Commit graph

43 commits

Author SHA1 Message Date
jperkin
b091c2f172 Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
2013-07-12 10:44:52 +00:00
rodent
b65af7be2b Remove "Trailing empty lines." and/or "Trailing white-space." 2013-04-08 11:17:08 +00:00
wiz
bd06e1cb46 Reset MAINTAINER/OWNER (became observers) 2013-02-01 22:21:05 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
drochner
42af5f5213 revbump for libpreluse requirement bump 2012-07-05 16:09:18 +00:00
wiz
ee311e3b36 Recursive bump for pcre-8.30* (shlib major change) 2012-03-03 00:11:51 +00:00
joerg
bf93ca120d Remove patch-aa, it's a nop. Remove MAKE_DIRS for an entry that also has
MAKE_DIRS_PERMS. Add user-destdir support.
2011-11-11 18:58:13 +00:00
shattered
26ce32cfbd PR/29576 -- Use @RCD_SCRIPTS_SHELL@ in rc.d scripts, not /bin/sh 2011-10-07 22:37:02 +00:00
obache
1d9df3258a recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
joerg
3fbb207985 Recursive bump for libltdl 2009-12-15 21:54:17 +00:00
hasso
dc392b9701 Update to 0.9.15. Changes since 0.9.14:
- Make the Prelude-LML UDP server IPv6 compatible.
- Implement 'idmef-alter' and 'idmef-alter-force' option, alloing
  to include static values into IDMEF events generated using a given
  format.
- New PPP/PPTPD/L2TP ruleset, by Alexander Afonyashin <firm <at> iname.com>,
  with slight modification from Pierre Chifflier <p.chifflier <at> inl.fr>.
  Close #340.
- Fix CISCO VPN ruleset so that the 'Authentication rejected' rule will
  trigger even if the 'server' field does not contain a word (fix #328).
- Remove dos-style end-of-lines (Closes #338)
- Fixes possible off by one when parsing variable reference number, and
  remove un-needed check that would always evaluate to TRUE.Thanks
  Steve Grubb <sgrubb <at> redhat.com> for reporting this problem (and
  running flexelint on the Prelude sources)!
- Update for libtool 2.x compatibility.
- This simplify the whole regular expression handling a lot, making the
  code much easier to read, and fixing potential problem with ovector
  assignement. This code should also improve performance by a small
  factor.
- Change CISCO references urls to their new location, add CISCO ASA rule
  to handle discarded tcp or udp packets.
- Various fixes and update.
2009-08-23 19:49:27 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
shannonjr
230ede0514 Update to 0.9.14. Changes:
- Fix log file permission error, that could happen thought the user
Prelude-LML was running as could access the file (#291).
- ModSecurity ruleset update, by Dan Kopecek <dkopecek@redhat.com>:
provides much more descriptive classification.text, add regexps for
[file ..], [line ...], [tag ...] fields and fine tune targets/types
(#321).
- Deprecate Gamin/FAM support in favor of libev: the previous
implementation had problem on SELinux enabled system due to Gamin server
startup being triggered by other program, and thus using improper role
for Prelude-LML.
(#326).
- Improved polling architecture by using Operating System specific
backend when possible.
- We now monitor files that are not immediately available for reading on
startup: once the file can be monitored, libev provide us with a
notification.
2008-10-18 13:29:28 +00:00
shannonjr
921d0aa5e8 Update to 0.9.13. Changes:
ModSecurity ruleset rewrite, by Peter Vrabec <pvrabec@redhat.com> and
Dan Kopecek <dkopecek@redhat.com>. This ruleset handle ModSecurity 2.0
output. (Fix #216).
- New rulesets for FreeBSD su attempts, by Alexander Afonyashin <firm@iname.com>
(Fix #304).
- Add additional format to the default configuration to deal with apache
error_log file format, by Alexander Afonyashin <firm@iname.com> (Fix #307).
- Normalize some classification: introduce Remote Login, and
Credentials Change. Cleanup SSH ruleset, and remove duplicated rules.
2008-08-26 22:23:29 +00:00
joerg
4addc4fd2d Add missing directory. 2008-06-16 15:33:11 +00:00
shannonjr
29d33b2356 Update to 0.9.12.2. Changes:
- [rulesets]: Remove successful/failure keyword from classification
  (use IDMEF completion). Analyzer class sanitization.
- [nagios] Handle Nagios V2 log entry (fix #283).
- [spamassassin] Fix incorrect AdditionalData assignement.
- New Suhosin ruleset, by Sebastien Tricaud <toady@inl.fr>
- Fix invalid logfile inconsistency alert that could be triggered
  in a rare case, after a renaming detection. Alert improvement.
- On logfile inconsistency alert, do not re-analyze the whole file.
- Remove the 1024 bytes per PCRE reference limit.
- Minor bug fixes, build system cleanup.
2008-04-28 10:54:08 +00:00
wiz
8e810a2bc9 Recursive PKGREVISION bump for gnutls-2.2.2 update with shlib major bump. 2008-03-06 14:53:47 +00:00
shannonjr
ba17d64c40 PLIST correction 2007-10-29 21:53:24 +00:00
shannonjr
2cf2fe1967 PLIST fix 2007-09-05 20:43:41 +00:00
shannonjr
d1f737d6a6 Corrected my misunderstanding of CONF_FILES
infrastrure. Fixed several configuration file
installation problems.
2007-09-05 18:58:19 +00:00
shannonjr
999368ef77 Update to 0.9.10.1. Changes:
- Make SSH rules IPv6 compliants, allowing to merge old
  IPv6 only rules with IPv4 rules. Some additional minor
  bug fixes (fix #232).
- Fix incorrect target user assignment, as well as incorrect
  PCRE reference in assessment.impact.description
  (Paul Robert Marino <prmarino1@gmail.com>) (fix #232).
- CISCO router acl lists can now use names instead of numbers. This made
  rule id=500 in cisco-router.rules fail to alert on packet denys on newer
  cisco devices (Paul Robert Marino <prmarino1@gmail.com>).
- Fix Apache formating when Apache logname or user is set
  (Robin Gruyters <r.gruyters@yirdis.nl> and <andre@vandervlies.xs4all.nl>)
  (fix #229).
- Invalid user.user_id(0).name assignement in SSH rule 1913
  (Scott Olihovik <skippylou@gmail.com>) (fix #243).
- Various bug fixes and minor improvements.
2007-09-03 13:46:04 +00:00
shannonjr
ef7b3277bd Update to 0.9.10. Changes:
- Ability to use regular expressions in plugins.rules to define
  monitored sources, this can be very useful when combined to file
globing.
- [SPEEDUP] When the "*" keyword is used, the data is passed to the
upper layer without trying to match anything.
- Fix NULL pointer dereference when a rule reference an existing,
  but empty context (fix #226).
- Remove deprecated use of prelude_client_print_setup_error(),
  directly handled via prelude_perror().
- Make the log parser more robust.
2007-08-04 09:29:29 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
wiz
9d27f90a6f opencdk shlib major changed; bump ABI depends and PKGREVISIONs of
affected packages.
2007-06-05 05:36:59 +00:00
shannonjr
ea1a45c9fb Update to 0.9.9. Changes:
- Pattern can now be used to specify file to be monitored.
- Fix an issue in the detection of buggy writev() FAM notification.
- Add bonding.rules, by Paul Robert Marino <prmarino1@gmail.com>.
- ModSecurity ruleset update: remove unnecessary fields + ModSecurity 2.0 compatibility.
- New Cisco IOS common ruleset, by Alexandre Racine.
- Avoid duplicating information in node name and node address.
- Add rule ID and revision to the generated alert for each matched rule. Fix #206.
- Handle "last" keyword even if the rule does not contain any IDMEF assignment. Fix #218.
- Various bug fixes.
2007-05-12 10:00:35 +00:00
shannonjr
47d57982de Update to 0.9.8.1. Changes:
- Various portability fixes.
- Introduce Cisco ASA IPS module support.
- Introduce yum support.
- Introduce Cacti thold plugin support.
- Introduce Microsoft Cluster Service support.
- Honeyd rules update and improvement.
- Updated NAVCE rules; modified ClamAV rules for consistency.
- Improve NTSyslog ruleset.
- Added rule to ignore LML's "could not match prefix" log entries.
- Fix format problem with Apache logs from western hemisphere (- versus
+ TZ).
- Fix Squid process exited rule (#185).
2007-02-23 15:22:10 +00:00
wiz
e773592447 Add master site entry for times when pkgsrc doesn't have the completely
latest version.
2006-08-23 18:51:56 +00:00
shannonjr
29143945f0 Update to prelude-lml 0.9.6. Changes:
- Fix a bug where some rules marked silent would trigger an alert.
- Load Sonicwall and Spamassassin ruleset by default.
- Fix rule syntax problem in Sonicwall ruleset.
- Fix rule indexing problem in Squid ruleset.
- Postfix rule consistency fix.
2006-07-11 09:41:33 +00:00
shannonjr
efc3c73093 Modify run-prelude-lml to properly start prelude-lml as daemon. This works
around a problem where prelude-lml is not connecting to prelude-manager
when passed the -d command line argument.
2006-05-26 11:25:22 +00:00
shannonjr
be0bac4ab2 Added 2 missing files to PLIST 2006-05-22 14:01:54 +00:00
shannonjr
cf24f70966 1) Update to 0.9.5
2) Changed permissions on plugins.rules and prelude-lml.conf so that
   prelude-lml can run unpriviledged
3) Changed confdir in configure so that plugins.rules and prelude-lml.conf
   are found.
Changes in 0.9.5:
- Experimental context support (ala SEC): we now handle
  multiline log matching.
- Update PAX rules so that it use the new context feature.
- Don't exit on statistics signal, improve statistics precision,
  make them easier to read.
- Fix some problem with user & group options.
- text-output argument is optional.
- New experimental ruleset: Sonicwall and Spamassassin. These
  need to be manually hooked to pcre.rules if you plan to use
  them.
- Fix FAM activation switches.
2006-05-22 11:49:51 +00:00
rillig
5f4ac92224 Fixed pkglint warnings. 2006-05-21 15:50:18 +00:00
joerg
50199d428a It is spelled CONF_FILES_PERMS, USE_GNU_TOOLS is dead and remove some
bogus :Q.
2006-05-21 15:05:57 +00:00
joerg
6d6764118b Forgotten patchsums for last changes. Noticed by rillig. 2006-05-21 14:58:33 +00:00
joerg
09571989ba Forgotten patches. 2006-05-20 19:12:59 +00:00
joerg
b8a2284a7c Use config file framework. 2006-05-20 19:12:32 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
shannonjr
c6afb079db Update to 0.9.4
Changes:

- Remove trailing space from regex we get from plugins.rules (this fix
  a match problem on log entry that didn't contain any space).

- Add --user / --group option to drop privilege. However, make sure it is
  not allowed to open file that the target user can not read, because it
  would lead to failure when trying to re-open the logfile after a rotation.

- Signal handling improvement.

- Fix priority for --quiet option.

- Use newer libprelude IDMEF_LIST_APPEND/IDMEF_LIST_PREPEND addition.

- Add unhandled arguments warning.
2006-03-10 22:49:37 +00:00
wiz
35af66a196 Belatedly bump PKGREVISION for all libtasn1 dependencies, since
libtasn1 had a shlib major bump.
Also update dependencies in bl3.mk files.

Addresses PR 32998 by Robert Elz.
2006-03-06 00:18:10 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
shannonjr
a1e02088fa Corrected problem in rc.subr script preventing PID referencing commands
from working.
2006-01-31 18:25:43 +00:00
shannonjr
68ec7443f1 Update to 0.9.2. Changes:
- Get rid of the 1024 characters per line limitation (defined as per
  the syslog RFC), since LML is not limited to parsing input from syslog
  anymore.
- Handle events in Clamav logging format as well as syslog.
- Abstracted Squid chain regex to allow parsing of data directly
  from Squid log files.
- Introduced support for openhostapd.
- Began expanding rulesets with additional_data and vendor-specific
  classification data.
- Various ruleset updates and bug fixes.

Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso,
Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry,
Postfix, Proftpd, ssh, etc.
2006-01-31 10:46:31 +00:00
shannonjr
ea1490c7aa Prelude is a hybrid IDS consisting of multiple
sensors, managers, and a display console.
Prelude-lml is the log file analyzer. It scans
system log files and generates IDMEF alerts to
the prelude-manager based on signature rulesets.

This is one of sever new Prelude packages.
2006-01-29 15:56:42 +00:00