pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/prelude-manager Prelude is a hybrid IDS consi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9e2402426295
branches:  trunk
changeset: 507225:9e2402426295
user:      shannonjr <shannonjr%pkgsrc.org@localhost>
date:      Sun Jan 29 15:57:49 2006 +0000

description:
Prelude is a hybrid IDS consisting of multiple
sensors, managers, and a display console. This
is the manager. The Manager (there can be several
in an IDS network) accepts secured connections
from sensors and saves the alerts that Sensors
emit. This package installs the manager so that
mySql is used for alert storage.

This is one of several new Prelude packages.

diffstat:

 security/prelude-manager/DESCR                       |    7 +
 security/prelude-manager/Makefile                    |   49 ++++
 security/prelude-manager/PLIST                       |   14 +
 security/prelude-manager/distinfo                    |    5 +
 security/prelude-manager/files/preludemanager.sh     |   33 +++
 security/prelude-manager/files/run-prelude-manager.c |  191 +++++++++++++++++++
 6 files changed, 299 insertions(+), 0 deletions(-)

diffs (truncated from 323 to 300 lines):

diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/DESCR    Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,7 @@
+Prelude is a hybrid IDS consisting of multiple
+sensors, managers, and a display console. This
+is the manager. The Manager (there can be several
+in an IDS network) accepts secured connections
+from sensors and saves the alerts that Sensors
+emit. This package installs the manager so that
+mySql is used for alert storage.
diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/Makefile Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,49 @@
+# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+#
+
+DISTNAME=              prelude-manager-0.9.1
+CATEGORIES=            security
+MASTER_SITES=          http://www.prelude-ids.org/download/releases/
+
+MAINTAINER=            shannonjr%NetBSD.org@localhost
+HOMEPAGE=              http://www.prelude-ids.org/download/releases/
+COMMENT=               Prelude IDS manager
+
+.include "../../mk/bsd.prefs.mk"
+
+USE_PKGLOCALEDIR=      yes
+USE_LIBTOOL=           yes
+GNU_CONFIGURE=         yes
+USE_GNU_TOOLS+=                make
+CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=       --localstatedir=${VARBASE:Q}
+RCD_SCRIPTS=           preludemanager
+PRELUDE_MANAGER_PID_DIR=       ${VARBASE}/run/prelude-manager
+PRELUDE_USER?=         _prelude
+PRELUDE_GROUP?=                _prelude
+PRELUDE_HOME?=         /var/spool/prelude-manager
+PKG_USERS=      ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS\ manager:${PRELUDE_HOME}:${NOLOGIN}
+PKG_GROUPS=     ${PRELUDE_GROUP}
+FILES_SUBST+=  PRELUDE_MANAGER_PID_DIR=${PRELUDE_MANAGER_PID_DIR:Q}
+FILES_SUBST+=   PRELUDE_USER=${PRELUDE_USER:Q}
+
+SUBST_CLASSES+=         code
+SUBST_STAGE.code=       post-patch
+SUBST_FILES.code=       run-prelude-manager.c
+SUBST_SED.code=         -e 's,@PREFIX@,${PREFIX},g'
+SUBST_SED.code+=        -e 's,@PRELUDE_USER@,${PRELUDE_USER},g'
+
+pre-patch:
+       ${CP} ${FILESDIR}/run-prelude-manager.c ${WRKSRC}
+
+post-build:
+       cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${CC} ${CFLAGS} -o run-prelude-manager run-prelude-manager.c
+
+post-install:
+       ${INSTALL_PROGRAM} ${WRKSRC}/run-prelude-manager ${PREFIX}/sbin/run-prelude-manager
+       ${CHMOD} 755 ${PKG_SYSCONFDIR}/prelude-manager
+       ${CHOWN} -R ${PRELUDE_USER}:${PRELUDE_GROUP} ${PRELUDE_HOME}
+
+.include "../../security/libprelude/buildlink3.mk"
+.include "../../security/libpreludedb/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/PLIST    Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,14 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+bin/prelude-manager
+include/prelude-manager/prelude-manager.h
+lib/prelude-manager/filters/idmef-criteria.la
+lib/prelude-manager/reports/db.la
+lib/prelude-manager/reports/debug.la
+lib/prelude-manager/reports/relaying.la
+lib/prelude-manager/reports/textmod.la
+sbin/run-prelude-manager
+share/examples/rc.d/preludemanager
+@dirrm lib/prelude-manager/reports
+@dirrm lib/prelude-manager/filters
+@dirrm lib/prelude-manager
+@dirrm include/prelude-manager
diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/distinfo Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+
+SHA1 (prelude-manager-0.9.1.tar.gz) = 8610cfb34355ed842e595d5ee7cd1af018ecefde
+RMD160 (prelude-manager-0.9.1.tar.gz) = 092770e7e3b2e2e69e38ae67bacf90b547e0bee6
+Size (prelude-manager-0.9.1.tar.gz) = 550672 bytes
diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/files/preludemanager.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/files/preludemanager.sh  Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $NetBSD: preludemanager.sh,v 1.1.1.1 2006/01/29 15:57:49 shannonjr Exp $
+#
+
+# PROVIDE: preludemanager
+# REQUIRE: mysqld LOGIN
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="preludemanager"
+rcvar=${name}
+required_files="@PKG_SYSCONFDIR@/prelude-manager/prelude-manager.conf"
+start_precmd="preludemanager_precommand"
+start_cmd="@PREFIX@/sbin/run-prelude-manager -d"
+pidfile="@PRELUDE_MANAGER_PID_DIR@/prelude-manager.pid"
+
+preludemanager_precommand()
+{
+       /bin/mkdir -p @PRELUDE_MANAGER_PID_DIR@
+       /usr/sbin/chown _prelude:_prelude @PRELUDE_MANAGER_PID_DIR@
+       for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do
+               if [ -S /tmp/mysql.sock ]; then
+                       break
+               else
+                       sleep 1
+                       echo -n '.'
+               fi
+       done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r 7d58c6b7fd15 -r 9e2402426295 security/prelude-manager/files/run-prelude-manager.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/prelude-manager/files/run-prelude-manager.c      Sun Jan 29 15:57:49 2006 +0000
@@ -0,0 +1,191 @@
+#define PRELUDE_MANAGER_USER "@PRELUDE_USER@"
+#define PRELUDE_MANAGER_PATH "@PREFIX@/bin/prelude-manager"
+#define MAXMAXFD 256
+
+#include <unistd.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <sys/resource.h>
+
+#define MAX_ARGS 40
+#ifndef         TRUE
+#define         TRUE                            1
+#endif                          /* TRUE */
+
+#ifndef         FALSE
+#define         FALSE                           0
+#endif                          /* FALSE */
+
+
+void error_sys(char *str)
+
+{
+    /* Output error message to syslog */
+    char msg[1024];
+    snprintf(msg, sizeof(msg), "run-prelude-manager : %s : %s", str, strerror(errno));
+    syslog(LOG_ALERT, msg);
+
+}
+
+
+int obtainUIDandGID(const char *name, uid_t *pw_uid, gid_t *pw_gid)
+{
+    /* Obtain UID and GID from passwd entry identified by name */
+    struct passwd *pw_entry;
+    char msg[100];
+
+    if ((pw_entry = getpwnam(name)) == NULL)
+    {
+        snprintf(msg, sizeof(msg), "failed to get password entry for %s", name);
+        error_sys(msg);
+        return FALSE;
+    }
+    else
+    {
+        *pw_uid = pw_entry->pw_uid;
+        *pw_gid = pw_entry->pw_gid;
+        return TRUE;
+
+    }
+}
+
+static int
+fdlim_get(int hard)
+{
+    struct rlimit rlfd;
+
+    if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+        return (-1);
+    if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
+        return sysconf(_SC_OPEN_MAX);
+    else
+        return hard ? rlfd.rlim_max : rlfd.rlim_cur;
+}
+
+static int
+fdlim_set(int lim)
+{
+    struct rlimit rlfd;
+
+    if (lim <= 0)
+        return (-1);
+    if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+        return (-1);
+    rlfd.rlim_cur = lim;
+    if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+        return (-1);
+    return (0);
+}
+
+int main (int argc, char **argv )
+
+{
+
+    pid_t pid;
+    uid_t UID;
+    gid_t GID;
+    pid_t pidwait;
+    int waitstat;
+    int maxfd;
+
+    /* Sanity check */
+    if (argc > MAX_ARGS)
+    {
+        error_sys("arg buffer too small");
+        exit(-1);
+    }
+    /*
+        if (getpid() != 0)
+        {
+            error_sys("must be called by root");
+            exit(-1);
+        }
+    */
+
+    /* fork child that will become prelude-manager */
+    if ((pid = fork()) < 0)
+
+        error_sys("fork error");
+
+    else
+
+    {
+
+        if (pid == 0)
+
+        {
+
+            /* We're the child */
+            char *args[MAX_ARGS];
+            unsigned int i;
+
+            /* Become session leader */
+            setsid();
+
+            /* Clear out file creation mask */
+            umask(0);
+
+            if (!obtainUIDandGID(PRELUDE_MANAGER_USER, &UID, &GID))
+                exit(-1);
+
+            /* Drop privileges immediately */
+            if (setgid(GID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setgid fails
+                */
+                error_sys ("setgid failed");
+                exit (-1);
+            }
+
+            if (setuid(UID) < 0)
+            {
+                /* It is VERY important to check return
+                   value and not continue if setuid fails
+                */
+                error_sys ("setuid failed");
+                exit (-1);
+            }
+
+            /* Increase limit on number of open file descriptors if necessary */
+            maxfd = fdlim_get(1);
+            if (maxfd < 0)
+                error_sys("fdlim_get: bad value");
+            if (maxfd > MAXMAXFD)
+                maxfd = MAXMAXFD;
+            if (maxfd > fdlim_get(0))
+                fdlim_set(maxfd);
+
+
+            /* Build calling argv */
+            args[0] = PRELUDE_MANAGER_PATH;
+            for (i=1;i<argc;i++)
+            {



Home | Main Index | Thread Index | Old Index