X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Frules;h=032ac9ab2128f91f70ac5a9f79dea56590709f9e;hb=280230a44cb9f9872652b6bb80de45a27af411f4;hp=d22c4644a2f5068a8bf9356e7c3a320c342767fe;hpb=1f05bc53303e823057455f8a6a408f2eee96576b;p=ossec-hids.git diff --git a/debian/rules b/debian/rules index d22c464..032ac9a 100755 --- a/debian/rules +++ b/debian/rules @@ -9,7 +9,16 @@ PKGDIR = $(CURDIR)/debian/ossec-hids DESTDIR = $(PKGDIR)/var/ossec # OSSEC INSTALL SUBDIRS -SUBDIRS = logs logs/archives logs/alerts logs/firewall bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless tmp var var/run etc etc/shared stats rules active-response active-response/bin agentless .ssh +SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run + +###################### hardening ################# + +include /usr/share/hardening-includes/hardening.make + +CFLAGS=$(shell dpkg-buildflags --get CFLAGS) +LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS) +CFLAGS+=$(HARDENING_CFLAGS) +LDFLAGS+=$(HARDENING_LDFLAGS) ###################### main ###################### @@ -22,6 +31,9 @@ build-stamp: touch build-stamp +build-arch: build +build-indep: build + clean: dh_testdir dh_testroot @@ -30,12 +42,21 @@ clean: # Add here commands to clean up after the build process. $(MAKE) -C $(SRCDIR) clean + # additional clean + rm -f $(SRCDIR)/Config.OS \ + $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \ + $(SRCDIR)/analysisd/ossec-logtest \ + $(SRCDIR)/isbigendian \ + $(SRCDIR)/isbigendian.c \ + $(SRCDIR)/analysisd/ossec-makelists + rm -rf $(CURDIR)/bin + dh_clean install: build dh_testdir dh_testroot - dh_clean -k + dh_prep dh_installdirs # ugly directory creation @@ -43,6 +64,25 @@ install: build mkdir -p -m 700 $(DESTDIR)/$$i; \ done + # various files installation + install -m 644 etc/internal_options.conf $(DESTDIR)/etc + install -m 644 etc/decoder.xml $(DESTDIR)/etc + install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared + if [ -e ossec-debian.conf ]; then \ + install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \ + else \ + install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ + fi + install -m 440 etc/ossec-*.conf $(DESTDIR)/etc + cp -r etc/rules/* $(DESTDIR)/rules + install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless + install -s -m 755 bin/* $(DESTDIR)/bin + install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin + ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control + install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin + install -m 755 active-response/firewalls/*.sh \ + $(DESTDIR)/active-response/bin + # attrs chmod -R 550 $(DESTDIR) chmod -R 770 $(DESTDIR)/queue/alerts @@ -59,40 +99,39 @@ install: build chmod -R 550 $(DESTDIR)/rules chmod 770 $(DESTDIR)/var/run chmod 550 $(DESTDIR)/etc - chmod 770 $(DESTDIR)/etc/shared + chmod 440 $(DESTDIR)/etc/internal_options.conf + chmod -R 770 $(DESTDIR)/etc/shared chmod 700 $(DESTDIR)/.ssh + chmod 755 $(DESTDIR)/active-response/bin/* + chmod 550 $(DESTDIR)/bin/* + chmod 440 $(DESTDIR)/etc/ossec.conf - # various files installation - install -m 644 etc/internal_options.conf $(DESTDIR)/etc - install -m 644 etc/decoder.xml $(DESTDIR)/etc - install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared - if [ -e etc/ossec.mc ]; then \ - install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ - else \ - install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \ - fi - install -m 440 etc/ossec-*.conf $(DESTDIR)/etc - cp -r etc/rules/* $(DESTDIR)/rules - install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless - install -m 755 bin/* $(DESTDIR)/bin - install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin - ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control - install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin - install -m 755 active-response/firewalls/*.sh \ - $(DESTDIR)/active-response/bin + # fixups: no need for execute bits on files there + find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';' + find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';' # system init script mkdir -p $(PKGDIR)/etc/init.d - install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids + if [ -e ossec-hids-debian.init ]; then \ + install -m 755 ossec-hids-debian.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + else \ + install -m 755 src/init/ossec-hids.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + fi # system ossec-init echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf - echo "DATE=\"`date --utc`\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf # Build architecture-independent files here. binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install dh_testdir dh_testroot dh_installchangelogs @@ -109,6 +148,7 @@ binary-indep: build install # dh_installcron # dh_installinfo # dh_undocumented + dh_lintian dh_installman dh_link dh_compress @@ -116,13 +156,10 @@ binary-indep: build install # dh_perl # dh_python dh_installdeb + dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb -# Build architecture-dependent files here. -binary-arch: build install -# We have nothing to do by default. - binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install