pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/prelude-manager Update to 0.9.2. Changes:
details: https://anonhg.NetBSD.org/pkgsrc/rev/bdff17bdc3e2
branches: trunk
changeset: 507350:bdff17bdc3e2
user: shannonjr <shannonjr%pkgsrc.org@localhost>
date: Tue Jan 31 17:54:10 2006 +0000
description:
Update to 0.9.2. Changes:
- prelude-manager has been updated to check the loaded revocation
list, if available. This was needed since the recent prelude-adduser
addition allowing to create analyzer revocation list.
- Remove line size limitation on specified IDMEF-criteria.
- Remove all ancillary groups as well as setgid-ing.
- Fix idmef-criteria-filter option conflict.
- Fix a possible crash if no listen address is specified, but a
reverse relay is used.
- Much better error reporting.
Prelude-Manager is a high availability server that accepts secured
connections from distributed sensors or other managers and saves
received events to a media specified by the user (database, logfile,
mail, etc).
diffstat:
security/prelude-manager/Makefile | 6 +-
security/prelude-manager/PLIST | 3 +-
security/prelude-manager/distinfo | 8 +-
security/prelude-manager/files/preludemanager.sh | 7 +-
security/prelude-manager/files/run-prelude-manager.c | 51 --------------------
5 files changed, 13 insertions(+), 62 deletions(-)
diffs (165 lines):
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/Makefile
--- a/security/prelude-manager/Makefile Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/Makefile Tue Jan 31 17:54:10 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
#
-DISTNAME= prelude-manager-0.9.1
+DISTNAME= prelude-manager-0.9.2
CATEGORIES= security
MASTER_SITES= http://www.prelude-ids.org/download/releases/
@@ -17,6 +17,7 @@
USE_GNU_TOOLS+= make
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q}
+CONFIGURE_ARGS+= --with-libpreludedb-prefix=${BUILDLINK_PREFIX.libpreludedb}
RCD_SCRIPTS= preludemanager
PRELUDE_MANAGER_PID_DIR= ${VARBASE}/run/prelude-manager
PRELUDE_USER?= _prelude
@@ -26,6 +27,7 @@
PKG_GROUPS= ${PRELUDE_GROUP}
FILES_SUBST+= PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q}
FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_USER:Q}
SUBST_CLASSES+= code
SUBST_STAGE.code= post-patch
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/PLIST
--- a/security/prelude-manager/PLIST Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/PLIST Tue Jan 31 17:54:10 2006 +0000
@@ -1,8 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+@comment $NetBSD: PLIST,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
bin/prelude-manager
include/prelude-manager/prelude-manager.h
lib/prelude-manager/filters/idmef-criteria.la
-lib/prelude-manager/reports/db.la
lib/prelude-manager/reports/debug.la
lib/prelude-manager/reports/relaying.la
lib/prelude-manager/reports/textmod.la
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/distinfo
--- a/security/prelude-manager/distinfo Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/distinfo Tue Jan 31 17:54:10 2006 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+$NetBSD: distinfo,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
-SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde
-RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6
-Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes
+SHA1 (prelude-manager-0.9.2.tar.gz) = ba29d4ded5059a8dc239c3a4c75486b38ae7bd48
+RMD160 (prelude-manager-0.9.2.tar.gz) = 56a95286accd9519b0719aac617f36308d63c4e7
+Size (prelude-manager-0.9.2.tar.gz) = 567365 bytes
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/files/preludemanager.sh
--- a/security/prelude-manager/files/preludemanager.sh Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/files/preludemanager.sh Tue Jan 31 17:54:10 2006 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+# $NetBSD: preludemanager.sh,v 1.2 2006/01/31 17:54:10 shannonjr Exp $
#
# PROVIDE: preludemanager
@@ -9,16 +9,17 @@
$_rc_subr_loaded . /etc/rc.subr
name="preludemanager"
+procname="@PREFIX@/bin/prelude-manager"
rcvar=${name}
required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf"
start_precmd="preludemanager_precommand"
-start_cmd="@PREFIX@/sbin/run-prelude-manager -d"
+start_cmd="@PREFIX@/sbin/run-prelude-manager -d --pidfile @PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
preludemanager_precommand()
{
/bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@
- /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@
+ /usr/sbin/chown @PRELUDE_USER@:@PRELUDE_GROUP@ @PRELUDE_MANAGER_PID_DIR@
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
if [ -S /tmp/mysql.sock ]; then
break
diff -r 759d08673a7d -r bdff17bdc3e2 security/prelude-manager/files/run-prelude-manager.c
--- a/security/prelude-manager/files/run-prelude-manager.c Tue Jan 31 17:51:36 2006 +0000
+++ b/security/prelude-manager/files/run-prelude-manager.c Tue Jan 31 17:54:10 2006 +0000
@@ -1,4 +1,3 @@
-#define PRELUDE_MANAGER_USER "@PRELUDE_USER@"
#define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager"
#define MAXMAXFD 256
@@ -33,27 +32,6 @@
}
-int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
-{
- /* Obtain UID and GID from passwd entry identified by name */
- struct passwd *pw_entry;
- char msg[100];
-
- if ((pw_entry = getpwnam(name)) == NULL)
- {
- snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
- error_sys(msg);
- return FALSE;
- }
- else
- {
- *pw_uid = pw_entry->pw_uid;
- *pw_gid = pw_entry->pw_gid;
- return TRUE;
-
- }
-}
-
static int
fdlim_get(int hard)
{
@@ -99,13 +77,6 @@
error_sys("arg buffer too small");
exit(-1);
}
- /*
- if (getpid() != 0)
- {
- error_sys("must be called by root");
- exit(-1);
- }
- */
/* fork child that will become prelude-manager */
if ((pid = fork()) < 0)
@@ -130,28 +101,6 @@
/* Clear out file creation mask */
umask(0);
- if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID))
- exit(-1);
-
- /* Drop privileges immediately */
- if (setgid(GID) < 0)
- {
- /* It is VERY important to check return
- value and not continue if setgid fails
- */
- error_sys ("setgid failed");
- exit (-1);
- }
-
- if (setuid(UID) < 0)
- {
- /* It is VERY important to check return
- value and not continue if setuid fails
- */
- error_sys ("setuid failed");
- exit (-1);
- }
-
/* Increase limit on number of open file descriptors if necessary */
maxfd = fdlim_get(1);
if (maxfd < 0)
Home |
Main Index |
Thread Index |
Old Index