aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--testing/ossec-hids/00_a-out-h-path.patch13
-rw-r--r--testing/ossec-hids/01_makefile.patch76
-rw-r--r--testing/ossec-hids/02_ossec-server.conf.patch84
-rw-r--r--testing/ossec-hids/APKBUILD76
-rw-r--r--testing/ossec-hids/alpine-install-server.patch163
-rwxr-xr-xtesting/ossec-hids/ossec-hids.initd57
-rw-r--r--testing/ossec-hids/ossec-hids.logrotate5
-rwxr-xr-xtesting/ossec-hids/ossec-hids.pre-install9
8 files changed, 483 insertions, 0 deletions
diff --git a/testing/ossec-hids/00_a-out-h-path.patch b/testing/ossec-hids/00_a-out-h-path.patch
new file mode 100644
index 0000000000..b9e5a246cd
--- /dev/null
+++ b/testing/ossec-hids/00_a-out-h-path.patch
@@ -0,0 +1,13 @@
+diff --git a/src/rootcheck/os_string.c b/src/rootcheck/os_string.c
+index 069f5bd..e5aafca 100755
+--- a/src/rootcheck/os_string.c
++++ b/src/rootcheck/os_string.c
+@@ -78,7 +78,7 @@ struct exec
+
+ #else
+
+-#include <a.out.h>
++#include <linux/a.out.h>
+ #endif
+
+
diff --git a/testing/ossec-hids/01_makefile.patch b/testing/ossec-hids/01_makefile.patch
new file mode 100644
index 0000000000..c0536f29d3
--- /dev/null
+++ b/testing/ossec-hids/01_makefile.patch
@@ -0,0 +1,76 @@
+Index: ossec-hids-2.8.2/Makefile
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ ossec-hids-2.8.2/Makefile 2015-08-10 04:36:27.819134760 +0000
+@@ -0,0 +1,71 @@
++#
++# Santiago Bassett <santiago.bassett@gmail.com>
++# 06/15/2015
++#
++
++DESTDIR?=/
++DIR=$(DESTDIR)/var/ossec
++OSSEC_INIT=$(DIR)/etc/ossec-init.conf
++
++all:
++ echo "HEXTRA=-DMAX_AGENTS=16384" >> src/Config.OS
++ (cd src; make all; make build)
++
++clean:
++ rm bin/* || /bin/true
++ mkdir -p $(DIR)/rules/translated/
++ chmod 750 $(DIR) || /bin/true
++ chmod 750 $(DIR)/* || /bin/true
++ chmod 750 $(DIR)/rules/translated/ || /bin/true
++ chmod 750 $(DIR)/rules/translated/* || /bin/true
++ (cd src; make clean)
++ rm -f src/Config.OS
++ rm -f src/analysisd/compiled_rules/compiled_rules.h
++ rm -f src/isbigendian.c
++ rm -f src/analysisd/ossec-makelists
++ rm -f src/analysisd/ossec-logtest
++ rm -f src/isbigendian
++
++install:
++ mkdir -p $(DIR)
++ (cd $(DIR); mkdir -p logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/init.d etc/shared active-response active-response/bin agentless .ssh contrib)
++ cp -pr etc/rules/* $(DIR)/rules/
++ chmod -x $(DIR)/rules/*.xml
++ chmod -x $(DIR)/rules/log-entries/*
++ chmod -x $(DIR)/rules/translated/pure_ftpd/*.xml
++ cp -pL /etc/localtime $(DIR)/etc/ 2>/dev/null || /bin/true
++ cp -p /etc/TIMEZONE $(DIR)/etc/ 2>/dev/null || /bin/true
++ cp -p contrib/compile_alerts.pl $(DIR)/contrib/
++ cp -p contrib/compile_alerts.txt $(DIR)/contrib/
++ cp -p contrib/config2xml $(DIR)/contrib/
++ cp -p contrib/ossec-batch-manager.pl $(DIR)/contrib/
++ cp -p contrib/ossec-eps.sh $(DIR)/contrib/
++ cp -pr bin/ossec* $(DIR)/bin/
++ cp -pr bin/manage_agents $(DIR)/bin/
++ cp -pr bin/syscheck_update $(DIR)/bin/
++ cp -pr bin/verify-agent-conf $(DIR)/bin/
++ cp -pr bin/clear_stats $(DIR)/bin/
++ cp -pr bin/list_agents $(DIR)/bin/
++ cp -pr bin/agent_control $(DIR)/bin/
++ cp -pr bin/syscheck_control $(DIR)/bin/
++ cp -pr bin/rootcheck_control $(DIR)/bin/
++ cp -pr contrib/util.sh $(DIR)/bin/
++ cp -pr src/init/ossec-server.sh $(DIR)/bin/ossec-control
++ cp -pr etc/decoder.xml $(DIR)/etc/
++ chmod -x $(DIR)/etc/decoder.xml
++ cp -pr etc/local_decoder.xml $(DIR)/etc/ > /dev/null 2>&1 || /bin/true
++ cp -pr etc/local_internal_options.conf $(DIR)/etc/ > /dev/null 2>&1 || /bin/true
++ cp -pr etc/client.keys $(DIR)/etc/ > /dev/null 2>&1 ||/bin/true
++ cp -pr src/agentlessd/scripts/* $(DIR)/agentless/
++ cp -pr etc/internal_options.conf $(DIR)/etc/
++ chmod -x $(DIR)/etc/internal_options.conf
++ cp -pr etc/ossec-server.conf $(DIR)/etc/ossec.conf
++ chmod -x $(DIR)/etc/ossec.conf
++ cp -pr src/rootcheck/db/*.txt $(DIR)/etc/shared/
++ chmod -x $(DIR)/etc/shared/*.txt
++ cp -p active-response/*.sh $(DIR)/active-response/bin/
++ cp -p active-response/firewalls/*.sh $(DIR)/active-response/bin/
++ echo "DIRECTORY=\"/var/ossec\"" > $(OSSEC_INIT)
++ echo "VERSION=\"$(cat src/VERSION)" >> $(OSSEC_INIT)
++ echo "DATE=\"`date`\"" >> $(OSSEC_INIT)
++ echo "TYPE=\"server\"" >> $(OSSEC_INIT)
diff --git a/testing/ossec-hids/02_ossec-server.conf.patch b/testing/ossec-hids/02_ossec-server.conf.patch
new file mode 100644
index 0000000000..f09a2045ed
--- /dev/null
+++ b/testing/ossec-hids/02_ossec-server.conf.patch
@@ -0,0 +1,84 @@
+diff --git a/etc/ossec-server.conf b/etc/ossec-server.conf
+index 1a4998c..da49262 100755
+--- a/etc/ossec-server.conf
++++ b/etc/ossec-server.conf
+@@ -2,10 +2,10 @@
+
+ <ossec_config>
+ <global>
+- <email_notification>yes</email_notification>
+- <email_to>daniel.cid@xxx.com</email_to>
+- <smtp_server>smtp.xxx.com.</smtp_server>
+- <email_from>ossecm@ossec.xxx.com.</email_from>
++ <email_notification>no</email_notification>
++ <email_to>your_email_address@example.com</email_to>
++ <smtp_server>smtp.your_domain.com.</smtp_server>
++ <email_from>ossecm@ossec.your_domain.com.</email_from>
+ </global>
+
+ <rules>
+@@ -94,10 +94,6 @@
+
+ <global>
+ <white_list>127.0.0.1</white_list>
+- <white_list>192.168.2.1</white_list>
+- <white_list>192.168.2.190</white_list>
+- <white_list>192.168.2.32</white_list>
+- <white_list>192.168.2.10</white_list>
+ </global>
+
+ <remote>
+@@ -138,6 +134,7 @@
+ - level (severity) >= 6.
+ - The IP is going to be blocked for 600 seconds.
+ -->
++ <disabled>yes</disabled>
+ <command>host-deny</command>
+ <location>local</location>
+ <level>6</level>
+@@ -149,6 +146,7 @@
+ - 600 seconds on the firewall (iptables,
+ - ipfilter, etc).
+ -->
++ <disabled>yes</disabled>
+ <command>firewall-drop</command>
+ <location>local</location>
+ <level>6</level>
+@@ -164,31 +162,31 @@
+
+ <localfile>
+ <log_format>syslog</log_format>
+- <location>/var/log/authlog</location>
++ <location>/var/log/auth.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+- <location>/var/log/secure</location>
++ <location>/var/log/syslog</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+- <location>/var/log/xferlog</location>
++ <location>/var/log/daemon.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+- <location>/var/log/maillog</location>
++ <location>/var/log/mail.log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>apache</log_format>
+- <location>/var/www/logs/access_log</location>
++ <location>/var/log/apache2/access_log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>apache</log_format>
+- <location>/var/www/logs/error_log</location>
++ <location>/var/log/apache2/error_log</location>
+ </localfile>
+ </ossec_config>
diff --git a/testing/ossec-hids/APKBUILD b/testing/ossec-hids/APKBUILD
new file mode 100644
index 0000000000..17ad40699f
--- /dev/null
+++ b/testing/ossec-hids/APKBUILD
@@ -0,0 +1,76 @@
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=ossec-hids
+pkgver=2.8.3
+pkgrel=0
+pkgdesc="Open Source Host-based Intrusion Detection System"
+url="http://www.ossec.net/"
+arch="all"
+license="GPL3"
+depends="inotify-tools procps"
+makedepends="linux-headers inotify-tools-dev findutils file"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc"
+pkgusers="ossec ossecm ossecr"
+pkggroups="ossec"
+source="https://github.com/ossec/$pkgname/archive/$_pkgver/$pkgname-$pkgver.tar.gz
+ $pkgname.initd
+ $pkgname.logrotate
+ 00_a-out-h-path.patch
+ 01_makefile.patch
+ 02_ossec-server.conf.patch
+ alpine-install-server.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ make all || return 1
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ install -D -m755 "$srcdir"/$pkgname.initd \
+ "$pkgdir"/etc/init.d/$pkgname || return 1
+ install -m644 -D "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname || return 1
+ cat << EOF > "$pkgdir"/etc/ossec-init.conf
+DIRECTORY="/var/ossec"
+VERSION="$(cat src/VERSION)"
+DATE="$(date)"
+TYPE="server"
+EOF
+ mkdir -p "$pkgdir"/var/ossec/logs
+ set -- $pkgusers
+ cd src
+ ./InstallServer.sh $1 $2 $3 $pkggroups $pkgdir
+}
+
+doc() {
+ pkgdesc="Documentation for $pkgname"
+ cd "$builddir"
+ mkdir -p "$subpkgdir"/usr/share/doc/$pkgname
+ cp -a doc/* \
+ "$subpkgdir"/usr/share/doc/$pkgname
+}
+
+md5sums="bcf783c2273805e2a4c2112011fafb83 ossec-hids-2.8.3.tar.gz
+eb24bd8d360ae7f6e7e6f585b5256090 ossec-hids.initd
+0ccfe4ca38cea21d60317210bd909d24 ossec-hids.logrotate
+00139c3f9f9e0d1baf58bb5d59894be6 00_a-out-h-path.patch
+4a6c8f64ec4444cd75f5ba76556ed4eb 01_makefile.patch
+eda7f4b045633776043f492a4762be50 02_ossec-server.conf.patch
+12427250585507a9c7029c0db5ceb2a2 alpine-install-server.patch"
+sha256sums="917989e23330d18b0d900e8722392cdbe4f17364a547508742c0fd005a1df7dd ossec-hids-2.8.3.tar.gz
+e0494b017f69c2059399564e33eba4f957d054c3a3fd291a10d8f015e1e4dd68 ossec-hids.initd
+e97742265e5f6b792e44846bf8ca71b8cc2afd0b762bbc4b226f625486e148ef ossec-hids.logrotate
+fe5072a5fac89bc44ab0f91909e9a8781ea23df91ff6faec3f62a87151d06eee 00_a-out-h-path.patch
+11a629c2362b867087a78d01d1f7b4903bcb2e7ba704e7d406ccd50ff048f556 01_makefile.patch
+f38bd4077546d5d4fd2b65b28fdd1694eb40437590910303808f513f70e3231b 02_ossec-server.conf.patch
+ffce064fd087adf92107810fa8b4e65b7977d814b8a972814d69bb826ad365e5 alpine-install-server.patch"
+sha512sums="3ec9504b5a6d36c303710b3aa9cfbe616b40deca671f4814340008b6e5edd9b2094bb7f1b441da788a5eec0f8095a0624ed42b8a8fc922274cd99db634994d1a ossec-hids-2.8.3.tar.gz
+62f52d91de3751c149b1c354ebb87c0a8c4a81129403b80a8448c5e6542a67b4aa9e132aab2429781913eb909320b431b381828e414d44235bb8e9a8959e0d8b ossec-hids.initd
+6cdf4852feabfdd043405e2570bb9a3013eb11c1865e9178fb67a019717d44fb0fedba05ab74c4334a1bae0a0c45912213dd7d6c7e1eab31853d40beea7596a0 ossec-hids.logrotate
+f99f53ce5b84228de33ec3fc0bc4419714d2d7d2167d33629ab6c0d7372060c0eeb3cfc1f0696ddcacfcb7f3280f515b67427f85e5e925aeb0a6c5f6cc54f411 00_a-out-h-path.patch
+1ba449afa65a9374c8fd2b1c2d00897b54c5e8ef2e0be95a1d8a8dd45dfe27d5b19c12f3a075d6021449bc1d2946fdc8c7654ddfce1e55d79d104a3add7e2850 01_makefile.patch
+ee0baecaeacae782f43849e8c3c4afc0aef3cb238748209f8d1d0b2bd94bea59384474caba6a45bb4022e496ef1a50a3877447a3ccd1885a0a942c9cb6051c74 02_ossec-server.conf.patch
+46ada63e1f9ddaf6eb6ed6f2cfaa1e4f16b665307fbab15e34e39444075b9a0e8efef63164d4f90bc47a95720cf3afc0c6f7ff6d892ca018f3739116ca961bd5 alpine-install-server.patch"
diff --git a/testing/ossec-hids/alpine-install-server.patch b/testing/ossec-hids/alpine-install-server.patch
new file mode 100644
index 0000000000..3399c2b0e2
--- /dev/null
+++ b/testing/ossec-hids/alpine-install-server.patch
@@ -0,0 +1,163 @@
+diff --git a/src/InstallServer.sh b/src/InstallServer.sh
+index e619d99..307ada7 100755
+--- a/src/InstallServer.sh
++++ b/src/InstallServer.sh
+@@ -1,37 +1,14 @@
+ #!/bin/sh
+
+-
+-# Checking if it is executed from the right place
+-LOCATION=./LOCATION
+-ls ${LOCATION} > /dev/null 2>&1
+-if [ $? != 0 ]; then
+- echo "Cannot execute. Wrong directory"
+- exit 1;
+-fi
+-
+-# Getting any argument
+-if [ "X$1" = "Xlocal" ]; then
+- # Setting local install
+- LOCAL="local"
+-fi
+-
+ UNAME=`uname`;
+-
+-# Getting default variables
+-DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
+-GROUP="ossec"
+-USER="ossec"
+-USER_MAIL="ossecm"
+-USER_REM="ossecr"
++DIR=$5/var/ossec
++# Need this to have $pkgusers and $pkggroups being passed from APKBUILD
++GROUP="$4"
++USER="$1"
++USER_MAIL="$2"
++USER_REM="$3"
+ subdirs="logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh"
+
+-# ${DIR} must be set
+-if [ "X${DIR}" = "X" ]; then
+- echo "Error building OSSEC HIDS."
+- exit 1;
+-fi
+-
+-
+ # Creating root directory
+ ls ${DIR} > /dev/null 2>&1
+ if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
+@@ -42,78 +19,6 @@ if [ $? != 0 ]; then
+ fi
+
+
+-# Creating groups/users
+-if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
+- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+- /usr/sbin/pw groupadd ${GROUP}
+- /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+- /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+- /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
+- fi
+-
+-elif [ "$UNAME" = "SunOS" ]; then
+- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+- /usr/sbin/groupadd ${GROUP}
+- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
+- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_MAIL}
+- /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_REM}
+- fi
+-
+-elif [ "$UNAME" = "AIX" ]; then
+- AIXSH=""
+- ls -la /bin/false > /dev/null 2>&1
+- if [ $? = 0 ]; then
+- AIXSH="-s /bin/false"
+- fi
+-
+- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+- /usr/bin/mkgroup ${GROUP}
+- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
+- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_MAIL}
+- /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_REM}
+- fi
+-
+-# Thanks Chuck L. for the mac addusers
+-elif [ "$UNAME" = "Darwin" ]; then
+- id -u ${USER} > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+-
+- # Creating for <= 10.4
+- /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
+- if [ $? = 0 ]; then
+- chmod +x ./init/darwin-addusers.pl
+- ./init/darwin-addusers.pl
+- else
+- chmod +x ./init/osx105-addusers.sh
+- ./init/osx105-addusers.sh
+- fi
+- fi
+-else
+- grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+- /usr/sbin/groupadd ${GROUP}
+-
+- # We first check if /sbin/nologin is present. If it is not,
+- # we look for bin/false. If none of them is present, we
+- # just stick with nologin (no need to fail the install for that).
+- OSMYSHELL="/sbin/nologin"
+- ls -la ${OSMYSHELL} > /dev/null 2>&1
+- if [ ! $? = 0 ]; then
+- ls -la /bin/false > /dev/null 2>&1
+- if [ $? = 0 ]; then
+- OSMYSHELL="/bin/false"
+- fi
+- fi
+- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
+- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_MAIL}
+- /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_REM}
+- fi
+-fi
+-
+-
+ # Creating sub directories
+ for i in ${subdirs}; do
+ ls ${DIR}/${i} > /dev/null 2>&1
+@@ -221,13 +126,6 @@ if [ $? = 0 ]; then
+ chown root:${GROUP} ${DIR}/etc/localtime
+ fi
+
+-# Solaris Needs some extra files
+-if [ "$UNAME" = "SunOS" ]; then
+- mkdir -p ${DIR}/usr/share/lib/zoneinfo/
+- chmod -R 550 ${DIR}/usr/
+- cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
+-fi
+-
+ ls /etc/TIMEZONE > /dev/null 2>&1
+ if [ $? = 0 ]; then
+ cp -p /etc/TIMEZONE ${DIR}/etc/;
+@@ -263,13 +161,6 @@ cp -pr ../contrib/util.sh ${DIR}/bin/
+ chown root:${GROUP} ${DIR}/bin/util.sh
+ chmod +x ${DIR}/bin/util.sh
+
+-# Local install chosen
+-if [ "X$LOCAL" = "Xlocal" ]; then
+- cp -pr ./init/ossec-local.sh ${DIR}/bin/ossec-control
+-else
+- cp -pr ./init/ossec-server.sh ${DIR}/bin/ossec-control
+-fi
+-
+ # Moving the decoders/internal_conf file.
+ cp -pr ../etc/decoder.xml ${DIR}/etc/
+
+@@ -281,7 +172,6 @@ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
+ # Copying agentless files.
+ cp -pr agentlessd/scripts/* ${DIR}/agentless/
+
+-
+ # Backup currently internal_options file.
+ ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
+ if [ $? = 0 ]; then
diff --git a/testing/ossec-hids/ossec-hids.initd b/testing/ossec-hids/ossec-hids.initd
new file mode 100755
index 0000000000..fd08d0b408
--- /dev/null
+++ b/testing/ossec-hids/ossec-hids.initd
@@ -0,0 +1,57 @@
+#!/sbin/openrc-run
+DIRECTORY="/var/ossec"
+OSSEC_CONTROL="${DIRECTORY}/bin/ossec-control"
+
+depend() {
+ need net
+ use logger
+}
+
+configtest() {
+ ebegin "Checking OSSEC Configuration"
+ checkconfig
+ eend $?
+}
+
+checkconfig() {
+ CONFIGFILE="${CONFIGFILE:-${DIRECTORY}/etc/ossec.conf}"
+ if [ ! -r "${CONFIGFILE}" ]; then
+ eerror "Unable to read configuration file: ${CONFIGFILE}"
+ return 1
+ fi
+
+ # Maybe put some kind of config file syntax checking in here? XML is a little different
+ # so maybe not.
+ return $ret
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting ossec-hids"
+ ${OSSEC_CONTROL} start > /dev/null 2>&1
+ eend $?
+}
+
+stop() {
+ checkconfig || return 1
+ ebegin "Stopping ossec-hids"
+ ${OSSEC_CONTROL} stop > /dev/null 2>&1
+ eend $?
+}
+
+restart() {
+ if ! service_started "${myservice}" ; then
+ eerror "OSSEC is not running! Please start it before trying to reload it."
+ else
+ checkconfig || return 1
+ ebegin "Reloading ossec"
+ svc_stop ${OSSEC_CONTROL}
+ svc_start ${OSSEC_CONTROL}
+ eend $?
+ fi
+}
+
+status() {
+ checkconfig || return 1
+ ${OSSEC_CONTROL} status
+}
diff --git a/testing/ossec-hids/ossec-hids.logrotate b/testing/ossec-hids/ossec-hids.logrotate
new file mode 100644
index 0000000000..7b6406819f
--- /dev/null
+++ b/testing/ossec-hids/ossec-hids.logrotate
@@ -0,0 +1,5 @@
+/var/ossec/logs/active-responses.log /var/ossec/logs/ossec.log {
+ missingok
+ notifempty
+ copytruncate
+}
diff --git a/testing/ossec-hids/ossec-hids.pre-install b/testing/ossec-hids/ossec-hids.pre-install
new file mode 100755
index 0000000000..8993001c8f
--- /dev/null
+++ b/testing/ossec-hids/ossec-hids.pre-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+addgroup -S ossec 2>/dev/null
+adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossec 2>/dev/null
+adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecm 2>/dev/null
+adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecr 2>/dev/null
+
+exit 0
+