diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/samhain/Makefile | 83 | ||||
| -rw-r--r-- | security/samhain/distinfo | 2 | ||||
| -rw-r--r-- | security/samhain/files/fixsamhainrc.patch (renamed from security/samhain/files/patch-ab) | 0 | ||||
| -rw-r--r-- | security/samhain/files/fixyulerc.patch | 11 | ||||
| -rw-r--r-- | security/samhain/files/patch-aa | 2 |
5 files changed, 87 insertions, 11 deletions
diff --git a/security/samhain/Makefile b/security/samhain/Makefile index c268d31..f7dd13c 100644 --- a/security/samhain/Makefile +++ b/security/samhain/Makefile @@ -4,12 +4,41 @@ # # $FreeBSD$ # +# +# This port recognizes the following tunables: +# +# RUNAS_USER: +# The username of the account Samhain/Yule will run as. +# Usually just "samhain" or "yule". +# +# WITH_GPG: +# Instructs the port to sign configuration files using the +# GNU Privacy Guard. +# +# WITH_KCHECK: +# Enable support for rogue kernel module detection. +# +# WITH_MYSQL: +# Enable support for logging to a MySQL database. Due to there +# being multiple current versions of MySQL, dependency for this +# is NOT checked. +# +# WITH_POSTGRESQL: +# Enable support for logging to a Postgres database. Untested. +# +# SERVER: +# Builds as Yule, Samhain's central logging server. Mutually exclusive +# with CLIENT. +# +# CLIENT: +# Builds as a client to Yule. Fetches configuration files +# and signature database from LOG_SERVER, and optionally, ALT_LOG_SERVER. +# PORTNAME= samhain -PORTVERSION= 1.7.5 +PORTVERSION= 1.7.8 CATEGORIES= security -MASTER_SITES= http://la-samhna.de/samhain/ \ - http://samhain.securecirt.org/ +MASTER_SITES= http://samhain.securecirt.org/ DISTFILES= samhain_signed-${PORTVERSION}.tar.gz MAINTAINER= lx@redundancy.redundancy.org @@ -20,10 +49,11 @@ BUILD_DEPENDS= gpg:${PORTSDIR}/security/gnupg .endif GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var --mandir=${PREFIX}/man +CONFIGURE_ARGS= --enable-login-watch --localstatedir=/var \ + --mandir=${PREFIX}/man --enable-suidcheck -.if defined(TRUSTED_USER) -CONFIGURE_ARGS+= --enable-identity=${TRUSTED_USER} +.if defined(RUNAS_USER) +CONFIGURE_ARGS+= --enable-identity=${RUNAS_USER} .endif .if defined(WITH_KCHECK) CONFIGURE_ARGS+= --with-kcheck @@ -32,33 +62,68 @@ CONFIGURE_ARGS+= --with-kcheck CONFIGURE_ARGS+= --with-gpg=${PREFIX}/bin/gpg .endif .if defined(WITH_MYSQL) -CONFIGURE_ARGS+= --with-database=mysql +CONFIGURE_ARGS+= --with-database=mysql \ + --with-cflags=-I${LOCALBASE}/include/mysql \ + --with-libs=-L${LOCALBASE}/lib/mysql --enable-xml-log .endif .if defined(WITH_POSTGRES) -CONFIGURE_ARGS+= --with-database=postgresql +CONFIGURE_ARGS+= --with-database=postgresql --enable-xml-log .endif .if defined(CLIENT) -CONFIGURE_ARGS+= --enable-network=client +CONFIGURE_ARGS+= --enable-network=client \ + --with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \ + --with-config-file=REQ_FROM_SERVER --with-logserver=${LOG_SERVER} PLIST_SUB+= SAMHAIN="" SETPWD="" YULE="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .elif defined(SERVER) CONFIGURE_ARGS+= --enable-network=server PLIST_SUB+= YULE="" SAMHAIN="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixyulerc.patch MAN5= yulerc.5 MAN8= yule.8 .else PLIST_SUB+= SAMHAIN="" YULE="@comment " SETPWD="@comment " +EXTRA_PATCHES+= ${FILESDIR}/fixsamhainrc.patch MAN5= samhainrc.5 MAN8= samhain.8 .endif +.if defined(ALT_LOG_SERVER) +CONFIGURE_ARGS+= --with-altlogserver=${ALT_LOG_SERVER} +.endif pre-everything:: .if !defined(CLIENT) && !defined(SERVER) + @${ECHO_MSG} @${ECHO_MSG} "Building in standalone mode." @${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C" @${ECHO_MSG} "now and make with SERVER=yes or CLIENT=yes." + @${ECHO_MSG} +.endif + +.if defined(CLIENT) && defined(SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Can't build client and server at once!" + @${ECHO_MSG} +.error "Can't build client and server at once!" +.endif + +.if defined(CLIENT) && !defined(LOG_SERVER) + @${ECHO_MSG} + @${ECHO_MSG} "Please define LOG_SERVER (and ALT_LOG_SERVER, if " + @${ECHO_MSG} "applicable), the machine(s) this client will log to." + @${ECHO_MSG} +.error "Please define LOG_SERVER." +.endif + +.if defined(WITH_KCHECK) + @${ECHO_MSG} + @${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem." + @${ECHO_MSG} "If you're not building as root, please hit Control-C and" + @${ECHO_MSG} "restart the build as root." + @${ECHO_MSG} .endif post-extract: diff --git a/security/samhain/distinfo b/security/samhain/distinfo index 073e9ec..4f566bb 100644 --- a/security/samhain/distinfo +++ b/security/samhain/distinfo @@ -1 +1 @@ -MD5 (samhain_signed-1.7.5.tar.gz) = ab1102d1eca6f4e37453d5893a49a8ee +MD5 (samhain_signed-1.7.8.tar.gz) = 3c6513e49fa30e86d57797dcffce6b3f diff --git a/security/samhain/files/patch-ab b/security/samhain/files/fixsamhainrc.patch index eed29c3..eed29c3 100644 --- a/security/samhain/files/patch-ab +++ b/security/samhain/files/fixsamhainrc.patch diff --git a/security/samhain/files/fixyulerc.patch b/security/samhain/files/fixyulerc.patch new file mode 100644 index 0000000..4686e72 --- /dev/null +++ b/security/samhain/files/fixyulerc.patch @@ -0,0 +1,11 @@ +--- samhain-install.sh.in Wed Jan 15 16:51:57 2003 ++++ samhain-install.sh.in Wed Jan 15 16:52:10 2003 +@@ -13,7 +13,7 @@ + mandir=@mandir@ + + sysconfdir=@sysconfdir@ +-configfile=@myconffile@ ++configfile=/usr/local/etc/yulerc.sample + + pid_file=@mylockfile@ + pid_dir=@mylockdir@ diff --git a/security/samhain/files/patch-aa b/security/samhain/files/patch-aa index a949ba3..be66f01 100644 --- a/security/samhain/files/patch-aa +++ b/security/samhain/files/patch-aa @@ -19,7 +19,7 @@ echo " The server will run as user @myident@ if started with";\ echo " root privileges, otherwise as the user of the parent ";\ - echo " process (use --enable-identity=USER to change).";\ -+ echo " process (use TRUSTED_USER=USER to change).";\ ++ echo " process (use RUNAS_USER=USER to change).";\ echo;\ echo " You may want to use: make install-user";\ echo;\ |
