from passwd entry identified by name */
+ struct passwd *pw_entry;
+ char msg[100];
+
+ if ((pw_entry = getpwnam(name)) == NULL)
+ {
+ snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+ error_sys(msg);
+ return FALSE;
+ }
+ else
+ {
+ *pw_uid = pw_entry->pw_uid;
+ *pw_gid = pw_entry->pw_gid;
+ return TRUE;
+
+ }
+}
+
+static int
+fdlim_get(int hard)
+{
+ struct rlimit rlfd;
+
+ if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+ return (-1);
+ if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
+ return sysconf(_SC_OPEN_MAX);
+ else
+ return hard ? rlfd.rlim_max : rlfd.rlim_cur;
+}
+
+static int
+fdlim_set(int lim)
+{
+ struct rlimit rlfd;
+
+ if (lim <= 0)
+ return (-1);
+ if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+ return (-1);
+ rlfd.rlim_cur = lim;
+ if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+ return (-1);
+ return (0);
+}
+
+int main (int argc, char **argv )
+
+{
+
+ pid_t pid;
+ uid_t UID;
+ gid_t GID;
+ pid_t pidwait;
+ int waitstat;
+ int maxfd;
+
+ /* Sanity check */
+ if (argc > MAX_ARGS)
+ {
+ error_sys("arg buffer too small");
+ exit(-1);
+ }
+ /*
+ if (getpid() != 0)
+ {
+ error_sys("must be called by root");
+ exit(-1);
+ }
+ */
+
+ /* fork child that will become prelude-manager */
+ if ((pid = fork()) < 0)
+
+ error_sys("fork error");
+
+ else
+
+ {
+
+ if (pid == 0)
+
+ {
+
+ /* We're the child */
+ char *args[MAX_ARGS];
+ unsigned int i;
+
+ /* Become session leader */
+ setsid();
+
+ /* Clear out file creation mask */
+ umask(0);
+
+ if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID))
+ exit(-1);
+
+ /* Drop privileges immediately */
+ if (setgid(GID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setgid fails
+ */
+ error_sys ("setgid failed");
+ exit (-1);
+ }
+
+ if (setuid(UID) < 0)
+ {
+ /* It is VERY important to check return
+ value and not continue if setuid fails
+ */
+ error_sys ("setuid failed");
+ exit (-1);
+ }
+
+ /* Increase limit on number of open file descriptors if necessary */
+ maxfd = fdlim_get(1);
+ if (maxfd < 0)
+ error_sys("fdlim_get: bad value");
+ if (maxfd > MAXMAXFD)
+ maxfd = MAXMAXFD;
+ if (maxfd > fdlim_get(0))
+ fdlim_set(maxfd);
+
+
+ /* Build calling argv */
+ args[0] = PRELUDE_MANAGER_PATH;
+ for (i=1;i<argc;i++)
+ {
+ args[i] = argv[i];
+ }
+ args[i++] = NULL;
+
+ /* Finally transform self into prelude-manager */
+ if (execvp(PRELUDE_MANAGER_PATH, args) < 0)
+ error_sys("execve error");
+ else
+ ; /* avoid if-then ambiguity */
+ }
+
+ else
+
+ {
+ /* We're the parent
+ Terminate
+ */
+ exit(0);
+ }
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-12 00:04:18 +0000