#!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # Directories SRCDIR = $(CURDIR)/src PKGDIR = $(CURDIR)/debian/ossec-hids DESTDIR = $(PKGDIR)/var/ossec # OSSEC INSTALL SUBDIRS SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run BINARIES = agent_control clear_stats list_agents manage_agents ossec-agentd ossec-agentlessd ossec-analysisd ossec-authd ossec-csyslogd ossec-dbd ossec-execd ossec-logcollector ossec-logtest ossec-maild ossec-makelists ossec-monitord ossec-regex ossec-regex-convert ossec-remoted ossec-reportd ossec-syscheckd rootcheck_control syscheck_control syscheck_update verify-agent-conf ###################### hardening ################# export DEB_BUILD_HARDENING=1 export DEB_BUILD_HARDENING_FORTIFY=1 ###################### main ###################### build: build-stamp build-stamp: dh_testdir dh_clean $(MAKE) -C $(SRCDIR) TARGET=local touch build-stamp build-arch: build build-indep: build clean: dh_testdir dh_testroot rm -f build-stamp # Add here commands to clean up after the build process. $(MAKE) -C $(SRCDIR) clean # additional clean rm -f $(SRCDIR)/Config.OS \ $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \ $(SRCDIR)/analysisd/ossec-logtest \ $(SRCDIR)/isbigendian \ $(SRCDIR)/isbigendian.c \ $(SRCDIR)/analysisd/ossec-makelists rm -rf $(CURDIR)/bin dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs # ugly directory creation for i in $(SUBDIRS); do \ mkdir -p -m 700 $(DESTDIR)/$$i; \ done # various files installation install -m 644 etc/internal_options.conf $(DESTDIR)/etc install -m 644 etc/decoder.xml $(DESTDIR)/etc install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared if [ -e ossec-debian.conf ]; then \ install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \ else \ install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ fi install -m 440 etc/ossec-*.conf $(DESTDIR)/etc cp -r etc/rules/* $(DESTDIR)/rules install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless #install -s -m 755 bin/* $(DESTDIR)/bin for bin in $(BINARIES); do \ install -s -m 755 src/$$bin $(DESTDIR)/bin; \ done install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin install -m 755 active-response/firewalls/*.sh \ $(DESTDIR)/active-response/bin # attrs chmod -R 550 $(DESTDIR) chmod -R 770 $(DESTDIR)/queue/alerts chmod -R 770 $(DESTDIR)/queue/ossec chmod -R 750 $(DESTDIR)/queue/fts chmod -R 750 $(DESTDIR)/queue/syscheck chmod -R 750 $(DESTDIR)/queue/rootcheck chmod -R 750 $(DESTDIR)/queue/diff chmod -R 755 $(DESTDIR)/queue/agent-info chmod -R 755 $(DESTDIR)/queue/rids chmod -R 755 $(DESTDIR)/queue/agentless chmod -R 750 $(DESTDIR)/stats chmod -R 750 $(DESTDIR)/logs chmod -R 550 $(DESTDIR)/rules chmod 770 $(DESTDIR)/var/run chmod 550 $(DESTDIR)/etc chmod 440 $(DESTDIR)/etc/internal_options.conf chmod -R 770 $(DESTDIR)/etc/shared chmod 700 $(DESTDIR)/.ssh chmod 755 $(DESTDIR)/active-response/bin/* chmod 550 $(DESTDIR)/bin/* chmod 440 $(DESTDIR)/etc/ossec.conf # fixups: no need for execute bits on files there find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';' find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';' # system init script mkdir -p $(PKGDIR)/etc/init.d if [ -e ossec-hids-debian.init ]; then \ install -m 755 ossec-hids-debian.init \ $(PKGDIR)/etc/init.d/ossec-hids; \ else \ install -m 755 src/init/ossec-hids.init \ $(PKGDIR)/etc/init.d/ossec-hids; \ fi # system ossec-init echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs # dh_installexamples # dh_installmenu # dh_installdebconf # dh_installlogrotate # dh_installemacsen # dh_installcatalogs # dh_installpam # dh_installmime # dh_installinit # dh_installcron # dh_installinfo # dh_undocumented dh_lintian dh_installman dh_link dh_compress dh_fixperms # dh_perl # dh_python dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install