- fortify/harden the compile

author Dinko Korunic <kreator@carnet.hr>

Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)

committer Dinko Korunic <kreator@carnet.hr>

Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)
author Dinko Korunic <kreator@carnet.hr>
Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)
committer Dinko Korunic <kreator@carnet.hr>
Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)
diff --git a/debian/lintian-overrides b/debian/lintian-overrides

index 8ad8d4b..90cc523 100644 (file)
--- a/debian/lintian-overrides
+++ b/debian/lintian-overrides
@@ -218,56 +218,6 @@ ossec-hids: file-in-unusual-dir var/ossec/rules/web_appsec_rules.xml
  ossec-hids: file-in-unusual-dir var/ossec/rules/web_rules.xml
  ossec-hids: file-in-unusual-dir var/ossec/rules/wordpress_rules.xml
  ossec-hids: file-in-unusual-dir var/ossec/rules/zeus_rules.xml
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/agent-auth
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/agent_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/clear_stats
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/list_agents
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/manage_agents
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-agentd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-agentlessd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-analysisd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-authd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-csyslogd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-dbd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-execd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-logcollector
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-logtest
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-maild
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-makelists
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-monitord
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-regex
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-remoted
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-reportd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-syscheckd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/rootcheck_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/syscheck_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/syscheck_update
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/verify-agent-conf
-ossec-hids: hardening-no-relro var/ossec/bin/agent-auth
-ossec-hids: hardening-no-relro var/ossec/bin/agent_control
-ossec-hids: hardening-no-relro var/ossec/bin/clear_stats
-ossec-hids: hardening-no-relro var/ossec/bin/list_agents
-ossec-hids: hardening-no-relro var/ossec/bin/manage_agents
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-agentd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-agentlessd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-analysisd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-authd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-csyslogd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-dbd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-execd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-logcollector
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-logtest
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-maild
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-makelists
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-monitord
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-regex
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-remoted
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-reportd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-syscheckd
-ossec-hids: hardening-no-relro var/ossec/bin/rootcheck_control
-ossec-hids: hardening-no-relro var/ossec/bin/syscheck_control
-ossec-hids: hardening-no-relro var/ossec/bin/syscheck_update
-ossec-hids: hardening-no-relro var/ossec/bin/verify-agent-conf
  ossec-hids: non-etc-file-marked-as-conffile /var/ossec/etc/internal_options.conf
  ossec-hids: non-etc-file-marked-as-conffile var/ossec/etc/internal_options.conf
  ossec-hids: non-etc-file-marked-as-conffile /var/ossec/etc/ossec.conf
diff --git a/debian/rules b/debian/rules

index 9d9f117..032ac9a 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,15 @@ DESTDIR = $(PKGDIR)/var/ossec
  # OSSEC INSTALL SUBDIRS
  SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
  
+###################### hardening #################
+
+include /usr/share/hardening-includes/hardening.make
+
+CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
+LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+CFLAGS+=$(HARDENING_CFLAGS)
+LDFLAGS+=$(HARDENING_LDFLAGS)
+
  ###################### main ######################
  
  build: build-stamp
author	Dinko Korunic <kreator@carnet.hr>
	Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)
committer	Dinko Korunic <kreator@carnet.hr>
	Thu, 15 Aug 2013 17:45:37 +0000 (19:45 +0200)
debian/lintian-overrides		patch \| blob \| history
debian/rules		patch \| blob \| history