diff options
| -rw-r--r-- | security/base/DESCR | 20 | ||||
| -rw-r--r-- | security/base/MESSAGE | 17 | ||||
| -rw-r--r-- | security/base/Makefile | 74 | ||||
| -rw-r--r-- | security/base/PLIST | 131 | ||||
| -rw-r--r-- | security/base/distinfo | 6 | ||||
| -rw-r--r-- | security/base/files/base.conf | 28 | ||||
| -rw-r--r-- | security/base/options.mk | 24 | ||||
| -rw-r--r-- | security/base/patches/patch-aa | 31 |
8 files changed, 331 insertions, 0 deletions
diff --git a/security/base/DESCR b/security/base/DESCR new file mode 100644 index 00000000000..564e7ec8cbb --- /dev/null +++ b/security/base/DESCR @@ -0,0 +1,20 @@ +The Basic Analysis and Security Engine (BASE) is a PHP-based analysis +engine to search and process a database of security events generated by +various IDSes, firewalls, and network monitoring tools. The features currently +include: + + o Query-builder and search interface for finding alerts matching + on alert meta information (e.g. signature, detection time) as well as + the underlying network evidence (e.g. source/destination address, ports, + payload, or flags). + + o Packet viewer (decoder) will graphically display the layer-3 and + layer-4 packet information of logged alerts + + o Alert management by providing constructs to logically group alerts + to create incidents (alert groups), deleting the handled alerts or + false positives, exporting to email for collaboration, or archiving of + alerts to transfer them between alert databases. + + o Chart and statistic generation based on time, sensor, signature, protocol, + IP address, TCP/UDP ports, or classification diff --git a/security/base/MESSAGE b/security/base/MESSAGE new file mode 100644 index 00000000000..d5581dae707 --- /dev/null +++ b/security/base/MESSAGE @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +You will need to make BASE accessible through your HTTP server. +If you are running Apache and ap-php, then you will need to +add the following line to your httpd.conf: + + Include ${PKG_SYSCONFDIR}/base.conf + +to make BASE accessible through: + + http://localhost/base/ + +You will need to customise ${BASE_DIR}/base_conf.php before +BASE will work. This includes setting up database access. + +=========================================================================== diff --git a/security/base/Makefile b/security/base/Makefile new file mode 100644 index 00000000000..f96bdfc8486 --- /dev/null +++ b/security/base/Makefile @@ -0,0 +1,74 @@ +# $NetBSD: Makefile,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +# + +DISTNAME= base-1.2.1 +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=secureideas/} + +MAINTAINER= adrianp@NetBSD.org +HOMEPAGE= http://secureideas.sourceforge.net/ +COMMENT= Analysis engine to process a database of security events + +DEPENDS+= adodb>=1.2:../../databases/adodb +DEPENDS+= ap-php>=4.0.4:../../www/ap-php +DEPENDS+= php-gd>=4.0.4:../../graphics/php-gd +DEPENDS+= php-sockets>=4.0.4:../../net/php-sockets +DEPENDS+= php-mysql>=4.0.4:../../databases/php-mysql +DEPENDS+= pear-Log-[0-9]*:../../sysutils/pear-Log +DEPENDS+= pear-Numbers_Words-[0-9]*:../../math/pear-Numbers_Words +DEPENDS+= pear-Numbers_Roman-[0-9]*:../../math/pear-Numbers_Roman +DEPENDS+= pear-Image_Color-[0-9]*:../../graphics/pear-Image_Color +DEPENDS+= pear-Image_Graph-0.3.0dev4:../../graphics/pear-Image_Graph + +NO_BUILD= YES +USE_PKGINSTALL= YES + +DOC_FILES= CHANGELOG CREDITS README README.mssql TODO UPGRADE base_faq.rtf +BASE_DIR= ${PREFIX}/share/base +EGDIR= ${PREFIX}/share/examples/base +MESSAGE_SUBST+= EGDIR=${EGDIR:Q} BASE_DIR=${BASE_DIR:Q} +PAX_DIRS= admin help images includes languages scripts setup sql styles +WWW_USER?= ${APACHE_USER} +WWW_GROUP?= ${APACHE_GROUP} +BUILD_DEFS+= WWW_USER WWW_GROUP +USE_TOOLS+= perl:run +REPLACE_PERL= scripts/base_maintenance.pl + +CONF_FILES= ${EGDIR}/base.conf ${PKG_SYSCONFDIR}/base.conf + +CONF_FILES_PERMS= ${EGDIR}/base_conf.php ${BASE_DIR}/base_conf.php \ + ${WWW_USER} ${WWW_GROUP} 0600 + +SUBST_CLASSES+= conf +SUBST_STAGE.conf= post-patch +SUBST_FILES.conf= base.conf base_conf.php.dist +SUBST_SED.conf= -e "s|@BASE_DIR@|${BASE_DIR}|g" \ + -e "s|@DBTYPE@|${DBTYPE}|g" \ + -e "s|@PREFIX@|${PREFIX}|g" +SUBST_MESSAGE.conf= "Fixing configuration files." + +.include "options.mk" + +post-extract: + @${CP} ${FILESDIR}/base.conf ${WRKSRC}/base.conf + +do-install: + ${INSTALL_DATA_DIR} ${BASE_DIR} + ${INSTALL_DATA_DIR} ${EGDIR} + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/base + + ${INSTALL_DATA} ${WRKSRC}/base.conf ${EGDIR} + ${INSTALL_DATA} ${WRKSRC}/base_conf.php.dist ${EGDIR}/base_conf.php + ${INSTALL_SCRIPT} ${WRKSRC}/*.php ${BASE_DIR} + +. for f in ${DOC_FILES} + ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${PREFIX}/share/doc/base +. endfor + +. for i in ${PAX_DIRS} + cd ${WRKSRC}/${i} && ${PAX} -rw . ${BASE_DIR}/${i} +. endfor + + @${CHOWN} ${WWW_USER} ${BASE_DIR} + +.include "../../mk/bsd.pkg.mk" diff --git a/security/base/PLIST b/security/base/PLIST new file mode 100644 index 00000000000..47168d6323d --- /dev/null +++ b/security/base/PLIST @@ -0,0 +1,131 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +share/base/admin/base_roleadmin.php +share/base/admin/base_useradmin.php +share/base/admin/index.php +share/base/base_ag_common.php +share/base/base_ag_main.php +share/base/base_common.php +share/base/base_db_common.php +share/base/base_db_setup.php +share/base/base_denied.php +share/base/base_footer.php +share/base/base_graph_common.php +share/base/base_graph_display.php +share/base/base_graph_form.php +share/base/base_graph_main.php +share/base/base_hdr1.php +share/base/base_hdr2.php +share/base/base_main.php +share/base/base_maintenance.php +share/base/base_payload.php +share/base/base_qry_alert.php +share/base/base_qry_common.php +share/base/base_qry_form.php +share/base/base_qry_main.php +share/base/base_qry_sqlcalls.php +share/base/base_stat_alerts.php +share/base/base_stat_class.php +share/base/base_stat_common.php +share/base/base_stat_ipaddr.php +share/base/base_stat_iplink.php +share/base/base_stat_ports.php +share/base/base_stat_sensor.php +share/base/base_stat_time.php +share/base/base_stat_uaddr.php +share/base/base_user.php +share/base/help/base_app_faq.php +share/base/help/base_help.php +share/base/help/base_setup_help.php +share/base/images/button_delete.png +share/base/images/button_edit.png +share/base/images/button_exclamation.png +share/base/images/greencheck.gif +share/base/images/greencheck.png +share/base/images/redcheck.gif +share/base/includes/base_action.inc.php +share/base/includes/base_auth.inc.php +share/base/includes/base_cache.inc.php +share/base/includes/base_capabilities.php +share/base/includes/base_constants.inc.php +share/base/includes/base_db.inc.php +share/base/includes/base_include.inc.php +share/base/includes/base_log_error.inc.php +share/base/includes/base_log_timing.inc.php +share/base/includes/base_net.inc.php +share/base/includes/base_output_html.inc.php +share/base/includes/base_output_query.inc.php +share/base/includes/base_setup.inc.php +share/base/includes/base_signature.inc.php +share/base/includes/base_state_citems.inc.php +share/base/includes/base_state_common.inc.php +share/base/includes/base_state_criteria.inc.php +share/base/includes/base_state_query.inc.php +share/base/includes/base_template.php +share/base/includes/base_user.inc.php +share/base/includes/class.ezpdf.php +share/base/includes/class.pdf.php +share/base/index.php +share/base/languages/chinese.lang.php +share/base/languages/czech.lang.php +share/base/languages/danish.lang.php +share/base/languages/english.lang.php +share/base/languages/finnish.lang.php +share/base/languages/french.lang.php +share/base/languages/german.lang.php +share/base/languages/index.php +share/base/languages/indonesian.lang.php +share/base/languages/italian.lang.php +share/base/languages/japanese.lang.php +share/base/languages/norwegian.lang.php +share/base/languages/polish.lang.php +share/base/languages/portuguese-PT.lang.php +share/base/languages/portuguese.lang.php +share/base/languages/russian.lang.php +share/base/languages/simplified_chinese.lang.php +share/base/languages/spanish.lang.php +share/base/languages/swedish.lang.php +share/base/scripts/base_maintenance.pl +share/base/setup/base_conf_contents.php +share/base/setup/index.php +share/base/setup/setup1.php +share/base/setup/setup2.php +share/base/setup/setup3.php +share/base/setup/setup4.php +share/base/setup/setup5.php +share/base/sql/acid2base_tbls_mssql.sql +share/base/sql/acid2base_tbls_mysql.sql +share/base/sql/acid2base_tbls_pgsql.sql +share/base/sql/create_base_tbls_mssql.sql +share/base/sql/create_base_tbls_mssql_extra.sql +share/base/sql/create_base_tbls_mysql.sql +share/base/sql/create_base_tbls_oracle.sql +share/base/sql/create_base_tbls_pgsql.sql +share/base/sql/create_base_tbls_pgsql_extra.sql +share/base/sql/upgrade_0.9.x_to_1.0-mysql.sql +share/base/styles/acid_style.css +share/base/styles/base_black_style.css +share/base/styles/base_red_style.css +share/base/styles/base_style.css +share/doc/base/CHANGELOG +share/doc/base/CREDITS +share/doc/base/README +share/doc/base/README.mssql +share/doc/base/TODO +share/doc/base/UPGRADE +share/doc/base/base_faq.rtf +share/examples/base/base.conf +share/examples/base/base_conf.php +@dirrm share/examples/base +@dirrm share/doc/base +@dirrm share/base/styles +@dirrm share/base/sql +@dirrm share/base/setup +@dirrm share/base/scripts +@dirrm share/base/languages +@unexec ${RMDIR} %D/share/base/includes/templates/default 2>/dev/null || ${TRUE} +@unexec ${RMDIR} %D/share/base/includes/templates 2>/dev/null || ${TRUE} +@dirrm share/base/includes +@dirrm share/base/images +@dirrm share/base/help +@dirrm share/base/admin +@unexec ${RMDIR} %D/share/base 2>/dev/null || ${TRUE} diff --git a/security/base/distinfo b/security/base/distinfo new file mode 100644 index 00000000000..c878ab99c40 --- /dev/null +++ b/security/base/distinfo @@ -0,0 +1,6 @@ +$NetBSD: distinfo,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +SHA1 (base-1.2.1.tar.gz) = fa556587b8dbdf8c7bc5496ad17098d23964e6bd +RMD160 (base-1.2.1.tar.gz) = 3adeebc85dbcd60c6bdbf3be4e8eb9527528f75b +Size (base-1.2.1.tar.gz) = 344440 bytes +SHA1 (patch-aa) = 643f22ba268bf712bfc969b6e3e5d086106f466f diff --git a/security/base/files/base.conf b/security/base/files/base.conf new file mode 100644 index 00000000000..58792f45d6a --- /dev/null +++ b/security/base/files/base.conf @@ -0,0 +1,28 @@ +# $NetBSD: base.conf,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ +# +# BASE configuration file fragment for Apache + +<IfModule mod_alias.c> + Alias /base/ "@BASE_DIR@/" +</IfModule> + +<Directory "@BASE_DIR@"> + Options Indexes + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +# +# For security, dont serve pages from certain directories +# + +<Directory "@BASE_DIR@/scripts"> + Order deny,allow + Deny from all +</Directory> + +<Directory "@BASE_DIR@/sql"> + Order deny,allow + Deny from all +</Directory> diff --git a/security/base/options.mk b/security/base/options.mk new file mode 100644 index 00000000000..62d3135ef8e --- /dev/null +++ b/security/base/options.mk @@ -0,0 +1,24 @@ +# $NetBSD: options.mk,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +PKG_OPTIONS_VAR= PKG_OPTIONS.base + +PKG_OPTIONS_REQUIRED_GROUPS= db +PKG_OPTIONS_GROUP.db= mysql pgsql + +PKG_SUGGESTED_OPTIONS= mysql + +.include "../../mk/bsd.options.mk" + +### +### Use PostgreSQL for storing BASE raw data +### +.if !empty(PKG_OPTIONS:Mpgsql) +. include "../../mk/pgsql.buildlink3.mk" +DBTYPE= postgres +.elif !empty(PKG_OPTIONS:Mmysql) +### +### Use MySQL for storing BASE raw data +### +. include "../../mk/mysql.buildlink3.mk" +DBTYPE= mysql +.endif diff --git a/security/base/patches/patch-aa b/security/base/patches/patch-aa new file mode 100644 index 00000000000..fe5c81387ad --- /dev/null +++ b/security/base/patches/patch-aa @@ -0,0 +1,31 @@ +$NetBSD: patch-aa,v 1.1.1.1 2006/01/03 21:09:44 adrianp Exp $ + +--- base_conf.php.dist.orig 2005-10-31 11:33:27.000000000 +1100 ++++ base_conf.php.dist +@@ -39,7 +39,7 @@ $Use_Auth_System = 0; + But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base + set this to /base + */ +-$BASE_urlpath = ""; ++$BASE_urlpath = "/base"; + + /* Unique BASE ID. The below variable, if set, will append its value to the + * title bar of the browser. This is for people who manage multiple installs +@@ -61,7 +61,7 @@ $base_custom_footer = ""; + * $foo = "c:\tmp" [OK] + * $foo = "c:\tmp\" [WRONG] + */ +-$DBlib_path = ""; ++$DBlib_path = "@PREFIX@/share/adodb"; + + /* The type of underlying alert database + * +@@ -70,7 +70,7 @@ $DBlib_path = ""; + * MS SQL Server : "mssql" + * Oracle : "oci8" + */ +-$DBtype = "mysql"; ++$DBtype = "@DBTYPE@"; + + /* Alert DB connection parameters + * - $alert_dbname : MySQL database name of Snort alert DB |