diff options
-rw-r--r-- | testing/ossec-hids/00_a-out-h-path.patch | 13 | ||||
-rw-r--r-- | testing/ossec-hids/01_makefile.patch | 76 | ||||
-rw-r--r-- | testing/ossec-hids/02_ossec-server.conf.patch | 84 | ||||
-rw-r--r-- | testing/ossec-hids/APKBUILD | 76 | ||||
-rw-r--r-- | testing/ossec-hids/alpine-install-server.patch | 163 | ||||
-rwxr-xr-x | testing/ossec-hids/ossec-hids.initd | 57 | ||||
-rw-r--r-- | testing/ossec-hids/ossec-hids.logrotate | 5 | ||||
-rwxr-xr-x | testing/ossec-hids/ossec-hids.pre-install | 9 |
8 files changed, 483 insertions, 0 deletions
diff --git a/testing/ossec-hids/00_a-out-h-path.patch b/testing/ossec-hids/00_a-out-h-path.patch new file mode 100644 index 0000000000..b9e5a246cd --- /dev/null +++ b/testing/ossec-hids/00_a-out-h-path.patch @@ -0,0 +1,13 @@ +diff --git a/src/rootcheck/os_string.c b/src/rootcheck/os_string.c +index 069f5bd..e5aafca 100755 +--- a/src/rootcheck/os_string.c ++++ b/src/rootcheck/os_string.c +@@ -78,7 +78,7 @@ struct exec + + #else + +-#include <a.out.h> ++#include <linux/a.out.h> + #endif + + diff --git a/testing/ossec-hids/01_makefile.patch b/testing/ossec-hids/01_makefile.patch new file mode 100644 index 0000000000..c0536f29d3 --- /dev/null +++ b/testing/ossec-hids/01_makefile.patch @@ -0,0 +1,76 @@ +Index: ossec-hids-2.8.2/Makefile +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ ossec-hids-2.8.2/Makefile 2015-08-10 04:36:27.819134760 +0000 +@@ -0,0 +1,71 @@ ++# ++# Santiago Bassett <santiago.bassett@gmail.com> ++# 06/15/2015 ++# ++ ++DESTDIR?=/ ++DIR=$(DESTDIR)/var/ossec ++OSSEC_INIT=$(DIR)/etc/ossec-init.conf ++ ++all: ++ echo "HEXTRA=-DMAX_AGENTS=16384" >> src/Config.OS ++ (cd src; make all; make build) ++ ++clean: ++ rm bin/* || /bin/true ++ mkdir -p $(DIR)/rules/translated/ ++ chmod 750 $(DIR) || /bin/true ++ chmod 750 $(DIR)/* || /bin/true ++ chmod 750 $(DIR)/rules/translated/ || /bin/true ++ chmod 750 $(DIR)/rules/translated/* || /bin/true ++ (cd src; make clean) ++ rm -f src/Config.OS ++ rm -f src/analysisd/compiled_rules/compiled_rules.h ++ rm -f src/isbigendian.c ++ rm -f src/analysisd/ossec-makelists ++ rm -f src/analysisd/ossec-logtest ++ rm -f src/isbigendian ++ ++install: ++ mkdir -p $(DIR) ++ (cd $(DIR); mkdir -p logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/init.d etc/shared active-response active-response/bin agentless .ssh contrib) ++ cp -pr etc/rules/* $(DIR)/rules/ ++ chmod -x $(DIR)/rules/*.xml ++ chmod -x $(DIR)/rules/log-entries/* ++ chmod -x $(DIR)/rules/translated/pure_ftpd/*.xml ++ cp -pL /etc/localtime $(DIR)/etc/ 2>/dev/null || /bin/true ++ cp -p /etc/TIMEZONE $(DIR)/etc/ 2>/dev/null || /bin/true ++ cp -p contrib/compile_alerts.pl $(DIR)/contrib/ ++ cp -p contrib/compile_alerts.txt $(DIR)/contrib/ ++ cp -p contrib/config2xml $(DIR)/contrib/ ++ cp -p contrib/ossec-batch-manager.pl $(DIR)/contrib/ ++ cp -p contrib/ossec-eps.sh $(DIR)/contrib/ ++ cp -pr bin/ossec* $(DIR)/bin/ ++ cp -pr bin/manage_agents $(DIR)/bin/ ++ cp -pr bin/syscheck_update $(DIR)/bin/ ++ cp -pr bin/verify-agent-conf $(DIR)/bin/ ++ cp -pr bin/clear_stats $(DIR)/bin/ ++ cp -pr bin/list_agents $(DIR)/bin/ ++ cp -pr bin/agent_control $(DIR)/bin/ ++ cp -pr bin/syscheck_control $(DIR)/bin/ ++ cp -pr bin/rootcheck_control $(DIR)/bin/ ++ cp -pr contrib/util.sh $(DIR)/bin/ ++ cp -pr src/init/ossec-server.sh $(DIR)/bin/ossec-control ++ cp -pr etc/decoder.xml $(DIR)/etc/ ++ chmod -x $(DIR)/etc/decoder.xml ++ cp -pr etc/local_decoder.xml $(DIR)/etc/ > /dev/null 2>&1 || /bin/true ++ cp -pr etc/local_internal_options.conf $(DIR)/etc/ > /dev/null 2>&1 || /bin/true ++ cp -pr etc/client.keys $(DIR)/etc/ > /dev/null 2>&1 ||/bin/true ++ cp -pr src/agentlessd/scripts/* $(DIR)/agentless/ ++ cp -pr etc/internal_options.conf $(DIR)/etc/ ++ chmod -x $(DIR)/etc/internal_options.conf ++ cp -pr etc/ossec-server.conf $(DIR)/etc/ossec.conf ++ chmod -x $(DIR)/etc/ossec.conf ++ cp -pr src/rootcheck/db/*.txt $(DIR)/etc/shared/ ++ chmod -x $(DIR)/etc/shared/*.txt ++ cp -p active-response/*.sh $(DIR)/active-response/bin/ ++ cp -p active-response/firewalls/*.sh $(DIR)/active-response/bin/ ++ echo "DIRECTORY=\"/var/ossec\"" > $(OSSEC_INIT) ++ echo "VERSION=\"$(cat src/VERSION)" >> $(OSSEC_INIT) ++ echo "DATE=\"`date`\"" >> $(OSSEC_INIT) ++ echo "TYPE=\"server\"" >> $(OSSEC_INIT) diff --git a/testing/ossec-hids/02_ossec-server.conf.patch b/testing/ossec-hids/02_ossec-server.conf.patch new file mode 100644 index 0000000000..f09a2045ed --- /dev/null +++ b/testing/ossec-hids/02_ossec-server.conf.patch @@ -0,0 +1,84 @@ +diff --git a/etc/ossec-server.conf b/etc/ossec-server.conf +index 1a4998c..da49262 100755 +--- a/etc/ossec-server.conf ++++ b/etc/ossec-server.conf +@@ -2,10 +2,10 @@ + + <ossec_config> + <global> +- <email_notification>yes</email_notification> +- <email_to>daniel.cid@xxx.com</email_to> +- <smtp_server>smtp.xxx.com.</smtp_server> +- <email_from>ossecm@ossec.xxx.com.</email_from> ++ <email_notification>no</email_notification> ++ <email_to>your_email_address@example.com</email_to> ++ <smtp_server>smtp.your_domain.com.</smtp_server> ++ <email_from>ossecm@ossec.your_domain.com.</email_from> + </global> + + <rules> +@@ -94,10 +94,6 @@ + + <global> + <white_list>127.0.0.1</white_list> +- <white_list>192.168.2.1</white_list> +- <white_list>192.168.2.190</white_list> +- <white_list>192.168.2.32</white_list> +- <white_list>192.168.2.10</white_list> + </global> + + <remote> +@@ -138,6 +134,7 @@ + - level (severity) >= 6. + - The IP is going to be blocked for 600 seconds. + --> ++ <disabled>yes</disabled> + <command>host-deny</command> + <location>local</location> + <level>6</level> +@@ -149,6 +146,7 @@ + - 600 seconds on the firewall (iptables, + - ipfilter, etc). + --> ++ <disabled>yes</disabled> + <command>firewall-drop</command> + <location>local</location> + <level>6</level> +@@ -164,31 +162,31 @@ + + <localfile> + <log_format>syslog</log_format> +- <location>/var/log/authlog</location> ++ <location>/var/log/auth.log</location> + </localfile> + + <localfile> + <log_format>syslog</log_format> +- <location>/var/log/secure</location> ++ <location>/var/log/syslog</location> + </localfile> + + <localfile> + <log_format>syslog</log_format> +- <location>/var/log/xferlog</location> ++ <location>/var/log/daemon.log</location> + </localfile> + + <localfile> + <log_format>syslog</log_format> +- <location>/var/log/maillog</location> ++ <location>/var/log/mail.log</location> + </localfile> + + <localfile> + <log_format>apache</log_format> +- <location>/var/www/logs/access_log</location> ++ <location>/var/log/apache2/access_log</location> + </localfile> + + <localfile> + <log_format>apache</log_format> +- <location>/var/www/logs/error_log</location> ++ <location>/var/log/apache2/error_log</location> + </localfile> + </ossec_config> diff --git a/testing/ossec-hids/APKBUILD b/testing/ossec-hids/APKBUILD new file mode 100644 index 0000000000..17ad40699f --- /dev/null +++ b/testing/ossec-hids/APKBUILD @@ -0,0 +1,76 @@ +# Contributor: Francesco Colista <fcolista@alpinelinux.org> +# Maintainer: Francesco Colista <fcolista@alpinelinux.org> +pkgname=ossec-hids +pkgver=2.8.3 +pkgrel=0 +pkgdesc="Open Source Host-based Intrusion Detection System" +url="http://www.ossec.net/" +arch="all" +license="GPL3" +depends="inotify-tools procps" +makedepends="linux-headers inotify-tools-dev findutils file" +install="$pkgname.pre-install" +subpackages="$pkgname-doc" +pkgusers="ossec ossecm ossecr" +pkggroups="ossec" +source="https://github.com/ossec/$pkgname/archive/$_pkgver/$pkgname-$pkgver.tar.gz + $pkgname.initd + $pkgname.logrotate + 00_a-out-h-path.patch + 01_makefile.patch + 02_ossec-server.conf.patch + alpine-install-server.patch" +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + make all || return 1 +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + install -D -m755 "$srcdir"/$pkgname.initd \ + "$pkgdir"/etc/init.d/$pkgname || return 1 + install -m644 -D "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname || return 1 + cat << EOF > "$pkgdir"/etc/ossec-init.conf +DIRECTORY="/var/ossec" +VERSION="$(cat src/VERSION)" +DATE="$(date)" +TYPE="server" +EOF + mkdir -p "$pkgdir"/var/ossec/logs + set -- $pkgusers + cd src + ./InstallServer.sh $1 $2 $3 $pkggroups $pkgdir +} + +doc() { + pkgdesc="Documentation for $pkgname" + cd "$builddir" + mkdir -p "$subpkgdir"/usr/share/doc/$pkgname + cp -a doc/* \ + "$subpkgdir"/usr/share/doc/$pkgname +} + +md5sums="bcf783c2273805e2a4c2112011fafb83 ossec-hids-2.8.3.tar.gz +eb24bd8d360ae7f6e7e6f585b5256090 ossec-hids.initd +0ccfe4ca38cea21d60317210bd909d24 ossec-hids.logrotate +00139c3f9f9e0d1baf58bb5d59894be6 00_a-out-h-path.patch +4a6c8f64ec4444cd75f5ba76556ed4eb 01_makefile.patch +eda7f4b045633776043f492a4762be50 02_ossec-server.conf.patch +12427250585507a9c7029c0db5ceb2a2 alpine-install-server.patch" +sha256sums="917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd ossec-hids-2.8.3.tar.gz +e0494b017f69c2059399564e33eba4f957d054c3a3fd291a10d8f015e1e4dd68 ossec-hids.initd +e97742265e5f6b792e44846bf8ca71b8cc2afd0b762bbc4b226f625486e148ef ossec-hids.logrotate +fe5072a5fac89bc44ab0f91909e9a8781ea23df91ff6faec3f62a87151d06eee 00_a-out-h-path.patch +11a629c2362b867087a78d01d1f7b4903bcb2e7ba704e7d406ccd50ff048f556 01_makefile.patch +f38bd4077546d5d4fd2b65b28fdd1694eb40437590910303808f513f70e3231b 02_ossec-server.conf.patch +ffce064fd087adf92107810fa8b4e65b7977d814b8a972814d69bb826ad365e5 alpine-install-server.patch" +sha512sums="3ec9504b5a6d36c303710b3aa9cfbe616b40deca671f4814340008b6e5edd9b2094bb7f1b441da788a5eec0f8095a0624ed42b8a8fc922274cd99db634994d1a ossec-hids-2.8.3.tar.gz +62f52d91de3751c149b1c354ebb87c0a8c4a81129403b80a8448c5e6542a67b4aa9e132aab2429781913eb909320b431b381828e414d44235bb8e9a8959e0d8b ossec-hids.initd +6cdf4852feabfdd043405e2570bb9a3013eb11c1865e9178fb67a019717d44fb0fedba05ab74c4334a1bae0a0c45912213dd7d6c7e1eab31853d40beea7596a0 ossec-hids.logrotate +f99f53ce5b84228de33ec3fc0bc4419714d2d7d2167d33629ab6c0d7372060c0eeb3cfc1f0696ddcacfcb7f3280f515b67427f85e5e925aeb0a6c5f6cc54f411 00_a-out-h-path.patch +1ba449afa65a9374c8fd2b1c2d00897b54c5e8ef2e0be95a1d8a8dd45dfe27d5b19c12f3a075d6021449bc1d2946fdc8c7654ddfce1e55d79d104a3add7e2850 01_makefile.patch +ee0baecaeacae782f43849e8c3c4afc0aef3cb238748209f8d1d0b2bd94bea59384474caba6a45bb4022e496ef1a50a3877447a3ccd1885a0a942c9cb6051c74 02_ossec-server.conf.patch +46ada63e1f9ddaf6eb6ed6f2cfaa1e4f16b665307fbab15e34e39444075b9a0e8efef63164d4f90bc47a95720cf3afc0c6f7ff6d892ca018f3739116ca961bd5 alpine-install-server.patch" diff --git a/testing/ossec-hids/alpine-install-server.patch b/testing/ossec-hids/alpine-install-server.patch new file mode 100644 index 0000000000..3399c2b0e2 --- /dev/null +++ b/testing/ossec-hids/alpine-install-server.patch @@ -0,0 +1,163 @@ +diff --git a/src/InstallServer.sh b/src/InstallServer.sh +index e619d99..307ada7 100755 +--- a/src/InstallServer.sh ++++ b/src/InstallServer.sh +@@ -1,37 +1,14 @@ + #!/bin/sh + +- +-# Checking if it is executed from the right place +-LOCATION=./LOCATION +-ls ${LOCATION} > /dev/null 2>&1 +-if [ $? != 0 ]; then +- echo "Cannot execute. Wrong directory" +- exit 1; +-fi +- +-# Getting any argument +-if [ "X$1" = "Xlocal" ]; then +- # Setting local install +- LOCAL="local" +-fi +- + UNAME=`uname`; +- +-# Getting default variables +-DIR=`grep DIR ${LOCATION} | cut -f2 -d\"` +-GROUP="ossec" +-USER="ossec" +-USER_MAIL="ossecm" +-USER_REM="ossecr" ++DIR=$5/var/ossec ++# Need this to have $pkgusers and $pkggroups being passed from APKBUILD ++GROUP="$4" ++USER="$1" ++USER_MAIL="$2" ++USER_REM="$3" + subdirs="logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh" + +-# ${DIR} must be set +-if [ "X${DIR}" = "X" ]; then +- echo "Error building OSSEC HIDS." +- exit 1; +-fi +- +- + # Creating root directory + ls ${DIR} > /dev/null 2>&1 + if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi +@@ -42,78 +19,6 @@ if [ $? != 0 ]; then + fi + + +-# Creating groups/users +-if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then +- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- /usr/sbin/pw groupadd ${GROUP} +- /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP} +- /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP} +- /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP} +- fi +- +-elif [ "$UNAME" = "SunOS" ]; then +- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- /usr/sbin/groupadd ${GROUP} +- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER} +- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_MAIL} +- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_REM} +- fi +- +-elif [ "$UNAME" = "AIX" ]; then +- AIXSH="" +- ls -la /bin/false > /dev/null 2>&1 +- if [ $? = 0 ]; then +- AIXSH="-s /bin/false" +- fi +- +- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- /usr/bin/mkgroup ${GROUP} +- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER} +- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_MAIL} +- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_REM} +- fi +- +-# Thanks Chuck L. for the mac addusers +-elif [ "$UNAME" = "Darwin" ]; then +- id -u ${USER} > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- +- # Creating for <= 10.4 +- /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1 +- if [ $? = 0 ]; then +- chmod +x ./init/darwin-addusers.pl +- ./init/darwin-addusers.pl +- else +- chmod +x ./init/osx105-addusers.sh +- ./init/osx105-addusers.sh +- fi +- fi +-else +- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- /usr/sbin/groupadd ${GROUP} +- +- # We first check if /sbin/nologin is present. If it is not, +- # we look for bin/false. If none of them is present, we +- # just stick with nologin (no need to fail the install for that). +- OSMYSHELL="/sbin/nologin" +- ls -la ${OSMYSHELL} > /dev/null 2>&1 +- if [ ! $? = 0 ]; then +- ls -la /bin/false > /dev/null 2>&1 +- if [ $? = 0 ]; then +- OSMYSHELL="/bin/false" +- fi +- fi +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER} +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_MAIL} +- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_REM} +- fi +-fi +- +- + # Creating sub directories + for i in ${subdirs}; do + ls ${DIR}/${i} > /dev/null 2>&1 +@@ -221,13 +126,6 @@ if [ $? = 0 ]; then + chown root:${GROUP} ${DIR}/etc/localtime + fi + +-# Solaris Needs some extra files +-if [ "$UNAME" = "SunOS" ]; then +- mkdir -p ${DIR}/usr/share/lib/zoneinfo/ +- chmod -R 550 ${DIR}/usr/ +- cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ +-fi +- + ls /etc/TIMEZONE > /dev/null 2>&1 + if [ $? = 0 ]; then + cp -p /etc/TIMEZONE ${DIR}/etc/; +@@ -263,13 +161,6 @@ cp -pr ../contrib/util.sh ${DIR}/bin/ + chown root:${GROUP} ${DIR}/bin/util.sh + chmod +x ${DIR}/bin/util.sh + +-# Local install chosen +-if [ "X$LOCAL" = "Xlocal" ]; then +- cp -pr ./init/ossec-local.sh ${DIR}/bin/ossec-control +-else +- cp -pr ./init/ossec-server.sh ${DIR}/bin/ossec-control +-fi +- + # Moving the decoders/internal_conf file. + cp -pr ../etc/decoder.xml ${DIR}/etc/ + +@@ -281,7 +172,6 @@ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 + # Copying agentless files. + cp -pr agentlessd/scripts/* ${DIR}/agentless/ + +- + # Backup currently internal_options file. + ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1 + if [ $? = 0 ]; then diff --git a/testing/ossec-hids/ossec-hids.initd b/testing/ossec-hids/ossec-hids.initd new file mode 100755 index 0000000000..fd08d0b408 --- /dev/null +++ b/testing/ossec-hids/ossec-hids.initd @@ -0,0 +1,57 @@ +#!/sbin/openrc-run +DIRECTORY="/var/ossec" +OSSEC_CONTROL="${DIRECTORY}/bin/ossec-control" + +depend() { + need net + use logger +} + +configtest() { + ebegin "Checking OSSEC Configuration" + checkconfig + eend $? +} + +checkconfig() { + CONFIGFILE="${CONFIGFILE:-${DIRECTORY}/etc/ossec.conf}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + + # Maybe put some kind of config file syntax checking in here? XML is a little different + # so maybe not. + return $ret +} + +start() { + checkconfig || return 1 + ebegin "Starting ossec-hids" + ${OSSEC_CONTROL} start > /dev/null 2>&1 + eend $? +} + +stop() { + checkconfig || return 1 + ebegin "Stopping ossec-hids" + ${OSSEC_CONTROL} stop > /dev/null 2>&1 + eend $? +} + +restart() { + if ! service_started "${myservice}" ; then + eerror "OSSEC is not running! Please start it before trying to reload it." + else + checkconfig || return 1 + ebegin "Reloading ossec" + svc_stop ${OSSEC_CONTROL} + svc_start ${OSSEC_CONTROL} + eend $? + fi +} + +status() { + checkconfig || return 1 + ${OSSEC_CONTROL} status +} diff --git a/testing/ossec-hids/ossec-hids.logrotate b/testing/ossec-hids/ossec-hids.logrotate new file mode 100644 index 0000000000..7b6406819f --- /dev/null +++ b/testing/ossec-hids/ossec-hids.logrotate @@ -0,0 +1,5 @@ +/var/ossec/logs/active-responses.log /var/ossec/logs/ossec.log { + missingok + notifempty + copytruncate +} diff --git a/testing/ossec-hids/ossec-hids.pre-install b/testing/ossec-hids/ossec-hids.pre-install new file mode 100755 index 0000000000..8993001c8f --- /dev/null +++ b/testing/ossec-hids/ossec-hids.pre-install @@ -0,0 +1,9 @@ +#!/bin/sh + +addgroup -S ossec 2>/dev/null +adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossec 2>/dev/null +adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecm 2>/dev/null +adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecr 2>/dev/null + +exit 0 + |