diff options
Diffstat (limited to 'security/prelude-lml')
| -rw-r--r-- | security/prelude-lml/DESCR | 5 | ||||
| -rw-r--r-- | security/prelude-lml/Makefile | 167 | ||||
| -rw-r--r-- | security/prelude-lml/PLIST | 71 | ||||
| -rw-r--r-- | security/prelude-lml/distinfo | 8 | ||||
| -rw-r--r-- | security/prelude-lml/files/preludelml.sh | 26 | ||||
| -rw-r--r-- | security/prelude-lml/files/run-prelude-lml.c | 166 | ||||
| -rw-r--r-- | security/prelude-lml/patches/patch-ab | 40 | ||||
| -rw-r--r-- | security/prelude-lml/patches/patch-ac | 13 | ||||
| -rw-r--r-- | security/prelude-lml/patches/patch-ad | 13 |
9 files changed, 0 insertions, 509 deletions
diff --git a/security/prelude-lml/DESCR b/security/prelude-lml/DESCR deleted file mode 100644 index d0dbb033523..00000000000 --- a/security/prelude-lml/DESCR +++ /dev/null @@ -1,5 +0,0 @@ -Prelude is a hybrid IDS consisting of multiple -sensors, managers, and a display console. -Prelude-lml is the log file analyzer. It scans -system log files and generates IDMEF alerts to -the prelude-manager based on signature rulesets. diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile deleted file mode 100644 index 3a57fc28d71..00000000000 --- a/security/prelude-lml/Makefile +++ /dev/null @@ -1,167 +0,0 @@ -# $NetBSD: Makefile,v 1.50 2021/12/08 16:06:22 adam Exp $ -# - -DISTNAME= prelude-lml-0.9.15 -PKGREVISION= 16 -CATEGORIES= security -MASTER_SITES= http://www.prelude-ids.com/download/releases/prelude-lml/ - -MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= http://www.prelude-ids.org/ -COMMENT= Log analyzer monitoring your logfile and received syslog messages - -.include "../../mk/bsd.prefs.mk" - -PRELUDE_USER?= _prelude -PRELUDE_GROUP?= _prelude - -PKG_GROUPS_VARS+= PRELUDE_GROUP -PKG_USERS_VARS+= PRELUDE_USER - -USE_PKGLOCALEDIR= yes -USE_LIBTOOL= yes -GNU_CONFIGURE= yes -USE_TOOLS+= gmake -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} -CONFIGURE_ARGS+= --html=${PREFIX}/share/doc -CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} -RCD_SCRIPTS= preludelml -PRELUDE_USER?= _prelude -PRELUDE_GROUP?= _prelude -BUILD_DEFS+= VARBASE -PRELUDE_LML_PID_DIR= ${VARBASE}/run/prelude-lml -PRELUDE_HOME= ${VARBASE}/prelude-lml - -INSTALLATION_DIRS= sbin - -PKG_GROUPS= ${PRELUDE_GROUP} -PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP} - -EGDIR= ${PREFIX}/share/examples/prelude-lml -REQD_DIRS= ${EGDIR} ${PKG_SYSCONFDIR}/ruleset -MAKE_DIRS_PERMS+= ${VARBASE}/prelude-lml ${PRELUDE_USER} ${PRELUDE_GROUP} 0700 - -PKG_GECOS.${PRELUDE_USER}= Prelude IDS -PKG_HOME.${PRELUDE_USER}= ${PRELUDE_HOME} - -FILES_SUBST+= PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q} -FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q} -FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_GROUP:Q} - -SUBST_CLASSES+= code -SUBST_STAGE.code= pre-configure -SUBST_FILES.code= run-prelude-lml.c -SUBST_VARS.code= PREFIX -SUBST_VARS.code+= PRELUDE_USER - -SUBST_CLASSES+= make -SUBST_STAGE.make= pre-configure -SUBST_FILES.make= Makefile.in -SUBST_VARS.make= EGDIR - -PKG_SYSCONFSUBDIR= prelude-lml -CONF_FILES_PERMS+= ${EGDIR}/plugins.rules ${PKG_SYSCONFDIR}/plugins.rules \ - ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0644 -CONF_FILES_PERMS+= ${EGDIR}/prelude-lml.conf ${PKG_SYSCONFDIR}/prelude-lml.conf \ - ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0644 - -# From plugins/pcre/ruleset/Makefile.in -ruleset_DATA = \ - apc-emu.rules \ - arbor.rules \ - arpwatch.rules \ - asterisk.rules \ - bonding.rules \ - cacti-thold.rules \ - checkpoint.rules \ - cisco-asa.rules \ - cisco-common.rules \ - cisco-css.rules \ - cisco-ips.rules \ - cisco-router.rules \ - cisco-vpn.rules \ - clamav.rules \ - dell-om.rules \ - f5-bigip.rules \ - grsecurity.rules \ - honeyd.rules \ - honeytrap.rules \ - httpd.rules \ - ipchains.rules \ - ipfw.rules \ - kojoney.rules \ - modsecurity.rules \ - ms-cluster.rules \ - ms-sql.rules \ - nagios.rules \ - navce.rules \ - netapp-ontap.rules \ - netfilter.rules \ - netscreen.rules \ - ntsyslog.rules \ - openhostapd.rules \ - pam.rules \ - pcanywhere.rules \ - pcre.rules \ - portsentry.rules \ - postfix.rules \ - ppp.rules \ - proftpd.rules \ - qpopper.rules \ - rishi.rules \ - selinux.rules \ - sendmail.rules \ - shadow-utils.rules \ - single.rules \ - sonicwall.rules \ - spamassassin.rules \ - squid.rules \ - su.rules \ - ssh.rules \ - sudo.rules \ - suhosin.rules \ - tripwire.rules \ - vigor.rules \ - vpopmail.rules \ - linksys-wap11.rules \ - webmin.rules \ - wu-ftp.rules -.for f in ${ruleset_DATA} -CONF_FILES+= ${EGDIR}/ruleset/${f:Q} ${PKG_SYSCONFDIR}/ruleset/${f:Q} -.endfor - -PKG_OPTIONS_VAR= PKG_OPTIONS.prelude-lml -PKG_SUPPORTED_OPTIONS= unsupported-rulesets - -.include "../../mk/bsd.options.mk" - -PLIST_VARS+= unsupported -.if !empty(PKG_OPTIONS:Munsupported-rulesets) -CONFIGURE_ARGS+= --enable-unsupported-rulesets -PLIST.unsupported= yes -unsupported_ruleset_DATA = \ - exim.rules \ - ipso.rules \ - zywall.rules \ - zyxel.rules -. for f in ${unsupported_ruleset_DATA} -CONF_FILES+= ${EGDIR}/ruleset/${f:Q} ${PKG_SYSCONFDIR}/ruleset/${f:Q} -. endfor -.endif - -pre-patch: - ${CP} ${FILESDIR}/run-prelude-lml.c ${WRKSRC} - -pre-configure: - ${LN} -s ${BUILDLINK_DIR}/lib/libltdl.so ${BUILDLINK_DIR}/lib/libltdlc.so - -post-build: - cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${CC} ${CFLAGS} -o run-prelude-lml run-prelude-lml.c - -post-install: - ${INSTALL_PROGRAM} ${WRKSRC}/run-prelude-lml ${DESTDIR}${PREFIX}/sbin/run-prelude-lml - -.include "../../security/libprelude/buildlink3.mk" -.include "../../devel/pcre/buildlink3.mk" -.include "../../devel/libltdl/buildlink3.mk" -.include "../../mk/bsd.pkg.mk" diff --git a/security/prelude-lml/PLIST b/security/prelude-lml/PLIST deleted file mode 100644 index d934215c17d..00000000000 --- a/security/prelude-lml/PLIST +++ /dev/null @@ -1,71 +0,0 @@ -@comment $NetBSD: PLIST,v 1.15 2018/01/01 22:29:54 rillig Exp $ -bin/prelude-lml -include/prelude-lml/prelude-lml.h -lib/prelude-lml/debug.la -lib/prelude-lml/pcre.la -sbin/run-prelude-lml -share/examples/prelude-lml/plugins.rules -share/examples/prelude-lml/prelude-lml.conf -share/examples/prelude-lml/ruleset/apc-emu.rules -share/examples/prelude-lml/ruleset/arbor.rules -share/examples/prelude-lml/ruleset/arpwatch.rules -share/examples/prelude-lml/ruleset/asterisk.rules -share/examples/prelude-lml/ruleset/bonding.rules -share/examples/prelude-lml/ruleset/cacti-thold.rules -share/examples/prelude-lml/ruleset/checkpoint.rules -share/examples/prelude-lml/ruleset/cisco-asa.rules -share/examples/prelude-lml/ruleset/cisco-common.rules -share/examples/prelude-lml/ruleset/cisco-css.rules -share/examples/prelude-lml/ruleset/cisco-ips.rules -share/examples/prelude-lml/ruleset/cisco-router.rules -share/examples/prelude-lml/ruleset/cisco-vpn.rules -share/examples/prelude-lml/ruleset/clamav.rules -share/examples/prelude-lml/ruleset/dell-om.rules -${PLIST.unsupported}share/examples/prelude-lml/ruleset/exim.rules -share/examples/prelude-lml/ruleset/f5-bigip.rules -share/examples/prelude-lml/ruleset/grsecurity.rules -share/examples/prelude-lml/ruleset/honeyd.rules -share/examples/prelude-lml/ruleset/honeytrap.rules -share/examples/prelude-lml/ruleset/httpd.rules -share/examples/prelude-lml/ruleset/ipchains.rules -share/examples/prelude-lml/ruleset/ipfw.rules -${PLIST.unsupported}share/examples/prelude-lml/ruleset/ipso.rules -share/examples/prelude-lml/ruleset/kojoney.rules -share/examples/prelude-lml/ruleset/linksys-wap11.rules -share/examples/prelude-lml/ruleset/modsecurity.rules -share/examples/prelude-lml/ruleset/ms-cluster.rules -share/examples/prelude-lml/ruleset/ms-sql.rules -share/examples/prelude-lml/ruleset/nagios.rules -share/examples/prelude-lml/ruleset/navce.rules -share/examples/prelude-lml/ruleset/netapp-ontap.rules -share/examples/prelude-lml/ruleset/netfilter.rules -share/examples/prelude-lml/ruleset/netscreen.rules -share/examples/prelude-lml/ruleset/ntsyslog.rules -share/examples/prelude-lml/ruleset/openhostapd.rules -share/examples/prelude-lml/ruleset/pam.rules -share/examples/prelude-lml/ruleset/pcanywhere.rules -share/examples/prelude-lml/ruleset/pcre.rules -share/examples/prelude-lml/ruleset/portsentry.rules -share/examples/prelude-lml/ruleset/postfix.rules -share/examples/prelude-lml/ruleset/ppp.rules -share/examples/prelude-lml/ruleset/proftpd.rules -share/examples/prelude-lml/ruleset/qpopper.rules -share/examples/prelude-lml/ruleset/rishi.rules -share/examples/prelude-lml/ruleset/selinux.rules -share/examples/prelude-lml/ruleset/sendmail.rules -share/examples/prelude-lml/ruleset/shadow-utils.rules -share/examples/prelude-lml/ruleset/single.rules -share/examples/prelude-lml/ruleset/sonicwall.rules -share/examples/prelude-lml/ruleset/spamassassin.rules -share/examples/prelude-lml/ruleset/squid.rules -share/examples/prelude-lml/ruleset/ssh.rules -share/examples/prelude-lml/ruleset/su.rules -share/examples/prelude-lml/ruleset/sudo.rules -share/examples/prelude-lml/ruleset/suhosin.rules -share/examples/prelude-lml/ruleset/tripwire.rules -share/examples/prelude-lml/ruleset/vigor.rules -share/examples/prelude-lml/ruleset/vpopmail.rules -share/examples/prelude-lml/ruleset/webmin.rules -share/examples/prelude-lml/ruleset/wu-ftp.rules -${PLIST.unsupported}share/examples/prelude-lml/ruleset/zywall.rules -${PLIST.unsupported}share/examples/prelude-lml/ruleset/zyxel.rules diff --git a/security/prelude-lml/distinfo b/security/prelude-lml/distinfo deleted file mode 100644 index 6f376451ee9..00000000000 --- a/security/prelude-lml/distinfo +++ /dev/null @@ -1,8 +0,0 @@ -$NetBSD: distinfo,v 1.20 2021/10/26 11:17:39 nia Exp $ - -BLAKE2s (prelude-lml-0.9.15.tar.gz) = c48b75dbe4db2ff4619bf544d301e0fa38100a26b0e05b393acbbecced6e953d -SHA512 (prelude-lml-0.9.15.tar.gz) = deeeead850479e4c15d21c26ab90a611c860df4765effe3bff8efa392ee38807efc7e4ba93d3b6a72085f477f5ff16448323e3df94dbc4025db4f0bd4d3b50d5 -Size (prelude-lml-0.9.15.tar.gz) = 1018513 bytes -SHA1 (patch-ab) = 62ef692dc3e1767de73629a736883c9bc6ef1264 -SHA1 (patch-ac) = 0980dcf3d203ad759997bd3d1efb36ea6722a4af -SHA1 (patch-ad) = ff6978d5975e4a410a8a9206d0a395ada5b4dbdf diff --git a/security/prelude-lml/files/preludelml.sh b/security/prelude-lml/files/preludelml.sh deleted file mode 100644 index 9ac7c7ffe1b..00000000000 --- a/security/prelude-lml/files/preludelml.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!@RCD_SCRIPTS_SHELL@ -# -# $NetBSD: preludelml.sh,v 1.5 2011/10/07 22:37:05 shattered Exp $ -# - -# PROVIDE: preludelml -# REQUIRE: LOGIN - -$_rc_subr_loaded . /etc/rc.subr - -name="preludelml" -procname="@PREFIX@/bin/prelude-lml" -rcvar=${name} -required_files="@PKG_SYSCONFDIR@/prelude-lml/prelude-lml.conf" -start_precmd="preludelml_precommand" -start_cmd="@PREFIX@/sbin/run-prelude-lml --pidfile @PRELUDE_LML_PID_DIR@/prelude-lml.pid" -pidfile="@PRELUDE_LML_PID_DIR@/prelude-lml.pid" - -preludelml_precommand() -{ - /bin/mkdir -p @PRELUDE_LML_PID_DIR@ - /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_LML_PID_DIR@ -} - -load_rc_config $name -run_rc_command "$1" diff --git a/security/prelude-lml/files/run-prelude-lml.c b/security/prelude-lml/files/run-prelude-lml.c deleted file mode 100644 index 41e5888524a..00000000000 --- a/security/prelude-lml/files/run-prelude-lml.c +++ /dev/null @@ -1,166 +0,0 @@ -#define PRELUDE_LML_USER "@PRELUDE_USER@" -#define PRELUDE_LML_PATH "@PREFIX@/bin/prelude-lml" - -#include <unistd.h> -#include <string.h> -#include <stdio.h> -#include <errno.h> -#include <stdlib.h> -#include <sys/wait.h> -#include <pwd.h> -#include <syslog.h> - -#define MAX_ARGS 40 -#ifndef TRUE -#define TRUE 1 -#endif /* TRUE */ - -#ifndef FALSE -#define FALSE 0 -#endif /* FALSE */ - - -void error_sys(char *str) - -{ - /* Output error message to syslog */ - char msg[1024]; - snprintf(msg, sizeof(msg), "run-prelude-lml : %s : %s", str, strerror(errno)); - syslog(LOG_ALERT, msg); - -} - - -int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid) -{ - /* Obtain UID and GID from passwd entry identified by name */ - struct passwd *pw_entry; - char msg[100]; - - if ((pw_entry = getpwnam(name)) == NULL) - { - snprintf(msg, sizeof(msg), "failed to get password entry for %s", name); - error_sys(msg); - return FALSE; - } - else - { - *pw_uid = pw_entry->pw_uid; - *pw_gid = pw_entry->pw_gid; - return TRUE; - - } -} - - -int main (int argc, char **argv ) - -{ - - pid_t pid; - uid_t UID; - gid_t GID; - pid_t pidwait; - int waitstat; - int s; - int max_fd; - - /* Sanity check */ - if (argc > MAX_ARGS) - { - error_sys("arg buffer too small"); - exit(-1); - } - - if (geteuid() != 0) - { - error_sys("must be called by root"); - exit(-1); - } - - /* fork child that will become prelude-lml */ - if ((pid = fork()) < 0) - - error_sys("fork error"); - - else - - { - - if (pid == 0) - - { - - /* We're the child */ - char *args[MAX_ARGS]; - unsigned int i; - - /* Become session leader */ - setsid(); - - /* Change working directory to root directory. - The current working directory could be a mounted - filesystem; if the daemon stays on a mounted - filesystem it could prevent the filesystem from - being umounted. */ - chdir("/"); - - /* Clear out file creation mask */ - umask(0); - - /* Close unneeded file descriptors */ - max_fd = (int) sysconf(_SC_OPEN_MAX); - if (max_fd == -1) - max_fd = getdtablesize(); - for (s = 3; s < max_fd; s++) - (void) close(s); - - if (!obtainUIDandGID(PRELUDE_LML_USER, &UID, &GID)) - exit(-1); - - /* Drop privileges immediately */ - if (setgid(GID) < 0) - { - /* It is VERY important to check return - value and not continue if setgid fails - */ - error_sys ("setgid failed"); - exit (-1); - } - - if (setuid(UID) < 0) - { - /* It is VERY important to check return - value and not continue if setuid fails - */ - error_sys ("setuid failed"); - exit (-1); - } - - /* Build calling argv */ - args[0] = PRELUDE_LML_PATH; - for (i=1;i<argc;i++) - { - args[i] = argv[i]; - } - args[i++] = NULL; - - /* Finally transform self into prelude-lml */ - if (execvp(PRELUDE_LML_PATH, args) < 0) - error_sys("execve error"); - else - ; /* avoid if-then ambiguity */ - } - - else - - { - /* We're the parent - Terminate - */ - exit(0); - } - - } - -} diff --git a/security/prelude-lml/patches/patch-ab b/security/prelude-lml/patches/patch-ab deleted file mode 100644 index fc11f7bd98e..00000000000 --- a/security/prelude-lml/patches/patch-ab +++ /dev/null @@ -1,40 +0,0 @@ -$NetBSD: patch-ab,v 1.5 2011/11/11 18:58:14 joerg Exp $ - ---- Makefile.in.orig 2007-08-08 09:48:58.000000000 -0600 -+++ Makefile.in -@@ -1285,33 +1285,10 @@ - - - install-data-local: -- $(INSTALL) -m 700 -d $(DESTDIR)$(metadata_dir) -- @if test -f $(DESTDIR)$(configdir)/prelude-lml.conf; then \ -- echo "********************************************************************************"; \ -- echo; \ -- echo "$(DESTDIR)$(configdir)/prelude-lml.conf already exist..."; \ -- echo "Installing default configuration in $(DESTDIR)$(configdir)/prelude-lml.conf-dist"; \ -- echo; \ -- echo "********************************************************************************"; \ -- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/prelude-lml.conf-dist; \ -- else \ -- $(INSTALL) -m 600 $(top_srcdir)/prelude-lml.conf $(DESTDIR)$(configdir)/; \ -- fi -- @if test -f $(DESTDIR)$(configdir)/plugins.rules; then \ -- echo "********************************************************************************"; \ -- echo; \ -- echo "$(DESTDIR)$(configdir)/plugins.rules already exist..."; \ -- echo "Installing default configuration in $(DESTDIR)$(configdir)/plugins.rules-dist"; \ -- echo; \ -- echo "********************************************************************************"; \ -- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/plugins.rules-dist; \ -- else \ -- $(INSTALL) -m 600 $(top_srcdir)/plugins.rules $(DESTDIR)$(configdir)/; \ -- fi -+ $(BSD_INSTALL_DATA) $(top_srcdir)/prelude-lml.conf ${DESTDIR}@EGDIR@ -+ $(BSD_INSTALL_DATA) $(top_srcdir)/plugins.rules ${DESTDIR}@EGDIR@ - - uninstall-local: -- rm -f $(DESTDIR)$(configdir)/prelude-lml.conf; \ -- rm -f $(DESTDIR)$(configdir)/plugin.rules; - - dist-hook: - @if test -d "$(srcdir)/.git"; then \ diff --git a/security/prelude-lml/patches/patch-ac b/security/prelude-lml/patches/patch-ac deleted file mode 100644 index ca6d29e84ca..00000000000 --- a/security/prelude-lml/patches/patch-ac +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ac,v 1.1 2006/05/20 19:12:59 joerg Exp $ - ---- plugins/pcre/ruleset/unsupported/Makefile.in.orig 2006-05-20 18:50:34.000000000 +0000 -+++ plugins/pcre/ruleset/unsupported/Makefile.in -@@ -236,7 +236,7 @@ target_vendor = @target_vendor@ - @ENABLE_UNSUPPORTED_RULESETS_TRUE@ zywall.rules \ - @ENABLE_UNSUPPORTED_RULESETS_TRUE@ zyxel.rules - --@ENABLE_UNSUPPORTED_RULESETS_TRUE@rulesetdir = $(configdir)/ruleset -+@ENABLE_UNSUPPORTED_RULESETS_TRUE@rulesetdir = $(prefix)/share/examples/prelude-lml/ruleset - @ENABLE_UNSUPPORTED_RULESETS_TRUE@EXTRA_DIST = $(ruleset_DATA) - all: all-am - diff --git a/security/prelude-lml/patches/patch-ad b/security/prelude-lml/patches/patch-ad deleted file mode 100644 index 56c5621e71a..00000000000 --- a/security/prelude-lml/patches/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ad,v 1.2 2008/04/28 10:54:08 shannonjr Exp $ - ---- ./plugins/pcre/ruleset/Makefile.in.orig 2008-04-24 11:48:21.000000000 -0600 -+++ ./plugins/pcre/ruleset/Makefile.in -@@ -535,7 +535,7 @@ ruleset_DATA = \ - webmin.rules \ - wu-ftp.rules - --rulesetdir = $(configdir)/ruleset -+rulesetdir = $(prefix)/share/examples/prelude-lml/ruleset - EXTRA_DIST = $(ruleset_DATA) - all: all-recursive - |