diff options
-rw-r--r-- | testing/ossec-hids-agent/APKBUILD | 85 | ||||
-rw-r--r-- | testing/ossec-hids-agent/config | 63 | ||||
-rw-r--r-- | testing/ossec-hids-agent/makefile.patch | 47 | ||||
-rw-r--r-- | testing/ossec-hids-agent/musl_lack_of_a_out_h.patch | 13 | ||||
-rw-r--r-- | testing/ossec-hids-agent/ossec-hids-agent.logrotate | 5 |
5 files changed, 213 insertions, 0 deletions
diff --git a/testing/ossec-hids-agent/APKBUILD b/testing/ossec-hids-agent/APKBUILD new file mode 100644 index 0000000000..ecd7b6968a --- /dev/null +++ b/testing/ossec-hids-agent/APKBUILD @@ -0,0 +1,85 @@ +# Contributor: Francesco Colista <fcolista@alpinelinux.org> +# Maintainer: Francesco Colista <fcolista@alpinelinux.org> +pkgname=ossec-hids-agent +_target=${pkgname/ossec-hids-/} +pkgver=3.6.0 +pkgrel=0 +pkgdesc="Open Source Host-based Intrusion Detection System" +url="https://www.ossec.net/" +arch="all !aarch64 !armhf !armv7" +license="GPL-2.0-only WITH openssl-exception" +depends="inotify-tools procps ossec-hids-openrc" +makedepends="linux-headers bsd-compat-headers openssl-dev \ +libevent-dev inotify-tools-dev findutils file zlib-dev pcre2-dev \ +lua5.3-dev geoip-dev czmq-dev" +checkdepends="check-dev subunit-dev" +subpackages="$pkgname-doc" +pkgusers="ossec ossecm ossecr" +pkggroups="ossec" +source="$pkgname-$pkgver.tar.gz::https://github.com/ossec/ossec-hids/archive/$pkgver.tar.gz + $pkgname.logrotate + musl_lack_of_a_out_h.patch + makefile.patch + config" +builddir="$srcdir"/ossec-hids-$pkgver + +prepare() { + default_prepare + export V=1 + export USER_INSTALL_TYPE=$_target + export USER_NO_STOP=yes + export USER_DIR=/var/ossec + export USER_BINARYINSTALL=x + export USE_GEOIP=yes + export USE_ZEROMQ=yes + export LUA_ENABLE=yes + export USE_INOTIFY=yes + export PCRE2_SYSTEM=yes +} + +build() { + cd "$builddir"/src + make clean + make TARGET=$_target PREFIX=/var/ossec +} + +check() { + cd "$builddir"/src + make test PREFIX=/var/ossec +} + +package() { + install -Dm644 -D "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname + install -Dm644 -D etc/ossec-$_target.conf "$pkgdir"/etc/ossec-$_target.conf + + mkdir -p "$pkgdir"/var/ossec/etc + cat << EOF > "$pkgdir"/var/ossec/etc/ossec-init.conf +DIRECTORY="/var/ossec" +VERSION="$(cat src/VERSION)" +DATE="$(date)" +TYPE="$_target" +EOF + + set -- $pkgusers + cd "$builddir"/src + find "$pkgdir" -user nobody -exec chown 524 '{}' ';' + find "$pkgdir" -user mail -exec chown 525 '{}' ';' + find "$pkgdir" -user daemon -exec chown 526 '{}' ';' + find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';' + + make TARGET="$_target" PREFIX="$pkgdir"/var/ossec install +} + +doc() { + cd "$builddir" + pkgdesc="Documentation for $pkgname" + mkdir -p "$subpkgdir"/usr/share/doc/$pkgname + cp -a doc/* \ + "$subpkgdir"/usr/share/doc/$pkgname +} + +sha512sums="1f5e897de757df264dfb56def74b7d8f886b6b9d772b5b3d0197c9cd00a32fd7fd8a7b53566851fea3cd74d433b5594cbd074e50b7dbe36305fb3c243e8ddcf5 ossec-hids-agent-3.6.0.tar.gz +6cdf4852feabfdd043405e2570bb9a3013eb11c1865e9178fb67a019717d44fb0fedba05ab74c4334a1bae0a0c45912213dd7d6c7e1eab31853d40beea7596a0 ossec-hids-agent.logrotate +4e076581cc3977c527f30da6c43552db18bc35ea7b745c1504f4d15ebfbcef42c9604804af28fc90744a85f847a0f0c5bf991476cae71e3d860adb7cfa33a63b musl_lack_of_a_out_h.patch +27ccd8197541693c6cfa85e1598b40a5bd2dbd1dec2b7bd057211b45fd0c14c42c2ddd01d9ac57491eda93bb318961642d3adce55b395351d530609250ca003f makefile.patch +5213936052ed3adf8d9bb36d044386e2decf85ad59e7d5a69b4b73c708ea779dc03049c3429e9b658efceb347b950b0192ca4f66bb56a3101c2016f106dcc287 config" diff --git a/testing/ossec-hids-agent/config b/testing/ossec-hids-agent/config new file mode 100644 index 0000000000..4400290be7 --- /dev/null +++ b/testing/ossec-hids-agent/config @@ -0,0 +1,63 @@ +#!/bin/sh + +# Do you want to update it? (y/n) [y]: +export USER_UPDATE=y + +# Do you want to update the rules? (y/n) [y]: +export USER_UPDATE_RULES=y + +# User Language: +export USER_LANGUAGE=en + +# Do you want e-mail notification? (y/n) [y]: +export USER_ENABLE_EMAIL=y +# What's your e-mail address? +export USER_EMAIL_ADDRESS=foo@example.com +# What's your SMTP server ip/host? +export USER_EMAIL_SMTP=localhost + +# Do you want to run the integrity check daemon? (y/n) [y]: +export USER_ENABLE_SYSCHECK=y + +#Do you want to run the rootkit detection engine? (y/n) [y]: +export USER_ENABLE_ROOTCHECK=y + +# Active response allows you to execute a specific +# command based on the events received. For example, +# you can block an IP address or disable access for +# a specific user. +# More information at: +# https://ossec.github.io/docs/manual/ar/ +# +# - Do you want to enable active response? (y/n) [y]: +export USER_ENABLE_ACTIVE_RESPONSE=y + +# - By default, we can enable the host-deny and the +# firewall-drop responses. The first one will add +# a host to the /etc/hosts.deny and the second one +# will block the host on iptables (if linux) or on +# ipfilter (if Solaris, FreeBSD or NetBSD). +# - They can be used to stop SSHD brute force scans, +# portscans and some other forms of attacks. You can +# also add them to block on snort events, for example. +# +# - Do you want to enable the firewall-drop response? (y/n) [y]: +export USER_ENABLE_FIREWALL_RESPONSE=y + +# Do you want to add more IPs to the white list? (y/n)? [n]: +# if set to y, installer will ask you to enter the list of IPs +# if you want to use this feature, you must also export USER_NO_STOP=no +export USER_WHITE_LIST=n + +# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: +export USER_ENABLE_SYSLOG=y + +# IP address or hostname of the ossec server. Only used on agent installations. +# export USER_AGENT_SERVER_IP="127.0.0.1" +# export USER_AGENT_SERVER_NAME +# Agent's config profile name. This is used to create agent.conf configuration profiles +# for this particular profile name. Only used on agent installations. +# Can be any string. E.g. LinuxDBServer or WindowsDomainController +export USER_AGENT_CONFIG_PROFILE="generic" + + diff --git a/testing/ossec-hids-agent/makefile.patch b/testing/ossec-hids-agent/makefile.patch new file mode 100644 index 0000000000..e3f15a6b96 --- /dev/null +++ b/testing/ossec-hids-agent/makefile.patch @@ -0,0 +1,47 @@ +diff --git a/src/Makefile b/src/Makefile +index 1a3c9bd..b2ddfb1 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -22,13 +22,13 @@ OSSEC_USER_MAIL?=ossecm + OSSEC_USER_REM?=ossecr + + INSTALL_CMD?=install -m $(1) -o $(2) -g $(3) +-INSTALL_LOCALTIME?=yes +-INSTALL_RESOLVCONF?=yes ++INSTALL_LOCALTIME=no ++INSTALL_RESOLVCONF=no + + USE_PRELUDE?=no + USE_ZEROMQ?=no + USE_GEOIP?=no +-USE_INOTIFY=no ++USE_INOTIFY=yes + USE_PCRE2_JIT=yes + + ifneq (${TARGET},winagent) +@@ -399,7 +399,6 @@ install-hybrid: install-server-generic + install-server: install-server-generic + + install-common: build +- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX} + $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/ + $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs + $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log +@@ -1254,7 +1253,7 @@ ossec-makelists: analysisd/makelists-live.o ${analysisd_live_o} ${format_o} aler + #### test ########## + #################### + +-CFLAGS_TEST = -g -O0 --coverage ++CFLAGS_TEST = -g -O0 + + LDFLAGS_TEST = -lcheck -lm -pthread -lrt -lsubunit + +@@ -1265,7 +1264,7 @@ endif #TEST + + test_programs = test_os_zlib test_os_xml test_os_regex test_os_crypto test_shared + +-.PHONY: test run_tests build_tests test_valgrind test_coverage ++.PHONY: test run_tests build_tests test_valgrind + + test: build_tests + ${MAKE} run_tests diff --git a/testing/ossec-hids-agent/musl_lack_of_a_out_h.patch b/testing/ossec-hids-agent/musl_lack_of_a_out_h.patch new file mode 100644 index 0000000000..a4d2b12a61 --- /dev/null +++ b/testing/ossec-hids-agent/musl_lack_of_a_out_h.patch @@ -0,0 +1,13 @@ +diff --git a/src/rootcheck/os_string.c b/src/rootcheck/os_string.c +index e7ca284..85b6d9b 100644 +--- a/src/rootcheck/os_string.c ++++ b/src/rootcheck/os_string.c +@@ -44,7 +44,7 @@ + + #ifdef SOLARIS + #include <sys/exechdr.h> +-#elif defined Darwin || defined HPUX ++#elif defined Darwin || defined HPUX || defined linux + + /* For some reason darwin does not have that */ + struct exec { diff --git a/testing/ossec-hids-agent/ossec-hids-agent.logrotate b/testing/ossec-hids-agent/ossec-hids-agent.logrotate new file mode 100644 index 0000000000..7b6406819f --- /dev/null +++ b/testing/ossec-hids-agent/ossec-hids-agent.logrotate @@ -0,0 +1,5 @@ +/var/ossec/logs/active-responses.log /var/ossec/logs/ossec.log { + missingok + notifempty + copytruncate +} |