From 841a0b258509a745b79e279404ec092f5d50385c Mon Sep 17 00:00:00 2001 From: Francesco Colista Date: Tue, 9 Jul 2019 07:11:37 +0000 Subject: testing/ossec-hids: added agent, updated APKBUILD, fixes #10235 --- testing/ossec-hids/APKBUILD | 52 ++++++++++++++++++++++--------- testing/ossec-hids/config | 9 ++++++ testing/ossec-hids/makefile.patch | 24 ++++++++++++++ testing/ossec-hids/ossec-hids.pre-install | 6 ++-- 4 files changed, 73 insertions(+), 18 deletions(-) create mode 100644 testing/ossec-hids/makefile.patch (limited to 'testing/ossec-hids') diff --git a/testing/ossec-hids/APKBUILD b/testing/ossec-hids/APKBUILD index 39690a87a8..4790cd43cc 100644 --- a/testing/ossec-hids/APKBUILD +++ b/testing/ossec-hids/APKBUILD @@ -2,71 +2,93 @@ # Maintainer: Francesco Colista pkgname=ossec-hids pkgver=3.3.0 -pkgrel=1 +pkgrel=2 pkgdesc="Open Source Host-based Intrusion Detection System" url="http://www.ossec.net/" arch="all !aarch64 !armhf !armv7" license="GPL-2.0-only WITH openssl-exception" depends="inotify-tools procps" -makedepends="linux-headers inotify-tools-dev findutils file zlib-dev pcre2-dev" +makedepends="linux-headers inotify-tools-dev findutils file zlib-dev pcre2-dev +sqlite-dev lua5.3-dev" install="$pkgname.pre-install" -subpackages="$pkgname-doc" +options="!check" +subpackages="$pkgname-doc $pkgname-contrib::noarch $pkgname-openrc" pkgusers="ossec ossecm ossecr" pkggroups="ossec" source="$pkgname-$pkgver.tar.gz::https://github.com/ossec/$pkgname/archive/v$pkgver.tar.gz $pkgname.initd $pkgname.logrotate musl_lack_of_a_out_h.patch + makefile.patch config" prepare() { default_prepare - export USER_INSTALL_TYPE=server export USER_NO_STOP=yes export USER_DIR=/var/ossec export USER_BINARYINSTALL=x export PCRE2_SYSTEM=yes - sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh } build() { - . "$srcdir"/config cd "$builddir"/src - make TARGET=$USER_INSTALL_TYPE + for t in server agent; do + make clean + make TARGET=$t \ + USE_INOTIFY=yes \ + USE_SQLITE=yes \ + LUA_ENABLE=yes \ + V=1 + done } package() { - mkdir -p "$pkgdir"/etc - USER_DIR="$pkgdir"/var/ossec ./install.sh - sed -i '/DIRECTORY=/c\DIRECTORY="/var/ossec"' "$pkgdir/etc/ossec-init.conf" install -D -m755 "$srcdir"/$pkgname.initd \ "$pkgdir"/etc/init.d/$pkgname install -m644 -D "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname - cat << EOF > "$pkgdir"/etc/ossec-init.conf + + mkdir -p "$pkgdir"/var/ossec/etc + cat << EOF > "$pkgdir"/var/ossec/etc/ossec-init.conf DIRECTORY="/var/ossec" VERSION="$(cat src/VERSION)" DATE="$(date)" TYPE="server" EOF - mkdir -p "$pkgdir"/var/ossec/logs + set -- $pkgusers - cd src + cd "$builddir"/src find "$pkgdir" -user nobody -exec chown 524 '{}' ';' find "$pkgdir" -user mail -exec chown 525 '{}' ';' find "$pkgdir" -user daemon -exec chown 526 '{}' ';' find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';' + + mkdir -p "$pkgdir"/var/ossec + + for t in server agent; do + make TARGET="$t" PREFIX="$pkgdir"/var/ossec install + done } doc() { - pkgdesc="Documentation for $pkgname" cd "$builddir" + pkgdesc="Documentation for $pkgname" mkdir -p "$subpkgdir"/usr/share/doc/$pkgname cp -a doc/* \ "$subpkgdir"/usr/share/doc/$pkgname } +contrib() { + pkgdesc="Contrib files for $pkgname" + mkdir -p "$subpkgdir"/usr/share/$pkgname + cp -a "$builddir"/contrib/* "$subpkgdir"/usr/share/$pkgname + for r in selinux debian-packages specs; do + rm -rf "$subpkgdir"/usr/share/$pkgname/$r + done +} + sha512sums="97c7e7b21ce88a3f1c89b79ff74b0c13804ba313cf3f30b98bcb4011f422ca050876e780c30624812d399d6b5c59629e52f6772b9ee0cd7cead1d66044dca627 ossec-hids-3.3.0.tar.gz 62f52d91de3751c149b1c354ebb87c0a8c4a81129403b80a8448c5e6542a67b4aa9e132aab2429781913eb909320b431b381828e414d44235bb8e9a8959e0d8b ossec-hids.initd 6cdf4852feabfdd043405e2570bb9a3013eb11c1865e9178fb67a019717d44fb0fedba05ab74c4334a1bae0a0c45912213dd7d6c7e1eab31853d40beea7596a0 ossec-hids.logrotate 4e076581cc3977c527f30da6c43552db18bc35ea7b745c1504f4d15ebfbcef42c9604804af28fc90744a85f847a0f0c5bf991476cae71e3d860adb7cfa33a63b musl_lack_of_a_out_h.patch -df760cb8a24c080b016c4cad4d4b1df56ae26d4f94517a7b9d6ccc3d507a7a53f3a46abdddccad3244cacca12857dc3d5b4646ac763788c88cf59686504122d0 config" +cf747dce1b9b744faed55a7c7df30c203286bcbec7ea97c0b34c5c3c2db7dd7793f88335fa4d2e2c37c0ec60f8140e875bfe1fb40f77266b121335c24e4ef257 makefile.patch +be6d503defc03bb1f39dbeeba793ed552243630403def629b35ced46b0441ffa34455ee942ca018c8ec33ca4661901b569eed8dc52e96951312814e492e94eb3 config" diff --git a/testing/ossec-hids/config b/testing/ossec-hids/config index e4c94af827..abcece6817 100644 --- a/testing/ossec-hids/config +++ b/testing/ossec-hids/config @@ -52,3 +52,12 @@ export USER_WHITE_LIST=n # Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: export USER_ENABLE_SYSLOG=y +# IP address or hostname of the ossec server. Only used on agent installations. +export USER_AGENT_SERVER_IP="127.0.0.1" +# export USER_AGENT_SERVER_NAME +# Agent's config profile name. This is used to create agent.conf configuration profiles +# for this particular profile name. Only used on agent installations. +# Can be any string. E.g. LinuxDBServer or WindowsDomainController +export USER_AGENT_CONFIG_PROFILE="generic" + + diff --git a/testing/ossec-hids/makefile.patch b/testing/ossec-hids/makefile.patch new file mode 100644 index 0000000000..e6fb7046fe --- /dev/null +++ b/testing/ossec-hids/makefile.patch @@ -0,0 +1,24 @@ +diff --git a/src/Makefile b/src/Makefile +index b684b82..3414312 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -12,7 +12,7 @@ LUA_ENABLE?=no + MAXAGENTS?=2048 + REUSE_ID?=no + # XXX Becareful NO EXTRA Spaces here +-PREFIX?=/var/ossec ++PREFIX=$(DESTDIR)/var/ossec + PG_CONFIG?=pg_config + MY_CONFIG?=mysql_config + PRELUDE_CONFIG?=libprelude-config +@@ -22,8 +22,8 @@ OSSEC_USER_MAIL?=ossecm + OSSEC_USER_REM?=ossecr + + INSTALL_CMD?=install -m $(1) -o $(2) -g $(3) +-INSTALL_LOCALTIME?=yes +-INSTALL_RESOLVCONF?=yes ++INSTALL_LOCALTIME=no ++INSTALL_RESOLVCONF=no + + USE_PRELUDE?=no + USE_ZEROMQ?=no diff --git a/testing/ossec-hids/ossec-hids.pre-install b/testing/ossec-hids/ossec-hids.pre-install index 8993001c8f..e6cd506f99 100755 --- a/testing/ossec-hids/ossec-hids.pre-install +++ b/testing/ossec-hids/ossec-hids.pre-install @@ -1,9 +1,9 @@ #!/bin/sh addgroup -S ossec 2>/dev/null -adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossec 2>/dev/null -adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecm 2>/dev/null -adduser -S -D -s /bin/false -h /var/ossec -G ossec -g ossec ossecr 2>/dev/null +adduser -S -D -s /sbin/nologin -h /var/ossec -G ossec -g ossec ossec 2>/dev/null +adduser -S -D -s /sbin/nologin -h /var/ossec -G ossec -g ossec ossecm 2>/dev/null +adduser -S -D -s /sbin/nologin -h /var/ossec -G ossec -g ossec ossecr 2>/dev/null exit 0 -- cgit v1.2.3