Ticket #42533: Portfile

# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$

PortSystem          1.0

PortGroup           github 1.0 

github.setup        ossec ossec-hids 2.8.1
categories          security
platforms           darwin
maintainers         yahoo.fr:jul_bsd openmaintainer
license             GPL
description         host-based intrusion detection system
long_description    OSSEC is an Open Source Host-based Intrusion \
                    Detection System that performs log analysis, \
                    file integrity checking, policy monitoring, \
                    rootkit detection, real-time alerting and \
                    active response.
homepage            http://www.ossec.net/

worksrcdir          ${distname}/src
conflicts           ${name}29

checksums           rmd160  55a552339f1fc28178c76e7e5b6d18b27cbb76ba \
                    sha256  ebc8a7bfc612ce8916e4f0d7730a3e7c29cbf15016539ff4b5f699522705b8cd

## extra ?
## https://raw.github.com/xme/alerts2afterglow/master/alerts2afterglow.pl

depends_build-append port:openssl

use_configure       no

## https://groups.google.com/forum/#!topic/ossec-list/ZcF2SQAuNOE
## http://dcid.me/texts/my-ossec-setup-manual.html

### trying to build w homemade script install.sh: NOK
##      need root from start
##      merge all phase in one
## http://ossec-docs.readthedocs.org/en/latest/manual/installation/install-source-unattended.html
#build.asroot        yes
#build.env-append    INSTALLDIR=${destroot}${prefix} USER_INSTALL_TYPE=local \
#                    USER_ENABLE_ROOTCHECK=yes USER_language=en TERM=vt220 \
#             USER_EMAIL_ADDRESS=root@localhost \
#                    USER_NO_STOP="y"
## OR
#        reinplace "s|^#USER_NO_STOP=\"y\"|USER_NO_STOP=\"y\"|;s|^#USER_INSTALL_TYPE=\"agent\"|USER_INSTALL_TYPE=\"agent\"|;s|^#USER_DIR=\"/var/ossec\"|USER_DIR=\"${prefix}/var/ossec\"|;s|^#USER_ENABLE_ACTIVE_RESPONSE=\"y\"|USER_ENABLE_ACTIVE_RESPONSE=\"y\"|;s|^#USER_ENABLE_SYSCHECK=\"y\"|USER_ENABLE_SYSCHECK=\"y\"|;s|^#USER_ENABLE_ROOTCHECK=\"y\"|USER_ENABLE_ROOTCHECK=\"y\"|;" ${worksrcdir}/etc/preloaded-vars.conf
#build.cmd           ./install.sh
#build.target
build.args          CC=${configure.cc}

## Normally, only server install need those 3 users, Agent only need ossec but if doing that,
## need to split post-destroot by subport
add_users ossec group=ossec home=${prefix}/var/ossec shell=/sbin/nologin realname=ossec\ user
## FIXME! it seems add_users is not handling multiple user, just doing the last call
#add_users ossecm group=ossec home=${prefix}/var/ossec shell=/sbin/nologin realname=ossecm\ user
#add_users ossecr group=ossec home=${prefix}/var/ossec shell=/sbin/nologin realname=ossecr\ user
post-configure {
    if {![variant_isset agent]} {
        adduser ossecm gid=[existsgroup ossec] home=${prefix}/var/ossec shell=/sbin/nologin
        adduser ossecr gid=[existsgroup ossec] home=${prefix}/var/ossec shell=/sbin/nologin
    }
}


### trying to do without install.sh: OK
patchfiles          patch-ossec-src-Config.os.diff
patch.pre_args      -p1
post-patch {
    reinplace "s|/opt/local|${prefix}|g" ${worksrcpath}/Config.OS
    reinplace "s|/var/ossec|${prefix}/var/ossec|g" ${worksrcpath}/LOCATION
    reinplace "s|CC=gcc|CC=${configure.cc}|g" ${worksrcpath}/LOCATION
    reinplace "s|CC=cc|CC=${configure.cc}|g" ${worksrcpath}/external/lua-5.2.3/src/Makefile
    reinplace "s|OSSEC_INIT=\"/etc/ossec-init.conf\"|OSSEC_INIT=\"${prefix}/etc/ossec-init.conf\"|g" \
        ${worksrcpath}/init/shared.sh
    reinplace "s| \${CPATH} | -I\${CPATH} |g" ${worksrcpath}/Config.Make
    if {[variant_isset agent]} {
        #reinplace "s|CEXTRA=\(.*\) -DLOCAL|CEXTRA=\1 -DCLIENT|g" ${worksrcpath}/Config.OS
        reinplace "s|-DLOCAL|-DCLIENT|g" ${worksrcpath}/Config.OS
    } elseif {[variant_isset debug]} {
        reinplace "s|CEXTRA=\(.*\)$|CEXTRA=\1 -DDEBUGAD|g" ${worksrcpath}/Config.OS
    } elseif {![variant_isset local]} {
        ## FIXME! (both) Error: org.macports.patch for port ossec returned: invalid command name " "
        reinplace "s|CEXTRA=\(.*\) -DLOCAL|CEXTRA=\1|g" ${worksrcpath}/Config.OS
        #reinplace "s|-DLOCAL||g" ${worksrcpath}/Config.OS
    }
    if {[variant_isset universal]} {
        ## FIXME! Error: org.macports.patch for port ossec returned: invalid command name " "
        #reinplace "s|EEXTRA=-DDarwin -DHIGHFIRST|EEXTRA=-DDarwin -DHIGHFIRST [get_canonical_archflags cc]|g" ${worksrcpath}/Config.OS
        reinplace "s|-DOSSECHIDS|-DOSSECHIDS [get_canonical_archflags cc]|g" ${worksrcpath}/Config.Make
    }
}
build.env-append           CPATH=""

## Note: destroot will always failed if not as root, ok w root+privilege descalation
##    also patch phase, strangely, fails as common user but works w sudo...
destroot.asroot     yes
install.asroot     yes

pre-destroot {
    reinplace "s|${prefix}|${destroot}${prefix}|g" \
        ${worksrcpath}/LOCATION
}

post-destroot {
    xinstall -d ${destroot}${prefix}/share/examples/${name}
    reinplace "s|>/var/ossec|>${prefix}/var/ossec|g" \
        ${destroot}${prefix}/var/ossec/etc/ossec.conf
    move ${destroot}${prefix}/var/ossec/etc/ossec.conf ${destroot}${prefix}/share/examples/${name}
    copy ${filespath}/ossec-client.conf ${destroot}${prefix}/share/examples/${name}/

    copy ${filespath}/ossec.conf ${destroot}${prefix}/share/examples/${name}/ossec-mac.conf
    copy ${filespath}/decoder_local_mac.xml ${destroot}${prefix}/share/examples/${name}/
    copy ${filespath}/local_rules_mac.xml ${destroot}${prefix}/share/examples/${name}/
    reinplace "s|/opt/local/|${prefix}/|g" \
        ${destroot}${prefix}/share/examples/${name}/ossec-mac.conf \
        ${destroot}${prefix}/share/examples/${name}/decoder_local_mac.xml \
        ${destroot}${prefix}/share/examples/${name}/local_rules_mac.xml

    xinstall -d -o ossec -m 755 ${destroot}${prefix}/var/ossec/var
    xinstall -d -o ossec -m 755 ${destroot}${prefix}/var/ossec/queue
    xinstall -d -o ossec -m 755 ${destroot}${prefix}/var/ossec/logs
    if {[variant_isset agent]} {
        delete ${destroot}${prefix}/var/ossec/logs/ossec.log
    }
    foreach d { /var/start-script-lock /queue/fts /queue/ossec \
        /queue/agentless /queue/alerts /queue/diff /queue/rootcheck \
        /queue/syscheck /stats /logs/archives /logs/alerts \
        /logs/firewall } {
        xinstall -d -o ossec -g ossec -m 755 ${destroot}${prefix}/var/ossec${d}
        destroot.keepdirs-append ${destroot}${prefix}/var/ossec${d}
    }
    foreach d { /queue/agent-info /queue/rids } {
        if {![variant_isset agent]} {
            xinstall -d -o ossecr -g ossec -m 755 ${destroot}${prefix}/var/ossec${d}
        } else {
            xinstall -d -o ossec -g ossec -m 755 ${destroot}${prefix}/var/ossec${d}
        }
        destroot.keepdirs-append ${destroot}${prefix}/var/ossec${d}
    }
    if {![variant_isset agent]} {
        xinstall -d -o ossec -g ossec -m 755 ${destroot}${prefix}/var/ossec/var/start-script-lock
        destroot.keepdirs-append \
            ${destroot}${prefix}/var/ossec/var/start-script-lock
    }
    ## this directory need to be write-able for ossec & ossecm users
    xinstall -d -o ossec -g ossec -m 775 ${destroot}${prefix}/var/ossec/var/run
    destroot.keepdirs-append ${destroot}${prefix}/var/ossec/var/run \
        ${destroot}${prefix}/var/ossec/logs
    ## solving chrooting serpent biting itself ...
    xinstall -d ${destroot}${prefix}/var/ossec/${prefix}/var/
    ln -s / ${destroot}${prefix}/var/ossec/${prefix}/var/ossec

}

post-activate {
    if { ![file exists ${prefix}/var/ossec/etc/ossec.conf ] && ![variant_isset agent]} {
        copy ${prefix}/share/examples/ossec/ossec-mac.conf ${prefix}/var/ossec/etc/ossec.conf
    } elseif { ![file exists ${prefix}/var/ossec/etc/ossec.conf ] && [variant_isset agent]} {
        copy ${prefix}/share/examples/ossec/ossec-client.conf ${prefix}/var/ossec/etc/ossec.conf
    }
    if ![file exists ${prefix}/var/ossec/etc/decoder_local_mac.xml ] {
        copy ${prefix}/share/examples/ossec/decoder_local_mac.xml ${prefix}/var/ossec/etc/
    }
    if ![file exists ${prefix}/var/ossec/rules/local_rules_mac.xml ] {
        copy ${prefix}/share/examples/ossec/local_rules_mac.xml ${prefix}/var/ossec/rules/
    }
    if {[variant_isset agent]} {
        touch ${prefix}/var/ossec/logs/ossec.log
        ## FIXME! on activate: "Error: org.macports.activate for port ossec returned: Unknown user given"
        #chown ossec:ossec ${prefix}/var/ossec/logs/ossec.log
        ## no chmod command
        #chmod 664 ${prefix}/var/ossec/logs/ossec.log
    }
}

## FIXME! universal
##    fatal error: lipo: can't figure out the architecture type of: /Volumes/Data/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work/.tmp/ccIo0aMB.out (sometimes?)
variant universal {}
#configure.cflags-append    "${configure.cflags} [get_canonical_archflags cc]"
## This replace existing CFLAGS so no good = go for post-patch
#build.args          CFLAGS+="${configure.cflags} [get_canonical_archflags cc]"

## FIXME! error: /opt/local/bin/ranlib: file: cdb_make.a is not an archive (sometimes...)

notes "

    You have to customize yourself '${prefix}/var/ossec/etc/ossec.conf' to adjust configuration to your setup (local, server, agent; email, agent server ip) before launching ossec. Default one is local. If there is an existing config, it is preserved.
    All ossec commands need to be launched as root.
    Launchd script are included. You can start ossec either with 'port load ${name}' or launchctl.
    No manpage are include, see online: http://www.ossec.net/doc/

You may need to enable permanently postfix so ossec-maild can send email:
  Edit /System/Library/LaunchDaemons/org.postfix.master.plist
  Remove the two strings lines with '-e' '60'.
  Add a '<key>KeepAlive</key><true/>'

If you need to debug ossec, adjust configuration in
    ${prefix}/var/ossec/etc/internal_options.conf
AND
    # ${prefix}/var/ossec/bin/ossec-control enable debug
AND
    restart ossec

Note: Apple syslog files can be multi-line which is not handled out of the box by OSSEC:
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.localfile.html#id1
http://johnlee48.wordpress.com/2012/08/23/ossec-setup-for-custom-logs-with-multi-line-entries-ala-tomoyo-linux-logs/
"


## Note: this is just a script to control the multiple daemons of ossec which exit after
##    => launchd "Throttling respawn: Will start in 10 seconds"
##    any way to say it's normal or need to create a startup item per daemon?
startupitem.create      yes
startupitem.logfile     ${prefix}/var/ossec/logs/ossec-launchd.log
#startupitem.netchange   yes
#startupitem.executable  ${prefix}/bin/ossec-control
startupitem.start       "${prefix}/var/ossec/bin/ossec-control start"
startupitem.stop        "${prefix}/var/ossec/bin/ossec-control stop"
startupitem.restart     "${prefix}/var/ossec/bin/ossec-control restart"

default_variants    +geoip

## FIXME! can't manage to review defaults_variant so removing +local but if giving no variant what to do
if {![variant_isset server] && ![variant_isset agent] && ![variant_isset hybrid]} {
    default_variants +local
}

## Note: calling one of the 3 next variant superseded +local
variant server description { install ossec server } conflicts hybrid local {
    destroot.cmd   ./InstallServer.sh
    default_variants-delete    +local
}

variant hybrid description { install ossec in hybrid mode } {

    ## FIXME! hybrid is a local install w few others things to do/from install.pl
    ##     use ossec-local.sh instead of ossec-server.sh as ossec-control
    destroot.cmd   ./InstallServer.sh
    destroot.args  local
    default_variants-delete    +local
}

variant local description { install ossec in stand-alone mode } conflicts server hybrid agent {
    ## include in patchfiles
    #configure.env-append CEXTRA="$CEXTRA -DLOCAL"

    destroot.cmd   ./InstallServer.sh
    destroot.args  local
}

variant picviz description { picviz support } {
    ## seems just a config option ?
    depends_run    port:libpicviz
}

variant geoip description { geoip support } {
    depends_build-append       port:libgeoip
    notes-append "


===>     To finish installation of geoip, you need to download following files,
    gunzip them and copy them to ${prefix}/var/ossec/etc:
        http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
        http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
"
}

variant debug description { enable debug support } {
    ## in post-patch
    #configure.env-append CEXTRA="$CEXTRA -DDEBUGAD"
}

## Note: destroot will fail as common user, ok as root

if {${subport} eq ${name}} {
    
    livecheck.type      regex
    livecheck.url       ${homepage}?page_id=19
    livecheck.regex     "Server\/Agent (\\d+(?:\\.\\d+)*) – Linux\/BSD"

}

variant agent description { install ossec in agent mode } conflicts server hybrid local {
    ## from patchfiles + post-patch
    #configure.env-append CEXTRA="$CEXTRA -DCLIENT"

    ## FIXME! This is not executed!!! if subport, ok if variant
    destroot.cmd   ./InstallAgent.sh
    #default_variants-delete    +local
    #default_variants    -local

    ## "ERROR: Queue '/opt/local/var/ossec/queue/ossec/queue' not accessible: 'Connection refused'." = bad configure/not in agent mode
    ## Error (ossec-logtest) "clang: error: no such file or directory: 'alerts/alerts.a'" = seems to be a temporary error, re-execute usually solves it
    ## Error have server manage_agents on agent install: CEXTRA was not adapted to variant

notes-append "

====>   For Agent to work, you have to follow procedure described here
    http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-management.html
        At least, review server IP address in ${prefix}/var/ossec/etc/ossec.conf

        Basically
    1) Add the agent on server with 'manage_agents'
    2) Extract the corresponding key
    3) Add the key on agent client either with client '${prefix}/var/ossec/bin/manage_agents' which will
         create ${prefix}/var/ossec/etc/client.keys

        Or if you deploy many agents:
    server# openssl genrsa -out ${prefix}/var/ossec/etc/sslmanager.key 2048
    server# openssl req -new -x509 -key ${prefix}/var/ossec/etc/sslmanager.key -out ${prefix}/var/ossec/etc/sslmanager.cert -days 365
        During client deployements, execute the following commands
    server# ${prefix}/var/ossec/bin/ossec-authd -p 1515
    client# ${prefix}/var/ossec/bin/agent-auth -m serverIP -p 1515
        And restart both client and server

        In case of communication problem, review
    http://ossec-docs.readthedocs.org/en/latest/faq/unexpected.html#the-communication-between-my-agent-and-the-server-is-not-working-what-to-do
    server# /var/ossec/bin/manage_agents
"

}

subport ${name}29 {
    ## what about variants? duplicate or outside

    github.setup        ossec ossec-hids 2.9.0-beta03
    checksums           rmd160  b993cee0568e506b218445bafadb8698fb404d70 \
                        sha256  ae4a1718fbdedab14331aa1fe7b630f7088645615444258fc74545069d692fa7

    conflicts           ${name}
    livecheck.type      none

}

#subport ${name}-devel {
#    ## what about variants? duplicate or outside
#
#    version     20150327
#    distname    5558a677d4d0670747ba36d10ea77f5168198b1a
#
#    conflicts ${name} ${name}-agent
#    livecheck.type      none
#
#}