X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Frules;h=3668547622c1a9e0354669ee5cd8b95350c07a40;hb=HEAD;hp=f1b0e62bca749b85d332d4a184dda6ba3afd3cb0;hpb=60a2e5ba49290aeb71d745f194e63160781ca78c;p=ossec-hids.git diff --git a/debian/rules b/debian/rules index f1b0e62..3668547 100755 --- a/debian/rules +++ b/debian/rules @@ -10,6 +10,12 @@ DESTDIR = $(PKGDIR)/var/ossec # OSSEC INSTALL SUBDIRS SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run +BINARIES = agent_control clear_stats list_agents manage_agents ossec-agentd ossec-agentlessd ossec-analysisd ossec-authd ossec-csyslogd ossec-dbd ossec-execd ossec-logcollector ossec-logtest ossec-maild ossec-makelists ossec-monitord ossec-regex ossec-regex-convert ossec-remoted ossec-reportd ossec-syscheckd rootcheck_control syscheck_control syscheck_update verify-agent-conf + +###################### hardening ################# + +export DEB_BUILD_HARDENING=1 +export DEB_BUILD_HARDENING_FORTIFY=1 ###################### main ###################### @@ -18,10 +24,13 @@ build-stamp: dh_testdir dh_clean - $(MAKE) -C $(SRCDIR) setlocal all build + $(MAKE) -C $(SRCDIR) TARGET=local touch build-stamp +build-arch: build +build-indep: build + clean: dh_testdir dh_testroot @@ -36,6 +45,7 @@ clean: $(SRCDIR)/analysisd/ossec-logtest \ $(SRCDIR)/isbigendian \ $(SRCDIR)/isbigendian.c \ + $(SRCDIR)/analysisd/ossec-makelists rm -rf $(CURDIR)/bin dh_clean @@ -43,7 +53,7 @@ clean: install: build dh_testdir dh_testroot - dh_clean -k + dh_prep dh_installdirs # ugly directory creation @@ -55,15 +65,20 @@ install: build install -m 644 etc/internal_options.conf $(DESTDIR)/etc install -m 644 etc/decoder.xml $(DESTDIR)/etc install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared - if [ -e etc/ossec.mc ]; then \ - install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ + if [ -e ossec-debian.conf ]; then \ + install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \ else \ install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ fi install -m 440 etc/ossec-*.conf $(DESTDIR)/etc cp -r etc/rules/* $(DESTDIR)/rules install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless - install -s -m 755 bin/* $(DESTDIR)/bin + + #install -s -m 755 bin/* $(DESTDIR)/bin + for bin in $(BINARIES); do \ + install -s -m 755 src/$$bin $(DESTDIR)/bin; \ + done + install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin @@ -93,7 +108,7 @@ install: build chmod 550 $(DESTDIR)/bin/* chmod 440 $(DESTDIR)/etc/ossec.conf - # fixups: no need for execute bits on files there + # fixups: no need for execute bits on files there find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';' find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';' @@ -110,11 +125,15 @@ install: build # system ossec-init echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf - echo "DATE=\"`date --utc`\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf # Build architecture-independent files here. binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install dh_testdir dh_testroot dh_installchangelogs @@ -131,6 +150,7 @@ binary-indep: build install # dh_installcron # dh_installinfo # dh_undocumented + dh_lintian dh_installman dh_link dh_compress @@ -138,13 +158,10 @@ binary-indep: build install # dh_perl # dh_python dh_installdeb + dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb -# Build architecture-dependent files here. -binary-arch: build install -# We have nothing to do by default. - binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install