DESTDIR = $(PKGDIR)/var/ossec
# OSSEC INSTALL SUBDIRS
-SUBDIRS = logs logs/archives logs/alerts logs/firewall bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless tmp var var/run etc etc/shared stats rules active-response active-response/bin agentless .ssh
+SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
+BINARIES = agent_control clear_stats list_agents manage_agents ossec-agentd ossec-agentlessd ossec-analysisd ossec-authd ossec-csyslogd ossec-dbd ossec-execd ossec-logcollector ossec-logtest ossec-maild ossec-makelists ossec-monitord ossec-regex ossec-regex-convert ossec-remoted ossec-reportd ossec-syscheckd rootcheck_control syscheck_control syscheck_update verify-agent-conf
+
+###################### hardening #################
+
+export DEB_BUILD_HARDENING=1
+export DEB_BUILD_HARDENING_FORTIFY=1
###################### main ######################
dh_testdir
dh_clean
- $(MAKE) -C $(SRCDIR) setlocal all build
+ $(MAKE) -C $(SRCDIR) TARGET=local
touch build-stamp
+build-arch: build
+build-indep: build
+
clean:
dh_testdir
dh_testroot
# Add here commands to clean up after the build process.
$(MAKE) -C $(SRCDIR) clean
+ # additional clean
+ rm -f $(SRCDIR)/Config.OS \
+ $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \
+ $(SRCDIR)/analysisd/ossec-logtest \
+ $(SRCDIR)/isbigendian \
+ $(SRCDIR)/isbigendian.c \
+ $(SRCDIR)/analysisd/ossec-makelists
+ rm -rf $(CURDIR)/bin
+
dh_clean
install: build
dh_testdir
dh_testroot
- dh_clean -k
+ dh_prep
dh_installdirs
# ugly directory creation
mkdir -p -m 700 $(DESTDIR)/$$i; \
done
+ # various files installation
+ install -m 644 etc/internal_options.conf $(DESTDIR)/etc
+ install -m 644 etc/decoder.xml $(DESTDIR)/etc
+ install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
+ if [ -e ossec-debian.conf ]; then \
+ install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \
+ else \
+ install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \
+ fi
+ install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
+ cp -r etc/rules/* $(DESTDIR)/rules
+ install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
+
+ #install -s -m 755 bin/* $(DESTDIR)/bin
+ for bin in $(BINARIES); do \
+ install -s -m 755 src/$$bin $(DESTDIR)/bin; \
+ done
+
+ install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
+ ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
+ install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
+ install -m 755 active-response/firewalls/*.sh \
+ $(DESTDIR)/active-response/bin
+
# attrs
chmod -R 550 $(DESTDIR)
chmod -R 770 $(DESTDIR)/queue/alerts
chmod -R 550 $(DESTDIR)/rules
chmod 770 $(DESTDIR)/var/run
chmod 550 $(DESTDIR)/etc
- chmod 770 $(DESTDIR)/etc/shared
+ chmod 440 $(DESTDIR)/etc/internal_options.conf
+ chmod -R 770 $(DESTDIR)/etc/shared
chmod 700 $(DESTDIR)/.ssh
+ chmod 755 $(DESTDIR)/active-response/bin/*
+ chmod 550 $(DESTDIR)/bin/*
+ chmod 440 $(DESTDIR)/etc/ossec.conf
- # various files installation
- install -m 644 etc/internal_options.conf $(DESTDIR)/etc
- install -m 644 etc/decoder.xml $(DESTDIR)/etc
- install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
- if [ -e etc/ossec.mc ]; then \
- install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \
- else \
- install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \
- fi
- install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
- cp -r etc/rules/* $(DESTDIR)/rules
- find $(DESTDIR)/rules -type f -exec chmod 640 '{}' ';'
- install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
- install -s -m 755 bin/* $(DESTDIR)/bin
- install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
- ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
- install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
- install -m 755 active-response/firewalls/*.sh \
- $(DESTDIR)/active-response/bin
+ # fixups: no need for execute bits on files there
+ find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
+ find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
# system init script
mkdir -p $(PKGDIR)/etc/init.d
- install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids
+ if [ -e ossec-hids-debian.init ]; then \
+ install -m 755 ossec-hids-debian.init \
+ $(PKGDIR)/etc/init.d/ossec-hids; \
+ else \
+ install -m 755 src/init/ossec-hids.init \
+ $(PKGDIR)/etc/init.d/ossec-hids; \
+ fi
# system ossec-init
echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
- echo "DATE=\"`date --utc`\"" >> $(PKGDIR)/etc/ossec-init.conf
+ echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf
echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf
# Build architecture-independent files here.
binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
dh_testdir
dh_testroot
dh_installchangelogs
# dh_installcron
# dh_installinfo
# dh_undocumented
+ dh_lintian
dh_installman
dh_link
dh_compress
# dh_perl
# dh_python
dh_installdeb
+ dh_shlibdeps
dh_gencontrol
dh_md5sums
dh_builddeb
-# Build architecture-dependent files here.
-binary-arch: build install
-# We have nothing to do by default.
-
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary install