Ticket #42535: Portfile

File Portfile, 6.6 KB (added by jul_bsd@…, 10 years ago)
Line 
1# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2# $Id$
3
4PortSystem          1.0
5
6name                samhain
7version             3.1.2
8categories          security
9platforms           darwin
10maintainers         nomaintainer
11license             GPL
12
13description         host-based intrusion detection system
14
15long_description    The Samhain host-based intrusion detection system \
16                    (HIDS) provides file integrity checking and log \
17                    file monitoring/analysis, as well as rootkit \
18                    detection, port monitoring, detection of rogue \
19                    SUID executables, and hidden processes. \
20                    Samhain been designed to monitor multiple hosts \
21                    with potentially different operating systems, \
22                    providing centralized logging and maintenance, \
23                    although it can also be used as standalone \
24                    application on a single host. \
25                    Samhain is an open-source multiplatform \
26                    application for POSIX systems (Unix, Linux, \
27                    Cygwin/Windows).
28
29homepage            http://www.la-samhna.de/samhain/
30master_sites        ${homepage}/
31distname            ${name}-current
32set worksrcpath     ${workpath}/${name}-${version}
33
34checksums           rmd160  04ca91282fd3cbf0f7f291c6ba7e46a1c119d772 \
35                    sha256  840218137a4c77970fa9f61c5f79d05de4bb2b287736a55d771125c94f9a51fc
36
37depends_lib         port:pcre port:zlib
38
39## http://devloop.users.sourceforge.net/index.php?article68/initiation-au-systeme-de-detection-d-intrusion-samhain
40
41## Not using '--enable-login-watch' as wtmp/utmp is deprecated on macosx (or /private/var/run/utmpx ?)
42## --enable-process-check: Undefined symbols for architecture x86_64: "_sched_getparam", referenced from:
43configure.args      --mandir=${prefix}/share/man \
44                    --enable-userfiles \
45                    --enable-port-check \
46                    --enable-logfile-monitor
47
48# apple clang-500.2.79: "error: ran out of registers during register allocation" => OK w gcc 4.9
49configure.compiler  macports-gcc-4.9
50## FIXME! need review to adjust blacklist
51#compiler.blacklist {clang < 501}
52## clang: "error: inline assembly requires more registers than available"
53#compiler.blacklist clang macports-clang
54## llvm-gcc42: "cc1: error in backend: Ran out of registers during register allocation!"
55compiler.blacklist clang macports-clang llvm-gcc-4.2
56# FIXME! => still selecting llvm-gcc-4.2 ???
57
58post-extract {
59    ## double tar (for pgp signature)
60    system "cd ${workpath} && tar xzf ${workpath}/${name}-${version}${extract.suffix}"
61
62    copy ${filespath}/org.macports.samhain.plist.example ${worksrcpath}/
63}
64post-patch {
65    reinplace "s|%%PREFIX%%|${prefix}|g" ${worksrcpath}/org.macports.samhain.plist.example
66}
67
68post-destroot {
69    xinstall -d ${destroot}${prefix}/share/${name}
70    ## Note: no installing test suite as it need source directory
71    #copy ${worksrcpath}/test ${destroot}${prefix}/share/${name}/
72    copy ${worksrcpath}/scripts ${destroot}${prefix}/share/${name}/
73    copy ${worksrcpath}/sql_init ${destroot}${prefix}/share/${name}/
74   
75    xinstall -d ${destroot}${prefix}/share/doc/${name}
76    foreach file [glob -directory ${worksrcpath}/docs *] {
77        copy ${file} ${destroot}${prefix}/share/doc/${name}/
78    }
79
80    xinstall -d ${destroot}${prefix}/var/lib/${name}
81
82## FIXME! fails w variant +server
83    move ${destroot}${prefix}/etc/samhainrc ${destroot}${prefix}/share/${name}/samhainrc.sample
84    copy ${worksrcpath}/org.macports.samhain.plist.example ${destroot}${prefix}/share/${name}/org.macports.samhain.plist.example
85
86    if {[getuid] == 0} {
87
88        xinstall -d ${destroot}${prefix}/etc/LaunchDaemons/org.macports.samhain
89        xinstall -d ${destroot}/Library/LaunchDaemons
90        xinstall -m 644 ${destroot}${prefix}/share/${name}/org.macports.samhain.plist.example \
91        ${destroot}${prefix}/etc/LaunchDaemons/org.macports.samhain/org.macports.samhain.plist
92        ln -sf "${prefix}/etc/LaunchDaemons/org.macports.samhain/org.macports.samhain.plist" "${destroot}/Library/LaunchDaemons/org.macports.samhain.plist"
93    }
94}
95
96destroot.keepdirs  ${destroot}${prefix}/var/lib/${name}
97
98notes "
99If not existing, a default config file has been created in
100  ${prefix}/etc/samhainrc
101
102Initialize database with
103  # samhain -t init -p info
104
105A default scheduled task has been set up once a day in
106  ${prefix}/Library/LaunchDaemons/org.macports.${name}.plist
107Check if it fit you and start it like
108  # ln -s ${prefix}/Library/LaunchDaemons/org.macports.${name}.plist /Library/LaunchDaemons/
109  # launchctl load -w /Library/LaunchDaemons/org.macports.${name}.plist
110It only checks against database. You have to do the update yourself.
111
112"
113
114post-activate {
115    if ![file exists ${prefix}/etc/samhainrc] {
116        copy ${prefix}/share/${name}/samhainrc.sample ${prefix}/etc/samhainrc
117    }
118}
119
120livecheck.type      regex
121livecheck.url       ${homepage}/s_download.html
122livecheck.regex     "<td>Version (\\d+\\.\\d+\\.\\d+)</td>"
123
124variant client description { build network client } {
125    configure.args-append --enable-network=client
126}
127
128variant server description { build yule server to centralize databases } {
129    configure.args-append --enable-network=server
130
131    startupitem.create      yes
132    #startupitem.logfile     ${prefix}/var/log/yule.log
133    startupitem.executable  ${prefix}/sbin/yule
134
135}
136
137variant suidcheck description { add suid files checking } {
138    ## Attention! very I/O expensive
139    configure.args-append --enable-suidcheck
140}
141
142variant prelude description { add prelude bindings } {
143    depends_lib-append port:libprelude
144    configure.args-append --with-prelude
145}
146
147variant nagios description { add nagios script to monitor samhain } {
148    depends_build-append port:nagios
149    post-destroot {
150        xinstall -d ${destroot}${prefix}/libexec/nagios/
151        copy ${worksrcpath}/scripts/check_samhain.pl ${destroot}${prefix}/libexec/nagios/
152    }
153}
154
155variant mysql description { use mysql as backend } {
156    depends_lib           port:mysql5
157    configure.args-append --with-database=mysql --enable-xml-log
158}
159
160variant postgresql description { use postgresql as backend } {
161    depends_lib           port:postgresql93
162    configure.args-append --with-database=postgresql --enable-xml-log
163}
164
165variant oracle description { use oracle as backend } {
166    depends_lib           port:oracle-instantclient
167    configure.args-append --with-database=oracle --enable-xml-log
168}
169
170variant odbc description { use odbc as backend } {
171    depends_lib           port:unixODBC
172    configure.args-append --with-database=odbc --enable-xml-log
173}
174