From b836e729d1d613146f212f497024a3091056d3db Mon Sep 17 00:00:00 2001 From: shannonjr Date: Tue, 31 Jan 2006 17:54:10 +0000 Subject: Update to 0.9.2. Changes: - prelude-manager has been updated to check the loaded revocation list, if available. This was needed since the recent prelude-adduser addition allowing to create analyzer revocation list. - Remove line size limitation on specified IDMEF-criteria. - Remove all ancillary groups as well as setgid-ing. - Fix idmef-criteria-filter option conflict. - Fix a possible crash if no listen address is specified, but a reverse relay is used. - Much better error reporting. Prelude-Manager is a high availability server that accepts secured connections from distributed sensors or other managers and saves received events to a media specified by the user (database, logfile, mail, etc). --- security/prelude-manager/Makefile | 6 ++- security/prelude-manager/PLIST | 3 +- security/prelude-manager/distinfo | 8 ++-- security/prelude-manager/files/preludemanager.sh | 7 +-- .../prelude-manager/files/run-prelude-manager.c | 51 ---------------------- 5 files changed, 13 insertions(+), 62 deletions(-) (limited to 'security/prelude-manager') diff --git a/security/prelude-manager/Makefile b/security/prelude-manager/Makefile index 02aa07eacf9..584ad995343 100644 --- a/security/prelude-manager/Makefile +++ b/security/prelude-manager/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $ +# $NetBSD: Makefile,v 1.2 2006/01/31 17:54:10 shannonjr Exp $ # -DISTNAME= prelude-manager-0.9.1 +DISTNAME= prelude-manager-0.9.2 CATEGORIES= security MASTER_SITES= http://www.prelude-ids.org/download/releases/ @@ -17,6 +17,7 @@ GNU_CONFIGURE= yes USE_GNU_TOOLS+= make CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} +CONFIGURE_ARGS+= --with-libpreludedb-prefix=${BUILDLINK_PREFIX.libpreludedb} RCD_SCRIPTS= preludemanager PRELUDE_MANAGER_PID_DIR= ${VARBASE}/run/prelude-manager PRELUDE_USER?= _prelude @@ -26,6 +27,7 @@ PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS\ manager:${PRELUD PKG_GROUPS= ${PRELUDE_GROUP} FILES_SUBST+= PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q} FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q} +FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_USER:Q} SUBST_CLASSES+= code SUBST_STAGE.code= post-patch diff --git a/security/prelude-manager/PLIST b/security/prelude-manager/PLIST index c273ad8d408..ae8cac90122 100644 --- a/security/prelude-manager/PLIST +++ b/security/prelude-manager/PLIST @@ -1,8 +1,7 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $ +@comment $NetBSD: PLIST,v 1.2 2006/01/31 17:54:10 shannonjr Exp $ bin/prelude-manager include/prelude-manager/prelude-manager.h lib/prelude-manager/filters/idmef-criteria.la -lib/prelude-manager/reports/db.la lib/prelude-manager/reports/debug.la lib/prelude-manager/reports/relaying.la lib/prelude-manager/reports/textmod.la diff --git a/security/prelude-manager/distinfo b/security/prelude-manager/distinfo index 63593895e62..5e4059ef61c 100644 --- a/security/prelude-manager/distinfo +++ b/security/prelude-manager/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $ +$NetBSD: distinfo,v 1.2 2006/01/31 17:54:10 shannonjr Exp $ -SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde -RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6 -Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes +SHA1 (prelude-manager-0.9.2.tar.gz) = ba29d4ded5059a8dc239c3a4c75486b38ae7bd48 +RMD160 (prelude-manager-0.9.2.tar.gz) = 56a95286accd9519b0719aac617f36308d63c4e7 +Size (prelude-manager-0.9.2.tar.gz) = 567365 bytes diff --git a/security/prelude-manager/files/preludemanager.sh b/security/prelude-manager/files/preludemanager.sh index 90257c45142..523ad132f46 100644 --- a/security/prelude-manager/files/preludemanager.sh +++ b/security/prelude-manager/files/preludemanager.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $ +# $NetBSD: preludemanager.sh,v 1.2 2006/01/31 17:54:10 shannonjr Exp $ # # PROVIDE: preludemanager @@ -9,16 +9,17 @@ $_rc_subr_loaded . /etc/rc.subr name="preludemanager" +procname="@PREFIX@/bin/prelude-manager" rcvar=${name} required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf" start_precmd="preludemanager_precommand" -start_cmd="@PREFIX@/sbin/run-prelude-manager -d" +start_cmd="@PREFIX@/sbin/run-prelude-manager -d --pidfile @PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid" pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid" preludemanager_precommand() { /bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@ - /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@ + /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_MANAGER_PID_DIR@ for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do if [ -S /tmp/mysql.sock ]; then break diff --git a/security/prelude-manager/files/run-prelude-manager.c b/security/prelude-manager/files/run-prelude-manager.c index 7c624041cb7..1c28d5470ae 100644 --- a/security/prelude-manager/files/run-prelude-manager.c +++ b/security/prelude-manager/files/run-prelude-manager.c @@ -1,4 +1,3 @@ -#define PRELUDE_MANAGER_USER "@PRELUDE_USER@" #define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager" #define MAXMAXFD 256 @@ -33,27 +32,6 @@ void error_sys(char *str) } -int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid) -{ - /* Obtain UID and GID from passwd entry identified by name */ - struct passwd *pw_entry; - char msg[100]; - - if ((pw_entry = getpwnam(name)) == NULL) - { - snprintf(msg, sizeof(msg), "failed to get password entry for %s", name); - error_sys(msg); - return FALSE; - } - else - { - *pw_uid = pw_entry->pw_uid; - *pw_gid = pw_entry->pw_gid; - return TRUE; - - } -} - static int fdlim_get(int hard) { @@ -99,13 +77,6 @@ int main (int argc, char **argv ) error_sys("arg buffer too small"); exit(-1); } - /* - if (getpid() != 0) - { - error_sys("must be called by root"); - exit(-1); - } - */ /* fork child that will become prelude-manager */ if ((pid = fork()) < 0) @@ -130,28 +101,6 @@ int main (int argc, char **argv ) /* Clear out file creation mask */ umask(0); - if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID)) - exit(-1); - - /* Drop privileges immediately */ - if (setgid(GID) < 0) - { - /* It is VERY important to check return - value and not continue if setgid fails - */ - error_sys ("setgid failed"); - exit (-1); - } - - if (setuid(UID) < 0) - { - /* It is VERY important to check return - value and not continue if setuid fails - */ - error_sys ("setuid failed"); - exit (-1); - } - /* Increase limit on number of open file descriptors if necessary */ maxfd = fdlim_get(1); if (maxfd < 0) -- cgit v1.2.3