Sguil (pronounced "sgweel") is a graphical interface to snort,

an open source intrusion detection system.
The actual interface and GUI server are written in tcl/tk.
Sguil also relies on other open source software
in order to function properly.

The client requires gpg, iwidgets and other tcl packages and may
also use wireshark, festival and tls depending on your selection
of options.  Run "make config" in the port to see what options
are available.

Sguil currently functions as an analysis interface and has
no snort sensor or rule management capabilities.

WWW: http://sguil.sourceforge.net/index.php
pauls@utdallas.edu

PR:		ports/105496
Submitted by:	Paul Schmehl <pauls at utdallas.edu>

8 files changed, 253 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 8eeca94..e486438 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -624,6 +624,7 @@
     SUBDIR += sectok
     SUBDIR += secure_delete
     SUBDIR += sfs
+    SUBDIR += sguil-client
     SUBDIR += sguil-sensor
     SUBDIR += sguil-server
     SUBDIR += sha
diff --git a/security/sguil-client/Makefile b/security/sguil-client/Makefile
new file mode 100644
index 0000000..3cbace3
--- /dev/null
+++ b/security/sguil-client/Makefile
@@ -0,0 +1,110 @@
+# New ports collection makefile for:	sguil-client
+# Date created:				2 Nov 2006
+# Whom:					Paul Schmehl <pauls@utdallas.edu>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	sguil-client
+PORTVERSION=	0.6.1
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	sguil
+
+MAINTAINER=	pauls@utdallas.edu
+COMMENT=	Sguil is a network security monitoring program
+
+RUN_DEPENDS=	dtplite:${PORTSDIR}/devel/tcllib \
+		gpg:${PORTSDIR}/security/gnupg \
+		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX \
+		${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets
+
+OPTIONS=	TLS "Include openssl support" off \
+		WIRESHARK "Install wireshark" off \
+		AUDIO "Install Festival Speech Synthesis" off
+
+NO_BUILD=	YES
+WISH_CMD?=	wish8.4
+WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
+SUB_LIST=	SGUILDIR=${SGUILDIR}
+SUB_FILES=	pkg-message
+PLIST_SUB=	SGUILDIR=${SGUILDIR} LIBDIR=${LIBDIR} IMAGEDIR=${IMAGEDIR} SCRIPTDIR=${SCRIPTDIR}
+SGUILDIR?=	sguil-client
+LIBDIR?=	${SGUILDIR}/lib
+IMAGEDIR?=	${LIBDIR}/tablelist4.1/images
+SCRIPTDIR?=	${LIBDIR}/tablelist4.1/scripts
+
+PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
+		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+
+LIBFILES=	SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl guilib.tcl nessusheader.html \
+		qrybuild.tcl qrylib.tcl report.tcl sancp.tcl sellib.tcl sound.tcl stdquery.tcl whois.tcl
+
+IMAGES=		DarkLineDown10x9.xbm DarkLineDown12x11.xbm DarkLineDown8x7.xbm DarkLineUp10x9.xbm \
+		DarkLineUp12x11.xbm DarkLineUp8x7.xbm LightLineDown10x9.xbm LightLineDown12x11.xbm \
+		LightLineDown8x7.xbm LightLineUp10x9.xbm LightLineUp12x11.xbm LightLineUp8x7.xbm \
+		TriangleDown10x9.xbm TriangleDown12x11.xbm TriangleDown7x4.xbm TriangleDown7x7.xbm \
+		TriangleDown8x5.xbm TriangleDown8x7.xbm TriangleDown9x5.xbm TriangleUp10x9.xbm \
+		TriangleUp12x11.xbm TriangleUp7x4.xbm TriangleUp7x7.xbm TriangleUp8x5.xbm \
+		TriangleUp8x7.xbm TriangleUp9x5.xbm checked.xbm unchecked.xbm
+
+SCRIPTS=	mwutil.tcl repair.tcl tablelistBind.tcl tablelistConfig.tcl tablelistEdit.tcl \
+		tablelistMove.tcl tablelistSort.tcl tablelistThemes.tcl tablelistUtil.tcl \
+		tablelistWidget.tcl tclIndex
+
+.include <bsd.port.pre.mk>
+
+.if defined(WITH_TLS)
+LIB_DEPENDS+=	tls:${PORTSDIR}/devel/tcltls
+.endif
+
+.if defined(WITH_WIRESHARK)
+RUN_DEPENDS+=	wireshark:${PORTSDIR}/net/wireshark
+.endif
+
+.if defined(WITH_AUDIO)
+RUN_DEPENDS+=	festival:${PORTSDIR}/audio/festival
+.endif
+
+post-patch:
+.for f in sguil.tk
+	@${REINPLACE_CMD} -e 's:exec wish:exec ${PREFIX}/bin/${WISH_CMD}:g' \
+		${WRKSRC}/client/${f}
+.endfor
+
+do-install:
+	@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
+	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/client/sguil.tk \
+		${PREFIX}/bin/${SGUILDIR}/sguil.tk
+.for f in sguil.conf
+	${INSTALL_DATA} ${WRKSRC}/client/${f} \
+		${PREFIX}/etc/${f}-sample
+.endfor
+.for f in ${LIBFILES}
+	@${MKDIR} ${PREFIX}/bin/${LIBDIR}
+	${INSTALL_DATA} ${WRKSRC}/client/lib/${f} ${PREFIX}/bin/${LIBDIR}/${f}
+.endfor
+.for f in tablelist.tcl tablelistPublic.tcl COPYRIGHT.txt
+	@${MKDIR} ${PREFIX}/bin/${LIBDIR}/tablelist4.1
+	${INSTALL_DATA} ${WRKSRC}/client/lib/tablelist4.1/${f} \
+		${PREFIX}/bin/${LIBDIR}/tablelist4.1/${f}
+.endfor
+.for f in ${IMAGES}
+	@${MKDIR} ${PREFIX}/bin/${IMAGEDIR}
+	${INSTALL_DATA} ${WRKSRC}/client/lib/tablelist4.1/images/${f} \
+		${PREFIX}/bin/${IMAGEDIR}/${f}
+.endfor
+.for f in ${SCRIPTS}
+	@${MKDIR} ${PREFIX}/bin/${SCRIPTDIR}
+	${INSTALL_DATA} ${WRKSRC}/client/lib/tablelist4.1/scripts/${f} \
+		${PREFIX}/bin/${SCRIPTDIR}/${f}
+.endfor
+
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+	cd ${WRKSRC}/doc && ${INSTALL_DATA} \
+		${PORTDOCS} ${DOCSDIR}
+.endif
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/sguil-client/distinfo b/security/sguil-client/distinfo
new file mode 100644
index 0000000..43a6e9e
--- /dev/null
+++ b/security/sguil-client/distinfo
@@ -0,0 +1,3 @@
+MD5 (sguil-client-0.6.1.tar.gz) = 68d209f882d4c8fa9c200ba0924b00b3
+SHA256 (sguil-client-0.6.1.tar.gz) = c493cce8c6c1d5802c2ee3d2e0b7bed913ec511bda565ad697250b23a7809dc9
+SIZE (sguil-client-0.6.1.tar.gz) = 204032
diff --git a/security/sguil-client/files/patch-sguil.conf b/security/sguil-client/files/patch-sguil.conf
new file mode 100644
index 0000000..3fd50e3
--- /dev/null
+++ b/security/sguil-client/files/patch-sguil.conf
@@ -0,0 +1,35 @@
+--- client/sguil.conf.orig	Fri Feb 10 08:59:33 2006
++++ client/sguil.conf	Mon Nov 13 13:11:03 2006
+@@ -12,7 +12,7 @@
+ set SERVERHOST demo.sguil.net
+ 
+ # Where any required sguil libraries are (like the font chooser).
+-set SGUILLIB ./lib
++set SGUILLIB /usr/local/bin/sguil-client/lib
+ # Debug 1=on 0=off  This is VERY chatty
+ set DEBUG 1
+ # Set up OpenSSL here (read ./doc/OPENSSL.README)
+@@ -30,12 +30,12 @@
+ # If you have festival installed, then you can have alerts spoken to
+ # you. Set the path to the festival binary here. If you are using
+ # speechd from speechio.org, then leave this commented out.
+-set FESTIVAL_PATH /usr/bin/festival
++set FESTIVAL_PATH /usr/local/bin/festival
+ # win32 example
+ # set FESTIVAL_PATH "c:\festival\bin\festival.exe"
+ #set WHOIS_PATH /common/bin/awhois.sh
+ # Path to ethereal
+-set ETHEREAL_PATH /usr/sbin/ethereal
++set ETHEREAL_PATH /usr/local/bin/wireshark
+ # win32 example
+ # set ETHEREAL_PATH "c:/progra~1/ethereal/ethereal.exe"
+ # Where to save the temporary raw data files on the client system
+@@ -44,7 +44,7 @@
+ # win32 example
+ # set ETHEREAL_STORE_DIR "c:/tmp"
+ # Favorite browser for looking at sig info on snort.org
+-set BROWSER_PATH /usr/bin/mozilla
++set BROWSER_PATH /usr/local/bin/firefox
+ # win32 example (IE)
+ # set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe
+ #
diff --git a/security/sguil-client/files/patch-sguil.tk b/security/sguil-client/files/patch-sguil.tk
new file mode 100644
index 0000000..71dc676
--- /dev/null
+++ b/security/sguil-client/files/patch-sguil.tk
@@ -0,0 +1,11 @@
+--- client/sguil.tk.orig	Mon Nov 13 13:19:24 2006
++++ client/sguil.tk	Mon Nov 13 13:21:03 2006
+@@ -1679,6 +1679,8 @@
+     set CONF_FILE $env(HOME)/sguil.conf
+   } elseif { [file exists ./sguil.conf] } {
+     set CONF_FILE ./sguil.conf
++  } elseif { [file exists /usr/local/etc/sguil.conf] } {
++    set CONF_FILE /usr/local/etc/sguil.conf
+   } elseif { [file exists /etc/sguil] &&\
+              [file isdirectory /etc/sguil] &&\
+              [file exists /etc/sguil/sguil.conf] &&\
diff --git a/security/sguil-client/files/pkg-message.in b/security/sguil-client/files/pkg-message.in
new file mode 100644
index 0000000..2da339f
--- /dev/null
+++ b/security/sguil-client/files/pkg-message.in
@@ -0,0 +1,14 @@
+See the USAGE document in the %%DOCSDIR%% for instructions
+on how to use the sguil client to connect to and maintain
+the sguil network monitoring system.
+
+NOTE: This port installs a sguil.conf-sample file in
+%%PREFIX%%/etc/.  If you are installing this on a
+multi-user system, each user might want to have a
+sguil.conf file in their home directory.  Sguil.tk sources
+the home directory first for the sguil.conf file.
+
+There are several items in the conf file that may need
+editing, including the path to your web browser, the name
+of the sguil server you connect to and possibly the port
+you connect to (if you're not using the default port.)
diff --git a/security/sguil-client/pkg-descr b/security/sguil-client/pkg-descr
new file mode 100644
index 0000000..9e9010f
--- /dev/null
+++ b/security/sguil-client/pkg-descr
@@ -0,0 +1,16 @@
+Sguil (pronounced "sgweel") is a graphical interface to snort
+(www.snort.org), an open source intrusion detection system.
+The actual interface and GUI server are written in tcl/tk
+(www.tcl.tk). Sguil also relies on other open source software
+in order to function properly.
+
+The client requires gpg, iwidgets and other tcl packages and may
+also use wireshark, festival and tls depending on your selection
+of options.  Run "make config" in the port to see what options
+are available.
+
+Sguil currently functions as an analysis interface and has
+no snort sensor or rule management capabilities.
+
+WWW: http://sguil.sourceforge.net/index.php
+pauls@utdallas.edu
diff --git a/security/sguil-client/pkg-plist b/security/sguil-client/pkg-plist
new file mode 100644
index 0000000..3331bfb
--- /dev/null
+++ b/security/sguil-client/pkg-plist
@@ -0,0 +1,63 @@
+bin/%%LIBDIR%%/SguilUtil.tcl
+bin/%%LIBDIR%%/dkffont.tcl
+bin/%%LIBDIR%%/email17.tcl
+bin/%%LIBDIR%%/extdata.tcl
+bin/%%LIBDIR%%/guilib.tcl
+bin/%%LIBDIR%%/nessusheader.html
+bin/%%LIBDIR%%/qrybuild.tcl
+bin/%%LIBDIR%%/qrylib.tcl
+bin/%%LIBDIR%%/report.tcl
+bin/%%LIBDIR%%/sancp.tcl
+bin/%%LIBDIR%%/sellib.tcl
+bin/%%LIBDIR%%/sound.tcl
+bin/%%LIBDIR%%/stdquery.tcl
+bin/%%LIBDIR%%/whois.tcl
+bin/%%IMAGEDIR%%/DarkLineDown10x9.xbm
+bin/%%IMAGEDIR%%/DarkLineDown12x11.xbm
+bin/%%IMAGEDIR%%/DarkLineDown8x7.xbm
+bin/%%IMAGEDIR%%/DarkLineUp10x9.xbm
+bin/%%IMAGEDIR%%/DarkLineUp12x11.xbm
+bin/%%IMAGEDIR%%/DarkLineUp8x7.xbm
+bin/%%IMAGEDIR%%/LightLineDown10x9.xbm
+bin/%%IMAGEDIR%%/LightLineDown12x11.xbm
+bin/%%IMAGEDIR%%/LightLineDown8x7.xbm
+bin/%%IMAGEDIR%%/LightLineUp10x9.xbm
+bin/%%IMAGEDIR%%/LightLineUp12x11.xbm
+bin/%%IMAGEDIR%%/LightLineUp8x7.xbm
+bin/%%IMAGEDIR%%/TriangleDown10x9.xbm
+bin/%%IMAGEDIR%%/TriangleDown12x11.xbm
+bin/%%IMAGEDIR%%/TriangleDown7x4.xbm
+bin/%%IMAGEDIR%%/TriangleDown7x7.xbm
+bin/%%IMAGEDIR%%/TriangleDown8x5.xbm
+bin/%%IMAGEDIR%%/TriangleDown8x7.xbm
+bin/%%IMAGEDIR%%/TriangleDown9x5.xbm
+bin/%%IMAGEDIR%%/TriangleUp10x9.xbm
+bin/%%IMAGEDIR%%/TriangleUp12x11.xbm
+bin/%%IMAGEDIR%%/TriangleUp7x4.xbm
+bin/%%IMAGEDIR%%/TriangleUp7x7.xbm
+bin/%%IMAGEDIR%%/TriangleUp8x5.xbm
+bin/%%IMAGEDIR%%/TriangleUp8x7.xbm
+bin/%%IMAGEDIR%%/TriangleUp9x5.xbm
+bin/%%IMAGEDIR%%/checked.xbm
+bin/%%IMAGEDIR%%/unchecked.xbm
+bin/%%SCRIPTDIR%%/mwutil.tcl
+bin/%%SCRIPTDIR%%/repair.tcl
+bin/%%SCRIPTDIR%%/tablelistBind.tcl
+bin/%%SCRIPTDIR%%/tablelistConfig.tcl
+bin/%%SCRIPTDIR%%/tablelistEdit.tcl
+bin/%%SCRIPTDIR%%/tablelistMove.tcl
+bin/%%SCRIPTDIR%%/tablelistSort.tcl
+bin/%%SCRIPTDIR%%/tablelistThemes.tcl
+bin/%%SCRIPTDIR%%/tablelistUtil.tcl
+bin/%%SCRIPTDIR%%/tablelistWidget.tcl
+bin/%%SCRIPTDIR%%/tclIndex
+bin/%%LIBDIR%%/tablelist4.1/tablelist.tcl
+bin/%%LIBDIR%%/tablelist4.1/tablelistPublic.tcl
+bin/%%LIBDIR%%/tablelist4.1/COPYRIGHT.txt
+bin/%%SGUILDIR%%/sguil.tk
+etc/sguil.conf-sample
+@dirrm bin/%%SCRIPTDIR%%
+@dirrm bin/%%IMAGEDIR%%
+@dirrm bin/%%LIBDIR%%/tablelist4.1
+@dirrm bin/%%LIBDIR%%
+@dirrm bin/%%SGUILDIR%%