---
name: ossec-hids-client
version: 2.7
origin: security/ossec-hids-client
comment: The client port of ossec-hids
arch: freebsd:9:x86:64
www: http://www.ossec.net/
maintainer: glarkin@FreeBSD.org
prefix: /usr/local
licenselogic: single
flatsize: 2898515
desc: |
  OSSEC is an Open Source Host-based Intrusion Detection System.
  It performs log analysis, integrity checking, Windows registry
  monitoring, rootkit detection, time-based alerting and active
  response.

  WWW: http://www.ossec.net/
categories: [security]
users: [ossecr, ossecm, ossec]
groups: [ossec]
options: {DOCS: on}
files:
  /usr/local/etc/rc.d/ossec-hids: da1ba42a4fa259df6009cde1e6f150f271bf753c3869ae866f5ac786699cdb58
  /usr/local/ossec-hids/active-response/bin/disable-account.sh: f9a813e4e53823fc8d43a8ec1a91df67524308156eabdf63c8440086f2394260
  /usr/local/ossec-hids/active-response/bin/firewall-drop.sh: 5c48ccea0bedb4854aee80f5c371e3a00f9f7b3e5aa097a3e76d77fc4c682eb9
  /usr/local/ossec-hids/active-response/bin/host-deny.sh: a92731e8b8ef0e0e6ac663e2ab01d92b5809a94f46858f4cbcf7dc01aa92aec1
  /usr/local/ossec-hids/active-response/bin/ipfw.sh: 1ca8c12b62b03c3eaa2e2adc6cfe2398055180b17d382a801d220f35f01efa9a
  /usr/local/ossec-hids/active-response/bin/ipfw_mac.sh: c5d73ba9fb994f7f4c13746a0a2a2d3a9bf0600fb9e39338021e39844df61204
  /usr/local/ossec-hids/active-response/bin/ossec-tweeter.sh: 5781e4c355eee177f8789ce242a75dde4b27f1f313e6eb4b1641227ab2767848
  /usr/local/ossec-hids/active-response/bin/pf.sh: b36ffcb208c441f9c7547170888634eb1c237bdc9a6fa7b207a91aff171f2f0e
  /usr/local/ossec-hids/active-response/bin/restart-ossec.sh: e736dde6929e32461fe51db100d4bff0d80ac2d316e7011aa4ac8294bb94a0a9
  /usr/local/ossec-hids/active-response/bin/route-null.sh: 7b180716a51e2910f2e2595675e087bb173ba962aa61c0835990f186818704c2
  /usr/local/ossec-hids/agentless/main.exp: 5714dd884065a61ba76e2ea64b5e34cd772b05f1236cca1b1560453859c51b7a
  /usr/local/ossec-hids/agentless/register_host.sh: 17259074c474eeb4ce681de22d537df841878e16afe18ebc5395136952fd4409
  /usr/local/ossec-hids/agentless/ssh.exp: 5c7c776bd51ea5278df7c61683c07043d6ff8ae275fa4ae491605e7e7efa374b
  /usr/local/ossec-hids/agentless/ssh_asa-fwsmconfig_diff: 8db328d8b0d2983b2a15ca437de8cdba77c3fd9baf5a7cf3de7ef964d4cc12d8
  /usr/local/ossec-hids/agentless/ssh_foundry_diff: 5a71febacae4f138f9ec10024a12cf575cc1e8d1c0acd75bba23d8a4b1ae7c97
  /usr/local/ossec-hids/agentless/ssh_generic_diff: 6f34bc106944b14f45afcb983ecff32260e65d767b7d0ddf04b55dd62d31f99d
  /usr/local/ossec-hids/agentless/ssh_integrity_check_bsd: 7add0c3b7abe86dfb0a2e29b01a6c6d90c4753232187961cd433ebd03a826755
  /usr/local/ossec-hids/agentless/ssh_integrity_check_linux: 1662ad5b46a0a66592c4d8b035d890340867ab25eb5a0f508c51edbac2bbc24a
  /usr/local/ossec-hids/agentless/ssh_nopass.exp: 1e93338483db73bb9571fbc05565b81f9695937709698510d40ad78a9e2c1973
  /usr/local/ossec-hids/agentless/ssh_pixconfig_diff: 41ae7d35f1ee0240c58808f3138c21322c577495dfe2de13219e4274c55722a9
  /usr/local/ossec-hids/agentless/sshlogin.exp: 00f8187f0435b42ce4b9b07fbf1df73502a5dd22329c6b5070786e137d5a3f97
  /usr/local/ossec-hids/agentless/su.exp: 38e0d5d61620a94b3fc552a822e40d27bd6add5cb354dab8779b2c180e5f692e
  /usr/local/ossec-hids/bin/agent-auth: 3f40b0e41049b37799194765a3cef6ae7ab1f98c2bc6017c51efff1816c1193e
  /usr/local/ossec-hids/bin/manage_agents: ee2c23f081c5a29e839e7e151680ae7ba5de92629582b00f8742705d41ba485c
  /usr/local/ossec-hids/bin/ossec-agentd: 3f079ee6784abe1fef0ae3eb3e065ff19f660023c904ee72036b8205161b411f
  /usr/local/ossec-hids/bin/ossec-control: 959535ffd6e9028f5133ee62da3ea06d6611e99aedfeb6b92e0c2698f460671f
  /usr/local/ossec-hids/bin/ossec-execd: c87a1100d3d3eb7af2145ddea4ebbfb42683649983c72e7e6e4764cb048296e8
  /usr/local/ossec-hids/bin/ossec-logcollector: 7d8dd41bd416202186f1df4258fbcdf1f76da2eb82c49058ab0768b9ac18bd1d
  /usr/local/ossec-hids/bin/ossec-syscheckd: e8136e90233ac13251a64cec67fb121fb4f6e679dd232aa114668bae3a176009
  /usr/local/ossec-hids/bin/util.sh: 7191c4dac4228a3e38f28a3a14e2fedc526db716726608983041659d2fb70c26
  /usr/local/ossec-hids/etc/internal_options.conf: 7643987780244a943c24e1a11cf4be80dae7644018a3ca87d16ea8b9bb1c6add
  /usr/local/ossec-hids/etc/ossec.conf.sample: 1e7eaa0ef258838eb0cda7c417f3434fdf86fad9b9a5ed62af63904be6c14705
  /usr/local/ossec-hids/etc/shared/cis_debian_linux_rcl.txt: b67d748ffd8f0d93addd22a34a49382cf06f1482f1c5dd4d0c2cec3d8b0934b9
  /usr/local/ossec-hids/etc/shared/cis_rhel5_linux_rcl.txt: 1a650e582b4fa5e76783c322e5a2f2509525e8a2651b7720657da1cfdc103e08
  /usr/local/ossec-hids/etc/shared/cis_rhel_linux_rcl.txt: 127017cfbd3fc0068cf4f93f5d35c778ce953c0316de44395a4b79fe74363ee4
  /usr/local/ossec-hids/etc/shared/rootkit_files.txt: 33c55ffc061bd78691ca6917955e915ce51a44fadf2183f6e73d53ac48ecee81
  /usr/local/ossec-hids/etc/shared/rootkit_trojans.txt: 1c06480dc4e1705eb4a5c0ad27bfe9daff660c553d4f68de5f68903c246e5bd7
  /usr/local/ossec-hids/etc/shared/system_audit_rcl.txt: 523a014c4029f0587d6061af5e3129af41e118b7eba467c3c6b6aedc3ea9db5e
  /usr/local/ossec-hids/etc/shared/win_applications_rcl.txt: a3fc0771cfc7b2827d0d920acc01b6d16a74c70742364dbb32479e2215eeec73
  /usr/local/ossec-hids/etc/shared/win_audit_rcl.txt: fde2b7d83bf42b14a14bcac75f62dd5588b3eef67cc51981c3c2425be47fcb2a
  /usr/local/ossec-hids/etc/shared/win_malware_rcl.txt: 86a1a5b304db8c05715b5f8b018703b5a1be4dd82ac187aa349cf03cfd650423
  /usr/local/share/doc/ossec-hids/BUGS: 5724e1febc0e096bd10f7b60e053d35cdcff1081d79641aa8c2e224b4d25564b
  /usr/local/share/doc/ossec-hids/CONFIG: ab992180ccba57356947dafa66fee78705d3193cb5a0aeb06746e29c171fece3
  /usr/local/share/doc/ossec-hids/CONTRIBUTORS: 4d813636fe6d469380c7e30cf8d485e5dfdf67c5d4fad5673b9deaa02e8e8048
  /usr/local/share/doc/ossec-hids/INSTALL: 5ba0d1e9c28d5fbac69da4d4c5aa661d3b36043f91db79d0d24e065f64eaf5d9
  /usr/local/share/doc/ossec-hids/LICENSE: f9bc4e2e4fe3ee1bd4ba6d665781376d81af193ed29d652b8ce9ef65102e9947
  /usr/local/share/doc/ossec-hids/README: 873997ee9e481e8ec70717ccb9cfd4586bfc206de7bfcf4d9e4ee2362b51984d
directories:
  /usr/local/share/doc/ossec-hids/: n
  /usr/local/ossec-hids/var/run/: y
  /usr/local/ossec-hids/var/: y
  /usr/local/ossec-hids/queue/syscheck/: y
  /usr/local/ossec-hids/queue/rids/: y
  /usr/local/ossec-hids/queue/ossec/: y
  /usr/local/ossec-hids/queue/diff/: y
  /usr/local/ossec-hids/queue/alerts/: y
  /usr/local/ossec-hids/queue/: y
  /usr/local/ossec-hids/logs/: y
  /usr/local/ossec-hids/etc/shared/: y
  /usr/local/ossec-hids/etc//: y
  /usr/local/ossec-hids/bin/: y
  /usr/local/ossec-hids/agentless/: y
  /usr/local/ossec-hids/active-response/bin/: y
  /usr/local/ossec-hids/active-response/: y
  /usr/local/ossec-hids/.ssh/: y
  /usr/local/ossec-hids/: y
scripts:
  post-install: |
    echo "===> Creating users and/or groups."
    if ! /usr/sbin/pw groupshow ossec >/dev/null 2>&1; then  echo "Creating group 'ossec' with gid '966'.";  /usr/sbin/pw groupadd ossec -g 966; else echo "Using existing group 'ossec'."; fi
    if ! /usr/sbin/pw usershow ossec >/dev/null 2>&1; then  echo "Creating user 'ossec' with uid '966'.";  /usr/sbin/pw useradd ossec -u 966 -g 966  -c "OSSEC user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossec'."; fi
    install -d -g 966 -o 966 /usr/local/ossec-hids
    if ! /usr/sbin/pw usershow ossecm >/dev/null 2>&1; then  echo "Creating user 'ossecm' with uid '967'.";  /usr/sbin/pw useradd ossecm -u 967 -g 966  -c "OSSEC mail user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossecm'."; fi
    install -d -g 966 -o 967 /usr/local/ossec-hids
    if ! /usr/sbin/pw usershow ossecr >/dev/null 2>&1; then  echo "Creating user 'ossecr' with uid '968'.";  /usr/sbin/pw useradd ossecr -u 968 -g 966  -c "OSSEC rem user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossecr'."; fi
    install -d -g 966 -o 968 /usr/local/ossec-hids
    cd /usr/local
  pre-deinstall: |
    if cmp -s /usr/local/ossec-hids/etc/ossec.conf /usr/local/ossec-hids/etc/ossec.conf.sample; then rm -f /usr/local/ossec-hids/etc/ossec.conf; fi
    if test ! -s /usr/local/ossec-hids/logs/ossec.log; then rm -f /usr/local/ossec-hids/logs/ossec.log; fi
    if /usr/sbin/pw usershow ossec >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossec\" user. "; fi
    if /usr/sbin/pw usershow ossecm >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossecm\" user. "; fi
    if /usr/sbin/pw usershow ossecr >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossecr\" user. "; fi
    cd /usr/local
  post-deinstall: |
    cd /usr/local
message: |
  After installation, you need to edit the ossec.conf file to reflect
  the correct settings for your environment.  All the files related
  to ossec-hids have been installed in /usr/local/ossec-hids and
  its subdirectories.

  For information on proper configuration, see http://www.ossec.net/.

  To enable the startup script, add ossechids_enable="YES" to
  /etc/rc.conf.  To enable database output, execute:

  /usr/local/ossec-hids/bin/ossec-control enable database

  Then check this documentation:

  http://www.ossec.net/doc/manual/output/database-output.html

  When you deinstall this port after starting the daemons once, many
  directories that are created by the daemons will remain.  To fully
  remove the port you need to delete those directories manually.  To
  further enhance the security on your system, you may also enable
  some checks in PAM for a fast reaction against intrusions.
