- Update to 0.7.0.

PR:		ports/122645, ports/122646, ports/122647
Submitted by:	Paul Schmehl <pauls@utdallas.edu> (maintainer)

security/sguil-client/Makefile

@@ -6,22 +6,21 @@
 #
 
 PORTNAME=	sguil-client
-PORTVERSION=	0.6.1
-PORTREVISION=	3
+PORTVERSION=	0.7.0
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=	sguil
 
 MAINTAINER=	pauls@utdallas.edu
 COMMENT=	Sguil is a network security monitoring program
 
+LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
 RUN_DEPENDS=	dtplite:${PORTSDIR}/devel/tcllib \
-		gpgv:${PORTSDIR}/security/gnupg1 \
+		gpg2:${PORTSDIR}/security/gnupg \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX \
 		${LOCALBASE}/lib/iwidgets/iwidgets.tcl:${PORTSDIR}/x11-toolkits/iwidgets
 
-OPTIONS=	TLS "Include openssl support" off \
-		WIRESHARK "Install wireshark" off \
+OPTIONS=	WIRESHARK "Install wireshark" off \
 		AUDIO "Install Festival Speech Synthesis" off
 
 NO_BUILD=	YES
@@ -39,7 +38,8 @@ PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
 		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
 
 LIBFILES=	SguilUtil.tcl dkffont.tcl email17.tcl extdata.tcl guilib.tcl nessusheader.html \
-		qrybuild.tcl qrylib.tcl report.tcl sancp.tcl sellib.tcl sound.tcl stdquery.tcl whois.tcl
+		qrybuild.tcl qrylib.tcl report.tcl sancp.tcl sellib.tcl sound.tcl stdquery.tcl \
+		whois.tcl
 
 IMAGES=		DarkLineDown10x9.xbm DarkLineDown12x11.xbm DarkLineDown8x7.xbm DarkLineUp10x9.xbm \
 		DarkLineUp12x11.xbm DarkLineUp8x7.xbm LightLineDown10x9.xbm LightLineDown12x11.xbm \
@@ -55,10 +55,6 @@ SCRIPTS=	mwutil.tcl repair.tcl tablelistBind.tcl tablelistConfig.tcl tablelistEd
 
 .include <bsd.port.pre.mk>
 
-.if defined(WITH_TLS)
-LIB_DEPENDS+=	tls:${PORTSDIR}/devel/tcltls
-.endif
-
 .if defined(WITH_WIRESHARK)
 RUN_DEPENDS+=	wireshark:${PORTSDIR}/net/wireshark
 .endif

security/sguil-client/distinfo

@@ -1,3 +1,3 @@
-MD5 (sguil-client-0.6.1.tar.gz) = 68d209f882d4c8fa9c200ba0924b00b3
-SHA256 (sguil-client-0.6.1.tar.gz) = c493cce8c6c1d5802c2ee3d2e0b7bed913ec511bda565ad697250b23a7809dc9
-SIZE (sguil-client-0.6.1.tar.gz) = 204032
+MD5 (sguil-client-0.7.0.tar.gz) = f0841ef5e0d858a0a643fdc61294c091
+SHA256 (sguil-client-0.7.0.tar.gz) = a12aab9477edc47cce6f1dfa344808e4950c07fdce21691bf4730a43a273ec45
+SIZE (sguil-client-0.7.0.tar.gz) = 206713

security/sguil-client/files/patch-sguil.conf

@@ -1,15 +1,20 @@
---- client/sguil.conf.orig	Fri Feb 10 08:59:33 2006
-+++ client/sguil.conf	Mon Nov 13 13:11:03 2006
-@@ -12,7 +12,7 @@
+--- client/sguil.conf.orig	2008-04-04 21:41:20.000000000 -0500
++++ client/sguil.conf	2008-04-04 21:59:36.000000000 -0500
+@@ -12,11 +12,11 @@
  set SERVERHOST demo.sguil.net
  
  # Where any required sguil libraries are (like the font chooser).
 -set SGUILLIB ./lib
-+set SGUILLIB /usr/local/bin/sguil-client/lib
++set SGUILLIB /usr/local/lib/sguil-client/
  # Debug 1=on 0=off  This is VERY chatty
  set DEBUG 1
- # Set up OpenSSL here (read ./doc/OPENSSL.README)
-@@ -30,12 +30,12 @@
+ # PATH to tls lib if needed (tcl can usually find this by default)
+-#set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
++set TLS_PATH /usr/local/lib/libtls.so
+ # win32 example
+ #set TLS_PATH "c:/tcl/lib/tls1.4/tls14.dll"
+ # Path to a whois script.
+@@ -41,12 +41,12 @@
  # If you have festival installed, then you can have alerts spoken to
  # you. Set the path to the festival binary here. If you are using
  # speechd from speechio.org, then leave this commented out.
@@ -18,17 +23,17 @@
  # win32 example
  # set FESTIVAL_PATH "c:\festival\bin\festival.exe"
  #set WHOIS_PATH /common/bin/awhois.sh
- # Path to ethereal
--set ETHEREAL_PATH /usr/sbin/ethereal
-+set ETHEREAL_PATH /usr/local/bin/wireshark
+ # Path to wireshark (ethereal)
+-set WIRESHARK_PATH /usr/sbin/wireshark
++set WIRESHARK_PATH /usr/local/bin/wireshark
  # win32 example
- # set ETHEREAL_PATH "c:/progra~1/ethereal/ethereal.exe"
+ # set WIRESHARK_PATH "c:/progra~1/wireshark/wireshark.exe"
  # Where to save the temporary raw data files on the client system
-@@ -44,7 +44,7 @@
+@@ -55,7 +55,7 @@
  # win32 example
- # set ETHEREAL_STORE_DIR "c:/tmp"
+ # set WIRESHARK_STORE_DIR "c:/tmp"
  # Favorite browser for looking at sig info on snort.org
--set BROWSER_PATH /usr/bin/mozilla
+-set BROWSER_PATH /usr/bin/firefox
 +set BROWSER_PATH /usr/local/bin/firefox
  # win32 example (IE)
  # set BROWSER_PATH c:/progra~1/intern~1/iexplore.exe

security/sguil-client/files/patch-sguil.tk

@@ -1,11 +1,28 @@
---- client/sguil.tk.orig	Mon Nov 13 13:19:24 2006
-+++ client/sguil.tk	Mon Nov 13 13:21:03 2006
-@@ -1679,6 +1679,8 @@
+--- client/sguil.tk.orig	2008-04-10 20:14:26.000000000 -0500
++++ client/sguil.tk	2008-04-10 20:42:55.000000000 -0500
+@@ -77,7 +77,7 @@
+ 
+ # Load iwidgets and namespaces
+ if [catch {package require Iwidgets} iwidgetsVersion] {
+-    puts "ERROR: Cannot fine the Iwidgets extension."
++    puts "ERROR: Cannot find the Iwidgets extension."
+     puts "The iwidgets package is part of the incr tcl extension and is"
+     puts "available as a port/package most systems."
+     puts "See http://www.tcltk.com/iwidgets/ for more info."
+@@ -2017,11 +2017,11 @@
      set CONF_FILE $env(HOME)/sguil.conf
    } elseif { [file exists ./sguil.conf] } {
      set CONF_FILE ./sguil.conf
-+  } elseif { [file exists /usr/local/etc/sguil.conf] } {
-+    set CONF_FILE /usr/local/etc/sguil.conf
-   } elseif { [file exists /etc/sguil] &&\
-              [file isdirectory /etc/sguil] &&\
-              [file exists /etc/sguil/sguil.conf] &&\
+-  } elseif { [file exists /etc/sguil] &&\
+-             [file isdirectory /etc/sguil] &&\
+-             [file exists /etc/sguil/sguil.conf] &&\
+-             [file readable /etc/sguil/sguil.conf] } {
+-    set CONF_FILE /etc/sguil/sguil.conf
++  } elseif { [file exists /usr/local/etc/sguil-client] &&\
++             [file isdirectory /usr/local/etc/sguil-client] &&\
++             [file exists /usr/local/etc/sguil-client/sguil.conf] &&\
++             [file readable /usr/local/etc/sguil-client/sguil.conf] } {
++    set CONF_FILE /usr/local/etc/sguil-client/sguil.conf
+   } else {
+     puts "Couldn't determine where the sguil config file is"
+     puts "Looked for $env(HOME)/sguil.conf and ./sguil.conf."

security/sguil-client/pkg-descr

@@ -4,13 +4,13 @@ The actual interface and GUI server are written in tcl/tk
 (www.tcl.tk). Sguil also relies on other open source software
 in order to function properly.
 
-The client requires gpg, iwidgets and other tcl packages and may
-also use wireshark, festival and tls depending on your selection
+The client requires tls, gpg, iwidgets and other tcl packages and may
+also use wireshark and festival depending on your selection
 of options.  Run "make config" in the port to see what options
 are available.
 
-Sguil currently functions as an analysis interface and has
-no snort sensor or rule management capabilities.
+Sguil currently functions as an analysis interface and does not yet
+have rule management capabilities.
 
 WWW: http://sguil.sourceforge.net/index.php
 pauls@utdallas.edu

security/sguil-sensor/Makefile

@@ -6,30 +6,31 @@
 #
 
 PORTNAME=	sguil-sensor
-PORTVERSION=	0.6.1
-PORTREVISION=	1
+PORTVERSION=	0.7.0
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=	sguil
 
 MAINTAINER=	pauls@utdallas.edu
 COMMENT=	Sguil is a network security monitoring program
 
+LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
 RUN_DEPENDS=	snort:${PORTSDIR}/security/snort \
-		barnyard:${PORTSDIR}/security/barnyard-sguil6 \
+		barnyard:${PORTSDIR}/security/barnyard-sguil \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
 
-OPTIONS=	SANCP "Include sancp support" off \
-		TLS "Include openssl support" off
+OPTIONS=	SANCP "Include sancp sensor" off \
+		PADS "Include pads sensor" off
 
 NO_BUILD=	yes
-USE_RC_SUBR=	sensor_agent.sh
+USE_RC_SUBR=	example_agent.sh pcap_agent.sh snort_agent.sh
 TCLSH_CMD?=	tclsh8.4
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
 SUB_LIST=	SGUILDIR=${SGUILDIR}
-SUB_FILES=	pkg-message sensor_agent.sh
+SUB_FILES=	pkg-message example_agent.sh pcap_agent.sh snort_agent.sh
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
 SGUILDIR?=	sguil-sensor
+AGENTS=		example_agent.tcl pads_agent.tcl pcap_agent.tcl sancp_agent.tcl snort_agent.tcl
 
 PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
 		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
@@ -40,43 +41,75 @@ WITH_PCRE=	true
 
 .if defined(WITH_SANCP)
 RUN_DEPENDS+=	sancp:${PORTSDIR}/security/sancp
+USE_RC_SUBR+=	sancp_agent.sh
+SUB_FILES+=	sancp_agent.sh
 PLIST_SUB+=	USESANCP=
 .else
 PLIST_SUB+=	USESANCP="@comment "
 .endif
 
-.if defined(WITH_TLS)
-LIB_DEPENDS+=	tls:${PORTSDIR}/devel/tcltls
+.if defined(WITH_PADS)
+RUN_DEPENDS+=	pads:${PORTSDIR}/net-mgmt/pads
+USE_RC_SUBR+=	pads_agent.sh
+SUB_FILES+=	pads_agent.sh
+PLIST_SUB+=	USEPADS=
+.else
+PLIST_SUB+=	USEPADS="@comment "
 .endif
 
 post-patch:
-.for f in sensor_agent.tcl
+.for f in ${AGENTS}
 	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${PREFIX}/bin/${TCLSH_CMD}:g' \
 		${WRKSRC}/sensor/${f}
+	@${REINPLACE_CMD} -e 's:/etc/:${PREFIX}/etc/${SGUILDIR}/:g' \
+		${WRKSRC}/sensor/${f}
 .endfor
 
 do-install:
 	@${MKDIR} ${PREFIX}/bin/${SGUILDIR}
-	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/sensor_agent.tcl \
-		${PREFIX}/bin/${SGUILDIR}/sensor_agent.tcl
+	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
+.for f in example_agent.tcl pcap_agent.tcl snort_agent.tcl
+	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
 .for f in log_packets.sh
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/sensor/${f} \
 		${PREFIX}/bin/${SGUILDIR}/${f}
 .endfor
-.for f in sensor_agent.conf
+.for f in example_agent.conf pcap_agent.conf snort_agent.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
-		${PREFIX}/etc/${f}-sample
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
 .for f in log_packets.conf
 	${INSTALL_DATA} ${FILESDIR}/${f} \
-		${PREFIX}/etc/${f}-sample
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
 .endfor
 .if defined(WITH_SANCP)
+.for f in sancp_agent.conf
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
 .for f in sancp.conf
 	${INSTALL_DATA} ${WRKSRC}/sensor/sancp/${f} \
 		${PREFIX}/etc/${f}-sample
 .endfor
+.for f in sancp_agent.tcl
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
 .endif
+.if defined(WITH_PADS)
+.for f in pads_agent.conf
+	${INSTALL_DATA} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/etc/${SGUILDIR}/${f}-sample
+.endfor
+.for f in pads_agent.tcl
+	${INSTALL_SCRIPT} ${WRKSRC}/sensor/${f} \
+		${PREFIX}/bin/${SGUILDIR}/${f}
+.endfor
+.endif
+post-install:
+
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} \

security/sguil-sensor/distinfo

@@ -1,3 +1,3 @@
-MD5 (sguil-sensor-0.6.1.tar.gz) = 62be71b0aa41ccacb7872839dc4bf5ad
-SHA256 (sguil-sensor-0.6.1.tar.gz) = b1da0fffeaecd69b9d8eeeb27025fdc3493a2eabfec8ed4153f688f11ee226eb
-SIZE (sguil-sensor-0.6.1.tar.gz) = 103441
+MD5 (sguil-sensor-0.7.0.tar.gz) = 911b3571fdaa00b7ddde3ec818232b3f
+SHA256 (sguil-sensor-0.7.0.tar.gz) = c6f08b031df9de942fc38b35a4bfc7db13357e61b7290b526bad66fcbe3e4f3b
+SIZE (sguil-sensor-0.7.0.tar.gz) = 68436

security/sguil-sensor/files/log_packets.conf

@@ -2,6 +2,11 @@
 # Make sure you verify the location of
 # each of the binaries on your OS
 
+# Edit these for your setup
+
+# Sensors hostname.
+# Note: If running multiple snort instances, then this must be different
+#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
 HOSTNAME="myhost"
 # Path to snort binary
 SNORT_PATH="/usr/local/bin/snort"

security/sguil-sensor/files/patch-log_packets.sh

@@ -1,12 +1,13 @@
---- sensor/log_packets.sh.orig	Fri Mar 24 13:12:18 2006
-+++ sensor/log_packets.sh	Mon Mar 27 17:22:54 2006
-@@ -23,37 +23,16 @@
+--- sensor/log_packets.sh.orig	2008-04-03 22:16:22.000000000 -0500
++++ sensor/log_packets.sh	2008-04-03 22:22:20.000000000 -0500
+@@ -22,38 +22,16 @@
+ #                                                            #
  ##############################################################
  
- 
--# Edit these for your setup
 +# You shouldn't need to edit anything in this script
  
+-# Edit these for your setup
+-
 -# Sensors hostname.
 -# Note: If running multiple snort instances, then this must be different
 -#       for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc)
@@ -36,7 +37,7 @@
 -#Some installs may need these
 -#LD_LIBRARY_PATH=/usr/local/lib/mysql
 -#export LD_LIBRARY_PATH
-+CONF=/usr/local/etc/log_packets.conf
++CONF=/usr/local/etc/sguil-sensor/log_packets.conf
 +if [ -r ${CONF} ]; then
 +  . ${CONF}
 +else

security/sguil-sensor/files/pkg-message.in

@@ -7,7 +7,7 @@ it and install the barnyard-sguil6 port instead.  You will need to
 deinstall the barnyard port and install the barnyard-sguil6 port yourself
 instead.  This port WILL NOT WORK without the barnyard-sguil6 port!!
 
-You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/)
+You MUST edit the log_packets.conf file (located in %%PREFIX%%/etc/%%SGUILDIR%%)
 to fit your configuration before running the log_packets.sh script.
 See the %%DOCSDIR%%/INSTALL doc for details on the 
 configuration and for croning the script.  
@@ -16,9 +16,9 @@ WARNING!!!  Sguil et al will fill up your /tmp directory very
 quickly.  You should probably configure sguil et al to log to
 another partition/location (e.g. /nsm/tmp/).
 
-You must ALSO edit the sensor_agent.conf file (located in 
-%%PREFIX%%/etc/) to reflect your configuration before 
-starting the sensor_agent.
+You must ALSO edit all of the sensor conf fileis (located in 
+%%PREFIX%%/%%SGUILDIR%%/etc/) to reflect your configuration before 
+starting the sensor_agents.
 
 If you chose to run sancp, and you already had a sancp.conf file in
 %%PREFIX%%/etc, copy it to sancp.conf.orig before creating the new one.

security/sguil-sensor/pkg-descr

@@ -5,13 +5,14 @@ The actual interface and GUI server are written in tcl/tk
 in order to function properly.
 
 The sensor list includes security/barnyard, security/snort, 
-security/sancp, tcpdump (a part of the OS) and devel/tcltls as 
-well as lang/tcl84 and lang/tclX.  Care has been taken to ensure 
-that everything you need to build a working sguil operation is 
-in the FreeBSD ports system or part of the OS already. 
+security/sancp, net-mgmt/pads, tcpdump (a part of the OS) 
+and devel/tcltls as well as lang/tcl84 and lang/tclX.  Care 
+has been taken to ensure that everything you need to build 
+a working sguil operation is in the FreeBSD ports system or 
+is part of the OS already. 
 
 Sguil currently functions as an analysis interface and has
-no snort sensor or rule management capabilities.
+rule management capabilities.
 
 WWW: http://sguil.sourceforge.net/index.php
 pauls@utdallas.edu

security/sguil-sensor/pkg-plist

@@ -1,6 +1,15 @@
 bin/%%SGUILDIR%%/log_packets.sh
-bin/%%SGUILDIR%%/sensor_agent.tcl
-etc/log_packets.conf-sample
+bin/%%SGUILDIR%%/example_agent.tcl
+bin/%%SGUILDIR%%/pcap_agent.tcl
+bin/%%SGUILDIR%%/snort_agent.tcl
+etc/%%SGUILDIR%%/example_agent.conf-sample
+etc/%%SGUILDIR%%/pcap_agent.conf-sample
+etc/%%SGUILDIR%%/snort_agent.conf-sample
+etc/%%SGUILDIR%%/log_packets.conf-sample
+%%USEPADS%%bin/%%SGUILDIR%%/pads_agent.tcl
+%%USEPADS%%etc/%%SGUILDIR%%/pads_agent.conf-sample
 %%USESANCP%%etc/sancp.conf-sample
-etc/sensor_agent.conf-sample
+%%USESANCP%%bin/%%SGUILDIR%%/sancp_agent.tcl
+%%USESANCP%%etc/%%SGUILDIR%%/sancp_agent.conf-sample
 @dirrm bin/%%SGUILDIR%%
+@dirrmtry etc/%%SGUILDIR%%

security/sguil-server/Makefile

@@ -6,10 +6,9 @@
 #
 
 PORTNAME=	sguil-server
-PORTVERSION=	0.6.1
-PORTREVISION=	1
+PORTVERSION=	0.7.0
 CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=	sguil
 
 MAINTAINER=	pauls@utdallas.edu
@@ -18,7 +17,6 @@ COMMENT=	Sguil is a network security monitoring program
 RUN_DEPENDS=	p0f:${PORTSDIR}/net-mgmt/p0f \
 		tcpflow:${PORTSDIR}/net/tcpflow \
 		dtplite:${PORTSDIR}/devel/tcllib \
-		barnyard:${PORTSDIR}/security/barnyard-sguil6 \
 		${LOCALBASE}/lib/tclx8.4/tclx.tcl:${PORTSDIR}/lang/tclX
 LIB_DEPENDS=	tls:${PORTSDIR}/devel/tcltls
 
@@ -29,24 +27,33 @@ SGUILDIR?=	sguil-server
 WRKSRC=		${WRKDIR}/sguil-${PORTVERSION}
 PATCH_WRKSRC=	${WRKSRC}/server
 PLIST_SUB=	SGUILDIR=${SGUILDIR}
-SUB_FILES=	pkg-message
-SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD}
-LIBRARIES=	SguildAccess.tcl SguildEvent.tcl SguildReportBuilder.tcl \
-		SguildAutoCat.tcl SguildGenericDB.tcl SguildSendComms.tcl \
+SUB_FILES=	pkg-message pkg-install pkg-deinstall
+SUB_LIST=	SGUILDIR=${SGUILDIR} TCLSH=${TCLSH_CMD} CURDIR=${.CURDIR} \
+		WRKSRC=${WRKSRC} DOCSDIR=${DOCSDIR}
+LIBRARIES=	SguildAccess.tcl SguildGenericDB.tcl SguildReportBuilder.tcl \
+		SguildAutoCat.tcl SguildGenericEvent.tcl SguildSendComms.tcl \
 		SguildClientCmdRcvd.tcl SguildHealthChecks.tcl SguildSensorAgentComms.tcl \
 		SguildConnect.tcl SguildLoaderd.tcl SguildSensorCmdRcvd.tcl \
 		SguildCreateDB.tcl SguildMysqlMerge.tcl SguildTranscript.tcl \
-		SguildEmailEvent.tcl SguildQueryd.tcl SguildUtils.tcl
-SCRIPTS=	create_ruledb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \
-		create_sguildb.sql update_sguildb_v5-v6.sql update_sguildb_v9-v10.sql \
-		migrate_event.tcl update_sguildb_v6-v7.sql migrate_sancp.tcl update_sguildb_v7-v8.sql
+		SguildEmailEvent.tcl SguildPadsLib.tcl SguildUtils.tcl \
+		SguildEvent.tcl SguildQueryd.tcl
+SCRIPTS=	create_ruledb.sql update_0.7.tcl update_sguildb_v7-v8.sql \
+		create_sguildb.sql update_sguildb_v10-v11.sql update_sguildb_v8-v9.sql \
+		migrate_event.tcl update_sguildb_v11-v12.sql update_sguildb_v9-v10.sql \
+		migrate_sancp.tcl update_sguildb_v5-v6.sql sancp_cleanup.tcl update_sguildb_v6-v7.sql
 CONFS=		autocat.conf sguild.access sguild.conf sguild.email sguild.queries sguild.reports sguild.users
 
-PORTDOCS=	CHANGES INSTALL INSTALL.openbsd LICENSE.QPL \
-		OPENSSL.README TODO USAGE sguildb.dia
+PORTDOCS=	CHANGES FAQ INSTALL INSTALL.openbsd LICENSE.QPL \
+		OPENSSL.README TODO UPGRADE USAGE sguildb.dia
+
+OPTIONS=	MYSQL50 "Install mysql50 server" off
 
 .include <bsd.port.pre.mk>
 
+.if defined(WITH_MYSQL50)
+RUN_DEPENDS+=	${LOCALBASE}/libexec/mysqld:${PORTSDIR}/databases/mysql50-server
+.endif
+
 MYSQLTCL_VER!=	cd ${PORTSDIR}/databases/mysqltcl && ${MAKE} -V PORTVERSION
 
 RUN_DEPENDS+=	${LOCALBASE}/lib/mysqltcl-${MYSQLTCL_VER}:${PORTSDIR}/databases/mysqltcl
@@ -56,10 +63,15 @@ post-patch:
 	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f}
 .endfor
 
-do-install:
-	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
+pre-su-install:
+	@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
+		${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
+pre-install:
 	@${MKDIR} ${PREFIX}/lib/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/share/${SGUILDIR}
+	@${MKDIR} /var/run/${SGUILDIR}
+do-install:
 .for f in archive_sguildb.tcl sguild
 	${INSTALL_SCRIPT} -m 751 ${WRKSRC}/server/${f} ${PREFIX}/bin/${f}
 .endfor
@@ -80,6 +92,9 @@ post-install:
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif
+	@${SETENV} PKG_PREFIX=${PREFIX} && PORTSDIR=${PORTSDIR} \
+		${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+
 	@${CAT} ${PKGMESSAGE}
 
 .include <bsd.port.post.mk>

security/sguil-server/distinfo

@@ -1,3 +1,3 @@
-MD5 (sguil-server-0.6.1.tar.gz) = 27decbe3c6528bf2c86c74b35b8f7b3b
-SHA256 (sguil-server-0.6.1.tar.gz) = 22aea8f76da0530ae7ee9a68efe1de7615bec47a7702c93f8fe338d57590ce57
-SIZE (sguil-server-0.6.1.tar.gz) = 92901
+MD5 (sguil-server-0.7.0.tar.gz) = 2ba67b1a98ed92f43072ecd98d9e15eb
+SHA256 (sguil-server-0.7.0.tar.gz) = 8ed845779c516b7bcb092454d339a26bca69f52689f9f07831fb41a3efe58809
+SIZE (sguil-server-0.7.0.tar.gz) = 103440

security/sguil-server/files/patch-sguild

@@ -1,15 +1,15 @@
---- sguild.orig	Tue Mar 28 04:36:05 2006
-+++ sguild	Tue Mar 28 04:37:10 2006
-@@ -229,7 +229,7 @@
-   package require tls
-   # Check for certs
-   if {![info exists CERTS_PATH]} {
+--- sguild.orig	2008-04-08 22:02:24.000000000 -0500
++++ sguild	2008-04-08 22:09:11.000000000 -0500
+@@ -235,7 +235,7 @@
+ # Check for certs
+ if {![info exists CERTS_PATH]} {
+ 
 -    set CERTS_PATH /etc/sguild/certs
 +    set CERTS_PATH /usr/local/etc/sguil-server/certs
-   }
-   if {![file exists $CERTS_PATH] || ![file isdirectory $CERTS_PATH]} {
-     puts "ERROR: $CERTS_PATH does not exist or is not a directory"
-@@ -251,13 +251,13 @@
+ 
+ }
+ 
+@@ -265,13 +265,13 @@
  
  if { ![info exists CONF_FILE] } {
    # No conf file specified check the defaults
@@ -26,7 +26,7 @@
      DisplayUsage $argv0
    }
  }
-@@ -338,17 +338,17 @@
+@@ -354,17 +354,17 @@
  # Check for a valid USERS file
  if { ![info exists USERS_FILE] } {
    # No users file was specified. Go with the defaults
@@ -48,7 +48,7 @@
        DisplayUsage $argv0
      }
    }
-@@ -376,8 +376,8 @@
+@@ -392,8 +392,8 @@
  # Load accessfile
  if { ![info exists ACCESS_FILE] } {
    # Check the defaults
@@ -59,7 +59,7 @@
    } elseif { [file exists ./sguild.access] } {
      set ACCESS_FILE "./sguild.access"
    } else {
-@@ -391,8 +391,8 @@
+@@ -407,8 +407,8 @@
  }
  # Load auto cat config
  if { ![info exists AUTOCAT_FILE] } {
@@ -70,7 +70,7 @@
     } else {
       set AUTOCAT_FILE "./autocat.conf"
     }
-@@ -402,8 +402,8 @@
+@@ -418,8 +418,8 @@
  }
  # Load email config file
  if { ![info exists EMAIL_FILE] } {
@@ -81,7 +81,7 @@
    } else {
      set EMAIL_FILE "./sguild.email"
    }
-@@ -415,8 +415,8 @@
+@@ -431,8 +431,8 @@
  }
  # Load global queries.
  if { ![info exists GLOBAL_QRY_FILE] } {
@@ -92,7 +92,7 @@
    } else {
      set GLOBAL_QRY_FILE "./sguild.queries"
    }
-@@ -428,8 +428,8 @@
+@@ -444,8 +444,8 @@
  }
  # Load report queries.
  if { ![info exists REPORT_QRY_FILE] } {

security/sguil-server/files/patch-sguild.access

@@ -1,12 +1,12 @@
---- sguild.access.orig	Tue Mar 28 03:36:31 2006
-+++ sguild.access	Tue Mar 28 03:37:44 2006
+--- sguild.access.orig	2008-04-03 17:55:46.000000000 -0500
++++ sguild.access	2008-04-03 17:56:50.000000000 -0500
 @@ -4,7 +4,8 @@
  # This file is used by sguild for access control. It is read upon init  #
  # or when sguild receives a HUP signal.                                 #
  #                                                                       #
 -# By default, sguild will look first for /etc/sguild/sguild.access,     #
 +# By default, sguild will look first for                                #
-+# /usrlocal//etc/sguild/sguild.access,                                  #
++# /usr/local/etc/sguild/sguild.access,                                  #       
  # then ./sguild.access unless the -A /path/to/sguild.access switch      #
  # is used.                                                              #
  #                                                                       #

security/sguil-server/files/patch-sguild.conf

@@ -1,41 +1,28 @@
-*** sguild.conf.orig	Tue Mar 28 02:38:13 2006
---- sguild.conf	Tue Mar 28 02:39:47 2006
-***************
-*** 2,6 ****
-  
-  # Path the sguild libs
-! set SGUILD_LIB_PATH ./lib
-  
-  # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
---- 2,6 ----
-  
-  # Path the sguild libs
-! set SGUILD_LIB_PATH /usr/local/lib/sguil-server/
-  
-  # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
-***************
-*** 61,65 ****
-  # You MUST have tcpflow installed to get xscripts
-  # http://www.circlemud.org/~jelson/software/tcpflow/
-! set TCPFLOW "/usr/bin/tcpflow"
-  
-  # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
---- 61,65 ----
-  # You MUST have tcpflow installed to get xscripts
-  # http://www.circlemud.org/~jelson/software/tcpflow/
-! set TCPFLOW "/usr/local/bin/tcpflow"
-  
-  # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
-***************
-*** 72,76 ****
-  # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
-  # add any others you may need here.
-! set P0F_PATH "/usr/sbin/p0f"
-  
-  # Email config moved to sguild.email 
---- 72,76 ----
-  # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
-  # add any others you may need here.
-! set P0F_PATH "/usr/local/bin/p0f"
-  
-  # Email config moved to sguild.email 
+--- sguild.conf.orig	2008-04-03 17:47:18.000000000 -0500
++++ sguild.conf	2008-04-03 17:53:11.000000000 -0500
+@@ -1,7 +1,7 @@
+ # $Id: sguild.conf,v 1.29 2006/06/02 20:40:57 bamm Exp $ #
+ 
+ # Path the sguild libs
+-set SGUILD_LIB_PATH ./lib
++set SGUILD_LIB_PATH /usr/local/lib/sguil-server
+ 
+ # DEBUG 0=off 1=important stuff 2=everything.  Option 2 is VERY chatty.
+ set DEBUG 2
+@@ -63,7 +63,7 @@
+ 
+ # You MUST have tcpflow installed to get xscripts
+ # http://www.circlemud.org/~jelson/software/tcpflow/
+-set TCPFLOW "/usr/bin/tcpflow"
++set TCPFLOW "/usr/local/bin/tcpflow"
+ 
+ # p0f - (C) Michal Zalewski <lcamtuf@gis.net>, William Stearns <wstearns@pobox.com>
+ # If you have p0f (a passive OS fingerprinting system) installed, you can have
+@@ -74,6 +74,6 @@
+ 
+ # Path the the p0f binary. Switches -q and -s <filename> are appended on exec,
+ # add any others you may need here.
+-set P0F_PATH "/usr/sbin/p0f"
++set P0F_PATH "/usr/local/bin/p0f"
+ 
+ # Email config moved to sguild.email 

security/sguil-server/files/pkg-message.in

@@ -2,11 +2,21 @@
          * !!!!!!!!!!! WARNING !!!!!!!!!!! *
          ***********************************
 
+PLEASE NOTE: If you are upgrading from a previous version,
+read the UPGRADE doc (in %%DOCSDIR%%) before proceeding!!!
+Some noteworthy changes in version 0.7.0:
+SSL is now required for server, sensor and client.
+The sguild.conf and sguild.email files have changed.
+You MUST run the upgrade_0.7.tcl script to clean up and
+prepare the database before running the new version.  BE SURE
+TO BACK UP YOUR DATABASE BEFORE PROCEEDING!!!
+
 If you had existing config files in %%PREFIX%%/etc/%%SGUILDIR%%
 they were not overwritten.  If this is a first time install, you
 must copy the sample files to the corresponding conf file and 
 edit the various config files for your site.  See the INSTALL
-doc in %%DOCSDIR%% for details.
+doc in %%DOCSDIR%% for details.  If this is an upgrade, replace
+your existing conf file with the new one and edit accordingly.
 
 The sql scripts for creating database tables were placed in
 the %%PREFIX%%/share/%%SGUILDIR%%/ directory.  PLEASE 
@@ -23,8 +33,12 @@ A startup script, named sguild.sh was installed in
 %%PREFIX%%/etc/rc.d/.  To enable it, edit /etc/rc.conf
 per the instructions in the script.
 
+NOTE:  Sguild now runs under the sguil user account not root!
+
 For general questions, see the sguil faq: 
-http://sguil.sourceforge.net/index.php?page=faq
+http://www.vorant.com/nsmwiki/Sguil_FAQ or visit the nsm wiki:
+http://www.vorant.com/nsmwiki/Main_Page
+
 For detailed install instructions see Richard Bejtlich's
 excellent guide at his blog: 
 http://taosecurity.blogspot.com/2006/03/new-sguil-scripts-and-vm-i-have-not.html

security/sguil-server/files/sguild.sh.in

@@ -21,12 +21,13 @@ rcvar=`set_rcvar`
 
 command="%%PREFIX%%/bin/${name}"
 procname="%%TCLSH%%"
-pidfile="/var/run/${name}.pid"
-check_pidfile="${pidfile} ${procname} /bin/sh"
+check_process="${procname}"
+sguild_user="sguil"
+pid="/var/run/%%SGUILDIR%%/${name}.pid"
 
 sguild_enable=${sguild_enable-NO}
 sguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
-sguild_flags=${sguild_flags--D}
+sguild_flags=${sguild_flags--D -P ${pid}}
 [ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
 
 load_rc_config ${name}

security/sguil-server/pkg-plist

@@ -16,9 +16,11 @@ lib/%%SGUILDIR%%/SguildCreateDB.tcl
 lib/%%SGUILDIR%%/SguildEmailEvent.tcl
 lib/%%SGUILDIR%%/SguildEvent.tcl
 lib/%%SGUILDIR%%/SguildGenericDB.tcl
+lib/%%SGUILDIR%%/SguildGenericEvent.tcl
 lib/%%SGUILDIR%%/SguildHealthChecks.tcl
 lib/%%SGUILDIR%%/SguildLoaderd.tcl
 lib/%%SGUILDIR%%/SguildMysqlMerge.tcl
+lib/%%SGUILDIR%%/SguildPadsLib.tcl
 lib/%%SGUILDIR%%/SguildQueryd.tcl
 lib/%%SGUILDIR%%/SguildReportBuilder.tcl
 lib/%%SGUILDIR%%/SguildSendComms.tcl
@@ -30,12 +32,16 @@ share/%%SGUILDIR%%/create_ruledb.sql
 share/%%SGUILDIR%%/create_sguildb.sql
 share/%%SGUILDIR%%/migrate_event.tcl
 share/%%SGUILDIR%%/migrate_sancp.tcl
+share/%%SGUILDIR%%/sancp_cleanup.tcl
+share/%%SGUILDIR%%/update_0.7.tcl
 share/%%SGUILDIR%%/update_sguildb_v5-v6.sql
 share/%%SGUILDIR%%/update_sguildb_v6-v7.sql
 share/%%SGUILDIR%%/update_sguildb_v7-v8.sql
 share/%%SGUILDIR%%/update_sguildb_v8-v9.sql
 share/%%SGUILDIR%%/update_sguildb_v9-v10.sql
 share/%%SGUILDIR%%/update_sguildb_v10-v11.sql
-@dirrm share/%%SGUILDIR%%
-@unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguild.conf ] ; then rmdir %D/etc/%%SGUILDIR%%; fi
+share/%%SGUILDIR%%/update_sguildb_v11-v12.sql
+@dirrmtry etc/%%SGUILDIR%%/certs
+@unexec if [ ! -f %D/etc/%%SGUILDIR%%/sguild.conf ] && [ ! -d %D/etc/%%SGUILDIR%%/certs ] ; then rmdir %D/etc/%%SGUILDIR%%; fi
 @dirrm lib/%%SGUILDIR%%
+@dirrm share/%%SGUILDIR%%