pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/prelude-manager Update to 0.9.2. Changes:



details:   https://anonhg.NetBSD.org/pkgsrc/rev/bdff17bdc3e2
branches:  trunk
changeset: 507350:bdff17bdc3e2
user:      shannonjr <shannonjr%pkgsrc.org@localhost>
date:      Tue Jan 31 17:54:10 2006 +0000

description:
Update to 0.9.2. Changes:
- prelude-manager has been updated to check the loaded revocation
  list, if available. This was needed since the recent prelude-adduser
  addition allowing to create analyzer revocation list.
- Remove line size limitation on specified IDMEF-criteria.
- Remove all ancillary groups as well as setgid-ing.
- Fix idmef-criteria-filter option conflict.
- Fix a possible crash if no listen address is specified, but a
  reverse relay is used.
- Much better error reporting.
Prelude-Manager is a high availability server that accepts secured
connections from distributed sensors or other managers and saves
received events to a media specified by the user (database, logfile,
mail, etc).

diffstat:

 security/prelude-manager/Makefile                    |   6 +-
 security/prelude-manager/PLIST                       |   3 +-
 security/prelude-manager/distinfo                    |   8 +-
 security/prelude-manager/files/preludemanager.sh     |   7 +-
 security/prelude-manager/files/run-prelude-manager.c |  51 --------------------
 5 files changed, 13 insertions(+), 62 deletions(-)

diffs (165 lines):

diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/Makefile
--- a/security/prelude-manager/Makefile Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/Makefile Tue Jan 31 17:54:10 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
 #
 
-DISTNAME=              prelude-manager-0.9.1
+DISTNAME=              prelude-manager-0.9.2
 CATEGORIES=            security
 MASTER_SITES=          http://www.prelude-ids.org/download/releases/
 
@@ -17,6 +17,7 @@
 USE_GNU_TOOLS+=                make
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
 CONFIGURE_ARGS+=       --localstatedir=${VARBASE:Q}
+CONFIGURE_ARGS+=       --with-libpreludedb-prefix=${BUILDLINK_PREFIX.libpreludedb}
 RCD_SCRIPTS=           preludemanager
 PRELUDE_MANAGER_PID_DIR=       ${VARBASE}/run/prelude-manager
 PRELUDE_USER?=         _prelude
@@ -26,6 +27,7 @@
 PKG_GROUPS=     ${PRELUDE_GROUP}
 FILES_SUBST+=  PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q}
 FILES_SUBST+=   PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+=   PRELUDE_GROUP=${PRELUDE_USER:Q}
 
 SUBST_CLASSES+=         code
 SUBST_STAGE.code=       post-patch
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/PLIST
--- a/security/prelude-manager/PLIST    Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/PLIST    Tue Jan 31 17:54:10 2006 +0000
@@ -1,8 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+@comment $NetBSD: PLIST,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
 bin/prelude-manager
 include/prelude-manager/prelude-manager.h
 lib/prelude-manager/filters/idmef-criteria.la
-lib/prelude-manager/reports/db.la
 lib/prelude-manager/reports/debug.la
 lib/prelude-manager/reports/relaying.la
 lib/prelude-manager/reports/textmod.la
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/distinfo
--- a/security/prelude-manager/distinfo Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/distinfo Tue Jan 31 17:54:10 2006 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
 
-SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde
-RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6
-Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes
+SHA1 (prelude-manager-0.9.2.tar.gz) = ba29d4ded5059a8dc239c3a4c75486b38ae7bd48
+RMD160 (prelude-manager-0.9.2.tar.gz) = 56a95286accd9519b0719aac617f36308d63c4e7
+Size (prelude-manager-0.9.2.tar.gz) = 567365 bytes
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/files/preludemanager.sh
--- a/security/prelude-manager/files/preludemanager.sh  Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/files/preludemanager.sh  Tue Jan 31 17:54:10 2006 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: preludemanager.sh,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
 #
 
 # PROVIDE: preludemanager
@@ -9,16 +9,17 @@
 $_rc_subr_loaded . /etc/rc.subr
 
 name="preludemanager"
+procname="@PREFIX@/bin/prelude-manager"
 rcvar=${name}
 required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf"
 start_precmd="preludemanager_precommand"
-start_cmd="@PREFIX@/sbin/run-prelude-manager -d"
+start_cmd="@PREFIX@/sbin/run-prelude-manager -d --pidfile @PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
 pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
 
 preludemanager_precommand()
 {
        /bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@
-       /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@
+       /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_MANAGER_PID_DIR@
        for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
                if [ -S /tmp/mysql.sock ]; then
                        break
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/files/run-prelude-manager.c
--- a/security/prelude-manager/files/run-prelude-manager.c      Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/files/run-prelude-manager.c      Tue Jan 31 17:54:10 2006 +0000
@@ -1,4 +1,3 @@
-#define PRELUDE_MANAGER_USER "@PRELUDE_USER@"
 #define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager"
 #define MAXMAXFD 256
 
@@ -33,27 +32,6 @@
 }
 
 
-int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
-{
-    /* Obtain UID and GID from passwd entry identified by name */
-    struct passwd *pw_entry;
-    char msg[100];
-
-    if ((pw_entry = getpwnam(name)) == NULL)
-    {
-        snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
-        error_sys(msg);
-        return FALSE;
-    }
-    else
-    {
-        *pw_uid = pw_entry->pw_uid;
-        *pw_gid = pw_entry->pw_gid;
-        return TRUE;
-
-    }
-}
-
 static int
 fdlim_get(int hard)
 {
@@ -99,13 +77,6 @@
         error_sys("arg buffer too small");
         exit(-1);
     }
-    /*
-        if (getpid() != 0)
-        {
-            error_sys("must be called by root");
-            exit(-1);
-        }
-    */
 
     /* fork child that will become prelude-manager */
     if ((pid = fork()) < 0)
@@ -130,28 +101,6 @@
             /* Clear out file creation mask */
             umask(0);
 
-            if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID))
-                exit(-1);
-
-            /* Drop privileges immediately */
-            if (setgid(GID) < 0)
-            {
-                /* It is VERY important to check return
-                   value and not continue if setgid fails
-                */
-                error_sys ("setgid failed");
-                exit (-1);
-            }
-
-            if (setuid(UID) < 0)
-            {
-                /* It is VERY important to check return
-                   value and not continue if setuid fails
-                */
-                error_sys ("setuid failed");
-                exit (-1);
-            }
-
             /* Increase limit on number of open file descriptors if necessary */
             maxfd = fdlim_get(1);
             if (maxfd < 0)



Home | Main Index | Thread Index | Old Index