From 280230a44cb9f9872652b6bb80de45a27af411f4 Mon Sep 17 00:00:00 2001
From: Dinko Korunic <kreator@carnet.hr>
Date: Thu, 15 Aug 2013 19:45:37 +0200
Subject: [PATCH] - fortify/harden the compile

---
 debian/lintian-overrides |   50 ----------------------------------------------
 debian/rules             |    9 +++++++++
 2 files changed, 9 insertions(+), 50 deletions(-)

diff --git a/debian/lintian-overrides b/debian/lintian-overrides
index 8ad8d4b..90cc523 100644
--- a/debian/lintian-overrides
+++ b/debian/lintian-overrides
@@ -218,56 +218,6 @@ ossec-hids: file-in-unusual-dir var/ossec/rules/web_appsec_rules.xml
 ossec-hids: file-in-unusual-dir var/ossec/rules/web_rules.xml
 ossec-hids: file-in-unusual-dir var/ossec/rules/wordpress_rules.xml
 ossec-hids: file-in-unusual-dir var/ossec/rules/zeus_rules.xml
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/agent-auth
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/agent_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/clear_stats
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/list_agents
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/manage_agents
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-agentd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-agentlessd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-analysisd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-authd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-csyslogd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-dbd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-execd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-logcollector
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-logtest
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-maild
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-makelists
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-monitord
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-regex
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-remoted
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-reportd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/ossec-syscheckd
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/rootcheck_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/syscheck_control
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/syscheck_update
-ossec-hids: hardening-no-fortify-functions var/ossec/bin/verify-agent-conf
-ossec-hids: hardening-no-relro var/ossec/bin/agent-auth
-ossec-hids: hardening-no-relro var/ossec/bin/agent_control
-ossec-hids: hardening-no-relro var/ossec/bin/clear_stats
-ossec-hids: hardening-no-relro var/ossec/bin/list_agents
-ossec-hids: hardening-no-relro var/ossec/bin/manage_agents
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-agentd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-agentlessd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-analysisd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-authd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-csyslogd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-dbd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-execd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-logcollector
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-logtest
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-maild
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-makelists
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-monitord
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-regex
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-remoted
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-reportd
-ossec-hids: hardening-no-relro var/ossec/bin/ossec-syscheckd
-ossec-hids: hardening-no-relro var/ossec/bin/rootcheck_control
-ossec-hids: hardening-no-relro var/ossec/bin/syscheck_control
-ossec-hids: hardening-no-relro var/ossec/bin/syscheck_update
-ossec-hids: hardening-no-relro var/ossec/bin/verify-agent-conf
 ossec-hids: non-etc-file-marked-as-conffile /var/ossec/etc/internal_options.conf
 ossec-hids: non-etc-file-marked-as-conffile var/ossec/etc/internal_options.conf
 ossec-hids: non-etc-file-marked-as-conffile /var/ossec/etc/ossec.conf
diff --git a/debian/rules b/debian/rules
index 9d9f117..032ac9a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,6 +11,15 @@ DESTDIR = $(PKGDIR)/var/ossec
 # OSSEC INSTALL SUBDIRS
 SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
 
+###################### hardening #################
+
+include /usr/share/hardening-includes/hardening.make
+
+CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
+LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+CFLAGS+=$(HARDENING_CFLAGS)
+LDFLAGS+=$(HARDENING_LDFLAGS)
+
 ###################### main ######################
 
 build: build-stamp
-- 
1.7.10.4