diff --git a/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in b/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in
index f8f8ad802310..f0b845a14649 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in
@@ -1,16 +1,16 @@
- /var/db/postgres
+ /var/db/postgres
- /var/lib/postgresql
+ /var/lib/postgresql
diff --git a/security/ossec-hids-local/Makefile b/security/ossec-hids-local/Makefile
index de07d873f3d4..2550813a7cd4 100644
--- a/security/ossec-hids-local/Makefile
+++ b/security/ossec-hids-local/Makefile
@@ -1,271 +1,270 @@
-PORTREVISION?= 1
PKGNAMESUFFIX?= -${OSSEC_TYPE}
COMMENT?= Security tool to monitor and check logs and intrusions - local (standalone) installation
WWW= https://ossec.github.io
OSSEC_TYPE?= local
.include "${.CURDIR}/../ossec-hids/version.mk"
LICENSE_FILE= ${WRKSRC}/LICENSE
BROKEN_aarch64= fails to compile: rootcheck/os_string.c:186:20: use of undeclared identifier '__LDPGSZ'
BROKEN_riscv64= fails to compile: rootcheck/os_string.c:186:20: use of undeclared identifier '__LDPGSZ'
USES= compiler gmake ssl
.if ${OSSEC_TYPE} == local
CONFLICTS_INSTALL= ossec-hids-client \
ossec-hids-agent \
ossec-hids-server
.elif ${OSSEC_TYPE} == agent
CONFLICTS_INSTALL= ossec-hids-client \
ossec-hids-local \
ossec-hids-server
.elif ${OSSEC_TYPE} == server
CONFLICTS_INSTALL= ossec-hids-client \
ossec-hids-agent \
ossec-hids-local
.endif
LIB_DEPENDS= libpcre2-8.so:devel/pcre2 libevent.so:devel/libevent
.if ${OSSEC_TYPE} != agent
RUN_DEPENDS= expect:lang/expect
.endif
INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify
PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude
ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq
INOTIFY_USES= pkgconfig
LUA_USES= readline
MYSQL_USE= mysql
PGSQL_USES= pgsql
USE_GITHUB= yes
GH_ACCOUNT= ossec
USE_RC_SUBR= ossec-hids
USES+= shebangfix
SHEBANG_FILES= active-response/ossec-pagerduty.sh
.if ${OSSEC_TYPE} != agent
SHEBANG_LANG= expect
expect_OLD_CMD= "/usr/bin/env expect"
expect_CMD= ${LOCALBASE}/bin/expect
SHEBANG_FILES+= src/agentlessd/scripts/main.exp \
src/agentlessd/scripts/ssh.exp \
src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \
src/agentlessd/scripts/ssh_foundry_diff \
src/agentlessd/scripts/ssh_generic_diff \
src/agentlessd/scripts/ssh_integrity_check_bsd \
src/agentlessd/scripts/ssh_integrity_check_linux \
src/agentlessd/scripts/ssh_nopass.exp \
src/agentlessd/scripts/ssh_pixconfig_diff \
src/agentlessd/scripts/sshlogin.exp \
src/agentlessd/scripts/su.exp
.endif
OPTIONS_SUB= yes
OPTIONS_DEFINE= DOCS INOTIFY LUA
.if ${OSSEC_TYPE} != agent
OPTIONS_DEFINE+= PRELUDE ZEROMQ
OPTIONS_RADIO= DATABASE
OPTIONS_RADIO_DATABASE= MYSQL PGSQL
.endif
OPTIONS_DEFAULT= INOTIFY
INOTIFY_DESC= Kevent based real time monitoring
PRELUDE_DESC= Sensor support from Prelude SIEM
ZEROMQ_DESC= ZeroMQ support (experimental)
DATABASE_DESC= Database output
INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes
LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac
PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes
ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes
MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema
PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema
.if ${OSSEC_TYPE} == agent
STRIP_FILES= agent-auth \
manage_agents \
ossec-agentd \
ossec-execd \
ossec-logcollector \
ossec-syscheckd
.else
STRIP_FILES= agent_control \
clear_stats \
list_agents \
manage_agents \
ossec-agentlessd \
ossec-analysisd \
ossec-authd \
ossec-csyslogd \
ossec-dbd \
ossec-execd \
ossec-logcollector \
ossec-logtest \
ossec-maild \
ossec-makelists \
ossec-monitord \
ossec-regex \
ossec-remoted \
ossec-reportd \
ossec-syscheckd \
rootcheck_control \
syscheck_control \
syscheck_update \
verify-agent-conf
.endif
.if defined(MAINTAINER_MODE)
OSSEC_HOME= ${PREFIX}/${PORTNAME}
.else
OSSEC_HOME?= ${PREFIX}/${PORTNAME}
.endif
OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids
FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh
IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh
RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh
SHARED_DIR= ${OSSEC_HOME}/etc/shared
SAMPLE_FILES= ${OSSEC_HOME}/etc/local_internal_options.conf \
${OSSEC_HOME}/active-response/bin/cloudflare-ban.sh \
${OSSEC_HOME}/active-response/bin/ossec-aws-waf.sh \
${OSSEC_HOME}/active-response/bin/ossec-pagerduty.sh \
${OSSEC_HOME}/active-response/bin/ossec-slack.sh \
${OSSEC_HOME}/active-response/bin/ossec-tweeter.sh
.if ${OSSEC_TYPE} != agent
SAMPLE_FILES+= ${OSSEC_HOME}/rules/local_rules.xml
.endif
.if empty(USER)
USER=$$(${ID} -un)
.endif
.if empty(GROUP)
GROUP=$$(${ID} -gn)
.endif
.if !defined(MAINTAINER_MODE)
USER_ARGS+= OSSEC_GROUP=${GROUP} \
OSSEC_USER=${USER} \
OSSEC_USER_MAIL=${USER} \
OSSEC_USER_REM=${USER}
.endif
OSSEC_USER= ossec
OSSEC_GROUP= ossec
USERS= ${OSSEC_USER} ossecm ossecr
GROUPS= ${OSSEC_GROUP}
SUB_LIST+= PORTNAME=${PORTNAME} \
CATEGORY=${CATEGORIES:[1]} \
OSSEC_TYPE=${OSSEC_TYPE} \
OSSEC_HOME=${OSSEC_HOME} \
VERSION=${PORTVERSION} \
DB_TYPE=${DB_TYPE} \
DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \
OSSEC_USER=${OSSEC_USER} \
OSSEC_GROUP=${OSSEC_GROUP} \
OSSEC_RC=${OSSEC_RC}
SUB_FILES= pkg-install \
pkg-deinstall \
${PKGMSG_FILES} \
restart-ossec.sh
.if defined(MAINTAINER_MODE)
PLIST_SUB= OSSEC_HOME=${PORTNAME}
.else
PLIST_SUB= OSSEC_HOME=${OSSEC_HOME}
.endif
PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE}
DOCSFILES= BUGS CHANGELOG.md CONTRIBUTORS LICENSE README.md SUPPORT.md
PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE}
PKGMESSAGE= ${WRKDIR}/pkg-message
PKGMSG_FILES= message-header
PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//}
CFLAGS+= -I${LOCALBASE}/include
INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify)
INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify)
OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no
.if defined(OSSEC_MAX_AGENTS)
OSSEC_ARGS+= MAXAGENTS=${OSSEC_MAX_AGENTS}
.endif
.if !defined(MAINTAINER_MODE)
OSSEC_ARGS+= INSTALL_CMD=install
.endif
BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME}
INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME}
.include
PKGMSG_FILES+= message-firewall message-config
post-patch:
@${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \
-e 's|-lreadline|& ${LDFLAGS}|' \
${WRKSRC}/src/external/lua/src/Makefile
.if ${CHOSEN_COMPILER_TYPE} == gcc
@${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile
.endif
do-build:
@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build
do-install:
@cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install
post-install:
.for file_path in ${SAMPLE_FILES}
@${MV} -f ${STAGEDIR}${file_path} ${STAGEDIR}${file_path}.sample
.endfor
@${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN}
@${CP} ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN}
@${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN}
.if defined(MAINTAINER_MODE)
@${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN}
.else
@${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR}
.endif
.if ${OSSEC_TYPE} == agent
. if defined(MAINTAINER_MODE)
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done
. else
@for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done
. endif
.endif
@${ECHO_CMD} -n > ${PKGMESSAGE}
.for file_name in ${PKGMSG_FILES}
@${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE}
@${ECHO_CMD} >> ${PKGMESSAGE}
.endfor
.for file_name in ${STRIP_FILES}
@${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name}
.endfor
.if defined(MAINTAINER_MODE)
plist: makeplist
@${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR}
.endif
post-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
@cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR}
@cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample
post-install-MYSQL-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
post-install-PGSQL-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
@cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR}
.include
diff --git a/security/ossec-hids-local/distinfo b/security/ossec-hids-local/distinfo
index 279c79e85dd1..acad9d581302 100644
--- a/security/ossec-hids-local/distinfo
+++ b/security/ossec-hids-local/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1656551293
-SHA256 (ossec-ossec-hids-3.7.0_GH0.tar.gz) = 23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9
-SIZE (ossec-ossec-hids-3.7.0_GH0.tar.gz) = 2518737
+TIMESTAMP = 1740298126
+SHA256 (ossec-ossec-hids-3.8.0_GH0.tar.gz) = bd857a2dd7d0559ef59b4a9ec276f3a8ade6830f8aed257e8f4a62106cfe5f38
+SIZE (ossec-ossec-hids-3.8.0_GH0.tar.gz) = 2524057
diff --git a/security/ossec-hids-local/files/ossec-hids.in b/security/ossec-hids-local/files/ossec-hids.in
index 87783766b839..f7b173985f77 100644
--- a/security/ossec-hids-local/files/ossec-hids.in
+++ b/security/ossec-hids-local/files/ossec-hids.in
@@ -1,548 +1,548 @@
#!/bin/sh
#
# PROVIDE: ossec_hids
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%.
# Default: NO
# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup.
# Default: NO
# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup.
# Default: NO
# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start.
# Used only by agent installation.
-# Default: 40
+# Default: 60
# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration.
# Used only by agent installation.
# Default: 10
. /etc/rc.subr
name="ossec_hids"
rcvar=ossec_hids_enable
load_rc_config $name
: ${ossec_hids_enable="NO"}
: ${ossec_hids_clear_log="NO"}
: ${ossec_hids_clear_ar_log="NO"}
-: ${ossec_hids_fetch_connect_time=40}
+: ${ossec_hids_fetch_connect_time=60}
: ${ossec_hids_fetch_read_time=10}
ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
if [ -z "${ossec_hids_user}" ]; then
ossec_hids_user=$(stat -f '%Su' "${ossec_home}")
fi
ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"
agent_conf="${ossec_home}/etc/shared/agent.conf"
agent_conf_dir="${ossec_home}/etc/agent.conf.d"
agent_conf_bin="${ossec_home}/bin/config/agent-conf"
ossec_client_keys="${ossec_home}/etc/client.keys"
ossec_ar_tmp="${ossec_home}/active-response"
ossec_log="${ossec_home}/logs/ossec.log"
ossec_ar_log="${ossec_home}/logs/active-responses.log"
ossec_merged="${ossec_home}/etc/shared/merged.mg"
ossec_local_time="/etc/localtime"
ossec_resolv_conf="/etc/resolv.conf"
extra_commands="help status reload ossec_conf"
case ${ossec_type} in
server)
extra_commands="${extra_commands} agent_conf manage_agent reset_counter"
;;
agent)
extra_commands="${extra_commands} agent_conf manage_agent reset_counter config_profile fetch_config"
;;
esac
if [ -x "${ossec_conf_bin}" ]; then
extra_commands="${extra_commands} merge_config"
fi
ossec_rc_command=$1
shift 1
help_cmd="ossec_hids_help $@"
start_cmd="ossec_hids_command start $@"
stop_cmd="ossec_hids_command stop $@"
restart_cmd="ossec_hids_command restart $@"
status_cmd="ossec_hids_command status $@"
reload_cmd="ossec_hids_command reload $@"
manage_agent_cmd="ossec_hids_manage_agent $@"
reset_counter_cmd="ossec_hids_reset_counter $@"
config_profile_cmd="ossec_hids_config_profile $@"
fetch_config_cmd="ossec_hids_fetch_config $@"
merge_config_cmd="ossec_hids_create_config force $@"
ossec_conf_cmd="ossec_hids_ossec_conf $@"
agent_conf_cmd="ossec_hids_agent_conf $@"
start_precmd="ossec_hids_create_env && ossec_hids_create_config && ossec_hids_clean && ossec_hids_check"
restart_precmd="${start_precmd}"
reload_precmd="ossec_hids_create_env && ossec_hids_create_config"
config_profile_precmd="ossec_hids_check"
fetch_config_precmd="${start_precmd}"
agent_ids_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'"
agent_names_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*Name:[[:space:]]*([^,]+).*|\1|p'"
ossec_hids_help() {
local indent=" "
echo "Additional commands:"
echo
for command in ${extra_commands}; do
case ${command} in
ossec_conf)
echo "${command}"
if [ -x "${ossec_conf_bin}" ]; then
echo "${indent}Displays the \"ossec.conf\" as it would have been produced"
echo "${indent}by merging files from \"ossec.conf.d\" directory."
echo "${indent}Does not overwrite the actual \"ossec.conf\"."
else
echo "${indent}Displays the current \"ossec.conf\"."
fi
echo
;;
agent_conf)
echo "${command}"
if [ -x "${agent_conf_bin}" ]; then
echo "${indent}Displays the \"agent.conf\" as it would have been produced"
echo "${indent}by merging files from \"agent.conf.d\" directory."
echo "${indent}Does not overwrite the actual \"agent.conf\"."
else
echo "${indent}Displays the current \"agent.conf\"."
fi
echo
;;
manage_agent)
echo "${command} [...]"
echo "${indent}Executes OSSEC Agent Manager."
echo "${indent}Any additional arguments will be passed along (-h for help)."
echo "${indent}Use this command to export and import agent keys."
echo
;;
reset_counter)
case ${ossec_type} in
server)
echo "${command} "
echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter(s)."
echo "${indent}Only the counter for the given is reset."
echo "${indent}If the is \"-\", then counters for all agents are reset."
;;
agent)
echo "${command}"
echo "${indent}Stops the OSSEC and resets (removes) the replay attack prevention counter."
;;
esac
echo "${indent}Use this command on both the server and the agent to bring back connectivity."
echo "${indent}The typical scenario for desynchronization of counters is one of the OSSEC"
echo "${indent}instances has been restored from backup."
echo "${indent}Use the following procedure:"
echo "${indent}1. Reset counter on the agent."
echo "${indent}2. Reset counter on the server for that specific agent."
echo "${indent}3. Start the server."
echo "${indent}4. Start the agent."
echo
;;
config_profile)
echo "${command}"
echo "${indent}Displays a list (i.e. union of sets) of applicable (to this agent) configuration"
echo "${indent}profiles sent by the server (current \"agent.conf\") merged with configuration"
echo "${indent}profiles enabled on this agent (current \"ossec.conf\"). Each entry on the list"
echo "${indent}is marked with one of the following markers:"
echo "${indent}(+) - The profile is sent by the server and is enabled on this agent."
echo "${indent}(-) - The profile is sent by the server and is applicable for this agent, but is"
echo "${indent} not enabled in the \"ossec.conf\"."
echo "${indent}(?) - The profile is enabled on this agent, but is not sent by the server or is"
echo "${indent} not applicable to this agent."
echo
;;
fetch_config)
echo "${command}"
echo "${indent}(Re)starts the agent with a fresh copy of server shared configuration (including"
echo "${indent}\"agent.conf\"). Command can also be used to ensure server connectivity."
echo
;;
merge_config)
echo "${command}"
echo "${indent}Creates \"ossec.conf\" by merging files from \"ossec.conf.d\" directory."
case ${ossec_type} in
server)
echo "${indent}Creates \"agent.conf\" by merging files from \"agent.conf.d\" directory."
;;
esac
echo "${indent}Usually you do not need to run this command, because configuration files will"
echo "${indent}be merged before OSSEC startup if any of them has been modified/created/deleted"
echo "${indent}since the last merging. This command, however, does merging unconditionally."
echo
;;
esac
done
echo "To avoid problems with this script and the port in general, keep your XML-like"
echo "configuration pretty printed. Place element tags in single and separate lines."
echo "Comments can span on multiple but still separate lines."
echo "Do NOT use the following formatting:"
echo
echo "${indent}"
echo "${indent}${indent}"
echo "${indent}${indent}${indent}Some content"
echo "${indent}${indent}"
echo "${indent}${indent}${indent}Another content"
echo "${indent}"
echo
echo "Use instead:"
echo
echo "${indent}"
echo "${indent}${indent}"
echo "${indent}${indent}Some content"
echo "${indent}${indent}Another content"
echo "${indent}"
echo
}
ossec_hids_create_file() {
local path=$1
local owner=$2
local mode=$3
if [ ! -e "${path}" ]; then
touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
fi
}
ossec_hids_check() {
case ${ossec_type} in
server)
if [ ! -s "${ossec_client_keys}" ]; then
echo "WARNING: There are no client keys created - remote connections will be disabled."
echo
fi
;;
agent)
if [ ! -s "${ossec_client_keys}" ]; then
echo "WARNING: There are is no client key imported - connection to server not possible."
echo
else
if [ $(eval ${agent_ids_cmd} | wc -l) -gt 1 ]; then
echo "ERROR: There are multiple client keys imported - only one is allowed."
echo
return 1
fi
fi
;;
esac
return 0
}
ossec_hids_inline_content() {
local element="$1"
sed -En "s|.*<${element}>(.*).*|\1|p"
}
ossec_hids_remove_comments() {
# Comments must be on separate lines i.e. not next to uncommented code
awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
}
ossec_hids_config_profile() {
if [ ! -f "${ossec_conf}" ]; then
echo -n "ERROR: The \"${ossec_conf}\" is missing."
if [ -x "${ossec_conf_bin}" ]; then
echo " Run:"
echo "$(realpath $0) merge_config"
else
echo
fi
echo
return 1
fi
if [ ! -f "${agent_conf}" ]; then
echo "ERROR: The \"${agent_conf}\" is missing. Run:"
echo "$(realpath $0) fetch_config"
echo
return 1
fi
local os="FreeBSD"
local name=$(eval ${agent_names_cmd})
local server_profiles=`ossec_hids_remove_comments < "${agent_conf}" | sed -En \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
-e "s|.*.*|\1|p" \
| sort -u`
local agent_profiles=$(ossec_hids_remove_comments < "${ossec_conf}" | ossec_hids_inline_content "config-profile" | sed -E 's|[[:space:]]*,[[:space:]]*| |g')
local output=""
for server_profile in ${server_profiles}; do
local matching_profile=""
for agent_profile in ${agent_profiles}; do
if [ "${agent_profile}" == "${server_profile}" ]; then
matching_profile="${agent_profile}"
break
fi
done
if [ -n "${matching_profile}" ]; then
output="${output}(+) ${server_profile}
"
else
output="${output}(-) ${server_profile}
"
fi
done
for agent_profile in ${agent_profiles}; do
local matching_profile=""
for server_profile in ${server_profiles}; do
if [ "${server_profile}" == "${agent_profile}" ]; then
matching_profile="${server_profile}"
break
fi
done
if [ -z "${matching_profile}" ]; then
output="${output}(?) ${agent_profile}
"
fi
done
echo -n "${output}" | sort -k 2
}
ossec_hids_config_is_outdated() {
local dst_file="$1"
local src_dir="$2"
if [ ! -e "${dst_file}" ]; then
return 0
fi
if [ "${src_dir}" -nt "${dst_file}" ]; then
return 0
fi
for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do
if [ "${src_file}" -nt "${dst_file}" ]; then
return 0
fi
done
return 1
}
ossec_hids_create_config() {
case ${ossec_type} in
server)
if [ -x "${agent_conf_bin}" ]; then
# Merge agent.conf.d files into agent.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
ossec_hids_create_file "${agent_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640
"${agent_conf_bin}" > "${agent_conf}"
fi
fi
;;
esac
if [ -x "${ossec_conf_bin}" ]; then
# Merge ossec.conf.d files into ossec.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
ossec_hids_create_file "${ossec_conf}" ${ossec_hids_user}:%%OSSEC_GROUP%% 0640
"${ossec_conf_bin}" > "${ossec_conf}"
fi
fi
return 0
}
ossec_hids_create_env() {
# Copy required files from outside of home directory
if [ ! -e "${ossec_local_time}" ]; then
echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"."
echo
return 1
fi
if [ ! -e "${ossec_resolv_conf}" ]; then
echo "ERROR: Missing \"${ossec_resolv_conf}\"."
echo
return 1
fi
install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
install -o ${ossec_hids_user} -g %%OSSEC_GROUP%% -m 0440 "${ossec_resolv_conf}" "${ossec_home}${ossec_resolv_conf}"
return 0
}
ossec_hids_clean() {
if [ "${ossec_type}" == "server" ]; then
rm -f "${ossec_merged}"
fi
if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then
echo -n > "${ossec_log}"
fi
if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then
echo -n > "${ossec_ar_log}"
fi
return 0
}
ossec_hids_reset_counter() {
local agent_name="$1"
ossec_hids_command stop
sleep 1
echo
case ${ossec_type} in
server)
if [ -z "${agent_name}" ]; then
echo "ERROR: Specify agent name to reset counter for this agent or \"-\" to reset counters for all agents."
echo
return 1
fi
local agent_counter=0
if [ "${agent_name}" == "-" ]; then
for agent_id in $(eval ${agent_ids_cmd}); do
if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
fi
done
else
local agent_id=`${ossec_home}/bin/manage_agents -l | sed -En -e "s|.*ID:[[:space:]]*([[:digit:]]+),[[:space:]]*Name:[[:space:]]${agent_name},.*|\1|p"`
if [ -n "${agent_id}" ]; then
if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
fi
fi
fi
echo "Removed ${agent_counter} counter(s)."
echo
;;
agent)
local agent_counter=0
for agent_id in $(eval ${agent_ids_cmd}); do
# Should be executed only once
if [ -e "${ossec_home}/queue/rids/${agent_id}" ]; then
rm "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
fi
done
echo "Removed ${agent_counter} counter(s)."
echo
;;
esac
return 0
}
ossec_hids_fetch_config() {
ossec_hids_command stop
sleep 1
echo
rm -f "${ossec_merged}"
ossec_hids_command start || return 1
echo
echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start."
sleep ${ossec_hids_fetch_connect_time}
if [ ! -s "${ossec_merged}" ]; then
echo "ERROR: Failed to download shared configuration from the OSSEC server."
echo
local ossec_log_tail=$(tail "${ossec_log}")
echo "Portion of the \"${ossec_log}\":"
echo "${ossec_log_tail}"
echo
if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then
echo "Check if your configuration contains the correct server address in \"server-ip\" option."
echo
else
local ossec_rc_path="$(realpath $0)"
echo "Is the imported agent key correct? To import it run:"
echo "${ossec_rc_path} manage_agent"
echo
echo "If you are certain the imported agent key is correct, then run:"
echo "${ossec_rc_path} reset_counter"
echo "${ossec_rc_path} fetch_config"
echo
echo "If this doesn't help, you need to reset counter on the server."
echo "If the server runs FreeBSD port of OSSEC, run:"
echo "On the agent:"
echo "${ossec_rc_path} reset_counter"
echo "On the server:"
echo "${ossec_rc_path} reset_counter $(eval ${agent_names_cmd})"
echo "${ossec_rc_path} start"
echo "On the agent:"
echo "${ossec_rc_path} fetch_config"
echo
fi
ossec_hids_command stop
return 1
else
# The download has started
while true; do
local current_time=$(date +%s)
local modification_time=$(stat -f %m "${ossec_merged}")
if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then
echo "Download finished."
echo
ossec_hids_command restart || return 1
break;
else
echo "Download in progress..."
sleep ${ossec_hids_fetch_read_time}
fi
done
fi
return 0
}
ossec_hids_ossec_conf() {
if [ -x "${ossec_conf_bin}" ]; then
"${ossec_conf_bin}"
elif [ -f "${ossec_conf}" ]; then
cat "${ossec_conf}"
fi
}
ossec_hids_agent_conf() {
if [ -x "${agent_conf_bin}" ]; then
"${agent_conf_bin}"
elif [ -f "${agent_conf}" ]; then
cat "${agent_conf}"
fi
}
ossec_hids_manage_agent() {
"${ossec_home}/bin/manage_agents" $@
return $?
}
ossec_hids_command() {
"${ossec_home}/bin/ossec-control" $1
return $?
}
run_rc_command "${ossec_rc_command}"
diff --git a/security/ossec-hids/version.mk b/security/ossec-hids/version.mk
index 305273a7a832..47e2183aff89 100644
--- a/security/ossec-hids/version.mk
+++ b/security/ossec-hids/version.mk
@@ -1,8 +1,8 @@
PORTNAME= ossec-hids
-PORTVERSION= 3.7.0
+PORTVERSION= 3.8.0
CATEGORIES= security
MAINTAINER= dominik.lisiak@bemsoft.pl
COMMENT?= Security tool to monitor and check logs and intrusions
LICENSE= GPLv2