From dcb93871af521fbf67ce1ffad38a1f7f041e5ec1 Mon Sep 17 00:00:00 2001
From: Kyle Evans <kevans@FreeBSD.org>
Date: Wed, 22 Apr 2020 14:20:41 +0000
Subject: [PATCH] [NEW] security/bsmtrace3: BSM based intrusion detection
 system

bsmtrace is a BSM based intrusion detection system, utilizing audit trails
and real-time audit event analysis through auditpipe(4).  This host based
IDS operates using a finite state machine principles with a flexible
sequence driven signature system.

WWW: https://www.github.com/openbsm/bsmtrace

This is a repocopy of security/bsmtrace, updated to recently-released 3.x.
There are breaking changes between 1.x and 3.x, so it was decided to create
a new port to give consumers some time to update their configs. The old
security/bsmtrace should be deprecated in fairly short order, after
bsmtrace3 has received a little bit of soak time in ports.

bsmtrace 3.x, compared to the previous port, offers following new features:
- Set arrays will now resize on the fly, so the size limits should be no
    more
- Logging channels have been removed, there's now one `logfile` directive
    that can be applied at the global level to switch the logfile, assuming
    the -l logdir option is in use
- Other config files can now be included with the 'include' directive; globs
    are not currently supported, paths are relative to the primary config
    file
- Sequences can now be configured to match on the jail name with the
    per-sequence `zone` directive; valid values are: any, none, or a glob
    string that matches the jail name.
    Any = any jail, not the host. None = Only the host, no jails.

Other points:
- The Makefile patch is no longer needed as PCRE is now a mandatory
    dependency.
- The dprintf(3) conflict is no more, so the rest of the patches also
    disappear.
- This port now installs manpages to ${PREFIX}/share/man as per recent
    guidelines to reflect base hierarchy.
- MAINTAINER remains csjp with the OpenBSM/TrustedBSD project.

Approved by:	koobs (mentor)
Differential Revision:	https://reviews.freebsd.org/D24437
---
 security/Makefile                       |  1 +
 security/bsmtrace3/Makefile             | 44 +++++++++++++++++++++++++
 security/bsmtrace3/distinfo             |  3 ++
 security/bsmtrace3/files/pkg-message.in | 10 ++++++
 security/bsmtrace3/pkg-descr            |  6 ++++
 security/bsmtrace3/pkg-plist            |  4 +++
 6 files changed, 68 insertions(+)
 create mode 100644 security/bsmtrace3/Makefile
 create mode 100644 security/bsmtrace3/distinfo
 create mode 100644 security/bsmtrace3/files/pkg-message.in
 create mode 100644 security/bsmtrace3/pkg-descr
 create mode 100644 security/bsmtrace3/pkg-plist

diff --git a/security/Makefile b/security/Makefile
index bee5bacf6ea5..7c13c669107b 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -60,6 +60,7 @@
     SUBDIR += bruteforceblocker
     SUBDIR += bsdsfv
     SUBDIR += bsmtrace
+    SUBDIR += bsmtrace3
     SUBDIR += bugs
     SUBDIR += bzrtp
     SUBDIR += ca_root_nss
diff --git a/security/bsmtrace3/Makefile b/security/bsmtrace3/Makefile
new file mode 100644
index 000000000000..7d08d088607a
--- /dev/null
+++ b/security/bsmtrace3/Makefile
@@ -0,0 +1,44 @@
+# $FreeBSD$
+
+PORTNAME=	bsmtrace
+PORTVERSION=	3.0
+DISTVERSIONPREFIX=	v
+CATEGORIES=	security
+PKGNAMESUFFIX=	3
+
+MAINTAINER=	csjp@FreeBSD.org
+COMMENT=	BSM based intrusion detection system
+
+LICENSE=	BSD2CLAUSE
+
+LIB_DEPENDS=	libpcre.so:devel/pcre
+
+CONFLICTS_INSTALL=	bsmtrace-[0-9]*
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	openbsm
+
+SUB_FILES=	pkg-message
+
+MAKE_JOBS_UNSAFE=	yes
+
+OPTIONS_DEFINE=	EXAMPLES
+
+pre-build:
+	${REINPLACE_CMD} -e \
+		's,/etc/bsmtrace.conf,${PREFIX}/etc/bsmtrace.conf,' \
+		${WRKSRC}/config.h
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin
+
+	${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.1 \
+	    ${STAGEDIR}${MAN1PREFIX}/share/man/man1
+	${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.conf.5 \
+		${STAGEDIR}${MAN5PREFIX}/share/man/man5
+
+do-install-EXAMPLES-on:
+	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.conf ${STAGEDIR}${EXAMPLESDIR}
+
+.include <bsd.port.mk>
diff --git a/security/bsmtrace3/distinfo b/security/bsmtrace3/distinfo
new file mode 100644
index 000000000000..8298441ebc65
--- /dev/null
+++ b/security/bsmtrace3/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1586997209
+SHA256 (openbsm-bsmtrace-v3.0_GH0.tar.gz) = 7b3575cbd2ecb4368221bd8e732f194825e75db44b61cb13c959e1dde3d3c831
+SIZE (openbsm-bsmtrace-v3.0_GH0.tar.gz) = 32679
diff --git a/security/bsmtrace3/files/pkg-message.in b/security/bsmtrace3/files/pkg-message.in
new file mode 100644
index 000000000000..711f3e0a2e44
--- /dev/null
+++ b/security/bsmtrace3/files/pkg-message.in
@@ -0,0 +1,10 @@
+[
+{ type: install
+  message: <<EOM
+Please note a sample configuration file for bsmtrace has been installed
+in %%EXAMPLESDIR%%.  This file will not be
+suitable for your own system, but can be used as a reference to get
+started.
+EOM
+}
+]
diff --git a/security/bsmtrace3/pkg-descr b/security/bsmtrace3/pkg-descr
new file mode 100644
index 000000000000..2efe1b55c30f
--- /dev/null
+++ b/security/bsmtrace3/pkg-descr
@@ -0,0 +1,6 @@
+bsmtrace is a BSM based intrusion detection system, utilizing audit trails
+and real-time audit event analysis through auditpipe(4).  This host based
+IDS operates using a finite state machine principles with a flexible
+sequence driven signature system.
+
+WWW: https://www.github.com/openbsm/bsmtrace
diff --git a/security/bsmtrace3/pkg-plist b/security/bsmtrace3/pkg-plist
new file mode 100644
index 000000000000..e08d6a3b1e55
--- /dev/null
+++ b/security/bsmtrace3/pkg-plist
@@ -0,0 +1,4 @@
+sbin/bsmtrace
+share/man/man1/bsmtrace.1.gz
+share/man/man5/bsmtrace.conf.5.gz
+%%EXAMPLESDIR%%/bsmtrace.conf