=> Building security/ossec-hids-local-config Started : Wednesday, 24 JUL 2019 at 11:48:50 UTC Platform: 5.7-DEVELOPMENT DragonFly v5.7.0.83.g49866-DEVELOPMENT #40: Sun Jun 30 03:00:04 PDT 2019 root@pkgbox64.dragonflybsd.org:/usr/obj/usr/src/sys/X86_64_GENERIC x86_64 -------------------------------------------------- -- Environment -------------------------------------------------- UNAME_r=5.6-SYNTH UNAME_m=x86_64 UNAME_p=x86_64 UNAME_v=DragonFly 5.6-SYNTH UNAME_s=DragonFly PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin SSL_NO_VERIFY_PEER=1 TERM=dumb PKG_CACHEDIR=/var/cache/pkg8 PKG_DBDIR=/var/db/pkg8 PORTSDIR=/xports LANG=C HOME=/root USER=root -------------------------------------------------- -- Options -------------------------------------------------- ===> The following configuration options are available for ossec-hids-local-config-3.3.0: ====> Alerting Rules DEFAULT_R=on: Rules provided by OSSEC CONFIG_R=on: Alert changes of the OSSEC main configuration files CMDOUT_R=on: Alert changes of output of the monitored commands ====> Active Response DEFAULT_C=on: Commands provided by OSSEC MERGE_C=on: Commands to merge configuration files MERGE_AR=on: Merge configuration files when they change RESTART_AR=on: Restart OSSEC when main configuration files change HOSTDENY_AR=off: Block the attacker's IP using access control files FWDROP_AR=off: Block the attacker's IP on the firewall ====> System Audit and Rootkit Detection (rootcheck) BASIC_RC=on: Basic audit and rootkits ====> File Integrity Checking (syscheck) NEWFILES_SC=on: Alert on new files created NOAUTO_SC=on: Disable auto_ignore feature BASIC_SC=on: "bin", "sbin" and "etc" directories OSSEC_SC=on: OSSEC directories PGSQL_SC=off: PostgreSQL configuration files ====> Command Output Monitoring LOGINS=on: Last logins PORTS_TCP=on: Open TCP ports PORTS_UDP=on: Open UDP ports ====> Log Monitoring BASIC=on: Basic system logs OSSEC=on: OSSEC active response logs APACHE=off: Apache logs NGINX=off: Nginx logs RADIUS=off: FreeRADIUS logs VSFTPD=off: Vsftpd logs ====> Active Response Firewall: you have to select exactly one of them NOFW=on: Custom or no firewall IPF=off: ipfilter IPFW=off: ipfirewall PF=off: Packet Filter ===> Use 'make config' to modify these settings -------------------------------------------------- -- CONFIGURE_ENV -------------------------------------------------- XDG_DATA_HOME=/construction/security/ossec-hids-local-config XDG_CONFIG_HOME=/construction/security/ossec-hids-local-config HOME=/construction/security/ossec-hids-local-config TMPDIR="/tmp" PATH=/construction/security/ossec-hids-local-config/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin SHELL=/bin/sh CONFIG_SHELL=/bin/sh CCVER=gcc80 -------------------------------------------------- -- CONFIGURE_ARGS -------------------------------------------------- -------------------------------------------------- -- MAKE_ENV -------------------------------------------------- XDG_DATA_HOME=/construction/security/ossec-hids-local-config XDG_CONFIG_HOME=/construction/security/ossec-hids-local-config HOME=/construction/security/ossec-hids-local-config TMPDIR="/tmp" PATH=/construction/security/ossec-hids-local-config/.bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin NO_PIE=yes MK_DEBUG_FILES=no MK_KERNEL_SYMBOLS=no SHELL=/bin/sh NO_LINT=YES CCVER=gcc80 PREFIX=/usr/local LOCALBASE=/usr/local NOPROFILE=1 CC="cc" CFLAGS="-pipe -O2 -fno-strict-aliasing " CPP="cpp" CPPFLAGS="" LDFLAGS=" " LIBS="" CXX="c++" CXXFLAGS=" -pipe -O2 -fno-strict-aliasing " MANPREFIX="/usr/local" BSD_INSTALL_PROGRAM="install -s -m 555" BSD_INSTALL_LIB="install -s -m 0644" BSD_INSTALL_SCRIPT="install -m 555" BSD_INSTALL_DATA="install -m 0644" BSD_INSTALL_MAN="install -m 444" -------------------------------------------------- -- MAKE_ARGS -------------------------------------------------- DESTDIR=/construction/security/ossec-hids-local-config/stage -------------------------------------------------- -- PLIST_SUB -------------------------------------------------- OSSEC_HOME=/usr/local/ossec-hids APACHE="@comment " NO_APACHE="" BASIC="" NO_BASIC="@comment " BASIC_RC="" NO_BASIC_RC="@comment " BASIC_SC="" NO_BASIC_SC="@comment " CMDOUT_R="" NO_CMDOUT_R="@comment " CONFIG_R="" NO_CONFIG_R="@comment " DEFAULT_C="" NO_DEFAULT_C="@comment " DEFAULT_R="" NO_DEFAULT_R="@comment " FWDROP_AR="@comment " NO_FWDROP_AR="" HOSTDENY_AR="@comment " NO_HOSTDENY_AR="" IPF="@comment " NO_IPF="" IPFW="@comment " NO_IPFW="" LOGINS="" NO_LOGINS="@comment " MERGE_AR="" NO_MERGE_AR="@comment " MERGE_C="" NO_MERGE_C="@comment " NEWFILES_SC="" NO_NEWFILES_SC="@comment " NGINX="@comment " NO_NGINX="" NOAUTO_SC="" NO_NOAUTO_SC="@comment " NOFW="" NO_NOFW="@comment " OSSEC="" NO_OSSEC="@comment " OSSEC_SC="" NO_OSSEC_SC="@comment " PF="@comment " NO_PF="" PGSQL_SC="@comment " NO_PGSQL_SC="" PORTS_TCP="" NO_PORTS_TCP="@comment " PORTS_UDP="" NO_PORTS_UDP="@comment " RADIUS="@comment " NO_RADIUS="" RESTART_AR="" NO_RESTART_AR="@comment " VSFTPD="@comment " NO_VSFTPD="" OSREL=5.6 PREFIX=%D LOCALBASE=/usr/local RESETPREFIX=/usr/local LIB32DIR=lib PROFILE="@comment " DOCSDIR="share/doc/ossec-hids" EXAMPLESDIR="share/examples/ossec-hids" DATADIR="share/ossec-hids" WWWDIR="www/ossec-hids" ETCDIR="etc/ossec-hids" -------------------------------------------------- -- SUB_LIST -------------------------------------------------- PORTNAME=ossec-hids OSSEC_TYPE=local OSSEC_HOME=/usr/local/ossec-hids VERSION=3.3.0 USER=root OSSEC_USER=ossec OSSEC_GROUP=ossec OSSEC_RC=/usr/local/etc/rc.d/ossec-hids FW_DROP= ROOTCHECK_BASIC_PROFILE=basic ROOTCHECK_CIS_PROFILE=cis ROOTCHECK_CIS_L1_PROFILE=cis-level1 ROOTCHECK_CIS_L2_PROFILE=cis-level2 SYSCHECK_BASIC_PROFILE=basic SYSCHECK_OSSEC_PROFILE=ossec SYSCHECK_PGSQL_PROFILE=postgresql LOGS_BASIC_PROFILE=basic LOGS_OSSEC_PROFILE=ossec LOGS_APACHE_PROFILE=apache LOGS_NGINX_PROFILE=nginx LOGS_RADIUS_PROFILE=radius LOGS_VSFTPD_PROFILE=vsftpd CONFIG_PROFILES="" APACHE="@comment " NO_APACHE="" BASIC="" NO_BASIC="@comment " BASIC_RC="" NO_BASIC_RC="@comment " BASIC_SC="" NO_BASIC_SC="@comment " CMDOUT_R="" NO_CMDOUT_R="@comment " CONFIG_R="" NO_CONFIG_R="@comment " DEFAULT_C="" NO_DEFAULT_C="@comment " DEFAULT_R="" NO_DEFAULT_R="@comment " FWDROP_AR="@comment " NO_FWDROP_AR="" HOSTDENY_AR="@comment " NO_HOSTDENY_AR="" IPF="@comment " NO_IPF="" IPFW="@comment " NO_IPFW="" LOGINS="" NO_LOGINS="@comment " MERGE_AR="" NO_MERGE_AR="@comment " MERGE_C="" NO_MERGE_C="@comment " NEWFILES_SC="" NO_NEWFILES_SC="@comment " NGINX="@comment " NO_NGINX="" NOAUTO_SC="" NO_NOAUTO_SC="@comment " NOFW="" NO_NOFW="@comment " OSSEC="" NO_OSSEC="@comment " OSSEC_SC="" NO_OSSEC_SC="@comment " PF="@comment " NO_PF="" PGSQL_SC="@comment " NO_PGSQL_SC="" PORTS_TCP="" NO_PORTS_TCP="@comment " PORTS_UDP="" NO_PORTS_UDP="@comment " RADIUS="@comment " NO_RADIUS="" RESTART_AR="" NO_RESTART_AR="@comment " VSFTPD="@comment " NO_VSFTPD="" PREFIX=/usr/local LOCALBASE=/usr/local DATADIR=/usr/local/share/ossec-hids DOCSDIR=/usr/local/share/doc/ossec-hids EXAMPLESDIR=/usr/local/share/examples/ossec-hids WWWDIR=/usr/local/www/ossec-hids ETCDIR=/usr/local/etc/ossec-hids -------------------------------------------------- -- /etc/make.conf -------------------------------------------------- SYNTHPROFILE=Release-5.6 USE_PACKAGE_DEPENDS_ONLY=yes PACKAGE_BUILDING=yes BATCH=yes PKG_CREATE_VERBOSE=yes PORTSDIR=/xports DISTDIR=/distfiles WRKDIRPREFIX=/construction PORT_DBDIR=/options PACKAGES=/packages MAKE_JOBS_NUMBER_LIMIT=5 LICENSES_ACCEPTED= NONE HAVE_COMPAT_IA32_KERN= CONFIGURE_MAX_CMD_LEN=262144 _PERL5_FROM_BIN=5.28.1 _ALTCCVERSION_921dbbb2=none _OBJC_ALTCCVERSION_921dbbb2=none _SMP_CPUS=8 UID=0 ARCH=x86_64 OPSYS=DragonFly DFLYVERSION=500601 OSVERSION=9999999 OSREL=5.6 _OSRELEASE=5.6-SYNTH PYTHONBASE=/usr/local _PKG_CHECKED=1 -------------------------------------------------------------------------------- -- Phase: check-sanity -------------------------------------------------------------------------------- ===> License GPLv2 accepted by the user -------------------------------------------------------------------------------- -- Phase: pkg-depends -------------------------------------------------------------------------------- ===> ossec-hids-local-config-3.3.0 depends on file: /usr/local/sbin/pkg - not found ===> Installing existing package /packages/All/pkg-1.11.1.txz Installing pkg-1.11.1... Extracting pkg-1.11.1: .......... done ===> ossec-hids-local-config-3.3.0 depends on file: /usr/local/sbin/pkg - found ===> Returning to build of ossec-hids-local-config-3.3.0 -------------------------------------------------------------------------------- -- Phase: fetch-depends -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: fetch -------------------------------------------------------------------------------- ===> License GPLv2 accepted by the user ===> Fetching all distfiles required by ossec-hids-local-config-3.3.0 for building -------------------------------------------------------------------------------- -- Phase: checksum -------------------------------------------------------------------------------- ===> License GPLv2 accepted by the user ===> Fetching all distfiles required by ossec-hids-local-config-3.3.0 for building -------------------------------------------------------------------------------- -- Phase: extract-depends -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: extract -------------------------------------------------------------------------------- ===> License GPLv2 accepted by the user ===> Fetching all distfiles required by ossec-hids-local-config-3.3.0 for building ===> Extracting for ossec-hids-local-config-3.3.0 -------------------------------------------------------------------------------- -- Phase: patch-depends -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: patch -------------------------------------------------------------------------------- ===> Patching for ossec-hids-local-config-3.3.0 -------------------------------------------------------------------------------- -- Phase: build-depends -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: lib-depends -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: configure -------------------------------------------------------------------------------- ===> Configuring for ossec-hids-local-config-3.3.0 -------------------------------------------------------------------------------- -- Phase: build -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -- Phase: run-depends -------------------------------------------------------------------------------- ===> ossec-hids-local-config-3.3.0 depends on package: ossec-hids-local>=3.3.0 - not found ===> Installing existing package /packages/All/ossec-hids-local-3.3.0.txz Installing ossec-hids-local-3.3.0... `-- Installing expect-5.45.4_1,1... | `-- Installing tcl86-8.6.9_1... | `-- Extracting tcl86-8.6.9_1: .......... done `-- Extracting expect-5.45.4_1,1: .......... done `-- Installing libinotify-20180201_1... `-- Extracting libinotify-20180201_1: .......... done `-- Installing libressl-2.9.2... `-- Extracting libressl-2.9.2: .......... done `-- Installing pcre2-10.32_1... `-- Extracting pcre2-10.32_1: .......... done ===> Creating groups. Creating group 'ossec' with gid '966'. ===> Creating users Creating user 'ossec' with uid '966'. Creating user 'ossecm' with uid '967'. Creating user 'ossecr' with uid '968'. Extracting ossec-hids-local-3.3.0: ......... done Message from expect-5.45.4_1,1: To avoid conflicts, example scripts and man pages have been renamed by prefixing them with "expect_". They are in /usr/local/bin and /usr/local/man/man1, respectively. Message from libinotify-20180201_1: ============================================================================ Libinotify functionality on FreeBSD is missing support for - detecting a file being moved into or out of a directory within the same filesystem - certain modifications to a symbolic link (rather than the file it points to.) in addition to the known limitations on all platforms using kqueue(2) where various open and close notifications are unimplemented. This means the following regression tests will fail: Directory notifications: IN_MOVED_FROM IN_MOVED_TO Open/close notifications: IN_OPEN IN_CLOSE_NOWRITE IN_CLOSE_WRITE Symbolic Link notifications: IN_DONT_FOLLOW IN_ATTRIB IN_MOVE_SELF IN_DELETE_SELF Kernel patches to address the missing directory and symbolic link notifications are available from: https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches ============================================================================= You might want to consider increasing the kern.maxfiles tunable if you plan to use this library for applications that need to monitor activity of a lot of files. ============================================================================= Message from ossec-hids-local-3.3.0: All the files related to OSSEC have been installed in: /usr/local/ossec-hids You need to create main configuration file: /usr/local/ossec-hids/etc/ossec.conf For information on proper configuration see: https://www.ossec.net/docs/syntax/ossec_config.html To enable the startup script add ossec_hids_enable="YES" to /etc/rc.conf. If you intend to use "firewall-drop" active response on this OSSEC instance create the script: /usr/local/ossec-hids/active-response/bin/firewall-drop.sh You can copy or hard link (symbolic link is not supported) one of the scripts already provided by OSSEC: /usr/local/ossec-hids/active-response/bin/ipfilter.sh /usr/local/ossec-hids/active-response/bin/ipfw.sh /usr/local/ossec-hids/active-response/bin/pf.sh For further steps see the documentation: https://www.ossec.net/docs/syntax/head_ossec_config.active-response.html Consider installing "security/ossec-hids-local-config" to ease OSSEC configuration. For additional help execute: # /usr/local/etc/rc.d/ossec-hids help ===> ossec-hids-local-config-3.3.0 depends on package: ossec-hids-local>=3.3.0 - found ===> Returning to build of ossec-hids-local-config-3.3.0 -------------------------------------------------------------------------------- -- Phase: stage -------------------------------------------------------------------------------- ===> Staging for ossec-hids-local-config-3.3.0 ===> Generating temporary packing list ====> Compressing man pages (compress-man) *** Error code 1 (ignored) *** Error code 1 (ignored) *** Error code 1 (ignored) -------------------------------------------------------------------------------- -- Phase: package -------------------------------------------------------------------------------- ===> Building package for ossec-hids-local-config-3.3.0 file sizes/checksums [23]: . done packing files [23]: . done packing directories [10]: . done -------------------------------------------------- -- Termination -------------------------------------------------- Finished: Wednesday, 24 JUL 2019 at 11:49:09 UTC Duration: 00:00:18