From 1f05bc53303e823057455f8a6a408f2eee96576b Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Tue, 23 Feb 2010 15:41:35 +0100 Subject: [PATCH] - inicijalna Debsourceizacija.. --- README.Debian | 13 ++++++ debian/changelog | 27 ++++++++++++ debian/compat | 1 + debian/conffiles | 5 +++ debian/control | 23 ++++++++++ debian/docs | 16 +++++++ debian/postinst | 92 +++++++++++++++++++++++++++++++++++++++ debian/prerm | 25 +++++++++++ debian/rules | 128 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 330 insertions(+) create mode 100644 README.Debian create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/conffiles create mode 100644 debian/control create mode 100644 debian/docs create mode 100755 debian/postinst create mode 100755 debian/prerm create mode 100755 debian/rules diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..109bffb --- /dev/null +++ b/README.Debian @@ -0,0 +1,13 @@ + + NOTES FOR DEBIAN USERS + ====================== + +Package is local-only at this moment, but brings other binaries relevant +to agent and server installations too so it is possible to switch from +local to agent/server with manipulation of ossec-control symlink. + +OSSEC expects to be installed in "/var/ossec". To make it FHS-compliant +would require certain code changes, and a complete removal of its chroot +functionality. + + -- Dinko Korunic Tue, 23 Feb 2010 14:58:23 +0100 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..6b1853c --- /dev/null +++ b/debian/changelog @@ -0,0 +1,27 @@ +ossec-hids (2.3-1) stable; urgency=low + + * new upstream release (2.3) + * add README.Debian + * revert to pure upstream version + + -- Dinko Korunic Mon, 22 Feb 2010 22:23:57 +0100 + +ossec-hids (2.0-1) stable; urgency=low + + * new upstream release (2.0) + + -- Dinko Korunic Sun, 24 May 2009 15:15:42 +0200 + +ossec-hids (1.5-1) stable; urgency=low + + * new upstream release (1.5) + * patch source to do HELO localhost instead of bogus notify.ossec.net + * patch source to use static pidfile names instead of appending PID to name + + -- Dinko Korunic Wed, 18 Jun 2008 17:13:52 +0200 + +ossec-hids (1.3-1) stable; urgency=low + + * initial Debian package + + -- Dinko Korunic Wed, 19 Sep 2007 22:06:15 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..5fb20df --- /dev/null +++ b/debian/conffiles @@ -0,0 +1,5 @@ +etc/ossec-init.conf +etc/init.d/ossec-hids +var/ossec/rules/local_rules.xml +var/ossec/etc/ossec.conf +var/ossec/etc/internal_options.conf diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..51dd693 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: ossec-hids +Section: admin +Priority: extra +Maintainer: Dinko Korunic +Build-Depends: debhelper (>= 4) +Standards-Version: 3.7.2 + +Package: ossec-hids +Architecture: i386 +Depends: mail-transport-agent +Priority: extra +Section: admin +Description: OSSEC HIDS + OSSEC is a scalable, multi-platform, open source Host-based Intrusion + Detection System (HIDS). It has a powerful correlation and analysis + engine, integrating log analysis, file integrity checking, Windows + registry monitoring, centralized policy enforcement, rootkit detection, + real-time alerting and active response. + . + It runs on most operating systems, including Linux, OpenBSD, FreeBSD, + MacOS, Solaris and Windows. + . + More information on OSSEC is available at: http://www.ossec.net/ . diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..1d82fe6 --- /dev/null +++ b/debian/docs @@ -0,0 +1,16 @@ +BUGS +CONTRIB +LICENSE +CONFIG +INSTALL +README +doc/README.config +doc/nmap.txt +doc/rule_ids.txt +doc/active-response-internal.txt +doc/logs.txt +doc/rules.txt +doc/active-response.txt +doc/manager.txt +doc/rootcheck.txt +contrib diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..b481091 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,92 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# users and group names +OSSEC_USER="ossec" +OSSEC_USER_MAIL="ossecm" +OSSEC_USER_EXEC="ossece" +OSSEC_USER_REM="ossecr" +OSSEC_GROUP="ossec" + +# get installation directory +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + +# create users +if ! getent passwd $OSSEC_USER >/dev/null; then + adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER +fi +if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then + adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL +fi +if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then + adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC +fi +if ! getent passwd $OSSEC_USER_REM >/dev/null; then + adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM +fi + +# create group +if ! getent group $OSSEC_GROUP >/dev/null; then + addgroup --system $OSSEC_GROUP +fi + +# fix the permissions +chown -R root:$OSSEC_GROUP $DIRECTORY +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs +touch $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log +chown -R root:$OSSEC_GROUP $DIRECTORY/rules +chown root:$OSSEC_GROUP $DIRECTORY/var/run +chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml +chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf +chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/* +chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf + +# copy timezone and localtime +if [ -e /etc/timezone ]; then + cmp -s /etc/timezone $DIRECTORY/etc/timezone || \ + cp -a /etc/timezone $DIRECTORY/etc/timezone +fi +if [ -e /etc/localtime ]; then + cmp -s /etc/localtime $DIRECTORY/etc/localtime || \ + cp -a /etc/localtime $DIRECTORY/etc/localtime +fi + +# update system v init links +update-rc.d ossec-hids defaults >/dev/null + +# and start the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids restart +else + /etc/init.d/ossec-hids restart +fi + +exit 0 diff --git a/debian/prerm b/debian/prerm new file mode 100755 index 0000000..ae05e73 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,25 @@ +#!/bin/sh + +set -e + +case "$1" in + purge|remove) + # continue below + ;; + + *) + exit 0 + ;; +esac + +# stop the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids stop +else + /etc/init.d/ossec-hids stop +fi + +# update system v init links +update-rc.d -f ossec-hids remove + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..d22c464 --- /dev/null +++ b/debian/rules @@ -0,0 +1,128 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Directories +SRCDIR = $(CURDIR)/src +PKGDIR = $(CURDIR)/debian/ossec-hids +DESTDIR = $(PKGDIR)/var/ossec + +# OSSEC INSTALL SUBDIRS +SUBDIRS = logs logs/archives logs/alerts logs/firewall bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless tmp var var/run etc etc/shared stats rules active-response active-response/bin agentless .ssh + +###################### main ###################### + +build: build-stamp +build-stamp: + dh_testdir + dh_clean + + $(MAKE) -C $(SRCDIR) setlocal all build + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + $(MAKE) -C $(SRCDIR) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # ugly directory creation + for i in $(SUBDIRS); do \ + mkdir -p -m 700 $(DESTDIR)/$$i; \ + done + + # attrs + chmod -R 550 $(DESTDIR) + chmod -R 770 $(DESTDIR)/queue/alerts + chmod -R 770 $(DESTDIR)/queue/ossec + chmod -R 750 $(DESTDIR)/queue/fts + chmod -R 750 $(DESTDIR)/queue/syscheck + chmod -R 750 $(DESTDIR)/queue/rootcheck + chmod -R 750 $(DESTDIR)/queue/diff + chmod -R 755 $(DESTDIR)/queue/agent-info + chmod -R 755 $(DESTDIR)/queue/rids + chmod -R 755 $(DESTDIR)/queue/agentless + chmod -R 750 $(DESTDIR)/stats + chmod -R 750 $(DESTDIR)/logs + chmod -R 550 $(DESTDIR)/rules + chmod 770 $(DESTDIR)/var/run + chmod 550 $(DESTDIR)/etc + chmod 770 $(DESTDIR)/etc/shared + chmod 700 $(DESTDIR)/.ssh + + # various files installation + install -m 644 etc/internal_options.conf $(DESTDIR)/etc + install -m 644 etc/decoder.xml $(DESTDIR)/etc + install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared + if [ -e etc/ossec.mc ]; then \ + install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ + else \ + install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \ + fi + install -m 440 etc/ossec-*.conf $(DESTDIR)/etc + cp -r etc/rules/* $(DESTDIR)/rules + install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless + install -m 755 bin/* $(DESTDIR)/bin + install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin + ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control + install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin + install -m 755 active-response/firewalls/*.sh \ + $(DESTDIR)/active-response/bin + + # system init script + mkdir -p $(PKGDIR)/etc/init.d + install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids + + # system ossec-init + echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf + echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "DATE=\"`date --utc`\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs +# dh_installexamples +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installcatalogs +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo +# dh_undocumented + dh_installman + dh_link + dh_compress + dh_fixperms +# dh_perl +# dh_python + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# We have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install -- 1.7.10.4