diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile
index fa4509d26524..c021e6464248 100644
--- a/security/ossec-hids-local-config/Makefile
+++ b/security/ossec-hids-local-config/Makefile
@@ -1,455 +1,454 @@
-PORTREVISION?=	2
 PKGNAMESUFFIX?=	-${OSSEC_TYPE}-config
 COMMENT?=	Configuration manager for ossec-hids-${OSSEC_TYPE}
 OSSEC_TYPE?=	local
 
 .include "${.CURDIR}/../ossec-hids/version.mk"
 
 MASTERDIR?=	${.CURDIR}
 DISTINFO_FILE?=	${MASTERDIR}/../ossec-hids-local/distinfo
 
 .if ${OSSEC_TYPE} == local
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-agent \
 			ossec-hids-server
 .elif ${OSSEC_TYPE} == agent
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-local \
 			ossec-hids-server
 .elif ${OSSEC_TYPE} == server
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-agent \
 			ossec-hids-local
 .endif
 
 .if !defined(MAINTAINER_MODE)
 RUN_DEPENDS=	ossec-hids-${OSSEC_TYPE}>=${PORTVERSION}:security/ossec-hids-${OSSEC_TYPE}
 .endif
 
 .if defined(MAINTAINER_MODE)
 USE_GITHUB=	yes
 GH_ACCOUNT=	ossec
 .else
 MASTER_SITES=	#
 DISTFILES=	#
 EXTRACT_ONLY=	#
 .endif
 NO_BUILD=	yes
 NO_ARCH=	yes
 
 OPTIONS_SUB=			yes
 
 OPTIONS_SINGLE=			FIREWALL
 OPTIONS_SINGLE_FIREWALL=	NOFW IPF IPFW PF
 
 OPTIONS_DEFAULT+=		NOFW
 
 FIREWALL_DESC=		Active Response Firewall
 PF_DESC=		Packet Filter
 IPFW_DESC=		ipfirewall
 IPF_DESC=		ipfilter
 NOFW_DESC=		Custom or no firewall
 
 TEMPL_ENABLED_HEADER=		template-header-enabled.xml
 TEMPL_DISABLED_HEADER=		template-header-disabled.xml
 TEMPL_SAMPLE_HEADER=		template-header-sample.xml
 TEMPL_PUSHED_ENABLED_HEADER=	${TEMPL_ENABLED_HEADER}
 TEMPL_PUSHED_DISABLED_HEADER=	${TEMPL_DISABLED_HEADER}
 
 TEMPL_SAMPLE=		template-sample-${OSSEC_TYPE}.xml
 TEMPL_SAMPLE_DB=	template-sample-database.xml
 
 PF_VARS=		FW_DROP=pf.sh PKGMSG_FILES+=message-pf
 IPFW_VARS=		FW_DROP=ipfw.sh
 IPF_VARS=		FW_DROP=ipfilter.sh
 NOFW_VARS=		FW_DROP=
 
 .if defined(MAINTAINER_MODE)
 OSSEC_HOME=		${PREFIX}/${PORTNAME}
 .else
 OSSEC_HOME?=		${PREFIX}/${PORTNAME}
 .endif
 OSSEC_RC=		${PREFIX}/etc/rc.d/ossec-hids
 TEMPL_TO_OSSEC=		${SCRIPTDIR}/template-to-ossec.sh ${OSSEC_TYPE} ${OSSEC_HOME}
 TEMPL_TO_AGENT=		${SCRIPTDIR}/template-to-agent.sh ${OSSEC_TYPE} ${OSSEC_HOME}
 
 OSSEC_DIR=		${STAGEDIR}${OSSEC_HOME}
 BIN_DIR=		${OSSEC_DIR}/bin
 CONF_BIN_DIR=		${BIN_DIR}/config
 OSSEC_CONF_BIN=		${CONF_BIN_DIR}/ossec-conf
 AGENT_CONF_BIN=		${CONF_BIN_DIR}/agent-conf
 COMMAND_BIN_DIR=	${BIN_DIR}/command
 
 AR_BIN_DIR=		${OSSEC_DIR}/active-response/bin
 MERGE_CONFIG_BIN=	${AR_BIN_DIR}/merge-config.sh
 
 ETC_DIR=		${OSSEC_DIR}/etc
 OSSEC_CONF_DIR=		${ETC_DIR}/ossec.conf.d
 AGENT_CONF_DIR=		${ETC_DIR}/agent.conf.d
 OSSEC_LOCAL_CONF_DIR=	${OSSEC_CONF_DIR}/disabled
 AGENT_LOCAL_CONF_DIR=	${AGENT_CONF_DIR}/disabled
 OSSEC_SAMPLE_CONF=	${OSSEC_CONF_DIR}/900.local.conf.sample
 COMMAND_CONF_DIR=	${ETC_DIR}
 COMMAND_CONF=		${COMMAND_CONF_DIR}/command.conf.sample
 RULES_DIR=		${OSSEC_DIR}/rules
 
 .if empty(USER)
 USER=$$(${ID} -un)
 .endif
 .if empty(GROUP)
 GROUP=$$(${ID} -gn)
 .endif
 
 OSSEC_USER=	ossec
 OSSEC_GROUP=	ossec
 
 SUB_LIST+=	PORTNAME=${PORTNAME} \
 		OSSEC_TYPE=${OSSEC_TYPE} \
 		OSSEC_HOME=${OSSEC_HOME} \
 		VERSION=${PORTVERSION} \
 		USER=${USER} \
 		OSSEC_USER=${OSSEC_USER} \
 		OSSEC_GROUP=${OSSEC_GROUP} \
 		OSSEC_RC=${OSSEC_RC} \
 		FW_DROP=${FW_DROP}
 SUB_FILES=	pkg-install \
 		pkg-deinstall \
 		${PKGMSG_FILES} \
 		${TEMPL_ENABLED_HEADER} \
 		${TEMPL_DISABLED_HEADER} \
 		${TEMPL_SAMPLE_HEADER} \
 		${TEMPL_PUSHED_ENABLED_HEADER} \
 		${TEMPL_PUSHED_DISABLED_HEADER} \
 		${TEMPL_SAMPLE} \
 		merge-config.sh \
 		ossec-conf \
 		command.conf
 .if ${OSSEC_TYPE} == server
 SUB_FILES+=	agent-conf
 .endif
 
 .if defined(MAINTAINER_MODE)
 PLIST_SUB=	OSSEC_HOME=${PORTNAME}
 .else
 PLIST_SUB=	OSSEC_HOME=${OSSEC_HOME}
 .endif
 PLIST=		${PKGDIR}/pkg-plist-${OSSEC_TYPE}
 PKGHELP=	${PKGDIR}/pkg-help-${OSSEC_TYPE}
 PKGMESSAGE=	${WRKDIR}/pkg-message
 PKGMSG_FILES=	message-ossec-conf
 .if ${OSSEC_TYPE} == server
 PKGMSG_FILES+=	message-agent-conf
 .endif
 
 CONF_GROUPS=	RULES AR ROOTCHECK SYSCHECK CMDOUT LOGS
 
 ############################################################
 
 .for conf_group in ${CONF_GROUPS}
 . include "${MASTERDIR}/opt-${conf_group:tl}.mk"
 ${conf_group}_INSTANCE_OPTIONS=
 ${conf_group}_PUSHED_OPTIONS=
 . for option in ${${conf_group}_OPTIONS}
 .  if ${${option}_DEFINE:M${OSSEC_TYPE}}
 ${conf_group}_INSTANCE_OPTIONS+=		${option}
 ${conf_group}_ALL_OPTIONS+=			${option}
 .  endif
 .  if ${${option}_DEFINE:Mpushed}
 .   if ${OSSEC_TYPE} == server
 ${conf_group}_PUSHED_OPTIONS+=			${option}
 .   endif
 .   if !${${conf_group}_ALL_OPTIONS:M${option}}
 ${conf_group}_ALL_OPTIONS+=			${option}
 .   endif
 .  endif
 . endfor
 .endfor
 
 ############################################################
 
 CONFIG_PROFILES=
 .for conf_group in ${CONF_GROUPS}
 . if !empty(${conf_group}_PROFILE)
 .  if ${OSSEC_TYPE} == agent
 .   if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}}
 CONFIG_PROFILES+=	${${conf_group}_PROFILE}
 .   endif
 .  endif
 SUB_LIST+=		${conf_group}_PROFILE=${${conf_group}_PROFILE}
 . endif
 . for option in ${${conf_group}_ALL_OPTIONS}
 .  if !empty(${option}_PROFILE)
 .   if ${OSSEC_TYPE} == agent
 .    if !${CONFIG_PROFILES:M${${option}_PROFILE}}
 CONFIG_PROFILES+=	${${option}_PROFILE}
 .    endif
 .   endif
 SUB_LIST+=		${option}_PROFILE=${${option}_PROFILE}
 .  endif
 . endfor
 .endfor
 
 .for profile in ${CONFIG_PROFILES}
 . if empty(CONFIG_PROFILE_VALUE)
 CONFIG_PROFILE_VALUE:=	${profile}
 . else
 CONFIG_PROFILE_VALUE:=	${CONFIG_PROFILE_VALUE}, ${profile}
 . endif
 .endfor
 SUB_LIST+=		CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}"
 
 ############################################################
 
 .for conf_group in ${CONF_GROUPS}
 . for option in ${${conf_group}_ALL_OPTIONS}
 .  if !defined(${option}_TEMPLATE)
 ${option}_TEMPLATE=	template-${option:tl:S/_/-/g}.xml
 .  endif
 .  if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}}
 SUB_FILES+=		${${option}_TEMPLATE}
 .  endif
 . endfor
 .endfor
 
 .for file_name in ${RULES_FILES}
 SUB_FILES+=		rules-${file_name}.xml
 .endfor
 
 .for file_name in ${CMDOUT_SCRIPTS}
 SUB_FILES+=		command-${file_name}.sh
 .endfor
 
 ############################################################
 
 .for conf_group in ${CONF_GROUPS}
 . for option in ${${conf_group}_INSTANCE_OPTIONS}
 .  if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
 ${${${option}_DEPENDS}_OPTION}_VARS+=		${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
 ${${${option}_DEPENDS}_OPTION}_VARS_OFF+=	${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
 .  elif !empty(${option}_OPTION)
 OPTIONS_GROUP_G_${conf_group}+=			${${option}_OPTION}
 ${${option}_OPTION}_DESC=			${${option}_DESC}
 .   if ${${option}_DEFAULT:M${OSSEC_TYPE}}
 OPTIONS_DEFAULT+=				${${option}_OPTION}
 .   endif
 ${${option}_OPTION}_VARS+=			${conf_group}_INSTANCE_OPTIONS_ENABLED+=${option}
 ${${option}_OPTION}_VARS_OFF+=			${conf_group}_INSTANCE_OPTIONS_DISABLED+=${option}
 .  endif
 . endfor
 . if !empty(OPTIONS_GROUP_G_${conf_group})
 OPTIONS_GROUP+=			G_${conf_group}
 G_${conf_group}_DESC=		${${conf_group}_DESC}
 . endif
 .endfor
 
 ############################################################
 
 .for conf_group in ${CONF_GROUPS}
 . for option in ${${conf_group}_PUSHED_OPTIONS}
 .  if !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_PUSHED_OPTIONS:M${${option}_DEPENDS}}
 ${${${option}_DEPENDS}_OPTION}_P_VARS+=		${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
 ${${${option}_DEPENDS}_OPTION}_P_VARS_OFF+=	${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
 .  elif !empty(${option}_DEPENDS) && !empty(${${option}_DEPENDS}_OPTION) && ${${${option}_DEPENDS:S/_/ /:[1]}_INSTANCE_OPTIONS:M${${option}_DEPENDS}}
 ${${${option}_DEPENDS}_OPTION}_VARS+=		${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
 ${${${option}_DEPENDS}_OPTION}_VARS_OFF+=	${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
 .  elif !empty(${option}_OPTION)
 OPTIONS_GROUP_G_${conf_group}_P+=		${${option}_OPTION}_P
 ${${option}_OPTION}_P_DESC=			${${option}_DESC}
 .   if !empty(${option}_PROFILE)
 ${${option}_OPTION}_P_DESC+=			(profile: ${${option}_PROFILE})
 .   endif
 .   if ${${option}_DEFAULT:Mpushed}
 OPTIONS_DEFAULT+=				${${option}_OPTION}_P
 .   endif
 ${${option}_OPTION}_P_VARS+=			${conf_group}_PUSHED_OPTIONS_ENABLED+=${option}
 ${${option}_OPTION}_P_VARS_OFF+=		${conf_group}_PUSHED_OPTIONS_DISABLED+=${option}
 .  endif
 . endfor
 . if !empty(OPTIONS_GROUP_G_${conf_group}_P)
 OPTIONS_GROUP+=			G_${conf_group}_P
 G_${conf_group}_P_DESC=		Pushed ${${conf_group}_DESC}
 .  if !empty(${conf_group}_PROFILE)
 G_${conf_group}_P_DESC+=	(profile: ${${conf_group}_PROFILE})
 .  endif
 . endif
 .endfor
 
 ############################################################
 
 .include <bsd.port.pre.mk>
 
 show-opts:
 .for conf_group in ${CONF_GROUPS}
 	@${ECHO_CMD} "${conf_group}: ${${conf_group}_DESC}"
 . for option in ${${conf_group}_INSTANCE_OPTIONS}
 	@${ECHO_CMD} "  ${option}: ${${option}_DESC}"
 .  if empty(${option}_TEMPLATE)
 	@${ECHO_CMD} "    Template: -"
 .  else
 	@${ECHO_CMD} "    Template: ${${option}_TEMPLATE}"
 .  endif
 .  if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED) && ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
 	@${ECHO_CMD} "    Enabled:  true"
 .  endif
 .  if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED) && ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
 	@${ECHO_CMD} "    Enabled:  false"
 .  endif
 .  if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED) && ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
 	@${ECHO_CMD} "    Pushed:   true"
 .  endif
 .  if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED) && ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
 	@${ECHO_CMD} "    Pushed:   false"
 .  endif
 . endfor
 .endfor
 
 pre-install:
 	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'PostgreSQL' && \
 		${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|postgresql|g' \
 		${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
 	@-${OSSEC_HOME}/bin/ossec-dbd -h 2>&1 | ${GREP} -q 'MySQL' && \
 		${SED} -e 's|%%OSSEC_HOME%%|${OSSEC_HOME}|g' -e 's|%%DB_TYPE%%|mysql|g' \
 		${FILESDIR}/${TEMPL_SAMPLE_DB}.in > ${WRKDIR}/${TEMPL_SAMPLE_DB}
 
 ossec-dirs:
 	@${MKDIR} ${CONF_BIN_DIR} ${COMMAND_BIN_DIR} ${AR_BIN_DIR} ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} ${COMMAND_CONF_DIR}
 .if ${OSSEC_TYPE} != agent
 	@${MKDIR} ${RULES_DIR}
 .endif
 .if ${OSSEC_TYPE} == server
 	@${MKDIR} ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR}
 .endif
 
 ossec-scripts:
 	@${CP} ${WRKDIR}/ossec-conf ${OSSEC_CONF_BIN}
 .if ${OSSEC_TYPE} == server
 	@${CP} ${WRKDIR}/agent-conf ${AGENT_CONF_BIN}
 .endif
 .for file_name in ${CMDOUT_SCRIPTS}
 	@${CP} ${WRKDIR}/command-${file_name}.sh ${COMMAND_BIN_DIR}/${file_name}.sh
 .endfor
 	@${CP} ${WRKDIR}/command.conf ${COMMAND_CONF}
 	@${CP} ${WRKDIR}/merge-config.sh ${MERGE_CONFIG_BIN}
 
 ossec-rules:
 .if ${OSSEC_TYPE} != agent
 . for file_name in ${RULES_FILES}
 	@${SED} -e 's|<?xml.*?>||' ${WRKDIR}/rules-${file_name}.xml > ${RULES_DIR}/freebsd_${file_name}_rules.xml
 . endfor
 .endif
 
 ossec-conf-managed:
 .for conf_group in ${CONF_GROUPS}
 . if !empty(${conf_group}_INSTANCE_OPTIONS)
 	@${CAT} ${WRKDIR}/${TEMPL_ENABLED_HEADER} > ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 .  if !empty(${conf_group}_INSTANCE_OPTIONS_ENABLED)
 .   for option in ${${conf_group}_INSTANCE_OPTIONS}
 .    if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}}
 .     if !empty(${option}_TEMPLATE)
 	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 	@${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 	@${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 .     endif
 .    endif
 .   endfor
 .  endif
 . endif
 .endfor
 
 ossec-conf-local:
 .for conf_group in ${CONF_GROUPS}
 . if !empty(${conf_group}_INSTANCE_OPTIONS)
 	@${CAT} ${WRKDIR}/${TEMPL_DISABLED_HEADER} > ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 .  if !empty(${conf_group}_INSTANCE_OPTIONS_DISABLED)
 .   for option in ${${conf_group}_INSTANCE_OPTIONS}
 .    if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}}
 .     if !empty(${option}_TEMPLATE)
 	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 	@${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 	@${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 .     endif
 .    endif
 .   endfor
 .  endif
 . endif
 .endfor
 
 ossec-conf-sample:
 	@${CAT} ${WRKDIR}/${TEMPL_SAMPLE_HEADER} > ${OSSEC_SAMPLE_CONF}
 	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
 	@${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE} >> ${OSSEC_SAMPLE_CONF}
 	@${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
 	@-${TEST} -f ${WRKDIR}/${TEMPL_SAMPLE_DB} && \
 		${SH} ${TEMPL_TO_OSSEC} ${WRKDIR}/${TEMPL_SAMPLE_DB} >> ${OSSEC_SAMPLE_CONF} && \
 		${ECHO_CMD} >> ${OSSEC_SAMPLE_CONF}
 
 agent-conf-managed:
 .for conf_group in ${CONF_GROUPS}
 . if !empty(${conf_group}_PUSHED_OPTIONS)
 	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_ENABLED_HEADER} > ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 .  if !empty(${conf_group}_PUSHED_OPTIONS_ENABLED)
 .   for option in ${${conf_group}_PUSHED_OPTIONS}
 .    if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}}
 .     if !empty(${option}_TEMPLATE)
 	@${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 	@${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 	@${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF}
 .     endif
 .    endif
 .   endfor
 .  endif
 . endif
 .endfor
 
 agent-conf-local:
 .for conf_group in ${CONF_GROUPS}
 . if !empty(${conf_group}_PUSHED_OPTIONS)
 	@${CAT} ${WRKDIR}/${TEMPL_PUSHED_DISABLED_HEADER} > ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 .  if !empty(${conf_group}_PUSHED_OPTIONS_DISABLED)
 .   for option in ${${conf_group}_PUSHED_OPTIONS}
 .    if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}}
 .     if !empty(${option}_TEMPLATE)
 	@${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 	@${SH} ${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 	@${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF}
 .     endif
 .    endif
 .   endfor
 .  endif
 . endif
 .endfor
 
 do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local
 
 ossec-permissions:
 .if defined(MAINTAINER_MODE)
 	@${CHMOD} -R 550 ${OSSEC_DIR}
 	@${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_LOCAL_CONF_DIR}/* ${OSSEC_CONF_DIR}/*
 	@${CHMOD} 550 ${OSSEC_LOCAL_CONF_DIR} ${OSSEC_CONF_DIR}
 . if ${OSSEC_TYPE} != agent
 	@${CHMOD} 640 ${RULES_DIR}/*
 . endif
 . if ${OSSEC_TYPE} == server
 	@${CHMOD} 640 ${AGENT_LOCAL_CONF_DIR}/* ${AGENT_CONF_DIR}/*
 	@${CHMOD} 550 ${AGENT_LOCAL_CONF_DIR} ${AGENT_CONF_DIR}
 . endif
 	@${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR}
 	@${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR}
 .endif
 
 post-install: ossec-permissions
 	@${ECHO_CMD} -n > ${PKGMESSAGE}
 .for file_name in ${PKGMSG_FILES}
 	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
 	@${ECHO_CMD} >> ${PKGMESSAGE}
 .endfor
 
 .if defined(MAINTAINER_MODE)
 plist: makeplist
 	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
 
 rules: extract
 	@${SH} ${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC}
 .endif
 
 .include <bsd.port.post.mk>
diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in
index 2ae7bc2fcf7d..2f9502c4d2e2 100644
--- a/security/ossec-hids-local-config/files/template-rules-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in
@@ -1,93 +1,94 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <template_config>
 
   <rules>
     <include>rules_config.xml</include>
     <include>ossec_rules.xml</include>
     <include>syslog_rules.xml</include>
     <include>sendmail_rules.xml</include>
     <include>postfix_rules.xml</include>
     <include>spamd_rules.xml</include>
     <include>imapd_rules.xml</include>
     <include>mailscanner_rules.xml</include>
     <include>ms-exchange_rules.xml</include>
     <include>courier_rules.xml</include>
     <include>firewall_rules.xml</include>
     <include>pix_rules.xml</include>
     <include>netscreenfw_rules.xml</include>
     <include>cisco-ios_rules.xml</include>
     <include>sonicwall_rules.xml</include>
     <include>pam_rules.xml</include>
     <include>telnetd_rules.xml</include>
     <include>sshd_rules.xml</include>
     <include>solaris_bsm_rules.xml</include>
     <include>asterisk_rules.xml</include>
     <include>ms_dhcp_rules.xml</include>
     <include>arpwatch_rules.xml</include>
     <include>symantec-av_rules.xml</include>
     <include>symantec-ws_rules.xml</include>
     <include>trend-osce_rules.xml</include>
     <include>hordeimp_rules.xml</include>
     <include>roundcube_rules.xml</include>
     <include>wordpress_rules.xml</include>
     <include>cimserver_rules.xml</include>
     <include>dovecot_rules.xml</include>
     <include>vmpop3d_rules.xml</include>
     <include>vpopmail_rules.xml</include>
     <include>ftpd_rules.xml</include>
     <include>proftpd_rules.xml</include>
     <include>pure-ftpd_rules.xml</include>
     <include>vsftpd_rules.xml</include>
     <include>ms_ftpd_rules.xml</include>
     <include>named_rules.xml</include>
     <include>exim_rules.xml</include>
     <include>smbd_rules.xml</include>
     <include>racoon_rules.xml</include>
     <include>vpn_concentrator_rules.xml</include>
     <include>msauth_rules.xml</include>
     <include>mcafee_av_rules.xml</include>
     <include>ms-se_rules.xml</include>
     <include>sysmon_rules.xml</include>
     <include>ms_ipsec_rules.xml</include>
     <include>vmware_rules.xml</include>
     <include>ids_rules.xml</include>
     <include>ms_powershell_rules.xml</include>
     <include>last_rootlogin_rules.xml</include>
     <include>apache_rules.xml</include>
     <include>web_rules.xml</include>
     <include>topleveldomain_rules.xml</include>
     <include>zeus_rules.xml</include>
     <include>nginx_rules.xml</include>
     <include>php_rules.xml</include>
     <include>web_appsec_rules.xml</include>
     <include>squid_rules.xml</include>
     <include>attack_rules.xml</include>
     <include>systemd_rules.xml</include>
     <include>firewalld_rules.xml</include>
     <include>mysql_rules.xml</include>
     <include>postgresql_rules.xml</include>
     <include>dropbear_rules.xml</include>
     <include>openbsd_rules.xml</include>
     <include>apparmor_rules.xml</include>
     <include>clam_av_rules.xml</include>
     <include>openbsd-dhcpd_rules.xml</include>
     <include>nsd_rules.xml</include>
     <include>owncloud_rules.xml</include>
     <include>proxmox-ve_rules.xml</include>
     <include>opensmtpd_rules.xml</include>
     <include>dnsmasq_rules.xml</include>
     <include>linux_usbdetect_rules.xml</include>
     <include>ms1016_usbdetect_rules.xml</include>
     <include>ms_firewall_rules.xml</include>
     <include>psad_rules.xml</include>
     <include>unbound_rules.xml</include>
     <include>kesl_rules.xml</include>
     <include>mhn_dionaea_rules.xml</include>
     <include>mhn_cowrie_rules.xml</include>
+    <include>lighttpd_rules.xml</include>
     <include>local_rules.xml</include>
 
     <!-- Files not included by default -->
     <!--<include>policy_rules.xml</include>-->
   </rules>
 
 </template_config>
diff --git a/security/ossec-hids-local/Makefile b/security/ossec-hids-local/Makefile
index 0ba703988e48..3b5dc1725ec4 100644
--- a/security/ossec-hids-local/Makefile
+++ b/security/ossec-hids-local/Makefile
@@ -1,264 +1,265 @@
 PKGNAMESUFFIX?=	-${OSSEC_TYPE}
 COMMENT?=	Security tool to monitor and check logs and intrusions - local (standalone) installation
 OSSEC_TYPE?=	local
 
 .include "${.CURDIR}/../ossec-hids/version.mk"
 
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BROKEN_aarch64=		fails to compile: rootcheck/os_string.c:186:20: use of undeclared identifier '__LDPGSZ'
 BROKEN_riscv64=		fails to compile: rootcheck/os_string.c:186:20: use of undeclared identifier '__LDPGSZ'
 
 USES=		compiler gmake ssl
 
 .if ${OSSEC_TYPE} == local
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-agent \
 			ossec-hids-server
 .elif ${OSSEC_TYPE} == agent
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-local \
 			ossec-hids-server
 .elif ${OSSEC_TYPE} == server
 CONFLICTS_INSTALL=	ossec-hids-client \
 			ossec-hids-agent \
 			ossec-hids-local
 .endif
 
 LIB_DEPENDS=	libpcre2-8.so:devel/pcre2 libevent.so:devel/libevent
 .if ${OSSEC_TYPE} != agent
 RUN_DEPENDS=	expect:lang/expect
 .endif
 
 INOTIFY_LIB_DEPENDS=	libinotify.so:devel/libinotify
 PRELUDE_LIB_DEPENDS=	libprelude.so:security/libprelude
 ZEROMQ_LIB_DEPENDS=	libczmq.so:net/czmq
 
 INOTIFY_USES=	pkgconfig
 LUA_USES=	readline
 MYSQL_USE=	mysql
 PGSQL_USES=	pgsql
 
 USE_GITHUB=	yes
 GH_ACCOUNT=	ossec
 
 USE_RC_SUBR=	ossec-hids
 
 USES+=		shebangfix
 SHEBANG_FILES=	active-response/ossec-pagerduty.sh
 
 .if ${OSSEC_TYPE} != agent
 SHEBANG_LANG=	expect
 expect_OLD_CMD=	"/usr/bin/env expect"
 expect_CMD=	${LOCALBASE}/bin/expect
 SHEBANG_FILES+=	src/agentlessd/scripts/main.exp \
 		src/agentlessd/scripts/ssh.exp \
 		src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
 		src/agentlessd/scripts/ssh_foundry_diff \
 		src/agentlessd/scripts/ssh_generic_diff \
 		src/agentlessd/scripts/ssh_integrity_check_bsd \
 		src/agentlessd/scripts/ssh_integrity_check_linux \
 		src/agentlessd/scripts/ssh_nopass.exp \
 		src/agentlessd/scripts/ssh_pixconfig_diff \
 		src/agentlessd/scripts/sshlogin.exp \
 		src/agentlessd/scripts/su.exp
 .endif
 
 OPTIONS_SUB=			yes
 OPTIONS_DEFINE=			DOCS INOTIFY LUA
 
 .if ${OSSEC_TYPE} != agent
 OPTIONS_DEFINE+=		PRELUDE ZEROMQ
 
 OPTIONS_RADIO=			DATABASE
 OPTIONS_RADIO_DATABASE=		MYSQL PGSQL
 .endif
 
 OPTIONS_DEFAULT=		INOTIFY
 
 INOTIFY_DESC=		Kevent based real time monitoring
 PRELUDE_DESC=		Sensor support from Prelude SIEM
 ZEROMQ_DESC=		ZeroMQ support (experimental)
 DATABASE_DESC=		Database output
 
 INOTIFY_VARS=	OSSEC_ARGS+=USE_INOTIFY=yes
 LUA_VARS=	OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac
 PRELUDE_VARS=	OSSEC_ARGS+=USE_PRELUDE=yes
 ZEROMQ_VARS=	OSSEC_ARGS+=USE_ZEROMQ=yes
 MYSQL_VARS=	OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
 PGSQL_VARS=	OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema
 
 .if ${OSSEC_TYPE} == agent
 STRIP_FILES=	agent-auth \
 		manage_agents \
 		ossec-agentd \
 		ossec-execd \
 		ossec-logcollector \
 		ossec-syscheckd
 .else
 STRIP_FILES=	agent_control \
 		clear_stats \
 		list_agents \
 		manage_agents \
 		ossec-agentlessd \
 		ossec-analysisd \
 		ossec-authd \
 		ossec-csyslogd \
 		ossec-dbd \
 		ossec-execd \
 		ossec-logcollector \
 		ossec-logtest \
 		ossec-maild \
 		ossec-makelists \
 		ossec-monitord \
 		ossec-regex \
 		ossec-remoted \
 		ossec-reportd \
 		ossec-syscheckd \
 		rootcheck_control \
 		syscheck_control \
 		syscheck_update \
 		verify-agent-conf
 .endif
 .if defined(MAINTAINER_MODE)
 OSSEC_HOME=		${PREFIX}/${PORTNAME}
 .else
 OSSEC_HOME?=		${PREFIX}/${PORTNAME}
 .endif
 OSSEC_RC=		${PREFIX}/etc/rc.d/ossec-hids
 FIREWALL_DROP_BIN=	${OSSEC_HOME}/active-response/bin/firewall-drop.sh
 IPFILTER_BIN=		${OSSEC_HOME}/active-response/bin/ipfilter.sh
 RESTART_OSSEC_BIN=	${OSSEC_HOME}/active-response/bin/restart-ossec.sh
 SHARED_DIR=		${OSSEC_HOME}/etc/shared
 
 SAMPLE_FILES=		${OSSEC_HOME}/etc/local_internal_options.conf \
 			${OSSEC_HOME}/active-response/bin/cloudflare-ban.sh \
+			${OSSEC_HOME}/active-response/bin/ossec-aws-waf.sh \
 			${OSSEC_HOME}/active-response/bin/ossec-pagerduty.sh \
 			${OSSEC_HOME}/active-response/bin/ossec-slack.sh \
 			${OSSEC_HOME}/active-response/bin/ossec-tweeter.sh
 
 .if empty(USER)
 USER=$$(${ID} -un)
 .endif
 .if empty(GROUP)
 GROUP=$$(${ID} -gn)
 .endif
 
 .if !defined(MAINTAINER_MODE)
 USER_ARGS+=	OSSEC_GROUP=${GROUP} \
 		OSSEC_USER=${USER} \
 		OSSEC_USER_MAIL=${USER} \
 		OSSEC_USER_REM=${USER}
 .endif
 OSSEC_USER=	ossec
 OSSEC_GROUP=	ossec
 USERS=		${OSSEC_USER} ossecm ossecr
 GROUPS=		${OSSEC_GROUP}
 
 SUB_LIST+=	PORTNAME=${PORTNAME} \
 		CATEGORY=${CATEGORIES:[1]} \
 		OSSEC_TYPE=${OSSEC_TYPE} \
 		OSSEC_HOME=${OSSEC_HOME} \
 		VERSION=${PORTVERSION} \
 		DB_TYPE=${DB_TYPE} \
 		DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
 		OSSEC_USER=${OSSEC_USER} \
 		OSSEC_GROUP=${OSSEC_GROUP} \
 		OSSEC_RC=${OSSEC_RC}
 SUB_FILES=	pkg-install \
 		pkg-deinstall \
 		${PKGMSG_FILES} \
 		restart-ossec.sh
 
 .if defined(MAINTAINER_MODE)
 PLIST_SUB=	OSSEC_HOME=${PORTNAME}
 .else
 PLIST_SUB=	OSSEC_HOME=${OSSEC_HOME}
 .endif
 PLIST=		${PKGDIR}/pkg-plist-${OSSEC_TYPE}
 DOCSFILES=	BUGS CHANGELOG.md CONTRIBUTORS LICENSE README.md SUPPORT.md
 PKGHELP=	${PKGDIR}/pkg-help-${OSSEC_TYPE}
 PKGMESSAGE=	${WRKDIR}/pkg-message
 PKGMSG_FILES=	message-header
 
 PKG_CONFIG=	${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//}
 CFLAGS+=	-I${LOCALBASE}/include
 INOTIFY_CFLAGS=	$$(${PKG_CONFIG} --cflags libinotify)
 INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify)
 
 OSSEC_ARGS+=	TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no
 .if defined(OSSEC_MAX_AGENTS)
 OSSEC_ARGS+=	MAXAGENTS=${OSSEC_MAX_AGENTS}
 .endif
 .if !defined(MAINTAINER_MODE)
 OSSEC_ARGS+=	INSTALL_CMD=install
 .endif
 BUILD_ARGS+=	${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
 INSTALL_ARGS+=	${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}
 
 .include <bsd.port.pre.mk>
 
 PKGMSG_FILES+=	message-firewall message-config
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
 		-e 's|-lreadline|& ${LDFLAGS}|' \
 		${WRKSRC}/src/external/lua/src/Makefile
 .if ${CHOSEN_COMPILER_TYPE} == gcc
 	@${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile
 .endif
 
 do-build:
 	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build
 
 do-install:
 	@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install
 
 post-install:
 .for file_path in ${SAMPLE_FILES}
 	@${MV} -f ${STAGEDIR}${file_path} ${STAGEDIR}${file_path}.sample
 .endfor
 	@${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN}
 	@${CP} ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN}
 	@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
 .if defined(MAINTAINER_MODE)
 	@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
 .else
 	@${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR}
 .endif
 
 .if ${OSSEC_TYPE} == agent
 . if defined(MAINTAINER_MODE)
 	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
 . else
 	@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
 . endif
 .endif
 	@${ECHO_CMD} -n > ${PKGMESSAGE}
 .for file_name in ${PKGMSG_FILES}
 	@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
 	@${ECHO_CMD} >> ${PKGMESSAGE}
 .endfor
 .for file_name in ${STRIP_FILES}
 	@${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name}
 .endfor
 
 .if defined(MAINTAINER_MODE)
 plist: makeplist
 	@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
 .endif
 
 post-install-DOCS-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
 	@cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample
 
 post-install-MYSQL-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
 
 post-install-PGSQL-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
 
 .include <bsd.port.post.mk>
diff --git a/security/ossec-hids-local/distinfo b/security/ossec-hids-local/distinfo
index 90baa6551143..279c79e85dd1 100644
--- a/security/ossec-hids-local/distinfo
+++ b/security/ossec-hids-local/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1581720780
-SHA256 (ossec-ossec-hids-3.6.0_GH0.tar.gz) = 653828a19137b8a7e98af65e873318f7bb48137fe1e61b80577e13c316e04708
-SIZE (ossec-ossec-hids-3.6.0_GH0.tar.gz) = 1921753
+TIMESTAMP = 1656551293
+SHA256 (ossec-ossec-hids-3.7.0_GH0.tar.gz) = 23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9
+SIZE (ossec-ossec-hids-3.7.0_GH0.tar.gz) = 2518737
diff --git a/security/ossec-hids-local/pkg-plist-agent b/security/ossec-hids-local/pkg-plist-agent
index 6bef7a70cfcb..f9ecca72cc98 100644
--- a/security/ossec-hids-local/pkg-plist-agent
+++ b/security/ossec-hids-local/pkg-plist-agent
@@ -1,82 +1,84 @@
 @dir(,ossec,0550) %%OSSEC_HOME%%
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/nftables-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
+@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-aws-waf.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
 @dir(,,0550) %%OSSEC_HOME%%/bin
 @(,,0550) %%OSSEC_HOME%%/bin/agent-auth
 @(,,0550) %%OSSEC_HOME%%/bin/manage_agents
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-control
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
 @(,,0550) %%OSSEC_HOME%%/bin/util.sh
 @dir(,ossec,0550) %%OSSEC_HOME%%/etc
 @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
 @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
 @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
 @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
 @dir(,ossec,0550) %%OSSEC_HOME%%/queue
 @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
 @dir(,ossec,1550) %%OSSEC_HOME%%/tmp
 @dir(,ossec,0550) %%OSSEC_HOME%%/var
 @dir(,ossec,0770) %%OSSEC_HOME%%/var/run
 %%PORTDOCS%%%%DOCSDIR%%/BUGS
 %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md
 %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE
 %%PORTDOCS%%%%DOCSDIR%%/README.md
 %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
 %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
diff --git a/security/ossec-hids-local/pkg-plist-local b/security/ossec-hids-local/pkg-plist-local
index eb687d3670db..630a2d4aaa57 100644
--- a/security/ossec-hids-local/pkg-plist-local
+++ b/security/ossec-hids-local/pkg-plist-local
@@ -1,209 +1,212 @@
 @dir(,ossec,0550) %%OSSEC_HOME%%
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/nftables-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
+@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-aws-waf.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
 @dir(,ossec,0550) %%OSSEC_HOME%%/agentless
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
 @dir(,,0550) %%OSSEC_HOME%%/bin
 @(,,0550) %%OSSEC_HOME%%/bin/agent_control
 @(,,0550) %%OSSEC_HOME%%/bin/clear_stats
 @(,,0550) %%OSSEC_HOME%%/bin/list_agents
 @(,,0550) %%OSSEC_HOME%%/bin/manage_agents
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-control
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
 @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
 @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
 @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
 @(,,0550) %%OSSEC_HOME%%/bin/util.sh
 @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
 @dir(,ossec,0550) %%OSSEC_HOME%%/etc
 @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
 @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
 @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
 @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
 @dir(,ossec,0550) %%OSSEC_HOME%%/rules
 @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/lighttpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
 @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
 @dir(,ossec,0550) %%OSSEC_HOME%%/queue
 @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
 @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
 @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
 @dir(,ossec,1550) %%OSSEC_HOME%%/tmp
 @dir(,ossec,0550) %%OSSEC_HOME%%/var
 @dir(,ossec,0770) %%OSSEC_HOME%%/var/run
 %%PORTDOCS%%%%DOCSDIR%%/BUGS
 %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md
 %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE
 %%PORTDOCS%%%%DOCSDIR%%/README.md
 %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
 %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
 %%MYSQL%%%%DOCSDIR%%/mysql.schema
 %%PGSQL%%%%DOCSDIR%%/postgresql.schema
diff --git a/security/ossec-hids-local/pkg-plist-server b/security/ossec-hids-local/pkg-plist-server
index eb687d3670db..630a2d4aaa57 100644
--- a/security/ossec-hids-local/pkg-plist-server
+++ b/security/ossec-hids-local/pkg-plist-server
@@ -1,209 +1,212 @@
 @dir(,ossec,0550) %%OSSEC_HOME%%
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response
 @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/nftables-drop.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh
+@sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-aws-waf.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample
 @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh
 @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh
 @dir(,ossec,0550) %%OSSEC_HOME%%/agentless
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp
 @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp
 @dir(,,0550) %%OSSEC_HOME%%/bin
 @(,,0550) %%OSSEC_HOME%%/bin/agent_control
 @(,,0550) %%OSSEC_HOME%%/bin/clear_stats
 @(,,0550) %%OSSEC_HOME%%/bin/list_agents
 @(,,0550) %%OSSEC_HOME%%/bin/manage_agents
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-control
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd
 @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd
 @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control
 @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control
 @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update
 @(,,0550) %%OSSEC_HOME%%/bin/util.sh
 @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf
 @dir(,ossec,0550) %%OSSEC_HOME%%/etc
 @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml
 @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf
 @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample
 @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt
 @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs
 @dir(,ossec,0550) %%OSSEC_HOME%%/rules
 @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/lighttpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml
 @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall
 @dir(,ossec,0550) %%OSSEC_HOME%%/queue
 @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless
 @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec
 @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck
 @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats
 @dir(,ossec,1550) %%OSSEC_HOME%%/tmp
 @dir(,ossec,0550) %%OSSEC_HOME%%/var
 @dir(,ossec,0770) %%OSSEC_HOME%%/var/run
 %%PORTDOCS%%%%DOCSDIR%%/BUGS
 %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md
 %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS
 %%PORTDOCS%%%%DOCSDIR%%/LICENSE
 %%PORTDOCS%%%%DOCSDIR%%/README.md
 %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md
 %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac
 %%MYSQL%%%%DOCSDIR%%/mysql.schema
 %%PGSQL%%%%DOCSDIR%%/postgresql.schema
diff --git a/security/ossec-hids-local/scripts/plist.conf b/security/ossec-hids-local/scripts/plist.conf
index c32d04dfab39..7095978eedcd 100644
--- a/security/ossec-hids-local/scripts/plist.conf
+++ b/security/ossec-hids-local/scripts/plist.conf
@@ -1,34 +1,35 @@
 #!/bin/sh
 
 fixed_lines="
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua
 %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac"
 if [ "${OSSEC_TYPE}" != "agent" ]; then
     fixed_lines="${fixed_lines}
 %%MYSQL%%%%DOCSDIR%%/mysql.schema
 %%PGSQL%%%%DOCSDIR%%/postgresql.schema"
 fi
 
 skip_lines="
 %%PORTDOCS%%%%DOCSDIR%%/mysql.schema
 %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema"
 
 skip_paths="
 /etc/ossec.conf
 /etc/client.keys
 /logs/active-responses.log
 /logs/ossec.log
 /lua"
 if [ "${OSSEC_TYPE}" = "agent" ]; then
     skip_paths="${skip_paths}
 /rules
 /agentless
 /.ssh"
 fi
 
 sample_paths="
 /etc/local_internal_options.conf.sample
 /active-response/bin/cloudflare-ban.sh.sample
+/active-response/bin/ossec-aws-waf.sh.sample
 /active-response/bin/ossec-pagerduty.sh.sample
 /active-response/bin/ossec-slack.sh.sample
 /active-response/bin/ossec-tweeter.sh.sample"
diff --git a/security/ossec-hids/version.mk b/security/ossec-hids/version.mk
index 5d3591f15228..305273a7a832 100644
--- a/security/ossec-hids/version.mk
+++ b/security/ossec-hids/version.mk
@@ -1,9 +1,8 @@
 PORTNAME=	ossec-hids
-PORTVERSION=	3.6.0
-PORTREVISION?=	1
+PORTVERSION=	3.7.0
 CATEGORIES=	security
 
 MAINTAINER=	dominik.lisiak@bemsoft.pl
 COMMENT?=	Security tool to monitor and check logs and intrusions
 
 LICENSE=	GPLv2