--- /dev/null
+
+ NOTES FOR DEBIAN USERS
+ ======================
+
+Package is local-only at this moment, but brings other binaries relevant
+to agent and server installations too so it is possible to switch from
+local to agent/server with manipulation of ossec-control symlink.
+
+OSSEC expects to be installed in "/var/ossec". To make it FHS-compliant
+would require certain code changes, and a complete removal of its chroot
+functionality.
+
+ -- Dinko Korunic <kreator@carnet.hr> Tue, 23 Feb 2010 14:58:23 +0100
--- /dev/null
+ossec-hids (2.3-1) stable; urgency=low
+
+ * new upstream release (2.3)
+ * add README.Debian
+ * revert to pure upstream version
+
+ -- Dinko Korunic <kreator@carnet.hr> Mon, 22 Feb 2010 22:23:57 +0100
+
+ossec-hids (2.0-1) stable; urgency=low
+
+ * new upstream release (2.0)
+
+ -- Dinko Korunic <kreator@carnet.hr> Sun, 24 May 2009 15:15:42 +0200
+
+ossec-hids (1.5-1) stable; urgency=low
+
+ * new upstream release (1.5)
+ * patch source to do HELO localhost instead of bogus notify.ossec.net
+ * patch source to use static pidfile names instead of appending PID to name
+
+ -- Dinko Korunic <kreator@carnet.hr> Wed, 18 Jun 2008 17:13:52 +0200
+
+ossec-hids (1.3-1) stable; urgency=low
+
+ * initial Debian package
+
+ -- Dinko Korunic <kreator@carnet.hr> Wed, 19 Sep 2007 22:06:15 +0200
--- /dev/null
+etc/ossec-init.conf
+etc/init.d/ossec-hids
+var/ossec/rules/local_rules.xml
+var/ossec/etc/ossec.conf
+var/ossec/etc/internal_options.conf
--- /dev/null
+Source: ossec-hids
+Section: admin
+Priority: extra
+Maintainer: Dinko Korunic <kreator@carnet.hr>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.7.2
+
+Package: ossec-hids
+Architecture: i386
+Depends: mail-transport-agent
+Priority: extra
+Section: admin
+Description: OSSEC HIDS
+ OSSEC is a scalable, multi-platform, open source Host-based Intrusion
+ Detection System (HIDS). It has a powerful correlation and analysis
+ engine, integrating log analysis, file integrity checking, Windows
+ registry monitoring, centralized policy enforcement, rootkit detection,
+ real-time alerting and active response.
+ .
+ It runs on most operating systems, including Linux, OpenBSD, FreeBSD,
+ MacOS, Solaris and Windows.
+ .
+ More information on OSSEC is available at: http://www.ossec.net/ .
--- /dev/null
+BUGS
+CONTRIB
+LICENSE
+CONFIG
+INSTALL
+README
+doc/README.config
+doc/nmap.txt
+doc/rule_ids.txt
+doc/active-response-internal.txt
+doc/logs.txt
+doc/rules.txt
+doc/active-response.txt
+doc/manager.txt
+doc/rootcheck.txt
+contrib
--- /dev/null
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ configure)
+ # continue below
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 0
+ ;;
+esac
+
+# users and group names
+OSSEC_USER="ossec"
+OSSEC_USER_MAIL="ossecm"
+OSSEC_USER_EXEC="ossece"
+OSSEC_USER_REM="ossecr"
+OSSEC_GROUP="ossec"
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+ DIRECTORY="/var/ossec"
+fi
+
+# create users
+if ! getent passwd $OSSEC_USER >/dev/null; then
+ adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER
+fi
+if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then
+ adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL
+fi
+if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then
+ adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC
+fi
+if ! getent passwd $OSSEC_USER_REM >/dev/null; then
+ adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM
+fi
+
+# create group
+if ! getent group $OSSEC_GROUP >/dev/null; then
+ addgroup --system $OSSEC_GROUP
+fi
+
+# fix the permissions
+chown -R root:$OSSEC_GROUP $DIRECTORY
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck
+chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info
+chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
+chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
+touch $DIRECTORY/logs/ossec.log
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
+chown -R root:$OSSEC_GROUP $DIRECTORY/rules
+chown root:$OSSEC_GROUP $DIRECTORY/var/run
+chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
+chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
+chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/*
+chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
+
+# copy timezone and localtime
+if [ -e /etc/timezone ]; then
+ cmp -s /etc/timezone $DIRECTORY/etc/timezone || \
+ cp -a /etc/timezone $DIRECTORY/etc/timezone
+fi
+if [ -e /etc/localtime ]; then
+ cmp -s /etc/localtime $DIRECTORY/etc/localtime || \
+ cp -a /etc/localtime $DIRECTORY/etc/localtime
+fi
+
+# update system v init links
+update-rc.d ossec-hids defaults >/dev/null
+
+# and start the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ossec-hids restart
+else
+ /etc/init.d/ossec-hids restart
+fi
+
+exit 0
--- /dev/null
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge|remove)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# stop the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ossec-hids stop
+else
+ /etc/init.d/ossec-hids stop
+fi
+
+# update system v init links
+update-rc.d -f ossec-hids remove
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# Directories
+SRCDIR = $(CURDIR)/src
+PKGDIR = $(CURDIR)/debian/ossec-hids
+DESTDIR = $(PKGDIR)/var/ossec
+
+# OSSEC INSTALL SUBDIRS
+SUBDIRS = logs logs/archives logs/alerts logs/firewall bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless tmp var var/run etc etc/shared stats rules active-response active-response/bin agentless .ssh
+
+###################### main ######################
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+ dh_clean
+
+ $(MAKE) -C $(SRCDIR) setlocal all build
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ # Add here commands to clean up after the build process.
+ $(MAKE) -C $(SRCDIR) clean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # ugly directory creation
+ for i in $(SUBDIRS); do \
+ mkdir -p -m 700 $(DESTDIR)/$$i; \
+ done
+
+ # attrs
+ chmod -R 550 $(DESTDIR)
+ chmod -R 770 $(DESTDIR)/queue/alerts
+ chmod -R 770 $(DESTDIR)/queue/ossec
+ chmod -R 750 $(DESTDIR)/queue/fts
+ chmod -R 750 $(DESTDIR)/queue/syscheck
+ chmod -R 750 $(DESTDIR)/queue/rootcheck
+ chmod -R 750 $(DESTDIR)/queue/diff
+ chmod -R 755 $(DESTDIR)/queue/agent-info
+ chmod -R 755 $(DESTDIR)/queue/rids
+ chmod -R 755 $(DESTDIR)/queue/agentless
+ chmod -R 750 $(DESTDIR)/stats
+ chmod -R 750 $(DESTDIR)/logs
+ chmod -R 550 $(DESTDIR)/rules
+ chmod 770 $(DESTDIR)/var/run
+ chmod 550 $(DESTDIR)/etc
+ chmod 770 $(DESTDIR)/etc/shared
+ chmod 700 $(DESTDIR)/.ssh
+
+ # various files installation
+ install -m 644 etc/internal_options.conf $(DESTDIR)/etc
+ install -m 644 etc/decoder.xml $(DESTDIR)/etc
+ install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
+ if [ -e etc/ossec.mc ]; then \
+ install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \
+ else \
+ install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \
+ fi
+ install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
+ cp -r etc/rules/* $(DESTDIR)/rules
+ install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
+ install -m 755 bin/* $(DESTDIR)/bin
+ install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
+ ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
+ install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
+ install -m 755 active-response/firewalls/*.sh \
+ $(DESTDIR)/active-response/bin
+
+ # system init script
+ mkdir -p $(PKGDIR)/etc/init.d
+ install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids
+
+ # system ossec-init
+ echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
+ echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
+ echo "DATE=\"`date --utc`\"" >> $(PKGDIR)/etc/ossec-init.conf
+ echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf
+
+# Build architecture-independent files here.
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+# dh_installexamples
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installcatalogs
+# dh_installpam
+# dh_installmime
+# dh_installinit
+# dh_installcron
+# dh_installinfo
+# dh_undocumented
+ dh_installman
+ dh_link
+ dh_compress
+ dh_fixperms
+# dh_perl
+# dh_python
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+# We have nothing to do by default.
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
projects / ossec-hids.git / commitdiff