Re: [Sguil-users] FreeBSD port
Status: Beta
Brought to you by:
bamm
From: Joe S <js....@gm...> - 2008-05-19 18:36:30
|
Here is the output of the patch: # patch <patch-sguil-sensor Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -Naur /usr/ports/security/sguil-sensor/Makefile sguil-sensor/Makefile |--- /usr/ports/security/sguil-sensor/Makefile 2008-05-03 08:22:16.000000000 -0500 |+++ sguil-sensor/Makefile 2008-05-12 10:34:01.000000000 -0500 -------------------------- Patching file Makefile using Plan A... Reversed (or previously applied) patch detected! Assume -R? [y] n Apply anyway? [n] y Hunk #1 failed at 7. 1 out of 1 hunks failed--saving rejects to Makefile.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -Naur /usr/ports/security/sguil-sensor/files/example_agent.sh.in sguil-sensor/files/example_agent.sh.in |--- /usr/ports/security/sguil-sensor/files/example_agent.sh.in 1969-12-31 18:00:00.000000000 -0600 |+++ sguil-sensor/files/example_agent.sh.in 2008-05-14 10:35:11.000000000 -0500 -------------------------- Patching file example_agent.sh.in using Plan A... Hunk #1 succeeded at 1. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -Naur /usr/ports/security/sguil-sensor/files/pads_agent.sh.in sguil-sensor/files/pads_agent.sh.in |--- /usr/ports/security/sguil-sensor/files/pads_agent.sh.in 1969-12-31 18:00:00.000000000 -0600 |+++ sguil-sensor/files/pads_agent.sh.in 2008-05-14 10:36:15.000000000 -0500 -------------------------- Patching file pads_agent.sh.in using Plan A... Hunk #1 succeeded at 1. Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |diff -Naur /usr/ports/security/sguil-sensor/files/patch-sensor_agent.tcl sguil-sensor/files/patch-sensor_agent.tcl |--- /usr/ports/security/sguil-sensor/files/patch-sensor_agent.tcl 2006-10-09 14:04:38.000000000 -0500 |+++ sguil-sensor/files/patch-sensor_agent.tcl 1969-12-31 18:00:00.000000000 -0600 -------------------------- File to patch: Here is the list of files in the port that you wanted: # find /usr/ports/security/sguil-sensor/ /usr/ports/security/sguil-sensor/ /usr/ports/security/sguil-sensor/Makefile /usr/ports/security/sguil-sensor/distinfo /usr/ports/security/sguil-sensor/pkg-descr /usr/ports/security/sguil-sensor/pkg-plist /usr/ports/security/sguil-sensor/files /usr/ports/security/sguil-sensor/files/log_packets.conf /usr/ports/security/sguil-sensor/files/patch-log_packets.sh /usr/ports/security/sguil-sensor/files/pkg-message.in /usr/ports/security/sguil-sensor/files/sensor_agent.sh.in /usr/ports/security/sguil-sensor/work /usr/ports/security/sguil-sensor/work/sguil-0.7.0 /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/log_packets.sh /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/sancp /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/sancp/sancp.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/sancp_agent.tcl /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/example_agent.tcl /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/example_agent.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/README /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/patch_barnyard.sh /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/op_plugbase.c.patch /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/op_sguil.h /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/barnyard.patch /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/configure.in /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/barnyard_mods/op_sguil.c /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pads_agent.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pcap_agent.tcl /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/init /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/init/sensoragent /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pcap_agent.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/sancp_agent.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pads_agent.tcl /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/snort_agent.tcl /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/snort_agent.conf /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/log_packets.sh.orig /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/example_agent.tcl.bak /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pads_agent.tcl.bak /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/pcap_agent.tcl.bak /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/sancp_agent.tcl.bak /usr/ports/security/sguil-sensor/work/sguil-0.7.0/sensor/snort_agent.tcl.bak /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/INSTALL.openbsd /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/LICENSE.QPL /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/TODO /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/USAGE /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/OPENSSL.README /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/UPGRADE /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/sguildb.dia /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/CHANGES /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/FAQ /usr/ports/security/sguil-sensor/work/sguil-0.7.0/doc/INSTALL /usr/ports/security/sguil-sensor/work/.extract_done.sguil-sensor._usr_local /usr/ports/security/sguil-sensor/work/.patch_done.sguil-sensor._usr_local /usr/ports/security/sguil-sensor/work/.configure_done.sguil-sensor._usr_local /usr/ports/security/sguil-sensor/work/.build_done.sguil-sensor._usr_local /usr/ports/security/sguil-sensor/work/pkg-message /usr/ports/security/sguil-sensor/patch-sguil-sensor /usr/ports/security/sguil-sensor/Makefile.orig /usr/ports/security/sguil-sensor/Makefile.rej /usr/ports/security/sguil-sensor/example_agent.sh.in /usr/ports/security/sguil-sensor/example_agent.sh.in.orig /usr/ports/security/sguil-sensor/pads_agent.sh.in /usr/ports/security/sguil-sensor/pads_agent.sh.in.orig /usr/ports/security/sguil-sensor/patch-sensor_agent.tcl.rej /usr/ports/security/sguil-sensor/pcap_agent.sh.in /usr/ports/security/sguil-sensor/pcap_agent.sh.in.orig /usr/ports/security/sguil-sensor/sancp_agent.sh.in /usr/ports/security/sguil-sensor/sancp_agent.sh.in.orig /usr/ports/security/sguil-sensor/sensor_agent.sh.in.rej /usr/ports/security/sguil-sensor/snort_agent.sh.in /usr/ports/security/sguil-sensor/snort_agent.sh.in.orig /usr/ports/security/sguil-sensor/Makefile.rej.orig /usr/ports/security/sguil-sensor/patch-sensor_agent.tcl.rej.orig /usr/ports/security/sguil-sensor/sensor_agent.sh.in.rej.orig On Mon, May 19, 2008 at 11:17 AM, Paul Schmehl <pa...@ut...> wrote: > Send me the results of this command: > > find /usr/ports/security/sguil-sensor/ > > It should look like this: > > # find /usr/ports/security/sguil-sensor/ > > /usr/ports/security/sguil-sensor/ > /usr/ports/security/sguil-sensor/files > /usr/ports/security/sguil-sensor/files/example_agent.sh.in > /usr/ports/security/sguil-sensor/files/log_packets.conf > /usr/ports/security/sguil-sensor/files/patch-log_packets.sh > /usr/ports/security/sguil-sensor/files/pads_agent.sh.in > /usr/ports/security/sguil-sensor/files/pkg-message.in > /usr/ports/security/sguil-sensor/files/pcap_agent.sh.in > /usr/ports/security/sguil-sensor/files/sancp_agent.sh.in > /usr/ports/security/sguil-sensor/files/snort_agent.sh.in > /usr/ports/security/sguil-sensor/Makefile > /usr/ports/security/sguil-sensor/distinfo > /usr/ports/security/sguil-sensor/pkg-descr > /usr/ports/security/sguil-sensor/pkg-plist > > --On Monday, May 19, 2008 10:36:43 -0700 Joe S <js....@gm...> wrote: > >> This patch doesn't seem to work either. >> >> >> On Sun, May 18, 2008 at 3:29 PM, Paul Schmehl <pa...@ut...> wrote: >>> Yes, I know. I'm trying to get it fixed now. You can fix it with the >>> patch I posted, which you can download from here: >>> >>> http://www.utdallas.edu/~pauls/patch-sguil-sensor >>> >>> --On May 18, 2008 8:48:06 AM -0700 Joe S <js....@gm...> wrote: >>> >>>> The sguil-sensor port appears to have been updated. >>>> >>>> However, it now appears broken in another way: >>>> >>>> >>>> >>>> ** Missing /usr/ports/security/sguil-sensor/files/example_agent.sh.in >>>> for sguil-sensor-0.7.0_1. >>>> *** Error code 1 >>>> >>>> Stop in /usr/ports/security/sguil-sensor. >>>> *** Error code 1 >>>> >>>> Stop in /usr/ports/security/sguil-sensor. >>>> *** Error code 1 >>>> >>>> Stop in /usr/ports/security/sguil-sensor. >>>> ** Command failed [exit code 1]: /usr/bin/script -qa >>>> /tmp/portinstall.80606.4 env make reinstall >>>> ** Fix the installation problem and try again. >>>> ** Listing the failed packages (-:ignored / *:skipped / !:failed) >>>> ! security/sguil-sensor (install error) >>>> >>>> >>>> >>>> On Fri, May 16, 2008 at 7:21 AM, Paul Schmehl <pa...@ut...> wrote: >>>>> Obviously I screwed up. What I can't figure out is how it got past the >>>>> committer. He should have caught my mistakes and insisted that I fix >>>>> them before committing the port. >>>>> >>>>> I really appreciate you guys giving me a heads-up before this became an >>>>> even bigger problem that it is. >>>>> >>>>> Please note, the sguil-server startup script also didn't work - it had >>>>> the same error as the startup scripts in the sensor port. That's also >>>>> been corrected in the PR, so you can download that patch from the PR is >>>>> you don't want to wait for the port to be updated. Or, I can send you >>>>> a copy. >>>>> >>>>> I learned a big lesson about testing in non-standard ways. Renaming the >>>>> conf file is the only thing that would have uncovered this problem. >>>>> (The missing files is a different issue.) >>>>> >>>>> --On May 16, 2008 8:05:08 AM -0400 Thomas Mullins >>>>> <tsm...@wi...> wrote: >>>>> >>>>>> Thanks, >>>>>> >>>>>> I was having the same problem with the 0.7 port. >>>>>> >>>>>> Shane >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: sgu...@li... >>>>>> [mailto:sgu...@li...] On Behalf Of Dafydd, >>>>>> Sion >>>>>> Sent: Friday, May 16, 2008 4:38 AM >>>>>> To: sgu...@li... >>>>>> Cc: Sguil Devel >>>>>> Subject: Re: [Sguil-users] FreeBSD port >>>>>> >>>>>> Hi Joe, >>>>>> >>>>>> The port has probably not been updated yet with Paul's changes. >>>>>> >>>>>> If you're in a rush to get started do the following: >>>>>> >>>>>> o Delete patch-sensor_agent.tcl and sensor_agent.sh.in from the files >>>>>> directory as the ports system is trying to patch nonexistent files. >>>>>> o Put the attached files in the files directory - they are updated rc.d >>>>>> files for the agents. >>>>>> >>>>>> Regards, >>>>>> >>>>>> Sion >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: sgu...@li... >>>>>> [mailto:sgu...@li...] On Behalf Of Joe S >>>>>> Sent: 16 May 2008 05:13 >>>>>> To: sgu...@li... >>>>>> Cc: Sguil Devel >>>>>> Subject: Re: [Sguil-users] FreeBSD port >>>>>> >>>>>> Hi Paul, >>>>>> >>>>>> Thanks for the port. >>>>>> >>>>>> On a brand new FreeBSD system, I'm having trouble installing the >>>>>> sguil-sensor port. >>>>>> >>>>>># make install clean >>>>>> ===> Vulnerability check disabled, database not found ===> Found >>>>>> saved configuration for sguil-sensor-0.7.0 ===> Extracting for >>>>>> sguil-sensor-0.7.0 => MD5 Checksum OK for sguil-sensor-0.7.0.tar.gz. >>>>>> => SHA256 Checksum OK for sguil-sensor-0.7.0.tar.gz. >>>>>> ===> Patching for sguil-sensor-0.7.0 >>>>>> ===> Applying FreeBSD patches for sguil-sensor-0.7.0 File to patch: >>>>>> >>>>>> I'm prompted for "File to patch:" >>>>>> >>>>>> I'm not sure what the port wants. >>>>>> >>>>>> >>>>>> >>>>>> On Mon, May 5, 2008 at 2:25 PM, Paul Schmehl <pa...@ut...> >>>>>> wrote: >>>>>>> The FreeBSD ports for server, sensor and client have been updated to >>>>>> version >>>>>>> 0.7.0. In addition, the barnyard-sguil6 port has been renamed to >>>>>>> barnyard-sguil and patched to fix a problem with barnyard failing to >>>>>> build when >>>>>>> postgresql was selected as the database of choice. >>>>>>> >>>>>>> -- >>>>>>> Paul Schmehl (pa...@ut...) >>>>>>> Senior Information Security Analyst >>>>>>> The University of Texas at Dallas >>>>>>> http://www.utdallas.edu/ir/security/ >>>>>>> >>>>>>> >>>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> -- - >>>>>>> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference >>>>>>> Don't miss this year's exciting event. There's still time to save >>>>>> $100. >>>>>>> Use priority code J8TL2D2. >>>>>>> >>>>>> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com >>>>>> /j avaone >>>>>>> _______________________________________________ >>>>>>> Sguil-users mailing list >>>>>>> Sgu...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> --- This SF.net email is sponsored by: Microsoft >>>>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>>>>> _______________________________________________ >>>>>> Sguil-users mailing list >>>>>> Sgu...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>>>> >>>>> >>>>> >>>>> Paul Schmehl (pa...@ut...) >>>>> Senior Information Security Analyst >>>>> The University of Texas at Dallas >>>>> http://www.utdallas.edu/ir/security/ >>>>> >>>>> >>>>> ----------------------------------------------------------------------- >>>>> -- This SF.net email is sponsored by: Microsoft >>>>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>>>> _______________________________________________ >>>>> Sguil-users mailing list >>>>> Sgu...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>>>> >>> >>> >>> >>> Paul Schmehl (pa...@ut...) >>> Senior Information Security Analyst >>> The University of Texas at Dallas >>> http://www.utdallas.edu/ir/security/ >>> >>> >>> ------------------------------------------------------------------------- >>> This SF.net email is sponsored by: Microsoft >>> Defy all challenges. Microsoft(R) Visual Studio 2008. >>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >>> _______________________________________________ >>> Sguil-users mailing list >>> Sgu...@li... >>> https://lists.sourceforge.net/lists/listinfo/sguil-users >>> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Sguil-users mailing list >> Sgu...@li... >> https://lists.sourceforge.net/lists/listinfo/sguil-users > > > > -- > Paul Schmehl (pa...@ut...) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users > |